3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication: WIDECOM 2020 [1st ed.] 9783030443719, 9783030443726

Table of contents :
Front Matter ....Pages i-xx
A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records Using Blockchain Technology (Nasim Al Goni, Sherif Saad Ahmed, Ahmed Ibrahim)....Pages 1-21
Characterizing Command and Control Channel of Mongoose Bots Over TOR (Wei Lu, Nathanael Mercaldo, Chance Tellier)....Pages 23-30
Performance Evaluation of SDN-WISE Against RPL-Based Ad-Hoc Wireless Sensor Network Using the Cooja Simulator ( Samridhi, Ramiro Liscano)....Pages 31-39
SNR-Based Multi-Head Selection and Reception Performance for IoT Clustering (Yawgeng A. Chau)....Pages 41-49
Performance Evaluation of a Traffic Surveillance Application Using iFogSim (Mluleki Sinqadu, Zelalem Sintayehu Shibeshi)....Pages 51-64
Design and Evaluation of Energy-Efficient Routing Protocols for Opportunistic Networks (Sibusiso Shabalala, Zelalem Sintayehu Shibeshi, Khuram Khalid)....Pages 65-80
Achieving QoS Upper Bounds for Various MAC Parameters in the VANET (Richa Sharma, Teek Parval Sharma, Ajay Kumar Sharma)....Pages 81-90
Secrecy Analysis of Underlay Cognitive Radio with Delayed Channel Information (Anshu Thakur, Ashok Kumar, Nitin Gupta)....Pages 91-97
Machine Learning-Based RF Jamming Classification Techniques in Wireless Ad Hoc Networks (G. S. Kasturi, Ansh Jain, Jagdeep Singh)....Pages 99-111
A Survey on Spectrum Sharing Techniques in Cognitive Radio-Based Smart Grids (Megha Gupta, Vinesh Kumar)....Pages 113-122
Security- and Location-Aware Optimal Virtual Machine Management for 5G-Driven MEC Systems (Glaucio H. S. Carvalho, Isaac Woungang, Alagan Anpalagan, Issa Traore)....Pages 123-134
Efficient Resource Utilization for High-Capacity Satellite Networks (Olugbenga Emmanuel Imole, Tom Mmbasu Walingo)....Pages 135-147
Machine Learning Based Detection of Gray-Hole Attack in Mobile Ad-Hoc Networks (Sunil Poyyagadde Rao, Deepak Devaru Joshi, Juzi Zhao)....Pages 149-158
Multi-Objective Scheduling Based on Ant Lion Optimizer in Cloud (Gaurav Arora, Prakhar Maheshwari, Sushant Aggarwal, Ritu Garg, Rama Rani)....Pages 159-169
Modified RC-4 Algorithm Against FMS Attack (Poonam Jindal, Harika Menda, Dedeepya Rongali, Shraddha)....Pages 171-181
Back Matter ....Pages 183-188

Citation preview

Lecture Notes on Data Engineering and Communications Technologies 51

Isaac Woungang Sanjay Kumar Dhurandher   Editors

3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication WIDECOM 2020

Lecture Notes on Data Engineering and Communications Technologies Volume 51

Series Editor Fatos Xhafa, Technical University of Catalonia, Barcelona, Spain

The aim of the book series is to present cutting edge engineering approaches to data technologies and communications. It will publish latest advances on the engineering task of building and deploying distributed, scalable and reliable data infrastructures and communication systems. The series will have a prominent applied focus on data technologies and communications with aim to promote the bridging from fundamental research on data science and networking to data engineering and communications that lead to industry products, business knowledge and standardisation. ** Indexing: The books of this series are submitted to SCOPUS, ISI Proceedings, MetaPress, Springerlink and DBLP **

More information about this series at http://www.springer.com/series/15362

Isaac Woungang • Sanjay Kumar Dhurandher Editors

3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication WIDECOM 2020

Editors Isaac Woungang Department of Computer Science Ryerson University Toronto, ON, Canada

Sanjay Kumar Dhurandher Department of Information Technology Netaji Subhas University of Technology New Delhi, India

ISSN 2367-4512 ISSN 2367-4520 (electronic) Lecture Notes on Data Engineering and Communications Technologies ISBN 978-3-030-44371-9 ISBN 978-3-030-44372-6 (eBook) https://doi.org/10.1007/978-3-030-44372-6 © Springer Nature Switzerland AG 2020 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG. The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

Welcome Message from WIDECOM 2020 General Co-Chairs

Welcome to the 3rd International Conference on Wireless, Intelligent, and Distributed Environment for Communication (WIDECOM 2020) The last decade has witnessed tremendous advances in computing and networking technologies, with the appearance of new paradigms such as Internet of Things (IoT) and Cloud computing, which have led to advances in wireless and intelligent systems for communications. Undoubtedly, these technological advances help improve many facets of human lives, for instance, through better healthcare delivery, faster and more reliable communications, significant gains in productivity, and so on. At the same time, the associated increasing demand for a flexible and cheap infrastructure for collecting and monitoring real-world data nearly everywhere, coupled with the aforementioned integration of wireless mobile systems and network computing raises new challenges with respect to the dependability of integrated applications and the intelligence-driven security threats against the platforms supporting these applications. The WIDECOM conference series provides a venue for researchers and practitioners to present, learn, and discuss recent advances in new dependability paradigms, design, and performance of dependable network computing and mobile systems, as well as issues related to the security of these systems. Every year, WIDECOM receives several dozen of submissions from around the world. Building on the success from last year, WIDECOM 2020 presents an exciting technical program that is the work of many volunteers. The program consists of a combination technical papers, keynotes, and tutorials. The technical papers are peer reviewed by program committee members who are all experts and researchers, through a blind process. We received a total of 36 papers this year and accepted 15 papers for inclusion in the proceedings and presentation at the conference, which corresponds to an acceptance rate of 42%. Papers were reviewed by two PC members, in a single round of review. WIDECOM 2020 is privileged to have select guest speakers to provide stimulating presentations on topics of wide interest. This year’s Distinguished Speakers are v

vi

Welcome Message from WIDECOM 2020 General Co-Chairs

• Professor Ling Guan, Director of The Ryerson Multimedia Research Laboratory, Department of Electrical and Computer Engineering, Ryerson University, Toronto, Canada, Fellow of the IEEE, Fellow of the Canadian Academy of Engineering, Fellow of the Engineering Institute of Canada, and Tier I Canada Research Chair in Multimedia (2001–2015) • Professor Ridha Khedri, Department of Computing and Software, McMaster University, Hamilton, Ontario, Canada We would also like to thank our tutorial presenters of this year: • Dr. Sherif Saad Ahmed, Department of Computer Science, University of Windsor, Canada. • Dr. Glaucio H. S. Carvalho, Sheridan College, Oakville Campus, Canada • Professor Xavier Fernando, Ryerson University, Canada We would like to thank all of the volunteers for their contributions to WIDECOM 2020. Our thanks go to the authors, and our sincere gratitude goes to the Program Committee, who gave much extra time to carefully review the submissions. We are pleased to announce that selected papers will be invited to submit extended versions for publication in the Internet of Things: Engineering Cyber Physical Human Systems, Elsevier. We would like also to thank the organizing committee and our sponsors: • • • •

The Department of Computer Science, Ryerson University The Faculty of Science, Ryerson University Ryerson University, for hosting WIDECOM 2020 Springer LNDECT Series, for publishing the Conference Proceedings

Finally, we thank all the attendees and the WIDECOM 2020 community for their continuing support, by submitting papers and by volunteering their time and talent in many ways. We hope you will find the papers presented interesting and enjoy the conference. Alireza Sadeghian and Eric Harley, Ryerson University, Canada WIDECOM 2020 Conference Co-chairs

Welcome Message from the WIDECOM 2020 Program Co-Chairs

Welcome to the 3rd International Conference on Wireless, Intelligent, and Distributed Environment for Communication (WIDECOM 2020), which will be held from May 6th to 8th, 2020, Ryerson University, Toronto, Canada. WIDECOM 2020 provides a forum for researchers and practitioners from industry and government to present, learn, and discuss recent advances in new dependability paradigms, design, and performance of dependable network computing and mobile systems, as well as issues related to the security of these systems. The papers selected for publication in the proceedings of WIDECOM 2020 span many research issues related to the aforementioned research areas, covering aspects such as algorithms, architectures, protocols dealing with network computing, ubiquitous and cloud systems and Internet of Things systems, integration of wireless mobile systems and network computing, and security. We hope the participants of this conference will benefit from this coverage of a wide range of current hop-spot related topics. In this edition, 36 papers were submitted and peer reviewed by the Program Committee members and external reviewers who are experts in the topical areas covered by the papers. The Program Committee accepted 15 papers (about 42% acceptance ratio). The conference program also includes two distinguished keynote speeches and three tutorials. Our thanks go to the volunteers who have contributed to the organization of WIDECOM 2020. We would like to thank all authors for submitting their papers. We would also like to thank the Program Committee members for thoroughly reviewing the submission and making valuable recommendations. We would like to thank the WIDECOM 2020 Local Arrangement team for the excellent organization of the conference, and for their effective coordination creating the recipe for a very successful conference. We hope you will enjoy the conference and have a great time in Toronto, Canada. WIDECOM 2020 Program Committee Co-chairs Andrea Visconti and Glaucio Carvalho

vii

WIDECOM 2019 Organizing Committee

General Co-chairs: • Alireza Sadeghian, Ryerson University, Canada • Eric Harley, Ryerson University, Canada Local Organizing Chairs: • Abdolreza Abhari, Ryerson University, Canada • Mehrdad Tirandazian, Ryerson University, Canada Special Sessions Co-chairs: • Nitin Gupta, National Institute of Technology, Hamirpur, India Publicity Co-chairs: • Isaac Woungang, Ryerson University, Canada • Sanjay K. Dhurandher, Netaji Subhas University of Technology, Delhi, India Technical Program Committee Co-chairs: • Andrea Visconti, Milan University, Italy • Glaucio Carvalho, Sheridan College Institute of Technology and Advanced Learning, Canada Posters chair: • Khuram Khalid, Ryerson University, Canada Technical Program Committee: • • • • • •

Petros Nicopolitidis, Aristotle University of Thessaloniki, Greece Lu Wei, Keene State College, USA Zeadally Sherali, University of Kentucky, USA Luca Caviglione, CNIT, Italy Hwang-Cheng Wang, National Ilan University, Taiwan Hamed Aly, Acadia University, Canada ix

x

• • • • • • • • • • • • • • • • • • •

WIDECOM 2019 Organizing Committee

Hamid Mcheick, Université du Québec à Chicoutimi, Canada Rohit Ranchal, IBM Watson Health Cloud, USA Chamseddine Talhi, École de technologie supérieure, Canada Cui Baojiang, Beijing University of Post and Telecommunications, China Vinesh Kumar, University of Delhi, India Alagan Anpalagan, Ryerson University, Canada Andrea Visconti, Milan University, Italy Joel Rodrigues, University of Beira Interior, Portugal Glaucio Silva de Carvalho, Sheridan College, Canada Zelalem Shibeshi, University of Fort Hare, South Africa Isaac Woungang, Ryerson University, Canada Sanjay K. Dhurandher, Netaji Subhas University of Technology, Delhi, India Chen Ding, Ryerson University, Canada Danda B. Rawat, Howard University, USA Ilsun You, Soonchunhyang University, Republic of Korea Neeraj Kumar, Thapar Institute of Engineering and Technology, India Juggapong Natwichai, Chiang Mai University, Thailand Marcelo Luis Brocardo, University of Santa Catarina, Brazil Ruppa K. Thulasiram, University of Manitoba, Canada

WIDECOM 2020 Keynote Talks

SCK: A Novel Key-point Detector Professor Ling Guan Director of The Ryerson Multimedia Research Laboratory Tier I Canada Research Chair in Multimedia (2001–2015) Department of Electrical and Computer Engineering Ryerson University, Toronto, Canada Abstract Since David Lowe introduced SIFT (Scale-Invariant Feature Transform) in 2004, key-point detection and associated feature extraction have become a mainstream in extracting distinctive invariant features in images. However, all the key-point detectors documented in the literature are based on some kind of hand-crafted structures such as blobs, corners, and junctions restricting the search for optimal key points and features to a subset of all the potential candidates. After an overview on state-of-the-art in key-point detectors, we introduce SCK, a universal keypoint detector built upon the theory of sparse coding. SCK can handle any visual structures (blobs, corners, junctions, and more) and has been analytically proven to be invariant to changes in illumination, spatial, and rotational transformations. Results show SCK outperforms all the hand-crafted detectors such as SIFT and Harris Corner, and recent deep learning-based detectors, setting a new standard for extracting high-quality features for image analysis and visual communication. Segmentation of Dynamic Networks from Heuristic-based Approaches to a Calculational Approach Professor Ridha Khedri Department of Computing and Software McMaster University, Hamilton, Ontario, Canada Abstract Network segmentation and layered protection are two strategies that are critical in building secure networks that are robust against unauthorized access. In the literature, layered protection has been formalized and termed as the Defense in xi

xii

WIDECOM 2020 Keynote Talks

Depth (DD) strategy. However, network segmentation has been described vaguely, thus making unwieldy the segmentation of dynamic large network. The current techniques for network segmentation are essentially heuristic based. In this talk, I explore the network security threat landscape and the need for better secure network topology design. Based on Product Family Algebra (PFA), we then formally discuss DD and Network Segmentation and show how they can be used to attain resilient network designs. I present an algorithm, which uses the DD strategy to strategically compartmentalize the resources to achieve maximum access protection. Then, I touch on the usage of the algorithm in the controller unit of Software Defined Networks (SDN) and in Internet of Things (IoT). Finally, I point to the remaining challenges to designing more secure networks equipped with intelligent control and with capabilities for real-time management of network resources.

WIDECOM 2020 Tutorials

Tutorial 1: A Gentle Introduction to Blockchain Technology Dr. Sherif Saad Ahmed Department of Computer Science University of Windsor, Canada Abstract This tutorial is suitable for computer science, computer engineering, and software engineering students, researchers, and professionals. The objective of this tutorial is to give the students, researchers, and professionals a theoretical and practical introduction to blockchain and distributed ledger technology using a technology and platform-agnostic approach. We will not focus on specific blockchain platforms such as Hyperledger, Etherum, or any other off-the-shelf platform. Instead, we will build a blockchain network from scratch using a vanilla approach and a simple python script. Tutorial 2: WLAN Defense—The pathway toward 5G security Dr. Glaucio H. S. Carvalho Professor of Computer Science and Information Security School of Applied Computing Sheridan College, Oakville Campus, Canada Abstract It has been anticipated that 5G will offload 71% of its traffic to WLAN by 2022. While this figure lays out the key role of Wi-Fi technologies within the roadmap of emerging 5G wireless networks, it also raises a red flag on the importance of actively guarding WLAN against attacks. In this tutorial, we will walk through WLAN encryption, authentication, and security infrastructure while setting up the enterprise security using network simulators and demonstrating attacks to Wi-Fi systems using Kali Linux, a wireless card, and an Access Point. Note: This is a Bring Your Own Device (BYOD) tutorial. Please install in advance the Cisco Packet Tracer Simulator, which is available at: https://www. netacad.com/courses/packet-tracer xiii

xiv

WIDECOM 2020 Tutorials

Tutorial 3: Communication Requirements for Autonomous and Electric Vehicles: Can Visible Light provide a viable Alternative? Professor Xavier Fernando Director of Ryerson Communications Lab IEEE Communications Society Distinguished Lecturer Department of Electrical and Computer Engineering Ryerson University, Canada Abstract Autonomous Vehicles (AVs) are incredibly disruptive and can be referred to as the third transportation revolution. AVs will not only save commuting time and labor but also alleviate the need for huge parking lots, taxi services, or even public transport. When AVs use electricity for fueling, there will be a very positive impact on air pollution in as well. However, there are still many technical hurdles to overcome before fully realizing the benefits of AVs. In addition to machine learning and multi-sensor information fusion, V2X communication (where X stands for Vehicle, Infrastructure, or Network) is very essential for many safety aspects of AVs. 5G network-based RF solutions promise ultra-reliable low-latency connections for AV user cases via network slicing. On another frontier, Visible Light Communications (VLC) is gaining momentum to provide short-range V2X connectivity. Wide deployment of solid-state lights and image sensors in vehicles enable simultaneous lighting, sensing, and communication possibilities. The talk will highlight state-ofthe-art research issues in real-time communication solutions for vehicular networks.

Program

WIDECOM 2020 The 3rd International Conference on Wireless, Intelligent and Distributed Environment for COMmunication (WIDECOM 2020) May 06–08, 2020 Ryerson University, 350 Victoria Avenue, Toronto, Ontario, Canada Technically co-sponsored by Department of Computer Science, Ryerson University, Faculty of Science, Ryerson University, and LNDECT Series, Springer WIDECOM 2020 Conference Program Wednesday May 6, 2020 8–8:45 am: Registration 8:45—10 am: Keynote I Title: SCK: A Novel Key-point Detector By: Professor Ling Guan, Director of The Ryerson Multimedia Research Laboratory, Department of Electrical and Computer Engineering, Ryerson University, Toronto, Canada 10–10:15 am: Tea/Coffee break 10:15–12:15 pm: Session I A P2P Optimistic Fair Exchange (OFE) Scheme for Personal Health Records Using Blockchain Technology Nasim Al Goni, Sherif Saad Ahmed, and Ahmed Ibrahim Characterizing Command and Control Channel of Mongoose Bots Over TOR Wei Lu, Nathanael Mercaldo, and Chance Tellier

xv

xvi

Program

Performance Evaluation of SDN-WISE Against RPL-based Ad-Hoc Wireless Sensor Network using the COOJA Simulator Samridhi and Ramiro Liscano SNR-Based Multi-Head Selection and Reception Performance for IoT Clustering Yawgeng A. Chau Performance Evaluation of a Traffic Surveillance Application using iFogSim Mluleki Sinqadu and Zelalem Sintayehu Shibeshi 12:15–2 pm: Lunch 2–4:30 pm: Tutorial 1 Title: A Gentle Introduction to Blockchain Technology Dr. Sherif Saad Ahmed, Department of Computer Science, University of Windsor, Canada 4:30–4:45 pm: Tea/Coffee break 4:45–6:15 pm Design and Evaluation of Energy-Efficient Routing Protocols for Opportunistic Networks Sibusiso Shabalala, Zelalem Sintayehu Shibeshi, and Khuram Khalid Achieving QoS Upper Bounds for various MAC Parameters in the VANET Richa Sharma, Teek Parval Sharma , and Ajay Kumar Sharma Secrecy analysis of Underlay Cognitive Radio with Delayed Channel Information Anshu Thakur, Ashok Kumar, and Nitin Gupta Machine Learning-based RF Jamming Classification Techniques in Wireless Ad-hoc Networks G. S. Kasturi, Ansh Jain, and Jagdeep Singh A Survey on Spectrum Sharing Techniques in Cognitive Radio based Smart Grids Megha Gupta and Vinesh Kumar 6:30–8:30 pm Banquet Thursday May 7, 2020 8:00–8:45 am: Registration 8:45–10 am: Keynote II Title: Segmentation of Dynamic Networks from Heuristic-based Approaches to a Calculational Approach By: Professor Ridha Khedri, Department of Computing and Software, McMaster University, Hamilton, Ontario, Canada

Program

xvii

10–10:15 am: Tea/Coffee break 10:15–12:15 pm: Session II Security- and Location-Aware Optimal Virtual Machine Management for 5GDriven MEC Systems Glaucio H.S. Carvalho, Isaac Woungang, Alagan Anpalagan, and Issa Traore Efficient Resource Utilization for High-Capacity Satellite Networks Olugbenga Emmanuel Imole and Tom Mmbasu Walingo Machine Learning based Detection of Grayhole Attack in Mobile Ad-Hoc Networks Sunil Poyyagadde Rao, Deepak Devaru Joshi, and Juzi Zhao Multi-Objective Scheduling based on Ant-Lion Optimizer in Cloud Gaurav Arora, Prakhar Maheshwari, Sushant Aggarwal, Ritu Garg, and Rama Rani Modified RC-4 Algorithm Against FMS-Attack Poonam Jindal , Harika Menda, Dedeepya Rongali, and Shraddha 12:15–2 pm: Lunch 2–3:30 pm: Tutorial 2 Title: Communication Requirements for Autonomous and Electric Vehicles: Can Visible Light provide a viable Alternative? By: Professor Xavier Fernando, Ryerson University, Canada 3:30–4 pm: Tea/Coffee break 4–5:30 pm: Tutorial 3 Title: WLAN Defense—The pathway toward 5G security Dr. Glaucio H. S. Carvalho, Sheridan College, Oakville Campus, Canada Friday May 8, 2020 9:00 am—1:00 pm: Posters session 1:00–1:15 pm: Closing remarks 1:30–2:30 pm: WIDECOM Steering Committee meeting

Contents

A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records Using Blockchain Technology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Nasim Al Goni, Sherif Saad Ahmed, and Ahmed Ibrahim

1

Characterizing Command and Control Channel of Mongoose Bots Over TOR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wei Lu, Nathanael Mercaldo, and Chance Tellier

23

Performance Evaluation of SDN-WISE Against RPL-Based Ad-Hoc Wireless Sensor Network Using the Cooja Simulator . . . . . . . . . . . . . . Samridhi and Ramiro Liscano

31

SNR-Based Multi-Head Selection and Reception Performance for IoT Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Yawgeng A. Chau

41

Performance Evaluation of a Traffic Surveillance Application Using iFogSim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mluleki Sinqadu and Zelalem Sintayehu Shibeshi

51

Design and Evaluation of Energy-Efficient Routing Protocols for Opportunistic Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sibusiso Shabalala, Zelalem Sintayehu Shibeshi, and Khuram Khalid

65

Achieving QoS Upper Bounds for Various MAC Parameters in the VANET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Richa Sharma, Teek Parval Sharma, and Ajay Kumar Sharma

81

Secrecy Analysis of Underlay Cognitive Radio with Delayed Channel Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Anshu Thakur, Ashok Kumar, and Nitin Gupta

91

Machine Learning-Based RF Jamming Classification Techniques in Wireless Ad Hoc Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G. S. Kasturi, Ansh Jain, and Jagdeep Singh

99

xix

xx

Contents

A Survey on Spectrum Sharing Techniques in Cognitive Radio-Based Smart Grids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Megha Gupta and Vinesh Kumar Security- and Location-Aware Optimal Virtual Machine Management for 5G-Driven MEC Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Glaucio H. S. Carvalho, Isaac Woungang, Alagan Anpalagan, and Issa Traore Efficient Resource Utilization for High-Capacity Satellite Networks . . . . . . 135 Olugbenga Emmanuel Imole and Tom Mmbasu Walingo Machine Learning Based Detection of Gray-Hole Attack in Mobile Ad-Hoc Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Sunil Poyyagadde Rao, Deepak Devaru Joshi, and Juzi Zhao Multi-Objective Scheduling Based on Ant Lion Optimizer in Cloud . . . . . . 159 Gaurav Arora, Prakhar Maheshwari, Sushant Aggarwal, Ritu Garg, and Rama Rani Modified RC-4 Algorithm Against FMS Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Poonam Jindal, Harika Menda, Dedeepya Rongali, and Shraddha Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records Using Blockchain Technology Nasim Al Goni, Sherif Saad Ahmed, and Ahmed Ibrahim

1 Introduction In today’s digital world, it is common to exchange sensitive data between different parties. There are many examples of sensitive data or documents that require a digital exchange, such as banking information, insurance data, health records. In many cases, the exchange exists between unknown and untrusted parties. Therefore, it is essential to execute the data exchange over a fair non-repudiation protocol. A data exchange protocol satisfies the non-repudiation property if and only if any given party involved in the exchange process cannot deny their actions (e.g. sending or receiving data). Usually, this is achieved by the use of a cryptographic digital signature. In this case, the parties cannot deny the authenticity of their digital signature. The protocol satisfies the fairness property if and only if it does not give the sender any advantages over the receiver or vice versa, at any step during the exchange process. The most common approach to the design of a fair nonrepudiation protocol requires the involvement of a third party that is trusted by all other parties in the process. However, a peer-to-peer (P2P) (aka offline) fair nonrepudiation protocol that does not require a trusted third party is desirable in many applications. Non-repudiation is the ability to provide irrefutable evidence of one’s responsibility regarding the validity of any data he shares/receives. Thus, if one party shares

N. Al Goni · S. S. Ahmed () University of Windsor, Windsor, ON, Canada e-mail: [email protected]; [email protected] A. Ibrahim University of Virginia, Charlottesville, VA, USA e-mail: [email protected] © Springer Nature Switzerland AG 2020 I. Woungang, S. K. Dhurandher (eds.), 3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication, Lecture Notes on Data Engineering and Communications Technologies 51, https://doi.org/10.1007/978-3-030-44372-6_1

1

2

N. Al Goni et al.

his information with another, both will provide Proof of Origin (POO) and Proof of Receipt (POR) of the message, which will defend against any falsified claim by any one of them. This exchange of POO and POR must be done in such a way that neither party gets the advantage at any point during the exchange. That is, the transaction has to be atomic. At any point, the process will ensure that either the parties will get what they want, or none of them will get anything. This is known as a fair exchange. In a paper-based scenario, this exchange of evidence is easy to achieve because both parties will be physically available at the same time. However, it is not as simple when the same exchange has to be done over a network. As a matter of fact, [11] proved that achieving fairness in a deterministic two-party signing protocol is impossible because information exchange over the computer network is nonsimultaneous. Researchers have proposed many alternative solutions to maintain a strong fairexchange protocol in digital exchange. A strong fair-exchange protocol does not require a human judge, and if any disputes occur, it will be handled within the scope of the transaction. On the other hand, a weak fair exchange cannot offer any such solution. However, it can gather proof so that a misbehaving party can be identified. The protocol assumes that the misbehaving party can be brought to justice [26]. Strong fair exchange can be achieved in many ways leveraging some facts. Strong fair-exchanged protocols can be categorized in two broader ways, (1) Probabilistic fair-exchange protocol and (2) Trusted Third Party (TTP)-dependent fair-exchange protocol. In the probabilistic fair-exchange protocol, the sender will divide the main message into n parts (where only the sender knows the actual value of n) and sends one part at a time. After receiving each part of the original message, the receiver will provide his POR for that part. The whole process will keep running until each of the participants gets their desired document. This method is called probabilistic because, instead of “yes” or “no” as a final outcome, the result of true fairness comes as a probable manner. However, this protocol does not require a third party to interfere. On the other hand, the TTP-dependent fair-exchange protocol ensures true fairness provided that the third party is trusted. A TTP-based fair-exchange protocol can be again subdivided into three classes [19]. These classes are: (a) online, (b) inline, and (c) offline. In the online TTP model, every message between the sender and receiver is shared via the TTP. In inline TTP, some selective important/crucial messages are shared via TTP. Finally, in offline TTP, the TTP is only involved when any dispute needs to resolve, otherwise not. Since the participants directly communicate with each other unless any dispute occurs and at the same time, it ensures true fairness, fair exchange with offline TTP is also known as Optimistic Fair Exchange. Though a TTP-involved fair-exchange protocol ensures true fairness every time, dependency on a trusted third party is a major drawback here. One alternative solution to this problem can be the involvement of Blockchain technology. Instead of putting trust in a third party, the participants can take advantage of using a trustless Blockchain network. There are already some related works in this field. However, none of them is focused on maintaining true

A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records. . .

3

fair-exchange policy while exchanging medical records. In this study, we propose a scheme that will highlight this issue. The rest of the paper is organized as follows: Section 2 discusses our motivation and related works in this arena; in Sect. 3 we briefly describe what Blockchain is and how it works; we draw our design in Sect. 4; Sect. 5 deals with the security analysis of the proposed design; we compare our proposed design with the ones presented on the literature review in Sect. 6, in Sect. 7 we lay out our plan for the implementation and testing of the proposed scheme and then conclude the paper and state the future works in Sect. 8.

2 Motivation and Related Work As healthcare services move toward a patient-centric approach, rather than institution centric, exchanging the Personal Health Records (PHRs) among the service providers is a vital factor for providing proper treatment. At the same time, the electronic exchange of information should maintain all the security criteria. According to [1], any electronic health record generating system should keep eight criteria out of which non-repudiation is one. Though a significant amount of work has been done on maintaining non-repudiation, i.e., fair-exchange policy for electronic exchange in some areas like contract-signing protocols [5, 8, 11], certified email systems [16, 18, 32], and e-payment schemes in electronic commerce [6, 13, 24, 25], the PHR exchanges have not received sufficient attention. Electronically exchanging personal health records while maintaining fair-exchange policy is trickier and cannot be achieved with the existing schemes of contract-signing protocols, certified email systems, or e-payment schemes in electronic commerce. This is mainly because healthcare data are large-sized as well as sensitive. That is why, unlike others, we must also consider the challenge of exchanging large-sized data and maintaining its confidentiality. Since fair exchange is a fundamental problem in digital exchange, many researchers have considered the issue. Among them [8, 12, 15, 20] and [21] examined the probabilistic approach where the whole message is exchanged bitby-bit. This approach is beneficial in the sense that it does not require any third party; thus, the bottleneck issue can be resolved. The main disadvantage of this approach is that it never guarantees true fairness and has the “unsatisfactory property of uncertain termination” [5, 29]. Another problem is that this protocol assumes that the two parties have “equivalent computational resources,” which is unrealistic in most cases [29]. In case the of protocols which are designed to take extensive help from an online/inline TTP, all or some of the messages are exchanged via a third party [5, 7, 9, 31, 19, 30]. Briefly, the protocol works as follows: 1. Both Alice and Bob send their items to the TTP, 2. TTP checks the validity of the items, and 3. If satisfied, the TTP exchanges the items to the party who needed them.

4

N. Al Goni et al.

This protocol always ensures true fairness throughout the exchange. Of course, the protocol also has drawbacks, namely excessive trust toward a third party and the bottleneck issue. Since every message is transferred via TTP, the process is slow, especially when many users put trust in the same TTP. A better alternative to the above approach could be the use of offline TTP [2, 3, 4, 23, 25, 29]. This approach is more practical and can handle the bottleneck issue quite easily. In a nutshell, the protocol works as follows: 1. Alice encrypts the message with TTP’s public key, puts her digital signature on the encrypted message, and sends the encrypted digitally signed message to Bob 2. Bob verifies the signature and makes sure that the encrypted message indeed came from Alice 3. Bob sends his POR to Alice 4. Upon receiving the POR, Alice sends the original message to Bob with her digital signature attached If a dispute occurs, such that step 4 was not completed or Alice sends incorrect information, 5. Bob presents the message he received from Alice along with his POR to TTP 6. TTP decrypts the message, sends it to Bob and at the same time sends the POR to Alice In some scenarios where an offline fair-exchange policy is used, Bob can take advantage by using Alice’s partial confirmation (or commitment) generated at the first step as a bargaining chip (as this step confirms that the encrypted message is indeed coming from Alice which means she is interested in this business deal). To mitigate this issue, [17] works on Ambiguous Optimistic Fair Exchange. Based on the idea of fully anonymous group signature and with the help of non-interactive witness indistinguishable (NIWI) proof along with non-interactive zero-knowledge (NIZK) proof, their scheme shows that the partial confirmation will seem ambiguous and no outsider can deduce whether Alice or Bob generated this partial confirmation. Though offline TTP is widely accepted and indeed an optimistic solution since it can solve the problems that arise by the probabilistic approach and online/inline TTP approach, it still has a significant drawback, putting trust in a third party. A convenient solution to this can be the replacement of the TTP with a “trustless” Blockchain network. In [28] the authors proposed an efficient way of sharing healthcare data with Blockchain. Their method creates a bridge between immutable small-sized trace records of health data and mutable records of large-sized original data. This way, the patient can grant access of their medical records to a requester, and the requester can retrieve them from another healthcare provider who holds the data for the patient, and each peer-to-peer exchange can be logged into Blockchain as an immutable snippet. However, they do not cover certain issues like “ensuring fair-exchange policy” and “maintaining confidentiality of the data.” A solution for secure certified electronic mail exchange following the fair-exchange protocol is proposed in [16].

A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records. . .

5

In their design, they assume that, though a participant has the decryption key of a POR, it will only be effective when it is published on the Blockchain. However, the drawbacks of that design are that they have used the bitcoin Blockchain as a message board. In our case, one of the parties involved in the exchange could be patients who may not possess bitcoin. Eventually, he or she could not use their protocol. Another issue is that bitcoin is a public Blockchain. Thus, if a pending transaction, due to any reason, could not convert to a valid transaction, the receiver of the message would be in an advantageous situation which contradicts the rule of fair exchange. In [24] a fair-exchange policy for exchanging physical goods that leverage cryptocurrencies has been proposed. In this design a common public escrow account is opened on a themis Blockchain from which currency can only be withdrawn if someone has both the secret keys. Both buyer and seller share their encrypted secret keys to their selective mediators of the network using the Shamir secret sharing approach [27] and then provides the cipher text to the other party (Alice to Bob and vice versa). If no dispute occurs, the buyer will send his original secret key to the seller. The seller can use that to unlock the escrow account. If a dispute arises, the seller will notify the mediators of the network, and if more than half of the mediators work, the seller can recover the private key from them. However, their protocol is particularly designed to ensure fair-exchange policy while exchanging cryptocurrency for physical goods, which is not our area of work since we are working on exchanging the data over digital platform. The protocol proposed in [13] offers true fairness without the involvement of any TTP. In the solution, the contract will only be valid if it receives approval from the Blockchain network even though the unencrypted contract is shared between the parties without any involvement of Blockchain. It may not be an issue for contract-signing protocol, but in our case, we cannot explicitly rely on their design. If a malicious party gets the unencrypted health data outside the chain without providing any partial or full POR in the first step, he/she will terminate the exchange protocol immediately. The authors in [13] designed their scheme considering that, one of the users must have cryptocurrency from the Blockchain to support their scheme. As none of the proposed fair-exchange solutions with Blockchain technology is designed for exchanging sensitive large-sized PHR, we are motivated to fill this crucial gap.

3 Blockchain Blockchain is a distributed ledger technology wherein the same copy of data is maintained by all the participants in the network. Each block, full of data, is connected with others through a strong cryptographic technique and is formed into a chain. Thus, it is called the Blockchain. The cryptographic technique ensures that, once a block is added to the chain, it is extremely costly for anyone to alter any of the data it contains. Therefore, from security point of view, Blockchain provides a robust tamperproof solution for the data integrity requirement. The Blockchain

6

N. Al Goni et al.

Fig. 1 How Blockchain works [22]

network is entirely decentralized and designed in such a manner that peers do not have to deal with a middle-man while making any transaction. In other words, no one has to put trust in a third party to deal with his or her data. That is why it is also known as a trustless network. Figure 1 demonstrates how a Blockchain works with a sample diagram. Since there is no central authority and the ledger has to be synchronized to make sure the system works fairly and efficiently, all the participants in the network must agree with the inclusion or exclusion of any data. This generation of the agreement is called a consensus mechanism. The consensus mechanism is chosen based on the type and use of the network. However, each consensus mechanism ensures one thing; in every transaction, one node or a group of nodes is acting as a miner/validator and is always responsible for validating that transaction. That node, to prove its worthiness of being a miner/validator, has to bear some fees. These fees could come in the form of requiring huge computational power to find the solution of a problem, lodging some crypto-assets in the network as a stake, having huge computational space to store solutions of a problem etc., depending on which consensus algorithm is picked up for that network. This entire process confirms, even if someone does not trust any node in the network, (s)he can trust the chain. Here, we use a consensus mechanism called Proof of Work (PoW). This is the same consensus algorithm used by Bitcoin and Ethereum. In a nutshell, PoW works as follows: any block in a Blockchain contains its ID, data, and the ID of its previous block. The ID is generated by hashing the combination of the data that the block contains, the previous block’s ID, and a specific number (nonce). The addition of

A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records. . . Fig. 2 Proof of Work: Finding out the unique hash of the current block, a hash starts with a certain number of zeros, by mining the nonce

Hash from the last block

Block of transactions

7

Nonce: 2

SHA - 256

0000000000000000003cd2ad5f4092639c804b80a09f64128c50e5ab4 1b24719

a nonce will require that the hash value be a unique hash (a hash starts with a certain number of zeros). Nodes have to find out the solution to this puzzle (in other words, mining the nonce) through a trial and error basis. Mining the nonce is computationally expensive, yet easy to prove once solved. The node, which mines the nonce first (called miner), gets the right to add the new block to the chain and in return, receives the incentive for solving the case. All of the blocks carry its own hash value, as well as the hash value of its previous block. Therefore once a block, full of data, is added to the chain, it becomes difficult to doctor the contents since all the blocks have to be added again with a new hash address. This is practically unmanageable because of the extremely high expense of solving the puzzle to generate the correct hash. Figure 2 offers a simple example of how hash value in PoW is generated. There are two types of the Blockchain networks, public and private. In a public network, any participant can join or leave the network at any time. Whereas in private Blockchain, the network is generated by a network starter or a set of network starter(s), and to join or leave the group a participant has to follow the pre-defined rules. In our proposed schema, we take advantage of a private Blockchain because we want to create a barrier to entering or leaving the network at any time. Any participant can only leave the network once he/she has fulfilled all the rules defined by the network starter(s). This will help to ensure that the accountability of sensitive information is maintained and enable the design of a P2P fair exchange of digitized data such as personal health records. Note that fair exchange is not supported in Blockchain network by design and requires the design of a communication scheme that runs on the top of the blockchain network.

8

N. Al Goni et al.

4 Proposed Scheme 4.1 Design Goals and Assumptions A medical record, M, will be transferred from party A (say Alice) to party B (say, Bob). After the completion of the exchange, neither Alice nor Bob can deny their role in the exchange, i.e., Alice cannot say she did not send M, and at the same time, party, Bob cannot deny that he did not receive M. Both the parties will have valid proof which will testify against anyone’s falsified claim. Also, only Alice or Bob can know the true meaning of M. Any other participants during the exchange cannot find out what M is. Neither Alice nor Bob trust any other person. A constant communication channel has been established among all the participants in the Blockchain network. Table 1 shows the protocol notation.

4.2 Design Rationale As stated, in this scheme we use a private Blockchain. The rules of our private Blockchain network are: 1. The private Blockchain is going to use Proof of Work (PoW) consensus protocol. Table 1 Protocol notation

A B BC M EK (M) SX Y, SX Xpub Xpriv RSX AdrX k1 k2 HX Z, t C POO1 POO POR1 POR

Alice Bob Blockchain Medical record Encrypted medical record Digital signature of X Digital signature of X on item Y Public key of X Private key of X Reputation score of X Blockchain address of X First symmetric key Second symmetric key Hash of item X maximum validity time, t, of an item Z Hash of (EK (M), Bpub (k1 ), Hk2 ) Partial Proof of Origin Full proof of Origin Partial Proof of Receipt Full Proof of Receipt

A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records. . .

9

2. Miners will be rewarded with a reputation score instead of cryptocurrency. 3. Each transaction will cost a specific reputation score (which is significantly less than the mining reward) and will be deducted from the sender’s reputation score wallet. 4. Each node has to maintain a level of reputation score to stay in the network. 5. A node has to post the “leave” request in the network, and once it is mined only then he/she can leave the network. From that point, that node will neither be able to get any new block to his chain nor can see the pending transactions in the pool. We denote the transaction of data from one party to another by P → Q : M, which means P is sending certain information, M, to Q. Let us say Alice and Bob agreed to share a medical record. The P2P OFE protocol will occur according to the following four steps which are also sketched in Fig. 3 1. A → B : (EK (M), Bpub (k1 ), Hk2 , POO1 ); where POO1 = (C, SA ) and C = Hash of (EK (M), Bpub (k1 ), Hk2 ) In this step, Alice will encrypt M two times; first with k2 (let us say the result of encrypting M with k2 is M ) and then will encrypt M with k1 (let us say the result of encrypting M with k1 is EK (M)). She will encrypt k1 with Bob’s public key, Bpub . k2 will stay secret known only by Alice. Then, she will generate POO1 which is a combination of the hash of the tuple (EK (M), Bpub (k1 ), and Hk2 ) along with her digital signature on that hash. Then, Alice will send the (a) encrypted message EK (M), (b) symmetric key (k1 ) encrypted with Bob’s public key, Bpub (k1 ), (c) hash of the second symmetric key, (Hk2 ), and (d) partial proof of origin, POO1 to Bob. 2. B → A : POR1 ; where, POR1 = ((POO1 , t), SB ). t starts from now. In the second step, Bob computes the partial proof of receipt, POR1 , which is a tuple of POO1 and t, signed by his digital signature. Then, sends POR1 to Alice. 3. A → BC : transfer (POO1 , POR1 , k2 , Hk1 ) to Adrb Fig. 3 Proposed P2P OFE scheme with Blockchain

A

1.

B

(EK(M), Bpub(k1), Hk ; POO1) 2

POR1

3.

BC

2.

transfer (POO1, POR1, k2, Hk ) to Adrb 1

(POO1, POR1, k2, Hk ) 1

4.

10

N. Al Goni et al.

In the third step, Alice will send the transaction of transferring the token of their exchanges at the first and second steps along with the second symmetric key, k2 and hash of k1 , Hk1 to Bob’s address, in the Blockchain. 4. BC → B : (POO1 , POR1 , k2 , Hk1 ) At step 4, from the Blockchain network, a miner, after mining the nonce, will validate and broadcast that transaction to the rest of the nodes by adding a new block, containing that transaction, on the current chain. Since in steps 1 and 2, the exchanges are P2P exchange, we call this an off-chain exchange. On the other hand, since the Blockchain is involved in step 3 and 4, we call this on-chain exchange. As, the POO or POR will contain two things; POO1 or POR1 and the block id, which includes the token of off-chain exchange, after step 4, the POO1 and POR1 , exchanged at step 1 and 2, will convert into POO and POR. After mining, the miner, who adds the block to the chain and broadcasts it to the network, will be rewarded with a reputation score.

5 Security Analysis Here we analyze various security criteria such as Fairness, Timeliness, and Confidentiality issues.

5.1 Fairness We will see how our proposed scheme ensures fairness after each step. Step 1 • B has the encrypted record, 1st symmetric key, and POO1 . Cannot decrypt the record without sending POR1 . Result True Fairness Retained. Step 2 • B has the encrypted record, 1st symmetric key, and POO1 . Cannot decrypt without having the 2nd symmetric key. • A has POR1 . Cannot claim possession of POR without posting the token of their exchange along with 2nd symmetric key in the Blockchain. Result True Fairness Retained. Step 3 • A cannot claim to have POR as the transaction is in the waiting pool. • B cannot claim to have POO as the transaction remains in the waiting pool. However, he can get the 2nd symmetric key and decrypts the message. But cannot leave the network as there is a pending transaction against his name.

A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records. . .

11

Result True Fairness Retained. Step 4 • A can claim to have the POR as the waiting transaction is now converted to a block. Thus it has a block ID. • B can claim to have POO as the waited transaction is now converted to a block. Thus it has a block ID. He can obtain the 2nd symmetric key and decrypts the message. He can leave the network as there is no pending transaction against his name. Result True Fairness Retained.

5.2 Timeliness and Confidentiality Timeliness • The POR1 , sent at step 2, will only be valid for a time period, t. Thus, A has to post the rest of the key within the time-frame in the Blockchain. If not, B can leave the network. • If A sends the wrong key at step 3, B will have both of the symmetric keys and their hashes with A’s signature on it, after step 4. He then can submit the keys and hashes, to any regulator, who eventually can discover that A is guilty. After tw , any claim will be invalid. Confidentiality • As k1 is exchanged after encrypting it with the B’s public key, data remains confidential even though k2 is distributed across the Blockchain network for validation.

6 Comparison of the Different Approaches Here, we compare the design of our scheme with those in the literature review. It is rather difficult to make a direct performance comparison as the other approaches have drawn their schemes specific to their design goals. Thus, while comparing, we have chosen to focus on the following points, prioritized in ascending order (1 being the top priority). 1. Fair Exchange: Whether the scheme can always ensure true fairness at any point of the exchange 2. Requirement of trusted third party: Is there any requirement of a trusted third party for the scheme to work 3. Requirement of Blockchain: Is there any requirement of a Blockchain for the scheme to work. If yes, what type of Blockchain is needed there 4. Dispute Resolution: Who is involved in dispute resolution, if any

12

N. Al Goni et al.

5. Scalability of the network: In the case of Blockchain-based approach, how large the network was at the time of testing 6. Data Exchange: Whether the actual data are exchanged on Blockchain or not. If Blockchain is not involved in actual data exchange, we call it off-chain, otherwise on-chain 7. Consensus Mechanism: What consensus is used in the Blockchain 8. Implementation: Whether the author implemented the schemes or only proposed Table 2 shows the comparison. As there has been much work done already on fair exchange, we grouped the papers with the same approach under a common name. So, the approaches in [8, 12, 15, 20] and [21] are referred to as Probabilistic approaches. Similarly, the approaches in [2, 3, 5, 7, 9, 4, 17, 31, 19, 23, 25, 29] are referred to as TTP-involved approaches. On the other hand, since there are only a limited number of works done on Blockchain-based approaches, we address them as the authors’ names. Since there is no requirement of network formation in the probabilistic approach or TTP-involved approach, we deemed it as not applicable in this case. Shen et al. [28] did not work on maintaining fair-exchange rules whereas [24] works on ensuring fair-exchange policy when exchanging physical goods for cryptocurrency. Thus we put “No” in the “Fair-Exchange” point for [28] and “Not Applicable” in the “Data Exchange” point for [24]. Hinarejos et al. [16] calculated the time and cost of publishing a message in Bitcoin Blockchain as they were using it as a message board and compared that with the current most economical electronic delivery confirmation system. However, they did not consider the cost of the standard message exchange between two parties. Also, in their case, they are using a public Blockchain which could help a malicious receiver being in an advantageous situation during the exchange as the receiver could leave the Blockchain network anytime without informing anyone. Ferrer-Gomila et al. [13] used bitcoin’s test network, Testnet3, to analyze the performance of their scheme. However, they have exchanged the items unencrypted, which violates our goal. As a result, we conclude that neither of the previous works was able to maintain all of our design goals.

7 Implementation and Testing of the Proposed Scheme One important decision when building a Blockchain solution is to decide what data would be stored on-chain and what will be stored off-chain. It is essential to ensure that only the necessary data will be stored on-chain. Since any data stored on-chain will remain permanently on the network and readable by any member/node in the network. Moreover, Blockchain is not designed to store documents. In particular, storing large documents such as medical images and medical test results is not recommend for two main reasons. First, every node/member in the network is required to keep a permanent copy of the ledger, the ledger size increases over time and never decreases. Therefore, storing massive and large data on the ledger will

No

BFT-SMaRt

Yes

Yes

No

By TTP

Not applicable

Off-chain

Not applicable

Somea

No

No

No

Not applicable

Off-chain

Not applicable

No

Off-chain

Tested up to 100 nodes

Not applicable

Yes (Not mentioned)

Shen et al. No

Probabilistic approach TTP-involved approach No Yes

Yes

DPoS

Not applicable

Tested up to 128 nodes

By BC

Yes (Public)

No

Meng et al. Yes

Yes

PoW

Tested with Bitcoin’s test network Off-chain

By BC

Yes (Not mentioned)

No

Ferrer-Gomila et al. Yes

BC Blockchain, BFT-SMaRt Byzantine Fault-Tolerant (BFT) State Machine Replication, DPoS Delegated Proof of Stake a [23, 29] and [3] implemented their scheme. Rests, mathematically explained their scheme

Comparison point Fair exchange Requirement of TTP Requirement of BC (Type) Dispute resolution Scalability of the network Data exchange Consensus mechanism Implemented

Table 2 Comparison of different schemes

Yes

PoW

Tested with Bitcoin Network Off-chain

By BC

Yes (Public)

No

Hinarejos et al. Yes

Yes

PoW

Off-chain

Tested up to 250 nodes

By BC

Yes (Private)

No

Our approach Yes

A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records. . . 13

14

N. Al Goni et al.

result in eventually eliminating nodes that could not provide the required storage. Second, the ledger is readable by all the nodes/members of the network. Therefore, there are many privacy and compliance issues if the data is stored on a shared ledger. For that reason, we do not store or exchange any readable data on the chain. All the medical records and health-related data are exchanged over secure P2P connections off-chain. A detailed record and digital fingerprint for all the exchanged data offchain are stored on-chain as a tokenized exchange transaction. The tokenization and digital fingerprint of the health data is a straight forward process. The data is randomly salted and hashed using a secure hashing algorithm. Then the hashed data is signed with the sender’s private key and posted on-chain. Concurrently the signed hashed data and the original data are sent to the receiver off-chain over a secure P2P connection. Upon receiving the data, the receiver will validate the data and sign the validation results using the receiver’s private key and posted on-chain.

7.1 Equipment Specifications We have experimented our design on a workstation with the following specifications (Table 3):

7.2 Network Creation To implement the proposed scheme, we are using the following technologies: NodeJS, Redis (an in-memory data grid), and Python. Using Redis, we construct a cluster of nodes connected over Pub/Sub architecture and provide the backbone for the Blockchain communication channels. Python is used to write and execute all the logics for off-chain exchange. Finally, NodeJS is used to implement the business logic of the Blockchain network. Table 3 Specifications of the experimental equipment

Specification Processor Frequency RAM Operating system

Value Intel(R) Core(TM) i7-5500 U 2.40 GHz 12 GB Windows 8.1 (64-bit)

A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records. . .

15

7.3 Dataset Description In our experiment, we used a synthetic dataset of patient data from EMRBOTS.ORG [10]. The dataset had records of 10,000 patients, which were organized into four different tables according to their criteria. Patient Core Populated Table It contains a unique patient ID along with personal information of the patient (gender, date of birth, race, marital status, language, and population percentage below poverty). Admissions Core Populated Table It contains a unique patient ID, admission ID each time a patient is admitted along with the start and end date of the admission. Admissions Diagnoses Core Populated Table It contains a unique patient ID, admission ID, diagnosis code, and diagnosis description each time a patient is admitted. Labs Core Populated Table It contains a unique patient ID, lab name (different health information such as White Blood Cell Count, Red Blood Cell Count, Hemoglobin, Hematocrit, Mean Corpuscular Volume, Mch, Mchc, Rdw, Platelet Count, Absolute Neutrophils, Absolute Lymphocytes, Neutrophils, Lymphocytes, Monocytes, Eosinophils, Basophils, Metabolism, and Urinalysis) results of the each lab test (in value and unit), and date-time of the lab test. Out of 10,000 patient IDs in Patient Core Populated Table, we randomly selected 1000 IDs, and then based on those 1000 patient IDs (each ID represents different patient), we merged all the four tables and generated 1000 different files. Thus each file now contains a detail description of an individual patient along with multiple medical records (records every time that patient is admitted). In this way, we have created 1000 PHRs. The size of the records are ranging from 2 KB to 1 KB. The complete source code, for both off-chain and on-chain exchange, along with the dataset are available in https://github.com/nasim-shourav/P2P-OFE.git.

7.4 Experimental Results We are presenting the results in two parts; off-chain and on-chain. In off-chain, we measure the time taken to perform the required tasks before exchanging the items. In on-chain, we analyze the behavior of the network by changing the number of participants in the network. We monitor whether every time our designed network can maintain all the rules of our private Blockchain network. Also, we will increase the difficulty level of PoW and measure the time required to mine a block for that difficulty. The difficulty level of PoW is determined by how many numbers of zeros there should be at the beginning of a hash. The network will start with a lower difficulty as, in this case, there is only one block (genesis block) with some predefined data in that, and will keep increasing in proportion to the number of the

16

N. Al Goni et al.

Table 4 Time taken to perform each task of Step 1 of the scheme

Task EK (M) Bpub (k1 ) Hk2 POO1 Total

For 1000 PHRs 27 s 8s 2s 38 s 75 s

For 1 PHR (avg.) 0.027 s 0.008 s 0.002 s 0.038 s 0.075 s

Table 5 Time taken to perform each task of Step 2 of the scheme

Task Verify POO1 POR1 Total

For 1000 PHRs 5s 15 s 20 s

For 1 PHR (avg.) 0.005 s 0.015 s 0.020 s

blocks in the chain. It will help us to measure the optimal difficulty of PoW for our network (where mining a block is neither too fast nor too slow).

7.4.1

Off-chain Exchange

We have measured the time required for performing each task in step 1 (performing “cascade encryption” [14] on original medical records, EK (M), encrypting the first symmetric key with B’s public key, Bpub (k1 ), hashing the second symmetric key, Hk2 , and creating the partial proof of origin, POO1 ) and step 2 (verifying partial proof of origin, POO1 , and creation of partial proof of receipt, POR1 ) of the design scheme. Tables 4 and 5 present the results. Here, we have calculated the time taken to perform the tasks for 1000 PHRs and then find the average for 1 PHR by dividing the result with 1000.

7.4.2

On-chain Exchange

We have analyzed our on-chain exchange several times by creating a Blockchain network with a different number of nodes at each time. In each case, our network was able to maintain all of our design goals. In our Blockchain network, all the nodes have the right to mine, post, or view transactions. Once a node posts a transaction in the Pub/Sub channel, the transaction will first enter the “transaction-pool-map” and distributed across the Blockchain network. “Transaction-pool-map” is a list, managed by each node, where every unmined transaction will be queued. A node can call the “transaction-pool-map” API and can check how many transactions are there waited to be mined (see Figs. 4 and 5 where two nodes, running at two different ports, calling the API and getting the same list of unmined transactions). When a node tries to mine, all the transactions in the “transaction-pool-map,” present at the time of mining, will be considered as the “data” of a block and that node will start finding the nonce

A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records. . .

17

Fig. 4 Snapshot of a node, running at port 3000, calling the transaction-pool-map API and getting the list of unmined transactions

Fig. 5 Snapshot of a node, running at port 3759, calling the transaction-pool-map API and getting the list of unmined transactions

18

N. Al Goni et al.

Fig. 6 Snapshot of a node, running at port 3921, mined a block of 120 transactions on it (in the data block) Table 6 Capacity of “transaction-pool-map” No. of healthcare provider nodes 5 5 5 10

No. of patient nodes 50 75 100 200

Total nodes 55 80 105 210

Total no. of transactions in the “transaction-pool-map” 50 75 100 200

value for that block (see Fig. 6 where a block is formed with 120 transactions in it). We have experimented with the on-chain exchange several times while each time considering some nodes in the Blockchain network as healthcare providers and rest as patients. We have posted numerous transactions by different patient nodes to different healthcare provider nodes (each patient node posts one transaction to one healthcare provider node) and tested the capacity of the “transaction-pool-map.” Table 6 states the result. Also, we monitored and found out that our private Blockchain network, in each case, was maintaining all the rules we mentioned in the Sect. 4.2. Finally, we measured the time taken to mine a block varying the difficulty level which is shown in the Fig. 7. The average time to mine a transaction in Bitcoin is approximately 10 min. If we consider the Bitcoin Blockchain as a standard, in our case, the optimal difficulty level could be from 21 to 28. Unfortunately, in case of a network with 250 nodes, the mining is taking excessive amount of time in compare to others. The reason is, since, in our experiment, we have created the network within the same work station, the time requirement depends on the number of the nodes in the network. If a network is created with different work stations, the time requirement for mining a block would have been different as in that case, every node will have an individual machine to compute and find the nonce.

A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records. . .

19

Fig. 7 Time requirement for mining a block

8 Conclusion In this paper, we have proposed a new P2P optimistic fair-exchange (OFE) scheme for personal health records by leveraging Blockchain technology. The proposed scheme guarantee non-repudiation and fair exchange by utilizing the immutability property of the shared distributed ledger. By tokenizing personal health records and generating a digital fingerprint, the proposed scheme enabled complete privacy and eliminated the need for a trusted third party. The use of off-chain communication enabled the exchange of personal health records in a P2P manner and reduced the storage overhead on the shared distributed ledger. The use of a platformagnostic approach in implementing the proposed scheme will provide a reference implementation that could be used by other research teams to test new fair-exchange schemes that will utilize Blockchain. Our future work will focus on the following aspects. First, we will extend the scheme to enable personal health records exchange between healthcare providers on behalf of the patients while allowing the patients to selectively decide how and when they wish to share their data and with whom. Second, we would like to test the effect of using other consensus algorithms as a replacement of the default PoW on the scalability of the Blockchain networks. Finally, we will investigate the behaviors of the Blockchain network in case of massive node failures, where a node suddenly disconnects from the network.

References 1. Abbas, A., & Khan, S. U. (2014). A review on the state-of-the-art privacy-preserving approaches in the e-health clouds. IEEE Journal of Biomedical and Health Informatics, 18(4), 1431–1441. 2. Asokan, N., Shoup, V., & Waidner, M. (2000). Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in Communications, 18(4), 593–610.

20

N. Al Goni et al.

3. Ateniese, G. (1999). Efficient verifiable encryption (and fair exchange) of digital signatures. In Proceedings of the 6th ACM Conference on Computer and Communications Security, CCS ’99 (pp. 138–146). New York, NY: ACM. 4. Bao, F., Deng, R. H., & Mao, W. (1998). Efficient and practical fair exchange protocols with off-line ttp. In Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186) (pp. 77–85). 5. Ben-Or, M., Goldreich, O., Micali, S., & Rivest, R. L. (1990). A fair protocol for signing contracts. IEEE Transactions on Information Theory, 36(1), 40–46. 6. Boyd, C., & Foo, E. (1998). Off-line fair payment protocols using convertible signatures. In K. Ohta & D. Pei (Eds.), Advances in cryptology — ASIACRYPT’98 (pp. 271–285). Berlin: Springer. 7. Coffey, T., & Saidha, P. (1996). Non-repudiation with mandatory proof of receipt. SIGCOMM Computer Communication Review, 26(1), 6–17. 8. Damgård, I. B. (1995). Practical and provably secure release of a secret and exchange of signatures. Journal of Cryptology, 8(4), 201–222. 9. Deng, R. H., Gong, L., Lazar, A. A., & Wang, W. (1996). Practical protocols for certified electronic mail. Journal of Network and Systems Management, 4(3), 279–297. 10. EMRBOTS.ORG. (2019). Experiment with artificial large medical data-sets without worrying about privacy. Accessed December 3, 2019, from http://www.emrbots.org/ 11. Even, S., & Yacobi, Y. (1980). Relations among public key signature scheme. Technical Report 175, Computer Science Dept. Israel. 12. Even, S., Goldreich, O., & Lempel, A. (1983). A randomized protocol for signing contracts. In D. Chaum, R. L. Rivest, & A. T. Sherman (Eds.), Advances in cryptology (pp. 205–210). Boston, MA: Springer. 13. Ferrer-Gomila, J.-L., Francisca Hinarejos, M., & Isern-Dey˘a, A.-P. (2019). A fair contract signing protocol with blockchain support. Electronic Commerce Research and Applications, 36, 100869. 14. Gaži, P., & Maurer, U. (2009). Cascade encryption revisited. In Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT ’09 (pp. 37–51). Berlin: Springer. 15. Goldreich, O. (1984). A simple protocol for signing contracts (pp. 133–136). Springer: Boston, MA. 16. Hinarejos, M. F., Ferrer-Gomila, J., & Huguet-Rotger, L. (2019). A solution for secure certified electronic mail using blockchain as a secure message board. IEEE Access, 7, 31330– 31341. 17. Huang, Q., Yang, G., Wong, D. S., & Susilo, W. (2015). Ambiguous optimistic fair exchange: Definition and constructions. Theoretical Computer Science, 562, 177 – 193. 18. Imamoto, K., & Sakurai, K. (2002). A certified e-mail system with receiver’s selective usage of delivery authority. In A. Menezes & P. Sarkar (Eds.), Progress in cryptology — INDOCRYPT 2002 (pp. 326–338). Berlin: Springer. 19. Kremer, S., Markowitch, O., & Zhou, J. (2002). An intensive survey of fair non-repudiation protocols. Computer Communications, 25(17), 1606–1621. 20. Luo, X., Qin, Z., Geng, J., & Wu, C. (2006). P2pfair: Fair exchange in p2p sharing system without dedicated ttp. In 2006 First International Conference on Communications and Networking in China (pp. 1–5). 21. Markowitch, O., & Roggeman, Y. (2001). Probabilistic non-repudiation without trusted third party. 22. Martin, T. (2017). Blockchain, the technology behind bitcoin, is quickly gaining traction as a secure way to record all kinds of transactions. what is it and why should you care? slalom.com. 23. Maruyama, H., Nakamura, T., & Hsieh, T. (2003). Optimistic fair contract signing for web services. In Proceedings of the 2003 ACM Workshop on XML Security, XMLSEC ’03 (pp. 79–85). New York, NY: ACM.

A P2P Optimistic Fair-Exchange (OFE) Scheme for Personal Health Records. . .

21

24. Meng, H., Bian, E., & Tang, C. (2019). Themis: Towards decentralized escrow of cryptocurrencies without trusted third parties. In 2019 Sixth International Conference on Software Defined Systems (SDS) (pp. 266–271). 25. Park, J. M., Chong, E. K. P., & Siegel, H. J. (2003). Constructing fair-exchange protocols for e-commerce via distributed computation of RSA signatures. In Proceedings of the Twentysecond Annual Symposium on Principles of Distributed Computing, PODC ’03 (pp. 172–181). New York, NY: ACM. 26. Ray, I., & Ray, I. (2002). Fair exchange in e-commerce. SIGecom Exchange, 3(2), 9–17. 27. Shamir, A. (1979). How to share a secret. Communications of the ACM, 22(11), 612–613. 28. Shen, B., Guo, J., & Yang, Y. (2019). MedChain: Efficient healthcare data sharing via blockchain. Applied Sciences, 9(6), 1207. 29. Wang, G. (2010). An abuse-free fair contract signing protocol based on the RSA signature. IEEE Transactions on Information Forensics and Security, 5, 158–168. 30. Zhou, J. (2001). Non-repudiation in electronic commerce. Norwood, MA: Artech House. 31. Zhou, J., & Gollman, D. (1996). A fair non-repudiation protocol. In Proceedings 1996 IEEE Symposium on Security and Privacy (pp. 55–61). 32. Zhou, J., & Gollmann, D. (1996). Certified electronic mail. In E. Bertino, H. Kurth, G. Martella, & E. Montolivo (Eds.), Computer Security — ESORICS 96 (pp. 160–171). Berlin: Springer.

Characterizing Command and Control Channel of Mongoose Bots Over TOR Wei Lu, Nathanael Mercaldo, and Chance Tellier

1 Introduction The growth of the Internet not only provides a means to relay useful information to friends, colleagues, or strangers alike, but also a means to wreak havoc on the dissemination of that same information as well. The recent article published by Abusix shows that the prevalence of botnets continues to grow [1], partially due to their ability to infiltrate almost any internet-connected devices, from DVR players to corporate mainframes [2]. A good example of such a botnet is the 50-millioncomputer botnet-dubbed Storm. The Storm botnet was used for crimes such as identity theft, stock price fraud, denial of service, DDoS attacks, and the large-scale deployment of malware bots, email spambots, forum spambots, and click bots that artificially increase traffic and increase PPC revenue [1]. Functionally a bot is an application that performs tasks by running scripts over the Internet. Bots perform simple, structurally repetitive tasks much more quickly than any human could. Most bots are harmless and crucial for making the internet valuable and useful, but bots can also be malignant and destructive when they are deployed by cyber criminals [1]. To build a botnet, botmasters need as many infected devices under their command as possible. The more bots connected, the bigger the botnet. Bot masters often deploy botnets onto computers through a trojan horse virus

W. Lu () Department of Computer Science, Keene State College, USNH, Keene, NH, USA Peter T. Paul College of Business and Economics, University of New Hampshire, Durham, NH, USA e-mail: [email protected] N. Mercaldo · C. Tellier Department of Computer Science, Keene State College, USNH, Keene, NH, USA © Springer Nature Switzerland AG 2020 I. Woungang, S. K. Dhurandher (eds.), 3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication, Lecture Notes on Data Engineering and Communications Technologies 51, https://doi.org/10.1007/978-3-030-44372-6_2

23

24

W. Lu et al.

[2]. Another important concept to explore is the idea of a puppetnet. PuppetNets, similarly to a botnet, but don’t need to have a computer infected as a bot. Instead, a user can perform malicious acts on a victim by unknowingly loading a web page with image-loading HTML tags, JavaScript instructions that remotely manipulate that user’s browser with negative intentions [3]. Realistically, putting down a botnet is not difficult, we can just blacklist the IRC server. This is slowly becoming less advantageous, though, due to botnets using protocols such as HTTP to allow for more options and flexibility [4, 5], and recent studies have also shown that the TOR network has been employed by botmasters in order to achieve greater stealthiness and untraceability [6]. Typically, there are two common structures of botnets, namely (1) client/server-based model and (2) peerto-peer-based model. The client/server-based botnet structure is set up like a basic network with one main server controlling the transmission of information from each client. The botmaster uses special software to establish command and control (C&C) servers to relay instructions to each client device. In the peer-to-peer (P2P) model, rather than relying on one centralized C&C server, newer botnets have adopted more interconnected peer-to-peer structure. In a P2P botnet, each infected device functions as both a client and a server. Individual bots have a list of other infected devices and will seek them out to update and to transmit information between them. The peer-to-peer strategy aims to solve the weakness of having a single point of failure. Sinit [7], Phatbot with WASTE command [8], Nugache [9] and Storm worm [10] are some of the successful examples of distributed botnets on the Internet. Existing botnet detection methods include a number of good ideas, though they are far from completed yet mainly because more and more botnets are now evolving away from the centralized communication approach, and toward using TOR-hidden services to achieve the more advanced strategy of distributed communication. Also, as mentioned before, most botnets are mobile based thus broadening the scope of distribution possibilities. In this short paper, we address the challenge of investigating cross-platform botnets over TOR, and present a lightweight botnet that accesses the full capabilities of TOR, called Mongoose. A new network traffic flow format, called KiFlow, has also been proposed in order to discover the mystery hidden behind the TOR network and to extract the networking characteristics relevant to the C&C traffic of botnet using TOR. The preliminary experimental evaluation results show that our analysis is promising to reveal many significant characteristics of Mongoose, such as (1) inherent ability of bots to phase in and out of networks due to their mobile nature. (2) encrypted communications between bot and master, and (3) the use of user agents to hide control traffic dispersion over the TOR network. The rest of the paper is organized as follows. Section 2 introduces related work, in which we summarize some of the typical existing botnet detection approaches. Section 3 presents Mongoose, a botnet over TOR. Section 4 is a new network traffic flow format for characterizing the Mongoose traffic and a preliminary experimental evaluation for districting mongoose generated web traffic from traffic generated by non-bot machines. Section 5 makes some concluding remarks and discusses future work.

Characterizing Command and Control Channel of Mongoose Bots Over TOR

25

2 Related Work Most early research done on botnets is based on existing public botnet databases. Barford and Yegneswaran analyze botnet behaviors, mechanisms, and obfuscation techniques based on four IRC botnet databases in their report [11] in which honeypots are the main technologies used to examine patterns and log activities with a focus of modeling illegal activities or malicious outcomes. There are two main categories that dominate the world of botnet detection today, namely (1) anomaly based and (2) traffic application classification-based detection. Strayer et al. in [12, 13], detect botnets by examining flow characteristics such as bandwidth, duration, and packet timing. These variables are used to look for the evidence of the botnet command and control activity. First, they tackle the problem of filtering out benign traffic with no relevance to detecting botnets. Then it takes the remainder of traffic and groups it based on likelihood of containing botnet activity. Once the data are compiled, the examination begins to discover a pattern in order to find common communications that likely correlate to a botnet. Secondly, another approach to “sniffing out” botnets is anomaly-based detection. This type of detection is independent of any particular botnet’s C&C communications structures and another powerful advantage of this method is the lack of knowledge required of existing botnets. This means that it is irrelevant whether the given botnet being detected is new or old to the detection system, the end result is the same. Lastly, some systems using this detection method benefit from the ability to detect botnet activity over encrypted data. J. Binkley in [14] shows an example of a network anomaly-based detection system created at Portland State University which uses an algorithm to assign a percentage value to each IP source, and then use this data to calculate the probability of an anomaly. The rough idea is that the count of TCP control packets is taken (SYN’s plus SYNACKs sent, FIN’s sent, and RESETS) and divided by the total number of TCP packets ($T_{sr}$). Choi et al., in [15], analyze the IP header of DNS traffic. The technique works around the fact that botmasters move their C&C server often to avoid being detected, during this migration, the bots in this botnet will migrate with it, thus there can be group activities that can be detected. Their method is independent of the C&C protocol used and can detect botnets even when the communications are encrypted due to the fact that they use IP headers. Although the above botnet detection techniques generate good ideas, some open issues still remain including (1) some detection approaches are limited to specific C&C protocols, (2) some detection approaches are limited to specific botnet structures, and (3) most of the proposed approaches need deep packet inspection, thus making the detection in high-speed network a challenge. Moreover, while some anomaly-based detection methods can sniff encrypted data, command and control mechanisms remain mostly unsolved with a trend of more and more botnet using encrypted communication channels.

26

W. Lu et al.

3 Mongoose: A Lightweight Cross-Platform Botnet Over TOR TOR (The Onion Router) is a program that allows you to connect to the Tor network, and enables anonymous communication. TOR uses something called onion routing in order to accomplish this anonymity, which is the idea of layering encryption over data, and only “peeling back” layers of encryption each hop as illustrated in Fig. 1. A typical TOR network connects through an entry node, gets routed to the middle node, and then leaves through an exit node to the server. Since there is no dedicated entry, exit, or middle node, serving all three concurrently for different users adds more anonymity on top of onion routing. Even if a node is compromised, it only knows of the step before and after it and we do not know the exit node or server address due to its encryption. On the other hand, we might be able to sniff data leaving the exit node, that data are unencrypted at this point, but we have no idea who sent it through the network. As a result, in order to address the challenge of detecting cross-platform botnets over TOR, we analyze a lightweight botnet that has access to all of TOR’s capabilities named Mongoose. We can now use Mongoose in order to identify relevant network characteristics tied to C&C traffic over TOR. Figure 2 presents the generalized topology of Mongoose. Some main features of Mongoose include: • A lightweight system, requiring minimal resources from bots, and the ability to be deployed rapidly and effectively. • Through the use of social media, we can distribute the botnet at a faster rate, and provide a more expansive method of collecting traffic. • Using a cross-platform architecture-dubbed KIVY, we can assure its infection across multiple platforms, including mobile phones, tablets, computers, and many devices in the IoT space. • Using a modern peer-to-peer hybrid architecture, we can ensure more obfuscation in the fact that multiple servers control multiple clients. • All communications are asymmetrically encrypted. Next, we conduct some analysis on traffic entering (ingressing) and leaving (egressing) the TOR network to determine what characteristics of said traffic should

Layer 3 Encryption

Fig. 1 TOR structure

Layer 2 Encryption

Layer 1 Encryption

Client Data

Characterizing Command and Control Channel of Mongoose Bots Over TOR

Mongoose Client

27

Tor Network

Victim Server

Fig. 2 Basic structure of Mongoose botnet

be further examined. Some examples include, but are not limited to bytes per packet, packets per second, timing, to name a few.

4 KiFlow and Its Application for Characterizing Mongoose Bots KiFlow is a network traffic-monitoring system designed and implemented solely for the efficient extraction of useful features from network traffic collected on the Internet. It is built upon a high-performance C++ based framework geared toward network feature extraction, and further traffic classification with a new network flow format, called KiFlow, that can be used to export traffic features and classifications generated by the framework. The KiFlow framework is differentiated from existing frameworks such as Wireshark or Python-based analysis via the following design considerations: • Performance: the development of a standalone framework allows us to tailor performance characteristics to our specific needs, thus enabling us to process larger datasets quickly without the possible limitations introduced by a more general framework. • Flexibility: the framework is designed in an extremely modular manner, thus allowing the system to be extended and improved quickly as new functional requirements are discovered. • Simplicity: the KiFlow framework is designed with a specialized goal in mind, this means it can be kept “lean and mean.” As illustrated in Fig. 3, the KiFlow framework is a high-performance crossplatform application written in C++, designed to extract useful features from large

28

W. Lu et al.

Fig. 3 Web interface of KiFlow

Fig. 4 HTTP traffic generated by mongoose bot

network traffic collected on the Internet. The system is also designed to allow advanced classification of said network traffic into various accessible aggregate groups. KiFlow receives traffic input either in the form of a real-time capture, or a provided pcap file. The library libtins is then used to interact with the underlying pcap engine and extract packets from the previously mentioned data sources. One of the most typical behaviors of a Mongoose bot is that its control and command channel is based on http traffic. As illustrated in Figs. 4 and 5, by using KiFlow for feature extraction we found that the patterns of occurrence frequency for each individual character between mongoose bot-based http traffic and normal traffic generated by non-bot machine are very different. Such a difference is a promising finding, and implies that we can extract those features to discriminate

Characterizing Command and Control Channel of Mongoose Bots Over TOR

29

Fig. 5 HTTP traffic generated by non-bot

the http traffic generated by a mongoose bot and the normal http traffic generated by non-bot machines in our following work.

5 Conclusions and Future Work In this short paper, we introduce mongoose, a lightweight cross platform botnet over TOR network and propose KiFlow, a new intelligent network flow format for traffic feature extraction. The comparative studies using KiFlow illustrate a significant difference of the behavior patterns between the web traffic generated by mongoose bot and the normal web traffic generated by non-bot machines. In the near future, we will improve KiFlow by including GPU-accelerated feature extraction and aggregating cross-domain channels. Moreover, we will select a completed set of 256 features including both mongoose traffic and normal traffic in which training and testing will be set for the benchmark testing of various machine learning algorithms.

References 1. Knecht, T. (2019). A brief history of bots and how they’ve shaped the internet today. Retrieved December from https://www.abusix.com/blog/a-brief-history-of-bots-andhow-theyve-shaped-the-internet-today 2. What is a botnet? (2017). Retrieved December, 2019, from https://www.pandasecurity.com/ mediacenter/security/what-is-a-botnet/

30

W. Lu et al.

3. Athanasopoulos, E., Makridakis, A., Antonatos, S., Antoniades, D., Ioannidis, S., Anagnostakis, K., & Markatos, E. (2008). Antisocial networks: Turning a social network into a Botnet. In Proceedings of the 11th information security conference, Taipei. 4. Chiang, K. & Lloyd, L. (2007). A case study of the Rustock Rootkit and Spam Bot. In Proceedings of USENIX HotBots. 5. Daswani, N. & Stoppelman, M. (2007). The anatomy of Clickbot.A. In Proceedings of USENIX HotBots. 6. Klijnsma, Y. (2013). Large botnet cause of recent Tor network overload. Retrieved from http:/ /blog.fox-it.com/2013/09/05/largebotnet-cause-of-recent-tor-network-overload/Fox-It 7. Wang, P., Sparks, S., & Zou, C. (2007). An advanced hybrid peer-to-peer Botnet. In Proceedings of the first conference on first workshop on hot topics in understanding botnets. HotBots’07 (p. 2). Cambridge, MA: USENIX Association. 8. Phatbot. (2019). Retrieved December from https://fortiguard.com/appcontrol/12714 9. Nugache. (2019). Retrieved December from http://www.securityfocus.com/news/11390/ 10. Peacomm. (2019). Retrieved December from https://www.symantec.com/security-center/ writeup/2007-011917-1403-99 11. Barford, P. & Yegneswaran, V. (2006). An inside look at Botnets. In Special workshop on malware detection, advances in information security. Springer Verlag. 12. Strayer, W., Walsh, T., Livadas, C., & Lapsley, D. (2006). Detecting botnets with tight command and control. In Proceedings of the 31st IEEE conference on local computer networks (LCN) (pp. 15–16). 13. Strayer, T., Lapsley, D., Walsh, R., & Livadas, C. (2008). Botnet detection: Countering the largest security threat. Vol. 36: Botnet detection based on network behavior. Springer. 14. Binkley, R. (2006). An algorithm for anomaly-based botnet detection. SRUTI ‘06 Abstract. Retrieved from www.usenix.org/legacy/event/sruti06/tech/full_papers/binkley/binkley_html/ 15. Choi, H. S., Lee, H. W., Lee, H. J., & Kim, H. G. (2007). Botnet detection by monitoring group activities in DNS traffic. In 7th IEEE international conference on computer and information technology (CIT).

Performance Evaluation of SDN-WISE Against RPL-Based Ad-Hoc Wireless Sensor Network Using the Cooja Simulator Samridhi and Ramiro Liscano

1 Introduction Wireless Sensor Network (WSN) is defined as a network of low power and resource constraint devices that communicate over wireless links. It is an integral part of the emerging field of Internet of Things (IoT). Because of this, there has been a lot of work going on to make these wireless networks programmable and service oriented using Software Defined Networking (SDN) architecture. SDN is expected to bring flexibility and ease its management and configuration. It does so by splitting the data and control planes in the network such that all the management and configuration of the network in performed by the controller. This results in a re-programmable and service driven network. The survey paper [1] by Kobo et al., lists the advantages of adopting SDN architecture into WSN such as vendor independence, heterogeneous network management, reliability and security. These features are generally not considered in most WSNs. The main disadvantage of leveraging an SDN approach in WSNs is the message overhead encountered due to the communication between the data and the control plane. Other aspects of WSNs such as low memory and processing power are not impacted as severely as maintaining a flow table is similar to that of maintaining a routing table and neighbour tables must be maintained for both styles of architectures. In this paper we compare the SDN-WISE system [2] to an ad-hoc network that leverages the RPL (Routing Protocol for Low Power and Lossy Networks) protocol. The RPL used in the ad-hoc network is configured as a tree based routing protocol

Samridhi · R. Liscano () University of Ontario Institute of Technology, Oshawa, ON, Canada e-mail: [email protected]; [email protected] © Springer Nature Switzerland AG 2020 I. Woungang, S. K. Dhurandher (eds.), 3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication, Lecture Notes on Data Engineering and Communications Technologies 51, https://doi.org/10.1007/978-3-030-44372-6_3

31

32

Samridhi and R. Liscano

which creates a DODAG (Destination Oriented Directed Acyclic Graph) of the nodes to set up routes from the sensor nodes to a sink node. While SDN-WISE is a realization of a SD-WSN architecture. SDN-WISE performs packet forwarding based on flows instead of packets and leverages the Dijkstra routing algorithm. The goal is to determine the Packet loss that a SD-WSN encounters under different network sizes. We do so by measuring Packet Reception Ratio (PRR) under different node density, (number of nodes per unit area) of the WSN. We used, PRR as the measure of efficiency in a network, in terms of, the ratio of packets which reached their destination over those that were sent. This paper is organized as follows. Section 2 highlights the evolution of SDN in WSN and the related work in terms of performance testing of SDN, also its comparison with traditional ad-hoc sensor networks. Section 3 defines the performance metric, PRR, by which we tend to compare SDN and RPL experiments. Section 4 is the experimental setup, which describes the various parameters affecting our experiments as well as gives a brief about the working of the experiments. The results of the experiments are in Sect. 5. Conclusion and future work are discussed in Sect. 6.

2 Related Work The survey paper by Kobo et al. [1] describes the various SDN modals developed for WSNs like sensor OpenFlow, SDWN, TinySDN, SDN-WISE [2] among others. The survey paper also talks about the challenges of incorporating SDN into WSN. It concludes that due to the resource constraint nature of WSN’s, the architecture of SDN in WSN is yet to be fully realized and reach its optimal efficiency. However, none of these papers tried to compare their solution with the existing ad-hoc WSN architectures. The paper by Tsapardaki et al. [3] is one that is closest to our work as it compares SDN-WISE [2] with RPL on the basis of packet lost per number of hops. This paper shows that the SDN-WISE architecture has more packet loss due to the overhead messages sent between the data and control plane. But the experiments performed in this paper were done with a small network containing only 7 nodes including the sink. But they claim SDN technology is said to improve efficiency in a larger scale network, which they did not consider. The works by Baddeley et al. [4] compare a SD-WSN to RPL. The authors developed their own SD-WSN architecture comparable to RPL and called it μSDN. They tested μSDN and RPL on the Cooja simulator and published results of node join time, packet delivery ratio and flow latency. We used similar configuration parameters that they used and have compatible results to their work, but they did not perform experiments on PRR. IoT paper by Buratti et al. [5] they also compare and SD-WSN architecture to RPL. In that work they compared the SDWN [6], Zigbee and 6LoWPAN solutions for IoT on the basis of packet loss rate (PLR), round-trip-time (RTT), overhead

Performance Evaluation of SDN-WISE Against RPL-Based Ad-Hoc Wireless. . .

33

and throughput. They concluded that a software defined architecture for wireless networks outperforms RPL and Zigbee, in static and quasi-static conditions. This was primarily because in their scenario, SDWN generated optimized paths which minimized forwarding time via the sensor nodes which was not the case in for RPL and Zigbee. In our scenarios we primarily focused on paths from the sensor nodes to the sink. To summarize almost no work has been done to compare SDN-WISE, which is a popular SDN implementation, and state-of-the-art RPL, in WSN’s. These comparisons can be a little complex and hard to compare since the architectures of SDN-WISE and RPL are different from each other. Therefore, we can only compare particular similar functionalities and make certain, the results are normalized relative to each other, example calculating ratio, PRR instead of packet loss.

3 Performance Metric: Packet Reception Ratio (PRR) This section defines the performance comparison metric we used to compare SDNWISE and RPL, that is PRR. PRR is calculated as the percentage ratio of total number of unicast packets received to the total number of unicast packets transmitted. Thus, it measures the packet loss in the model. In wireless sensor networks, packet loss occurs due to the unstable network links or when the path to the destination is not yet established. The PRR takes into account all the unicast packets in the network such as data packets in both RPL and SDN-WISE. Other types of packets like DIO, DIS, etc. in RPL and beacon packets in SDN-WISE are overhead packets used to discover and maintain the network. More information about these types of packets and the process of network convergence can be found in [7] and [2] for RPL and SDNWISE, respectively. In order to create traffic for measuring the PRR, every node sent data packets containing “hello world” as payload to the sink, periodically after every 4 min. And we ran the simulation for 15 min each experiment, thus data packets were sent three times.

4 The Experimental Setup We tested the scenarios in the simulation environment only, using Cooja simulator of Contiki operating system (OS). Contiki is a lightweight Linux based operating system developed for IoT devices and has been found to work better in WSN’s than the TinyOS and LiteOS, used previously in wireless sensors [8]. Cooja is the simulator in Contiki OS where we can test and develop applications for the wireless sensors using Contiki OS. The Cooja parameters used for the experiment are given in Table 1. The type of sensor motes used in the simulation was ‘CoojaMote’, found at ‘con-

34

Samridhi and R. Liscano

Table 1 Basic simulation parameters OS Simulator Radio Modal Network type Nodes Routing modal Mote type

Contiki OS Cooja UDGM Distance Loss model Static Homogeneous RPL, SDN CoojaMote

Area No. of nodes Tx (Transmission) range of each node Interference range of a node Tx (Transmission) ratio of each node Rx (Reception) ratio of each node Beacon interval (SDN) Min DIO interval (RPL) Initial delay induced RPL mode RPL Route Lifetime SDN-WISE Route Lifetime

100 m x 100 m 15,30,45,60 30 m 0m 100% 100, 70, 50, 30% 10 s 4s 0s Non-storing ∞ ∞

Table 2 Layers in RPL and SDN-WISE architecture Layers Transport Routing Internet MAC Radio Duty Cycling Physical

RPL UDP RPL DODAG IPv6/6LoWPan CSMA NullRDC 802.15.4

SDN WISE UDP (TCP for sink-controller) Dijkstra IPv6/6LoWPAN CSMA NullRDC 802.15.4

tiki/platform/cooja’ directory of the Contiki OS. The layers of the architecture of RPL and SDN-WISE motes used in the simulations are shown in Table 2. Since these configurations are responsible for how the mote will behave during simulations, the results we captured depend on the way the motes are configured. In RPL experiments, we used the sample RPL application [9], to run on the motes, available within Contiki OS. In SDN-WISE simulation, we used the Java controller, developed by the authors of SDN-WISE. The code is available online and the instructions to use their code is demonstrated on their website [10]. The Java SDN controller sits logically in the control plane and handles the network operations remotely. The Java controller talks to the sink node only. The controller runs separately on a terminal in Contiki OS while the wireless sensor nodes are simulated in Cooja simulator. The sink transfers all the information it receives from the network like the report messages or the flow

Performance Evaluation of SDN-WISE Against RPL-Based Ad-Hoc Wireless. . .

35

request or data messages, etc. upwards to the controller. The controller then creates a Wise flow table [2], a global network topology table, which is used by the controller to make routing decisions and flows.

5 Results and Analysis Figure 1 shows the PRR in case of RPL and SDN-WISE with respect to the node density. It was found that there is no packet loss in RPL, hence the PRR is 100%. While PRR of SDN-WISE was found to be around 90%. It is clear that SDN-WISE is incurring unusual packet loss even when the parameters of the Cooja collision model are set to ideal. These results were rather odd to see, even though the type of motes and their radios layer features such as number of retransmissions were same. In order to investigate the packet loss observed in SDN-WISE even with 100% Tx (Transmission) and Rx (Reception) ratio, more experiments were performed to find the PRR (Packet Reception Ratio) at different Rx ratio percentage. Figure 2 shows the PRR of SDN-WISE at different Rx ratio percentage across node density. Ideally PRR value at any node density must be equal to the Rx (Reception) ratio percentage set in the simulation model. But the PRR at any given Rx ratio is found to be 10– 15% less than expected. Further, the pattern of overhead messages was observed in both ad-hoc WSN with RPL and SDN-WISE, to find if the excessive overhead messages were the reason of this unexpected packet loss. This was done using the timeline feature in Cooja simulator [11].

Fig. 1 Packet Reception Ratio (PRR) in RPL and SDN-WISE observed over 15 min of simulation time based on total packets transmitted and received

36

Samridhi and R. Liscano

Fig. 2 PRR percentage for SDN-WISE for varying simulator parameter Rx (Reception Ratio), across node density Fig. 3 Timeline of 15 RPL motes from time period 50 to 90 s, with a 30 m Tx range, zero interference range, and 100% Tx ratio. Green = radio transmission, blue = successful packet reception and red = collision

Timeline is a feature of the Cooja simulator, which shows graphically when a node is transmitting or receiving or if there was a collision. Figure 3 shows a timeline from the experiment on ad-hoc WSN using RPL with 15 nodes, that is node density 0.0015, when the Tx ratio and Rx ratio are both 100%. This timeline shows the traffic for 40 s in the time period of 50–90 s of the simulation. In the timeline in Fig. 3 it was observed that there was no red bar on any node’s timeline that shows 100% transmission and reception, and hence no loss of data in

Performance Evaluation of SDN-WISE Against RPL-Based Ad-Hoc Wireless. . .

37

Fig. 4 SDN-WISE timeline of 15 nodes, with 100% Tx/Rx ratio from time period 50 to 90 s. Green = radio transmission, blue = successful packet reception and red = collision

Fig. 5 PRR of original SDN-WISE and after introducing random delay in beacon/report packets, at Rx ratio = 100%

RPL. The timeline for the network of 15 nodes in SDN-WISE is shown in Fig. 4. In this ideal scenario as well (Tx/Rx = 100%) red bars representing collisions were observed. Another thing observed from the timeline is that the beacon and report packets were being transmitted at the same time by all the nodes, which could be the reason for the excessive packet loss due to hidden node problem. This scenario can happen in real world as well. Thus in order to solve this problem, a random delay was added in the transmission of the periodic beacons and report messages. The PRR values were recorded for SDN-WISE, after introducing a random delay of 10 s, each time a node sent beacon or report packet. The results in comparison to the earlier readings are shown in Fig. 5. The packet reception improved by almost 10% and was almost equal to 100% as expected.

38

Samridhi and R. Liscano

In conclusion of this study, it was found that the packet loss in SDN-WISE was because of the hidden node problem caused due to simultaneous transmission. The packets often collided because in SDN-WISE the packets were generated periodically after the set beacon period. Thus all the nodes generated beacon packets at 10*x seconds and sent report packets at 20*x seconds which led to more probability of collision. Thus introducing a little randomness and flexibility in transmitting periodic packets improved the PRR results by about 10%.

6 Conclusion and Future Work After a series of experiments, we came to the conclusion that, SDN-WISE does not behave ideally, with respect to PRR even when the experiments were performed under 100% Tx/Rx ratio and zero interference range. It generates more packet loss than traditional ad-hoc WSN using RPL. Thus we can conclude that static and homogenous ad-hoc WSN performs better using RPL routing protocol rather than flow based SDN architecture. The packets often collided in SDN-WISE because they were generated periodically after the set beacon period. We verified it using the timeline feature of Cooja. All the nodes generated beacon packets at 10x seconds and sent report packets at 20x seconds which led to more probability of collision. Thus introducing a little randomness and flexibility in transmitting periodic packets improved the PRR results by about 10%. We only performed experiments related to PRR but the value of integrating the WSN with an SDN controller primarily amounts to the need to support a variety of flows in the network and diversity in services. We did not perform any experiments with a variety of flows to different end points as opposed to flows from sensor nodes to a sink. RPL can be configured for point to point communication but the version we worked with did not support this feature. We hope to perform this experiment in the future. Similarly, we would also obtain simulation results by varying the Tx range, mobility, and area of the WSN in the future.

References 1. Kobo, H. I., Abu-Mahfouz, A. M., & Hancke, G. P. (2017). A survey on software-defined wireless sensor networks: Challenges and design requirements. IEEE Access, 5, 1872–1899. 2. Galluccio, L., Milardo, S., Morabito, G., & Palazzo, S. (2015). SDN-WISE: Design, prototyping and experimentation of a stateful SDN solution for WIreless SEnsor networks. In 2015 IEEE Conference on Computer Communications (INFOCOM) (pp. 513–521). Piscataway: IEEE. 3. Tsapardakis, E., Ojo, M., Chatzimisios, P., & Giordano, S. (2018). Performance evaluation of SDN and RPL in wireless sensor networks. In 2018 Global Information Infrastructure and Networking Symposium (GIIS) (pp. 1–5). Piscataway: IEEE.

Performance Evaluation of SDN-WISE Against RPL-Based Ad-Hoc Wireless. . .

39

4. Baddeley, M., Nejabati, R., Oikonomou, G., Sooriyabandara, M., & Simeonidou, D. (2018). Evolving SDN for low-power IoT networks. In 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft) (pp. 71–79). Piscataway: IEEE. 5. Buratti, C., Stajkic, A., Gardasevic, G., Milardo, S., Abrignani, M. D., Mijovic, S., et al. (2015). Testing protocols for the internet of things on the EuWIn platform. IEEE Internet of Things Journal, 3(1), 124–133. 6. Costanzo, S., Galluccio, L., Morabito, G., & Palazzo, S. (2012). Software defined wireless networks (SDWN): Unbridling SDNs. In European Workshop on Software Defined Networking (pp. 1–6). 7. Tsvetkov, T., & Klein, A. (2011). RPL: IPv6 routing protocol for low power and lossy networks. Network Architectures and Services, 59–66. 8. Sesli, E., & Hacıo˘glu, G. (2017). Contiki OS usage in wireless sensor networks (WSNs). Turkish Journal of Electromechanics & Energy, 2(2), 1–6. 9. Contiki Tutorials: RPL UDP, last accessed November 20, 2019. Available from https://anrg. usc.edu/contiki/index.php/RPL_UDP 10. SDN-WISE The stateful Software Defined Networking solution for the Internet of Things, last accessed November 20, 2019. Available: https://sdnwiselab.github.io/ 11. Osterlind, F., & Dunkels, A. (2009). Contiki COOJA hands-on crash course: Session notes. Sics. Se, (July).

SNR-Based Multi-Head Selection and Reception Performance for IoT Clustering Yawgeng A. Chau

1 Introduction In practical applications of IoT systems, there may be thousands even millions of IoT nodes in a region. The IoT clustering with a cluster head (CH) becomes more important for data collection and information exchange between the IoT nodes and the gateway (e.g., base station of 5G cellular IoT or low-power wide-area network). With the IoT clustering [1–3], the CH may aggregate the data collected by all cluster nodes, and transmit them to the gateway. The gateway may also send necessary information (e.g., control commands) to the cluster via the CH. With the CH, IoT clustering can save the power of non-cluster-head (non-CH) nodes and efficiently use the wireless resource due to less long-distance transmission between non-CH nodes and the gateway [4, 5]. In addition, IoT clustering leads to easy scalability of IoT networks [6, 7]. For IoT clustering, the problem of CH selection has attracted a tremendous amount of research [8–11], where various head selection algorithms have been considered for the single-head case. On the other hand, for wireless communication in IoT systems, the performance of a single CH may degrade seriously due to channel fading [12]. Moreover, for those nodes located around the cluster edge with respect to the single CH, the direct communication between the nodes and the CH may be not available due to the limitation on radio transmission. Furthermore, with a single CH, once the CH fails, the whole cluster will lose contact with the IoT system. Thus, although IoT clustering with a single head may have advantages, the multi-head architecture illustrated in Fig. 1 can achieve more merits for an IoT system.

Y. A. Chau () Department of Electrical Engineering, Yuan Ze University, Taoyuan, Taiwan e-mail: [email protected] © Springer Nature Switzerland AG 2020 I. Woungang, S. K. Dhurandher (eds.), 3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication, Lecture Notes on Data Engineering and Communications Technologies 51, https://doi.org/10.1007/978-3-030-44372-6_4

41

42

Y. A. Chau

Gateway

Cluster 3

Cluster 1

Cluster 2 Red Nodes: Mulple Cluster-Heads (CHs) Blue Nodes: Non-Cluster-Head (Non-CH)

Fig. 1 The multi-head architecture for IoT clustering

In the context, to balance the complexity of head selection and the merit of multihead clustering, without loss of generality, the case of three CHs is considered to examine the performance of IoT clustering using multiple CHs. In the paper, the IoT system that supports two-way communications between the nodes and the gateway is considered, where the three CHs aggregate the data of non-CH nodes and transmit them to the gateway. The head selection is based on the top three SNRs among all cluster nodes for the wireless channel between IoT nodes and its gateway. For multi-head selection, the SNRs of the nodes in the cluster are first ordered according to their magnitudes, and the nodes with the top three SNRs are selected. With the three CHs of top 3 SNRs, the decision for data reception is in accordance with the majority voting from the three CHs. The three CHs selected with larger SNRs will lead to better reception performance when compared to the case of single head. The remainder of the paper is organized in the following way. In Sect. 2, the SNR-based selection of three CHs on the i.i.d. Rayleigh-fading channels and the reception with majority voting for binary data are addressed. In Sect. 3, the reception performance is analyzed for BPSK and DPSK signaling, and relevant BERs are derived. Numerical and simulation results are given in Sect. 4. Conclusions are drawn in Sect. 5.

SNR-Based Multi-Head Selection and Reception Performance for IoT Clustering

43

2 SNR-Based Multi-Head Selection and Data Detection For an IoT cluster of L nodes, let γ l denote the original faded SNR of the lth IoT nodes for l = 1, 2, . . . , L, where γ l are independent random variables on i.i.d. fading channels. For i.i.d. Rayleigh-fading channels, the probability density function (PDF)  of γ l is given by f (x) = e−x/γ /γ for x ≥ 0, where γ = E γk is the average SNR [12]. The cumulative distribution function (CDF) of γ l is F (x) = 1 − e−x/γ for x ≥ 0. For k = 1, 2, . . . , L, let γ (k) be the ordered SNRs, where γ (1) ≥ γ (2) ≥ · · · ≥ γ (L) and ordered SNRs γ (k) are mutually correlated random variables. Consequently, for the cases of three CHs in the cluster, the IoT nodes with the top three SNRs (γ (1) , γ (2) , γ (3) ) are selected as CHs. Based on the order statistics [13], the joint PDF of (γ (1) , γ (2) , γ (3) ) has the form   3  L f (xi ) fγ(1:3) (x1 , x2 , x3 ) = 3! F L−3 (x3 ) 3

(1)

i=1

  L L! . where = 3!(L−3)! 3 With the selected three CHs, the majority voting is employed for data reception. Let Km represent the number of CHs whose decision outputs are symbol m, where m = 0, 1 for binary data transmissions, and K0 + K1 = 3 with 0 ≤ Km ≤ 3. Then, with the majority voting, the detection of the binary data is based on the test K1

>1 K0 γeve ) This can further be resolved as:  ∞ ∞ Pout = Fγ main(X=x) (∈ γE )fγERx |(X=x) (γE )fx (x)dγE dx 0

(11)

(12)

0

In this, Fγmain(X=x) (∈ γE ) denotes the cumulative distributive function (CDF) of γmain conditioned on X,fγER |(X=x) is the probability distribution function (PDF) of x

γERx conditioned on X. The (∈ γE ) = 2Rs (1 + γE ) − 1. The average SNR between the main channel is given by γ1 = Ω1 γ0 and for ERx channel the average SNR is given by γ2 = Ω2 γ0 . The exact SOP is calculated as follows:

Secrecy Analysis of Underlay Cognitive Radio with Delayed Channel Information

95

Pout = I1 + I2

I1 =

Nb N e −1 

⎛ Φb A1 ⎝

1 − exp− ( Pω+1 ) 0 P +1 ω0

i=1 j =0

⎡

⎢ ×⎢ ⎣

1 − exp− j +1



(13)

⎞ ⎠ ⎤



2R s −1 A3  γ1 2Rs γ1

I2 =

Nb N p −1 e −1 N 

⎡ Φb A1

(−1)P Np

i=1 j =0 P =0

×

m−k−1  u=0



σu 2Rs −1 σ γ1

+

P +1 ω0

ω0

⎣

m−k−u

k! +

j +1 γ2

− (PΩ+1)

1 exp P +1 j +1 ω 0

0

⎥ k+1 ⎥ ⎦

(14)

⎤ ⎦ A3  σ m 2Rs σ γ1

(m − k − 1)! u!

k! +

j +1 σ γ2

k+1

(15)

    m Ne − 1 m (2Rs −1 )m−k (2Rs )k j where A1 = . (−1) Ne , A3 = k=0 γ2m m! j k

4 Numerical Results In this section, the effect of outdated CSI with varying parameters in underlay CRN is presented. The simulation is done for the verification of the result. The consider parameter Rs = 0.1 nats/s/Hz. The MRC technique is considered on the main channel. The outdated parameter η and varying antennas at ST x are studied with respect to SNR of the main channel. From Fig. 1 it is concluded that with increasing value of η the system treads towards perfect CSI and secrecy of system increases. Furthermore, it is also clear that secrecy improves with increasing number of antennas at ST x . In Fig. 2 the γ1 is plotted for the varying value of η and γ2 . In this, the SOP of the system improves with increasing value of γ2 which provides the information that γ2 is a decreasing function of secrecy and secrecy also increases with improving CSI of the system.

96

A. Thakur et al.

Secrecy Outage Probability (SOP)

100

10−1

. Simulation η=0.1,N =2 b

η=0.1,N =4 b

η=0.8,N =2 b

η=0.8,N =4 b

10−2 0

5

10

γ1(dB)

15

20

25

15

20

25

Fig. 1 The SOP with γ1 for Np = NT = NE = 2, σ = 1

Secrecy Outage Probability (SOP)

100

10−1

γ =10,η=0.2 2

γ2=10,η=0.8 γ2=5,η=0.2 γ2=5,η=0.8 10−2 0

5

10 γ1(dB)

Fig. 2 The SOP with γ1 for Nb = NT = Np = NE = 2, σ = 1

5 Conclusion In the present work, the underlay CRN is analyzed with outdated CSI. The exact secrecy performance is evaluated for the passive eavesdropping and MRC technique at the main channel. The present results reveal that the secrecy performance of the system increases with the increasing number of antennas of the secondary transmitter. The outage performance also increases as the system moves towards imperfect CSI. In future work, the optimum value for outdated CSI is to be calculated to increase the secrecy performance of the system.

Secrecy Analysis of Underlay Cognitive Radio with Delayed Channel Information

97

References 1. Gupta, N., & Dhurandher, S. K. (2019). Cross-layer perspective for channel assignment in cognitive radio networks: A survey. International Journal of Communication Systems, e4261. https://doi.org/10.1002/dac.4261 2. Gupta, N., Dhurandher, S. K., & Kumar, B. (2019). Cognitive radio networks: A comprehensive review. In Handbook of research on the IoT, cloud computing, and wireless network optimization (pp. 491–518). Hershey: IGI Global. 3. da Costa, D. B., Ferdinand, N. S., Dias, U. S., de Sousa Jr., R. T., & Latva-aho, M. (2016). Secrecy performance of MIMO Nakagami-m wiretap channels with optimal TAS and different antenna schemes. Transactions on Emerging Telecommunications Technologies, 27(6), 828–841. 4. Thakur, A., Kumar, A., Gupta, N., & Singh, A. (2019). Secrecy outage performance analysis of MIMO underlay cognitive radio networks with delayed CSI and transmitter antenna selection. International Journal of Communication Systems, Wiley, e4106. 5. Zhao, H., Tan, Y. y., Pan, G. f., & Chen, Y. f. (2017). Ergodic secrecy capacity of MRC/SC in single-input multiple-output wiretap systems with imperfect channel state information. Frontiers of Information Technology & Electronic Engineering, 18(4), 578–590. 6. Shannon, C. E. (1949). Communication theory of secrecy systems. Bell System Technical Journal, 28(4), 656–715. 7. Wyner, A. D. (1975). The wire-tap channel. Bell System Technical Journal, 54(8), 1355–1387. 8. Pan, G., Lei, H., Deng, Y., Fan, L., Yang, J., Chen, Y., et al. (2016). On secrecy performance of MISO SWIPT systems with TAS and imperfect CSI. IEEE Transactions on Communications, 64(9), 3831–3843. 9. Prabhu, V., & Rodrigues, M. (2011). On wireless channels with m-antenna eavesdroppers: Characterization of the outage probability and outage secrecy capacity. IEEE Transactions on Information Forensics and Security, 6(9), 853–860. 10. Shrestha, A. P., & Kwak, K. S. (2014). On maximal ratio diversity with weighting errors for physical layer security. IEEE Communications Letters, 18(4), 580–583. 11. Kumar, B., Kumar Dhurandher, S., & Woungang, I. (2018). A survey of overlay and underlay paradigms in cognitive radio networks. International Journal of Communication Systems, 31(2), e3443. 12. Zhao, H., Tan, Y., Pan, G., Chen, Y., & Yang, N. (2016). Secrecy outage on transmit antenna selection/maximal ratio combining in MIMO cognitive radio networks. IEEE Transactions on Vehicular Technology, 65(12), 10236–10242. 13. Lei, H., Zhang, H., Ansari, I. S., Gao, C., Guo, Y., Pan, G., et al. (2016). Secrecy outage performance for SIMO underlay cognitive radio systems with generalized selection combining over Nakagami-m channels. IEEE Transactions on Vehicular Technology, 65(12), 10126– 10132. 14. Chetry, S., & Singh, A. (2018). Physical layer security of outdated CSI based CRN. In 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT) (pp. 1–5). Piscataway: IEEE. 15. Huang, Y., Al-Qahtani, F. S., Duong, T. Q., & Wang, J. (2015). Secure transmission in MIMO wiretap channels using general-order transmit antenna selection with outdated CSI. IEEE Transactions on Communications, 63(8), 2959–2971. 16. Sun, L., & Du, Q. (2017). Physical layer security with its applications in 5g networks: A review. China Communications, 14(12), 1–14. 17. Wang, S., Yang, W., & Zhu, Y. (2013). Secrecy performance analysis for transmit antenna selection with outdated CSI. IEICE Communications Express, 2(10), 421–427. 18. Elkashlan, M., Wang, L., Duong, T. Q., Karagiannidis, G. K., & Nallanathan, A. (2015). On the security of cognitive radio networks. IEEE Transactions on Vehicular Technology, 64(8), 3790–3795. 19. Hu, Y., & Tao, X. (2015). Secrecy outage on transmit antenna selection with weighting errors at maximal-ratio combiners. IEEE Communications Letters, 19(4), 597–600.

Machine Learning-Based RF Jamming Classification Techniques in Wireless Ad Hoc Networks G. S. Kasturi, Ansh Jain, and Jagdeep Singh

1 Introduction Wireless networks are one of the significant communication technologies used for ubiquitous computing which allow the users to communicate without incurring the burden of installing cables. Due to the pervasive use of this technology, the security of wireless networks is a critical issue. Owing to the shared and open nature of the wireless medium, an attacker may employ various jamming strategies exploiting the vulnerabilities of the physical and MAC layer protocols. Jamming is basically a denial-of-service attack involving transmission of radio signals in order to disrupt communication by reducing signal-to-noise ratio, thereby, interrupting legitimate communication. There can be multiple types of attacks, attacker can transmit a permanent signal so that the packets are always jammed (constant jammer) or inject packets at random intervals of time (random jammer). Attacker can also exploit the higher semantics of the protocol layers like ACK packets, DATA packets and launch intelligent jamming strategy. VANETS form an important subset of wireless networks. With the increase in safety-critical applications in vehicular networks, significance of jamming detection is expected to increase. For instance, in VANETS, jamming detection can alert the driver about potentially malfunctioning applications. Many solutions have been proposed before addressing the issue of RF Jamming. For instance, Frequency Hopping techniques [1] like FHSS, DHSS and Hybrid(FHSS/DHSS) are adopted in the physical layer which involve rapidly hopping between various frequencies in order to prevent jamming interferences.

G. S. Kasturi · A. Jain · J. Singh () Division of Information Technology, Netaji Subhas Institute of Technology, University of Delhi, New Delhi, India © Springer Nature Switzerland AG 2020 I. Woungang, S. K. Dhurandher (eds.), 3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication, Lecture Notes on Data Engineering and Communications Technologies 51, https://doi.org/10.1007/978-3-030-44372-6_9

99

100

G. S. Kasturi et al.

They involve spreading the signal in order to offer greater resistance to the interfering signals. Since these techniques require much wider bandwidth than the original signal, they incur bandwidth wastage. Other techniques [2] like UWB (Ultra Wide Band), antenna polarisation and multi-antenna techniques also provide solutions for the jamming problem. Techniques like CSMA/CA, TDMA are used to address multi-channel jamming issue. Also, various solutions are available for tackling jamming in multi-hop networks which involve retreating from the jammer or re-routing from the traffic around the jammed area. Wireless networks are highly prone to jamming attacks and in order to ensure their normal operation, an effective jamming detection strategy should be employed. Moreover, jamming attacks need to be properly classified so that appropriate countermeasures can be taken. Jamming attacks can be detected and classified by analysing the network behaviour under jammed and normal conditions. It involves tracking of various parameters or metrics which may potentially indicate a jamming activity. It is easier to classify jamming attacks by using information from various layers [3]. (For example, Packet Delivery Rate in the application layer, Channel busy time in the MAC layer.) We, therefore provide a machine learning based approach which detects and classifies jamming attacks so that appropriate countersteps can be taken. We simulate a jammed network using NS3 and analyse the effects of various types of jammers (constant, reactive and random). This approach involves collection of various metrics from different layers which are then provided to a machine learning algorithm in order to detect and classify jamming attack. The proposed approach provides high detection accuracy and we further compare its performance with previously used machine learning-based approaches for jamming detection and classification [4]. In addition, the proposed approach can be used by the communication device itself for jamming detection thereby incurring minimal overheads and costs. The rest of the paper is classified into the following sections. The background and related works on jamming detection in wireless networks are presented in Sect. 2. Section 3 gives a detailed description of the jamming techniques with machine learning perspective. Theoretical analysis and simulation results are presented in Sect. 4. Finally, the conclusions and future work are discussed in Sect. 5.

2 Related Work Jamming attacks are a serious threat to wireless communication owing to the free and shared nature of the wireless medium. Various studies show the effects of jamming attacks for 802.11 and 802.15.4 systems [5, 6] and with reference to cellular systems [7, 8]. Oscar et al. [9] study jamming attacks and detection strategies in vehicular networks and propose an improved jamming detection scheme. In [10], Z. Yu et al. study various jamming attacks in wireless sensor networks and provide a detection mechanism for loose communication channels. In [4], the authors analyse jamming attacks in wireless systems and present a jamming

Machine Learning-Based RF Jamming Classification Techniques in Wireless. . .

101

detection and classification approach. Moreover, Emekcan Aras et al. [11] present various security issues in LoRa and LoRaWAN and use a simple hardware in order to implement jammer for LoRa, and present a series of detection methods for jamming attacks on LoRa wireless networks. In order to take proper countermeasures when a jamming attack is detected, it is necessary to understand the various jamming attack models that may be used by a malicious attacker. In [12], Wenyuan Xu et al. propose four different jamming attack models that can be used by an adversary for disrupting communication in wireless networks, and evaluate their effectiveness by determining its affect on the ability of a wireless node to send and receive packets. In [13], Mathy Vanhoef and Frank Piessens use an easily available Wi-Fi hardware to implement a jammer for Wi-Fi by modifying the open source driver. This method is very cheap and easy in contrast to USRP used by Nguyen et al. [14] to implement reactive jammer for Wi-Fi and WiMAX through GNURadio. USRP is expensive and complex to use. In [11], Emekcan Aras et al. implement an effective jammer for LoRa wireless networks by using simple hardware, including Arduino, Raspberry Pi and LoRa Wireless modules. In [12], authors propose two consistency check algorithms for detecting four types of jamming attacks. They first determine the link quality by ascertaining the packet delivery ratio. Then they perform a consistency check in order to determine if jamming attack is the cause for bad link quality. They propose two consistency check algorithms: one is to use the received signal strength as a consistency check, and the other is to use position information as a consistency check. They further evaluate the effectiveness of these two consistency check algorithms for detecting different types of jamming attacks. In [9], Oscar et al. propose a random forest-based detection method for 802.11 wireless networks and compare it with various other detection methods and show that random forest performs the best among others. In [15], Zhuo Lu uses gambling based modelling to create a jamming detection system in order to achieve efficient and robust jamming detection for time-critical wireless networks. At present, most countermeasures proposed for jamming attacks use the physical layer technologies like spread spectrum techniques. But these countermeasures are not effective every time. In most cases, the best choice is to detect the jamming attack. Konstantinos Pelechrinis [16] presents a distributed light-weight system to locate the jammer. In [17], Sudip Misra presents a pre-emptive jamming attack defence mechanism through a honey pot node. The honeypot node will generate virtual communication at a frequency close to the original communication frequency, and notify the communicating node when a jamming attack is detected. So that the communicating node can switch the frequency to a new frequency generated by the corresponding algorithm before the jammer scans to the real frequency.

102

G. S. Kasturi et al.

2.1 Jamming Attacks Model Jamming attack is one of the most common type of Denial of Service attack. This attack occupies the channel on which nodes are communicating and does not allow nodes from using the channel for communication. 1. Constant Jammers: A constant jammer is a jammer that produces high-power noise which represents random bits continuously. The bit generator in a constant jammer works independent of the channel sensing or the traffic on the channel and does not follow any MAC protocol. 2. Random Jammers: A random jammer is a type of jammer that operates in sleep and jam intervals randomly and does not follow any MAC protocol. It can either act as a constant jammer or reactive jammer during the jam interval and sleeps during the sleep interval irrespective of any traffic on the network. 3. Reactive Jammers: A reactive jammer becomes active when it senses transmission on the channel. It transmit noise when there is transmission on the channel which corrupts some number of bits in a legitimate packet. Due to this, a receiver cannot recover the checksum and the packet is discarded causing drop in the PDR.

2.2 Motivation Jamming attacks can be very damaging especially for time-critical applications. In the upcoming era involving VANETS, detection and classification of jamming attacks will become extremely crucial so that appropriate and efficient countermeasures could be taken. There have been various works proposed on detection of jamming attacks as mentioned in Sect. 2 but not many of them have dealt with the problem of classification of jamming attacks. We therefore, propose a machine learning-based technique for detection and classification of jamming attacks in wireless networks with minimal time and cost overheads. In [4], authors propose a similar technique and show that random forest performs best for detecting jamming attacks in wireless networks. But we show through intensive experimenting that there are other machine learning algorithms and techniques which detect and classify jamming attacks with better accuracy. In order to train and evaluate the machine learning algorithms, we collected data from different layers (PDR from the application layer and RSS from the physical layer). After collecting a large amount of data that includes PDR and RSS under different jamming conditions, we trained and evaluate various machine learning algorithms using the collected data. We analysed the performance of various machine learning algorithms and techniques in detail and proposed a technique which performs better than previously proposed techniques. Moreover, this work lays the foundation for further research in devising techniques to prevent jamming.

Machine Learning-Based RF Jamming Classification Techniques in Wireless. . .

103

3 System Design Wireless networks are vulnerable to Radio Frequency (RF) jamming attacks since an attacker can easily emit an interference signal to prevent legitimate access to the medium or disrupt the reception of signal by using various jamming strategies. This paper aims at detecting and classifying various jamming attacks in order to take necessary countermeasures. 1. Collection of data which is used for training and validating the machine learning algorithms 2. Use Gradient Boosting machine learning algorithm to detect and classify jamming attacks. Previous works have analysed various machine learning algorithms to detect and classify Jamming attacks. Various machine algorithms include KNN, Decision Trees, Random Forest, etc. Previous works have achieved best performance with Random Forest Classifier. We use a new machine learning algorithm that is Gradient boosting and compare its results with various machine algorithms used before. Gradient Boosting outperforms Random forest in detection and classification of the jamming attack. The flowchart of proposed algorithm is shown in Fig. 1. Gradient Boosting Gradient boosting is a machine learning technique used for both regression and classification problems. It forms an ensemble of weak prediction models like decision trees to produce a prediction model. Gradient Boosting is an example of the boosting algorithm. Boosting is an ensemble technique in which predictors are made sequentially, not independently. GBT build trees one at a time, and each new tree helps in correcting errors made by previously trained tree. Ensembling: This refers to a collection of different predictors that come together to predict the final outcome. In random forest a number of decision trees use mean or majority voting to predict final output. Ensembling hierarchy is shown in Fig. 2. Bagging: Bagging is an ensembling technique which constructs independent predictors or learners and combines them using model averaging techniques like mean. Boosting: This is similar to bagging as it is also an ensemble technique but different as it builds the various predictors sequentially and not independently. Hence, Gradient Boosting is an Ensembling technique and builds the predictors sequentially. This makes it different from random forest which uses bagging technique. Hence our proposed model uses this technique to improve over previous work.

104

G. S. Kasturi et al.

Fig. 1 Proposed algorithm

4 Evaluation For the purpose of the proposed model, we conducted various simulations in ns-3 [18] and collected a lot of data. We varied parameters like distance between nodes and power of transmission of nodes. We then used the data to train proposed model using machine learning algorithms and analyse the relation between different types of jamming attacks. The data collected was preprocessed to remove duplicate and missing values. Also the values were normalised to remove bias towards any single feature.

Machine Learning-Based RF Jamming Classification Techniques in Wireless. . .

105

Ensembling

Bagging (Random Forest)

Independent Classifiers

Handles Over fitting

Boosting (Gradient Boosting)

Reduce Variance

Can Overfit

Reduce bias and variance

Sequential Classifier

Fig. 2 Ensembling hierarchy

We use packet delivery rate and received signal strength at the receiver end for jamming detection scheme. These metrics can easily be obtained from existing hardware and can be measured at the receiver alone whereas metrics like noise need information about the sender as well. The RSS can be measured easily at the receiver’s end and PDR can be calculated as the ratio of correctly received packets to the total number of preambles received. Unlike the signal strength and carrier sense time, the PDR is calculated in a sliding window, that is, the packet delivery rate is updated once a packet is successfully received. If no packet is received within the sliding window, the PDR within the window is zero. The data was collected in above three cases was fed to different machine learning algorithms with changing parameters. The data collected was labelled as following: (a) 0—No Jammer; (b) 1—Constant Jammer; (c) 2—Reactive Jammer; (d) 3—Random Jammer. The first experiment conducted was by changing the distance between the nodes. The position of each node was defined as a function of “d” variable as following (as shown in Fig. 3): – – – – –

Node0 (source) = (0.0, 0.0, 0.0) Node1 = (d, 0.1 * d, 0.0); Node2 = (2 *d, 0.0, 0.0); Node3 (receiver) = (3 * d, 0.1 * d, 0.0); Node4 (Jammer) = (2 * d, −0.5 * d, 0.0);

Some researchers have pointed out that using only PDR as a metric is sufficient in order to detect a jamming attack. This might be because in case of a jamming attack PDR reduces significantly. But, they show that the PDR can still be as high as 78% in congested networks, whereas it is greatly reduced if receiver has poor link quality. Therefore both PDR and RSS need to be considered for classification of jammers, using only one of them would not yield good results. We vary various simulation parameters in order to collect Packet Delivery Rate (PDR) and Received Signal Strength (RSS) for different jamming situations: 1. Distance between the nodes: We vary the distance between the nodes “d” (as shown in Fig. 3) in order to vary the received signal strength which affects the

106

G. S. Kasturi et al.

Fig. 3 Configuration of nodes

2.

3.

4.

5.

packet delivery ratio in return. We see that increasing the distance between the nodes reduces the received signal strength and packet delivery ratio. Transmission Power: The TX power setting specifies the strength of the signal that the sender (node 0) produces during the times it is transmitting. A stronger signal will generally provide a more reliable wireless connection. A lower power setting means the signal will not go as far and will imply reduced received signal strength. We vary the sender transmission power of the sender. Decreasing the transmission reduces the link quality thereby affecting the packet delivery ratio. Distance between the sender and receiver: The distance between sender (Node 0) and receiver (Node 3) varied. As the distance between the sender and receiver increases, the received signal strength decreases and therefore, the packet delivery ratio decreases. Number of Packets: As we increase the number of packets, congestion in the network increases; therefore, packet delivery ratio decreases. We calculate the PDR and RSS value for the Receiver (Node 3) using the wireless module utility. We use the function TraceConnectwithoutContext() which invokes a callback function whenever the trace attribute “RSS” changes. The callback function is used for storing RSS and PDR of Node 3. Data Annotation: After collecting packet delivery ratio (PDR) and received signal strength (RSS) for different jamming scenarios, we label the data. These labels serve as ground truth for our machine learning algorithms. We use the variable distance, which was varied from 7 to 13 m at an interval of 0.2 s. The simulation ran for 60 s in each case and the jammer started running at 7 s. This was repeated for all three types of jammers.

After labelling the data was randomly shuffled and split into training and test sets. We experimented with two different splits and recorded the best results:

Machine Learning-Based RF Jamming Classification Techniques in Wireless. . .

107

– 60% train and 40% test – 70% train and 30% test The parameter changes in the machine learning algorithms were as follows: 1. Random Forest The number of estimators were taken to be 2, 5, 10, 100, 1000 and the best result was recorded. 2. KNN The number of neighbours were taken to be between 2 and 20 with an interval of 2 and the best result was recorded. 3. Decision Tree No parameter changes were tested. 4. Gradient Boosting The number of estimators were taken to be 1, 10, 100. The max depth of each tree was varied as 1, 10, 100 as well and the learning rate was taken from 0.1 to 1 at an interval of 0.1

4.1 Simulation Results Packet delivery ratio vs. distance and packet delivery ratio vs. power is shown in Figs. 4 and 5 respectively. Tables 1, 2 and 3 are representing the obtained accuracies, when we varied distance, power and distance power as combination. It is clearly easy to differentiate between jammed and no jammed situations. It is clearly easy to differentiate between jammed and no jammed situations. This is because the value of RSS is more in case of jammed signal as the strength for both the original message and jamming signal is added. The graph for reactive and constant jammer is overlapping more and so it is difficult to differentiate between them. The graph for reactive and constant jammer is congested for lower values of PDR and becomes

Distance vs PDR

Packet Delivery Ratio

10 Random Jammer

0.8

Reactive Jammer

0.6

Constant Jammer 0.4 0.2 0.0 7

8

Fig. 4 PDR vs distance

9

10 Distance

11

12

13

108

G. S. Kasturi et al. Power vs PDR

Packet Delivery Ratio

1.0 0.8

Random Jammer

0.6

Reactive Jammer

0.4

Constant Jammer

0.2 0.0 –20

–15

–10

–5 0 5 Power(dBm)

10

15

20

Fig. 5 PDR vs power Table 1 Accuracies (for changing distance)

Machine learning algorithm KNN Decision tree Random forest Gradient boosting (our model)

Accuracy 73.92% 71.37% 74.26% 75.75%

Table 2 Accuracies (for changing transmission power)

Machine learning algorithm KNN Decision tree Random forest Gradient boosting (our model)

Accuracy 70.02% 65.1% 67.9% 71.95%

Table 3 Accuracies (for changing distance and power simultaneously)

Machine learning algorithm KNN Decision tree Random forest Gradient boosting (our model)

Accuracy 64.22% 69.57% 69.85% 72.05%

more spaced for higher values. This shows that it is difficult to achieve higher values of PDR in these cases whereas for random jammer the PDR is still quite high so this jamming technique is not as effective as the other two. In case of no jamming situations PDR remains high even if RSS is low, it is only when RSS gets too low that PDR starts to drop which is not the case in jamming situations. Received signal strength vs distance and received signal strength vs. power is represented in Figs. 6 and 7 respectively.

Machine Learning-Based RF Jamming Classification Techniques in Wireless. . .

109

Distance vs RSS

Received signal strength

–50.0 –52.5 –55.0

Random Jammer

–57.5

Reactive Jammer

–60.0 Constant Jammer –62.5 –65.0 –67.5 7

8

9

10 Distance

11

12

13

Fig. 6 RSS vs distance

Received Signal Strength(dBm)

Power vs RSS

–40

Random Jammer

–50

Reactive Jammer

–60

Constant Jammer

–70 –80

–20

–15

–10

–5 0 5 Power(dBm)

10

15

20

Fig. 7 RSS vs power

5 Conclusion In this paper, a machine learning-based RF jamming classification in wireless ad hoc networks is proposed. we used ns-3 to simulate different jamming techniques on wireless networks. We collected data and used machine learning to classify different types of attacks so that appropriate countermeasures can be taken. The simulation results show that gradient boosting gives the best performance. We also conclude that it is difficult to classify between reactive and constant jammers

110

G. S. Kasturi et al.

whereas detecting whether jamming is occurring or not is relatively simple task. So we can further optimise the proposed algorithm to distinguish between reactive and constant jammers. Other techniques and algorithms can be tried to improve the accuracy even further. Also further research on this topic can include extending these algorithms for networks with mobile nodes like VANETS by including features such as relative speed of nodes, location, etc. The most natural step although, after classification of different types of jammers is to form techniques to prevent each type of attack. This is also a challenging and interesting research topic.

References 1. Navda, V. (2007). Using channel hopping to increase 802.11 resilience to jamming attacks. In 26th IEEE International Conference on Computer Communications (INFOCOM-2007) (pp. 1–8). 2. Zhao, L., & Haimovich, A. M. (2002). Performance of ultra-wideband communications in the presence of interference. IEEE Journal on Selected Areas in Communications, 20(9), 1684– 1691. 3. Pelechrinis, K. (2011). A measurement-driven anti-jamming system for 802.11 networks. IEEE/ACM Transactions on Networking, 19(4), 1208–1222. 4. Feng, Z., & Hua, C. (2018). Machine Learning-based RF jamming detection in wireless networks. In 2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC) (pp. 1–6), Piscataway: IEEE. 5. Bayraktaroglu, E. (2013). Performance of IEEE 802.11 under jamming. Mobile Networks and Applications, 18(5), 678–696. 6. Puñal, O., Aguiar, A., & Gross, J. (2012). In VANETs we trust: characterizing RF jamming in vehicular networks. In Proceedings of the Ninth ACM International Workshop on Vehicular Inter-Networking, Systems, and Applications (pp. 1–6). New York: ACM. 7. Hamalainen, M. (2002). On the UWB system coexistence with GSM900, UMTS/WCDMA, and GPS. IEEE Journal on Selected Areas in Communications, 20(9), 1712–1721. 8. Shahriar, C., Sodagari, S., & Clancy, T. C. (2011) Physical-layer security challenges of DSAenabled TD-LTE. In Proceedings of the 4th International Conference on Cognitive Radio and Advanced Spectrum Management (pp. 1–6). New York: ACM. 9. Puñal, O. (2014). Machine learning-based jamming detection for IEEE 802.11: Design and experimental evaluation. In Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (pp. 1–10). Piscataway: IEEE. 10. Yu, Z., & Tsai, J. J. P. (2008). A framework of machine learning based intrusion detection for wireless sensor networks. In 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC 2008) (pp. 1–6). Piscataway: IEEE. 11. Aras, E. (2017). Selective jamming of LoRaWAN using commodity hardware. In Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (pp. 1–5). New York: ACM. 12. Xu, W. (2005). The feasibility of launching and detecting jamming attacks in wireless networks. In Proceedings of the 6th ACM International Symposium on Mobile Ad Hoc Networking and Computing (pp. 1–8). New York: ACM. 13. Vanhoef, M., & Piessens, F. (2014). Advanced Wi-Fi attacks using commodity hardware. In Proceedings of the 30th Annual Computer Security Applications Conference (pp. 1–5). New York: ACM. 14. Nguyen, D. (2014). A real-time and protocol-aware reactive jamming framework built on software-defined radios. In Proceedings of the 2014 ACM Workshop on Software Radio Implementation Forum (pp. 1–10). New York: ACM.

Machine Learning-Based RF Jamming Classification Techniques in Wireless. . .

111

15. Lu, Z., Wang, W., & Wang, C. (2011). From jammer to gambler: Modeling and detection of jamming attacks against time-critical traffic. In 2011 Proceedings IEEE INFOCOM (pp. 1–6). 16. Pelechrinis, K. (2016). Jammer localization in wireless networks: An experimentation-driven approach. Computer Communications, 86, 75–85. 17. Misra, S. (2010). Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks. Journal of Computers and Electrical Engineering, 36(2), 367– 382. 18. Afanasyev, A., Moiseenko, I., & Zhang, L. (2012). ndnSIM: NDN simulator for NS-3. University of California, Los Angeles, Tech. Rep, October 4, 2012.

A Survey on Spectrum Sharing Techniques in Cognitive Radio-Based Smart Grids Megha Gupta and Vinesh Kumar

1 Introduction In the modern IT era, conventional grid system is not able to meet user’s requirements. The grid system with communication capabilities is becoming the customer’s demand. This modern grid system is known as smart grid, it may convert our homes to smart homes [1, 2]. It is an intelligent grid, which can store, communicate, and make decisions. Smart grid plays a vital role in the designing of smart cities because smart grid is known as next-generation power grid. In recent development of smart cities, a large-scale development of smart grid is required. In the architecture of smart grid, there are three building blocks namely home area networks (HANs), neighborhood area networks (NANs), and wide area networks (WANs). HANs are used to connect the devices within the consumer premises such as smart meters. In NANs, the multiple HANs are interconnected and used to communicate the information to WANs. Finally, WANs can be considered as the backbone of communication. The smart grid will be equipped with information and communication technology and smart devices such as smart meters, wireless sensor nodes, and load balancing through real-time demand-side management, sensing devices, broadband communication, and intelligent management techniques. To fulfill the complex communication necessities of the smart grid, innovative approaches to communicate

M. Gupta () Department of Computer Science, Mata Sundri Devi College for Women, Delhi, India University of Delhi, Delhi, India V. Kumar University of Delhi, Delhi, India Department of Computer Science, Acharya Narender Dev College, Delhi, India © Springer Nature Switzerland AG 2020 I. Woungang, S. K. Dhurandher (eds.), 3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication, Lecture Notes on Data Engineering and Communications Technologies 51, https://doi.org/10.1007/978-3-030-44372-6_10

113

114

M. Gupta and V. Kumar

different data over a range of environments through electrical interconnections are required. In this context, cognitive radio-based smart grid system can be considered as a suitable candidate. For the large-scale deployment of smart grid, utility companies face the constraints of network capacity. Due to these constraints, an efficient allocation of spectrum is difficult which results in the underutilization in these smart grid networks. To overcome this problem, an efficient utilization of spectrum is required. For this, cognitive radio provides a way to enable secondary (unlicensed) users in the network coexists with primary (licensed) users. Cognitive smart grid networks (CSGN) uses cognitive radio network to efficient resource allocation in smart grid networks. Some of the major techniques found for efficient spectrum allocation are: • • • • • • • • •

Code Division Multiple Access IEEE 802.22 Standards TV White Spaces Channel ISM Band LTE–UMTS Spectrum Dynamic Spectrum Allocation Based on Matching Algorithm LAA Architecture Binary Particle Swarm Optimization Renewable Energy Sources These techniques are discussed in detail in the next section.

2 Literature Survey 2.1 Cognitive Smart Grid Networks (CSGN) In [3], Arash et al. presented a cognitive smart grid networks (CSGN) as secondary networks coexisting with primary networks and provides its applicability with code division multiple access to overcome the problem of low number of secondary users in secondary networks. They also proposed a novel resource allocation technique to improve the number of secondary users in cognitive smart grid networks. From the simulation and result analysis, it was found that the maximum possible error that can be allowed by the other users. When the numbers of secondary users are increased then reliability is a major concern which is not considered in this work. It may be considered as a drawback of the proposed scheme. Following is the listing of advantages and disadvantages of this proposed scheme.

A Survey on Spectrum Sharing Techniques in Cognitive Radio-Based Smart Grids

115

2.2 Cognitive Radio-Based Smart Grid Wide Area Networks In [4], A. Ghassemi et al. proposed a cognitive radio-based smart grid wide area networks. They considered applying cognitive radio technology based on IEEE 802.22 standards in smart grid distribution or backhaul networks to enhance capacity coverage and scalability, and also reduce associated cost with licensed spectrum. For this, two different architecture namely standalone radio and cognitive radio has been proposed. To implement it, the concept of dual-radio architecture has also been proposed in which one radio chain is dedicated for spectrum sensing and other is dedicated for data transmission. They also provide the application of cognitive radio-based smart grids wide area networks on IEEE 802.22 standard. The performance enhancements have also been done. In addition to this, the coverage area of TV bands and its benefits to smart grid wide area networks have been discussed. From the analysis and results, it was found that cognitive radio technology plays a key role in the designing of this architecture.

2.3 Enabling Smart Grid Via TV White Space Cognitive Radio In [5], Angela Sara et al. addressed the problem of interference among multiple neighborhood area networks to maximizing the data rate at gateway. They proposed to allow the gateway to sense the TV white spaces channel claims available from incumbents by white space data base (WSDM) to discover the presence of an interfering neighborhood area network. Figure 1 is representing such a smart grid scenario with HAN and NAN. In this, a data aggregate unit (DAU) is present in NAN, which collects the data sent by different gateways. The gateway can use any one of the available channels either a TVWS or a channel declared by WSDB or an ISM band. If the sensing declares the TV white spaces channels as ideal, the gateway can transmit over that channel; otherwise, the gateway uses the ISM bands (channels). It can be observed that the sensing of interference or interfering neighborhood area networks affects the performance of the networks. The higher sensing accuracy requires longer sensing duration. Thus, the sensing duration is maximizing the data rate at the gateway. In addition, the closed-form expression of the expected data rates has also been derived and analyzed. From the result analysis, it was found that the proposed scheme is able to maximize data rate and minimizing interference.

116

M. Gupta and V. Kumar

DAU DAU

WSDB HAN HAN

Electric Meter

Electric Meter

Gas Meter Water Meter HAN Gateway

HAN Electric Meter

Gas Meter Water Meter HAN Gateway

NAN

NAN

Gas Meter Water Meter HAN Gateway

Fig. 1 TVWS Smart Grid Scenario [5]

2.4 Smart Utilization LTE–UMTS Spectrum in Smart Grids for Communication In [6], Groenwald et al. presented a smart utilization of LTE-UMTS spectrum resources for communication in smart grids. For this, it is considered that the smart grid network relies on dynamic servers (workstation or mobile) to store the information and sent to back. In this work, each server will be responsible for metering loads of five neighboring meters. The main aim of the proposed technique is to reduce the LTE-UMTS interface at base station to increase the capacity of a call. In addition, the proposed scheme has been compared with existing techniques in real-time scenario. The information which was sent using LTE–UMTS provides fault detection and fast recovery and the metering information at servers will be available to domestic users, and the electricity provides both. The analysis of the result confirmed that using mobiles and PCs as servers reduces the load and handle significantly larger number of smart grids information.

2.5 Dynamic Spectrum Allocation Algorithm Based on Matching Scheme for Smart Grid Communication Network In [7], Suhong et al. presented a dynamic spectrum allocation based on matching scheme for smart grids. To design the matching algorithm, the channel ideal time and user priority were considered as shown in Fig. 2. The SU with the highest priority will be given preference to use an idle channel for a longer time. In addition, hidden Markov model was used to predict the ideal time of channels in the spectrum

A Survey on Spectrum Sharing Techniques in Cognitive Radio-Based Smart Grids

117

CH1 CH2 CH3 CHm

channel evaluation

Spectrum Pooling

available channel

priority ranking

matching calculation

SUs

Fig. 2 Process of matching [7]

pools. The Baum–Welch algorithm has been adopted to train Hidden Markov Model parameters for each channel to get the most suitable Hidden Markov Model. Further, the data of smart grids have been divided into parts namely real-time priority based and longer ideal time. From the simulation and result analysis, it was found that the total throughput has been improved by the proposed algorithm. Reliability and stability provide satisfactory results. Moreover, the utilization of the spectral resources has also been improved in smart grid communications.

2.6 Resource Exchange in Smart Grid Connected Cooperative Cognitive Radio Networks In [8], Hung et al. presented the main features of smart grid and establish it into green energy power cognitive radio. To maximize the downlink utilities of both primary and secondary systems, a joint channel assignment and power control scheme have been proposed. They also proposed a unified model of data and energy that has the capability to differentiate the transfer efficiency of the on-grid energy credit and the green energy distributive harvested in the base station. In addition, the optimal power allocation schemes of licensed and unlicensed base stations have derived analytically and the on-grid energy credit transfer between two base stations with subchannel assignments schemes have also been proposed. From the simulation and result analysis, it was found that the primary and secondary data delivery has been supported by the total available radio resources in primary base station and secondary base station. Further, the cooperation between primary and secondary base stations provides mutually beneficial in terms of maximizing the utilities.

118

M. Gupta and V. Kumar

Wired Backhaul Network (IP networks)

Wi-Fi Mobile user Licensed spectrum

Power Generation

Unlicensed spectrum

Meter data management NAN LAA system (Control (aggregator) Power transmission Center) Macrocell LTE-A and distribution Base Station

Power System Layer

Wide Area Network (WAN)

Neighbourhood Area Network (NAN)

smart meter

consumer

Home Area Network (HAN)

Fig. 3 Licensed Assisted Access (LAA) architecture for SG [9]

2.7 Spectrum Allocation Techniques for Industrial Smart Grid Infrastructure In [9], Soba Al-Rubage et al. proposed a spectrum management system that has the ability to increase the utilization of the available resources for the smart grid consumers transmitting their information using licensed assisted access (LAA) unlicensed access technology. In Fig. 3, the LAA architecture for SG has been shown, and NAN data aggregators have been reconnected to the LAA for more reliable communication between control centers and smart meters. In addition to this, the spectrum allocation techniques that require exploiting smart grid requirements have been investigated by setting a threshold on the bit error rate (BER). The threshold value on BER has been set while evaluating the availability of white spaces in unlicensed bands. From the simulation and result analysis, it is found that the proposed scheme achieved high spectrum efficiency in terms of lower endto-end delay, higher packet delivery ratio, and higher throughput. In this work only BER has been considered for setting threshold, other parameters may also consider. It is the main limitation of the proposed work.

2.8 Dynamic Spectrum Allocation Algorithm Based on Fairness for Smart Grid Communication Networks In [10], Suhong et al. proposed a dynamic spectrum allocation algorithm based on fairness for smart grid communication networks. For this, cognitive radio-based

A Survey on Spectrum Sharing Techniques in Cognitive Radio-Based Smart Grids

119

smart grid networks have been proposed to protect fairness and efficiency for business transmission. Furthermore, binary particle swarm optimization (BPSO) adopted to solve the problem of optimization of spectrum in cognitive-based smart grid networks. From the simulation analysis, it was observed that the proposed scheme improves the stability of the communication of the smart grid networks. The main limitation of this work is that the negative aspects due to fairness have not been discussed. In the future it can be explored.

2.9 Cognitive Radio Networks for Smart Grid Communications In [11], Fung et al. proposed a cognitive radio-based framework for smart grid communication. For this, a cognitive radio technology has considered to construct the smart grid communication infrastructure and ISM bands are used as backup bands to ensure the quality of services of data communication. To access ISM bands, a rule has been defined. Furthermore, a communication scheme has also been proposed for distributed generation systems using the concepts that different renewable energy sources have active period during a whole day. The main purpose of proposed scheme is to improve the spectrum utilization and reliability of cognitive radio-based communication in smart grids. The simulation and result analysis support the proposed scheme in terms of spectrum utilization and reliability. In the proposed work, the spectrum sensing is not optimal so it can be considered as a drawback of the proposed work.

2.10 Joint Spatial and Temporal Spectrum Sharing for Demand Response Management in Cognitive Radio Enabled Smart Grid In [12], Qian Li et al. proposed a joint spatial and temporal spectrum sharing for demand response management in cognitive radio-enabled smart grid. For this, the relationship between demand response management and outage performance has been derived. In addition, the effect of the reliability of wireless communication on demand response management has also been studied. To design a joint spatial and temporal spectrum sharing, the smart grid networks have divided into two regions namely temporal spectrum sharing region (TSSR) and free spatial spectrum sharing region (F-SSSR). The nodes of smart grid in TSSR may utilize the licensed bands when licensed users are absent. In F-SSSR, they can share the spectrum with licensed users simultaneously. From the analytical and simulation analysis, it was found that the proposed scheme could be improved the performance of cognitiveenabled smart grid as compared to other techniques.

120

M. Gupta and V. Kumar

3 Analysis of Techniques S. No 1.

Technique name Cognitive Smart Grid Networks (CSGN)

2.

Cognitive radio based smart grid wide area networks

3.

Enabling smart grid via TV white space cognitive radio

4.

Smart utilization LTE–UMTS spectrum in smart grids for communication

Advantages • Enhancement in number of secondary users that can be supported at a given time • Maintain the quality of service for primary users even after increase in secondary users • Addition in number of SUs does not require corresponding addition of network infrastructure • In a given time slot, all available SUs can transmit the data with same bit rate due to the usage of orthogonal chip sequences • May work with acceptable BER and interference level • The proposed scheme can work in urban as well as in rural areas that is in sparse and dense both networks. • Robust to failures as if one link is out of service (due to natural disaster or any security breach), a new connection can be established to maintain connectivity • Does not require initial capital investment for licensed spectrum • Provides an increased coverage area due to the opportunistic use of TV bands • Less number of BSs are required for widespread coverage • Support applications for both power transmission and distribution networks in SG WANs • Achievable data rate is maximized by reducing the interference among multiple NANs • Efficient use of TV white space ideal channels and ISM bands • Effective utilization of LTE–UMTS resources for data transfer in the network • Reduction in BS load which increases number of SGs calls • Easier fault detection and faster recovery at SG • Mobile and workstation can also act as servers and store information provided by SG

Disadvantages • It is likely to require extra setup and processing time on the network for assigning orthogonal chip sequences to a secondary user • Network performance at different parameters needs to be still evaluated

• It is likely to suffer with soft capacity limit as it can opportunistically and dynamically use available TV channels to increase the system capacity • Time-critical data delivery becomes difficult due to sensing delays

• Delays arise due to channel sensing by gateway for available TVWS channels • Increase in sensing overheads may affect the network performance • Computation is increased to discard periodic message • Memory requirements are increased for mobile/workstation to store metering information

(continued)

A Survey on Spectrum Sharing Techniques in Cognitive Radio-Based Smart Grids

S. No 5.

6.

Technique name Dynamic spectrum allocation algorithm based on matching scheme for SG communication network Resource exchange in smart grid connected cooperative cognitive radio networks

7.

Spectrum allocation techniques for industrial smart grid infrastructure

8.

Dynamic spectrum allocation algorithm based on fairness for smart grid communication networks

9.

Cognitive radio networks for smart grid communications

10.

Joint spatial and temporal spectrum sharing for demand response management in CR enabled smart grid

Advantages • Successful usage of channel idle time • Increase in total throughput and stability of the network • Effective usage of spectrum resources • Provide an energy-efficient scheme for primary and secondary systems • In the proposed scheme interference problem has been alleviated • Appropriate allocation of resources to LAA unlicensed users as per their load requirements • Efficient utilization of the available spectrum which leads to a reliable and stable smart grid network • The proposed scheme achieves high packet delivery ratio and less end to end delay • Real-time users get the spectrum on demand • The proposed scheme has shown a stable, efficient, and fair network usage • This method can be used in SG for large number of users and less number of resources • In the proposed scheme ISM and leased bands are used as backup bands to provide quality of service in the network • Channel handoffs have been reduced which lead to better data communication in network • The proposed work showed better spectrum utilization • Less number of outages in the network • Real-time demand response management evaluation has been provided

121

Disadvantages The proposed scheme has not been tested for channels with noise interference

In this work, the PUs were uniformly placed. Hence it needs to be tested with random placement of PUs too

The proposed scheme has been evaluated with variation in less number of parameter (e.g., BER), hence for supporting the results more simulations are required

Fairness improvement in the system may lead to the imbalance of other aspects in the network, which are still needed to be thoroughly studied

Due to usage of unlicensed spectrum, reliability of network is the main concern area

PUs are uniformly placed, hence network with random distribution of PUs are also needed to be evaluated

122

M. Gupta and V. Kumar

4 Conclusion This paper provides a comparative study about the various techniques for spectrum sharing in cognitive radio-based smart grid networks. The spectrum sharing in this grid affects the performance of the wide-area network, Home area network etc. in terms of spectrum utilization, data rate, efficiency, reliability, etc. Through the analysis of various techniques, it is observed that cognitive radio-based smart grids provide efficient utilization and improve the overall performance of the traditional smart grid. There is a huge scope of research in this direction. Thus, other techniques for spectrum sharing can be explored in the future.

References 1. Kabalci, Y. (2016). A survey on smart metering and smart grid communication. Renewable and Sustainable Energy Reviews, 57, 302–318. 2. Tuballa, M. L., & Abundo, M. L. (2016). A review of the development of smart grid technologies. Renewable and Sustainable Energy Reviews, 59, 710–725. 3. Boustani, A., Jadliwala, M., Kwon, H. M., & Alamatsaz, N. (2015). Optimal resource allocation in cognitive smart grid networks. In 2015 12th Annual IEEE consumer communications and networking conference (CCNC) (pp. 499–506). IEEE. 4. Ghassemi, A., Bavarian, S., & Lampe, L. (2010) Cognitive radio for smart grid communications. In 2010 first IEEE international conference on smart grid communications (SmartGridComm) (pp. 297–302). IEEE. 5. Cacciapuoti, A. S., Caleffi, M., Marino, F., & Paura, L. (2015). Enabling smart grid via TV white space cognitive radio. In 2015 IEEE international conference on communication workshop (ICCW) (pp. 568–572). IEEE. 6. Groenewald, B., Balyan, V., & Khan, M. T. E.. (2017) Smart utilization LTE-UMTS spectrum in smart grids for communication. In 2017 International conference on domestic use of energy (DUE) (pp. 272–275). IEEE. 7. Yang, S., Wang, J., Han, Y., & Jiang, X. (2016). Dynamic spectrum allocation algorithm based on matching scheme for smart grid communication network. In 2016 2nd IEEE international conference on computer and communications (ICCC) (pp. 3015–3019). IEEE. 8. Huang, X., & Ansari, N. (2017). Resource exchange in smart grid connected cooperative cognitive radio networks. IEEE Transactions on Vehicular Technology, 66(7), 6291–6298. 9. Al-Rubaye, S., Al-Dulaimi, A., & Cosmas, J. (2016). Spectrum allocation techniques for industrial smart grid infrastructure. In 2016 IEEE 14th International Conference on Industrial Informatics (INDIN) (pp. 1036–1039). IEEE. 10. Yang, S., Wang, J., Han,Y., & Zhao, Q. (2016). Dynamic spectrum allocation algorithm based on fairness for smart grid communication networks. In 2016 35th Chinese control conference (CCC) (pp. 6873–6877). IEEE. 11. Liu, F., Wang, J., Han, Y., & Han, P. (2013) Cognitive radio networks for smart grid communications. In 2013 9th Asian control conference (ASCC) (pp. 1–5). IEEE. 12. Li, Q., Feng, Z., Li, W., Aaron Gulliver, T., & Zhang, P. (2014). Joint spatial and temporal spectrum sharing for demand response management in cognitive radio enabled smart grid. IEEE Transactions on Smart Grid, 5(4), 1993–2001.

Security- and Location-Aware Optimal Virtual Machine Management for 5G-Driven MEC Systems Glaucio H. S. Carvalho, Isaac Woungang, Alagan Anpalagan, and Issa Traore

1 Introduction Virtual machine (VM) management, which is well-known as VMM, is a key component of the cloud orchestration process faced by Mobile Network Operators (MNOs) within the 5G infrastructure. Figure 1 depicts a representative scenario of a 5G-driven deployment where the mobile edge computing (MEC) is massively installed along with a densified mobile communications system. In addition to the MEC infrastructure, MNOs might also leverage virtual computing, storage, and networking resources by creating a Back-up cloud data center which will handle the overflow workload unattended by the virtual edge servers. MNOs might harvest a number of benefits from this architecture such as to support mobile users with a one-hop away virtual resources while still avoiding the transmission of the mobile data deluge over their core networks and the Internet. In a 5G-driven MEC deployment as shown in Fig. 1, computing resources are wrapped within VMs that are allocated to fulfill the requirements of mobile application. Due to the double coverage area formed by the small cells and the macro cell, mobile users can wirelessly reach the VMs either through the small cell

G. H. S. Carvalho () · I. Woungang Department of Computer Science, Ryerson University, Toronto, ON, Canada e-mail: [email protected]; [email protected] A. Anpalagan Department of Electrical and Computer Engineering, Ryerson University, Toronto, ON, Canada e-mail: [email protected] I. Traore Department of Electrical and Computer Engineering, University of Victoria, Victoria, BC, Canada e-mail: [email protected] © Springer Nature Switzerland AG 2020 I. Woungang, S. K. Dhurandher (eds.), 3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication, Lecture Notes on Data Engineering and Communications Technologies 51, https://doi.org/10.1007/978-3-030-44372-6_11

123

124

G. H. S. Carvalho et al.

Fig. 1 5G-driven MEC deployment with back-up cloud

access point (AP) or macro-cell base station (BS). For instance, Fig. 1 shows that a mobile user camping at the MEC site A can offload its computation task toward the MEC site or Back-up site. In fact, it has been anticipated that by 2022 up to 59 % of the mobile traffic will be offloaded through small cells such Wi-Fi [1]. Bearing in mind this shift toward small cell deployment and MEC, the design of resource allocation techniques for a 5G-driven MEC deployment should take into consideration the location-awareness. Furthermore, the multiplicity of options for communication and computation ends up in an increased attack surface. For mobile cloud computing (MCC) only, attacks such as session riding and virtual machine escape as well as data breach have been widely reported [2]. In this respect, there is an urgent need to safeguard mobile applications and MNOs infrastructure against attacks. To pave the way for a less risky operation, MNOs can incorporate additional VMs to security critical applications which will ultimately help them in monitoring nefarious activities or in creating a more isolated and protected computing environment for the task execution [3, 2]. In this respect, the embodiment of security principles should be taken by design on VMM mechanisms. When it comes to the criticality of binding additional VMs to the mobile applications, it turns out that due to the resourcefulness of a Back-up cloud, this assignment is not a problem. However, this might disrupt the operation and

Security- and Location-Aware Optimal Virtual Machine Management for 5G-. . .

125

availability of the MEC because of its capacity constraints. In this case, there is a need to design a VMM mechanism that intelligently takes advantage of MEC and Back-up cloud. In order to bridge this gap, this paper tackles the problem of security- and location-aware VMM mechanism for MNOs in a 5G-driven MEC deployment such as the one as depicted in Fig. 1. The proposed VMM scheme is formulated as a SemiMarkov Decision Process (SMDP) model, which takes into account the security demand of the incoming computation task, the system dynamic and a cost function formed by the cost of security services, blocking, and location, to make an optimal decision. To shed light on the shape of the optimal policy, we analyze its structure. Additionally, we analyze metrics such as blocking probability and cloud utilization to assess the system performance. The paper organization is as follows. Section 2 presents the recent breakthroughs in terms of resource management on 5G-driven MEC deployment. Section 3 leverages the framework of Markov Decision Process to propose an optimal securityand location-aware VMM mechanism. Section 4 presents a performance analysis of the proposed optimal VMM mechanism. Finally, Sect. 5 concludes the paper.

2 Review of the Literature Resource management has been widely studied in mobile cloud computing, mobile edge computing, and fog computing. Taking game-theory as the design tool, Chen [4] proposed a decentralized computation offloading strategy. The setting under analysis took into consideration both the single wireless coverage and a single cloud data center. The work of Liang et al. [5] focused on a resource allocation scheme where the users transmit their service requests over a single wireless network and multiple clouds systems. The authors formulated the resource allocation problem as a Semi-Markov Decision Process model whose objective is to decide, based on the VMs availability, whether or not to accept an offloading task. An energyand latency-aware resource allocation framework in a multi-cloud system over a 5G system is the subject of [6]. In their proposed scheme, Barbarossa et al. [6] proposed a “waterfall” approach to cope with the growing demand for computing resources where the unfulfilled demand of a cloud layer overflows to the subsequent layers. Three VM migration approaches, namely, no-migration strategy, load-aware migration strategy, and load- and mobility-aware migration strategy, were studied in [7]. The authors showed that when MEC and back-end cloud infrastructure are presented, the load- and mobility-aware migration strategy displays the shortest task lifetime. A Shapley-based revenue management resource allocation scheme was proposed in [8] to address the problem of coalition among mobile cloud service providers. The results provided irrefutable benefits of collaboration when it comes to revenue increase. A Shapley-centered revenue maximization framework based on

126

G. H. S. Carvalho et al.

integer linear programming was proposed by Carvalho et al. in [9] considering a 5Gdriven setting with MEC and public cloud service providers. Similar to [8], the role of cooperation among MNOs was shown to be profitable. Targeting a sustainable task offloading process, Zhang et al. [10] proposed a collaborative task offloading process where the task execution is performed between the back-end server and the user equipment. Using a single cloud system and wireless network, the analysis revealed that the collaborative task offloading was more energy-friendly than a local processing execution and a remote execution. Considering HetNets as a key step toward latency minimization, the work in [11] showed that the transmission delay perceived by the offloading process over a HetNet is more efficient than a macro cell-only deployment, despite an uptick in the power consumption. Despite the breakthroughs of previous work, the allocation of additional VMs to prevent erosion of users protection from happening has been neglected in those work. In fact, even though there is an ever-growing need for security in the mobile cloud computing landscape, there is a shortage of initiatives that embody security and protection principles within the resource allocation mechanisms when it comes to MEC and 5G wireless systems. Some security-aware resource allocation schemes were proposed in [3, 2, 12]. Using a Semi-Markov Decision Process (SMDP) as the optimization tool and considering a mobile cloud computing setting with a standalone wireless and cloud system, Liang et al. [3] optimized the use of the cloud data center by assigning the resources to two distinctive service classes, namely critical security service and normal security service, where the former requires additional VMs to ensure protection. Using similar assumptions, setting, and modeling tool, Liu and Lee [2] proposed a secure resource allocation that decides whether or not additional VMs should be allocated to shield the users’ applications. Halabi et al. [12] proposed a matching game to conciliate the security requirements of the users and the security constraints of the cloud service providers. In this work, we also consider multiple service classes with diverse security requirements and we rely on the SMDP framework as considered in [3, 2]. We also assume a multi-cloud environment as in paper [12]. However, unlike previous works, we assume a 5G-driven MEC scenario, where the proposed optimal VMM mechanism has to make decisions about the security requirements and location requirements, i.e., we propose a SMDP that determines whether a user in a double coverage area will get accepted given its service requirements (i.e., the amount of VMs to perform the computation task) and security requirements (i.e., the amount of VMs to safeguard the application) as well as whether it will offload its computation task to the nearest MEC site or at the Back-up cloud given the actual workload perceived by these cloud data centers. To the best of our knowledge, these contributions are unprecedented in the literature.

Security- and Location-Aware Optimal Virtual Machine Management for 5G-. . .

127

3 Security- and Location-Aware Optimal VMM Mechanisms 3.1 Proposed VMM Mechanism The proposed VMM scheme runs locally within each MEC site over the densified 5G deployment. As shown in Fig. 1, the local VMM operates in collaboration with the Back-up cloud one. In this sense, they exchange the messages about their availability and status in such a way that the local VMM can route the incoming computation task request to the Back-up cloud when the optimal decision specifies so. As a result, the proposed optimal VMM mechanism satisfies the scalability demand of MCC protocols that should be able to operate independently and/or collaboratively over the massive virtualized and physical infrastructure of 5G networks. The decision-making procedure of the optimal security- and location-aware VMM mechanism is presented in Fig. 2. When the mobile user makes a service request, the VMM determines whether to accept it or not based on the service class, the location, and the VM utilization in both the MEC and Back-up cloud. If the decision is to accept the service request, then the computation task will

Fig. 2 Secure- and location-aware optimal VMM mechanism

128

G. H. S. Carvalho et al.

be offloaded and received the amount of VMs that are necessary to execute and shield the application. Otherwise, it will be blocked. The objective of the proposed VMM mechanism is to orchestrate the distributed VM resources holistically to ensure a secure execution of the computing task while minimizing the latency by assigning it to the nearest MEC and minimizing any breach of availability due to VM exhaustion.

3.2 System and Traffic Assumptions Let C = {1, 2} denote the set of cloud systems where 1 and 2 represent the Backup cloud and the MEC, respectively, as seen by a mobile user camping in a double coverage area such as the site A in Fig. 1. The j th cloud within C makes Vj VMs available to the incoming computation task requests, which are in turn categorized into S service classes. Considering the Markovian stochastic nature of the proposed system, the arrival process of the ith service class is featured by an independent Poisson process with parameter λi . In order to successfully supply the ith service class, the optimal VMM p mechanism commits vi = vi + vis VMs to fulfill its performance and security p requirements, where vi and vis are the number of allocated VMs to execute the task and to secure the task, respectively. Given the number of VMs allocated and the memoryless nature of Markovian process, the service time follows an exponential p distribution with rate vi μi . Note that since vis is devoted to protect the running application, its VM is not taken into account in the service time.

3.3 System State and State Space Let X denote the state space and x ∈ X be a state of the system which is given by x = (tij , e), for all i ∈ {1, . . . , S} and j ∈ {1, 2},

(1)

where tij is the number of ongoing ith service classes which are assigned to the j th cloud. For example, t11 = 5 specifies that the Back-up cloud is housing five applications of the service class # 1. In Eq. (1), e denotes a vector of size S + 1 that specifies the last occurred event. Considering the system dynamics, the following convention is adopted: e[1] = 0 signifies the service completion while the arrivals of the service class from 1 to S are represented as e[2] = 1, e[3] = 2, · · · , e[S + 1] = S. Given the capacity constraint of the j th cloud, the summation of all ongoing service classes must not exceed its capacity. Thus, the state space X is defined as: ' X = x = (tij , e) :

S 2  

( vi tij ≤ Vj , for all j ∈ {1, 2} and i ∈ {1, . . . , S} .

j =1 i=1

(2)

Security- and Location-Aware Optimal Virtual Machine Management for 5G-. . .

129

3.4 Decision Epochs and Actions Whenever an arrival takes place, the optimal VMM must decide where the service request should be placed and how many VMs should be allocated to fulfill the performance and security requirements. Let a and A(x) be an action and the action space of the optimal VMM. For a given x ∈ X, the set of actions a ∈ A(x) are specified as:

a=

⎧ ⎪ ⎪ 0, e[1] ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎨0, e[2, . . . , S + 1], j ∈ {1, 2} ⎪ ⎪ ⎪ ⎪ ij, e[2, . . . , S + 1], j ∈ {1, 2} ⎪ ⎪ ⎪ ⎪ ⎩

Service completion. Rejection of the ith service class request

(3)

into the j th cloud. Acceptance of the ith service class request. into the j th cloud.

3.5 Expected Time Until the Next Decision Epoch If the system is in state x ∈ X and the action a ∈ A(x) is chosen, then the expected time until the next decision epoch is given by: τx (a) =

1 S 

λi +

i=1

S 2  

.

(4)

vis tij μi

j =1 i=1

3.6 Transition Probabilities Let Pxy (a) denote the probability that the system will be in the state y ∈ X given that it is presently in x ∈ X an the action a ∈ A(x) is chosen. Considering the system dynamic specified by e in Eq. 1, Pxy (a) is computed as: ⎧ ⎪ ⎪ λi τx (a), ⎪ ⎪ ⎨ λi τx (a), Pxy (a) = p ⎪ vi tij μi τx (a), ⎪ ⎪ ⎪ ⎩ 0,

x = (tij , e[l]), a = 0, y = x, ∀l ∈ {1, . . . , S + 1}. x = (tij , e[l]), a = ij, y = (tij + 1, e), ∀l ∈ {2, . . . , S + 1}. x = (tij , e[l]), a = 0, y = (tij − 1, e). Otherwise.

(5) for all j ∈ {1, 2} and i ∈ {1, . . . , S}.

130

G. H. S. Carvalho et al.

3.7 Cost Structure Let O(x, a) in Eq. (6) denote the cost function to be minimized. Since the proposed algorithm embodies security and location-awareness, the used cost function is broken down into the cost of providing additional VMs to support security services (Eq. (7)); the cost of blocking that reflects the need to minimize the breaches of availability (Eq. (8)); and the cost of location that enforces the need to attach the service request to the nearest MEC site (Eq. (9)). It is noteworthy mentioning that csi is a constant cost incurred per VMs, cbi is a constant cost incurred per blocked service request, and cli is a constant cost incurred whenever a service request is attached to the Back-up cloud through the macro cell. O(x, a) = O s + O b + O l .

(6)

⎧ ⎨v s ∗ ci , e[2, . . . , S + 1] and a = ij s i Os = ⎩0, Otherwise

Ob =

⎧ ⎨c i ,

e[2, . . . , S + 1] and a = 0

⎩0,

Otherwise

b

(7)

(8)

⎧ ⎨ci , e[2, . . . , S + 1] and a = i1 l Ol = ⎩0, Otherwise

(9)

3.8 Performance Metrics In order to assess the system performance, we use the blocking probability of the ith service class (Pi (a = 0)) as well as the cloud utilization (Uj (a)). Equation (10) shows that the arrival of the ith computation task will be blocked whenever the action a = 0 ∈ A(x) is chosen. In its turn, the utilization of the j th cloud system is given by the number of used VMs divided by the total number of available VMs as described in Eq. (11). )

Pi (a = 0) =

V1 v1

*)

V1 v2

*

  t11 =0 t21 =0

)

···

V1 vS

*)

V2 v1

*)

V2 v2

*

   tS1 =0 t12 =0 t22 =0

)

···

V2 vS

*

 tS2 =0

π(x),

(10)

Security- and Location-Aware Optimal Virtual Machine Management for 5G-. . .

131

where g denotes the largest integer not greater than g and π(x) is the steadystate distribution probability of the continuous time Markov chain governed by the optimal policy. )

Uj (a) =

V1 v1

*)

V1 v2

*

)

V1 vS

*)

V2 v1

*)

V2 v2

*

)

V2 vS

*

    1   ··· ··· vi tij π(x). Vj t11 =0 t21 =0

tS1 =0 t12 =0 t22 =0

(11)

tS2 =0

4 Numerical Result We consider a 5G-driven MEC deployment where the Back-up cloud and MEC have respectively V1 = 20 VMs and V2 = 10 VMs as their capacities. Two service classes are supported by the system, namely high security (HS) service class where v1 = 3 and v1s = 1 and normal security (NS) service class (v2 = 1). The cost structure is given by cb1 = 2, cb2 = 1, cs1 = 0.5, and cl1 = cl2 = 0.125. The service rate for both service classes are considered the same and equal to μ1 = μ2 = 6.6 s−1 . For the following analysis, the arrival rate of the high security service class λ1 varies from 1 to 25 computing tasks per second while that for the normal security is kept fixed at λ2 = 5 computing tasks per second.

4.1 Analysis of the Optimal Policy In this section, we shed the light on the structure of the optimal policy in order to enlighten how the optimal secure- and location-aware VMM distribute the task offloading service requests among the Back-up cloud and the MEC. To improve the visualization and the comprehension of the optimal decision, we adopt the following convention to highlight the chosen action: ◯ (green) ☆ (red) ◇ (blue)

denotes the acceptance in the MEC; denotes the acceptance in the Back-up cloud; denotes the blocking action a(x) = 0 ∈ A(x).

Figure 3 displays the structure of the optimal policy for two sets of states: [0, 0, t1,2 , t2,2 , 1] and [3, 9, t1,2 , t2,2 , 1]. These states represent a Back-up cloud with a light workload and a heavy one. As shown, the optimal VMM controller recommends the selection of the MEC whenever possible, which is a result of its location-awareness. Furthermore, the security-awareness is ensured by routing the service request to the Back-up cloud when the MEC cannot afford a new ongoing HS service class due its high performance requirements and security requirements. In this case, the optimal VMM controller compares the security cost and location cost against the cost of blocking. Since blocking has a higher cost due to the breach of availability, the controller binds the request to the Back-up cloud. Finally, to

132

G. H. S. Carvalho et al. [0,0, t

3

,t

1,2 2,2

, 1]

[3,9, t 3

, 1]

2

High Security

High Security

2

,t

1,2 2,2

1

1

0

0

Fig. 3 Structure of the optimal policy for light and heavy workload

minimize any breach of availability, the optimal controller only blocks a service request under a VM exhaustion condition in both cloud data centers.

4.2 Performance Analysis Figure 4 presents the blocking probability against the λ1 /λ2 ratio. As it can be seen, as λ1 /λ2 goes up, so does the blocking probability for both service classes. Notably, due to the high performance and security requirements in terms of VMs, this effect is more noticeable for the HS service class. In agreement with Fig. 3, Fig. 5, which portrays the cloud utilization against the λ1 /λ2 ratio, shows that the optimal VMM controller enforces the allocation of MEC computing resources more often than the Back-up cloud ones, which is due to the fact that the location cost has less incentive to house the remote computation offloading tasks.

5 Conclusion In this paper, we have proposed a SMDP-based optimal security- and locationaware VMM mechanism. The analysis of the optimal policy and the numerical results underpin the recent industry trends where MNOs will offload their mobile computing demand through small cells. At the same time, the proposed mechanism

Security- and Location-Aware Optimal Virtual Machine Management for 5G-. . . 10 -5

Blocking Probability

Fig. 4 Blocking probability against λ1 /λ2

133

10 -10 HS NS

10 -15

10 -20

60

Cloud Utlization (%)

Fig. 5 Cloud systems utilization against λ1 /λ2

50

Back-up Cloud MEC

40 30 20 10 0

embodies the security principle by design, which is vital to protect the users and the MNO against malicious activities. The proposed scheme runs locally in each MEC site over the densified 5G deployment. As a result, it fulfills the scalability demand of MCC protocols that should be able to operate independently and/or collaboratively over the virtualized and physical infrastructure. Moreover, the current proposition can be used to compute the optimal global VMM allocation policy by placing it out of the MEC site and amplifying the set of cloud data centers toward the entire number of MECs under a macro-cell deployment with a few modifications. For this case, even though the curse of dimensionality might make the solution prohibitive, the application of reinforcement learning algorithms arises as a compelling solution to optimize the massive 5G infrastructure design and operations.

134

G. H. S. Carvalho et al.

References 1. Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2017– 2022 White Paper. https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visualnetworking-index-vni/white-paper-c11-738429.html. Cited 19 Nov 2019. 2. Liu, Y., & Lee, M. J. (2015). Security-aware resource allocation for mobile cloud computing systems. In 24th International Conference on Computer Communication and Networks (ICCCN) (pp. 1–8). 3. Liang, H., Huang, D., Cai, L. X., Shen, X., & Peng, D. (2011). Resource allocation for security services in mobile cloud computing. In IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) (pp. 191–195). 4. Chen, X. (2015). Decentralized computation offloading game for mobile cloud computing. IEEE Transactions on Parallel and Distributed Systems, 26(4), 974–983. 5. Liang, H., Cai, L. X., Huang, D., Shen, X., & Peng, D. (2012). An SMDP-based service model for interdomain resource allocation in mobile cloud networks. IEEE Transactions on Vehicular Technology, 61(5), 2222–2232. 6. Barbarossa, S., Sardellitti, S., & Lorenzo, P. D. (2014). Communicating while computing: Distributed mobile cloud computing over 5G heterogeneous networks. IEEE Signal Processing Magazine, 31(6), 45–55. 7. Gkatzikis, L., & Koutsopoulos, I. (2013). Migrate or not? Exploiting dynamic task migration in mobile cloud computing systems. IEEE Wireless Communications, 20(3), 24–32. 8. Kaewpuang, R., Niyato, D., Wang, P., & Hossain, E. (2013). A framework for cooperative resource management in mobile cloud computing. IEEE Journal on Selected Areas on Communications, 31(12), 2685–2700. 9. Carvalho, G. H. S., Woungang, I., Anpalagan, A., Jaseemuddin, M., & Hossain, E. (2017). Intercloud and HetNet for mobile cloud computing in 5G systems: Design issues, challenges, and optimization. IEEE Network, 31(3), 80–89. 10. Zhang, W., Wen, Y., Wu, & D. O. (2015). Collaborative task execution in mobile cloud computing under a stochastic wireless channel. IEEE Transactions on Wireless Communications, 14(1), 81–93. 11. Lei, L., Zhong, Z., Zheng, K., Chen, J., & Meng, H. (2013). Challenges on wireless heterogeneous networks for mobile cloud computing. IEEE Wireless Communications, 20(3), 34–44. 12. Halabi, T., Bellaiche, M., & Abusitta, M. (2019). Toward secure resource allocation in mobile cloud computing: A matching game. In International Conference on Computing, Networking and Communications (ICNC) (pp. 370–374).

Efficient Resource Utilization for High-Capacity Satellite Networks Olugbenga Emmanuel Imole and Tom Mmbasu Walingo

1 Introduction Satellite networks are popular for their ubiquitous coverage, large bandwidth, and ability to support different classes of traffic over fixed and mobile architecture [1]. As a result of increasing traffic and number of connected users, satellite networks are being migrating to higher frequencies in the Ka, Q, and V bands where there exists sufficient capacity to meet surging user demands. However, signal transmission at these frequencies requires the mitigation of rain attenuation, a major phenomenon that degrades signal quality at frequencies above 10 GHz. Also, given the timevarying nature of the rain attenuation phenomenon, a dynamic mitigation approach should be implemented in order to guarantee connected users’ quality of service (QoS) requirements throughout their connections’ lifetime. Furthermore, it is pertinent to ensure that the radio spectrum be allocated and utilized with maximum efficiency. Radio resource management (RRM) strategies have been proposed to address the aforementioned challenges in the literature. In [2, 3, 4], algorithms for fair and efficient allocation of satellite network resources are proposed. In order to mitigate rain attenuation and guarantee QoS for users under rain fading, authors in [5, 6, 7, 8] proposed adaptive coding and a call admission control (CAC) for satellite networks supporting multiple classes of traffic. By allocating an additional capacity to each connection for forward error correction (FEC) code rate, this approach may result in inefficient utilization of network resources due to insufficient or excessive allocation of resources to accepted users’ connections. In [9], a joint

O. E. Imole () · T. M. Walingo School of Electrical, Electronic and Computer Engineering, University of KwaZulu-Natal, Durban, South Africa e-mail: [email protected] © Springer Nature Switzerland AG 2020 I. Woungang, S. K. Dhurandher (eds.), 3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication, Lecture Notes on Data Engineering and Communications Technologies 51, https://doi.org/10.1007/978-3-030-44372-6_12

135

136

O. E. Imole and T. M. Walingo

CAC with adaptive modulation and coding AMC framework is proposed but the study’s investigation is limited to the guaranteeing users’ QoS requirements only. It remains to be investigated how this proposal impacts on the network’s QoS—its resource utilization efficiency. Other works in [10, 11] have focused on approaches to maximize the satellite network’s throughput through admission control policies. In order to maximize resource utilization in satellite networks, authors in [12] propose channel dedication, channel reservation, and channel shifting techniques for time division multiplexed satellite networks. However, this approach focuses mainly on the operator’s requirements to maximize its utilization of the spectrum but not on the satisfaction of the QoS requirements of connected users. The authors also do not consider the impact of rain attenuation on the realization of operators’ and users’ expectations. In this paper, we seek to study the satellite network’s utilization efficiency during rain events. The study presents Markovian models for three types of rain events, namely widespread, shower, and thunderstorm and the mitigation of the attenuation resulting from these events by an adaptive modulation and coding (AMC) scheme. An investigation is carried out and a comparison is made of the different utilization efficiency achieved in each case. The paper is organized as follows. In Sect. 2, the system model is presented. Section 3 details the proposed CAC policy and in Sect. 4, the results of an investigation into the performance of the proposed policy are presented and a discussion of these results is done. The paper concludes in Sect. 5.

2 System Model 2.1 System Architecture and Traffic Classes In Fig. 1, the architecture of the satellite network considered is shown. Its components include a geostationary orbit satellite in space, a gateway, and a large number of user terminals. The satellite broadcasts information to the user terminals in its forward link and user terminals transmit information to the satellite over the return link. The gateway acts as an interface between the satellite network and any external network such as the internet. Network resources are sized and allocated in bandwidth-time units called timeslots. A user seeking connection is allocated one or more timeslots depending on the capacity requested. This work focuses on the return link where limited bandwidth is available in comparison with the forward link. We consider two broad classes of traffic of user connections, namely real time (RT) and non-real time (NRT). Connection of RT traffic class are sensitive and intolerant to delay. This class traffic will be allocated their requested capacity in full and guaranteed and guaranteed this capacity throughout their lifetime. Typically, voice and high quality video belong to this class. On the other hand, the NRT are insensitive and can tolerate delay and jitters. File sharing and web browsing are examples of this traffic class. The network supports multiple connections of both RT and NRT classes.

Efficient Resource Utilization for High-Capacity Satellite Networks

137

Fig. 1 System architecture

2.2 Satellite Channel Model for Predicting Conditions of the Channel Markovian models are adopted to model rain attenuation on the satellite channel. Considering that the attenuation experienced depends on the intensity (R) of the rain event, the models are developed for the different types of rain events, namely drizzle (R < 5 mm/h), widespread (5 mm/h ≤ R < 10 mm/h), shower (10 mm/h ≤ R < 40 mm/h), or thunderstorm (R ≥ 40 mm/h) [13, 14]. Studies on rainfall measurement data have shown that one rain event may comprise of two or more types of rain according to the motion of clouds in space hence, they are modeled as Markov chains [15]. In this work, we use three Markov models for modeling three rain types, namely widespread, shower, and thunderstorm. The different states in each model are indicated on their transition diagrams shown in Figs. 2, 3, and 4 where the states 1, 2, 3, and 4 refers to drizzle, widespread, shower, and thunderstorm rains, respectively. The transition and steady state probability matrices for each model have been derived from the analysis of measured rain data in Durban South Africa and are shown in Table 1. The elements Pij in the transition probability matrices denote probabilities of transitioning from any state i to another state j {i, j ∈ {1, 2, 3, 4}. Also, each element Si in matrix in the steady state probability matrix S is the probability of the ith state of each Markov model, where i ∈ {1, 2, 3, 4}.

138 Fig. 2 Transition diagram for Widespread event

Fig. 3 Transition diagram for Shower event

Fig. 4 Transition diagram for Thunderstorm event

O. E. Imole and T. M. Walingo

Efficient Resource Utilization for High-Capacity Satellite Networks

139

Table 1 Transition and steady state probability matrices Widespread rain

Shower rain

Transition matrix (P)   P11 P12 P21 P22   0.7528 0.2472 0.6935 0.3065 ⎡ ⎤ P11 P12 P13 ⎢ ⎥ ⎢ P21 P22 P23 ⎥ ⎣ ⎦ P31 P32 P33

Steady-state matrix (S)

S1 S2

0.7372 0.2628



S1 S2 S3

⎡

Thunderstorm rain

⎤ 0.6839 0.1782 0.1379 ⎢ ⎥ ⎢ 0.3621 0.2069 0.4310 ⎥ ⎣ ⎦ 0.3165 0.2152 0.4684 ⎡ ⎤ P11 P12 P13 P14 ⎢ ⎥ ⎢ P21 P22 P23 P24 ⎥ ⎢ ⎥ ⎢P P P P ⎥ ⎣ 31 32 33 34 ⎦ P41 P42 P43 P44 ⎡ ⎤ 0.6071 0.0714 0.0714 0.2500 ⎢ ⎥ ⎢ 0.3750 0.2500 0.125 0.2500 ⎥ ⎢ ⎥ ⎢ 0.3333 0.1111 0.3333 0.2222 ⎥ ⎣ ⎦ 0.2308 0.0769 0.2136 0.3077



0.5146 0.1947 0.2913



S1 S2 S3 S4



0.4276 0.0989 0.2136 0.2587

2.3 Prediction of Channel Conditions The goal to maximize resource utilization efficiency requires an efficient allocation of the resources among connected users notwithstanding the dynamic nature of rainfall attenuation on the satellite channel. In order to achieve this, we develop an approach to dynamically predict the rain attenuation experienced at specified intervals (or periods) within the duration of a connection’s lifetime. Let us denote the connection’s lifetime as Ts and also partition Ts into N equal intervals each of duration t so that Ts = Nt. Then, the Markov chain described in the previous subsection predicts the rain condition for each period n {n = 1, 2, . . . N} in Ts . Given that the rain intensity predicted for each n is denoted by Rmax,nt , then using frequency, polarization, elevation angle, and effective path length, the rain attenuation AR,nt for that period n is obtained as follows: AR,nt = kRmax,nt αLE ,

(1)

140

O. E. Imole and T. M. Walingo

where the coefficients k and α depend on the frequency and the parameter LE represents the effective path length from the user equipment’s receiving antenna to the satellite. If we denote the distance between the user equipment and the satellite by d and the wavelength by λ, we can also estimate the free space loss (AF S ) using the following equation: AF S = 20 log(4π d/λ).

(2)

Then, we can obtain the total attenuation AT ,nt in the nth period within connection’s duration by summing the rain attenuation and free space loss, AT ,nt = AR,nt + AF S dB.

(3)

2.4 Resource Scheduling and Adaptive Modulation and Coding Our approach to realizing maximum resource utilization in the network is the dynamic mitigation of rain attenuation in time. By adapting the each user equipment’s transmission parameters to the channel states predicted for each nth period, the amount of resources that will be allocated to the user equipment becomes dynamic. The channel’s quality measurement for the nth period is indicated by its receiver’s signal-to-noise ratio (SNR), which relates the received signal’s strength to the noise and attenuation on the channel. Accordingly, we estimate the SNR for the nth period by SNRnt = PT + GT − AT ,nt + GR − T − K − S dB,

(4)

where PT is the transmit power, antenna gains at the transmitter and receiver are denoted by GT and GR , respectively, T represents the effective noise temperature, K symbolizes the Boltzmann constant, and S the symbol transmission rate. In order to adapt transmission parameters to the channel conditions, we define M transmission modes according to the number of channel states in the Markov model. Each transmission mode m {m = 1, 2, 3 . . . M} denotes a modulation format and coding rate (MODCOD) pair that has the best spectral efficiency for the current channel state. However, the spectral efficiency, ηm , of the mth mode selected to mitigate the current attenuation experienced on the channel determines the maximum achievable bitrate for that state. The maximum bitrate, bm,nt , that can be achieved in the nth period is estimated as follows: ⎧ ⎪ 0 : if SNRnt < min ⎪ ⎪ ⎪ ⎪ η ⎪ 1 ⎨ S : if min ≤ SNRnt < 1 bm,nt = η2 S : if 1 ≤ SNRnt < 2 (5) ⎪ .. ⎪ ⎪ ⎪ . ⎪ ⎪ ⎩ η S : if ≤ SNR , M

M−1

nt

Efficient Resource Utilization for High-Capacity Satellite Networks

141

Table 2 Transmission modes for the different rain events AMC mode Widespread 1 2 Shower 1 2 3 Thunderstorm 4 3 2 1

MODCOD

R (mm/h)

Spectral efficiency (bits/s/Hz)

QPSK 1/2 8PSK 1/2

R3 xor j Improved RC4 > Effective RC 4 > RC4+

10 Conclusion The paper has reported FMS attack based on the weakness of correlation between input and output bytes of conventional RC4. In this paper a conventional RC4, its existing variants are implemented and analyzed. Further, a new modified RC4FMS variant to overcome FMS attack is proposed. Performance of all the existing variants and the proposed RC4FMS has been analyzed in terms of cycles consumed, energy consumption, run time, throughput, and complexity. It is found that the proposed RC4FMS outperforms RC4+ in terms of all the considered metrics. Its performance is comparable to conventional RC4. In terms of security, the proposed cipher is better as compared to plain RC4. Moreover, our proposal did not disturb the basic structure of conventional RC4. As future work, one can strengthen the design of the proposed algorithm by increasing its intrinsic randomness factor, thereby increasing its security features. Also as the future networks are resource constrained therefore, work can be done to develop a lightweight RC4 algorithm.

Modified RC-4 Algorithm Against FMS Attack

181

References 1. Paul, G., & Maitra, S. (2011). RC4 stream cipher and its variants. Boca Raton: CRC Press. 2. Jindal, P., & Singh, B. (2015). RC4 encryption—A literature survey. Procedia Computer Science, 46, 697–705. 3. Crainicu, B. (2015). On invariance weakness in the KSAm algorithm. Procedia Technology, 19, 850–857. 4. Sarkar, S., & Venkateswarlu, A. (2016). Revisiting (nested) Roos bias in RC4 key scheduling algorithm. Designs, Codes and Cryptography, 82(1–2), 131–148. 5. Jindal, P., & Singh, B. (2015, May). Analyzing the security-performance tradeoff in block ciphers. In International conference on computing, communication & automation (pp. 326– 331). IEEE. 6. Jindal, P., & Makkar, S. (2019). Modified RC4 variants and their performance analysis. In Microelectronics, electromagnetics and telecommunications (pp. 367–374). Singapore: Springer. 7. Jindal, P., & Singh, B. (2014, May). Performance analysis of modified RC4 encryption algorithm. In International conference on recent advances and innovations in engineering (ICRAIE-2014) (pp. 1–5). IEEE. 8. Jindal, P., & Singh, B. (2017). Optimization of the security-performance tradeoff in RC4 encryption algorithm. Wireless Personal Communications, 92(3), 1221–1250. 9. Weerasinghe, T. D. B. (2013, December). An effective RC4 stream cipher. In 2013 IEEE 8th international conference on industrial and information systems (pp. 69–74). IEEE. 10. Xie, J., & Pan, X. (2010, October). An improved RC4 stream cipher. In 2010 international conference on computer application and system modeling (ICCASM 2010) (Vol. 7, pp. V7156). IEEE. 11. Maitra, S., & Paul, G. Analysis of RC4 and proposal of additional layers for better security margin. In Progress in cryptology INDOCRYPT 2008 (pp. 27–39). Berlin: Springer.

Index

A Adaptive modulation, 136, 140–141 Algorithm CAC, 141 consensus, 19 decision-making, 52 dynamic spectrum allocation, 116–119 frequency, 101 IP source, 25 machine learning (see Machine learning) MALO, 164–165 NSGA-II, 161 proposed model, 57, 104 RC4 (see RC4 algorithm)

B Blockchain, 5–7 buyer and seller, 5 communication channels, 14 ensuring fair-exchange policy, 4 OFE (see Optimistic fair-exchange (OFE)) on-chain exchange, 16 requirement, 11 rules, 8–9 TTP, 4 Botnet client/server-based model, 24 cross-platform, 26–27 IRC server, 24 P2P, 24 Storm, 23

TOR, 24 trojan horse virus, 23 BPSK performance, 42, 44–46, 48

C Cipher text, 5 Classification techniques gradient boosting, 103 jamming detection, 100, 102 network infrastructures, 150 traffic application, 25 Cluster head (CH), 41, 42, 44, 47, 48 Coding, 135, 136, 140–141 Cognitive radio network (CRN) analysis of techniques, 120–121 CSGN, 114 dynamic spectrum allocation algorithm, 116–119 HANs, 113 joint spatial and temporal spectrum sharing, 119 LTE–UMTS spectrum, 116 numerical results, 95, 96 PLS, 91 related work, 92 resource exchange, 117, 118 smart grid communications, 119 wide area networks, 115 SOP, 94–95 spectrum allocation techniques, 118

© Springer Nature Switzerland AG 2020 I. Woungang, S. K. Dhurandher (eds.), 3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication, Lecture Notes on Data Engineering and Communications Technologies 51, https://doi.org/10.1007/978-3-030-44372-6

183

184 Cognitive radio network (CRN) (cont.) system model, 92–94 TV white space, 115, 116 WANs, 113 Cognitive smart grid networks (CSGN), 114, 120 Command and control (C&C) channel, 24–26 Complexity, 42, 91, 171, 174, 178, 180, 181 Connection admission control (CAC) algorithm, 141 capacity extraction procedure, 143–144 conditions, 143 RT/NRT connection, 141 RT traffic class, 143 Contiki, 33, 34 D Denial of service attack (DoS), 23, 99, 102, 149, 151, 157 DPSK performance, 42, 46–48 E Energy consumption CEC, 60 cloud data center, 159 computational, 162 data rate transfer, 58 execution time, 165 MALO, 160 transmission, 66 Energy-efficient protocols Epidemic and MaxProp routing protocols, 66 messages ceaseless exchange of, 66 generation interval, 78–79 size, 76–78 number of nodes, 75–76 scaling method, 160 Epidemic routing protocol, 70, 72 comparative analysis, 75, 77 flooding-based routing, 76 performance analysis, 73, 74

F Fair-exchange contract-signing protocols, 3 crypto-currencies, 5

Index OFE (see Optimistic fair-exchange (OFE)) protocols, 2 TTP-dependent, 2 FMS attack, 173–174, 179, 180 Fog computing, 51–53, 57, 63, 125

G Gray hole intrusion detection system, 149, 151, 153, 157

H Home area networks (HANs), 113

I IDS model feature description, 152 model generation, 152–153 output prediction, 153 IEEE 802.11p, 81, 84, 89 iFogSim application model design, 54–57 implementation, 57–58 intelligent surveillance, 52 proposed model algorithm, 57 Intelligent surveillance, 52 Interference, 34, 36, 38, 92, 99, 103, 115, 120, 121 IoT cluster CH, 41 multi-head architecture, 42 See also Signal-to-noise ratio (SNR)

J Jamming attack LoRa wireless networks, 101 machine learning algorithm, 100, 103 model, 102 in vehicular networks, 100 wireless networks, 100 Jamming detection, 99–101, 105

K KiFlow, 24, 27–29

Index M Machine learning algorithm, 100, 102–108 AODV, 149 background, 150–151 implementation details, 153–155 jamming attacks, 100 MANET, 149 numerical results, 155, 157 related work, 151 Machine learning based intrusion detection system jamming attacks, 100 malicious behavior of nodes, 152 RF jamming classification, 109 Majority voting, 42, 43, 48, 103 Makespan, 159–162, 165 Malicious node, 149, 151–153, 155 Markovian channel models, 128, 136, 137 MaxProp routing protocol, 68–69 activity diagram modeling, 71 E-Epidemic routing protocols, 70 one-hop acknowledgment, 70 performance analysis, 73–75 Meta heuristics, 163 Minimum energy threshold, 70 Mobile ad hoc network (MANET), 149, 151, 153, 155, 157 Mobile cloud computing (MCC), 124, 127, 133 Mobile edge computing (MEC) capacity constraints, 125 communications system, 123 deployment, 131 5G-driven, 123, 124 public cloud service providers, 126 Mobile network operators (MNOs), 123–126, 132, 133 Mongoose bot botnet detection methods, 24 Storm, 23 HTTP, 24 KiFlow, 27–29 PuppetNets, 24 related work, 25 TOR, 26–27 Multi-head selection and data detection, 43 IoT clustering, 42, 48 Multi-objective ant lion optimization algorithm (MALO), 160, 163–166, 168 Multi-objective scheduling CDC, 159

185 energy consumption, 159 MALO and ALO, 160 problem formulation, 161–163 proposed approach, 163–165 related works, 160–161 results, 165–168 simulation, 165–168

N Network flow, 27, 29 Non-domination sort, 160, 161, 163 Non-repudiation, 1, 3, 19 NS3, 82, 85, 86, 89, 100

O One-hop acknowledgment, 7, 67, 69, 70, 72 The Onion Router (TOR) botmasters, 24 cross-platform botnet, 26–27 networking characteristics, 24 See also Mongoose bot Opportunistic network emulator (ONE), 73 Opportunistic networks (OppNets) energy-efficient HBPR, 69 human social characteristics, 66 message packets, 66 related work, 69 routing protocol E-Epidemic, 70, 72 E-MaxProp, 70, 71 Optimistic fair-exchange (OFE) assumptions, 8 blockchain, 5–8 comparison, 11–12 design goals, 8 rationale, 8–10 fair-exchanged protocols, 2 implementation and testing dataset description, 15 equipment specifications, 14 network creation, 14 off-chain exchange, 16 on-chain exchange, 16–19 motivation, 3–5 POO, 2 POR, 2 P2P, 1 related work, 3–5 sensitive data/documents, 1 TTP-dependent fair-exchange protocol, 2

186 P Packet reception ratio (PRR) beacon/report packets, 37 node density, 32 performance metric, 33 RPL and SDN-WISE, 35 Peer-to-peer (P2P) blockchain (see Blockchain) botnet, 24 centralized C&C server, 24 digitized data, 7 fair non-repudiation protocol, 1 health-related data, 14 hybrid architecture, 26 OFE (see Optimistic fair-exchange (OFE)) proposed scheme, 9 Performance evaluation digital technologies, 51 fog computing, 51–52 related work, 52–54 simulation results, 58–63 vehicle tracking system, 54 Personal health records (PHR), 3, 5, 7, 15, 16, 19 Physical layer jamming interferences, 99 parameters, 82 PLS, 91 Probabilistic routing protocol using History (PRoPHET), 66, 67, 69, 75–77, 79, 80 Processing intricacy, 172, 178–179 Processor cycles, 179–180 Proof of origin (POO), 2, 8–11, 16 Proof of receipt (POR), 2, 4, 5, 8–11, 16 Proposed RC4–FMS algorithm RC4FMS, 176, 177 RC4 variants, 176 PuppetNets, 24 Q Quality of service (QoS), 84, 85, 135–136, 141, 159, 161 R Radio resource management (RRM), 135 Rayleigh-fading channels, 42–44 RC4 algorithm cryptographic cipher, 172 encrypted code, 172 energy consumed, 180 FMS attack, 173–174 simulation parameters, 173

Index throughput, 180 variants effective RC4, 175–176 improved RC4, 174 RC4+, 174 Real-trace mobility model, 73 Reliability CRN, 119 energy maximization/minimization, 160 and security, 31 and stability, 117 wireless communication, 119 Resource utilization dynamic nature, 139 efficiency, 136 QoS requirements, 146 simulations, 144 See also Satellite network Routing protocol for low power and lossy networks (RPL) ad-hoc network, 31 PRR, 35 SDN, 32 SDN-WISE architecture, 34, 35 SD-WSN, 32 timeline, 36 and Zigbee, 33 Routing protocols AODV, 85, 151 energy-efficient, 66, 75–79 Epidemic, 67, 70, 72 MaxProp, 68–70 Run time, 174, 176, 180, 181

S Satellite network adaptive modulation, 140–141 CAC, 141–144 channel conditions prediction, 137–140 coding, 140–141 discussion, 144–146 QoS, 135–136 resource scheduling, 140–141 RRM, 135 simulation results, 144–146 system architecture, 136, 137 traffic classes, 136, 137 Secrecy outage probability (SOP), 92, 94–96 Security analysis confidentiality, 11 fairness, 10–11 timeliness, 11

Index Security-and location-aware VM management cost structure, 130 decision epochs and actions, 129 expected time, 129 performance metrics, 130–131 proposed mechanism, 127–128 state space, 128 system and traffic assumptions, 128 system state, 128 transition probabilities, 129 Signal-to-noise ratio (SNR) BER formulation, 43–44 BPSK performance, 44–46 CH, 41 cluster nodes, 42 data detection, 43 DPSK performance, 46–47 multi-head architecture, 42 selection, 43 numerical and simulation results, 47–48 signal’s strength, 140 SOP, 94 wireless communication, 41 Simulation, 107–109, 144–146 average latency of control loop, 59–60 Cooja simulator, 33 data transfer rate, 62–63 E-MaxProp, 73 energy consumption, 60 network usage, 60–61 numerical results, 47–48 performance parameters, 85–88 RAM usage, 61–62 Smart gray hole attack, 153 Smart grid communications, 119 CSGN, 114 dynamic spectrum allocation algorithm, 116–119 HANs, 113 joint spatial and temporal spectrum sharing, 119 next-generation power grid, 113 resource exchange, 117, 118 spectrum allocation techniques, 118 TV white space cognitive radio, 115, 116 WANs, 113 wide area networks, 115 Software defined wireless sensor networks (SDN-WISE) layers, 34 packets and leverages, 32

187 PRR, 35, 36 RPL, 32, 33 Spectrum sharing, 91, 119, 121, 122 Spray-and-Wait (S&W) routing protocol, 66, 69, 75–77, 80 Stream cipher, 176 SUMO, 82, 83, 85, 86, 89 T Transmission control protocol (TCP), 25, 34, 65 Trusted Third Party (TTP) fair-exchange protocol, 2 offline, 4 optimistic fair exchange, 2 probabilistic approach, 12 protocol, 3 V VANET background, 84, 85 detection and classification of jamming, 102 OBU, 81 related work, 83–84 results, 88, 89 simulation methodology, 85–88 V2I, 82 V2V network, 82 Vehicle to vehicle (V2V), 82, 84 Vehicle tracking system, 52, 54 Virtual machine (VM) management 5G-driven MEC deployment, 123, 124 literature review, 125–126 MCC, 124 MNOs, 123, 124 optimal policy analysis, 131–132 performance analysis, 132 security-and location-aware, 127–131 VMM mechanism, 125 W Wide area networks (WANs), 113, 120 Wireless ad-hoc network jamming attacks model, 100, 102 motivation, 102 PDR and RSS, 105–107 physical and MAC layer protocols, 99 simulation results, 107–109 system design, 103, 104 VANETS, 99

188 Wireless sensor network (WSN) experimental setup, 33–35 performance metric, 33 related work, 32–33 results and analysis, 35–38 SDN, 31

Index SDN-WISE system, 31 SD-WSN, 32 See also Software defined wireless sensor networks (SDN-WISE) Workflow scheduling, 159–161, 163, 165