Distributed node selection for threshold key management with intrusion detection in mobile ad hoc networks

In mobile ad hoc networks (MANETs), identity (ID)-based cryptography with threshold secret sharing is a popular approach for the security design. Most previous work for key management in this framework concentrates on the protocols and structures. Consequently, how to optimally conduct node selection in ID-based cryptography with threshold secret sharing is largely ignored. In this paper, we propose a distributed scheme to dynamically select nodes with master key shares to do the private key generation service. The proposed scheme can minimize the overall threat posed to the MANET while simultaneously taking into account of the cost (e.g., energy consumption) of using these nodes. Intrusion detection systems are modeled as noisy sensors to derive the system security situations. We use stochastic system to formulate the MANET to obtain the optimal policy. Simulation results are presented to illustrate the effectiveness of the proposed scheme.     

Information theoretic framework of trust modeling and evaluation for ad hoc networks

The performance of ad hoc networks depends on cooperation and trust among distributed nodes. To enhance security in ad hoc networks, it is important to evaluate trustworthiness of other nodes without centralized authorities. In this paper, we present an information theoretic framework to quantitatively measure trust and model trust propagation in ad hoc networks. In the proposed framework, trust is a measure of uncertainty with its value represented by entropy. We develop four Axioms that address the basic understanding of trust and the rules for trust propagation. Based on these axioms, we present two trust models: entropy-based model and probability-based model, which satisfy all the axioms. Techniques of trust establishment and trust update are presented to obtain trust values from observation. The proposed trust evaluation method and trust models are employed in ad hoc networks for secure ad hoc routing and malicious node detection. A distributed scheme is designed to acquire, maintain, and update trust records associated with the behaviors of nodes' forwarding packets and the behaviors of making recommendations about other nodes. Simulations show that the proposed trust evaluation system can significantly improve the network throughput as well as effectively detect malicious behaviors in ad hoc networks.     

Biologically inspired artificial intrusion detection system for detecting wormhole attack in MANET

A mobile ad hoc network (MANET) does not have traffic concentration points such as gateway or access points which perform behaviour monitoring of individual nodes. Therefore, maintaining the network function for the normal nodes when other nodes do not forward and route properly is a big challenge. One of the significant attacks in ad hoc network is wormhole attack. In this wormhole attack, the adversary disrupts ad hoc routing protocols using higher bandwidth and lower-latency links. Wormhole attack is more hidden in character and tougher to detect. So, it is necessary to use mechanisms to avoid attacking nodes which can disclose communication among unauthorized nodes in ad hoc networks. Mechanisms to detect and punish such attacking nodes are the only solution to solve this problem. Those mechanisms are known as intrusion detection systems (IDS). In this paper, the suggested biological based artificial intrusion detection system (BAIDS) include hybrid negative selection algorithm (HNSA) detectors in the local and broad detection subsection to detect anomalies in ad hoc network. In addition to that, response will be issued to take action over the misbehaving nodes. These detectors employed in BAIDS are capable of discriminating well behaving nodes from attacking nodes with a good level of accuracy in a MANET environment. The performance of BAIDS in detecting wormhole attacks in the background of DSR, AODV and DSDV routing protocols is also evaluated using Qualnet v 5.2 network simulator. Detection rate, false alarm rate, packet delivery ratio, routing overhead are used as metrics to compare the performance of HNSA and the BAIDS technique.     

Security in mobile ad hoc networks: challenges and solutions

Security has become a primary concern in order to provide protected communication between mobile nodes in a hostile environment. Unlike the wireline networks, the unique characteristics of mobile ad hoc networks pose a number of nontrivial challenges to security design, such as open peer-to-peer network architecture, shared wireless medium, stringent resource constraints, and highly dynamic network topology. These challenges clearly make a case for building multifence security solutions that achieve both broad protection and desirable network performance. In this article we focus on the fundamental security problem of protecting the multihop network connectivity between mobile nodes in a MANET. We identify the security issues related to this problem, discuss the challenges to security design, and review the state-of-the-art security proposals that protect the MANET link- and network-layer operations of delivering packets over the multihop wireless channel. The complete security solution should span both layers, and encompass all three security components of prevention, detection, and reaction.     

MANET中一种基于Agent的能量节约方案

MANET是一种没有中心的特殊的移动自组织网络,由于节点依赖于电池,能量有限,因此节能是一个重要问题。文中提出的了一种基于Agent的能量节约方案,首先通过较少的移动Agent传递网络中节点的信息;然后根据各节点电池余量等参数,选择最合适的路径进行数据传输。从而可以节省整个网络的能耗,并保护剩余能量低的节点。实验结果表明这种方案可以延长整个网络的生存时间。     

移动自组网与Internet互连的动态网关策略

移动自组网(MANET)是自治的无基础设施的网络,它通过IP路由支持多跳无线通信。它与Internet 相比存在着许多差异,不仅有网络拓扑结构的不同,还存在通信方式的不同。因此,MANET与Internet组合成混杂网络(hybrid network)是一个具有挑战性的课题。移动自组网(MANET)的结点要进行Internet连接,就必须寻找Internet网关。如何寻找和维持与Internet网关的连接是这个问题的关键,再者,就是如何切换到一个更合适的相邻网关。在这篇文章中,首次提出动态网关的概念,动态网关作为MANET和Internet之间的接口起桥梁作用。通过模型分析,证明动态网关体系结构适合于自组网与Internet互联。仿真结果显示,利用动态网关的网络性能优于单一固定网关的体系结构的网络性能。     

Security in wireless sensor networks

With sensor networks on the verge of deployment, security issues pertaining to the sensor networks are in the limelight. Though the security in sensor networks share many characteristics with wireless ad hoc networks, the two fields are rapidly diverging due to the fundamental differences between the make‐up and goals of the two types of networks. Perhaps the greatest dividing difference is the energy and computational abilities. Sensor nodes are typically smaller, less powerful, and more prone to failure than nodes in an ad hoc network. These differences indicate that protocols that are valid in the context of ad‐hoc networks may not be directly applicable for sensor networks. In this paper, we survey the state of art in securing wireless sensor networks. We review several protocols that provide security in sensor networks, with an emphasis on authentication, key management and distribution, secure routing, and methods for intrusion detection. Copyright © 2006 John Wiley & Sons, Ltd.     

A survey of routing attacks in mobile ad hoc networks

Recently, mobile ad hoc networks became a hot research topic among researchers due to their flexibility and independence of network infrastructures, such as base stations. Due to unique characteristics, such as dynamic network topology, limited bandwidth, and limited battery power, routing in a MANET is a particularly challenging task compared to a conventional network. Early work in MANET research has mainly focused on developing an efficient routing mechanism in such a highly dynamic and resource-constrained network. At present, several efficient routing protocols have been proposed for MANET. Most of these protocols assume a trusted and cooperative environment. However, in the presence of malicious nodes, the networks are vulnerable to various kinds of attacks. In MANET, routing attacks are particularly serious. In this article, we investigate the state-of-the-art of security issues in MANET. In particular, we examine routing attacks, such as link spoofing and colluding misrelay attacks, as well as countermeasures against such attacks in existing MANET protocols.     

Unidirectional link-state advertisement based on power control for MANET

Link states are studied in ad hoc network. The characters of unidirectional links are discussed. Unidirectional link-state advertisement based on power control mechanism (ULAPC) for mobile ad hoc networks (MANET) is designed. ULAPC is able to advertise unidirectional link-state to relational nodes. And it may offer help for process of routing discovery in ad hoc network. Based on ULAPC, the routing method solving the problem of unidirectional link is described in ad hoc network. Simulation results show the performance of ULAPC is better than the traditional routing protocols in many aspects.     

Topology and mobility considerations in mobile ad hoc networks

A highly dynamic topology is a distinguishing feature and challenge of a mobile ad hoc network. Links between nodes are created and broken, as the nodes move within the network. This node mobility affects not only the source and/or destination, as in a conventional wireless network, but also intermediate nodes, due to the network’s multihop nature. The resulting routes can be extremely volatile, making successful ad hoc routing dependent on efficiently reacting to these topology changes.

In order to better understand this environment, a number of characteristics have been studied concerning the links and routes that make up an ad hoc network. Several network parameters are examined, including number of nodes, network dimensions, and radio transmission range, as well as mobility parameters for maximum speed and wait times. In addition to suggesting guidelines for the evaluation of ad hoc networks, the results reveal several properties that should be considered in the design and optimization of MANET protocols.     

SOS: Self‐organized secure framework for VANET

While authentication is a necessary requirement to provide security in vehicular ad hoc networks, user's personal information such as identity and location must be kept private. The reliance on road side units or centralized trusted authority nodes to provide security services is critical because both are vulnerable, thus cannot be accessed by all users, which mean security absence. In this paper, we introduce a self‐organized secure framework, deployed in vehicular ad hoc networks. The proposed framework solution is designed not only to provide an effective, integrated security and privacy‐preserving mechanism but also to retain the availability of all security services even if there are no road side units at all and/or the trusted authority node is compromised. A decentralized tier‐based security framework that depends on both trusted authority and some fully trusted nodes cooperated to distribute security services is presented. Our approach combines the useful features of both Shamir secret sharing with a trust‐based technique to ensure continuity of achieving all security services. Mathematical analysis of security issues that the proposed framework achieves as well as the availability of offering security services is provided. Proposed framework examination was done to show the performance in terms of storage, computation complexity, and communication overhead as well as its resilience against various types of attacks. Comparisons with different types of security schemes showed that the protocol developed gave better results in most comparison parameters while being unique ensuring continuity of security services delivery.     

Multihop Ad Hoc Networking: The Reality

In this article we show that, although pure general-purpose MANET (mobile ad hoc networks) does not yet exist in the real world, the multihop ad hoc networking paradigm was successfully applied in several classes of networks that are penetrating the mass market. We present as examples mesh, opportunistic, vehicular, and sensor networks, where the multi-hop ad hoc paradigm is applied in a pragmatic way to extend the Internet and/or to support well-defined application requirements. We contrast these successful areas of ad hoc networking to the lack of impact of pure general-purpose MANET, demonstrating how a more pragmatic approach is a winner     

Friend-assisted intrusion detection and response mechanisms for mobile ad hoc networks

Nowadays, a commonly used wireless network (i.e., Wi-Fi) operates with the aid of a fixed infrastructure (i.e., an access point) to facilitate communication between nodes. The need for such a fixed supporting infrastructure limits the adaptability and usability of the wireless network, especially in situations where the deployment of such an infrastructure is impractical. Recent advancements in computer network introduced a new wireless network, known as a mobile ad hoc network (MANET), to overcome the limitations. Often referred as a peer to peer network, the network does not have any fixed topology, and through its multi hop routing facility, each node can function as a router, thus communication between nodes becomes available without the need of a supporting fixed router or an access point. However, these useful facilities come with big challenges, particularly with respect to providing security. A comprehensive analysis of attacks and existing security measures suggested that MANET are not immune to a colluding blackmail because such a network comprises autonomous and anonymous nodes. This paper addresses MANET security issues by proposing a novel intrusion detection system based upon a friendship concept, which could be used to complement existing prevention mechanisms that have been proposed to secure MANETs. Results obtained from the experiments proved that the proposed concepts are capable of minimising the problem currently faced in MANET intrusion detection system (IDS). Through a friendship mechanism, the problems of false accusations and false alarms caused by blackmail attackers in intrusion detection and response mechanisms can be eliminated.     

Routing security in wireless ad hoc networks

A mobile ad hoc network consists of a collection of wireless mobile nodes that are capable of communicating with each other without the use of a network infrastructure or any centralized administration. MANET is an emerging research area with practical applications. However, wireless MANET is particularly vulnerable due to its fundamental characteristics, such as open medium, dynamic topology, distributed cooperation, and constrained capability. Routing plays an important role in the security of the entire network. In general, routing security in wireless MANETs appears to be a problem that is not trivial to solve. In this article we study the routing security issues of MANETs, and analyze in detail one type of attack-the "black hole" problem-that can easily be employed against the MANETs. We also propose a solution for the black hole problem for ad hoc on-demand distance vector routing protocol.     

LSCR:一种Mobile Ad hoc网络链路状态分组路由算法

本文提出了一种Mobile Ad hoc网络(Manet)链路状态分组路由算法(Link State-hased Cluster Routing Algo-rithm-LSCR)，该算法对Manet节点进行动态分组，每一组选举出一个具有最大度数的头结点(CH-Cluster Header)，该cH负责本组信息的管理、组内结点与组外结点之间的通信以及与其他组的CH之间交换链路状态信息等工作．本算法将改进的链路状态协议与分组路由协议有机结合，有效提高了Manet网络的路由效率．分析和实验结果表明，这种算法具有路由收敛速度快、维护成本相对较低，数据包发送成功率高，发送等待时间短等特点。     

面向MANET异常检测的分布式遗传k-means研究

针对移动自组网（MANET,mobile ad hoc networks）入侵检测过程中的攻击类型多样性和监测数据海量性问题,提出了一种基于改进k-means算法的MANET异常检测方法。通过引入划分贡献度的概念,可合理地计算各维特征在检测中占有的权重,并将遗传算法与快速聚类检测算法k-means相结合,解决了聚类检测结果容易陷入局部最优的问题,进而,提出了以上检测算法在MapReduce框架下的设计方案,利用种群迁移策略在分布式处理器上实现了并行聚类检测。实验结果证明了该方法的检测准确率和运行效率均优于传统聚类检测方法。     

The Effects of Physical Layer on the Routing Wireless Protocol

Mobile ad hoc networks (MANETs) are characterized by multiple entities, a frequently changing network topology and the need for efficient dynamic routing protocols. In MANETs, nodes are usually powered by batteries. Power control is tightly coupled with both the physical and medium access layers (MACs). However, if we increase the transmission power, at the same time we increase the interference to other nodes which diminish the transport capacity of wireless systems. Thus, the routing protocols based on hop count metric suffer from performance degradation when they operate over MANET. Routing in ad hoc wireless networks is not only a problem of finding a route with shortest length, but it is also a problem of finding a stable and good quality communication route in order to avoid any unnecessary packet loss. Cross-layer design of ad hoc wireless networks has been receiving increasing attention recently. Part of these researches suggests that routing should take into account physical layer characteristics. The goal of this paper is to improve the routing reliability in MANET and to reduce power consumption through cross-layer approach among physical, MAC and network layers. The proposed cross-layer approach is based on signal to interference plus noise ratio (SINR) and received signal strength indication (RSSI) coming from the physical layer. This solution performs in one hand the ad hoc on-demand distance vector routing protocol by choosing reliable routes with less interferences using SINR metric and in another hand; it permits to reduce the power transmission when sending the data packets by using RSSI metric.     

Energy Efficient Clustering for Certificate Revocation Scheme in Mobile Ad-Hoc Network

Mobile ad hoc networks (MANETs) have a wide range of uses because of their dynamic topologies and simplicity of processing. Inferable from the autonomous and dynamic behavior of mobile nodes, the topology of a MANET frequently changes and is inclined to different attacks. So, we present certificate revocation which is an efficient scheme is for security enhancement in MANET. This certificate revocation scheme is used to revoke the certificate of malicious nodes in the network. However, the accuracy and speed of the certificate revocation are further to be improved. By considering these issues along with the energy efficiency of the network, an energy-efficient clustering scheme is presented for certificate revocation in MANET. For cluster head (CH) selection, an opposition based cat swarm optimization algorithm (OCSOA) is proposed. This selected CH participates in quick certificate revocation and also supports to recover the falsely accused nodes in the network. Simulation results show that the performance of the proposed cluster-based certificate revocation outperforms existing voting and non-voting based certificate revocation in terms of delivery ratio, throughput, energy consumption, and network lifetime.

     

Game Theoretic Analysis of Cooperation Stimulation and Security in Autonomous Mobile Ad Hoc Networks

In autonomous mobile ad hoc networks, nodes belong to different authorities and pursue different goals; therefore, cooperation among them cannot be taken for granted. Meanwhile, some nodes may be malicious, whose objective is to damage the network. In this paper, we present a joint analysis of cooperation stimulation and security in autonomous mobile ad hoc networks under a game theoretic framework. We first investigate a simple yet illuminating two-player packet forwarding game and derive the optimal and cheat-proof packet forwarding strategies. We then investigate the secure routing and packet forwarding game for autonomous ad hoc networks in noisy and hostile environments and derive a set of reputation-based cheat-proof and attack-resistant cooperation stimulation strategies. When analyzing the cooperation strategies, besides Nash equilibrium, other optimality criteria, such as Pareto optimality, subgame perfection, fairness, and cheat-proofing, have also been considered. Both analysis and simulation studies have shown that the proposed strategies can effectively stimulate cooperation among selfish nodes in autonomous mobile ad hoc networks under noise and attacks, and the damage that can be caused by attackers is bounded and limited     

Load balanced routing protocols for ad hoc mobile wireless networks - [Topics in ad hoc and sensor networks]

Mobile ad hoc networks are collections of mobile nodes that can dynamically form temporary networks without the need for pre-existing network infrastructure or centralized administration. These nodes can be arbitrarily located and can move freely at any given time. Hence, the network topology can change rapidly and unpredictably. Because wireless link capacities are usually limited, congestion is possible in MANETs. Hence, balancing the load in a MANET is important since nodes with high loads will deplete their batteries quickly, thereby increasing the probability of disconnecting or partitioning the network. This article discusses the various load metrics and summarizes the principles behind several existing load balanced ad hoc routing protocols. Finally, a qualitative comparison of the various load metrics and load balanced routing protocols is presented.