Biblio

RPL, the IPv6 Routing Protocol for low-power and lossy networks, was standardized by the Internet Engineering Task Force (IETF) in 2011. It is developed to connect resource constrained devices enabled by low-power and lossy networks (LLNs). RPL prominently becomes the routing protocol for IoT. However, the RPL protocol is facing many challenges such as trustworthiness among the nodes which need to be addressed and resolved to make the network secure and efficient. In this paper, a multicasting technique is developed that is based on trust mechanism to resolve this issue. This mechanism manages and protects the network from untrusted nodes which can hamper the security and result in delayed and distorted transmission of data. It allows any node to decide whether to trust other nodes or not during the construction of the topology. This is then proved efficient by comparing it with broadcasting nature of the transmission among the nodes in terms of energy, throughput, percentage of alive and dead nodes.

As the configuration used for the Mobile Ad hoc Networks (MANET) does not have a fixed infrastructure as well, the mechanism varies for each MANET. The finding of the route in this mechanism also varies because it does not have any fixed path route for routing as well every node in this structure behaves like a base station. MANET has such freedom for its creation, so it also faces various types of attacks on it. Some of the attacks are a black hole, warm hole etc. The researchers have provided various methods to prevent warm hole attacks, as the warm hole attack is seen as difficult to prevent. So here a mechanism is proposed to detect and prevent the warm hole attack using the AODV protocol which is based on trust calculation. In our method, the multiple path selection is used for finding the best path for routing. The path is tested for the warm hole attack, as the node is detected the data packet sent in between the source and destination selects the path from the multi-paths available and the packet delivery is improved. The packet delivery ratio (PDR) is calculated for the proposed mechanism, and the results have improved the PDR by 71.25%, throughput by 74.09 kbps, and the E to E delay is decreased by 57.92ms for the network of 125 nodes.

With large scale generation and exchange of data between IoT devices and constrained IoT security to protect data communication, it becomes easy for attackers to compromise data routes. In IoT networks, IPv6 Routing Protocol is the de facto routing protocol for Low Power and Lossy Networks (RPL). RPL offers limited security against several RPL-specific and WSN-inherited attacks in IoT applications. Additionally, IoT devices are limited in memory, processing, and power to operate properly using the traditional Internet and routing security solutions. Several mitigation schemes for the security of IoT networks and routing, have been proposed including Machine Learning-based, IDS-based, and Trust-based approaches. In existing trust-based methods, mobility of nodes is not considered at all or its insufficient for mobile sink nodes, specifically for security against RPL attacks. This research work proposes a conceptual design, named SMTrust, for security of routing protocol in IoT, considering the mobility-based trust metrics. The proposed solution intends to provide defense against popular RPL attacks, for example, Blackhole, Greyhole, Rank, Version Number attacks, etc. We believe that SMTrust shall provide better network performance for attacks detection accuracy, mobility and scalability as compared to existing trust models, such as, DCTM-RPL and SecTrust-RPL. The novelty of our solution is that it considers the mobility metrics of the sensor nodes as well as the sink nodes, which has not been addressed by the existing models. This consideration makes it suitable for mobile IoT environment. The proposed design of SMTrust, as secure routing protocol, when embedded in RPL, shall ensure confidentiality, integrity, and availability among the sensor nodes during routing process in IoT communication and networks.

This paper analyzes the vulnerability in the process of key negotiation between the main mode and aggressive mode of IKEv1 protocol in IPSec VPN, and proposes a DOS attack method based on OSPF protocol adjacent route spoofing. The experiment verifies the insecurity of IPSec VPN using IKEv1 protocol. This attack method has the advantages of lower cost and easier operation compared with using botnet.

System-on-Chip (SoC) supply chain is widely acknowledged as a major source of security vulnerabilities. Potentially malicious third-party IPs integrated on the same Network-on-Chip (NoC) with the trusted components can lead to security and trust concerns. While secure communication is a well studied problem in computer networks domain, it is not feasible to implement those solutions on resource-constrained SoCs. In this paper, we present a lightweight anonymous routing protocol for communication between IP cores in NoC based SoCs. Our method eliminates the major overhead associated with traditional anonymous routing protocols while ensuring that the desired security goals are met. Experimental results demonstrate that existing security solutions on NoC can introduce significant (1.5X) performance degradation, whereas our approach provides the same security features with minor (4%) impact on performance.

Underwater Wireless Sensor Networks (UWSNs) are liable to malicious attacks due to limited bandwidth, limited power, high propagation delay, path loss, and variable speed. The major differences between UWSNs and Terrestrial Wireless Sensor Networks (TWSNs) necessitate a new mechanism to secure UWSNs. The existing Media Access Control (MAC) and routing protocols have addressed the network performance of UWSNs, but are vulnerable to several attacks. The secure MAC and routing protocols must exist to detect Sybil, Blackhole, Wormhole, Hello Flooding, Acknowledgment Spoofing, Selective Forwarding, Sinkhole, and Exhaustion attacks. These attacks can disrupt or disable the network connection. Hence, these attacks can degrade the network performance and total loss can be catastrophic in some applications, like monitoring oil/gas spills. Several researchers have studied the security of UWSNs, but most of the works detect malicious attacks solely based on a certain predefined threshold. It is not optimal to detect malicious attacks after the threshold value is met. In this paper, we propose a multi-factor authentication model that is based on zero-knowledge proof to detect malicious activities and secure UWSNs from several attacks.

Mobile Adhoc networks (MANETs) comprises of mobile devices or nodes that are connected wirelessly and have no infrastructure. Detecting malicious activities in MANETs is a challenging task as they are vulnerable to attacks where the performance of the entire network degrades. Hence it is necessary to provide security to the network so that the nodes are prone to attack. Selecting a good routing protocol in MANET is also important as frequent change of topology causes the route reply to not arrive at the source node. In this paper, R-AODV (Reverse Adhoc On-Demand Distance Vector) protocol along with ECC (Elliptic Key Cryptography) algorithm is designed and implemented to detect and to prevent the malicious node and to secure data transmission against blackhole attack. The main objective is to keep the data packets secure. ECC provides a smaller key size compared to other public-key encryption and eliminates the requirement of pre-distributed keys also makes the path more secure against blackhole attacks in a MANET. The performance of this proposed system is simulated by using the NS-2.35 network simulator. Simulation results show that the proposed protocol provides good experimental results on various metrics like throughput, end-to-end delay, and PDR. Analysis of the results points to an improvement in the overall network performance.

Fake source packet routing protocols can ensure Source Location Privacy (SLP) protection. However, the protocols have demonstrated some performance limitations including high energy consumption, low packet delivery ratio (PDR), and long end-to-end delay (EED). In this study, a 2-level phantom routing protocol is proposed to address some limitations of an existing fake source packet routing protocol. The proposed protocol supplants the fake source packets with a random second level phantom node to alleviate the limitations. Analysis results confirm that the proposed protocol is capable of achieving strong SLP protection with minimized communication overhead. By removing the fake packet traffic in the network, the protocol incurs minimized energy consumption, maximized PDR, and minimized EED.

Wireless Sensor Networks promises the wireless network tools that does not require any stable infrastructure. Routing is the most important effect of network operation for the extended data rates within the network. Route discovery and route search sent the required packets from the target node source. However, good data transmission is also a threatening task in networks that provide efficient and energy-efficient routing. Various research activities focus on the topology control, source location privacy optimization and effective routing improvement in WSN. Wherein the existing security solutions both routing protocols and source location solutions disrupt the self-organizing nature of wireless sensor networks. Therefore, large overhead signatures are displayed and digitally verified by the requesting node. The cloud-based and routing based schemes have provided efficient security but there are a lot of obstacles for source data and travel path information security in the WSN network. This study is dedicated to calculate the desired number of deployments for sensor nodes in a given area once the selected metric achieves a certain level of coverage, while maintaining wireless connectivity in the network. A trusted node authentication scheme in wireless sensor network reduces the communication between nodes in a secure data transmission network, where shared cryptography is established all adjacent to the sensor node. Route discovery and retransmission increases the network overhead and increases the average end-to-end delay of the network in the conventional systems. This results in higher time complexity, communication overhead and less security of constrained sensor network resources.

Blackhole (BH) attacks are one of the most serious threats in mobile ad-hoc networks. A BH is a security attack in which a malicious node absorbs data packets and sends fake routing information to neighboring nodes. BH attacks are widely studied. However, existing defense methods wrongfully assume that BH attacks cannot overcome the most common defense approaches. A new wave of BH attacks is known as smart BH attacks. In this study, we used a highly aggressive type of BH attack that can predict sequence numbers to overcome traditional detection methods that set a threshold to sequence numbers. To protect the network from this type of BH attack, we propose a detection-and-prevention method that uses local information shared with neighboring nodes. Our experiments show that the proposed method successfully detects and contains even smart BH threats. Consequently, the attack success rate decreases.

Mobile Ad hoc networks (MANET) are becoming extremely popular because of the expedient features that also make them more exposed to various kinds of security attacks. The Wormhole attack is considered to be the most unsafe attack due to its unusual pattern of tunnel creation between two malevolent nodes. In it, one malevolent node attracts all the traffic towards the tunnel and forwards it to another malevolent node at the other end of the tunnel and replays them again in the network. Once the Wormhole tunnel is created it can launch different kind of other attacks such as routing attack, packet dropping, spoofing etc. In past few years a lot of research is done for securing routing protocols. Dynamic Source Routing (DSR) protocol is considered foremost MANET routing protocols. In this paper we are forming the wormhole tunnel in which malevolent nodes use different interfaces for communication in DSR protocol. NS3 simulator is being used for the analysis of the DSR routing protocol under the wormhole attack. This paper provides better understanding of the wormhole attack in DSR protocol which can benefit further research.

As networks continue to grow in complexity using wired and wireless technologies, efficient testing solutions should accommodate such changes and growth. Network simulators provide a network-independent environment to provide different types of network testing. This paper is motivated by the observation that, in many cases in the literature, the success of developed network protocols is very sensitive to the initial conditions and assumptions of the testing scenarios. Network services are deployed in complex environments; results of testing and simulation can vary from one environment to another and sometimes in the same environment at different times. Our goal is to propose mutation-based integration testing that can be deployed with network protocols and serve as Built-in Tests (BiT).This paper proposes an integrated mutation testing framework to achieve systematic test cases' generation for different scenario types. Scenario description and variables' setting should be consistent with the protocol specification and the simulation environment. We focused on creating test cases for critical scenarios rather than preliminary or simplified scenarios. This will help users to report confident simulation results and provide credible protocol analysis. The criticality is defined as a combination of network performance metrics and critical functions' coverage. The proposed solution is experimentally proved to obtain accurate evaluation results with less testing effort by generating high-quality testing scenarios. Generated test scenarios will serve as BiTs for the network simulator. The quality of the test scenarios is evaluated from three perspectives: (i) code coverage, (ii) mutation score and (iii) testing effort. In this work, we implemented the testing framework in NS2, but it can be extended to any other simulation environment.

The wide expansion of the Internet of Things is pushing the growth of vehicular ad-hoc networks (VANETs) into the Internet of Vehicles (IoV). Secure data communication is vital to the success and stability of the IoV and should be integrated into its various operations and aspects. In this paper, we present a framework for secure IoV communications by utilizing the High Performance Blockchain Consensus (HPBC) algorithm. Based on a previously published communication model for VANETs that uses an efficient routing protocol for transmitting packets between vehicles, we describe in this paper how to integrate a blockchain model on top of the IoV communications system. We illustrate the method that we used to implement HPBC within the IoV nodes. In order to prove the efficiency of the proposed model, we carry out extensive simulations that test the proposed model and study its overhead on the IoV network. The simulation results demonstrated the good performance of the HPBC algorithm when implemented within the IoV environment.

In January 2017 encrypted Internet traffic surpassed non-encrypted traffic. Although encryption increases security, it also masks intrusions and attacks by blocking the access to packet contents and traffic features, therefore making data analysis unfeasible. In spite of the strong effect of encryption, its impact has been scarcely investigated in the field. In this paper we study how encryption affects flow feature spaces and machine learning-based attack detection. We propose a new cross-layer feature vector that simultaneously represents traffic at three different levels: application, conversation, and endpoint behavior. We analyze its behavior under TLS and IPSec encryption and evaluate the efficacy with recent network traffic datasets and by using Random Forests classifiers. The cross-layer multi-key approach shows excellent attack detection in spite of TLS encryption. When IPsec is applied, the reduced variant obtains satisfactory detection for botnets, yet considerable performance drops for other types of attacks. The high complexity of network traffic is unfeasible for monolithic data analysis solutions, therefore requiring cross-layer analysis for which the multi-key vector becomes a powerful profiling core.

In the Internet of Things (IoT), it is feasible to interconnect networks of different devices and all these different devices, such as smartphones, sensor devices, and vehicles, are controlled according to a particular user. These different devices are delivered and accept the information on the network. This thing is to motivate us to do work on IoT and the devices used are sensor nodes. The validation of data delivery completely depends on the checks of count data forwarding in each node. In this research, we propose the Link Hop Value-based Intrusion Detection System (L-IDS) against the blackhole attack in the IoT with the assist of WSN. The sensor nodes are connected to other nodes through the wireless link and exchange data routing, as well as data packets. The LHV value is identified as the attacker's presence by integrating the data delivery in each hop. The LHV is always equivalent to the Actual Value (AV). The RPL routing protocol is used IPv6 to address the concept of routing. The Routing procedure is interrupted by an attacker by creating routing loops. The performance of the proposed L-IDS is compared to the RPL routing security scheme based on existing trust. The proposed L-IDS procedure is validating the presence of the attacker at every source to destination data delivery. and also disables the presence of the attacker in the network. Network performance provides better results in the existence of a security scheme and also fully represents the inoperative presence of black hole attackers in the network. Performance metrics show better results in the presence of expected IDS and improve network reliability.

Information-Centric Networking (ICN) is attracting attention as a content distribution method against increasing network traffic. Content distribution in ICN adopts a pull-type communication method that returns data to Interest. However, in this case, the push-type communication method is advantageous. Therefore, the authors have proposed a method in which a server pushes content to reduce the node load in an environment where a large amount of Interest to specific content occurs in a short time. In this paper, we analyze the packet processing delay time with and without the proposed method in an environment where a router processes a large number of packets using a simulator. Simulation results show that the proposed method can reduce packet processing delay time and node load.

In recent years, ICN (Information-Centric Networking) has been under the spotlight as a network that mainly focuses on transmitted and received data rather than on the hosts that transmit and receive data. Generally, the communication networks such as ICNs are required to be robust against network failures caused by attacks and disasters. One of the metrics for the robustness of conventional host-centric networks, e.g., TCP/IP network, is reachability between nodes in the network after network failures, whereas the key metric for the robustness of ICNs is content availability. In this paper, we focus on an arbitrary ICN network and derive the content availability for a given probability of node removal. Especially, we analytically obtain the average content availability over an entire network in the case where just a single path from a node to a repository, i.e., contents server, storing contents is available and where multiple paths to the repository are available, respectively. Furthermore, through several numerical evaluations, we investigate the effect of the structure of network topology as well as the pattern and scale of the network failures on the content availability in ICN. Our findings include that, regardless of patterns of network failures, the content availability is significantly improved by caching contents at routers and using multiple paths, and that the content availability is more degraded at cluster-based node removal compared with random node removal.

This paper introduces an efficient reactive routing protocol considering the mobility and the reliability of a node in Cognitive Radio Sensor Networks (CRSNs). The proposed protocol accommodates the dynamic behavior of the spectrum availability and selects a stable transmission path from a source node to the destination. Outlined as a weighted graph problem, the proposed protocol measures the weight for an edge the measuring the mobility patterns of the nodes and channel availability. Furthermore, the mobility pattern of a node is defined in the proposed routing protocol from the viewpoint of distance, speed, direction, and node's reliability. Besides, the spectrum awareness in the proposed protocol is measured over the number of shared common channels and the channel quality. It is anticipated that the proposed protocol shows efficient routing performance by selecting stable and secured paths from source to destination. Simulation is carried out to assess the performance of the protocol where it is witnessed that the proposed routing protocol outperforms existing ones.

Network adversaries, such as malicious transit autonomous systems (ASes), have been shown to be capable of partitioning the Bitcoin's peer-to-peer network via routing-level attacks; e.g., a network adversary exploits a BGP vulnerability and performs a prefix hijacking attack (viz. Apostolaki et al. [3]). Due to the nature of BGP operation, such a hijacking is globally observable and thus enables immediate detection of the attack and the identification of the perpetrator. In this paper, we present a stealthier attack, which we call the EREBUS attack, that partitions the Bitcoin network without any routing manipulations, which makes the attack undetectable to control-plane and even to data-plane detectors. The novel aspect of EREBUS is that it makes the adversary AS a natural man-in-the-middle network of all the peer connections of one or more targeted Bitcoin nodes by patiently influencing the targeted nodes' peering decision. We show that affecting the peering decision of a Bitcoin node, which is believed to be infeasible after a series of bug patches against the earlier Eclipse attack [29], is possible for the network adversary that can use abundant network address resources (e.g., spoofing millions of IP addresses in many other ASes) reliably for an extended period of time at a negligible cost. The EREBUS attack is readily available for large ASes, such as Tier-1 and large Tier-2 ASes, against the vast majority of 10K public Bitcoin nodes with only about 520 bit/s of attack traffic rate per targeted Bitcoin node and a modest (e.g., 5-6 weeks) attack execution period. The EREBUS attack can be mounted by nation-state adversaries who would be willing to execute sophisticated attack strategies patiently to compromise cryptocurrencies (e.g., control the consensus, take down a cryptocurrency, censor transactions). As the attack exploits the topological advantage of being a network adversary but not the specific vulnerabilities of Bitcoin core, no quick patches seem to be available. We discuss that some naive solutions (e.g., whitelisting, rate-limiting) are ineffective and third-party proxy solutions may worsen the Bitcoin's centralization problem. We provide some suggested modifications to the Bitcoin core and show that they effectively make the EREBUS attack significantly harder; yet, their non-trivial changes to the Bitcoin's network operation (e.g., peering dynamics, propagation delays) should be examined thoroughly before their wide deployment.

MANETs are wireless networks, providing properties such as self-configuration, mobility, and flexibility to the network, which make them a popular and widely used technique. As the usage and popularity of the networks increases, security becomes the most important factor to be concerned. For the sake of security, several protocols and methodologies have been developed for the networks. Along with the increase in security mechanisms, the number of attacks and attackers also increases and hence the threat to the network and secure communication within it increases as well. Some of the attacks have been resolved by the proposed methodologies but some are still a severe threat to the framework, one such attack is Black Hole Attack. The proposed work integrates the SUPERMAN (Security Using Pre-Existing Routing for Mobile Ad-hoc Networks) framework with appropriate methodology to detect and prevent the network from the Black Hole Attack. The mechanism is based on the AODV (Ad-hoc On-demand Distance Vector) routing protocol. In the methodology, the source node uses two network routes, from the source to the destination, one for sending the data packet and another for observing the intermediate nodes of the initial route. If any node is found to be a Black Hole node, then the route is dropped and the node is added to the Black Hole list and a new route to send the data packet to the destination is discovered.

Wireless technology is rapidly proliferating. Devices such as Laptops, PDAs and cell-phones gained a lot of importance due to the use of wireless technology. Nowadays there is also a huge demand for spectrum allocation and there is a need to utilize the maximum available spectrum in efficient manner. Cognitive Radio (CR) Network is one such intelligent radio network, designed to utilize the maximum licensed bandwidth to un-licensed users. Cognitive Radio has the capability to understand unused spectrum at a given time at a specific location. This capability helps to minimize the interference to the licensed users and improves the performance of the network. Routing protocol selection is one of the main strategies to design any wireless or wired networks. In Cognitive radio networks the selected routing protocol should be best in terms of establishing an efficient route, addressing challenges in network topology and should be able to reduce bandwidth consumption. Performance analysis of the protocols helps to select the best protocol in the network. Objective of this study is to evaluate performance of various cognitive radio network routing protocols like Spectrum Aware On Demand Routing Protocol (SORP), Spectrum Aware Mesh Routing in Cognitive Radio Networks (SAMER) and Dynamic Source Routing (DSR) with and without black hole attack using various performance parameters like Throughput, E2E delay and Packet delivery ratio with the help of NS2 simulator.

A self-governing system consisting of mobile nodes that exchange information within a cellular area and is known as a mobile ad hoc network (MANET). Due to its dynamic nature, it is vulnerable to attacks and there is no fixed infrastructure. To transfer a data packet Ad-hoc On-Demand Distance Vector (AODV) is used and it's another form of a reactive protocol. The black-hole attack is a major attack that drastically decreases the packet delivery ratio during a data transaction in a routing environment. In this attack, the attacker's node acts as the shortest path to the target node itself. If the attacker node receives the data packet from the source node, all obtained data packets are excluded from a routing network. A trust-based routing scheme is suggested to ensure secure routing. This routing scheme is divided into two stages, i.e., the Data retrieval (DR), to identify and preserve each node data transfer mechanism in a routing environment and route development stage, to predict a safe path to transmit a data packet to the target node.

Robotics Mobile Ad-hoc Networks (MANETs) are comprised of stations having mobility with no central authority and control. The stations having mobility in Robotics MANETs work as a host as well as a router. Due to the unique characteristics of Robotics MANETs such type of networks are vulnerable to different security attacks. Ad-hoc On-demand Distance Vector (AODV) is a routing protocol that belongs to the reactive category of routing protocols in Robotics MANETs. However, it is more vulnerable to the Black hole (BH) attack that is one of the most common attacks in the Robotics MANETs environment. In this attack during the route disclosure procedure a malicious station promotes itself as a most brief path to the destination as well as after that drop every one of the data gotten by the malicious station. Meanwhile the packets don't reach to its ideal goal, the BH attack turns out to be progressively escalated when a heap of malicious stations attack the system as a gathering. This research analyzed different BH finding as well as removal mechanisms for AODV routing protocol.

Vehicular Ad-Hoc Networks (VANET) are liable to the Black, Worm and Gray Hole attacks because of the broadcast nature of the wireless medium and a lack of authority standards. Black Hole attack covers the situation when a malicious node uses its routing protocol in order to publicize itself for having the shortest route to the destination node. This aggressive node publicizes its availability of fresh routes regardless of checking its routing table. The consequences of these attacks could lead not only to the broken infrastructure, but could cause hammering people's lives. This paper aims to investigate and compare methods for preventing such types of attacks in a VANET.

Mobile Ad hoc Network (MANET) is one of the emerging technologies to communicate between nodes and its decentralized structure, self-configuring nature are the few properties of this Ad hoc network. Due to its undefined structure, it has found its usage in the desired and temporary communication network. MANET has many routing protocols governing it and due to its changing topology, there can be many issues arise in recent times. Problems like no central node, limited energy, and the quality of service, performance, design issues, and security challenges have been bugging the researchers. The black hole attacks are the kind that cause ad hoc network to be at loss of information and make the source to believe that it has the actual least distance path to the destination, but in real scenario the packets do not get forwarded to neighbouring nodes. In this paper, we have discussed different solutions over the past years to deal with such attacks. A summary of the schemes with their results and drawbacks in terms of performance metrics is also given.