title = { Protocols and Models for the Security of Wireless Ad-Hoc Networks },
author = {Jamet, Raphael},
month = {Oct},
year = {2014},
school = {Verimag, Univ. Grenoble Alpes},
team = {DCS},
abstract = {In this document, we focus on ways of increasing the security of wireless ad-hoc networks. These networks, and more specifically wireless sensor networks, look increasingly like the right answer to a lot of problem, such as data collection over a large area, or providing emergency network infrastructure after a disaster. They are also inherently exposed to malicious intents due to their collaborative nature. In order to protect them, we focus on the security aspects of the protocols built for these networks. We first propose a Secure and Resilient Reputation-based Routing protocol, called SR3. This protocol routes messages according to a reputation metric built using only trusted information. This protocol achieves data confidentiality and data packet unforgeability, which we prove formally using two verification tools: CryptoVerif and Scyther. We use Sinalgo, an event-driven network simulator to run an experimental evaluation of SR3, and we compared our results to several routing algorithms of the literature. This evaluation shows that both the resiliency and fairness accomplished by SR3 are better than for those others protocols, especially when the network is sparse. Moreover, and unlike previous solutions, if the compromised nodes behavior changes, then SR3 will self-adapt in order to ensure an acceptable quality of service. Analyses of routing protocols security are nearly always supported by simulations, which often evaluate the ability to deliver messages to a given destination. Several competing definitions for secure routing exist, but to our knowledge, they only address source routing protocols. We propose the notion of incorruptibility, a quantitative computational definition for routing security based on the attacker's ability to alter the routes used by messages. These definitions are then illustrated with several routing algorithms. Finally, we study Intrusion Detection Systems (IDS) for WANET, and more specifically their inputs. These systems provide a supplementary layer of defenses for WANET, and they are able to easily detect attacks who are complicated for the network protocols. We classify the different inputs used by the decision process of these IDS, according to their level of required cooperation, and the source of their data. We then propose the InDICE tool, a decision aid which, given an IDS, allows automated discovery of undetectable attacks according to the inputs used by that IDS. In the end, we apply our framework to discover weaknesses in two existing IDS.},
}
