Pedro B. Velloso

Trust management in mobile ad hoc networks using a scalable maturity-based model

In this paper, we propose a human-based model which builds a trust relationship between nodes in an ad hoc network. The trust is based on previous individual experiences and on the recommendations of others. We present the Recommendation Exchange Protocol (REP) which allows nodes to exchange recommendations about their neighbors. Our proposal does not require disseminating the trust information over the entire network. Instead, nodes only need to keep and exchange trust information about nodes within the radio range. Without the need for a global trust knowledge, our proposal scales well for large networks while still reducing the number of exchanged messages and therefore the energy consumption. In addition, we mitigate the effect of colluding attacks composed of liars in the network. A key concept we introduce is the relationship maturity, which allows nodes to improve the efficiency of the proposed model for mobile scenarios. We show the correctness of our model in a single-hop network through simulations. We also extend the analysis to mobile multihop networks, showing the benefits of the maturity relationship concept. We evaluate the impact of malicious nodes that send false recommendations to degrade the efficiency of the trust model. At last, we analyze the performance of the REP protocol and show its scalability. We show that our implementation of REP can significantly reduce the number messages.

Towards Stateless Single-Packet IP Traceback

The current Internet architecture allows malicious nodes to disguise their origin during denial-of-service attacks with IP spoofing. A well-known solution to identify these nodes is IP traceback. In this paper, we introduce and analyze a lightweight single-packet IP traceback system that does not store any data in the network core. The proposed system relies on a novel data structure called Generalized Bloom Filter, which is tamper resistant. In addition, an efficient improved path reconstruction procedure is introduced and evaluated. Analytical and simulation results are presented to show the effectiveness of the proposed scheme. The simulations are performed in an Internet-based scenario and the results show that the proposed system locates the real attack path with high accuracy.

FITS: A flexible virtual network testbed architecture

In this paper, we present the design and implementation of FITS (Future Internet Testbed with Security), an open, shared, and general-purpose testbed for the Future Internet. FITS defines an innovative architecture that allows users running experiments with new mechanisms and protocols using both Xen and OpenFlow on the same network infrastructure. FITS integrates several recognized state-of-the-art features such as plane separation, zero-loss network migration, and smartcard-driven security access, to cite a few. The current physical testbed is composed of nodes placed at several Brazilian and European institutions interconnected by encrypted tunnels. Besides presenting the FITS architecture and its features, we also discuss deployment challenges and how we have overcome them.

Analyzing voice transmission capacity on ad hoc networks

This paper analyzes voice transmission capacity on ad hoc networks by performing simulations related to delay and jitter. We evaluate the influence of QoS provision and mobility on the number of voice transmitting sources. Results show that the maximum number of voice transmissions can be increased when medium access time is reduced by means of a service differentiation mechanism applied to the MAC layer. Also, mobility and network load variations degrade the network capacity for voice transmission, mainly on multihop mobile networks.

PLASMA: A new routing paradigm for wireless multihop networks

In this paper we present a new routing paradigm for wireless multihop networks. In plasma routing, each packet is delivered over the best available path to one of the gateways. The choice of the path and gateway for each packet is not made beforehand by the source node, but rather on-the-fly by the mesh routers as the packet traverses the network. We propose a distributed routing algorithm to jointly optimize the transmission rate and the set of gateways each node should use. A load balancing technique is also proposed to disperse the network traffic among multiple gateways. We validate our proposal with simulations and show that plasma routing outperforms the state-of-the-art multirate anypath routing paradigm, with a 98% throughput gain and a 2.2x delay decrease. Finally, we also show that the load can be evenly distributed among gateways with a similar routing cost, resulting in a further 63% throughput gain.

An accurate and precise malicious node exclusion mechanism for ad hoc networks

Abstract Mobile ad hoc networks are attractive due to the wireless communication, infrastructure-less design, and the self-organized mobile nodes. These features, however, introduce vulnerabilities, since there are no centralized control elements and the communication depends on cooperation of nodes. We propose a robust and distributed access control mechanism based on a trust model to secure the network and stimulate cooperation by excluding misbehaving nodes from the network. The mechanism divides the access control responsibility into two contexts: local and global. The local context responsibility is the neighborhood watch to notify the global context about suspicious behavior. In its turn, the global context analyzes the received information and decides whether it punishes the suspicious node using a voting scheme. We model the exclusion mechanism and perform a parameter analysis. Simulation results prove that the combination of voting and trust schemes provides an accurate and precise classification and node exclusion mechanism, even though in scenarios of limited monitoring.

Analyzing a human-based trust model for mobile ad hoc networks

This paper analyzes a trust model for mobile ad hoc networks. We provide nodes with a mechanism to build a trust relationship with its neighbors. The proposed model considers the recommendation of trustworthy neighbors and the experience of the node itself. The interactions are limited to direct neighbors in order to scale on mobile networks. The results show the efficiency and the trade-off of our model in the presence of mobility. We also analyze the advantages of considering the relationship maturity, i.e. for how long nodes know each other, to evaluate the trust level. The maturity parameter can decrease the trust level error up to 50%.

HIT: a Human-Inspired Trust model

This paper presents a new approach to assign trust levels in ad hoc networks. Our system is inspired by the human concept of trust. The trust level considers the recommendation of trustworthy neighbors and their own experience. For the recommendation computation, we take into account not only the trust level, but also its accuracy and the relationship maturity. We also propose the Recommendation Exchange Protocol (REP), which minimizes the number of exchanged messages. The results show the efficacy of the system and the influence of main parameters.

Capacity and Robustness Tradeoffs in Bloom Filters for Distributed Applications

The Bloom filter is a space-efficient data structure often employed in distributed applications to save bandwidth during data exchange. These savings, however, come at the cost of errors in the shared data, which are usually assumed low enough to not disrupt the application. We argue that this assumption does not hold in a more hostile environment, such as the Internet, where attackers can send a carefully crafted Bloom filter in order to break the application. In this paper, we propose the concatenated Bloom filter (CBF), a robust Bloom filter that prevents the attacker from interfering on the shared information, protecting the application data while still providing space efficiency. Instead of using a single large filter, the CBF concatenates small subfilters to improve both the filter robustness and capacity. We propose three CBF variants and provide analytical results that show the efficacy of the CBF for different scenarios. We also evaluate the performance of our filter in an IP traceback application and simulation results confirm the effectiveness of the proposed mechanism in the face of attackers.

Evaluating voice traffic requirements on IEEE 802.11 ad hoc networks

This paper analyzes voice transmission capacity on IEEE 802.11 ad hoc networks by performing simulations related to delay, jitter, loss rate, and consecutive losses. We evaluate the influence of mobility on the number of sources transmitting voice. Another issue addressed in this paper is the effect of node density on voice transmission. Our simulation model has allowed us to identify the main reasons for voice degradation in ad hoc networks. Results show that voice transmission capacity degrades with mobility and network load, being more sensitive to high mobility due to link failures. The network capacity can easily experience a decrease of up to 60% on the number of voice transmissions on a multi-hop environment. We also show that node density is also relevant when considering voice transmission on multi-hop networks.