Visible to the public Biblio

Filters: Keyword is telecommunication network routing  [Clear All Filters]
2019-11-04
Li, Teng, Ma, Jianfeng, Pei, Qingqi, Shen, Yulong, Sun, Cong.  2018.  Anomalies Detection of Routers Based on Multiple Information Learning. 2018 International Conference on Networking and Network Applications (NaNA). :206-211.

Routers are important devices in the networks that carry the burden of transmitting information among the communication devices on the Internet. If a malicious adversary wants to intercept the information or paralyze the network, it can directly attack the routers and then achieve the suspicious goals. Thus, preventing router security is of great importance. However, router systems are notoriously difficult to understand or diagnose for their inaccessibility and heterogeneity. The common way of gaining access to the router system and detecting the anomaly behaviors is to inspect the router syslogs or monitor the packets of information flowing to the routers. These approaches just diagnose the routers from one aspect but do not consider them from multiple views. In this paper, we propose an approach to detect the anomalies and faults of the routers with multiple information learning. We try to use the routers' information not from the developer's view but from the user' s view, which does not need any expert knowledge. First, we do the offline learning to transform the benign or corrupted user actions into the syslogs. Then, we try to decide whether the input routers' conditions are poor or not with clustering. During the detection phase, we use the distance between the event and the cluster to decide if it is the anomaly event and we can provide the corresponding solutions. We have applied our approach in a university network which contains Cisco, Huawei and Dlink routers for three months. We aligned our experiment with former work as a baseline for comparison. Our approach can gain 89.6% accuracy in detecting the attacks which is 5.1% higher than the former work. The results show that our approach performs in limited time as well as memory usages and has high detection and low false positives.

2019-06-10
Hu, Y., Li, X., Liu, J., Ding, H., Gong, Y., Fang, Y..  2018.  Mitigating Traffic Analysis Attack in Smartphones with Edge Network Assistance. 2018 IEEE International Conference on Communications (ICC). :1–6.

With the growth of smartphone sales and app usage, fingerprinting and identification of smartphone apps have become a considerable threat to user security and privacy. Traffic analysis is one of the most common methods for identifying apps. Traditional countermeasures towards traffic analysis includes traffic morphing and multipath routing. The basic idea of multipath routing is to increase the difficulty for adversary to eavesdrop all traffic by splitting traffic into several subflows and transmitting them through different routes. Previous works in multipath routing mainly focus on Wireless Sensor Networks (WSNs) or Mobile Ad Hoc Networks (MANETs). In this paper, we propose a multipath routing scheme for smartphones with edge network assistance to mitigate traffic analysis attack. We consider an adversary with limited capability, that is, he can only intercept the traffic of one node following certain attack probability, and try to minimize the traffic an adversary can intercept. We formulate our design as a flow routing optimization problem. Then a heuristic algorithm is proposed to solve the problem. Finally, we present the simulation results for our scheme and justify that our scheme can effectively protect smartphones from traffic analysis attack.

Majumder, S., Bhattacharyya, D..  2018.  Mitigating wormhole attack in MANET using absolute deviation statistical approach. 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC). :317–320.

MANET is vulnerable to so many attacks like Black hole, Wormhole, Jellyfish, Dos etc. Attackers can easily launch Wormhole attack by faking a route from original within network. In this paper, we propose an algorithm on AD (Absolute Deviation) of statistical approach to avoid and prevent Wormhole attack. Absolute deviation covariance and correlation take less time to detect Wormhole attack than classical one. Any extra necessary conditions, like GPS are not needed in proposed algorithms. From origin to destination, a fake tunnel is created by wormhole attackers, which is a link with good amount of frequency level. A false idea is created by this, that the source and destination of the path are very nearby each other and will take less time. But the original path takes more time. So it is necessary to calculate the time taken to avoid and prevent Wormhole attack. Better performance by absolute deviation technique than AODV is proved by simulation, done by MATLAB simulator for wormhole attack. Then the packet drop pattern is also measured for Wormholes using Absolute Deviation Correlation Coefficient.

Rmayti, M., Begriche, Y., Khatoun, R., Khoukhi, L., Mammeri, A..  2018.  Graph-based wormhole attack detection in mobile ad hoc networks (MANETs). 2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ). :1–6.

A Mobile ad hoc network (MANET) is a set of nodes that communicate together in a cooperative way using the wireless medium, and without any central administration. Due to its inherent open nature and the lack of infrastructure, security is a complicated issue compared to other networks. That is, these networks are vulnerable to a a wide range of attacks at different network layers. At the network level, malicious nodes can perform several attacks ranging from passive eavesdropping to active interfering. Wormhole is an example of severe attack that has attracted much attention recently. It involves the redirection of traffic between two end-nodes through a Wormhole tunnel, and manipulates the routing algorithm to give illusion that nodes located far from each other are neighbors. To handle with this issue, we propose a novel detection model to allow a node to check whether a presumed shortest path contains a Wormhole tunnel or not. Our approach is based on the fact that the Wormhole tunnel reduces significantly the length of the paths passing through it.

Li, T., Ma, J., Pei, Q., Shen, Y., Sun, C..  2018.  Log-based Anomalies Detection of MANETs Routing with Reasoning and Verification. 2018 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC). :240–246.

Routing security plays an important role in Mobile Ad hoc Networks (MANETs). Despite many attempts to improve its security, the routing procedure of MANETs remains vulnerable to attacks. Existing approaches offer support for detecting attacks or debugging in different routing phases, but many of them have not considered the privacy of the nodes during the anomalies detection, which depend on the central control program or a third party to supervise the whole network. In this paper, we present an approach called LAD which uses the raw logs of routers to construct control a flow graph and find the existing communication rules in MANETs. With the reasoning rules, LAD can detect both active and passive attacks launched during the routing phase. LAD can also protect the privacy of the nodes in the verification phase with the specific Merkle hash tree. Without deploying any special nodes to assist the verification, LAD can detect multiple malicious nodes by itself. To show that our approach can be used to guarantee the security of the MANETs, we deploy our experiment in NS3 as well as the practical router environment. LAD can improve the accuracy rate from 2.28% to 29.22%. The results show that LAD performs limited time and memory usages, high detection and low false positives.

Ghonge, M. M., Jawandhiya, P. M., Thakare, V. M..  2018.  Reputation and trust based selfish node detection system in MANETs. 2018 2nd International Conference on Inventive Systems and Control (ICISC). :661–667.

With the progress over technology, it is becoming viable to set up mobile ad hoc networks for non-military services as like well. Examples consist of networks of cars, law about communication facilities into faraway areas, and exploiting the solidity between urban areas about present nodes such as cellular telephones according to offload or otherwise keep away from using base stations. In such networks, there is no strong motive according to assume as the nodes cooperate. Some nodes may also be disruptive and partial may additionally attempt according to save sources (e.g. battery power, memory, CPU cycles) through “selfish” behavior. The proposed method focuses on the robustness of packet forwarding: keeping the usual packet throughput over a mobile ad hoc network in the rear regarding nodes that misbehave at the routing layer. Proposed system listen at the routing layer or function no longer try after address attacks at lower layers (eg. jamming the network channel) and passive attacks kind of eavesdropping. Moreover such functionate now not bear together with issues kind of node authentication, securing routes, or message encryption. Proposed solution addresses an orthogonal problem the encouragement concerning proper routing participation.

Umar, M., Sabo, A., Tata, A. A..  2018.  Modified Cooperative Bait Detection Scheme for Detecting and Preventing Cooperative Blackhole and Eavesdropping Attacks in MANET. 2018 International Conference on Networking and Network Applications (NaNA). :121–126.

Mobile ad-hoc network (MANET) is a system of wireless mobile nodes that are dynamically self-organized in arbitrary and temporary topologies, that have received increasing interest due to their potential applicability to numerous applications. The deployment of such networks however poses several security challenging issues, due to their lack of fixed communication infrastructure, centralized administration, nodes mobility and dynamic topological changes, which make it susceptible to passive and active attacks such as single and cooperative black hole, sinkhole and eavesdropping attacks. The mentioned attacks mainly disrupt data routing processes by giving false routing information or stealing secrete information by malicious nodes in MANET. Thus, finding safe routing path by avoiding malicious nodes is a genuine challenge. This paper aims at combining the existing cooperative bait detection scheme which uses the baiting procedure to bait malicious nodes into sending fake route reply and then using a reverse tracing operation to detect the malicious nodes, with an RSA encryption technique to encode data packet before transmitting it to the destination to prevent eavesdropper and other malicious nodes from unauthorized read and write on the data packet. The proposed work out performs the existing Cooperative Bait Detection Scheme (CBDS) in terms of packet delivery ratio, network throughput, end to end delay, and the routing overhead.

Zalte, S. S., Ghorpade, V. R..  2018.  Intrusion Detection System for MANET. 2018 3rd International Conference for Convergence in Technology (I2CT). :1–4.

In Mobile Ad-hoc Network (MANET), we cannot predict the clear picture of the topology of a node because of its varying nature. Without notice participation and departure of nodes results in lack of trust relationship between nodes. In such circumstances, there is no guarantee that path between two nodes would be secure or free of malicious nodes. The presence of single malicious node could lead repeatedly compromised node. After providing security to route and data packets still, there is a need for the implementation of defense mechanism that is intrusion detection system(IDS) against compromised nodes. In this paper, we have implemented IDS, which defend against some routing attacks like the black hole and gray hole successfully. After measuring performance we get marginally increased Packet delivery ratio and Throughput.

2019-03-22
Obert, J., Chavez, A., Johnson, J..  2018.  Behavioral Based Trust Metrics and the Smart Grid. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :1490-1493.

To ensure reliable and predictable service in the electrical grid it is important to gauge the level of trust present within critical components and substations. Although trust throughout a smart grid is temporal and dynamically varies according to measured states, it is possible to accurately formulate communications and service level strategies based on such trust measurements. Utilizing an effective set of machine learning and statistical methods, it is shown that establishment of trust levels between substations using behavioral pattern analysis is possible. It is also shown that the establishment of such trust can facilitate simple secure communications routing between substations.

2019-03-11
Raj, R. V., Balasubramanian, K., Nandhini, T..  2018.  Establishing Trust by Detecting Malicious Nodes in Delay Tolerant Network. 2018 2nd International Conference on Trends in Electronics and Informatics (ICOEI). :1385–1390.
A Network consists of many nodes among which there may be a presence of misbehavior nodes. Delay Tolerant Network (DTN) is a network where the disconnections occur frequently. Store, carry and forward method is followed in DTN. The serious threat against routing in DTN is the selfish behavior. The main intention of selfish node is to save its own energy. Detecting the selfish node in DTN is very difficult. In this paper, a probabilistic misbehavior detection scheme called MAXTRUST has been proposed. Trusted Authority (TA) has been introduced in order to detect the behavior of the nodes periodically based on the task, forwarding history and contact history evidence. After collecting all the evidences from the nodes, the TA would check the inspection node about its behavior. The actions such as punishment or compensation would be given to that particular node based on its behavior. The TA performs probabilistic checking, in order to ensure security at a reduced cost. To further improve the efficiency, dynamic probabilistic inspection has been demonstrated using game theory analysis. The simulation results show the effectiveness and efficiency of the MAXTRUST scheme.
2019-03-04
Han, C., Zhao, C., Zou, Z., Tang, H., You, J..  2018.  PATIP-TREE: An Efficient Method to Look up the Network Address Attribution Information. 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :466–473.
The IP address attribution information includes the geographical information, the network routing information, the agency information, Internet Content Provider (ICP) information, etc. Nowadays, the attribution information is important to the network traffic engineering, which needs to be obtained in real time in network traffic analysis system. The existing proposed methods for IP address attribution information lookup cannot be employed in actual systems efficiently due to their low scalability or bad performance. They cannot address the backbone network's requirements for real-time IP address attribution information lookup, and most lookup methods do not support custom IP address attribution lookup. In response to these challenges, we propose a novel high-speed approach for IP address attribution information lookup. We first devise a data structure of IP address attribution information search tree (PATIP-TREE) to store custom IP address attribution information. Based on the PATIP-TREE, an effective algorithm for IP information lookup is proposed, which can support custom IP addresses attribution information lookup in real time. The experimental results show that our method outperforms the existing methods in terms of higher efficiency. Our approach also provides high scalability, which is suitable for many kinds network address such as IPv4 address, IPv6 address, named data networking address, etc.
2019-01-21
Sangeetha, V., Kumar, S. S..  2018.  Detection of malicious node in mobile ad-hoc network. 2018 International Conference on Power, Signals, Control and Computation (EPSCICON). :1–3.
In recent years, the area of Mobile Ad-hoc Net-work(MANET) has received considerable attention among the research community owing to the advantages in its networking features as well as solving the unsolved issues in it. One field which needs more security is the mobile ad hoc network. Mobile Ad-hoc Network is a temporary network composed of mobile nodes, connected by wireless links, without fixed infrastructure. Network security plays a crucial role in this MANET and the traditional way of protecting the networks through firewalls and encryption software is no longer effective and sufficient. In order to provide additional security to the MANET, intrusion detection mechanisms should be added. In this paper, selective acknowledgment is used for detecting malicious nodes in the Mobile ad-hoc network is proposed. In this paper we propose a novel mechanism called selective acknowledgment for solving problems that airse with Adaptive ACKnowledgment (AACK). This mechanism is an enhancement to the AACK scheme where its Packet delivery ration and detection overhead is reduced. NS2 is used to simulate and evaluate the proposed scheme and compare it against the AACK. The obtained results show that the selective acknowledgment scheme outperforms AACK in terms of network packet delivery ratio and routing overhead.
2019-01-16
Popalyar, F., Yaqini, A..  2018.  A trust model based on evidence-based subjective logic for securing wireless mesh networks. 2018 21st Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN). :1–5.
Wireless Mesh Network (WMN) is a promising networking technology, which is cost effective, robust, easily maintainable and provides reliable service coverage. WMNs do not rely on a centralized administration and have a distributed nature in which nodes can participate in routing packets. Such design and structure makes WMNs vulnerable to a variety of security threats. Therefore, to ensure secure route discovery in WMNs, we propose a trust model which is based on Evidence- Based Subjective Logic (EBSL). The proposed trust model computes trust values of individual nodes and manages node reputation. We use watchdog detection mechanism to monitor selfish behavior in the network. A node's final trust value is calculated by aggregating the nodes direct and recommendation trust information. The proposed trust model ensures secure routing of packets by avoiding paths with untrusted nodes. The trust model is able to detect selfish behavior such as black-hole and gray-hole attacks.
2018-06-20
Chowdhury, S. K., Sen, M..  2017.  Attacks and mitigation techniques on mobile ad hoc network \#x2014; A survey. 2017 International Conference on Trends in Electronics and Informatics (ICEI). :11–18.

A mobile ad hoc network is a type of ad hoc network in which node changes it locations and configures them. It uses wireless medium to communicate with other networks. It also does not possess centralized authority and each node has the ability to perform some tasks. Nodes in this type of network has a routing table depending on which it finds the optimal way to send packets in forward direction but link failure should be updated in node table to encompass that. In civilian environment like meeting rooms, cab networking etc, in military search and rescue operations it has huge application.

Verma, R., Sharma, R., Singh, U..  2017.  New approach through detection and prevention of wormhole attack in MANET. 2017 International conference of Electronics, Communication and Aerospace Technology (ICECA). 2:526–531.

A Local Area Network (LAN) consists of wireless mobile nodes that can communicate with each other through electromagnetic radio waves. Mobile Ad hoc Network (MANET) consists of mobile nodes, the network is infrastructure less. It dynamically self organizes in arbitrary and temporary network topologies. Security is extremely vital for MANET. Attacks pave way for security. Among all the potential attacks on MANET, detection of wormhole attack is very difficult.One malicious node receives packets from a particular location, tunnels them to a different contagious nodes situated in another location of the network and distorts the full routing method. All routes are converged to the wormhole established by the attackers. The complete routing system in MANET gets redirected. Many existing ways have been surveyed to notice wormhole attack in MANET. Our proposed methodology is a unique wormhole detection and prevention algorithm that shall effectively notice the wormhole attack in theMANET. Our notion is to extend the detection as well as the quantitative relation relative to the existing ways.

Chourasia, R., Boghey, R. K..  2017.  Novel IDS security against attacker routing misbehavior of packet dropping in MANET. 2017 7th International Conference on Cloud Computing, Data Science Engineering - Confluence. :456–460.

The MANET that is Mobile Ad hoc Network are forming a group of many nodes. They can interact with each other in limited area. All the Malicious nodes present in the MANET always disturb the usual performance of routing and that cause the degradation of dynamic performance of the network. Nodes which are malicious continuously try to stump the neighbor nodes during the process of routing as all neighbor nodes in the network merely forward the reply and response of neighboring. The intermediate nodes work is very responsible in routing procedure with continuous movement. During the work we have recommended one security scheme against the attack of packet dropping by malicious node in the network. The scheme which is recommended here will work to find attacker by using the concept of detection of link to forward the data or information between sender and receiver. The packet dropping on link, through node is detected and prevented by IDS security system. The scheme not only works to identify the nodes performing malicious activity however prevent them also. The identification of attacker is noticed by dropping of data packets in excsssessive quantity. The prevention of it can be done via choosing the alternate route somewhere the attacker performing malicious activity not available among the senders to receivers. The neighbor nodes or intermediary identify the malicious activity performer by the way of reply of malicious nodes which is confirmed. The recommended IDS system secures the network and also increases the performance after blocking malicious nodes that perform malicious activity in the network. The network performance measures in the presence of attack and secure IDS with the help of performance metrics like PDR, throughput etc. Planned secure routing improves data receiving and minimizes dropping data in network.

Patil, S. U..  2017.  Gray hole attack detection in MANETs. 2017 2nd International Conference for Convergence in Technology (I2CT). :20–26.

Networking system does not liable on static infrastructure that interconnects various nodes in identical broadcast range dynamically called as Mobile Ad-hoc Network. A Network requires adaptive connectivity due to this data transmission rate increased. In this paper, we designed developed a dynamic cluster head selection to detect gray hole attack in MANETs on the origin of battery power. MANETs has dynamic nodes so we delivered novel way to choose cluster head by self-stabilizing election algorithm followed by MD5 algorithm for security purposes. The Dynamic cluster based intrusion revealing system to detect gray hole attack in MANET. This Architecture enhanced performance in terms of Packet delivery ratio and throughput due to dynamic cluster based IDS, associating results of existing system with proposed system, throughput of network increased, end to end delay and routing overhead less compared with existing system due to gray hole nodes in the MANET. The future work can be prolonged by using security algorithm AES and MD6 and also by including additional node to create large network by comparing multiple routing protocol in MANETs.

Ansari, A., Waheed, M. A..  2017.  Flooding attack detection and prevention in MANET based on cross layer link quality assessment. 2017 International Conference on Intelligent Computing and Control Systems (ICICCS). :612–617.

Mobile Ad hoc Network (MANET) is one of the most popular dynamic topology reconfigurable local wireless network standards. Distributed Denial of Services is one of the most challenging threats in such a network. Flooding attack is one of the forms of DDoS attack whereby certain nodes in the network miss-utilizes the allocated channel by flooding packets with very high packet rate to it's neighbors, causing a fast energy loss to the neighbors and causing other legitimate nodes a denial of routing and transmission services from these nodes. In this work we propose a novel link layer assessment based flooding attack detection and prevention method. MAC layer of the nodes analyzes the signal properties and incorporated into the routing table by a cross layer MAC/Network interface. Once a node is marked as a flooding node, it is blacklisted in the routing table and is communicated to MAC through Network/MAC cross layer interface. Results shows that the proposed technique produces more accurate flooding attack detection in comparison to current state of art statistical analysis based flooding attack detection by network layer.

Li, T., Ma, J., Sun, C., Wei, D., Xi, N..  2017.  PVad: Privacy-Preserving Verification for Secure Routing in Ad Hoc Networks. 2017 International Conference on Networking and Network Applications (NaNA). :5–10.

Routing security has a great importance to the security of Mobile Ad Hoc Networks (MANETs). There are various kinds of attacks when establishing routing path between source and destination. The adversaries attempt to deceive the source node and get the privilege of data transmission. Then they try to launch the malicious behaviors such as passive or active attacks. Due to the characteristics of the MANETs, e.g. dynamic topology, open medium, distributed cooperation, and constrained capability, it is difficult to verify the behavior of nodes and detect malicious nodes without revealing any privacy. In this paper, we present PVad, an approach conducting privacy-preserving verification in the routing discovery phase of MANETs. PVad tries to find the existing communication rules by association rules instead of making the rules. PVad consists of two phases, a reasoning phase deducing the expected log data of the peers, and a verification phase using Merkle Hash Tree to verify the correctness of derived information without revealing any privacy of nodes on expected routing paths. Without deploying any special nodes to assist the verification, PVad can detect multiple malicious nodes by itself. To show our approach can be used to guarantee the security of the MANETs, we conduct our experiments in NS3 as well as the real router environment, and we improved the detection accuracy by 4% on average compared to our former work.

2018-06-11
Balaji, V. S., Reebha, S. A. A. B., Saravanan, D..  2017.  Audit-based efficient accountability for node misbehavior in wireless sensor network. 2017 International Conference on IoT and Application (ICIOT). :1–10.

Wireless sensor network operate on the basic underlying assumption that all participating nodes fully collaborate in self-organizing functions. However, performing network functions consumes energy and other resources. Therefore, some network nodes may decide against cooperating with others. Node misbehavior due to selfish or malicious reasons or faulty nodes can significantly degrade the performance of mobile ad-hoc networks. To cope with misbehavior in such self-organized networks, nodes need to be able to automatically adapt their strategy to changing levels of cooperation. The problem of identifying and isolating misbehaving nodes that refuses to forward packets in multi-hop ad hoc networks. a comprehensive system called Audit-based Misbehavior Detection (AMD) that effectively and efficiently isolates both continuous and selective packet droppers. The AMD system integrates reputation management, trustworthy route discovery, and identification of misbehaving nodes based on behavioral audits. AMD evaluates node behavior on a per-packet basis, without employing energy-expensive overhearing techniques or intensive acknowledgment schemes. AMD can detect selective dropping attacks even if end-to-end traffic is encrypted and can be applied to multi-channel networks.

Rohmah, Y. N., Sudiharto, D. W., Herutomo, A..  2017.  The performance comparison of forwarding mechanism between IPv4 and Named Data Networking (NDN). Case study: A node compromised by the prefix hijack. 2017 3rd International Conference on Science in Information Technology (ICSITech). :302–306.

Named Data Networking (NDN) is a new network architecture design that led to the evolution of a network architecture based on data-centric. Questions have been raised about how to compare its performance with the old architecture such as IP network which is generally based on Internet Protocol version 4 (IPv4). Differs with the old one, source and destination addresses in the delivery of data are not required on the NDN network because the addresses function is replaced by a data name (Name) which serves to identify the data uniquely. In a computer network, a network routing is an essential factor to support data communication. The network routing on IP network relies only on Routing Information Base (RIB) derived from the IP table on the router. So that, if there is a problem on the network such as there is one node exposed to a dangerous attack, the IP router should wait until the IP table is updated, and then the routing channel is changed. The issue of how to change the routing path without updating IP table has received considerable critical attention. The NDN network has an advantage such as its capability to execute an adaptive forwarding mechanism, which FIB (Forwarding Information Base) of the NDN router keeps information for routing and forwarding planes. Therefore, if there is a problem on the network, the NDN router can detect the problem more quickly than the IP router. The contribution of this study is important to explain the benefit of the forwarding mechanism of the NDN network compared to the IP network forwarding mechanism when there is a node which is suffered a hijack attack.

Wu, D., Xu, Z., Chen, B., Zhang, Y..  2017.  Towards Access Control for Network Coding-Based Named Data Networking. GLOBECOM 2017 - 2017 IEEE Global Communications Conference. :1–6.

Named Data Networking (NDN) is a content-oriented future Internet architecture, which well suits the increasingly mobile and information-intensive applications that dominate today's Internet. NDN relies on in-network caching to facilitate content delivery. This makes it challenging to enforce access control since the content has been cached in the routers and the content producer has lost the control over it. Due to its salient advantages in content delivery, network coding has been introduced into NDN to improve content delivery effectiveness. In this paper, we design ACNC, the first Access Control solution specifically for Network Coding-based NDN. By combining a novel linear AONT (All Or Nothing Transform) and encryption, we can ensure that only the legitimate user who possesses the authorization key can successfully recover the encoding matrix for network coding, and hence can recover the content being transmitted. In addition, our design has two salient merits: 1) the linear AONT well suits the linear nature of network coding; 2) only one vector of the encoding matrix needs to be encrypted/decrypted, which only incurs small computational overhead. Security analysis and experimental evaluation in ndnSIM show that our design can successfully enforce access control on network coding-based NDN with an acceptable overhead.

2018-05-09
Ameur, S. B., Smaoui, S., Zarai, F..  2017.  Visiting Mobile Node Authentication Protocol for Proxy MIPv6-Based NEtwork MObility. 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA). :1314–1321.

NEtwork MObility (NEMO) has gained recently a lot of attention from a number of standardization and researches committees. Although NEMO-Basic Support Protocol (NEMO-BSP) seems to be suitable in the context of the Intelligent Transport Systems (ITS), it has several shortcomings, such as packets loss and lack of security, since it is a host-based mobility scheme. Therefore, in order to improve handoff performance and solve these limitations, schemes adapting Proxy MIPv6 for NEMO have been appeared. But the majorities did not deal with the case of the handover of the Visiting Mobile Nodes (VMN) located below the Mobile Router (MR). Thus, this paper proposes a Visiting Mobile Node Authentication Protocol for Proxy MIPv6-Based NEtwork MObility which ensures strong authentication between entities. To evaluate the security performance of our proposition, we have used the AVISPA/SPAN software which guarantees that our proposed protocol is a safe scheme.

Atli, A. V., Uluderya, M. S., Tatlicioglu, S., Gorkemli, B., Balci, A. M..  2017.  Protecting SDN controller with per-flow buffering inside OpenFlow switches. 2017 IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom). :1–5.

Software Defined Networking (SDN) is a paradigm shift that changes the working principles of IP networks by separating the control logic from routers and switches, and logically centralizing it within a controller. In this architecture the control plane (controller) communicates with the data plane (switches) through a control channel using a standards-compliant protocol, that is, OpenFlow. While having a centralized controller creates an opportunity to monitor and program the entire network, as a side effect, it causes the control plane to become a single point of failure. Denial of service (DoS) attacks or even heavy control traffic conditions can easily become real threats to the proper functioning of the controller, which indirectly detriments the entire network. In this paper, we propose a solution to reduce the control traffic generated primarily during table-miss events. We utilize the buffer\_id feature of the OpenFlow protocol, which has been designed to identify individually buffered packets within a switch, reusing it to identify flows buffered as a series of packets during table-miss, which happens when there is no related rule in the switch flow tables that matches the received packet. Thus, we allow the OpenFlow switch to send only the first packet of a flow to the controller for a table-miss while buffering the rest of the packets in the switch memory until the controller responds or time out occurs. The test results show that OpenFlow traffic is significantly reduced when the proposed method is used.

2018-04-11
Jedidi, A., Mohammad, A..  2017.  History Trust Routing Algorithm to Improve Efficiency and Security in Wireless Sensor Network. 2017 14th International Multi-Conference on Systems, Signals Devices (SSD). :750–754.

Wireless sensor network (WSN) considered as one of the important technology in our days. Low-cost, low-power and multifunction based on these characteristics WSN become more and more apply in many areas. However, one of the major challenges in WSN is the security. Indeed, the usual method of security cannot be applied in WSN because the technological limit of the different components. In this context, we propose a new method to establish a secure route between the source node and the Sink node. Particularly, our method based on routing trust history table (RTH) and trust path routing algorithm (TPR). Therefore, our method offers a high level of security for the routing path with efficiency and stability in the network.