Leonardo Maccari

A broadband wireless communications system for emergency management

Wireless communications have received much attention during the last decades due to easy implementation, the possibility of delivering multimedia services to rural communities, and the suitability for public safety and for communicating in emergency situations. In particular, a wireless network designed for an emergency scenario must be capable of monitoring sensitive areas and must enable people to connect immediately after a disaster. This article discusses the main features of a wireless network that aims to interconnect several heterogeneous systems and provide multimedia access to groups of people to better monitor a specific area, to have a fast response in case of a disaster, and to efficiently coordinate all of the forces during the disaster management phase.

A week in the life of three large Wireless Community Networks

Wireless Community Networks (WCNs) are created and managed by a local community with the goal of sharing Internet connection and offering local services. This paper analyses the data collected on three large WCNs, ranging from 131 to 226 nodes, and used daily by thousands of people. We first analyse the topologies to get insights in the fundamental properties, next we concentrate on two crucial aspects: (i) the routing layer and (ii) metrics on the centrality of nodes and the network robustness. All the networks use the Optimized Link State Routing (OLSR) protocol extended with the Expected Transmission Count (ETX) metric. We analyse the quality of the routes and two different techniques to select the Multi-Point Relay (MPR) nodes. The centrality and robustness analysis shows that, in spite of being fully decentralized networks, an adversary that can control a small fraction of carefully chosen nodes can intercept up to 90% of the traffic. The collected data-sets are available as Open Data, so that they can be easily accessed by any interested researcher, and new studies on different topics can be performed. In fact, WCN are just an example of large wireless mesh networks, so our methodology can be applied to any other large mesh network, including commercial ISP networks.

Security Analysis of IEEE 802.16

This paper analyzes some critical security issues in the family of IEEE 802.16 standard that has not been addressed so far. In particular two of the key features of the standard, the dynamic resources allocation and the mesh mode revealed to be vulnerable to attacks that represent serious threats to the robustness and privacy of the communications. In the first case the attacker is able to reduce bandwidth assigned to its neighbors, with the aim of obtaining more resources for himself; in the second case, we observed that there might be no real privacy in communications between two nodes of the mesh network. These vulnerabilities are still present even after the latest amendment to the standard, IEEE 802.16e that solved some previously addressed security flaws.

An analysis of the Ninux wireless community network

Wireless community networks are wireless mesh networks created and managed by a local community with mainly two main goals: sharing Internet connection and supporting local services. They are an emerging trend in Europe and have received the attention of many researchers, since they are large accessible deployments of distributed wireless networks. This paper illustrates the features of the Rome-based Ninux community network, the largest in Italy, and studies some interesting features it offers related to routing metrics and centrality metrics.

Avoiding Eclipse Attacks on Kad/Kademlia: An Identity Based Approach

Kademlia is a Distributed hash table widely used in P2P networks that has been applied to commercial and non commercial distribution of files. In this paper the authors review some security issues connected with Kademlia and a technique to leverage its security using an external certification service.

Lightweight, Distributed Access Control for Wireless Sensor Networks Supporting Mobility

Wireless sensor networks (WSN) are large scale networks of unattended devices, aimed at monitoring environmental parameters. Their extremely scarce hardware resources constitute a huge limitation to the use of standard security protocols to secure communications, so that custom ones must be designed. In this article we describe the development of a novel access control system for WSN based on a distributed threshold scheme. Our model gives support for mobility and limits the needed communication and consequent energy drain, which is a fundamental parameter for the lifetime of WSN.

Mesh Network Firewalling with Bloom Filters

The nodes of a multi-hop wireless mesh network often share a single physical media for terminal traffic and for the backhaul network, so that the available resources are extremely scarce. Under these conditions it is important to avoid that unwanted traffic may traverse the network subtracting resources to authorized terminals. Packet filtering in wireless mesh networks is an extremely challenging task, since the number of possible connections is quadratic with respect to the number of the terminals of the network; for each connection a rule is needed and the time needed for filtering grows linearly with the number of rules. Moreover nodes can be in possession of end users and the administrator might want to keep the explicit ruleset as much secret as possible while giving the nodes enough data to behave as a firewall. In this article we present a solution for distributed firewalling in multi-hop mesh networks based on the use of Bloom Filters, a powerful but compact data structure allowing probabilistic membership queries.

Analysis of secure handover for IEEE 802.1x-based wireless ad hoc networks

The handover procedure in secure communication wireless networks is an extremely time-consuming phase, and it represents a critical issue in relation to the time constraints required by certain real-time traffic applications. In particular, in the case of the IEEE 802.1X model, most of the time required for a handover is used for packet exchanges that are required for authentication protocols, such as Extensible Authentication Protocol Transport Layer Security (EAP-TLS), that require an eight-way handshake. Designing secure re-authentication protocols to reduce the number of packets required during a handover is an open issue that is gaining interest with the advent of a pervasive model of networking that requires realtime traffic and mobility. This article presents the 802.1X model and evaluates its application to ad hoc networks based on IEEE 802.11 i or IEEE 802.1 be standards, focusing on the problems that must be evaluated when designing handover procedures, and suggesting guidelines for securing handover procedures. It also presents a novel protocol to perform secure handovers that is respectful of the previous analysis and that has been implemented in a mesh environment.

Improving P2P streaming in Wireless Community Networks

Wireless Community Networks (WCNs) are bottom-up broadband networks empowering people with their on-line communication means. Too often, however, services tailored for their characteristics are missing, with the consequence that they have worse performance than what they could. We present here an adaptation of an Open Source P2P live streaming platform that works efficiently, and with good application-level quality, over WCNs. WCNs links are normally symmetric (unlike standard ADSL access), and a WCN topology is local and normally flat (contrary to the global Internet), so that the P2P overlay used for video distribution can be adapted to the underlaying network characteristics. We exploit this observation to derive overlay building strategies that make use of cross-layer information to reduce the impact of the P2P streaming on the WCN while maintaining good application performance. We experiment with a real application in real WCN nodes, both in the Community-Lab provided by the CONFINE EU Project and within an emulation framework based on Mininet, where we can build larger topologies and interact more efficiently with the mesh underlay, which is unfortunately not accessible in Community-Lab. The results show that, with the overlay building strategies proposed, the P2P streaming applications can reduce the load on the WCN to about one half, also equalizing the load on links. At the same time the delivery rate and delay of video chunks are practically unaffected.

Efficient packet filtering in wireless ad hoc networks

Wireless ad hoc networks are an emerging technology. These networks are composed of mobile nodes and may adopt different topologies depending on the nature of the environment. Nevertheless, they are vulnerable to network layer attacks that cannot be neutralized easily. In wired networks, firewalls improve the level of security by means of packet filtering techniques that determine what traffic is allowed, thereby reducing the impact of such attacks. In this work, we overview the requirements to adapt firewalls to wireless ad hoc networks and highlight the advantages of the use of filtering techniques based on Bloom filters.