Stuart H. Kurkowski

MANET simulation studies: the incredibles

Simulation is the research tool of choice for a majority of the mobile ad hoc network (MANET) community. However, while the use of simulation has increased, the credibility of the simulation results has decreased. To determine the state of MANET simulation studies, we surveyed the 2000-2005 proceedings of the ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc). From our survey, we found significant shortfalls. We present the results of our survey in this paper. We then summarize common simulation study pitfalls found in our survey. Finally, we discuss the tools available that aid the development of rigorous simulation studies. We offer these results to the community with the hope of improving the credibility of MANET simulation-based studies.

A Trust System Architecture for SCADA Network Security

This paper discusses the use of a communications network security device, called a trust system, to enhance supervisory control and data-acquisition (SCADA) security. The major goal of the trust system is to increase security with minimal impact on existing utility communication systems. A previous paper focused on the technical operation of the trust system by augmenting routers to protect User Datagram Protocol (UDP)-based traffic. This paper concentrates on placing the trust system into a broader context, creates new trust system implementations to increase its flexibility, and demonstrates the trust system using TCP traffic. Specifically, the article expands on previous work in the following ways: 1) the article summarizes major threats against SCADA systems; 2) it discusses new trust system implementations, which allow the trust system to be used with a wider array of network-enabled equipment; 3) it discusses key SCADA security issues in the literature and shows how the trust system responds to such issues; 4) the paper shows the impact of the trust system when widely prevalent TCP/IP network communication is used; and 5) finally, the paper discusses a new hypothetical scenario to illustrate the protection that a trust system provides against insider threats.

Constructing MANET Simulation Scenarios That Meet Standards

Choosing an appropriate simulation scenario to study the performance of a MANET routing protocol is an important process. For example, routing will not be properly evaluated when a simulation scenario with a low average hop count or a large degree of network partitioning is used. To ensure that a simulation scenario provides an effective platform for testing a MANET routing protocol, we recommend that researchers use two metrics to characterize their simulation scenarios: the average shortest-path hop count and the average amount of network partitioning. In this paper, we provide researchers with several models that take the desired values for these two metrics as inputs, and output the simulation area and number of nodes required to create a simulation scenario that meets the researchers target values for these two metrics to a close approximation. In this way, we provide several models that researchers can use to construct simulation scenarios that meet their standards in the evaluation of a MANET routing protocol.

Two Standards for Rigorous MANET Routing Protocol Evaluation

In this paper we look at issues with the simulation of generic mobile ad hoc network (MANET) routing protocols. MANET simulation-based research is an involved process driven by the scenarios used in the simulations. Scenarios must be properly constructed in order to be effective in evaluating the performance of generic MANET routing protocols. For example, in scenarios with a low average hop count, little routing is needed, and poor protocols might appear successful. On the other hand, in scenarios with a high degree of partitioning, many pairs of nodes have no usable route between them, and good protocols might appear unsuccessful. Many standards are needed to establish rigorous evaluations for MANET simulation research, from simulation scenario standards to random number generator standards to results analysis standards. We do not attempt to standardize all of these areas. We do, however, propose two standards that should be employed to ensure long routes are available and used in the evaluation of generic MANET routing protocols. That is, we qualify a simulation scenario to be used for rigorous generic MANET routing protocol evaluation, based on the scenarios average shortest-path hop count and its amount of network partitioning. We construct several simulation scenarios that meet our two standards, using example metric values for our two standards. We note that our method can be modified to generate scenarios with different metric values that a researcher finds appropriate

Discovering Variables that Affect MANET Protocol Performance

Mobile Ad Hoc Networks (MANETs) are usually studied through simulation. Network simulators allow users, in principle, to set values for several hundred variables. A few of these variables, including node speed, node pause time, and packet size, receive much of the attention in MANET simulation studies, because their values are generally believed to have an important effect on simulation results (e.g., delivery ratio). There are, however, a number of variables that are less discussed, but which have a substantially greater effect on simulation results than those more commonly considered. Given a typical simulation scenario, we demonstrate that variables such as the number of sources and random versus fixed destinations, which have received comparatively little attention in the literature, have a substantially greater impact on delivery ratio than do variables such as node speed and pause time, which have received significant attention in the literature. Failure to consider the values of these variables in simulation studies can result in misleading conclusions regarding the performance of routing protocols. We conclude that before investigators draw firm conclusions about the performance of a MANET routing protocol, they should examine the effects of a wider variety of variables than has generally been the practice.

Optimization of Trust System Placement for Power Grid Security and Compartmentalization

This article proposes a robust mathematical method to strategically place trust nodes to compartmentalize a time-critical SCADA network. The trust nodes combine firewall and intrusion detection technology to provide communication network security for protection, control, and SCADA systems. The mathematical technique optimizes the placement of the trust nodes based on the timing requirements of existing systems and the number of trust nodes that are available in the system given constraints, which may arise due to budgetary limitations or the restrictions of existing utility hardware. The intent is to create a planning tool to allow utility system operators to determine the best locations to place trust nodes to increase system security given limited resources and/or hardware constraints. The operational requirements of the environment are translated into a mathematical model. Mixed integer linear programming is used to process this model in search of an optimal solution. Because the problem is provably NP-Hard, a heuristic is also given to quickly find good, but not optimal, solutions. Experiments show promise for the proposed techniques.

Research and analysis of simulation-based networks through multi-objective visualization

Visualization of individual network events is a crucial part of testing new network designs and analyzing network performance and efficiency. This research designed and developed a framework for visualizing complex military and non-military wired and wireless networks. Our framework provides a robust network simulator trace file parser, multiple network visualization layouts-including user-defined layouts, and precise visualization controls. The parser architecture is capable of accepting trace files from different network simulators and provides one common visualization environment to study network scenarios run on different simulators. The many dynamic multi-objective network views add to the analyst¿s suite of tools available for analyzing networks. Analysts can toggle between the different views to provide even greater analysis capability. We describe our methodologies for the design and provide example analysis scenarios. Our framework will allow researchers to advance the state of network simulation-based analysis.

Collaborative, trust-based security mechanisms for a regional utility intranet

This article investigates network policies and mechanisms to enhance security in SCADA networks using a mix of TCP and UDP transport protocols over IP. It recommends creating a trust system that can be added in strategic locations to protect existing legacy architectures and to accommodate a transition to IP through the introduction of equipment based on modern standards such as IEC 61850. The trust system is based on a best-of-breed application of standard information technology (IT) network security mechanisms and IP protocols. The trust system provides seamless, automated command and control for the suppression of network attacks and other suspicious events. It also supplies access control, format validation, event analysis, alerting, blocking, and event logging at any network-level and can do so on behalf of any system that does not have the resources to perform these functions itself. Latency calculations are used to estimate limits of applicability within a company and between geographically separated company and area control centers, scalable to hierarchical regional implementations.

Building Social Networks in Persistent Video Surveillance

Social networks are a beneficial analysis tool in counterterrorism and counterinsurgent activities. The difficulty lies in the amount of time and resources it takes to construct a social network. By exploiting existing 24-hour overhead persistent video, we can build a social network from vehicle to vehicle and vehicle to building interactions. This paper demonstrates building a social network from vehicle tracks based on their interactions in an urban environment. From this social network we can see relationships among actors and their locations of interest. This information provides additional intelligence about terrorist activities to exploit them.

A methodology for unit testing actors in proprietary discrete event based simulations

This paper presents a dependency injection based, unit testing methodology for unit testing components, or actors, involved in discrete event based computer network simulation via an xUnit testing framework. The fundamental purpose of discrete event based computer network simulation is verification of networking protocols used in physical-not simulated-networks. Thus, use of rigorous unit testing and test driven development methodologies mitigates risk of modeling the wrong system. We validate the methodology through the design and implementation of OPNET-Unit, an xUnit style unit testing application for an actor oriented discrete event based network simulation environment, OPNET Modeler.