Project Title - Secure, Survivable, Jam Resistant Communications and Network Management

PI: Prof. Bharat Bhargava (CS Dempartment)

CO-PI: Michael Zoltowski (ECE Department)


A. Faculty Involved

  1. Bharat Bhargava
  2. Michael Zoltowski

B. Graduate Students Involved (Not necessarily paid from CERIAS due to use of another expiring grant fund)

C. Proposals Submitted to Funding Agencies

D. Info on any Papers or Reports written/submitted/published

1. Achieving Flexibility and Scalability: A New Architecture for Wireless Network, Y. Lu and B. Bhargava. In Proc. of International Conference on Internet Computing (IC’2001), Jun. 2001, pp 1105-1111.

We present a Hierarchical Hybrid Network architecture for wireless networks. In such a network, mobile nodes are hierarchically organized into groups. Different groups can have different routing protocols. Mobile nodes communicate with nodes outside their groups through the group agents. The groups are highly autonomous. This architecture is flexible and scalable. We conduct experiments to compare the new architecture with Ad Hoc networks. The new architecture has a more stable topology and higher throughput when the number of mobile nodes is large. The objective of our research is to set up a survivable, secure mobile wireless network.

2. Unresponsive Flow Detection and Control in Differentiated Services Networks, A. Habib and B. Bhargava. In proceedings of 13th IASTED International Conference on Parallel and Distributed Computing and Systems, Anaheim, Aug. 2001.

During periods of congestion, TCP flows back off and adjust the sending rate. This behavior makes TCP a conservative protocol and helps to avoid congestion collapse. Flows, like UDP, do not respond to congestion and keep sending packets. This causes other TCP flows sharing the same link to back off. Unresponsive flows waste resources by taking their shares in the upstream and dropping packets later when the downstream is congested. We use the Differentiated Services (DiffServ) architecture to solve this problem. With the help of core routers of DiffServ networks, we detect congestion due to unresponsive flows and using edge routers we control/shape these flows. We describe how core routers detect congestion and inform edge routers about it. We design an algorithm to regulate unresponsive flows dynamically. Our rate control algorithm works well in a variety of situations. The goal of this work is to ensure that TCP does not starve due to unresponsive flows as well as to stop bandwidth waste in the upstream path when packets are dropped in the downstream because of unresponsive flows.

3. Design and Evaluation of an Adaptive Traffic Conditioner for Differentiated Services Networks, A. Habib, S. Fahmy and Bharat Bhargava. In Proceedings of 10th IEEE International Conference on Computer Communication and Networks, Arizona, Oct. 2001, pp 90-95.

We design and evaluate an adaptive traffic conditioner to improve application performance over the differentiated services assured forwarding behavior. The conditioner is adaptive because the marking algorithm changes based upon the current number of flows traversing through an edge router. If there are a small number of flows, the conditioner maintains and uses state information to intelligently protect critical TCP packets. On the other hand, if there are many flows going through the edge router, the conditioner only uses flow characteristics as indicated in the TCP packet headers to mark without requiring per flow state. Simulation results indicate that this adaptive conditioner improves throughput of data extensive applications like large FTP transfers, and achieves low packet delays and response times for Telnet and WWW traffic.

4. An Architecture for Secure Wireless Networking, Y. Lu, B. Bhargava and M. Hefeeda. In IEEE workshop on “Reliable and Secure Application in Mobile Environment”, New Orleans, Oct. 2001. 

As wireless networks are rapidly deployed, the security of wireless environments will be mandatory. Considering the inherent security limitations of Ad Hoc networks, we propose a new architecture: Hierarchical Hybrid networks for secure wireless networking. In such a network, wireless nodes are organized into groups. We present a secure communication scheme to defend against link attacks. Secure mobility support for mobile hosts roaming among groups is also discussed. Mutual authentication is used to protect both foreign groups and mobile hosts. We propose a fault-tolerant authentication scheme to make systems survivable from agent failures. These security schemes take into account the characteristics of wireless networks.

5. A Round Trip Time and Timeout aware Traffic Conditioner for Differentiated Services Networks, A. Habib, B. Bhargava and Sonia Fahmy. Technical Report TR-01-021, Computer Science Department, Purdue University, Nov. 2001.

TCP connection throughput is inversely proportional to the connection Round Trip Time (RTT). To mitigate TCP bias to short RTT connections, a differentiated services traffic conditioner can ensure connections with long RTTs do not starve when connections with short RTTs get all extra resources after achieving the target rates. Current proposals for RTT-aware conditioners work well for a small number of connections when most TCP connections are in the congestion avoidance phase. If there is a large number of TCP connections, however, connections time-out and go to slow start. We show that current RTT-aware conditioners over-protect long RTT flows and starve short RTT flows in this case. We design and evaluate a conditioner based on RTT as well as the Retransmission Time-out (RTO). The proposed RTT-RTO aware traffic conditioner works well for realistic situations with a large number of connections. Simulation results in a variety of situations confirm that the conditioner mitigates RTT bias.

E. Public Presentations

F. Workshop Organized

Chairman of IEEE Workshop on "Reliable and Secure Application in Mobile Environment", New Orleans, Oct. 2001, Co-sponsored by CERIAS.

G. Projects Description

Large heterogeneous networks are difficult to manage and control in a secure manner. Some segments of the network can have wired infrastructure while others communicate using wireless channels. Interactions among those segments gives rise to interesting research questions in managing resources of the whole network efficiently. This project focuses on security, survivable, and management issues being necessary in large heterogeneous networks. A unique feature of this effort is to integrate the work in networking in CS with communication and signal processing in ECE.

The main thrust of the proposed research is to significantly improve the wired/wireless network management to safely and securely deliver a variety of traffic with wide range of quality of service requirements. We will focus on dynamic adjustments of network topology and communication mechanisms. This can be realized through the adaptation of the physical and link layer parameters. The second aspect of the proposed research is everything on-move nature of the wireless nodes. This introduces new threats and vulnerabilities. The spatially divergent, broadcast emanation of radio frequency waveforms that assess mobility can expose the system through interception and exploitation by an intelligent adversary via spoofing and other measures. The control messages that are needed to accommodate dynamic traffic and topology of tactical users are susceptible. In addition, distributed attacks are likely when both users and adversaries are on the move, posing extreme challenges for detection and mitigation. Secure jam resistant communications are crucial in order to achieve the military as well as communication industry needs of rapidly deploying large wireless network over wide areas. We will inspect different jam resistant protocols and methods to decrease the vulnerability of wireless channels to intelligent jamming.