Per Johansson

Can you infect me now?: malware propagation in mobile phone networks

In this paper we evaluate the effects of malware propagating usingcommunication services in mobile phone networks. Although self-propagating malware is well understood in the Internet, mobile phone networks have very different characteristics in terms of topologies, services, provisioning and capacity, devices, and communication patterns. To investigate malware in this new environment, we have developed an event-driver simulator that captures the characteristics and constraints of mobile phone networks. In particular, the simulator models realistic topologies and provisioned capacities of the network infrastructure, as well as the contactgraphs determined by cell phone address books. We evaluate the speedand severity of random contact worms in mobile phone networks, characterize the denial-of-service effects such worms could have on the network, investigate approaches to accelerate malware propagation, and discuss the implications of defending networks against such attacks.

Defending Mobile Phones from Proximity Malware

As mobile phones increasingly become the target of propagating malware, their use of direct pair-wise communication mechanisms, such as Bluetooth and WiFi, pose considerable challenges to malware detection and mitigation. Unlike malware that propagates using the network, where the provider can employ centralized defenses, proximity malware can propagate in an entirely distributed fashion. In this paper we consider the dynamics of mobile phone malware that propagates by proximity contact, and we evaluate potential defenses against it. Defending against proximity malware is particularly challenging since it is difficult to piece together global dynamics from just pair-wise device interactions. Whereas traditional network defenses depend upon observing aggregated network activity to detect correlated or anomalous behavior, proximity malware detection must begin at the device. As a result, we explore three strategies for detecting and mitigating proximity malware that span the spectrum from simple local detection to a globally coordinated defense. Using insight from a combination of real-world traces, analytic epidemic models, and synthetic mobility models, we simulate proximity malware propagation and defense at the scale of a university campus. We find that local proximity-based dissemination of signatures can limit malware propagation. Globally coordinated strategies with broadcast dissemination are substantially more effective, but rely upon more demanding infrastructure within the provider.

WIISARD: a measurement study of network properties and protocol reliability during an emergency response

This paper describes the design, deployment, and empirical evaluation of WIISARD - a novel emergency response system that provides reliable communication in dynamic wireless environments without extensive communication infrastructure. The main contribution of this paper is an in-depth empirical study of network properties that emerge during a drill in which WIISARD is deployed with minimal infrastructure support. The drill involves 19 first responders and 41 victims. The properties of links established among first responders vary between phases of the drill and depend upon the responders role in the drill. The rescue phase - in which responders are highly mobile as they triage victims - poses significant challenges to reliable communication. During this phase, the contacts between responders are short-lived; however, they are reestablished within minutes. Once a contact between responders is established, the quality of the link between those responders is usually high. The connectivity graph observed during the rescue phase is usually connected and has a small diameter although there are times when it has a large diameter or it is partitioned. While mobility increases network dynamics, we also observe that the mobility patterns characteristic of the emergency response workflow can be leveraged to disseminate data efficiently through data muling. WIISARD employs a gossip-based protocol and supports data dissemination through local communication and data muling to achieve 98% reliability during the drill exercise. These results indicate the feasibility of providing reliable communication in emergency response with minimal infrastructure in spite of network dynamics.

Urban mesh and ad hoc mesh networks

Mesh networking is currently gaining much attention, within both academia and industry. Mesh networking allows cheap and fast deployment of wireless services. It is regarded as a very promising solution for urban deployment scenarios as well as for temporary emergency response situations. Another related promising field is that of ad hoc wireless networking, which consists of mobile nodes that dynamically create and maintain a network without the need for any infrastructure. We propose a solution and architecture for urban mesh ad hoc networks, a network that combines mesh networking with ad hoc networks for urban environments. We present four types of ad hoc mesh and ad hoc mesh networks. The most general one consists of mesh nodes, called mesh points (MP), that act as a type of access point for user nodes (UN). The MPs have at least two interfaces: one which is used to communicate with UNs, and one which is used to maintain the mesh access network and transport data. These two interfaces can basically use any type of technology (IEEE 802.11 a/b/g, WiMax, etc.), and for capacity reasons it is generally regarded that the best solution is to let the mesh interface operate on a separate high-capacity channel or channels. An intricate part of these types of networks are routing and location services. In our solution, UN devices operate in ad hoc mode running an ad hoc routing protocol. This allows UNs that wish to communicate to connect directly in an ad hoc manner, or through an MP. An important question is therefore whether two UNs that wish to communicate should connect through the mesh or connect directly. We show that from a capacity point of view whether a UN should route its packets to the closest available MP, or through a ad hoc network, depends on the environment the network is located, the amount traffic and the type of protocols used. Since MPs need to know where to route packets within the mesh, i.e., locating the MP closest to the destination UN, each UN run a small application that registers the UN to the mesh network. In addition to the above features we have developed a new MAC that quickly queries two candidate nodes, which picks the candidate with the currently best radio conditions. This enable nodes to cope with deep dips in signal strength due to fast fading, a well-known problem in urban environments. We show that this new protocol achieves significantly lower delays. We also show that in dense urban environments performance and battery lifetime can be improved if ad hoc technologies are used.

Common Opportunistic Routing and Forwarding

Most of the existing routing schemes for opportunistic forwarding either rely on a priori known topology information, or provide explicit protocol information in the data packet header. In this paper, we present a routing protocol for opportunistic forwarding that dynamically create candidate priority forwarding lists without the need for any explicit control information in data packet headers, and determines and distributes link probability information. The routing protocol is both modular and powerful enough to be used as the routing information creating entity for most existing opportunistic schemes, as well as future new schemes. These properties makes our protocol an ideal candidate for a common opportunistic forwarding reference framework. We use our framework to develop a Multi-Rate Opportunistic Routing with Congestion Diversity (MORCD) protocol for routing packets in congested networks and utilize availability of multiple rates to further improve throughput. We show that the type of routing scheme optimal for a certain scenario depends on how much diversity the network topology is able to provide, the amount of fading, and the amount of traffic as well as interference that exists in the network. By having a modular routing protocol, it is therefore possible to configure the protocol to use the most appropriate scheme and make it work efficiently under many different situations and scenarios.

Cross layer routing and medium access control with channel dependant forwarding in wireless ad-hoc networks

Wireless ad hoc networks have the last 10 years gained a lot of attention within the research community. A wireless ad hoc network is a special type of wireless network where nodes are typically mobile and doesnt rely on any fixed infrastructure to operate correctly. Much work has been done on developing robust and stable routing algorithms that consider the dynamic nature of an ad hoc network: nodes are very mobile and enter and leave the network in random ways. Much work has also been done on developing medium access control (MAC) algorithms that consider many wireless characteristics such as interference and the hidden terminal problems. Little work has so far been done on developing joint routing and MAC layer solutions that consider the variations of the wireless channel. We present a solution where the routing protocol can cooperate with the MAC layer to provide power control and channel dependent forwarding. By establishing non-disjoint multiple paths between each source and destination, nodes may be able to avoid links that are currently in a deep signal fade by choosing a more beneficial next hop path.

Limitations of scanned human copresence encounters for modelling proximity-borne malware

Patterns of human encounters, which are difficult to observe directly, are fundamental to the propagation of mobile malware aimed at infecting devices in spatial proximity. We investigate errors introduced by using scanners that detect the presence of devices on the assumption that device copresence at a scanner corresponds to a device encounter. We show in an ideal static model that only 59% of inferred encounters correspond to actual device copresence. To investigate the effects of mobility, we use a simulator to compare encounters between devices with those inferred by scanners. We show that the statistical properties of scanned encounters differ from actual device encounters in ways which impact malware propagation dynamics, a form of aggressive data dissemination. In addition to helping us understand the limitations of encounter data gathered by scanners in the field, our use of virtual scanners suggests a practical method for using these empirical datasets to better inform simulations of proximity malware outbreaks and similar data dissemination applications.

GRAPEVINE: hybrid cooperative opportunistic routing for challenged wireless networks using fountain coding

This paper present Grapevine, a wireless networking protocol designed to be used in challenged environments such an emergency response network. These environments typically experience a lot of noise, interference, disconnections and high mobility resulting in high packet loss rates. As often critical data needs to be disseminated to other nodes it is important to have a protocol that efficiently delivers data under these conditions, but which is also efficient under good conditions. Grapevine uses to fountain coding to opportunistically and cooperatively to efficiently delivers data in high throughput wireless multi hop networks, as well as lossy and delay tolerant networks. Results show that our flooding based protocol is more efficient than traditional protocols in lossy networks both in terms of lower delay and lower overhead.

ViMesh (TM) high-speed V-band Vehicular Ad-hoc Network

The 60 GHz frequency band possesses the potential for short range, wide bandwidth and stealthy communication. MaXentrics ViMesh™ is a V-band (60GHz) Vehicular Ad-hoc Network that allows fast moving vehicles to perform on-the-move command and control operations with high quality video, voice and data. The ViMesh architecture overcomes the V-band challenges in link budget, multipath, line-of-sight requirement, size and cost with innovations in both the physical layer and the routing layer. Its MAC and network protocol algorithms are able to provide reliable high throughput content at multiple-hop distance and provide both routed and delay-tolerant features. With the use of switchable directional antenna array, it has also improved the spatial channel utilization and immunity toward eavesdropping.

Operator and radio resource sharing in multi-carrier environments

Todays mobile networks prevent users from freely accessing all available networks. Instead, seamless network composition could present a win-win situation for both users and operators. Users can gain better quality of service with more resources to choose from, while each individual operator can provision lesser bandwidth since resources can be shared during times of peak demand. In this paper, we analyze the benefits of operator cooperation using real trace data of cellular data access. We leverage the difference in burstiness at small timescales across network providers to shed the peak usage of one operator on to another. Our results show that even when an operator provisions network capacity below the peak load, cooperation with other network providers can help maintain quality of service for most sessions. In addition, we investigate the performance delivered by various kinds of cellular data cards. Our results confirm that WiFi 802.11b/g consistently delivers superior performance compared to 3G. It will take the next generation 4G technologies such as LTE to deliver end-user performance comparable to widely-deployed 802.11 networks.