基于无线自组织网络的TCP Freeze-Probing改进协议

传统的TCP协议在有线网络中能够良好地工作,但用于无线自组织网络时则性能有所下降.其原因在于,传统的TCP协议无法分辨网络丢包原因,如网络拥塞、链路断开、信道错误或者链路改变.为了提高TCP协议在无线自组织网络中的性能,提出了一种TCP协议的改进方案TCP Freeze-Probing.该方案是一种端到端方法,不需要网络中间节点的反馈合作同时,提出了一种基于TCP Freeze-Probing的吞吐量模型并利用仿真对模型进行了验证.分析和仿真结果表明,该方案能够有效地改进TCP在无线自组织网络的性能.     

Supporting Unified Distributed Management and Autonomic Decisions: Design,Implementation and Deployment

Nowadays, the prevailing use of networks based on traditional centralized management systems reflects on a fast increase of the management costs. The growth in the number of network equipments and services reinforces the need to distribute the management responsibilities throughout the network devices. In this approach, each device executes common network management functionalities, being part of the overall network management platform. In this paper, we present a Unified Distributed Network Management (UDNM) framework that provides a unified (wired and wireless) management network solution, where further different network services can take part of this infrastructure, e.g., flow monitoring, accurate routing decisions, distributed policies dissemination, etc. This framework is divided in two main components: (A) Situation awareness, which sets up initial information through bootstrapping, discovery, fault-management process and exchange of management information; (B) Autonomic Decision System (ADS) that performs distributed decisions in the network with incomplete information. We deploy the UDNM framework in a testbed which involves two cities (\(\approx\)250 km between), different standards (IEEE 802.3, IEEE 802.11 and IEEE 802.16e) and network technologies, such as, wired virtual grid, wireless ad-hoc gateways, ad-hoc mobile access devices. The UDNM framework integrates management functionalities into the managed devices, proving to be a lightweight and easy-respond framework. The performance analysis shows that the UDNM framework is feasible to unify devices management functionalities and to take accurate decisions on top of a real network.     

基于身份加密的机会网络安全路由架构

机会网络整合了容迟网络、移动自组织网络、社会网络等多种概念,可通过移动节点的相遇性机会实现消息的传输与共享,针对机会网络中目前较为流行的基于社会上下文的路由转发协议,设计了基于身份加密的安全架构来保证节点社会上下文的隐私性以及消息的机密性:通过可搜索的加密算法为每一个节点的社会属性设置相应的陷门,使得中继节点在可计算自...     

Prevention of Black Hole Attack in Multicast Routing Protocols for Mobile Ad-Hoc Networks Using a Self-Organized Public Key Infrastructure

ABSTRACT

A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2.     

一种支持高速移动自组织网络的路由协议

传统的AODV(Ad-hoc On-demand Distance Vector)路由协议只以路由跳数为度量,没有考虑到链路稳定情况,因此,无法更好地适应节点高速移动的网络环境。为此,提出了一种改进的AODV路由协议,即IMAODV(Improved AODV)路由协议。该协议主要从路由度量值、HELLO消息的发送频率、邻居节点的监听方式等几个方面对AODV进行改进,使之在移动网络中具有较好的扩展性和鲁棒性。仿真结果表明,IMAODV协议能够较好地适应高速移动的网络环境,并在一定程度上降低网络时延和增加网络吞吐量。     

INSIGNIA: An IP-Based Quality of Service Framework for Mobile ad Hoc Networks

We present the design, implementation, and evaluation of INSIGNIA, an IP-based quality of service framework that supports adaptive services in mobile ad hoc networks. The framework is based on an in-band signaling and soft-state resource management approach that is well suited to supporting mobility and end-to-end quality of service in highly dynamic environments where the network topology, node connectivity, and end-to-end quality of service are time varying. Architecturally INSIGNIA is designed to support fast reservation, restoration, and end-to-end adaptation based on the inherent flexibility and robustness and scalability found in IP networks. We evaluate the framework, paying particular attention to the performance of the in-band signaling system, which helps counter time-varying network dynamics in support of the delivery of adaptive services. Our results show the benefit of our framework under diverse mobility, traffic, and channel conditions.     

Interworking of heterogeneous access networks and QoS provisioning via IP multimedia core networks

Moving towards packet networks, where IP will have a prominent role, constitutes nowadays a widely accepted perception of future communications, the first instance of which has begun to materialise with the IP multimedia core network subsystem (IMS). By specification, IMS is the first implementation towards reaching converged communications which allows users to communicate with video, audio and multimedia content, via any fixed, mobile and wireless access network type, with controllable QoS. To enable IMS communications across heterogeneous networks, incorporating UMTS, WLAN and fixed IP access points, 3GPP and ETSI’s TISPAN currently work on schemes for controlling bandwidth allocation at the service level by employing logical interfaces that carry SIP messages. This article analyzes how interconnection between such heterogeneous networks may be performed on real platforms. In this effort, special attention is paid to the way the various interconnection possibilities can affect end-to-end QoS provisioning.     

移动Ad Hoc网络的可靠多播路由协议

在移动Ad Hoc网络环境中，分组的重传和路由的重构比有线网络更频繁。在网络多播树变化的情况下提供高的分组传输率是移动Ad Hoc网络多播路由的主要难题。文中提出了一种基于协议转接概念的移动Ad Hoc网络的可靠多播路由协议(RMRP)，该协议较好地减少了移动Ad Hoc网络中大量的路由重构和数据分组的重传。仿真实验显示RMRP具有较高的传输率和较低的端到端分组延迟。     

Blocking reduction for distributed transaction processing within MANETs

Atomic commit protocols for distributed transactions in mobile ad-hoc networks have to consider message delays and network failures. We consider ad-hoc network scenarios, in which participants hold embedded databases and offer services to other participants. Services that are composed of several other services can access and manipulate data of physically different databases. In such a scenario, distributed transaction processing can be used to guarantee atomicity and serializability throughout all databases. However, with problems like message loss, node failure, and network partitioning, mobile environments make it hard to get estimations on the duration of a simple message exchange. In this article, we focus on the problem of setting up reasonable time-outs when guaranteeing atomicity for transaction processing within mobile ad-hoc networks, and we show the effect of setting up “wrong” time-outs on the transaction throughput and blocking time. Our solution, which does not depend on time-outs, shows a better performance in unreliable networks and remarkably reduces the amount of blocking.     

一种改进的分布式资源发现算法

泛洪算法是分布式网络中的传统资源发现算法，但被应用于移动网络中时，该算法并不能保证所有的结点都能发现其他结点的资源，本文将移动agent和改进的泛洪算法结合，使用移动agent完成网络结点间的资源信息交换，提出了一种新的资源发现算法：双向反馈算法(DDF)。通过对DDF的性能分析证明，移动agent的应用和泛洪算法的改进使DDF比传统的泛洪算法收敛得更快，并能较好地适应移动网络环境。     

Secure Node Discovery in Ad-hoc Networks and Applications

Designing secure protocols over ad-hoc networks has proved to be a very challenging task, due to various features of such networks, such as partial connectivity, node mobility, and resource constraints. Furthermore, their lack of physical infrastructures deprives their users of even basic network functions such as message routing, for which nodes are themselves responsible.In this paper we consider a very basic network function, node discovery, in ad-hoc networks, where a node with limited network information would like to establish a session with a given number of other nodes in the network (of which the node may not be aware about). We formally define correctness, security and efficiency properties of node discovery protocols, and investigate the problem of designing such protocols under appropriate network topology assumptions. Here, the security of these protocols is against Byzantine adversaries that can corrupt up to a limited number of nodes in the network and make them arbitrarily deviate from their protocol. After presenting some secure node discovery protocols, we show their application to secure service architectures in ad-hoc networks.     

Enabling opportunistic storage for mobile DTNs

Delay-tolerant Networking (DTN) can enable ad-hoc communication within (sparse) mobile user communities and multi-hop Internet access where IP-based end-to-end communication would fail. DTN message forwarding in ad-hoc networks may lead to message replication and messages remaining stored on several nodes for some time. We leverage these characteristics and provide application support in intermediate nodes: we enable them to understand the resources contained in forwarded and locally stored DTN messages to perform application-specific processing. Based upon this, we create an opportunistic distributed storage for cooperative content caching and retrieval using the nodes’ buffers.     

SocialVPN: Enabling wide-area collaboration with integrated social and overlay networks

Trusted collaborative systems require peers to be able to communicate over private, authenticated end-to-end channels. Network-layer approaches such as Virtual Private Networks (VPNs) exist, but require considerable setup and management which hinder the establishment of ad-hoc collaborative environments: trust needs to be established, cryptographic keys need to be exchanged, and private network tunnels need to be created and maintained among end users. In this paper, we propose a novel system architecture which leverages existing social infrastructures to enable ad-hoc VPNs which are self-configuring, self-managing, yet maintain security amongst trusted and untrusted third parties. The key principles of our approach are: (1) self-configuring virtual network overlays enable seamless bi-directional IP-layer connectivity to socially connected parties; (2) online social networking relationships facilitate the establishment of trust relationships among peers; and (3) both centralized and decentralized databases of social network relationships can be securely integrated into existing public-key cryptography (PKI) implementations to authenticate and encrypt end-to-end traffic flows. The main contribution of this paper is a new peer-to-peer overlay architecture that securely and autonomously creates VPN tunnels connecting social peers, where online identities and social networking relationships may be obtained from centralized infrastructures, or managed in a decentralized fashion by the peers themselves.This paper also reports on the design and performance of a prototype implementation that embodies the SocialVPN architecture. The SocialVPN router builds upon IP-over-P2P (IPOP) virtual networks and a PKI-based tunneling infrastructure, which integrates with both centralized and decentralized social networking systems including Facebook, the Drupal open-source content management system, and emailing systems with PGP support. We demonstrate our prototype’s ability to support existing, unmodified TCP/IP applications while transparently dealing with user connectivity behind Network Address Translators (NATs). We also present qualitative and quantitative analyses of functionality and performance based on wide-area network experiments using PlanetLab and Amazon EC2.     

Supporting mobility with wireless ATM

An implicit assumption underlying most networking research has been that two Internet users would be connected only by fixed links (wire lines). Increased use of portable computers, wireless networks and satellites has generated interest in supporting “computing on the move”, or mobile computing. Instead of maintaining a fixed position in a network, users in this environment are free to roam. Mobile computing raises interesting issues, such as how to route packets as the mobile user (host) moves about and how to guarantee the quality of service (QOS) that an application running on such a mobile host may need. Other issues include the choice of a transport protocol to use on top of a mobile host and how to deal with poor performance in wireless links. There are two possible approaches to supporting mobile computing over the Internet. The first uses a mobile IP (Internet Protocol), whereby packets (datagrams) are forwarded by a designated stationary host to the mobile host. The second approach involves wireless ATM (asynchronous transfer mode), with host mobility supported by rerouting/rearranging the end-to-end ATM connection between mobile and stationary hosts     

Ant colony algorithms in MANETs: A review

Mobile ad-hoc networks (MANETs) consist of special kind of wireless mobile nodes which form a temporary network without using any infrastructure or centralized administration. MANETs can be used in wide range of future applications as they have the capability to establish networks at anytime, anywhere without aid of any established infrastructure. It is a challenging task to find most efficient routing due to the changing topology and the dynamic behavior of the nodes in MANET. It has been found that ant colony optimization (ACO) algorithms can give better results as they are having characterization of Swarm Intelligence (SI) which is highly suitable for finding the adaptive routing for such type of volatile network. ACO algorithms are inspired by a foraging behavior of group of ants which are able to find optimal path based upon some defined metric which is evaluated during the motion of ants. ACO routing algorithms use simple agents called artificial ants which establish optimum paths between source and destination that communicate indirectly with each other by means of stigmergy. Keeping in view of the above, in this paper we provide a taxonomy of various ant colony algorithms with advantages and disadvantages of each others with respect to various metrics.     

Ad Hoc网络多路径需求路由及路径熵选择算法

无线移动Ad Hoc网络是一种不依赖任何固定基础设施的移动无线多跳网络.由于其动态性和资源的限制,在Ad Hoc网络中提供多路径路由是一个重要的研究课题.描述了一种Ad Hoc网络中基于信息熵选择的稳定多路径路由算法(stability multipath on-demand routing,简称SMDR),提出了路径熵的度量参数,并利用路径熵来选择稳定的、长寿命的多路径,减少了重构路由的次数,从而在网络拓扑频繁变化的Ad Hoc网络环境中较好地提供QoS保证和提高数据传输率.仿真结果表明,SMDR协议改进了分组传输率、端到端时延和路由负载率.SMDR协议为解决动态的Ad Hoc网络多路径传输提供了一种新的有效途径.     

Efficient group key management for multi-privileged groups

Multi-privileged group communications containing multiple data streams have been studied in the traditional wired network environment and the Internet. With the rapid development of mobile and wireless networks and in particular mobile ad-hoc networks (MANETs), the traditional Internet has been integrated with mobile and wireless networks to form the mobile Internet. The multi-privileged group communications can be applied to the mobile Internet. Group users can subscribe to different data streams according to their interest and have multiple access privileges with the support of multi-privileged group communications. Security is relatively easy to be guaranteed in traditional groups where all group members have the same privilege. On the other hand, security has been a challenging issue and is very difficult to handle in multi-privileged groups. In this paper, we first introduce some existing rekeying schemes for secure multi-privileged group communications and analyze their advantages and disadvantages. Then, we propose an efficient group key management scheme called ID-based Hierarchical Key Graph Scheme (IDHKGS) for secure multi-privileged group communications. The proposed scheme employs a key graph, on which each node is assigned a unique ID according to access relations between nodes. When a user joins/leaves the group or changes its access privileges, other users in the group can deduce the new keys using one-way function by themselves according to the ID of joining/leaving/changing node on the graph, and thus the proposed scheme can greatly reduce the rekeying overhead.     

Dynamic replication and synchronization of web services for high availability in mobile ad-hoc networks

Web services are gaining high popularity and importance on mobile devices. Connected to ad-hoc networks, they provide the possibility to establish spontaneously even complex service-based workflows and architectures. However, usually these architectures are only as stable and reliable as the underlying network infrastructure. Since topologies of mobile ad-hoc networks behave unpredictably, dependability within them can be only achieved with a dynamic replication mechanism. In this paper we present a highly flexible solution for replication and synchronization of stateful Web services and discuss the behavior of the implemented prototype in large-scale simulations.     

Adaptive searching and replication of images in mobile hierarchical peer-to-peer networks

Due to the limitation of resources in mobile handheld devices and bandwidth constraints in wireless networks, it is important to efficiently manage image content and traffic to improve network throughput and response time. The efficient distribution of images in wireless networks is based on many parameters like the quality of service requirement, available bandwidth, restricted memory and diverse user profiles. We consider digital images as data objects accessed in a hierarchical mobile ad-hoc peer-to-peer network, referred as M-P2P. Our objective is to optimize the number of replicas of images in such a network architecture based on the resource limitations of the requesting peers equipped with miniature mobile devices as well as of wireless constraints in mobile ad-hoc networks (MANET). While replicating images, fragments of different resolution and their residues are used to optimize the traffic in the network and to decrease the search turnaround time. We call this replication algorithm as Ada-Rep. Performance evaluation is done by simulating Ada-Rep, base replication and uniform replication methods to evaluate parameters such as response time, failure rate, memory usage, traffic etc. Our results prove the efficiency and better performance of Ada-Rep.     

Adaptive searching and replication of images in mobile hierarchical peer-to-peer networks

Due to the limitation of resources in mobile handheld devices and bandwidth constraints in wireless networks, it is important to efficiently manage image content and traffic to improve network throughput and response time. The efficient distribution of images in wireless networks is based on many parameters like the quality of service requirement, available bandwidth, restricted memory and diverse user profiles. We consider digital images as data objects accessed in a hierarchical mobile ad-hoc peer-to-peer network, referred as M-P2P. Our objective is to optimize the number of replicas of images in such a network architecture based on the resource limitations of the requesting peers equipped with miniature mobile devices as well as of wireless constraints in mobile ad-hoc networks (MANET). While replicating images, fragments of different resolution and their residues are used to optimize the traffic in the network and to decrease the search turnaround time. We call this replication algorithm as Ada-Rep. Performance evaluation is done by simulating Ada-Rep, base replication and uniform replication methods to evaluate parameters such as response time, failure rate, memory usage, traffic etc. Our results prove the efficiency and better performance of Ada-Rep.