Luiz Carlos Pessoa Albini

Identity-based key management in mobile ad hoc networks: techniques and applications

Security is one of the major issues in MANETs. Their natural characteristics make them vulnerable to numerous severe attacks. It is widely acknowledged that cryptography provides a set of strong techniques against most vulnerabilities. Several cryptographic mechanisms for MANETs can be found in the literature. Among them, identity-based cryptographic mechanisms and key management schemes are proposed to simplify key management and to reduce the memory storage cost. This article presents the most important ID-based key management schemes, discussing their approaches, strengths, and weaknesses, and comparing their main features. It also presents the main ID- based key management application fields on MANETs. In this way it can be useful for users and researchers as a starting point on ID-based key management and its possible uses in MANETs.

A survey of comparison-based system-level diagnosis

The growing complexity and dependability requirements of hardware, software, and networks demand efficient techniques for discovering disruptive behavior in those systems. Comparison-based diagnosis is a realistic approach to detect faulty units based on the outputs of tasks executed by system units. This survey integrates the vast amount of research efforts that have been produced in this field, from the earliest theoretical models to new promising applications. Key results also include the quantitative evaluation of a relevant reliability metric—the diagnosability—of several popular interconnection network topologies. Relevant diagnosis algorithms are also described. The survey aims at clarifying and uncovering the potential of this technology, which can be applied to improve the dependability of diverse complex computer systems.

An algorithm for distributed hierarchical diagnosis of dynamic fault and repair events

The components of a fault-tolerant distributed system must be capable to accurately determine which components of the system are faulty and which are fault-free. In this paper, we present a new distributed algorithm for event diagnosis in fully-connected networks. An event is defined as a faulty node becoming fault-free, or vice versa. Previous hierarchical algorithms considered a static fault situation, in which an event can only occur after a previous event has been fully diagnosed. The new algorithm is capable of achieving the diagnosis of dynamic events as long as the nodes stay in a given state for a period of time long enough for all testers to detect that state. Each node running the algorithm keeps a timestamp for the state of each other node in the system. This timestamp is implemented as a counter, which is incremented every time a node changes its state. In this way, each tester may obtain information about a given node in the system from more than one tested node without causing any inconsistencies, i.e. without taking an older state for a newer one. Nodes run a hierarchical testing strategy, which is a hypercube when all nodes are fault-free. When a fault-free node is tested, the tester gets diagnostic information about N/2 nodes for a system of N nodes. In spite of the overhead of keeping and transferring timestamps, the new algorithm significantly reduces the average latency when compared to other similar approaches, presenting a new option for practical diagnosis implementation.

Middleware proposals for mobile ad hoc networks

Abstract Mobile Ad Hoc Networks are a very fascinating research topic, mainly due to their self-organized and autonomous nature and the absence of pre-established communication infrastructure requirements. In several scenarios, such as conference meetings, rescue operations and battlefields, these networks are extremely attractive. However, the particularities of MANETs, such as their dynamic topology, lack of infrastructure and decentralized characteristics, make the implementation of complex and flexible applications difficult. To enable the deployment of these applications and extend supporting services, several middleware solutions for MANETs can be found in the literature. Middleware is a software layer typically between the operating system and the distributed applications, transparently providing interoperability, distribution of functionality, scalability, load balancing and fault tolerance for the applications. This paper surveys all middleware solutions for MANETs, describing their operations, presenting a comparison of available functionalities and discussing their qualities and limitations, focused on services as group support, resource discovery, location, and security. Proposed middlewares are subdivided into five categories: tuple space-based, P2P-based, context-based, cross-layer and application-oriented solutions. The classification considered their design strategy and communication model characteristics. Also, all presented middleware solutions are depicted in figures, which facilitate the comparison between them. Further, at the end of each category, a summary table is available, making the overall analysis easier. Finally, the paper identifies open issues and researches directions on the design of middleware solutions for MANETs.

Reliable Routing in Wireless Ad Hoc Networks: The Virtual Routing Protocol

A novel routing protocol for wireless, mobile ad hoc networks is presented. This protocol incorporates features that enhance routing reliability, defined as the ability to provide almost 100% packet delivery rate. The protocol is based on a virtual structure, unrelated to the physical network topology, where mobile nodes are connected by virtual links and are responsible for keeping physical routes to their neighbors in the virtual structure. Routes between pairs of mobiles are set up by using information to translate virtual paths discovered in the virtual structure. Route discovery and maintenance phases of the protocol are based on unicast messages travelling across virtual paths, with sporadic use of flooding protocol. Most flooding is executed in the background using low priority messages. The routing protocol has been evaluated and compared with the Dynamic Source Routing protocol and with the Zone Routing Protocol by means of simulation.

Distributed integrity checking for systems with replicated data

This work presents a new comparison-based diagnosis model and a new algorithm, called Hi-Dif, based on this model. The algorithm is used for checking the integrity of systems with replicated data, for instance, detecting unauthorized Web page modifications. Fault-free nodes running Hi-Dif send a task to two other nodes and the task results are compared. If the comparison produces a match, the two nodes are classified in the same set. On the other hand, if the comparison results in a mismatch, the two nodes are classified in different sets, according to their task results. One of the sets always contains all fault-free nodes. One fundamental difference of the proposed model to previously published models is that the new model allows the task outputs of two faulty nodes to be equal to each other. Considering a system of N nodes, we prove that the algorithm has latency equal to log/sub 2/N testing rounds in the worst case; that the maximum number of tests required is O(N/sup 2/); and, that the algorithm is (N-1)-diagnosable. Experimental results obtained by simulation and by the execution of a tool implemented applied to the Web are presented.

A generalized model for distributed comparison-based system-level diagnosis

This work introduces a new system-level diagnosis model and an algorithm based on this model: Hi-Comp (Hierarchical Comparison-based Adaptive Distributed System-Level Diagnosis algorithm). This algorithm allows the diagnosis of systems that can be represented by a complete graph. Hi-Comp is the first diagnosis algorithm that is, at the same time, hierarchical, distributed and comparison-based. The algorithm is not limited to crash fault diagnosis, because its tests are based on comparisons. To perform a test, a processor sends a task to two processors of the system that, after executing the task, send their outputs back to the tester. The tester compares the two outputs; if the comparison produces a match, the tester considers the tested processors fault-free; on the other hand, if the comparison produces a mismatch, the tester considers that at least one of the two tested processors is faulty, but can not determine which one. Considering a system of N nodes, it is proved that the algorithm’s diagnosability is (N-1) and the latency is log2N testing rounds. Furthermore, a formal proof of the maximum number of tests required per testing round is presented, which can be O(N3). Simulation results are also presented.

Towards a fully self-organized identity-based key management system for MANETs

Cryptography is the basis of security solutions for mobile ad hoc networks. Among public key techniques, the identity-based ones are very attractive for mobile environment, mainly due to their simple key management process and reduced memory storage cost. However, no proposed identity-based key management solution found in the literature is complete. Current solutions either do not consider the main requisites of these networks, as the absence of central administration or self-organization, or do not detail with important operations, such as key revocation or key update. Thus, this paper presents iFUSO, a complete and fully self-organized identity-based key management scheme for mobile ad hoc networks. iFUSO does not depend on any central authority or third trusted party, even during the network formation. Also, iFUSO provides mechanisms to revoke the private key of malicious or compromised nodes and ways to update the keys of non-compromised nodes. Simulation results show that iFUSO is effective while it does not impose a high communication overhead to the system.

Survivable keying for wireless ad hoc networks

Cryptographic techniques are at the center of security solutions for wireless ad hoc networks. Public key infrastructures (PKIs) are essential for their efficient operation. However, the fully distributed organization of these networks makes a challenge to design PKIs. Moreover, changes in network paradigms and the increasing dependency on technology require more dependable, survivable and scalable PKIs. This paper presents a survivable PKI whose goal is to preserve key management operations even in face of attacks or intrusions. Our PKI is based on the adaptive cooperation among preventive, reactive and tolerant defense lines. It employs different evidences to prove the liability of users for their keys as well as social relationships for helping public key exchanges. Simulation results show the improvements achieved by our proposal in terms of effectiveness and survivability to different attacks.

Distributed Self-organized Trust Management for Mobile Ad Hoc Networks

Trust is a concept from the Social Sciences and can be defined as how much a node is willing to take the risk of trusting another one. The correct evaluation of the trust is crucial for several security mechanisms for Mobile Ad Hoc Networks (MANETs). However, the implementation of an effective trust evaluation scheme is very difficult in such networks, due to their dynamic characteristics. This work presents a trust evaluation scheme for MANETs based on a self-organized virtual trust network. To estimate the trustworthiness of other nodes, nodes form trust chains based on behavior evidences maintained within the trust network. Nodes periodically exchange their trust networks with the neighbors, providing an efficient method to disseminate trust information across the network. The scheme is fully distributed and self-organized, not requiring any trusted third party. Simulation results show that the scheme is very efficient on gathering evidences to build the trust networks. It also shows that the scheme has a very small communication and memory overhead. Besides, it is the first trust evaluation scheme evaluated under bad mouthing and newcomers attacks and it maintains its effectiveness in such scenarios.