Chinyang Henry Tseng

A specification-based intrusion detection model for OLSR

The unique characteristics of mobile ad hoc networks, such as shared wireless channels, dynamic topologies and a reliance on cooperative behavior, makes routing protocols employed by these networks more vulnerable to attacks than routing protocols employed within traditional wired networks. We propose a specification-based intrusion-detection model for ad hoc routing protocols in which network nodes are monitored for operations that violate their intended behavior. In particular, we apply the model to detect attacks on the OLSR (Optimized Link State Routing) protocol. We analyze the protocol specification of OLSR, which describes the valid routing behavior of a network node, and develop constraints on the operation of a network node running OLSR. We design a detection mechanism based on finite state automata for checking whether a network node violates the constraints. The detection mechanism can be used by cooperative distributed intrusion detectors to detect attacks on OLSR. To validate the research, we investigate vulnerabilities of OLSR and prove that the developed constraints can detect various attacks that exploit these vulnerabilities. In addition, simulation experiments conducted in GlomoSim demonstrate significant success with the proposed intrusion detection model.

DEMEM: distributed evidence-driven message exchange intrusion detection model for MANET

A Mobile Ad Hoc Network (MANET) is a distributed communication platform for mobile wireless nodes. Because of the lack of a centralized monitoring point, intrusion detection systems (IDS) for MANET are usually developed using a distributed architecture where detectors are deployed at each node to cooperatively detect attacks. However, most of these distributed IDS simply assume that each detector exchanges complete information with their peers instead of establishing an efficient message exchanging protocol among detectors. We propose a Distributed Evidence-driven Message Exchanging intrusion detection Model (DEMEM) for MANET that allows the distributed detector to cooperatively detect routing attacks with minimal communication overhead. The framework allows detectors to exchange evidences only when necessary. Under a few practical assumptions, we implement DEMEM to detect routing attacks the Optimal Link State Routing (OLSR) protocol. The example scenarios and performance metrics in the experiment demonstrate that DEMEM can detect routing attacks with low message overhead and delay, no false negatives, and very low false positives under various mobility conditions with message lost. Our ongoing works include implementing DEMEM in AODV, DSR and TBRPF, and a reputation-based cooperative intrusion response model.

Coordinator Traffic Diffusion for Data-Intensive Zigbee Transmission in Real-time Electrocardiography Monitoring

Zigbee is expected to have an explosive growth in wireless medical monitoring systems because it possesses the advantages of low cost, safe power strength, and easy deployment. However, limited work focuses on solving the bottleneck issue at the Zigbee coordinator in a data-intensive system to guarantee transmission reliability of life-critical data. This paper proposes coordinator traffic diffusion (CTD) method to redirect excessive traffic from coordinator to the sink in electrocardiography (ECG) medical application. CTD router, which implements CTD design, automatically redirects ECG data traffic to the sink node without involving the coordinator, and thus reliable real-time ECG monitoring service can be delivered precisely. CTD design is tested in both TI CC2530 Zigbee platform and NS2 simulation. Experimental result demonstrates that a CTD design can assist routers in successfully delivering real-time ECG data samples reliably with the best transmission rate, 24 kb/s. This performance cannot be achieved by the original Zigbee design.

A Specification-Based Intrusion Detection Model for Wireless Ad Hoc Networks

Mobile ad hoc networks (MANET) have the properties of open medium and decentralized structure, so malicious nodes can easily attack MANET nodes. Furthermore, it is more difficult to establish a protection mechanism on a dynamic topology than a fixed one. In this paper, we propose a specification-based intrusion detection model (SIDM) with the concept of previous two forwarders (PTF) which utilizes the previous hop routing messages to assure the integrity of the routing message. As a result, all vulnerable message fields that could be tampered with during transmission are protected by our method. The proposed SIDM is lightweight and deployable in a distributed environment. By employing the designed idea into the AODV routing protocol, the experimental results demonstrate suitable performance in MANET.

Hierarchical and Dynamic Elliptic Curve Cryptosystem Based Self-Certified Public Key Scheme for Medical Data Protection

As our aging population significantly grows, personal health monitoring is becoming an emerging service and can be accomplished by large-scale, low-power sensor networks, such as Zigbee networks. However, collected medical data may reveal patient privacy, and should be well protected. We propose a Hierarchical and Dynamic Elliptic Curve Cryptosystem based self-certified public key scheme (HiDE) for medical data protection. To serve a large amount of sensors, HiDE provides a hierarchical cluster-based framework consisting of a Backbone Cluster and several Area Clusters. In an Area Cluster, a Secure Access Point (SAP) collects medical data from Secure Sensors (SSs) in the sensor network, and transmits the aggregated data to a Root SAP located in the Backbone Cluster. Therefore, the Root SAP can serve a considerable number of SSs without establishing separate secure sessions with each SS individually. To provide dynamic secure sessions for mobile SSs connecting SAP, HiDE introduces the Elliptic Curve Cryptosystem based Self-certified Public key scheme (ESP) for establishing secure sessions between each pair of Cluster Head (CH) and Cluster Member (CM). In ESP, the CH can issue a public key to a CM, and computes a Shared Session Key (SSK) with that CM without knowing the CMs secrete key. This concept satisfies the Zero Knowledge Proof so CHs can dynamically build secure sessions with CMs without managing a CMs secrete keys. Our experiments in realistic implementations and Network Simulation demonstrate that ESP requires less computation and network overhead than the Rivest-Shamir-Adleman (RSA)-based public key scheme. In addition, security analysis shows keys in ESP are well protected. Thus, HiDE can protect the confidentiality of sensitive medical data with low computation overhead, and keep appropriate network performance for wireless sensor networks.

Multipath Load Balancing Routing for Internet of Things

In the next-generation technology, Internet of Things (IoT), billions of smart objects will communicate with one another to make human lives more convenient. IoT is based on wireless sensor network (WSN), and Zigbee is one of the most popular WSN protocols. A mature IoT environment involves heavy WSN data transmission causing bottleneck problems. However, Zigbee’s AODV routing stack does not have load balance mechanism to handle bursty traffic. Therefore, we develop Multipath Load Balancing (MLB) Routing to substitute Zigbee’s AODV routing. Our proposed MLB consists of two main designs: LAYER_DESIGN and LOAD_BALANCE. LAYER_DESIGN assigns nodes into different layers based on node distance to IoT gateway. Nodes can have multiple next-hops delivering IoT data. All neighboring layer nodes exchange flow information containing current load, used by LOAD_BALANCE to estimate future load of next-hops. With MLB, nodes can choose the neighbors with the least load as the next-hops and thus can achieve load balance and avoid bottlenecks. Compared with Zigbee’s AODV and multipath version AODV (AOMDV), experiment results demonstrate that MLB achieves better load balance, lower packet loss rate, and better routing connectivity ratio in both grid and random uniform topologies. MLB provides a more convincing routing solution for IoT applications.

LBMR: Load-Balanced Multipath Routing for Wireless Data-Intensive Transmission in Real-Time Medical Monitoring

In wireless networks, low-power Zigbee is an excellent network solution for wireless medical monitoring systems. Medical monitoring generally involves transmission of a large amount of data and easily causes bottleneck problems. Although Zigbee’s AODV mesh routing provides extensible multi-hop data transmission to extend network coverage, it originally does not, and needs to support some form of load balancing mechanism to avoid bottlenecks. To guarantee a more reliable multi-hop data transmission for life-critical medical applications, we have developed a multipath solution, called Load-Balanced Multipath Routing (LBMR) to replace Zigbee’s routing mechanism. LBMR consists of three main parts: Layer Routing Construction (LRC), a Load Estimation Algorithm (LEA), and a Route Maintenance (RM) mechanism. LRC assigns nodes into different layers based on the node’s distance to the medical data gateway. Nodes can have multiple next-hops delivering medical data toward the gateway. All neighboring layer-nodes exchange flow information containing current load, which is the used by the LEA to estimate future load of next-hops to the gateway. With LBMR, nodes can choose the neighbors with the least load as the next-hops and thus can achieve load balancing and avoid bottlenecks. Furthermore, RM can detect route failures in real-time and perform route redirection to ensure routing robustness. Since LRC and LEA prevent bottlenecks while RM ensures routing fault tolerance, LBMR provides a highly reliable routing service for medical monitoring. To evaluate these accomplishments, we compare LBMR with Zigbee’s AODV and another multipath protocol, AOMDV. The simulation results demonstrate LBMR achieves better load balancing, less unreachable nodes, and better packet delivery ratio than either AODV or AOMDV.

MoTIVE: mobile two-hop integrity validation for emergency vehicle routing

For disaster rescue and crisis support services, secure and trusted communication among emergency vehicles and mobile devices is important. VANET has been incrementally experimented for rescue scenario. Therefore, one of the popular ad hoc protocols, ad hoc on-demand distance vector AODV, is applied to adjust VANET environment. In AODV, its critical routing fields CRF are security leakages allowing malicious nodes to launch routing attacks by illegally modifying field content. To prevent CRF from being modified by forwarders, we propose Mobile Two-hop Integrity Validation for Emergency vehicle routing MoTIVE to enhance routing security of AODV. To design a secure VANET without introducing extra traffic, MoTIVE uses two-hop integrity stamping THIS and validation rules, accompanying routing information exchanges without modifying protocol design. With THIS, MoTIVE verifies the integrity of forwarded AODV routing messages within each two-hop area; consequently, it guarantees the routing correctness of whole network with induction concept. The main contribution of MoTIVE is that security-reinforced information is piggybacked in normal routing messages within two-hop locally instead of being flooded to the entire network globally. Compared with the original AODV, experiment results show that MoTIVE is scalable and causes no performance degradation while supplementary security protection is applied. Copyright

On Campus IPv6 Beta Site: Requirements, Solutions, and Product Defect Evaluation

Due to IPv4 address exhaustion, IPv6 deployment has been in progress and the transition from IPv4 to IPv6 has become more imminent. In this article, we report an on-campus IPv6 beta site coexisting with IPv4 networks and designed with requirements from its stakeholders. We conducted a wide range of test cases, from essential functionality tests to advanced stability tests which require complex interoperability tests and cannot be performed in laboratory testing. After one year of operation, tens of defects were observed and seven representative defects in dual-stack tunneling, IPv6 routing table, RIPng, and OSPFv3, are reported. Most defects are reproducible, and some could be fixed by proper configuration while others are caused by flaws in system design, memory management, or protocol implementation. We suggest careful configuration, overloading prevention, limited resource sharing, and robust error handling as the lessons to vendors and administrators of IPv6 devices.

CDTS: Coordinator Data Traffic Shunt Model for Zigbee Networks

Zigbee, a wireless sensor network, is expected to have a explosive growth in the use of wireless control and monitoring applications because it has the advantages of low cost and easy deployment. As Zigbee is applied to more emerging applications, scalability becomes a critical issue: all sensor data is sent to the coordinator before forwarding to the sink node, and obviously the coordinator becomes the bottleneck. This paper proposes Coordinator Data Traffic Shunt (CDTS) performing data traffic shunt feature to reduce Coordinator’s traffic. CDTS group consists of CDTS routes and forwards data directly to Sink instead of to the coordinator. To ease CDTS router implementation without modifying Zigbee standard, CDTS layer is added between Media Access Control (MAC) and network (NWK) layers in Zigbee stack. CDTS layer intercepts packets and redirect them to the Sink node without involving the coordinator. We implement CDTS routers in TI CC2530 Zigbee platform and NS2 simulation. Experiment results demonstrates CDTS provides better packet deliver ratio and lower coordinator loading than original Zigbee stack. Thus, CDTS successfully resolves Zigbee bottleneck problem and is fully compatible with current Zigbee stack design.