Jerzy Konorski

Discouraging Traffic Remapping Attacks in Local Ad Hoc Networks

Quality of Service (QoS) is usually provided in ad hoc networks using a class-based approach which, without dedicated security measures in place, paves the way to various abuses by selfish stations. Such actions include traffic remapping attacks (TRAs), which consist in claiming a higher traffic priority, i.e., false designation of the intrinsic traffic class so that it can be mapped onto a higher-priority class. In practice, TRAs can be executed in IEEE 802.11 ad hoc networks using the Enhanced Distributed Channel Access (EDCA) function. This attack is easy to perform yet hard to prevent. We propose a distributed discouragement scheme based on the threat of TRA detection and punishment. The scheme does not rely on station identities or a trusted third party, nor does it require tampering with the MAC protocol. We analyze an arising non-cooperative TRA game and find that under certain realistic assumptions it only incentivizes TRAs if they are harmless to other stations; otherwise the selfish stations are induced to learn that TRAs are counterproductive.

A Virtualization-Level Future Internet Defense-in-Depth Architecture

An EU Future Internet Engineering project currently underway in Poland defines three Parallel Internets (PIs). The emerging IIP System (IIPS, abbreviating the project’s Polish name), has a four-level architecture, with Level 2 responsible for creation of virtual resources of the PIs. This paper proposes a three-tier security architecture to address Level 2 threats of alien traffic injection and IIPS traffic manipulation or forging. It is argued that the measures to be taken differ in nature from those ensuring classical security attributes. A combination of hard- and soft-security mechanisms produces node reputation and trust metrics, which permits to eliminate or ostracize misbehaving nodes. Experiments carried out in a small-scale IIPS testbed are briefly discussed.

Effective Data-Centric Reputation Systems for MANETs: A Novel Evaluation Framework

Most existing reputation systems designed to cope with selfish MANET nodes rely on heuristics and are studied via simulation, with a focus on the consistency of obtained reputation metrics and their effect on network performance given specific corrective actions. We present a novel data-centric reputation system and an analytic evaluation framework where the notion of effectiveness is internal to a reputation system, reflecting a trade-off between the distinguishability of selfish and nonselfish nodes and the degree of selfish behavior. Assuming a probabilistic traffic model, permanent node identities, generalized source routing, and a fixed subset of selfish nodes we discuss the role of reputation awareness and route unawareness at selfish nodes.

Wireless multihoming modeled as a multi-WLAN game

Autonomous wireless multihomed stations (connected to multiple wireless networks) are likely to behave selfishly, trying at the same time to avoid crowded networks, select networks of higher data rates, and use the selected network in a more persistent way than standard MAC protocols prescribe. We analyze the underlying noncooperative game and find its Nash equilibria unsatisfactory. Yet for a repeated version of the game, a strategy of toggling between selfish and honest play can be devised, leading to all stations playing honest and resilient to sophisticated deviations that may seek an unfairly high bandwidth share. Numerical illustration is provided using a multi-WLAN model with each WLAN employing IEEE 802.11 MAC with a different data rate.

Ad hoc multi-WLAN: A game-theoretic model of correlated play

Wireless multihomed stations (i.e., connected to multiple wireless networks, possibly of heterogeneous data rates) are likely to select networks of higher data rates and use them in a persistent way. We analyze the underlying noncooperative game and find its Nash equilibria. For a corresponding repeated game, correlated equilibrium play by honest stations (concerned with fairness and overall bandwidth utilization) is found to eventually lead to fair and efficient bandwidth distribution, while discouraging even sophisticated long-term deviations.

EDCA remapping in ad hoc IEEE 802.11 WLANs: An incentive compatible discouragement scheme

IEEE 802.11 networks are known to be vulnerable to MAC-layer misbehavior. We consider EDCA Remapping, an attack upon the Enhanced Distributed Channel Access (EDCA) medium access function. It consists in remapping frames to a higher-priority Access Category to achieve a better network service level. This attack is easy to perform yet hard to prevent. We propose a distributed discouragement scheme and analyze its game-theoretic model. The scheme does not rely on station identities or a trusted third party; it leads to operating points where EDCA Remapping is either counterproductive or harmless.

A reputation system for MANETs and WSNs using traffic shedding

Cooperation enforcement in Mobile Ad Hoc Networks (MANET) and Wireless Sensor Networks (WSN) typically relies on separate detection and punishment schemes that isolate selfish nodes from routing and receiving network services. However, cooperative nodes then have to carry all the traffic. We propose a system that enforces cooperation smoothly and assures a fair distribution of bandwidth, as well as permits “reforming” selfish nodes to quickly regain high reputation.

A Centralized Reputation System for MANETs Based on Observed Path Performance

A reputation system for MANETs is described that attempts to deduce nodal trustworthiness (forwarding behaviour) from observed end-to-end path performance. The trustworthiness deduction algorithm produces interval estimates and works well if node misbehaviour is not selective with respect to traversing paths. Nodal reputation levels are next calculated in the spirit of generous tit-for-tat so as to best reflect momentary nodal trustworthiness. High-reputed sources are favoured when forwarding transit packets (indirect reciprocity) and high-reputed paths are favoured by the multipath DSR. For a simplified network model and assuming the nodes are able to control their reputation levels with a view of a high source throughput, we find that high reputation may be costly to maintain. We examine an arising reputation game and conditions under which it produces a cooperation-stimulating Nash equilibrium.

Wireless and mobile networking (Foreword)

This Special Issue consists of extended versions of selected papers from the 2nd Joint IFIP Wireless and Mobile Networking Conference (WMNC 2009), held on September 9−11,2009, and hosted by Gdansk University of Technology, Poland. It was a successful attempt by IFIP WG 6.8 to merge three series of conferences: MWCN (Mobile and Wireless Communications Networks), PWC (Personal Wireless Communications), and WSAN (Wireless Sensor and Actors Networks) into a universal forum for discussion between researchers, practitioners, and industry representatives involved in the development of wireless, mobile, and sensor networks. And nowadays more than ever, there seems to be a lot to be involved in. While admiring spectacular achievements in wireless communications that have recently changed our lives in so many ways, we realize that the rapid evolution of wireless systems comes with a price tag—the pursuit of increasing functionality, reliability, availability, security, and service diversity implies design and standardization challenges that our research community is now facing. Among these challenges, distribution of multimedia contents over QoS unfriendly environments, coexistence of heterogeneous wireless technologies within unlicensed bands, exploration of underutilized wireless spectrum under the cognitive radio paradigm, self-organization, cross-layer protocol optimization, uncooperative behavior, making ad hoc and mesh networks deliver on their early promise, convergence of telecommunication and contextrich web services, and exploration of beyond GSM/UMTS concepts like 3GPP Long Term Evolution (LTE) are just a few. As novel wireless network architectures are invented

DST-Based Detection of Non-cooperative Forwarding Behavior of MANET and WSN Nodes

Selfish node behavior can diminish the reliability of a mobile ad hoc network (MANET) or a wireless sensor network (WSN). Efficient detection of such behavior is therefore essential. One approach is to construct a reputation scheme, which has network nodes determine and share reputation values associated with each node; these values can next be used as input to a routing algorithm to avoid end-to-end routes containing ill-reputed nodes. The main problem lies in handling possibly conflicting evidence of a particular node’s behavior so as to enable rapid detection of all selfish nodes. To this end, we explore the Dempster-Shafer Theory of Evidence (DST) as part of a novel framework called DST-SDF and discuss some of its advantages and disadvantages. It differs from existing reputation schemes in that the well-known but faulty watchdog mechanism is dispensed with, and end-to-end acknowledgments are used instead. Sample simulation results illustrate the merits of DST-SDF under two proposed working modes related to the applied rule of evidence combination.