Peter C. Mason

Defense against spectrum sensing data falsification attacks in mobile ad hoc networks with cognitive radios

Cognitive radios (CRs) have been considered for use in mobile ad hoc networks (MANETs). The area of security in Cognitive Radio MANETs (CR-MANETs) has yet to receive much attention. However, some distinct characteristics of CRs introduce new, non-trivial security risks to CR-MANETs. In this paper, we study spectrum sensing data falsification (SSDF) attacks to CR-MANETs, in which intruders send false local spectrum sensing results in cooperative spectrum sensing, and SSDF may result in incorrect spectrum sensing decisions by CRs. We present a consensus-based cooperative spectrum sensing scheme to counter SSDF attacks in CR-MANETs. Our scheme is based on recent advances in consensus algorithms that have taken inspiration from self-organizing behavior of animal groups such as fish. Unlike the existing schemes, there is no need for a common receiver to do the data fusion for reaching the final decision to counter SSDF attacks. Simulation results are presented to show the effectiveness of the proposed scheme.

Security Enhancements for Mobile Ad Hoc Networks With Trust Management Using Uncertain Reasoning

The distinctive features of mobile ad hoc networks (MANETs), including dynamic topology and open wireless medium, may lead to MANETs suffering from many security vulnerabilities. In this paper, using recent advances in uncertain reasoning that originated from the artificial intelligence community, we propose a unified trust management scheme that enhances the security in MANETs. In the proposed trust management scheme, the trust model has two components: trust from direct observation and trust from indirect observation. With direct observation from an observer node, the trust value is derived using Bayesian inference, which is a type of uncertain reasoning when the full probability model can be defined. On the other hand, with indirect observation, which is also called secondhand information that is obtained from neighbor nodes of the observer node, the trust value is derived using the Dempster-Shafer theory (DST), which is another type of uncertain reasoning when the proposition of interest can be derived by an indirect method. By combining these two components in the trust model, we can obtain more accurate trust values of the observed nodes in MANETs. We then evaluate our scheme under the scenario of MANET routing. Extensive simulation results show the effectiveness of the proposed scheme. Specifically, throughput and packet delivery ratio (PDR) can be improved significantly with slightly increased average end-to-end delay and overhead of messages.

Distributed Combined Authentication and Intrusion Detection With Data Fusion in High-Security Mobile Ad Hoc Networks

Multimodal biometric technology provides potential solutions for continuous user-to-device authentication in high-security mobile ad hoc networks (MANETs). This paper studies distributed combined authentication and intrusion detection with data fusion in such MANETs. Multimodal biometrics are deployed to work with intrusion detection systems (IDSs) to alleviate the shortcomings of unimodal biometric systems. Since each device in the network has measurement and estimation limitations, more than one device needs to be chosen, and observations can be fused to increase observation accuracy using Dempster-Shafer theory for data fusion. The system decides whether user authentication (or IDS input) is required and which biosensors (or IDSs) should be chosen, depending on the security posture. The decisions are made in a fully distributed manner by each authentication device and IDS. Simulation results are presented to show the effectiveness of the proposed scheme.

A hierarchical identity based key management scheme in tactical Mobile Ad Hoc Networks

Hierarchical key management schemes would serve well for military applications where the organization of the network is already hierarchical in nature. Most of the existing key management schemes concentrate only on network structures and key allocation algorithms, ignoring attributes of the nodes themselves. Due to the distributed and dynamic nature of MANETs, it is possible to show that there is a security benefit to be attained when the node states are considered in the process of constructing a private key generator (PKG). In this paper, we propose a distributed hierarchical key management scheme in which nodes can get their keys updated either from their parent nodes or a threshold of sibling nodes. The proposed scheme can select the best nodes to be used as PGKs from all available ones considering their security conditions and energy states. Simulation results show that the proposed scheme can decrease network compromising probability and increase network lifetime.

Joint authentication and quality of service provisioning in cooperative communication networks

Cooperative communication is considered a promising technique to increase channel capacity and improve reliability in wireless and cellular networks. Although cooperative communication provides significant benefits, it also raises a number of serious security issues as malicious nodes may impersonate and affect the integrity of the communication. In this paper, we propose a prevention-based security technique for cooperative communication taking into consideration authentication protocol, based on hash chains and Merkle trees, along with physical layer parameters which relate to the channel state information. Based on this consideration, we derive the closed-form secured throughput equations for proactive relay selection in cooperative communication that provides both hop-by-hop and end-to-end authentication and integrity protection. The simulation results show that our proposed solution, which provides authentication and protects data integrity, has a higher throughput performance when compared to existing schemes that do not consider security.

Enhancing frequency-based wormhole attack detection with novel jitter waveforms

Wormhole attacks are among the most severe attacks on mobile ad hoc networks (MANETs). They do not involve message injection or message alteration, can be staged by outsider nodes, and cannot be prevented simply by encrypting network traffic. This paper further develops a wormhole attack discovery technique based on frequency-space analysis of periodic routing messages. The Frequency-based Wormhole Attack Discovery (FWAD) method described in this work is local, does not require specialized hardware or node synchronization, and works with routing messages readily available in networks that use proactive routing protocols. The new concept introduced in this paper is the use of an existing network characteristic, jitter, as a tool for improving security. Two jitter waveforms - keyed jitter and partitioned jitter - that enhance wormhole attack detection with FWAD are described in this paper. In keyed jitter each node’s jitter value is taken from a stream generated using a key known to other network nodes. Partitioned jitter has a high-frequency carrier sinusoidal component built into it. These forms of jitter allow frequency-based wormhole attack detection to take advantage of property that would otherwise inhibit its effectiveness. This paper also demonstrates that attackers cannot easily avoid being detected with FWAD.

A modular security architecture for managing security associations in MANETs

Maintaining security associations (SA) in mobile ad hoc networks (MANET) is challenging due to their intrinsically open, dynamic, and decentralized nature. Bandwidth limitations arising from both the physical characteristics of the wireless medium and the control overhead required to maintain routes in a network with changing topology add another level of difficulty to the problem. While establishing SAs with strong authentication is a generally accepted practice, the allowed duration of these SAs is a harder problem that may depend on a number of factors. Ideally, we would like to optimize the maintenance of the SAs to balance quality of protection (QoP) against quality of service (QoS). In this paper we propose and describe a modular security architecture to achieve this goal. The architecture consists of security policy, trust model, and state machine modules that together control the strong authentication process for establishing and maintaining SAs. We demonstrate the efficacy of this architecture through simulation of a MANET that implements a Trust-enhanced Routing Table (TRT). Our simulations use a state machine to manage the authentication process linked to a TRT previously proposed as a security extension of the optimized link state routing (OLSR) protocol. We demonstrate that this state machine, when linked to an adaptive trust model itself controlled by a security policy, can substantially outperform static models. Because the architecture is modular, the implementation can be tailored for different environments or scenarios.

Using covert timing channels for attack detection in MANETs

Mobile ad hoc networks (MANETs) are notoriously difficult to defend against attack. In this paper we demonstrate that by optimizing a previously reported covert timing channel, it is possible to simultaneously improve the reliability of the channel and create a metric that reliably detects attacks. Using standard methods from information theory, we compute the capacity of the covert channel and show that it is reduced under wormhole attack. This result leads us to a novel application of error-correcting codes to our covert channel, where the number of errors corrected provides a measure of the likelihood that a route traverses a wormhole. This technique does not use any of the bearer-channel communications bandwidth nor does it require modifications to the protocols or hardware.

Enhancement of frequency-based wormhole attack detection

Mobile Ad Hoc Networks (MANETs) have been seen as a key tactical communication technology. However, one of the most severe attacks in MANETs, the wormhole attack remains a sizable challenge. Most existing wormhole detection techniques rely on specialized hardware such as directional antennas, GPS, or high precision clocks, which can limit their efficacy. In order to provide an efficient and accurate detection mechanism for wormhole attacks, we present a new method based on signal processing techniques, in which purposely shaped traffic is transmitted, analysed at the destination node by constructing the reception time data into a “signal”, and then transforming this signal to the frequency domain using the Fast Fourier Transform (FFT). Using this technique, the wormhole attack can be quickly and accurately identified. We demonstrate in simulation and in a testbed that the proposed methodology can be used to detect an attack within seconds. In addition, the detection mechanism proposed is agnostic of routing protocol and does not require any specialized hardware support.

Supporting periodic, strong re-authentication in MANET scenarios

A Security Association (SA), established by strong authentication, between a node pair in a Mobile Ad hoc Network (MANET) could be lost when its route is disconnected. In contrast, in good channel conditions and stable topology, routing protocols such as the Optimized Link State Routing (OLSR) do not refresh routes periodically, and in doing so, an SA bound to these routes could become stale and out of date. In this paper we demonstrate a decoupling of the maintenance of the SAs from the link state conditions by introducing a timer that defines the lifetime of the SAs, as well as the periodicity of strong authentications. This timer is implemented within a state machine that also manages other aspects of the authentication process. We implement these changes using a Trust-enhanced Routing Table (TRT), an extension of the OLSR routing table. The state machine and TRT are trialed in a series of MANET simulations in which the topology of the network remains static but channel conditions are made progressively less favorable. By varying the allowed SA duration timer within the state machine, we are able to measure the overhead (cost) associated with maintaining SAs in varying channel conditions. We show that the costs associated with our implementation are generally far lower than if we were to link SAs to standard OLSR routes in the same conditions. Since the allowed lifetime of SA is a security parameter, our results effectively demonstrate a trade-off between security and overhead for our model. Our implementation is designed to be further, and easily, extended to account for additional security parameters as input.