Sohail Abbas

Lightweight Sybil Attack Detection in MANETs

Fully self-organized mobile ad hoc networks (MANETs) represent complex distributed systems that may also be part of a huge complex system, such as a complex system-of-systems used for crisis management operations. Due to the complex nature of MANETs and its resource constraint nodes, there has always been a need to develop lightweight security solutions. Since MANETs require a unique, distinct, and persistent identity per node in order for their security protocols to be viable, Sybil attacks pose a serious threat to such networks. A Sybil attacker can either create more than one identity on a single physical device in order to launch a coordinated attack on the network or can switch identities in order to weaken the detection process, thereby promoting lack of accountability in the network. In this research, we propose a lightweight scheme to detect the new identities of Sybil attackers without using centralized trusted third party or any extra hardware, such as directional antennae or a geographical positioning system. Through the help of extensive simulations and real-world testbed experiments, we are able to demonstrate that our proposed scheme detects Sybil identities with good accuracy even in the presence of mobility.

Component-based security system (COMSEC) with QoS for wireless sensor networks

In the last decade, many security solutions have been proposed to fulfil the security requirements of wireless sensor networks (WSNs). However, these solutions are specifically designed for particular security issues, based on different assumptions, and limited to certain WSNs applications. Can these security solutions work together to handle multiple problems at the same time? It is an interesting and difficult question. We believe good solutions in various security areas do not mean they can work together and deliver similar results, i.e. occurrence of any security weakness or attack in a particular security solution could expose the vulnerabilities of other solutions. Using these solutions together might also degrade WSN quality of service. To deal with the aforementioned issues, we therefore propose a novel component-based security system (COMSEC) based on proactive and reactive components. Each component looks after a particular security issue and is integrated with others. The proposed system provides better secure communication, Sybil attack detection, secure data aggregation and resilience against node capture attacks and replication attacks. COMSEC has been evaluated and compared against existing schemes. Evaluation results show a significant improvement in resilience against node capture attacks, Sybil attack detection data confidentiality, privacy, memory overhead and connectivity. Copyright

The effect of direct interactions on reputation based schemes in mobile ad hoc networks

In multihop networks such as mobile ad hoc networks selfish or misbehaving nodes can degrade network performance. Reputation based models have been developed to enforce cooperation and to discourage node misbehaviour. These schemes detect and isolate selfish nodes and maintain network throughput by enabling nodes to construct paths that only include good nodes. In order to punish selfish nodes and restrict their services, selfish nodes are not provided with packet forwarding services anymore by the good nodes in the network; however they can still gain throughput or utility by interacting directly with the destination nodes. The commonly adopted simulation parameters used by the research community for the evaluation of reputation based schemes in mobile environments usually produces high direct interactions. These direct interactions result in noticeably higher throughput and node utility for the network overall causing confusion: these metrics are increased or decreased due to the direct interactions or due to the reputation based scheme. We implemented the popular CONFIDANT reputation-based scheme to confirm how much throughput is the result of these direct interactions. Our simulation studies show that in the presence of 20% selfish nodes and in a continuous mobile environment, 59% of the evil throughput and 29% of the good throughput was gained through direct interactions among nodes. These direct interactions accordingly affect delay and routing overhead in the network.

Performance analysis of TCP/AQM under Low-Rate Denial-of-Service Attacks

The interactions between Active Queue Management (AQM) algorithms and TCP have been extensively investigated in the last few years. However, majority of the studies are conducted without considering the consequences of different attacks on TCP flows. This research work aims to investigate the performance of TCP flows under Low-Rate Denial-of-Service (LDoS) attacks. In particular, we have performed diverse LDoS experiments by varying critical experimental parameters in order to evaluate their effects on the performance of TCP under droptail and four other AQM algorithms. Simulation results indicate that an LDoS attack with short attack duration of ≈ 0.5 seconds produces more effective outcomes for the attacker as compared to the finding previously reported. Furthermore, the results reveal that droptail and PI are highly robust compared to the other three AQM schemes. RED was designed to bring major improvements over the simple droptail algorithm. However, simulation results show that the simple droptail algorithm outperforms RED in all of the three experiments. On the other hand, the Adaptive Virtual Queue (AVQ) algorithm shows the worst performance in the presence of LDoS attack.

Simulation-based analysis of MANET routing protocols using group mobility model

Mobile ad hoc Networks (MANETs) are created by a collection of mobile nodes (MNs), which communicate and exchange information with each other via wireless links. These networks are widely known by their unique characteristics such as mobility, changing topology, multi-hop communication and lack of infrastructure. In the last few years, various routing protocols have been proposed for these networks. It is worthy to note that mobility brings many challenges when designing protocols for these networks. In this paper, we assessed the influence of Reference Point Group mobility model (RPGM) on the performance of both reactive and proactive protocols. Simulation results indicate that the hop-by-hop AODV performs better in high stressful environments, which makes AODV the robust protocol for RPGM model. We also observed that DSR is suitable for less tense environments. Furthermore, we found interesting facts about proactive routing protocols. These protocols are evaluated in terms of packet delivery Ratio (PDR), dropped packets, routing overhead and end-to-end delay.

Investigating the impacts of entity and group mobility models in MANETs

Mobile Ad hoc Networks (MANETs) represent complex distributed systems that do not rely on any infrastructure or centralized administration. These networks consist of wireless mobile devices which communicate with each other over the wireless channel. Because each mobile node (MN) has a limited transmission range, multi-hop communication is necessary to deliver data across the entire network. Such type of communication requires routing protocols which are capable of discovering multi-hop routes between the sending and receiving nodes. In addition, various mobility models are used to mimic the walking patterns of MNs in real-world environments. These models are generally categorized into two types, i.e., (i) entity and (ii) group-based mobility models depending upon their functionalities. In this paper, we assessed the impacts of different networking contexts on the performance of different mobility models. We selected Random Waypoint (RWP) and Gauss-Markov (GM) models from the first category and Reference Point group (RPGM) and Nomadic Community (NCMM) mobility models from the second. We performed extensive simulations using Network Simulator (NS-2). Simulation results reveal that there is a decline in cost as the speed of MNs is increased. In addition, node density differently impacted the performance of both types of models. The recommendation of this research will provide better understanding of the different mobility models in MANETs and their uses in real-world environments such as search and rescue operations, battlefield situations, tracking operations, people-centric networking and many more.

A Survey on Lightweight Authentication Schemes in Vertical Handoff

Lightweight authentication is one of the solutions proposed in order to reduce the time required for authentication during vertical handoff across heterogeneous networks. Reducing the handoff latency is considered to be a challenging issue. It arises when a user requires maintaining its service continuity while traveling across heterogeneous networks. For example, a mobile user may change access networks while being engaged in different scenarios, such as browsing Internet, using real-time applications or collaborating in cooperative information systems. Delay in the vertical handoff creates many problems, i.e. packet loss, service interruption, security problems, etc. Fast and lightweight authentication schemes are always tempted in such application domains because of many benefits, for instance seamless and efficient handoff, service continuity, guaranteed quality of service (QoS) and suitability for real-time applications while maintaining security. Various techniques have been proposed in this domain to reduce authentication delay. However, these methods do not fully address all the issues in the problem domain; for example, these methods have deficiencies in terms of security, monetary cost, signaling cost and packet latency. In this paper, a comparative study of different lightweight authentication methods is presented but the main focus of this work is one of the different implementations. An overview of major problems and their solutions are presented along with their strengths and limitations. Different emerging research areas are also presented in the domain of lightweight authentication in the vertical handoff.

Lightweight detection of malicious nodes in mobile ad hoc networks

Mobile Ad Hoc Networks (MANETs) are self-arranging, dynamic, infrastructure-less and multi-hop networks formed by a group(s) of mobile nodes (MNs), which transmit information via wireless channels. The broadcast nature of the wireless medium makes MANETs vulnerable to various types of attacks (e.g., masquerading attack, node replication attack, Sybil attack and so on). A critical challenge that allows replicas to defeat the well-known detection algorithms is known as abnormal or selected silence. This problem arises when replicas intentionally become silent at specific time periods or stop broadcasting detection packets. As a result, the attackers become invisible and successfully evade the detection process. Most of the existing detection techniques are vulnerable to these malicious activities. In this paper, we propose a new lightweight technique for mitigating the above issue in MANETs. Our solution is lightweight and does not need the use of extra communication or geographical positioning system (GPS). Simulation results show excellent detection accuracy of the proposed scheme.

An Efficient and Reliable Core-Assisted Multicast Routing Protocol in Mobile Ad-Hoc Network

Mobile ad-hoc network is a collection of mobile nodes that are connected wirelessly forming random topology through decentralized administration. In Mobile ad-hoc networks, multicasting is one of the important mechanisms which can increase network efficiency and reliability by sending multiple copies in a single transmission without using several unicast transmissions. Receiver initiated mesh based multicasting approach provides reliability to Mobile ad-hoc network by reducing overhead. Receiver initiated mesh based multicast routing strongly relies on proper selection of a core node. The existing schemes suffer from two main problems. First, the core selection process is not efficient, that usually selects core in a manner that may decrease core lifetime and deteriorate network performance in the form of frequent core failures. Second, the existing schemes cause too much delay for core re-selection(s) process. The performance becomes worse in situations where frequent core failures occur due to high mobility which causes excessive flooding for reconfigurations of another core and hence delays the on-going communication and compromising the network reliability. The objectives of the paper are as follows. First, we propose an efficient method in which the core is selected within the receiver group on the basis of multiple parameters like battery capacity and location, as a result, a more stable core is selected with minimum core failure. Second, to increase the reliability and decrease the delay, we introduce the idea of the mirror core. The mirror core takes the responsibility as a main core after the failure of the primary core and has certain advantages such as maximum reliability, minimum delay and minimizing the data collection process. We implement and evaluate the proposed solution in Network Simulator 2. The result shows that this scheme performs better than the existing benchmark schemes in terms of the packet delivery ratio, overhead and throughput.