Imad Aad

Eviction of Misbehaving and Faulty Nodes in Vehicular Networks

Vehicular networks (VNs) are emerging, among civilian applications, as a convincing instantiation of the mobile networking technology. However, security is a critical factor and a significant challenge to be met. Misbehaving or faulty network nodes have to be detected and prevented from disrupting network operation, a problem particularly hard to address in the life-critical VN environment. Existing networks rely mainly on node certificate revocation for attacker eviction, but the lack of an omnipresent infrastructure in VNs may unacceptably delay the retrieval of the most recent and relevant revocation information; this will especially be the case in the early deployment stages of such a highly volatile and large-scale system. In this paper, we address this specific problem. We propose protocols, as components of a framework, for the identification and local containment of misbehaving or faulty nodes, and then for their eviction from the system. We tailor our design to the VN characteristics and analyze our system. Our results show that the distributed approach to contain nodes and contribute to their eviction is efficiently feasible and achieves a sufficient level of robustness.

Denial of service resilience in ad hoc networks

Significant progress has been made towards making ad hoc networks secure and DoS resilient. However, little attention has been focused on quantifying DoS resilience: Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there attack and system factors that can lead to devastating effects? In this paper, we design and study DoS attacks in order to assess the damage that difficult-to-detect attackers can cause. The first attack we study, called the JellyFish attack, is targeted against closed-loop flows such as TCP; although protocol compliant, it has devastating effects. The second is the Black Hole attack, which has effects similar to the JellyFish, but on open-loop flows. We quantify via simulations and analytical modeling the scalability of DoS attacks as a function of key performance parameters such as mobility, system size, node density, and counter-DoS strategy. One perhaps surprising result is that such DoS attacks can increase the capacity of ad hoc networks, as they starve multi-hop flows and only allow one-hop communication, a capacity-maximizing, yet clearly undesirable situation.

On selfish behavior in CSMA/CA networks

CSMA/CA protocols rely on the random deferment of packet transmissions. Like most other protocols, CSMA/CA was designed with the assumption that the nodes would play by the rules. This can be dangerous, since the nodes themselves control their random deferment. Indeed, with the higher programmability of the network adapters, the temptation to tamper with the software or firmware is likely to grow; by doing so, a user could obtain a much larger share of the available bandwidth at the expense of other users. We use a game-theoretic approach to investigate the problem of the selfish behavior of nodes in CSMA/CA networks, specifically geared towards the most widely accepted protocol in this class of protocols, IEEE 802.11. We characterize two families of Nash equilibria in a single stage game, one of which always results in a network collapse. We argue that this result provides an incentive for cheaters to cooperate with each other. Explicit cooperation among nodes is clearly impractical. By applying the model of dynamic games borrowed from game theory, we derive the conditions for the stable and optimal functioning of a population of cheaters. We use this insight to develop a simple, localized and distributed protocol that successfully guides multiple selfish nodes to a Pareto-optimal Nash equilibrium.

DOMINO: a system to detect greedy behavior in IEEE 802.11 hotspots

The proliferation of hotspots based on IEEE 802.11 wireless LANs brings the promise of seamless Internet access from a large number of public locations. However, as the number of users soars, so does the risk of possible misbehavior; to protect themselves, wireless ISPs already make use of a number of security mechanisms, and require mobile stations to authenticate themselves at the Access Points (APs). However, IEEE 802.11 works properly only if the stations also respect the MAC protocol. We show in this paper that a greedy user can substantially increase his share of bandwidth, at the expense of the other users, by slightly modifying the driver of his network adapter. We explain how easily this can be performed, in particular with the new generation of adapters. We then present DOMINO (System for Detection Of greedy behavior in the MAC layer of IEEE 802.11 public NetwOrks), a piece of software to be installed in the Access Point. DOMINO can detect and identify greedy stations, without requiring any modification of the standard protocol at the AP and without revealing its own presence. We illustrate these concepts by simulation results and by the description of our prototype.

Impact of denial of service attacks on ad hoc networks

Significant progress has been made towards making ad hoc networks secure and DoS resilient. However, little attention has been focused on quantifying DoS resilience: Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there attack and system factors that can lead to devastating effects? In this paper, we design and study DoS attacks in order to assess the damage that difficult-to-detect attackers can cause. The first attack we study, called the JellyFish attack, is targeted against closed-loop flows such as TCP; although protocol compliant, it has devastating effects. The second is the black hole attack, which has effects similar to the JellyFish, but on open-loop flows. We quantify via simulations and analytical modeling the scalability of DoS attacks as a function of key performance parameters such as mobility, system size, node density, and counter-DoS strategy. One perhaps surprising result is that such DoS attacks can increase the capacity of ad hoc networks, as they starve multi-hop flows and only allow one-hop communication, a capacity-maximizing, yet clearly undesirable situation.

Modeling and analysis of slow CW decrease IEEE 802.11 WLAN

The IEEE 802.11 medium access control (MAC) protocol provides a contention-based distributed channel access mechanism for mobile stations to share the wireless medium, which may introduce a lot of collisions in case of overloaded active stations. Slow contention window (CW) decrease scheme is a simple and efficient solution for this problem. In this paper, we use an analytical model to compare the slow CW decrease scheme to the IEEE 802.11 MAC protocol. Several parameters are investigated such as the number of stations, the initial CW size, the decrease factor value, the maximum backoff stage and the coexistence with the RequestToSend and ClearToSend (RTS/CTS) mechanism. The results show that the slow CW decrease scheme can efficiently improve the throughput of IEEE 802.11, and that the throughput gain is higher when the decrease factor is larger. Moreover, the initial CW size and maximum backoff stage also affect the performance of slow CW decrease scheme.

From big smartphone data to worldwide research: The Mobile Data Challenge

This paper presents an overview of the Mobile Data Challenge (MDC), a large-scale research initiative aimed at generating innovations around smartphone-based research, as well as community-based evaluation of mobile data analysis methodologies. First, we review the Lausanne Data Collection Campaign (LDCC), an initiative to collect unique longitudinal smartphone dataset for the MDC. Then, we introduce the Open and Dedicated Tracks of the MDC, describe the specific datasets used in each of them, discuss the key design and implementation aspects introduced in order to generate privacy-preserving and scientifically relevant mobile data resources for wider use by the research community, and summarize the main research trends found among the 100+ challenge submissions. We finalize by discussing the main lessons learned from the participation of several hundred researchers worldwide in the MDC Tracks.

Packet Coding for Strong Anonymity in Ad Hoc Networks

Several techniques to improve anonymity have been proposed in the literature. They rely basically on multicast or on onion routing to thwart global attackers or local attackers respectively. None of the techniques provide a combined solution due to the incompatibility between the two components, as we show in this paper. We propose novel packet coding techniques that make the combination possible, thus integrating the advantages in a more complete and robust solution

Privacy in mobile computing for location-sharing-based services

Location-Sharing-Based Services (LSBS) complement Location-Based Services by using locations from a group of users, and not just individuals, to provide some contextualized service based on the locations in the group. However, there are growing concerns about the misuse of location data by third-parties, which fuels the need for more privacy controls in such services. We address the relevant problem of privacy in LSBSs by providing practical and effective solutions to the privacy problem in one such service, namely the fair rendezvous point (FRVP) determination service. The privacy preserving FRVP (PPFRVP) problem is general enough and nicely captures the computations and privacy requirements in LSBSs. In this paper, we propose two privacy-preserving algorithms for the FRVP problem and analytically evaluate their privacy in both passive and active adversarial scenarios. We study the practical feasibility and performance of the proposed approaches by implementing them on Nokia mobile devices. By means of a targeted user-study, we attempt to gain further understanding of the popularity, the privacy and acceptance of the proposed solutions.

Priorities in WLANs

Abstract The IETF is currently working on service differentiation in the Internet. However, in wireless environments where bandwidth is scarce and channel conditions are variable, IP differentiated services are sub-optimal without lower layers’ support. In this paper we present four service differentiation schemes for IEEE 802.11. The first one is based on scaling the contention window according to the priority of each flow or user. For different users with different priorities, the second, the third and the fourth mechanisms assign different minimum contention widow values , different interframe spacings and different maximum frame lengths respectively. We simulate and analyze the performance of each scheme with Transport Control Protocol and User Datagram Protocol flows.