Power proximity based key management for secure multicast in ad hoc networks

As group-oriented services become the focal point of ad hoc network applications, securing the group communications becomes a default requirement. In this paper, we address the problem of group access in secure multicast communications for wireless ad hoc networks. We argue that energy expenditure is a scarce resource for the energy-limited ad hoc network devices and introduce a cross-layer approach for designing energy-efficient, balanced key distribution trees to perform key management. To conserve energy, we incorporate the network topology (node location), the “power proximity” between network nodes and the path loss characteristics of the medium in the key distribution tree design. We develop new algorithms for homogeneous as well as heterogeneous environments and derive their computational complexity. We present simulation studies showing the improvements achieved for three different but common environments of interest, thus illustrating the need for cross-layer design approaches for security in wireless networks. Loukas Lazos received the B.S. and M.S. degrees from the Electrical Engineering Department, National Technical University of Athens, Athens, Greece, in 2000 and 2002, respectively. He is currently working towards the Ph.D. degree in the Electrical Engineering Department, University of Washington, Seattle. His current research interests focus on cross-layer designs for energy-efficient key management protocols for wireless ad-hoc networks, as well as secure localization systems for sensor networks. Radha Poovendran received the Ph.D. degree in electrical engineering from the University of Maryland, College Park, in 1999. He has been an Assistant Professor in the Electrical Engineering Department, University of Washington, Seattle, since September 2000. His research interests are in the areas of applied cryptography for multiuser environment, wireless networking, and applications of information theory to security. Dr. Poovendran is a recipient of the Faculty Early Career Award from the National Science Foundation (2001), Young Investigator Award from the Army Research Office (2002), Young Investigator Award from the Office of Naval Research (2004), and the 2005 Presidential Early Career Award for Scientists and Engineers, for his research contributions in the areas of wired and wireless multiuser security.     

Defense against misbehavior in anonymous vehicular ad hoc networks

Vehicular ad hoc network (VANET) can offer various services and benefits to VANET users and thus deserves deployment effort. Misusing such network could cause destructive consequences. It is therefore necessary to discourage misbehavior and defend VANET systems against it, in order to ensure correct and smooth operations of the network. In this paper, we review the techniques for handling misbehavior in VANETs, particularly where anonymous communications are desired to conserve user privacy since it adds more complexity to the defense against misbehavior. A new scheme is proposed to punish misbehaving users and can be employed in both inter-vehicle and vehicle-to-infrastructure anonymous communications. Our scheme leverages some threshold authentication technique that dynamically revokes a user’s credential, while providing the flexibility of whether to reveal the user’s identity and tolerating unintentional misbehavior such as hardware malfunctioning.     

TIDS: threshold and identity-based security scheme for wireless ad hoc networks

As various applications of wireless ad hoc network have been proposed, security has received increasing attentions as one of the critical research challenges. In this paper, we consider the security issues at network layer, wherein routing and packet forwarding are the main operations. We propose a novel efficient security scheme in order to provide various security characteristics, such as authentication, confidentiality, integrity and non-repudiation for wireless ad hoc networks. In our scheme, we deploy the recently developed concepts of identity-based signcryption and threshold secret sharing. We describe our proposed security solution in context of dynamic source routing (DSR) protocol. Without any assumption of pre-fixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide key generation and key management services using threshold secret sharing algorithm, which effectively solves the problem of single point of failure in the traditional public-key infrastructure (PKI) supported system. The identity-based signcryption mechanism is applied here not only to provide end-to-end authenticity and confidentiality in a single step, but also to save network bandwidth and computational power of wireless nodes. Moreover, one-way hash chain is used to protect hop-by-hop transmission.     

ASR: anonymous and secure reporting of traffic forwarding activity in mobile ad hoc networks

Nodes forward data on behalf of each other in mobile ad hoc networks. In a civilian application, nodes are assumed to be selfish and rational, i.e., they pursue their own self-interest. Hence, the ability to accurately measure traffic forwarding is critical to ensure proper network operation. These measurements are also often used to credit nodes based on their level of participation, or to detect loss. Past solutions employ neighbor monitoring and reporting on traffic forwarding of nodes. These methods are not applicable in civilian networks in which neighbor nodes lack the desire or ability to perform the monitoring function. Such environments occur frequently in which neighbor hosts are resource constrained, or in networks where directional antennas are used and reliable eavesdropping is difficult or impossible. In this article, we propose a protocol that uses nodes on the data path to securely produce packet-forwarding reports. Reporting nodes are chosen randomly and secretly so that malicious nodes cannot modify their behavior based upon the monitoring point. The integrity and authenticity of reports are preserved through the use of secure link layer acknowledgments and monitoring reports. The robustness of the reporting mechanism is strengthened by forwarding the report to multiple destinations (source and destination). We explore the security, cost, and accuracy of our protocol.

A secure incentive protocol for mobile ad hoc networks

The proper functioning of mobile ad hoc networks depends on the hypothesis that each individual node is ready to forward packets for others. This common assumption, however, might be undermined by the existence of selfish users who are reluctant to act as packet relays in order to save their own resources. Such non-cooperative behavior would cause the sharp degradation of network throughput. To address this problem, we propose a credit-based Secure Incentive Protocol (SIP) to stimulate cooperation among mobile nodes with individual interests. SIP can be implemented in a fully distributed way and does not require any pre-deployed infrastructure. In addition, SIP is immune to a wide range of attacks and is of low communication overhead by using a Bloom filter. Detailed simulation studies have confirmed the efficacy and efficiency of SIP. This work was supported in part by the U.S. Office of Naval Research under Young Investigator Award N000140210464 and under grant N000140210554. Yanchao Zhang received the B.E. degree in Computer Communications from Nanjing University of Posts and Telecommunications, Nanjing, China, in July 1999, and the M.E. degree in Computer Applications from Beijing University of Posts and Telecommunications, Beijing, China, in April 2002. Since September 2002, he has been working towards the Ph.D. degree in the Department of Electrical and Computer Engineering at the University of Florida, Gainesville, Florida, USA. His research interests are network and distributed system security, wireless networking, and mobile computing, with emphasis on mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and heterogeneous wired/wireless networks. Wenjing Lou is an assistant professor in the Electrical and Computer Engineering department at Worcester Polytechnic Institute. She obtained her Ph.D degree in Electrical and Computer Engineering from University of Florida in 2003. She received the M.A.Sc degree from Nanyang Technological University, Singapore, in 1998, the M.E degree and the B.E degree in Computer Science and Engineering from Xi'an Jiaotong University, China, in 1996 and 1993 respectively. From Dec 1997 to Jul 1999, she worked as a Research Engineer in Network Technology Research Center, Nanyang Technological University. Her current research interests are in the areas of ad hoc and sensor networks, with emphases on network security and routing issues. Wei Liu received his B.E. and M.E. in Electrical and Information Engineering from Huazhong University of Science and Technology, Wuhan, China, in 1998 and 2001. In August 2005, he received his PhD in Electrical and Computer Engineering from University of Florida. Currently, he is a senior technical member with Scalable Network Technologies. His research interest includes cross-layer design, and communication protocols for mobile ad hoc networks, wireless sensor networks and cellular networks. Yuguang Fang received a Ph.D. degree in Systems Engineering from Case Western Reserve University in January 1994 and a Ph.D degree in Electrical Engineering from Boston University in May 1997. He was an assistant professor in the Department of Electrical and Computer Engineering at New Jersey Institute of Technology from July 1998 to May 2000. He then joined the Department of Electrical and Computer Engineering at University of Florida in May 2000 as an assistant professor, got an early promotion to an associate professor with tenure in August 2003 and a professor in August 2005. He has published over 150 papers in refereed professional journals and conferences. He received the National Science Foundation Faculty Early Career Award in 2001 and the Office of Naval Research Young Investigator Award in 2002. He has served on many editorial boards of technical journals including IEEE Transactions on Communications, IEEE Transactions on Wireless Communications, IEEE Transactions on Mobile Computing and ACM Wireless Networks. He is a senior member of the IEEE.     

A secure group key management scheme for hierarchical mobile ad hoc networks

In this paper, we present a secure group key management scheme for hierarchical mobile ad hoc networks. Our approach aims to improve both scalability and survivability of group key management for large-scale wireless ad hoc networks. To achieve our goal, we propose the following approaches: (1) a multi-level security model, which follows a modified Bell-La Padula security model that is suitable in a hierarchical mobile ad hoc networking environment, and (2) a decentralized group key management infrastructure to achieve such a multi-level security model. Our approaches reduce the key management overhead and improve resilience to any single point failure problem. In addition, we have developed a roaming protocol that is able to provide secure group communication involving group members from different groups without requiring new keys; an advantage of this protocol is that it is able to provide continuous group communication even when the group manager fails.     

Threshold-based intrusion detection in ad hoc networks and secure AODV

Mobile ad hoc networks (MANETs) play an important role in connecting devices in pervasive environments. MANETs provide inexpensive and versatile communication, yet several challenges remain in addressing their security. So far, numerous schemes have been proposed for secure routing and intrusion detection, with only simulations to validate them; little work exists, in implementing such schemes on small handheld devices. In this paper, we present our approach of securing a MANET using a threshold-based intrusion detection system and a secure routing protocol. We present a proof-of-concept implementation of our IDS deployed on handheld devices and in a MANET testbed connected by a secure version of AODV over IPv6 – SecAODV. While the IDS helps detect attacks on data traffic, SecAODV incorporates security features of non-repudiation and authentication, without relying on the availability of a Certificate Authority (CA) or a Key Distribution Center (KDC). We present the design and implementation details of our system, the practical considerations involved, and how these mechanisms can be used to detect and thwart malicious attacks.     

Security considerations in ad hoc sensor networks

In future smart environments, ad hoc sensor networks will play a key role in sensing, collecting, and disseminating information about environmental phenomena. As sensor networks come to be wide-spread deployment, security issues become a central concern. So far, the main research focus has been on making sensor networks feasible and useful, and less emphasis has been placed on security. This paper analyzes security challenges in wireless sensor networks and summarizes key issues that need be solved for achieving security in an ad hoc network. It gives an overview of the current state of solutions on such key issues as secure routing, prevention of denial-of-service, and key management service.     

On optimal batch rekeying for secure group communications in wireless networks

Advances in wireless communications and mobile computing have led to the emergence of group communications and applications over wireless. In many of these group interactions, new members can join and current members can leave at any time, and existing members must communicate securely to achieve application-specific missions or network-specific functionality. Since wireless networks are resource-constrained, a key challenge is to provide secure and efficient group communication mechanisms that satisfy application requirements while minimizing the communication cost. Instead of individual rekeying, i.e., performing a rekey operation right after each join or leave request, periodic batch rekeying has been proposed to alleviate rekeying overhead in resource-constrained wireless networks. In this paper, we propose an analytical model to address the issue of how often batch rekeying should be performed. We propose threshold-based batch rekeying schemes and demonstrate that an optimal rekey interval exists for each scheme. We further compare these schemes to identify the best scheme that can minimize the communication cost of rekeying while satisfying application requirements when given a set of parameter values characterizing the operational and environmental conditions of the system. In a highly dynamic wireless environment in which the system parameter values change at runtime, our work may be used to adapt the rekeying interval accordingly.     

适合ad hoc网络无需安全信道的密钥管理方案

密钥管理问题是构建ad hoc安全网络系统首要解决的关键问题之一.针对ad hoc网络特点,提出了一个无需安全信道的门限密钥管理方案.该方案中,可信中心的功能由局部注册中心和分布式密钥生成中心共同实现,避免了单点失效问题;通过门限技术,网络内部成员相互协作分布式地生成系统密钥;利用基于双线性对的公钥体制实现了用户和分布式密钥生成中心的双向认证;通过对用户私钥信息进行盲签名防止攻击者获取私钥信息,从而可以在公开信道上安全传输.分析表明该方案达到了第Ⅲ级信任,具有良好的容错性,并能抵御网络中的主动和被动攻击,在满足ad hoc网络安全需求的情况下,极大地降低了计算和存储开销.     

车载自组网的现状与发展

简要介绍了车载自组网的发展历史、特点和应用领域。使用分析和比较的方法，讨论各种无线通信技术用于车载自组网的优缺点，并针对车载自组网的应用及特性提出搭建车间通信系统的设计思想和突破方向。为了便于读者跟踪国外先进的研究成果，还介绍了一些在这一领域比较活跃的研究机构以及他们的主要工作。     

A secure mutual authentication scheme with non‐repudiation for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have been a research focus in recent years. VANETs are not only used to enhance the road safety and reduce the traffic accidents earlier but also conducted more researches in network value‐added service. As a result, the security requirements of vehicle communication are given more attention. In order to prevent the security threat of VANETs, the security requirements, such as the message integrity, availability, and confidentiality are needed to be guaranteed further. Therefore, a secured and efficient verification scheme for VANETs is proposed to satisfy these requirements and reduce the computational cost by combining the asymmetric and symmetric cryptology, certificate, digital signature, and session key update mechanism. In addition, our proposed scheme can resist malicious attacks or prevent illegal users' access via security and performance analysis. In summary, the proposed scheme is proved to achieve the requirements of resist known attacks, non‐repudiation, authentication, availability, integrity, and confidentiality. Copyright © 2015 John Wiley & Sons, Ltd.     

An improved EAAP scheme for vehicular ad hoc networks

Recently, Maria Azees et al proposed an “EAAP: efficient anonymous authentication with conditional privacy‐preserving scheme for Vehicular Ad Hoc Networks.” Their scheme is mainly to solve the problem of high computation time of anonymous certificate and signature authentication, as well as the tracking problem of malicious vehicles. However, some improvements are needed in the protection of anonymous identity and the effective tracking of malicious vehicles. In this paper, our scheme realizes mutual authentication between OBU and RSU, and the RSU is authenticated without using certificate. In order to prevent the anonymous identity of the vehicles from being monitored and tracked, we use the negotiated short‐time key to encrypt the anonymous identity in the vehicle certificates. In addition, our scheme uses a new tracking method for malicious vehicles. Then, we prove the scheme through BAN logic, and it has the properties of authentication, anonymity, unlinkability, privacy protection, and traceability. Finally, we compare the computation cost and communication cost with other schemes, and the scheme has been greatly improved.     

RPB-MD: Providing robust message dissemination for vehicular ad hoc networks

To improve traffic safety and efficiency, it is vital to reliably send traffic-related messages to vehicles in the targeted region in vehicular ad hoc networks (VANETs). In this paper, we propose a novel scheme, relative position based message dissemination (RPB-MD), to reliably and efficiently disseminate messages to the vehicles in the zone-of-relevance. Firstly, the relative position based (RPB) addressing model is proposed to effectively define the intended receivers in the zone-of-relevance. To ensure high message delivery ratio and low delivery delay, directional greedy broadcast routing (DGBR) is introduced to make a group of candidate nodes hold the message for high reliability. Moreover, to guarantee efficiency, the protocol time parameters are designed adaptively according to the message attributes and local vehicular traffic density. The protocol feasibility is analyzed to illustrate the robustness and reliability of RPB-MD. Simulation results show that RPB-MD, compared with representative existing schemes, achieves high delivery ratio, limited overhead, reasonable delay and high network reachability under different vehicular traffic density and data sending rate.     

Secure message transmission in mobile ad hoc networks

The vision of nomadic computing with its ubiquitous access has stimulated much interest in the mobile ad hoc networking (MANET) technology. However, its proliferation strongly depends on the availability of security provisions, among other factors. In the open, collaborative MANET environment, practically any node can maliciously or selfishly disrupt and deny communication of other nodes. In this paper, we propose the secure message transmission (SMT) protocol to safeguard the data transmission against arbitrary malicious behavior of network nodes. SMT is a lightweight, yet very effective, protocol that can operate solely in an end-to-end manner. It exploits the redundancy of multi-path routing and adapts its operation to remain efficient and effective even in highly adverse environments. SMT is capable of delivering up to 83% more data messages than a protocol that does not secure the data transmission. Moreover, SMT achieves up to 65% lower end-to-end delays and up to 80% lower delay variability, compared with an alternative single-path protocol––a secure data forwarding protocol, which we term secure single path (SSP) protocol. Thus, SMT is better suited to support quality of service for real-time communications in the ad hoc networking environment. The security of data transmission is achieved without restrictive assumptions on the network nodes’ trust and network membership, without the use of intrusion detection schemes, and at the expense of moderate multi-path transmission overhead only.     

Secure hosts auto-configuration in mobile ad hoc networks

All existing routing protocols of Mobile Ad Hoc networks (MANET) assume that IP addresses of hosts are already configured before they join the network. In traditional schemes, this task is delegated to the dynamic host configuration protocol (DHCP [R. Droms, Dynamic host configuration protocol, RFC 2131, March 1997]), which allots an IP address to each requesting node. However, this process can not be applied in the context of MANET because of the lack of infrastructure and the great mobility that characterize them. A manual management of the addresses can be considered as long as the number of nodes remains reasonable. On the other hand, it is not possible any more since the network reaches a certain size. Some works proposed solutions to allow an automatic configuration of the nodes, i.e. without human intervention. Unfortunately these processes, often inspired of the traditional wired networks, are not always well adapted to MANET and appear relatively greedy concerning for example the delay, the address space or the bandwidth. Moreover, they apply only to ideal networks in which all nodes can trust each other. In this manner, they do absolutely not consider the security aspects and are thus not adapted to a real use in potentially hostile environment. In this paper, we propose a node auto-configuration scheme which uses the buddy system technique to allocate the addresses, as well as an algorithm allowing to authenticate the participants inside the network.     

Adaptive gossip protocols: Managing security and redundancy in dense ad hoc networks

Many ad hoc routing algorithms rely on broadcast flooding for location discovery or, more generally, for secure routing applications. Flooding is a robust algorithm but because of its extreme redundancy, it is impractical in dense networks. Indeed in large wireless networks, the use of flooding algorithms may lead to broadcast storms where the number of collisions is so large that it causes system failure. To prevent broadcast storms, many mechanisms that reduce redundant transmissions have been proposed that reduce retransmission overhead either deterministically or probabilistically.Gossip is a probabilistic algorithm in which packet retransmission is based on the outcome of coin tosses. The retransmission probability can be fixed, dynamic or adaptive. With dynamic gossip, local information is used to determine the retransmission probability. With adaptive gossip, the decision to relay is adjusted adaptively based on the outcome of coin tosses, the local network structure, and the local response to the flooding call. The goal of gossip is to minimize the number of retransmissions, while retaining the main benefits of flooding, e.g., universal coverage, minimal state retention, and path length preservation.In this paper we consider ways to reduce the number of redundant transmissions in flooding while guaranteeing security. We present several new gossip protocols that exploit local connectivity to adaptively correct propagation failures and protect against Byzantine attacks. A main contribution of this work is that we introduce a cell-grid approach that allows us to analytically prove performance and security protocol properties. The last two gossip protocols that we give are fully adaptive, i.e., they automatically correct all faults and guarantee delivery, the first such protocols to the best of our knowledge.     

Network mobility protocol for vehicular ad hoc networks

The goal of the network mobility management is to effectively reduce the complexity of handoff procedure and keep mobile devices connecting to the Internet. When users are going to leave an old subnet and enter a new subnet, the handoff procedure is executed on the mobile device, and it may break off the real‐time service, such as VoIP or mobile TV, because of the mobility of mobile devices. Because a vehicle is moving so fast, it may cause the handoff and packet loss problems. Both of the problems will lower down the throughput of the network. To overcome these problems, we propose a novel network mobility protocol for vehicular ad hoc networks. In a highway, because every car is moving in a fixed direction at a high speed, a car adopting our protocol can acquire an IP address from the vehicular ad hoc network through the vehicle‐to‐vehicle communications. The vehicle can rely on the assistance of a front vehicle to execute the prehandoff procedure, or it may acquire a new IP address through multihop relays from the car on the lanes of the same or opposite direction and thus may reduce the handoff delay and maintain the connectivity to the Internet. Simulation results have shown that the proposed scheme is able to reduce both the handoff delay and packet loss rate. Copyright © 2013 John Wiley & Sons, Ltd.     

Analytical model for connectivity of vehicular ad hoc networks in the presence of channel randomness

A vehicular ad hoc network (VANET) is a highly mobile wireless ad hoc network formed by vehicles equipped with communication facilities. Developing multihop communication in VANETs is a challenging problem because of rapidly changing network topology and frequent network disconnections. This paper investigates the network connectivity probability of one‐dimensional VANET in the presence of channel randomness. Network connectivity is one of the most important issues in VANETs, because the dissemination of time‐critical information requires, as a preliminary condition, the network to be fully connected. We present an analytical procedure for the computation of network connectivity probability, taking into account the underlying wireless channel. Three different fading models are considered for the connectivity analysis: Rayleigh, Rician, and Weibull. A distance‐dependent power law model is employed for the pathloss in a vehicle‐to‐vehicle channel. Furthermore, the speed of each vehicle on the highway is assumed to be a Gaussian distributed random variable. The analysis provides a general framework for investigating the dependence of various parameters such as vehicle arrival rate, vehicle density, vehicle speed, highway length, and various physical layer parameters such as transmit power, receive signal‐to‐noise ratio threshold, path loss exponent, and fading factors (Rician and Weibull) on VANET connectivity. Copyright © 2011 John Wiley & Sons, Ltd.     

Secure routing in mobile wireless ad hoc networks

We discuss several well known contemporary protocols aimed at securing routing in mobile wireless ad hoc networks. We analyze each of these protocols against requirements of ad hoc routing and in some cases identify fallibilities and make recommendations to overcome these problems so as to improve the overall efficacy of these protocols in securing ad hoc routing, without adding any significant computational or communication overhead.