Brian Rivera

In-Band Wormholes and Countermeasures in OLSR Networks

In a wormhole attack, colluding nodes create the illusion that two remote regions of a MANET are directly connected through nodes that appear to be neighbors, but are actually distant from each other. This undermines shortest-path routing calculations, allowing the attacking nodes to attract traffic, which can then be manipulated. Prior research has concentrated on out-of-band wormholes, which covertly connect the purported neighbors via a separate wireline network or RF channel. We present a detailed description of in-band wormholes in OLSR networks. These connect the purported neighbors via covert, multi-hop tunnels. In-band wormholes are an important threat because they do not require specialized hardware and can be launched by any node in the MANET. Moreover, unlike out-of-band wormholes, in-band wormholes consume network capacity, inherently degrading service. We explain the conditions under which an in-band wormhole will collapse and how it can be made collapse resilient. We identify the self-contained and extended forms of in-band wormholes and present wormhole gravitational analysis, a technique for comparing the effect of wormholes on the network. Finally, we identify potential countermeasures for preventing and detecting in-band wormholes based on packet loss rates, packet delays, and topological characteristics, and we describe the results of initial laboratory experiments to assess their effectiveness

Mobile Ad Hoc Network emulation environment

To support research in wireless mobile ad hoc networks, the U.S. Army Research Laboratory (ARL) and Naval Research Laboratory (NRL) have worked jointly to establish an advanced emulation environment. A key component is a Mobile Ad-Hoc Network emulation testbed where algorithms and applications can be subjected to representative wireless network conditions. The testbed is based on a version of the “MANE” (Mobile Ad hoc Network Emulator) software originally developed by the Naval Research Laboratory (NRL). Consulting & Engineering Next Generation Networks (CENGEN) has enhanced MANE by implementing a modular, extensible architecture which allows advanced modeling methods and computing technologies to be incorporated into the environment. This paper discuses the current capabilities of Mobile Network Emulation for conducting empirical evaluation and demonstration of MANET technologies and is organized into 5 sections: (1) introduction to the role of emulation in network modeling, (2) mobile network emulators background (3) emulation system components (4) future plans and (5) conclusions.

Countering False Accusations and Collusion in the Detection of In-Band Wormholes

Cooperative intrusion detection techniques for MANETs utilize ordinary computing hosts as network intrusion sensors. If compromised, these hosts may inject bogus data into the intrusion detection system to hide their activities or falsely accuse well-behaved nodes. Approaches to Byzantine fault tolerance involving voting are potentially applicable, but must address the fact that only nodes in particular topological locations at particular times are qualified to vote on whether an attack occurred. We examine these issues in the context of a prototype distributed detector for self-contained, in-band wormholes in OLSR networks. We propose an opportunistic voting algorithm and present test results from a 48-node testbed in which colluding attackers generate corroborating false accusations against pairs of innocent nodes. The results indicate that opportunistic voting can instantaneously suppress false accusations when the network topology and routes chosen by OLSR provide a sufficient number of nearby honest observers to outvote the attackers.

A scalable testbed for emulating wireless Mobile Ad-hoc Networks

To support research in wireless mobile networks and mobile ad-hoc network security, the U.S. army research laboratory (ARL) has developed a ldquoWireless emulation laboratoryrdquo (WEL). A key component of the WEL is a Mobile Ad-hoc network (MANET) emulation testbed on which algorithms and applications can be subjected to emulated wireless network conditions. The testbed is based on the MANE (mobile ad-hoc network emulator) software originally developed by the naval research laboratory (NRL). It has since been improved through the incorporation of advanced modeling methods and computing technologies. Important additional features include (1) the integration of the terrain integrated rough earth model (TIREM) propagation model, (2) the use of virtual machine technologies to scale the size of the network, and (3) the inclusion of custom-designed mobility patterns to create a specific dynamic topology of a MANET under test. Currently the WEL testbed can emulate a 101-node MANET and, through the use of virtualization technologies, will scale well beyond that number. This paper discusses the current capabilities of ARLpsilas WEL for conducting empirical evaluation and demonstration of MANET technologies and concludes with planned future enhancements.

A Cognitive Policy Framework for Next-Generation Distributed Federated Systems: Concepts and Research Directions

Next-generation collaborative activities and missions will be carried out by autonomous groups of devices with a large variety of cognitive capabilities. These devices will have to operate in environments characterized by uncertainty, insecurity (both physical and cyber), and instability. In such environments, communications may be fragmented. Proper policy-based management of such autonomous device groups is thus critical. However current policy management systems have many limitations, including lack of flexibility. In this paper, we articulate novel architectural approaches addressing the requirements for the effective management of autonomous groups of devices and discuss the notion of generative policies - a novel paradigm that enhances the flexibility of policy-based approaches to management. In this paper, we also survey types of policy that are essential for managing device groups. Even though many such policy types exist in conventional settings, their use in our context poses novel challenges that we articulate in the paper. We also introduce a research roadmap discussing several research directions towards the development of a cognitive and flexible policy-based approach to the management of autonomous groups of devices for collaborative missions. Finally, as our proposed policy paradigm is data-intensive, we discuss the problem of supplying the data required for policy decisions in environments characterized by mobility, uncertainly, and fragmented communications.

Toward a Science of Secure Environments

The longstanding debate on a fundamental science of security has led to advances in systems, software, and network security. However, existing efforts have done little to inform how an environment should react to emerging and ongoing threats and compromises. The authors explore the goals and structures of a new science of cyber-decision-making in the Cyber-Security Collaborative Research Alliance, which seeks to develop a fundamental theory for reasoning under uncertainty the best possible action in a given cyber environment. They also explore the needs and limitations of detection mechanisms; agile systems; and the users, adversaries, and defenders that use and exploit them, and conclude by considering how environmental security can be cast as a continuous optimization problem.

An evaluation of ISDN via ACTS in support of Army wide area information services

As the US Army draws down over the remainder of this decade, it will be expected to do more with less. Its ability to successfully project combat power from a CONUS-centric support base will depend greatly on how effectively it can harness the power of advanced information technologies to support its far-flung enterprise. The US Armys experiences in Southwest Asia demonstrated this. No other war in history relied so heavily on the efficient management of information (voice, data, image, video) in projecting combat power. This paper describes the US Armys experiment plan for evaluating the effectiveness of two new technologies, Integrated Services Digital Networks (ISDN) and NASAs Advanced Communications Technology Satellite (ACTS), in providing improved information services at lower cost. The first sections give a brief description of the ISDN and ACTS technologies to include their complementary relationships. The following sections describe the ACTS configured for ISDN and the experiments to be conducted by the Army Research Laboratory. Both the technical and operational aspects of the experiment are discussed. The final section of the paper presents past and predicted cost/performance results, comments on anticipated quality of service to be delivered by the ISDN/ACTS system, and comments on the combination of ISDN, ACTS and cellular as enabling technologies for future combat power projection.<<ETX>>

Framework for behavioral analytics in anomaly identification

Behavioral Analytics (BA) relies on digital breadcrumbs to build user profiles and create clusters of entities that exhibit a large degree of similarity. The prevailing assumption is that an entity will assimilate the group behavior of the cluster it belongs to. Our understanding of BA and its application in different domains continues to evolve and is a direct result of the growing interest in Machine Learning research. When trying to detect security threats, we use BA techniques to identify anomalies, defined in this paper as deviation from the group behavior. Early research papers in this field reveal a high number of false positives where a security alert is triggered based on deviation from the cluster learned behavior but still within the norm of what the system defines as an acceptable behavior. Further, domain specific security policies tend to be narrow and inadequately represent what an entity can do. Hence, they: a) limit the amount of useful data during the learning phase; and, b) lead to violation of policy during the execution phase. In this paper, we propose a framework for future research on the role of policies and behavior security in a coalition setting with emphasis on anomaly detection and individuals deviation from group activities.

Asynchronous feedback of network capacity for application layer tuning

The traditional layered network architecture limits the amount of information which is passed between layers of the protocol stack. When data is passed in such a network, it is in the form of a protocol message sent via a service access point (SAP). Because of layer and service access limitations, metrics about network conditions are difficult to pass across multiple layers of the protocol stack. Using this traditional network architecture in high demand, low bandwidth networks can lead to unresolved growth in message latency and subsequent network collapse. This paper presents an asynchronous mechanism that allows various layers of a protocol stack to make informed decisions on the data to be sent based on the current and predicted network performance characteristics. By asynchronous, we mean that intervening layers of the protocol stack are not invoked to pass a message along to the application layer; instead, an external communications mechanism is used to store and hold these metrics. We show how access to data link layer information, such as channel access times, can allow us to tune the application layer performance to more efficiently utilize the available network capacity and prevent network failure. In bandwidth-limited military networks, this efficient use of the physical media, is crucial to winning the information war.

Dynamic and adaptive policy models for coalition operations

It is envisioned that the success of future military operations depends on the better integration, organizationally and operationally, among allies, coalition members, inter-agency partners, and so forth. However, this leads to a challenging and complex environment where the heterogeneity and dynamism in the operating environment intertwines with the evolving situational factors that affect the decision-making life cycle of the war fighter. Therefore, the users in such environments need secure, accessible, and resilient information infrastructures where policy-based mechanisms adopt the behaviours of the systems to meet end user goals. By specifying and enforcing a policy based model and framework for operations and security which accommodates heterogeneous coalitions, high levels of agility can be enabled to allow rapid assembly and restructuring of system and information resources. However, current prevalent policy models (e.g., rule based event-condition-action model and its variants) are not sufficient to deal with the highly dynamic and plausibly non-deterministic nature of these environments. Therefore, to address the above challenges, in this paper, we present a new approach for policies which enables managed systems to take more autonomic decisions regarding their operations.