Mobile Ad Hoc Networks (MANETs) provide rapidly deployable and self-configuring network capacity required in many critical applications, e.g., battlefields, disaster relief and wide area sensing. In this paper we study the problem of efficient data delivery in sparse MANETs where network partitions can last for a significant period. Previous approaches rely on the use of either long range communication which leads to rapid draining of nodes ’ limited batteries, or existing node mobility which results in low data delivery rates and large delays. In this paper, we describe a Message Ferrying (MF) approach to address the problem. MF is a mobility-assisted approach which utilizes a set of special mobile nodes called message ferries (or ferries for short) to provide communication service for nodes in the deployment area. The main idea behind the MF approach is to introduce non-randomness in the movement of nodes and exploit such non-randomness to help deliver data. We study two variations of MF, depending on whether ferries or nodes initiate proactive movement. The MF design exploits mobility to improve data delivery performance and reduce energy consumption in nodes. We evaluate the performance of MF via extensive ns simulations which confirm the MF approach is efficient in both data delivery and energy consumption under a variety of network conditions.

Current mechanisms for authenticating communication between devices that share no prior context are inconvenient for ordinary users, without the assistance of a trusted authority. We present and analyze Seeing-Is-Believing, a system that utilizes 2D barcodes and cameraphones to implement a visual channel for authentication and demonstrative identification of devices. We apply this visual channel to several problems in computer security, including authenticated key exchange between devices that share no prior context, establishment of a trusted path for configuration of a TCG-compliant computing platform, and secure device configuration in the context of a smart home. 1.

In this paper we present SECTOR, a set of mechanisms for the secure verification of the time of encounters between nodes in multi-hop wireless networks. This information can be used notably to prevent wormhole attacks (without requiring any clock synchronization), to secure routing protocols based on last encounters (with only loose clock synchronization) , and to control the topology of the network. SECTOR is based primarily on distance-bounding techniques, on one-way hash chains and on Merkle hash trees. We analyze the communication, computation and storage complexity of the proposed mechanisms and we show that, due to their efficiency and simplicity, they are compliant with the limited resources of most mobile devices.

Authentication of communication channels between devices that lack any previous association is an challenging problem. It has been considered in many contexts and in various flavors, most recently, by McCune et al., where human-assisted device authentication is achieved through the use of photo cameras (present in some cellphones) and 2-dimensional barcodes. Their proposed Seeing-is-Believing system allows users with devices equipped with cameras to use the visual channel for authentication of unfamiliar devices, so as to defeat man-inthe-middle attacks. In this paper, we investigate an alternative and complementary approach—the use of the audio channel for humanassisted authentication of previously un-associated devices. Our motivation is three-fold: (1) many personal devices are not equipped with cameras or scanners, (2) some human users are visually impaired (hence, cannot be in the authentication pipeline of a vision-based system), and (3) some usage scenarios preclude either taking a sufficiently clear picture and/or the use of barcodes. We develop and evaluate a system we call Loud-and-Clear (L&C) authentication, which, like Seeing-is-Believing, places little demand on the human user. The L&C system is based on the use of a text-to-speech engine to read an auditoriallyrobust, grammatically-correct pass-phrase derived from an authentication string that is to be used by peer devices. In particular, by coupling the auditory reading of the one-way hash of an authentication string on one device with the display of of this text on another device, we demonstrate that L&C is suitable for secure device pairing (e.g., key exchange) and similar tasks. We also describe several use cases, as well as provide some performance data for a prototype implementation and a discussion of the security properties of L&C. 1

An authentication service is one of the the most fundamental building blocks for providing communication security. In this paper, we present the MOCA (MObile Certificate Authority) key management framework designed to provide authentication service for ad hoc wireless networks. MOCA is a distributed certificate authority (CA) based on threshold cryptography. We present a set of guidelines for a secure configuration of threshold cryptography to maintain strong security. MOCA utilizes a carefully selected set of mobile nodes to function as a collective certificate authority while the MOCA nodes are kept anonymous. Equipped with a novel routing protocol designed to support the unique communication pattern for certification traffic, MOCA achieves high availability without sacrificing security. Both the security of the framework and the operational performance is evaluated with rigorous analysis and extensive simulation study. 1

Abstract. Recent research has shown that using a mobile element to collect and carry data mechanically from a sensor network has many advantages over static multihop routing. We have an implementation as well employing a single mobile element. But the network scalability and traffic may make a single mobile element insufficient. In this paper we investigate the use of multiple mobile elements. In particular, we present load balancing algorithm which tries to balance the number of sensor nodes each mobile element services. We show by simulation the benefits of load balancing. 1

Restricting network access of routing and packet forwarding to well-behaving nodes, and denying access from misbehaving nodes are critical for the proper functioning of a mobile ad-hoc network where cooperation among all networking nodes is usually assumed. However, the lack of a network infrastructure, the dynamics of the network topology and node membership, and the potential attacks from inside the network by malicious and/or non-cooperative selfish nodes make the conventional network access control mechanisms not applicable. We present URSA, a ubiquitous and robust access control solution for mobile ad-hoc networks. URSA implements ticket certification services through multiple-node consensus and fully localized instantiation, and uses tickets to identify and grant network access to well-behaving nodes. In URSA, no single node monopolizes the access decision or is completely trusted, and multiple nodes jointly monitor a local node and certify/revoke its ticket. Furthermore, URSA ticket certification services are fully localized into each node's neighborhood to ensure service ubiquity and resilience. Through analysis, simulations and experiments, we show that our design effectively enforces access control in the highly dynamic, mobile ad-hoc network.

This paper presents Virgil, an automatic access point discovery and selection system. Unlike existing systems that select access points based entirely on received signal strength, Virgil scans for all available APs at a location, quickly associates to each, and runs a battery of tests to estimate the quality of each AP’s connection to the Internet. Virgil also probes for blocked or redirected ports, to guide AP selection in favor of preserving application services that are currently in use. Results of our evaluation across five neighborhoods in three cities show Virgil finds a usable connection from 22% to 100 % more often than selecting based on signal strength alone. By caching AP test results, Virgil both improves performance and success rate. Our overhead is acceptable and is shown to be faster than manually selecting an AP with Windows XP.

Abstract—Within the realm of network security, we interpret the concept of trust as a relation among entities that participate in various protocols. Trust relations are based on evidence created by the previous interactions of entities within a protocol. In this work, we are focusing on the evaluation of trust evidence in ad hoc networks. Because of the dynamic nature of ad hoc networks, trust evidence may be uncertain and incomplete. Also, no preestablished infrastructure can be assumed. The evaluation process is modeled as a path problem on a directed graph, where nodes represent entities, and edges represent trust relations. We give intuitive requirements and discuss design issues for any trust evaluation algorithm. Using the theory of semirings, we show how two nodes can establish an indirect trust relation without previous direct interaction. We show that our semiring framework is flexible enough to express other trust models, most notably PGP’s Web of Trust. Our scheme is shown to be robust in the presence of attackers. Index Terms—Trust evaluation, trust metric, trust model, semiring. I.

We investigate secure routing in ad hoc networks in which security associations exist only between a subset of all pairs of nodes. We focus on source routing protocols. We show that to establish secure routes, it is in general not necessary that security associations exist between all pairs of nodes; a fraction of security associations is su#cient. We analyze the performance of existing proposals for secure routing in such conditions. We also propose a new protocol, designed specifically for ad hoc networks with an incomplete set of security associations between the nodes. We call this protocol BISS: a protocol for Building Secure Routing out of an Incomplete Set of Security Associations. We present a detailed analysis of this protocol, based on simulations, and show that it can be as secure as the existing proposals that rely on a complete set of security associations.