Showing papers by "Thomas Clausen published in 2010"

Système Hydrologique Europeén (SHE): review and perspectives after 30 years development in distributed physically-based hydrological modelling

Abstract: The European Hydrological System (or Systeme Hydrologique Europeen , SHE) was initiated as a collaborative venture in 1976 between the Danish Hydraulic Institute (Denmark), Institute of Hydrology (UK) and SOGREAH (France). The present paper reviews the development history of the SHE and discusses the practical and scientific difficulties encountered during the different stages of the development. Comparison is made with eight other well-known model codes with respect to development stage and code dissemination among researchers and practitioners. Finally, the scientific developments and disputes on physically-based distributed modelling are discussed and the future perspectives outlined. The SHE venture has resulted in significant contributions to hydrological science, both in terms of model codes and new scientific insight. The fundamental scientific problems related to the inability to incorporate local scale spatial heterogeneity, scaling and uncertainty that were formulated are fundamentally still unresolved. Thus, in spite of the original visions, the hydrological community has not yet witnessed a model that in a universal sense (i.e. at all scales and for all internal variables) simulates accurate results for the right reasons. Instead, much of the scientific progress achieved during the recent years has dealt with how to live with these recognized problems.

Comparative study of RPL-enabled optimized broadcast in Wireless Sensor Networks

Abstract: Recent trends have suggested convergence to Wireless Sensor Networks (WSNs) becoming IPv6-based. To this effect, the Internet Engineering Task Force has chartered a Working Group to develop a routing protocol specification, enabling IPv6-based multi-hop WSNs. The current effort of this working group is development of a unicast routing protocol denoted RPL. RPL constructs a “DAG-like” logical structure with a single root, at which the majority of the traffic flows terminate, and assumes restrictions on network dynamics and traffic generality, in order to satisfy strict constraints on router state and processing. This paper investigates the efficient network-wide broadcast mechanisms in WSNs, using the logical structure already established by RPL. The aim hereof is to impose minimal additional state requirements on WSN routers, beyond that already maintained by RPL. This paper presents a selection of such broadcast mechanisms for RPL routed WSNs, and evaluates their performances. As part of this evaluation, the paper compares with MPR Flooding - an established efficient flooding optimization, widely used in MANETs.

Security issues in the optimized link state routing protocol version 2 (olsr v2)

Abstract: Mobile Ad hoc NETworks (MANETs) are leaving the confines of research laboratories, to find place in real-world deployments. Outside specialized domains (military, vehicular, etc.), city-wide communitynetworks are emerging, connecting regular Internet users with each other, and with the Internet, via MANETs. Growing to encompass more than a handful of “trusted participants”, the question of preserving the MANET network connectivity, even when faced with careless or malicious participants, arises, and must be addressed. A first step towards protecting a MANET is to analyze the vulnerabilities of the routing protocol, managing the connectivity. By understanding how the algorithms of the routing protocol operate, and how these can be exploited by those with ill intent, countermeasures can be developed, readying MANETs for wider deployment and use. This paper takes an abstract look at the algorithms that constitute the Optimized Link State Routing Protocol version 2 (OLSRv2), and identifies for each protocol element the possible vulnerabilities and attacks – in a certain way, provides a “cookbook” for how to best attack an operational OLSRv2 network, or for how to proceed with developing protective countermeasures against these attacks.

Security Issues in the Optimized Link State Routing Protocol version 2 (OLSRv2)

Abstract: Mobile Ad hoc NETworks (MANETs) are leaving the confines of research laboratories, to find place in real-world deployments. Outside specialized domains (military, vehicular, etc.), city-wide community-networks are emerging, connecting regular Internet users with each other, and with the Internet, via MANETs. Growing to encompass more than a handful of ``trusted participants'', the question of preserving the MANET network connectivity, even when faced with careless or malicious participants, arises, and must be addressed. A first step towards protecting a MANET is to analyze the vulnerabilities of the routing protocol, managing the connectivity. By understanding how the algorithms of the routing protocol operate, and how these can be exploited by those with ill intent, countermeasures can be developed, readying MANETs for wider deployment and use. This memorandum takes an abstract look at the algorithms that constitute the Optimized Link State Routing Protocol version 2 (OLSRv2), and identifies for each protocol element the possible vulnerabilities and attacks -- in a certain way, provides a ``cookbook'' for how to best attack an operational OLSRv2 network, or for how to proceed with developing protective countermeasures against these attacks.

Multipoint-to-Point and Broadcast in RPL

Abstract: Recent trends in Wireless Sensor Networks (WSNs) have suggested converging to such being IPv6-based. To this effect, the Internet Engineering Task Force has chartered a Working Group to develop a routing protocol specification, enabling IPv6-based multi-hop Wireless Sensor Networks. This routing protocol, denoted RPL, has been under development for approximately a year, and this paper takes a critical look at the state of advancement hereof: it provides a brief algorithmic description of the protocol, and discusses areas where -- in the authors view -- further efforts are required in order for the protocol to become a viable candidate for general use in WSNs. Among these areas is the lack of a proper broadcast mechanism. This paper suggests two such broadcast mechanisms, both aiming at (i) exploiting the existing routing state of RPL, while (ii) requiring no additional state maintenance, and studies the performance of RPL and of these suggested mechanisms.

IPv6 operation for WAVE — Wireless Access in Vehicular Environments

Abstract: The IEEE WAVE protocol suite is providing communications services to applications in vehicular networks, by way of promising support for two protocol stacks: the Wave Short Message Protocol (WSMP) and IPv6. While WSMP is developed within the IEEE 1609 family of standards, the authors of this paper assert, that considerations for IPv6 operation for WAVE are less developed, and several issues are left unaddressed by the current IEEE 1609 specifications. This paper reviews these issues and analyzes the main challenges in providing proper IPv6 operation for WAVE networks.

Vulnerability analysis of the optimized link state routing protocol version 2 (OLSRv2)

Abstract: Mobile Ad hoc NETworks (MANETs) are leaving the confines of research laboratories, to find place in real-world deployments. Outside specialized domains (military, vehicular, etc.), citywide community-networks are emerging, connecting regular Internet users with each other, and with the Internet, via MANETs. Growing to encompass more than a handful of “trusted participants”, the question of preserving the MANET network connectivity, even when faced with careless or malicious participants, arises, and must be addressed.

Digital Signatures for Admittance Control in the Optimized Link State Routing Protocol Version 2

Abstract: Public community Mobile Ad Hoc NETworks (MANETs), such as the "Funkfeuer" or "Freifunk" networks, scale up to several hundreds of routers, connecting users with each other, and with the Internet. As MANETs are typically operated over wireless channels (e.g. WiFi), access to these networks is granted to anyone in the radio range of another router in the MANET, and running the same MANET routing protocol. In order to protect the stability of the networks from malicious intruders, it is important to ensure that only trusted peers are admitted to participate in the control message exchange, and to provide means for logically "disconnecting" a non-trustworthy peer. This paper presents the concept of admittance control for the Optimized Link State Routing Protocol version 2 (OLSRv2), and suggests a security extension based on digital signatures. Due to the flexible message format of OLSRv2, this extension keeps compatibility with the core OLSRv2 specification. Several standard digital signature algorithms (RSA, DSA, ECDSA), as well as HMAC, are compared in terms of message overhead and CPU time for generating and processing signatures.

Router and Link Admittance Control in the Optimized Link State Routing Protocol Version 2 (OLSRv2)

Abstract: This paper presents security mechanisms for router and link admittance control in OLSRv2. Digitally signing OLSRv2 control messages allows recipient routers to - individually - choose to admit or exclude the originating router for when populating link-state databases, calculating MPR sets etc. By additionally embedding signatures for each advertised link, recipient routers can also control admittance of each advertised link in the message, rendering an OLSRv2 network resilient to both identity-spoofing and link-spoofing attacks. The flip-side of the coin when using such a link-admittance mechanism is, that the number of signatures to include in each OLSRv2 control message is a function of the number of links advertised. For HELLO messages, this is essentially the number of neighbor routers, for TC messages, this is the number of MPR Selectors of the originator of the message. Also, upon receipt of a control message, these signatures are to be verified. This paper studies the impact of adding a link-admittance control mechanism to OLSRv2, both in terms of additional control-traffic overhead and additional in-router processing resources, using several cryptographic algorithms, such as RSA and Elliptic Curve Cryptography for very short signatures.

MANET network management and performance monitoring for NHDP and OLSRv2

Abstract: Mobile Ad Hoc NETworks (MANETs) are generally thought of as infrastructureless and largely “un-managed” network deployments, capable of accommodating highly dynamic network topologies. Yet, while the network infrastructure may be “un-managed”, monitoring the network performance and setting configuration parameters once deployed, remains important in order to ensure proper “tuning” and maintenance of a MANET. This paper describes a management framework for the MANET routing protocol OLSRv2, and its constituent protocol NHDP. It does so by presenting considerations for “what to monitor and manage” in an OLSRv2 network, and how. The approach developed is based on the Simple Network Management Protocol (SNMP), and thus this paper details the various Management Information Bases (MIBs) for router status monitoring and control - as well as a novel approach to history-based performance monitoring. While SNMP may not be optimally designed for MANETs, it is chosen due to it being the predominant protocol for IP network management - and thus, efforts are made in this paper to “adapt” the management tools within the SNMP framework for reasonable behavior also in a MANET environment.

Yet Another Autoconf Proposal (YAAP) for Mobile Ad Hoc NETworks

Abstract: This paper addresses the issues of automatic address and prefix configuration of MANET routers. Specifically, the paper analyzes the differences between “classic IP networks” and MANETs, emphasizing the interface, link, topology, and addressing assumptions present in “classic IP networks”. The paper presents a model for how this can be matched to the specific constraints and conditions of a MANET – i.e., how MANETs can be configured to adhere to the Internet addressing architecture. This sets the stage for development of a MANET autoconfiguration protocol, enabling automatic configuration of MANET interfaces and prefix delegation. This autoconfiguration protocol is characterized by (i) adhering strictly to the Internet addressing architecture, (ii) being able to configure both MANET interface addresses and handle prefix delegation, and (iii) being able to configure both stand-alone MANETs, as well as MANETs connected to an infrastructure providing, e.g., globally scoped addresses/prefixes for use within the MANET. The protocol is specified through timed automatons which, by way of model checking, enable verification of certain protocol properties. Furthermore, a performance study of the basic protocol, as well as of various optimization and extensions hereto, is conducted based on network simulations.

Security Issues in the Optimized Link State Routing Protocol Version 2 (OLSRV2)

Abstract: Mobile Ad hoc NETworks (MANETs) are leaving the confines of research laboratories, to find place in real-world deployments. Outside specialized domains (military, vehicular, etc.), city-wide communitynetworks are emerging, connecting regular Internet users with each other, and with the Internet, via MANETs. Growing to encompass more than a handful of "trusted participants", the question of preserving the MANET network connectivity, even when faced with careless or malicious participants, arises, and must be addressed. A first step towards protecting a MANET is to analyze the vulnerabilities of the routing protocol, managing the connectivity. By understanding how the algorithms of the routing protocol operate, and how these can be exploited by those with ill intent, countermeasures can be developed, readying MANETs for wider deployment and use. This paper takes an abstract look at the algorithms that constitute the Optimized Link State Routing Protocol version 2 (OLSRv2), and identifies for each protocol element the possible vulnerabilities and attacks -- in a certain way, provides a "cookbook" for how to best attack an operational OLSRv2 network, or for how to proceed with developing protective countermeasures against these attacks.

Study of Multipoint-to-Point and Broadcast Traffic Performance in RPL

Abstract: Recent trends in Wireless Sensor Networks (WSNs) have suggested converging to such being IPv6-based. to this effect, the Internet Engineering Task Force has chartered a Working Group to develop a routing protocol specification, enabling IPv6-based multi-hop Wireless Sensor Networks. This routing protocol, denoted RPL, has been under development for approximately a year, and this memorandum takes a critical look at the state of advancement hereof: it provides a brief algorithmic description of the protocol, and discusses areas where -- in the authors view -- further efforts are required in order for the protocol to become a viable candidate for general use in WSNs. Among these areas is the lack of a proper broadcast mechanism. This memorandum suggests two such broadcast mechanisms, both aiming at (i) exploiting the existing routing state of RPL, while (ii) requiring no additional state maintenance, and studies the performance of RPL and of these suggested mechanisms.

Comparison of NHDP and MHVB for Neighbor Discovery in Multi-hop Ad Hoc Networks

Abstract: This document compares two protocols, MHVB and NHDP. While both protocols are intended for wireless multi-hop ad hoc networks, they differ fundamentally, both in operation and in purpose: MHVB is a location-based, general-purpose transport protocol for network wide information dissemination, whereas NHDP is a protocol enabling a router to acquire information describing its local network topology up to two hops away. Different as they may seem, these two protocols can, in certain situations, serve the same purpose. For example, MHVB can be employed by an ad hoc routing protocol in place of NHDP, for dissemination of topological information when location information is available. Similarly, NHDP may be used to carry certain location-based information, in place of MHVB. This document examines the viability of NHDP and MHVB for neighborhood discovery, and analyses their performance as such. Aside from the usual set of performance parameters, special interest is accorded to the "freshness" of neighborhood information, obtained through each of the protocols.