Mobile data collection in sensor networks: The TinyLime middleware

In this paper we describe TinyLime, a novel middleware for wireless sensor networks that departs from the traditional setting where sensor data is collected by a central monitoring station, and enables instead multiple mobile monitoring stations to access the sensors in their proximity and share the collected data through wireless links. This intrinsically context-aware setting is demanded by applications where the sensors are sparse and possibly isolated, and where on-site, location-dependent data collection is required. An extension of the Lime middleware for mobile ad hoc networks, TinyLime makes sensor data available through a tuple space interface, providing the illusion of shared memory between applications and sensors. Data aggregation capabilities and a power-savvy architecture complete the middleware features. The paper presents the model and application programming interface of TinyLime, together with its implementation for the Crossbow MICA2 sensor platform.     

Threshold cryptography in P2P and MANETs: The case of access control

Ad hoc groups, such as peer-to-peer (P2P) systems and mobile ad hoc networks (MANETs) represent recent technological advancements. They support low-cost, scalable and fault-tolerant computing and communication. Since such groups do not require any pre-deployed infrastructure or any trusted centralized authority they have many valuable applications in military and commercial as well as in emergency and rescue operations. However, due to lack of centralized control, ad hoc groups are inherently insecure and vulnerable to attacks from both within and outside the group.Decentralized access control is the fundamental security service for ad hoc groups. It is needed not only to prevent unauthorized nodes from becoming members but also to bootstrap other security services such as key management and secure routing. In this paper, we construct several distributed access control mechanisms for ad hoc groups. We investigate, in particular, the applicability and the utility of threshold cryptography (more specifically, various flavors of existing threshold signatures) towards this goal.     

Point-to-point voice over ad hoc networks: A survey

The dynamic topologies of mobile and wireless ad hoc networks affect voice communication applications. Difficult issues are wireless links with time-varying capacity and large loss rates, available bandwidth undergoing fast time-scale variations due to channel fading and physical obstacles, absence of centralized components assisting session set up and management, and instability of routes. The purpose of this paper is to survey research works that have been conducted to address these difficulties with an emphasis on the support of point-to-point voice sessions. The survey covers six complementary aspects: voice over ad hoc network architecture, route selection, bandwidth reservation and admission control, adaptive applications and security.     

The performance impact of traffic patterns on routing protocols in mobile ad hoc networks

As mobile ad hoc network (MANET) systems research has matured and several testbeds have been built to study MANETs, research has focused on developing new MANET applications such as collaborative games, collaborative computing, messaging systems, distributed security schemes, MANET middleware, peer-to-peer file sharing systems, voting systems, resource management and discovery, vehicular computing and collaborative education systems. The growing set of diverse applications developed for MANETs pose far more complex traffic patterns than the simple one-to-one traffic pattern, and hence the one-to-one traffic pattern widely used in previous protocol studies has become inadequate in reflecting the relative performance of these protocols when deployed to support these emerging applications.As a first step towards effectively supporting newly developed and future diverse MANET applications, this paper studies the performance impact of diverse traffic patterns on routing protocols in MANETs. Specifically, we propose a new communication model that extends the previous communication model to include a more general traffic pattern that varies the number of connections per source node. We study the performance impact of traffic patterns on various routing protocols via detailed simulations of an ad hoc network of 112 mobile nodes. Our simulation results show that many of the conclusions drawn in previous protocol comparison studies no longer hold under the new traffic patterns. These results motivate the need for performance evaluation of ad hoc networks to not only include rich and diverse mobility models as has been done in the past but also include diverse traffic patterns that stress a wide set of protocol design issues.     

PAACP: A portable privacy-preserving authentication and access control protocol in vehicular ad hoc networks

Recently, several studies addressed security and privacy issues in vehicular ad hoc networks (VANETs). Most of them focused on safety applications. As VANETs will be available widely, it is anticipated that Internet services could be accessed through VANETs in the near future. Thus, non-safety applications for VANETs would rise in popularity. This paper proposes a novel portable privacy-preserving authentication and access control protocol, named PAACP, for non-safety applications in VANETs. In addition to the essential support of authentication, key establishment, and privacy preservation, PAACP is developed to provide sophisticated differentiated service access control, which will facilitate the deployment of a variety of non-safety applications. Besides, the portability feature of PAACP can eliminate the backend communications with service providers. Therefore, better performance and scalability can be achieved in PAACP.     

Effective Key Management Protocol for Extremely Self-Motivated Environment

Ad hoc networks provide solutions to a variety of deployed applications by creating networks on-the-fly. Key management is a significant issue for adequate security. To ensure secure group communication, keys need to be changed whenever the group changes. The highly dynamic nature of ad hoc networks makes this task challenging. The major problems for key management techniques to group applications are inefficiency and out-of-synchronization. The proposed cluster-based batch re-keying has a significant effect to unravel these problems.     

A vulnerabilities analysis and corresponding middleware security extensions for securing NGN applications

International standard bodies such as the Parlay Group, 3GPP (Third Generation Partnership Project), and ETSI TISPAN describe an applications middleware in the form of open service access (OSA)/Parlay Application Programming Interfaces and Parlay X Web Services which allow multimedia applications to be implemented on top of different fixed and mobile network types. These established middleware services are also applicable to the new IP Multimedia Subsystem (IMS) forming the heart of emerging next generation networks. The main objective of this kind of middleware services is to simplify and unify service creation and – as applications are realized in so-called application servers which can be flexibly connected to dedicated network gateways – also to expose available network capabilities to third parties. This results in an inherent increase of security threats and increases the risk of attacks on network resources. This article describes the security requirements and challenges to Web services-based NGN middleware. Based on this analysis the paper presents the middleware security mechanisms at application level providing end-to-end security based on standard such as XML Digital Signatures, XML Encryption and SAML (Security Assertion Markup Language). Furthermore, we propose additional security means in the form of intrusion detection and prevention (IDP) system protecting applications middleware against SQL injection attacks which are not mitigated by existing solutions.     

一种无线Ad Hoc网络动态混淆匿名算法

无线Ad Hoc网络的特殊性决定了它要受到多种网络攻击的威胁,现有的加密和鉴别机制无法解决流量分析攻击.在比较了抗流量分析的匿名技术基础上,提出混淆技术可以满足无线Ad Hoc网络的匿名需求,但现有的混淆算法在Ad Hoc网络下却存在安全与效率的问题.提出了一种动态混淆的RM(pseudo-random mix)算法,该算法主要对混淆器的管理部分进行重新设计.RM算法根据混淆缓冲区的情况进行决策,当缓冲区未满时采用时延转发方式,缓冲区满后采用随机数转发方式,这样既保证了无线Ad Hoc节点的匿名性,同时又解决了停等算法的丢包现象.对RM算法的安全性和效率进行了分析,仿真结果与理论分析相一致,表明RM算法在无线Ad Hoc网络下具有较好的自适应性和实用价值.     

Securing DSR against wormhole attacks in multirate ad hoc networks

A wormhole attack is one of the hardest problems to detect whereas it can be easily implanted in any type of wireless ad hoc network. A wormhole attack can easily be launched by the attacker without having knowledge of the network or compromising any legitimate nodes. Most existing solutions either require special hardware devices or make strong assumptions in order to detect wormhole attacks which limit the usability of these solutions. In this paper, we present a security enhancement to dynamic source routing (DSR) protocol against wormhole attacks for ad hoc networks which relies on calculation of round trip time (RTT). Our protocol secures DSR against a wormhole attack in ad hoc networks for multirate transmissions. We also consider the processing and queuing delays of each participating node in the calculation of RTTs between neighbors which to date has not been addressed in the existing literature. This work provides two test cases that show that not taking multirate transmission into consideration results in miss identifying a wormhole attack.     

SEMD: Secure and efficient message dissemination with policy enforcement in VANET

Vehicular ad hoc network (VANET) is an increasing important paradigm, which not only provides safety enhancement but also improves roadway system efficiency. However, the security issues of data confidentiality, and access control over transmitted messages in VANET have remained to be solved. In this paper, we propose a secure and efficient message dissemination scheme (SEMD) with policy enforcement in VANET, and construct an outsourcing decryption of ciphertext-policy attribute-based encryption (CP-ABE) to provide differentiated access control services, which makes the vehicles delegate most of the decryption computation to nearest roadside unit (RSU). Performance evaluation demonstrates its efficiency in terms of computational complexity, space complexity, and decryption time. Security proof shows that it is secure against replayable choosen-ciphertext attacks (RCCA) in the standard model.     

Effective Key Management Protocol for Extremely Self-Motivated Environment

ABSTRACT

Ad hoc networks provide solutions to a variety of deployed applications by creating networks on-the-fly. Key management is a significant issue for adequate security. To ensure secure group communication, keys need to be changed whenever the group changes. The highly dynamic nature of ad hoc networks makes this task challenging. The major problems for key management techniques to group applications are inefficiency and out-of-synchronization. The proposed cluster-based batch re-keying has a significant effect to unravel these problems.     

一个通用的分布式访问控制决策中间件

将各种安全功能从上层应用中抽象出来形成一种通用和标准的安全服务,可以简化应用开发的复杂性和增强安全功能的可重用性。论文设计并实现了一个基于XACML的通用分布式访问控制决策中间件UDACD（Universal Distributed Access Control Decision）,对分布式环境下的访问控制决策过程进行了封装,对外面向各种应用提供通用的决策服务。UDACD支持多种访问控制策略类型和跨管理域的匿名资源访问控制;实现了对策略的缓存和对用户安全属性的两级缓存,显著加快了决策速度。UDACD可以帮助简化策略管理,并提供跨应用的一致策略实施。     

Delay-tolerant delivery of quality information in ad hoc networks

We investigate the delivery of information in ad hoc networks. We consider information sources and information consumers, and the network in between. Information has a certain quality indicator that fades over time. Consumers (applications that process incoming data) can receive and process disseminated information from its generation time until the associated quality reaches the lowest possible level. We adopt optimal stopping theory and an optimal online search algorithm in order to study the problem of optimally scheduling information consumption. The assumptions of our study include an efficient epidemic information dissemination scheme, which is a popular scheme for wireless sensor networks nowadays. We adopt the latter scheme for a combined setting where receiving nodes delay the reporting of information to applications in search for better quality while the overall network optimizes transmissions through the epidemic abstraction. Our findings are quite promising for the engineering of delay-tolerant applications (and the relevant middleware) in ad hoc networks.     

SecSpaces: a Data-driven Coordination Model for Environments Open to Untrusted Agent

In this paper we initiate an investigation about security problems which occur when exploiting a Linda-like data driven coordination model in an open environment. In this scenario, there is no guarantee that all the agents accessing the shared tuple space are trusted. Starting from the analysis of the few proposals already available in the literature, we present a novel coordination model which provides mechanisms to manage tuple access control. The first mechanism supports logical partitions of the shared repository: in this way we can restrict the access to tuples inside a partition, simply by limiting the access to the partition itself. The second mechanism consists of adding to the tuples some extra information which exploit asymmetric cryptography in order, e.g., to authenticate the producer of a tuple or to identify its reader/consumer. Finally, we support the possibility to define access control policies based on the kind of operations an agent performs on a tuple, thus discriminating between (destructive) input and (non-destructive) read operations.     

Identity-based secure collaboration in wireless ad hoc networks

Voluntary peer collaboration is often assumed in media access, route discovery, packet forwarding, and upper-layer protocols designed for wireless ad hoc networks. This assumption has been seriously challenged when peers are autonomous, selfish, or malicious in large-scale, heterogeneous networks. In this paper, based on the latest advances in identity-based cryptography, we design a lightweight and cheat-resistant micropayment scheme to stimulate and compensate collaborative peers that sacrifice their resources to relay packets for other peers. We also demonstrate that when security and collaboration measures are properly enforced, profitable collaboration is a preferable strategy for all peers in ad hoc networks.     

EMMA: Epidemic Messaging Middleware for Ad hoc networks

The characteristics of mobile environments, with the possibility of frequent disconnections and fluctuating bandwidth, have forced a rethink of traditional middleware. In particular, the synchronous communication paradigms often employed in standard middleware do not appear to be particularly suited to ad hoc environments, in which not even the intermittent availability of a backbone network can be assumed. Instead, asynchronous communication seems to be a generally more suitable paradigm for such environments. Message oriented middleware for traditional systems has been developed and used to provide an asynchronous paradigm of communication for distributed systems, and, also for some specific mobile computing systems recently. In this paper, we present our experience in designing, implementing, and evaluating Epidemic Messaging Middleware for Ad hoc networks (EMMA), an adaptation of Java Message Service (JMS) for mobile ad hoc environments, discussing in detail the design challenges and the solutions that have been adopted.

移动ad hoc网络的安全漏洞及对策

移动ad hoc网络是一种新型的无线移动网络，因其特有的路由多跳性、无中心的控制分布性以及拓扑动态性，使得现有网络中的安全机制不能完全应用于移动ad hoc网络。文中探讨了移动ad hoc网络特有的各种安全漏洞以及相应的对策中存在的各种不足，并与现有网络中的安全对策进行了较深入的比较，从而总结出该领域研究的发展趋势，并指出了几个值得重视的研究方向。     

无线Ad Hoc网络支持QoS的研究进展与展望

无线ad hoc网络的应用环境以及与Internet的互连要求它必须提供一定的服务质量(QoS)保证,然而,无线信道固有的特点及节点移动造成网络拓扑的频繁变化,使得在无线ad hoc网络中支持QoS面临许多新的挑战.从无线ad hoc网络的QoS体系结构、QoS路由、QoS信令、支持业务区分和资源预留的介质访问控制协议这4个方面出发,对近年来国内外在该方向取得的研究成果作了全面的概括总结和比较分析,系统阐述了在无线ad hoc网络中支持QoS的问题,指出了亟待解决的问题和今后的研究方向.