Biblio
The Internet of things (IoT) is revolutionizing the management and control of automated systems leading to a paradigm shift in areas such as smart homes, smart cities, health care, transportation, etc. The IoT technology is also envisioned to play an important role in improving the effectiveness of military operations in battlefields. The interconnection of combat equipment and other battlefield resources for coordinated automated decisions is referred to as the Internet of battlefield things (IoBT). IoBT networks are significantly different from traditional IoT networks due to the battlefield specific challenges such as the absence of communication infrastructure, and the susceptibility of devices to cyber and physical attacks. The combat efficiency and coordinated decision-making in war scenarios depends highly on real-time data collection, which in turn relies on the connectivity of the network and the information dissemination in the presence of adversaries. This work aims to build the theoretical foundations of designing secure and reconfigurable IoBT networks. Leveraging the theories of stochastic geometry and mathematical epidemiology, we develop an integrated framework to study the communication of mission-critical data among different types of network devices and consequently design the network in a cost effective manner.
The Internet of things (IoT) is revolutionizing the management and control of automated systems leading to a paradigm shift in areas, such as smart homes, smart cities, health care, and transportation. The IoT technology is also envisioned to play an important role in improving the effectiveness of military operations in battlefields. The interconnection of combat equipment and other battlefield resources for coordinated automated decisions is referred to as the Internet of battlefield things (IoBT). IoBT networks are significantly different from traditional IoT networks due to battlefield specific challenges, such as the absence of communication infrastructure, heterogeneity of devices, and susceptibility to cyber-physical attacks. The combat efficiency and coordinated decision-making in war scenarios depends highly on real-time data collection, which in turn relies on the connectivity of the network and information dissemination in the presence of adversaries. This paper aims to build the theoretical foundations of designing secure and reconfigurable IoBT networks. Leveraging the theories of stochastic geometry and mathematical epidemiology, we develop an integrated framework to quantify the information dissemination among heterogeneous network devices. Consequently, a tractable optimization problem is formulated that can assist commanders in cost effectively planning the network and reconfiguring it according to the changing mission requirements.
Wireless Sensor Networks (WSNs) have been widely adopted to monitor various ambient conditions including critical infrastructures. Since power grid is considered as a critical infrastructure, and the smart grid has appeared as a viable technology to introduce more reliability, efficiency, controllability, and safety to the traditional power grid, WSNs have been envisioned as potential tools to monitor the smart grid. The motivation behind smart grid monitoring is to improve its emergency preparedness and resilience. Despite their effectiveness in monitoring critical infrastructures, WSNs also introduce various security vulnerabilities due to their open nature and unreliable wireless links. In this paper, we focus on the, Black-Hole (B-H) attack. To cope with this, we propose a hierarchical trust-based WSN monitoring model for the smart grid equipment in order to detect the B-H attacks. Malicious nodes have been detected by testing the trade-off between trust and dropped packet ratios for each Cluster Head (CH). We select different thresholds for the Packets Dropped Ratio (PDR) in order to test the network behaviour with them. We set four different thresholds (20%, 30%, 40%, and 50%). Threshold of 50% has been shown to reach the system stability in early periods with the least number of re-clustering operations.
Secure routing in the field of mobile ad hoc network (MANET) is one of the most flourishing areas of research. Devising a trustworthy security protocol for ad hoc routing is a challenging task due to the unique network characteristics such as lack of central authority, rapid node mobility, frequent topology changes, insecure operational environment, and confined availability of resources. Due to low configuration and quick deployment, MANETs are well-suited for emergency situations like natural disasters or military applications. Therefore, data transfer between two nodes should necessarily involve security. A black-hole attack in the mobile ad-hoc network (MANET) is an offense occurring due to malicious nodes, which attract the data packets by incorrectly publicizing a fresh route to the destination. A clustering direction in AODV routing protocol for the detection and prevention of black-hole attack in MANET has been put forward. Every member of the unit will ping once to the cluster head, to detect the exclusive difference between the number of data packets received and forwarded by the particular node. If the fault is perceived, all the nodes will obscure the contagious nodes from the network. The reading of the system performance has been done in terms of packet delivery ratio (PDR), end to end delay (ETD) throughput and Energy simulation inferences are recorded using ns2 simulator.
Networking system does not liable on static infrastructure that interconnects various nodes in identical broadcast range dynamically called as Mobile Ad-hoc Network. A Network requires adaptive connectivity due to this data transmission rate increased. In this paper, we designed developed a dynamic cluster head selection to detect gray hole attack in MANETs on the origin of battery power. MANETs has dynamic nodes so we delivered novel way to choose cluster head by self-stabilizing election algorithm followed by MD5 algorithm for security purposes. The Dynamic cluster based intrusion revealing system to detect gray hole attack in MANET. This Architecture enhanced performance in terms of Packet delivery ratio and throughput due to dynamic cluster based IDS, associating results of existing system with proposed system, throughput of network increased, end to end delay and routing overhead less compared with existing system due to gray hole nodes in the MANET. The future work can be prolonged by using security algorithm AES and MD6 and also by including additional node to create large network by comparing multiple routing protocol in MANETs.
One of the specially designated versatile networks, commonly referred to as MANET, performs on the basics that each and every one grouping in nodes totally operate in self-sorting out limits. In any case, performing in a group capacity maximizes quality and different sources. Mobile ad hoc network is a wireless infrastructureless network. Due to its unique features, various challenges are faced under MANET when the role of routing and its security comes into play. The review has demonstrated that the impact of failures during the information transmission has not been considered in the existing research. The majority of strategies for ad hoc networks just determines the path and transmits the data which prompts to packet drop in case of failures, thus resulting in low dependability. The majority of the existing research has neglected the use of the rejoining processing of the root nodes network. Most of the existing techniques are based on detecting the failures but the use of path re-routing has also been neglected in the existing methods. Here, we have proposed a method of path re-routing for managing the authorized nodes and managing the keys for group in ad hoc environment. Securing Schemes, named as 2ACK and the EGSR schemes have been proposed, which may be truly interacted to most of the routing protocol. The path re-routing has the ability to reduce the ratio of dropped packets. The comparative analysis has clearly shown that the proposed technique outperforms the available techniques in terms of various quality metrics.
A MANET is a group of wireless mobile nodes which cooperate in forwarding packets over a wireless links. Due to the lack of an infrastructure and open nature of MANET, security has become an essential and challenging issue. The mobile nature and selfishness of malicious node is a critical issue in causing the security problem. The MANETs are more defenseless to the security attacks; some of them are black hole and gray hole attacks. One of its key challenges is to find black hole attack. In this paper, researchers propose a secure AODV protocol (SAODV) for detection and removal of black hole and gray hole attacks in MANTEs. The proposed method is simulated using NS-2 and it seems that the proposed methodology is more secure than the existing one.
MANETs have been focusing the interest of researchers for several years. The new scenarios where MANETs are being deployed make that several challenging issues remain open: node scalability, energy efficiency, network lifetime, Quality of Service (QoS), network overhead, data privacy and security, and effective routing. This latter is often seen as key since it frequently constrains the performance of the overall network. Location-based routing protocols provide a good solution for scalable MANETs. Although several location-based routing protocols have been proposed, most of them rely on error-free positions. Only few studies have focused so far on how positioning error affects the routing performance; also, most of them consider outdated solutions. This paper is aimed at filling this gap, by studying the impact of the error in the position of the nodes of two location-based routing protocols: DYMOselfwd and AODV-Line. These protocols were selected as they both aim at reducing the routing overhead. Simulations considering different mobility patterns in a dense network were conducted, so that the performance of these protocols can be assessed under ideal (i.e. error-less) and realistic (i.e. with error) conditions. The results show that AODV-Line builds less reliable routes than DYMOselfwd in case of error in the position information, thus increasing the routing overhead.
Routing security has a great importance to the security of Mobile Ad Hoc Networks (MANETs). There are various kinds of attacks when establishing routing path between source and destination. The adversaries attempt to deceive the source node and get the privilege of data transmission. Then they try to launch the malicious behaviors such as passive or active attacks. Due to the characteristics of the MANETs, e.g. dynamic topology, open medium, distributed cooperation, and constrained capability, it is difficult to verify the behavior of nodes and detect malicious nodes without revealing any privacy. In this paper, we present PVad, an approach conducting privacy-preserving verification in the routing discovery phase of MANETs. PVad tries to find the existing communication rules by association rules instead of making the rules. PVad consists of two phases, a reasoning phase deducing the expected log data of the peers, and a verification phase using Merkle Hash Tree to verify the correctness of derived information without revealing any privacy of nodes on expected routing paths. Without deploying any special nodes to assist the verification, PVad can detect multiple malicious nodes by itself. To show our approach can be used to guarantee the security of the MANETs, we conduct our experiments in NS3 as well as the real router environment, and we improved the detection accuracy by 4% on average compared to our former work.
Since MANETs are infrastructure-less, they heavily use secret sharing techniques to distribute and decentralize the role of a trusted third party, where the MANET secret s is shared among the legitimate nodes using (t, n) threshold secret sharing scheme. For long lived MANETs, the shared secret is periodically updated without changing the MANET secret based on proactive secret sharing using Elliptic Curve Cryptography(ECC). Hence, the adversary trying to learn the secret, needs to gain at-least t partial shares in the same time period. If the time period and the threshold value t are selected properly, proactive verifiable secret sharing can maintain the overall security of the information in long lived MANETs. The conventional cryptographic algorithms are heavy weight, require lot of computation power thus consuming lot of resources. In our proposal we used Elliptic Curve Cryptography to verify commitments as it requires smaller keys compared to existing proactive secret sharing techniques and makes it useful for MANETs, Which are formed of resource constraint devices.
Wireless sensor network operate on the basic underlying assumption that all participating nodes fully collaborate in self-organizing functions. However, performing network functions consumes energy and other resources. Therefore, some network nodes may decide against cooperating with others. Node misbehavior due to selfish or malicious reasons or faulty nodes can significantly degrade the performance of mobile ad-hoc networks. To cope with misbehavior in such self-organized networks, nodes need to be able to automatically adapt their strategy to changing levels of cooperation. The problem of identifying and isolating misbehaving nodes that refuses to forward packets in multi-hop ad hoc networks. a comprehensive system called Audit-based Misbehavior Detection (AMD) that effectively and efficiently isolates both continuous and selective packet droppers. The AMD system integrates reputation management, trustworthy route discovery, and identification of misbehaving nodes based on behavioral audits. AMD evaluates node behavior on a per-packet basis, without employing energy-expensive overhearing techniques or intensive acknowledgment schemes. AMD can detect selective dropping attacks even if end-to-end traffic is encrypted and can be applied to multi-channel networks.
In Vehicular networks, privacy, especially the vehicles' location privacy is highly concerned. Several pseudonymous based privacy protection mechanisms have been established and standardized in the past few years by IEEE and ETSI. However, vehicular networks are still vulnerable to Sybil attack. In this paper, a Sybil attack detection method based on k-Nearest Neighbours (kNN) classification algorithm is proposed. In this method, vehicles are classified based on the similarity in their driving patterns. Furthermore, the kNN methods' high runtime complexity issue is also optimized. The simulation results show that our detection method can reach a high detection rate while keeping error rate low.
Vehicular networks have been drawing special atten- tion in recent years, due to its importance in enhancing driving experience and improving road safety in future smart city. In past few years, several security services, based on cryptography, PKI and pseudonymous, have been standardized by IEEE and ETSI. However, vehicular networks are still vulnerable to various attacks, especially Sybil attack. In this paper, a Support Vector Machine (SVM) based Sybil attack detection method is proposed. We present three SVM kernel functions based classifiers to distinguish the malicious nodes from benign ones via evaluating the variance in their Driving Pattern Matrices (DPMs). The effectiveness of our proposed solution is evaluated through extensive simulations based on SUMO simulator and MATLAB. The results show that the proposed detection method can achieve a high detection rate with low error rate even under a dynamic traffic environment.
It is hard to set up an end-to-end connection between source and destination in Opportunistic Networks, due to dynamic network topology and the lack of infrastructure. Instead, the store-carry-forward mechanism is used to achieve communication. Namely, communication in Opportunistic Networks relies on the cooperation among nodes. Correspondingly, Opportunistic Networks have some issues like long delays, packet loss and so on, which lead to many challenges in Opportunistic Networks. However, malicious nodes do not follow the routing rules, or refuse to cooperate with benign nodes. Some misbehaviors like black-hole attack, gray-hole attack may arbitrarily bloat their delivery competency to intercept and drop data. Selfishness in Opportunistic Networks will also drop some data from other nodes. These misbehaviors will seriously affect network performance like the delivery success ratio. In this paper, we design a Trust-based Routing Protocol (TRP), combined with various utility algorithms, to more comprehensively evaluate the competency of a candidate node and effectively reduce negative effects by malicious nodes. In simulation, we compare TRP with other protocols, and shows that our protocol is effective for misbehaviors.
Tactical wireless sensor networks (WSNs) are deployed over a region of interest for mission centric operations. The sink node in a tactical WSN is the aggregation point of data processing. Due to its essential role in the network, the sink node is a high priority target for an attacker who wishes to disable a tactical WSN. This paper focuses on the mitigation of sink-node vulnerability in a tactical WSN. Specifically, we study the issue of protecting the sink node through a technique known as k-anonymity. To achieve k-anonymity, we use a specific routing protocol designed to work within the constraints of WSN communication protocols, specifically IEEE 802.15.4. We use and modify the Lightweight Ad hoc On-Demand Next Generation (LOADng) reactive-routing protocol to achieve anonymity. This modified LOADng protocol prevents an attacker from identifying the sink node without adding significant complexity to the regular sensor nodes. We simulate the modified LOADng protocol using a custom-designed simulator in MATLAB. We demonstrate the effectiveness of our protocol and also show some of the performance tradeoffs that come with this method.
Tactical networks are generally simple ad-hoc networks in design, however, this simple design often gets complicated, when heterogeneous wireless technologies have to work together to enable seamless multi-hop communications across multiple sessions. In recent years, there has been some significant advances in computational, radio, localization, and networking te, and session's rate i.e., aggregate capacity averaged over a 4-time-slot frame)chnologies, which motivate a clean slate design of the control plane for multi-hop tactical wireless networks. In this paper, we develop a global network optimization framework, which characterizes the control plane for multi-hop wireless tactical networks. This framework abstracts the underlying complexity of tactical wireless networks and orchestrates the the control plane functions. Specifically, we develop a cross-layer optimization framework, which characterizes the interaction between the physical, link, and network layers. By applying the framework to a throughput maximization problem, we show how the proposed framework can be utilized to solve a broad range of wireless multi-hop tactical networking problems.
Friendly jamming is a physical layer security technique that utilizes extra available nodes to jam any eavesdroppers. This paper considers the use of additional available nodes as friendly jammers in order to improve the security performance of a route through a wireless area network. One of the unresolved technical challenges is the combining of security metrics with typical service quality metrics. In this context, this paper considers the problem of routing through a D2D network while jointly minimizing the secrecy outage probability (SOP) and connection outage probability (COP), using friendly jamming to improve the SOP of each link. The jamming powers are determined to place nulls at friendly receivers while maximizing the power to eavesdroppers. Then the route metrics are derived, and the problem is framed as a convex optimization problem. We also consider that not all network users equally value SOP and COP, and so introduce an auxiliary variable to tune the optimization between the two metrics.
This paper introduces a multi-factors security key generation mechanism for self-organising Internet of Things (IoT) network and nodes. The mechanism enables users to generate unique set of security keys to enhance IoT security while meeting various business needs. The multi-factor security keys presents an additional security layer to existing security standards and practices currently being adopted by the IoT community. The proposed security key generation mechanism enables user to define and choose any physical and logical parameters he/she prefers, in generating a set of security keys to be encrypted and distributed to registered IoT nodes. IoT applications and services will only be activated after verifying that all security keys are present. Multiple levels of authorisation for different user groups can be easily created through the mix and match of the generated multi-factors security keys. A use case, covering indoor and outdoor field tests was conducted. The results of the tests showed that the mechanism is easily adaptable to meet diverse multivendor IoT devices and is scalable for various applications.
Two emerging architectural paradigms, i.e., Software Defined Networking (SDN) and Network Function Virtualization (NFV), enable the deployment and management of Service Function Chains (SFCs). A SFC is an ordered sequence of abstract Service Functions (SFs), e.g., firewalls, VPN-gateways, traffic monitors, that packets have to traverse in the route from source to destination. While this appealing solution offers significant advantages in terms of flexibility, it also introduces new challenges such as the correct configuration and ordering of SFs in the chain to satisfy overall security requirements. This paper presents a formal model conceived to enable the verification of correct policy enforcements in SFCs. Software tools based on the model can then be designed to cope with unwanted network behaviors (e.g., security flaws) deriving from incorrect interactions of SFs of the same SFC.