Secure, robust and trusted communications in wireless networks
暂无分享,去创建一个
This dissertation adopts a "data-first" approach for improving robustness and security guarantees in wireless communications: it provides solutions for robust data delivery under several threat and failure models associated with diverse network settings. The emphasis is on mitigating risks from exploits that target open-air properties of the wireless media. Two parallel streams of work address dominant data communication and design issues in Wireless Data Networks (WDNs, which include Mobile Ad-hoc and Wireless Mesh Networks) and Wireless Sensor Networks (WSNs).
In line with the bottom-up approach in WDNs, the first scenario evaluated is survivable architectures for Wireless LANs (WLANs). This forms the basis for designing a broad Traffic Splitting Paradigm (TSP) at the Network layer for Mobile Ad-hoc and Wireless Mesh networks. Under TSP, mesh and ad-hoc nodes split and simultaneously schedule their traffic through multiple available routes to the destination. This dissertation is the first to use simultaneous activation of multiple paths. A mesh node can connect to multiple mesh routers over multiple wireless hops. If the mesh routers are connected together via a backbone network, then a node's traffic to the distribution system can be split across several paths to connected routers and a low cost reassembly of this traffic can be performed at the distribution system. This shifts the bottleneck from the wireless medium to the distribution system.
To validate the efficacy of the traffic splitting protocol (TSP) from security and robustness viewpoints, a unique approach emulating adversarial behavior is adopted. In this approach, attacks are launched against both traffic splitting and single path protocols and the success probabilities for such attacks are compared. It is demonstrated that traffic splitting paradigms are provably resilient to jamming, blocking, node isolation, and network partition-type attacks.
The broad term "Trust" is loosely coined to model selfish and greedy adversarial behavior as well as ambient network conditions like channel congestion that are detrimental to wireless networks performance. A trust-based environment aware routing scheme dynamically schedules traffic across several available routes in response to changing route conditions. A variant of the Trust Model is also used as basis for key establishment and key management decisions in the network if the network uses encryption protocols. Under current schemes, keys are established with a node as long as it has not been declared malicious previously.
The TSP is limited in its effectiveness by the conventional CSMA/CA protocol at the MAC layer. IEEE 802.11 forces nodes to contend for channel access, promoting selfish behavior. For a node to successfully split and effectively schedule traffic through its neighbors, a contention avoiding cooperative MAC would be necessary. Multi-hop Wireless MAC (MWMAC) protocol is developed for this purpose. Under MWMAC, neighboring nodes schedule transmission intervals cooperatively and this reduces channel contention.
The second stream of research is in the wireless sensor domain. Misaggregation and unaccounted data loss are amongst the most critical open problems in WSNs: it is hard to distinguish them from in-network-processing and passive participation, which are genuine techniques used for reducing communication and computation overhead. Here, a framework based on sampling-theory and cryptographic-techniques and comprising of non-interactive proofs and proxy reports is developed to bound the error margins in reported values and enable the Base Stations to detect outliers and potential cheating by aggregator nodes. The framework is marked by its simplicity and practical usability: all verification and error checking by the BS are performed in a single round of communication.
The validation of the schemes presented in this dissertation is performed by a combined approach consisting of simulations, proof of concepts and theoretical evaluations and comparing their performance with existing techniques. It is deduced that some of these schemes may entail slight overheads in terms of network performance, but are beneficial in the enhanced security and robustness they provide. An attempt is made to integrate security into the protocol architectures themselves, thereby providing a composite framework of proactive and reactive schemes.