Wireless systems are an integral part of aviation. Apart from their apparent use in air-to-ground communication, wireless systems play a crucial role in avionic functions including navigation and landing. An interference-free wireless environment is therefore critical for the uninterrupted operation and safety of an aircraft. Hence, there is an urgency for airport facilities to acquire the capability to continuously monitor aviation frequency bands for real-time detection of interference and anomalies. To meet this critical need, we design and build AviSense, an SDR-based real-time, versatile system for monitoring aviation bands. AviSense detects and characterizes signal activities to enable practical and effective anomaly detection. We identify and tackle the challenges posed by a diverse set of critical aviation bands and technologies. We evaluate our methodology with real-world aviation signal measurements and two custom datasets of anomalous signals. We find that our signal classification capability achieves a true positive rate of ∼99%, with few exceptions, and a false positive rate of less than 4%. We also demonstrate that AviSense can effectively distinguish between different types of anomalies. We build and evaluate a prototype implementation of AviSense that supports distributed monitoring.

We consider the radio window attack, a privacy threat in which an attacker monitors the wireless link over a period of time, recording the channel state information (CSI) across multiple packets and uses a model to detect, estimate, or classify human movements. To prevent such privacy attacks on a wireless channel, we propose modifying radio training (MoRTr), a novel system for Wi-Fi MIMO-OFDM devices that alters transmitted symbols over time, space and frequency via a pseudo-random process that mimics the changes due to human activity, particularly the training symbols that are used to measure the wireless channel by the receiver. We perform extensive experiments to demonstrate that an attacker is thwarted by the approach. At the same time, we demonstrate that any receiver is able to use its measured CSI to demodulate the data without any significant degradation in performance, despite the fact that the receiver is not measuring the true CSI.

We present DeepRadar, a novel deep-learning-based environmental sensing capability system for detecting radar signals and estimating their spectral occupancy. DeepRadar makes decisions in real-time and maintains continuous operability by adapting its computations based on the available computing resources. We thoroughly evaluate DeepRadar using a variety of test data at different signal-to-interference ratio (SIR) levels. Our evaluation results show that at 20 dB peak-to-average SIR, per MHz, DeepRadar detects radar signals with 99% accuracy and misses only less than 2 MHz, on average, while estimating their spectral occupancy. Our implementation of DeepRadar using a commercial-off-the-shelf software-defined radio also achieves a similarly high detection accuracy.

A malicious attacker could, by taking control of internet-of-things devices, use them to capture received signal strength (RSS) measurements and perform surveillance on a person’s vital signs, activities, and sound in their environment. This article considers an attacker who looks for subtle changes in the RSS in order to eavesdrop sound vibrations. The challenge to the adversary is that sound vibrations cause very low amplitude changes in RSS, and RSS is typically quantized with a significantly larger step size. This article contributes a lower bound on an attacker’s monitoring performance as a function of the RSS step size and sampling frequency so that a designer can understand their relationship. Our bound considers the little-known and counter-intuitive fact that an adversary can improve their sinusoidal parameter estimates by making some devices transmit to add interference power into the RSS measurements. We demonstrate this capability experimentally. As we show, for typical transceivers, the RSS surveillance attacker can monitor sound vibrations with remarkable accuracy. New mitigation strategies will be required to prevent RSS surveillance attacks.

Industrial control systems (ICS) are becoming more integral to modern life as they are being integrated into critical infrastructure. These systems typically lack application layer encryption and the placement of common network intrusion services have large blind spots. We propose the novel architecture, Cloud Based Intrusion Detection and Prevention System (CB-IDPS), to detect and prevent threats in ICS networks by using software defined networking (SDN) to route traffic to the cloud for inspection using network function virtualization (NFV) and service function chaining. CB-IDPS uses Amazon Web Services to create a virtual private cloud for packet inspection. The CB-IDPS framework is designed with considerations to the ICS delay constraints, dynamic traffic routing, scalability, resilience, and visibility. CB-IDPS is presented in the context of a micro grid energy management system as the test case to prove that the latency of CB-IDPS is within acceptable delay thresholds. The implementation of CB-IDPS uses the OpenDaylight software for the SDN controller and commonly used network security tools such as Zeek and Snort. To our knowledge, this is the first attempt at using NFV in an ICS context for network security.

Software-defined radios (SDRs) are often used in the experimental evaluation of next-generation wireless technologies. While crowd-sourced spectrum monitoring is an important component of future spectrum-agile technologies, there is no clear way to test it in the real world, i.e., with hundreds of users each carrying an SDR while uploading data to a cloud-based controller. Current fully functional SDRs are bulky, with components connected via wires, and last at most hours on a single battery charge. To address the needs of such experiments, we design and develop a compact, portable, untethered, and inexpensive SDR we call Sitara. Our SDR interfaces with a mobile device over Bluetooth 5 and can function standalone or as a client to a central command and control server. The Sitara offers true portability: it operates up to one week on battery power, requires no external wired connections and occupies a footprint smaller than a credit card. It transmits and receives common waveforms, uploads IQ samples or processed receiver data through a mobile device to a server for remote processing and performs spectrum sensing functions. Multiple Sitaras form a distributed system capable of conducting experiments in wireless networking and communication in addition to RF monitoring and sensing activities. In this paper, we describe our design, evaluate our solution, present experimental results from multi-sensor deployments and discuss the value of this system in future experimentation.

With the tremendous increase in the use of wireless devices, understanding the surrounding wireless/RF environment is becoming essential for many application areas. In this work, we develop the technical building blocks needed for a spectrum monitoring system that can incrementally learn about the signals present in a deployed environment. We achieve "incremental learning (IL)" by identifying and grouping the new/unknown signals and, automatically building new machine learning (ML) models for detecting them. A thorough evaluation of our approach demonstrates its adaptability and high accuracy with signal data from several over-the-air scenarios.

We design and build a protocol called on-off noise power communication (ONPC), which modifies the software in commodity packet radios to allow communication, independent of their standard protocol, at a very slow rate at long range. To achieve this long range, we use the transmitter as an RF power source that can be on or off if it does or does not send a packet, respectively, and a receiver that repeatedly measures the noise and interference power level. We use spread spectrum techniques on top of the basic on/off mechanism to overcome the interference caused by other devices’ channel access to provide long ranges at a much lower data rate. We implement the protocol on top of commodity WiFi hardware. We discuss our design and how we overcome key challenges such as non-stationary interference, carrier sensing and hardware timing delays. We test ONPC in several situations to show that it achieves significantly longer range than standard WiFi.

We design and build FEAT, a new scaling approach that uses (1) cloud functions as interim processing resources to compensate for VM launch delays and (2) a reactive, knobless, auto-scaling algorithm that requires no pre-specified thresholds or parameters, making it robust against changing load. We implement FEAT on AmazonWeb Services (AWS) and Microsoft Azure. Our evaluations clearly demonstrate the higher performance and robustness of FEAT in comparison to existing approaches.

Smart meters record power consumption data at every minute or even every second. This fine-grained data on electricity usage exposes private information about the residents of the house like the number of occupants, times of occupancy, appliance information, and much more. A solution to obscure this data is to add a battery to each home and use it strategically to manipulate the readings observed at the smart meter. Deploying such a solution at a large scale can result in sudden peaks in the energy usage. This is an alarming concern for the electric utility companies as this may cause outages, making the grid unstable. This paper is the first to expose this shortcoming and propose algorithms to mitigate the problem while maintaining the privacy of the residents. Furthermore, this paper shows that the proposed algorithms are more effective in preserving privacy than existing ones while reducing the peak load.

Live video upstreaming refers to the flow of live data in the upstream direction from mobile devices to other entities across the Internet and has found use in many modern applications such as remote driving, the recent social media trend of live video broadcasting along with the traditional applications of video calling/conferencing. Combined with the high definition video capturing capabilities of modern mobile devices, live video upstreaming is creating more upstream data traffic then what present day cellular networks are equipped to support, often resulting in sub-optimal video experience, especially in remote or crowded areas with low cellular connectivity and no WiFi. We propose that instead of using its single cellular connection, a mobile device connects to multiple nearby mobile devices and splits the live video data over the cellular bandwidth of these devices using Multipath TCP protocol. The use of MPTCP, for upstreaming live video data, has largely remained unexplored especially for scenarios where WiFi connectivity is not available. We use wireless interface virtualization, offered by Linux, to enable Multipath TCP to scale and connect to a large number of cellular devices. We design and build a system that is able to assess the instantaneous bandwidth of all the connected cellular devices/hotspots and uses the set of the most capable cellular devices for splitting and forwarding the live video data. We test our system in various settings and our experiments show that our system greatly increases the bandwidth and reliability of TCP connections in most cases and in cases where there is a significant difference in the throughput across cellular hotspots, our solution is able to recognize and isolate the better performing cellular hotspots to provide a stable throughput.

We design and build EpiFi, a novel architecture for in-home sensor networks which allows epidemiologists to easily design and deploy exposure sensing systems in homes. We work collaboratively with pediatric asthma researchers to design multiple studies and deploy EpiFi in homes. Here, we report on experiences from two years of deployments in 15 homes, of two different types of studies, including many deployments continuously monitored over the past 11 months. Based on lessons learned from these deployments and researchers, we develop a new mechanism for sensors to bootstrap their connectivity to a subject's home WiFi router and implement data reliability mechanisms to minimize loss in the network through a long-term deployment.

The ability to monitor the wireless spectrum in real-time is important in a variety of environments including high-security and control-system environments such as power plants and military facilities, as well as shared spectrum environments such as the 3.5 GHz band model that was announced by the Federal Communications Commission (FCC). In all of these cases, real-time detection and classification of signals while minimizing missed detections and misclassifications is paramount. Motivated by these important applications, we built a real-time system for spectrum monitoring and analysis which uses GNU Radio and Universal Software Radio Peripheral (USRP) X310s. In this paper, we focus on the GNU Radio-specific implementation challenges we face as well as the approaches we take to tackle these challenges. We also present our experiences with our implementation. We show that in some instances, particularly message passing, we can achieve a substantial improvement in processing performance by using alternative mechanisms, including Qt Signals and Slots (yielding a 78x performance improvement) and treating streams of data as strings, or by simply improving upon the existing code such as switching to using VOLK.

We address the problem of location privacy in the context of crowdsourced localization of spectrum offenders where participating receivers report received signal strength (RSS) measurements and their location to a central controller. We present a novel approach, that we call the adjusted measurement approach, in which we generate pseudo-locations for participating receivers and report these pseudo-locations along with adjusted RSS measurements as if the measurements were made at the pseudo-locations. The RSS values are adjusted by representing those as a weighted linear combination of the RSS values at the receivers, where receivers closer to the false location have a higher weight than those far away. We use two RSS datasets, one from a cluttered office (indoor) and another from roadways in Phoenix, Arizona (outdoor) to evaluate our approach. We compare the localization error of our approach with that of the naive approach that simply adds noise to locations. Our results demonstrate that location privacy can be preserved without a significant increase in the localization error. We also formulate an adversary attack that attempts to solve the inverse problem of determining the true locations of the receivers from their false locations. Our evaluations show that the adversary does no better than random guessing of true locations in the monitored area.

When several internet-of-things devices are required to be installed in a smart home, significant effort is required to provide each device with the association information for the home's wireless router. We design and build a novel protocol called Secure Transfer of Association Protocol (STRAP), which securely bootstraps connectivity between a set of deployed WiFi devices and a home's wireless router. We show that STRAP works in a variety of environments and is faster than conventional methods for connecting WiFi devices to home wireless routers.

The idea of open access networks is gradually becoming a reality with a large number of municipalities and communities deploying their own open network. In the open access network model, the municipality/community can act as the network operator and a multitude of services can be provided to the end users over the deployed infrastructure. In this age of wireless networks and mobile users, WiFi must also be an integral part of the open access network. We discuss the need for designing WiFi from the point of view of open access networks. We identify the aspects of WiFi that need to be modified and the challenges that arise due to these modifications. We address these challenges by presenting a simple, yet novel design for enabling WiFi in open access networks using SDN and access point virtualization. Ours is the first attempt towards integrating open access networks and WiFi. We implement a preliminary prototype of our design in the Emulab test bed and successfully verify its operation.

The current mechanisms for locating spectrum offenders are time consuming, human-intensive, and expensive. In this paper, we propose a novel approach to locate spectrum offenders using crowdsourcing. In such a participatory sensing system, privacy and bandwidth concerns preclude distributed mobile sensing devices from reporting raw signal samples to a central agency; instead, devices would be limited to measurements of received power. However, this limit enables a smart attacker to evade localization by simultaneously transmitting from multiple infected devices. Existing localization methods are insufficient or incapable of locating multiple sources when the powers from each source cannot be separated at the receivers. In this paper, we first propose a simple and efficient method that simultaneously locates multiple transmitters using the received power measurements from mobile devices. Second, we build sampling approaches to select mobile sensing devices required for localization. Next, we enhance our sampling to also take into account incentives for participation in crowdsourcing. We experimentally evaluate our localization framework under a variety of settings and find that we are able to localize multiple sources transmitting simultaneously with reasonably high accuracy in a timely manner.

Growing demand for data and increasing number of devices are drastically changing the scale of operation in mobile networks. Future services and business models require efficient provisioning with enhanced traffic management. It is hard to meet these requirements on today’s mobile networks that are deployed over specialized hardware. While operators are keen to adopt NFV (Network Function Virtualization) to virtualize their networks, virtualized mobile network deployments face a few technical barriers. To address these challenges, we design SCOPE that effectively applies concepts from SDN and distributed systems to realize NFV-based LTE core networks. Using centralized allocation, SCOPE effectively manages the resources across multiple telecom data-centers in a way to meet the traffic requirements. To enforce the computed allocations, SCOPE includes flexible and efficient mechanisms to configure the data-plane. With full compliance to 3GPP- based protocols, SCOPE ensures faster and cost- effective deployments. The efficacy of SCOPE is shown using a prototype implementation and large-scale simulations.

Active queue management (AQM) algorithms preemptively drop packets to prevent unnecessary delays through a network while keeping utilization high. Many AQM ideas have been proposed, but none have been widely adopted because these rely on pre-specification or pre-tuning of parameters and thresholds that do not necessarily adapt to dynamic network conditions. We develop an AQM algorithm that relies only on network runtime measurements and a natural threshold, the knee on the delay-utilization curve. We call our AQM algorithm Delay Utilization Knee (DUK) based on its key characteristic of keeping the system operating at the knee of the delay- utilization curve. We implement and evaluate DUK in the Linux kernel in a testbed, that we build, and in the ns-3 network simulator. We find that DUK can attain reduced queuing delay and reduced flow completion times compared to other algorithms with virtually no reduction in link utilization under varying network conditions.

Radio network information is leaked well beyond the perimeter in which the radio network is deployed. We investigate attacks where person location can be inferred using the radio characteristics of wireless links (e.g., the received signal strength). An attacker can deploy a network of receivers which measure the received signal strength of the radio signals transmitted by the legitimate wireless devices inside a perimeter, allowing the attacker to learn the locations of people moving in the vicinity of the devices inside the perimeter. In this paper, we develop the first solution to this location privacy problem where neither the attacker nodes nor the tracked moving object transmit any RF signals. We first model the radio network leakage attack using a Stackelberg game. Next, we define utility and cost functions related to the defender and attacker actions. Last, using our utility and cost functions, we find the optimal strategy for the defender by applying a greedy method. We evaluate our game theoretic framework using experiments and find that our approach significantly reduces the chance of an attacker determining the location of people inside a perimeter.

We propose a game theoretic framework for task allocation in mobile cloud computing that corresponds to offloading of compute tasks to a group of nearby mobile devices. Specifically, in our framework, a distributor node holds a multidimensional auction for allocating the tasks of a job among nearby mobile nodes based on their computational capabilities and also the cost of computation at these nodes, with the goal of reducing the overall job completion time. Our proposed auction also has the desired incentive compatibility property that ensures that mobile devices truthfully reveal their capabilities and costs and that those devices benefit from the task allocation. To deal with node mobility, we perform multiple auctions over adaptive time intervals. We develop a heuristic approach to dynamically find the best time intervals between auctions to minimize unnecessary auctions and the accompanying overheads. We evaluate our framework and methods using both real world and synthetic mobility traces. Our evaluation results show that our game theoretic framework improves the job completion time by a factor of 2-5 in comparison to the time taken for executing the job locally, while minimizing the number of auctions and the accompanying overheads. Our approach is also profitable for the nearby nodes that execute the distributor's tasks with these nodes receiving a compensation higher than their actual costs.

We design and build a system we call mobiLivUp, that utilizes nearby smartphones to improve live wide-area video upstreaming. In mobiLivUp, to distribute the video to nearby devices, the video streaming device creates a small wireless network using Wi-Fi Direct. Other devices then connect to this network. Parts of the video stream are sent to these connected devices, which then upload their parts to a location in the wide-area network using their cellular connections. We develop algorithms and methods to effectively distribute video data to nearby nodes and for incentivizing cooperation from these nodes. We test our system through trace-driven simulation and implementation in various settings. Our experiments show that, in general, mobiLivUp increases the aggregate video throughput, depending on the number of nodes forwarding data and their data rates.

High performance edge networks, such as fiber-to-the-premises (FTTP), are increasingly being deployed by municipalities and communities to support advanced services and applications. The complexity of operating these networks often means that their full potential is not being reached and they are relegated to being fast access pipes to the Internet. In this paper, we present our work on OpenEdge, a dynamic and secure open service edge network architecture. OpenEdge provides a control architecture that automates the configuration of the edge network in a cloud-like manner to simplify the introduction of new network services and applications.

Network management tasks remain tedious and error-prone, and often require complex reasoning on the part of the network administrator. With KnowNet we address the challenge of reasoning about network management by approaching it as a set of cooperating applications executing over a knowledge graph which captures data and information about the network and the applications that manage and reason over it. We apply our approach to enterprise network management by developing a suite of cooperating applications that deals with security and application performance management in an enterprise network.

In addition to growth of data traffic, mobile networks are bracing for a significant rise in the control-plane signaling. While a complete re-design of the network to overcome inefficiencies may help alleviate the effects of signaling, our goal is to improve the design of the current platform to better manage the signaling. To meet our goal, we combine two key trends. Firstly, mobile operators are keen to transform their networks with the adoption of Network Function Virtualization (NFV) to ensure economies of scales. Secondly, growing popularity of cloud computing has led to advances in distributed systems. In bringing these trends together, we solve several challenges specific to the context of telecom networks. We present SCALE - A framework for effectively virtualizing the MME (Mobility Management Entity), a key control-plane element in LTE. SCALE is fully compatible with the 3GPP protocols, ensuring that it can be readily deployed in today's networks. SCALE enables (i) computational scaling with load and number of devices, and (ii) computational multiplexing across data centers, thereby reducing both, the latencies for control-plane processing, and the VM provisioning costs. Using an LTE prototype implementation and large-scale simulations, we show the efficacy of SCALE.

Device-free localization (DFL) systems locate a person in an environment by measuring the changes in received signals on links in a wireless network. A fingerprint-based DFL method collects a training database of measurement fingerprints and uses a machine learning classifier to determine a person’s location from a new fingerprint. However, as the environment changes over time due to furniture or other objects being moved, the fingerprints diverge from those in the database. This paper addresses, for DFL methods that use received signal strength as measurements, the degradation caused as a result of environmental changes. We perform experiments to quantify how changes in an environment affect accuracy, through a repetitive process of randomly moving an item in a residential home and then conducting a localization experiment, and then repeating. We quantify the degradation and consider ways to be more robust to environmental change. We find that the localization error rate doubles, on average, for every six random changes in the environment. We find that the random forests classifier has the lowest error rate among four tested. We present a correlation method for selecting channels, which decreases the localization error rate from 4.8% to 1.6%.

When traffic arrives from the network for an idled mobile device, the network executes device activation procedures to wake the device up. Current device activation mechanisms are ill suited to support the expected growth of machine-to-machine (M2M) devices and traffic. We propose an adaptive device activation architecture for LTE/EPC cellular networks that adapts to network conditions and M2M application requirements to realize scalable device activation without increasing the resources used for this purpose. Our evaluation shows that our adaptive approach enables the network to handle M2M applications with a large number of devices without negatively impacting existing human-to-human (H2H) and human-to-machine (H2M) traffic.

We propose a novel malware detection application - SocialScan - which enables friend-to-friend (f2f) malware scanning services among social peers, with scanning resource sharing governed by levels of social altruism. We show that with f2f sharing of resources, SocialScan achieves a 65% increase in the detection rate of 0- to 1-day- old malware among social peers as compared to the the detection rates of individual scanners. We also show that SocialScan provides greatly enhanced malware protection to social hubs.

The popularity of smartphones and smartphone applications means that data is the dominant traffic type in current mobile networks. In this paper we present our work on a systematic investigation into facets of the LTE/EPC architecture that impact the performance of TCP as the predominant transport layer protocol used by applications on mobile networks. We found that (1) load increase in a cell causes dramatic bandwidth reduction on UEs and significantly degrades TCP performance, (2) seamless handover causes significant TCP losses while lossless handover increases TCP segments' delay.

We investigate the ability of an attacker to passively use an otherwise secure wireless network to detect moving people through walls. We call this attack on privacy of people a "monitoring radio windows" (MRW) attack. We design and implement the MRW attack methodology to reliably detect when a person crosses the link lines between the legitimate transmitters and the attack receivers, by using physical layer measurements. We also develop a method to estimate the direction of movement of a person from the sequence of link lines crossed during a short time interval. Additionally, we describe how an attacker may estimate any artificial changes in transmit power (used as a countermeasure), compensate for these power changes using measurements from sufficient number of links, and still detect line crossings. We implement our methodology on WiFi and ZigBee nodes and experimentally evaluate the MRW attack by passively monitoring human movements through external walls in two real-world settings. We find that %our methods an attacker may achieve close to 100% accuracy in detecting line crossings and determining direction of motion, even through reinforced concrete walls.

Bluetooth has found widespread adoption in phones, wireless headsets, stethoscopes, glucose monitors, and oximeters for communication of, at times, very critical information. However, the link keys and encryption keys in Bluetooth are ultimately generated from a short 4 digit PIN, which can be cracked off-line. We develop an alternative for secure communication between Bluetooth devices using the symmetric wireless channel characteristics. Existing approaches to secret key extraction primarily use measurements from a fixed, single channel (e.g., a 20 MHz WiFi channel); however in the presence of heavy WiFi traffic, the packet exchange rate in such approaches can reduce as much as 200 x. We build and evaluate a new method, which is robust to heavy WiFi traffic, using a very wide bandwidth (B >> 20 MHz) in conjunction with random frequency hopping. We implement our secret key extraction on two Google Nexus One smartphones and conduct numerous experiments in indoor-hallway and outdoor settings. Using extensive real-world measurements, we show that outdoor settings are best suited for secret key extraction using Bluetooth. We also show that even in the absence of heavy WiFi traffic, the performance of secret key generation using Bluetooth is comparable to that of WiFi while using much lower transmit power.

In this paper, our goal is to develop approaches to reduce the energy consumption in Radio Tomographic Imaging (RTI)-based methods for device free localization without giving up localization accuracy. Our key idea is to only measure those links that are near the current location of the moving object being tracked. We propose two approaches to find the most effective links near the tracked object. In our first approach, we only consider links that are in an ellipse around the current velocity vector of the moving object. In our second approach, we only consider links that cross through a circle with radius r from the current position of the moving object. Thus, rather than creating an attenuation image of the whole area in RTI, we only create the attenuation image for effective links in a small area close to the current location of the moving object. We also develop an adaptive algorithm for determining r. We evaluate the proposed approaches in terms of energy consumption and localization error in three different test areas. Our experimental results show that using our approach, we are able to save 50% to 80% of energy. Interestingly, we find that our radius-based approach actually increases the accuracy of localization.

Secret key establishment is a fundamental requirement for private communication between two entities. In this article, we propose and evaluate a new approach for secret key extraction where multiple sensors collaborate in exchanging probe packets and collecting channel measurements. Essentially, measurements from multiple channels have a substantially higher differential entropy compared to the measurements from a single channel, thereby resulting in more randomness in the information source for key extraction, and this in turn produces stronger secret keys. We also explore the fundamental trade-off between the quadratic increase in the number of measurements of the channels due to multiple nodes per group versus a linear reduction in the sampling rate and a linear increase in the time gap between bidirectional measurements. To experimentally evaluate collaborative secret key extraction in wireless sensor networks, we first build a simple yet flexible testbed with multiple TelosB sensor nodes. Next, we perform large- scale experiments with different configurations of collaboration. Our experiments show that in comparison to the 1 × 1 configuration, collaboration among sensor nodes significantly increases the secret bit extraction per second, per probe, as well as per millijoule of transmission energy. In addition, we show that the collaborating nodes can improve the performance further when they exploit both space and frequency diversities.

This paper shows experimentally that standard wireless networks which measure received signal strength (RSS) can be used to reliably detect human breathing and estimate the breathing rate, an application we call "BreathTaking". We show that although an individual link cannot reliably detect breathing, the collective spectral content of a network of devices reliably indicates the presence and rate of breathing. We present a maximum likelihood estimator (MLE) of breathing rate, amplitude, and phase, which uses the RSS data from many links simultaneously. We show experimental results which demonstrate that reliable detection and frequency estimation is possible with 30 seconds of data, within 0.3 breaths per minute (bpm) RMS error. Use of directional antennas is shown to improve robustness to motion near the network.

Configuration errors are the most significant cause of failure in networks. Little research has been devoted to preventing network configuration errors using device fingerprints. We demonstrate how they can be used to prevent information from being incorrectly routed in an IEEE 802.15.4 beacon-enabled wireless sensor network with multiple coordinators. To determine if they are appropriate for this application, we investigate the number of unique fingerprints that clock skew and radio frequency characteristics provide.

Orthogonal frequency division multiplexing (OFDM), widely recommended for sharing the spectrum among different nodes in a dynamic spectrum access network, imposes tight timing and frequency synchronization requirements. We examine the use of filterbank multicarrier (FBMC), a somewhat lesser known and understood alternative, for dynamic spectrum access. FBMC promises very low out-of-band energy of each subcarrier signal when compared to OFDM. In order to fully understand and evaluate the promise of FBMC, we first examine the use of special pulse-shaping filters of the FBMC PHY layer in reliably transmitting data packets at a very high rate. Next, to understand the impact of FBMC beyond the PHY layer, we devise a distributed and adaptive medium access control (MAC) protocol that coordinates data packet traffic among the different nodes in the network in a best-effort manner. Using extensive simulations, we show that FBMC consistently achieves at least an order of magnitude performance improvement over OFDM in several aspects including packet transmission delays, channel access delays, and effective data transmission rate available to each node in static, indoor settings. Using measurements of power spectral density and high data rate transmissions from a transceiver that we build using our National Instruments hardware platform, we show that while FBMC can decode/distinguish all the received symbols without any errors, OFDM cannot. Finally, we also examine the use of FBMC in a vehicular network setup. We find that FBMC achieves an order of magnitude performance improvement over large distances in this setup as well. Furthermore, in the case of multihop vehicular networks, FBMC can achieve about 20 × smaller end-to-end data packet delivery delays and relatively low packet drop probabilities. In summary, FBMC offers a much higher performing alternative to OFDM for networks that dynamically share the spectrum among multiple nodes.

We evaluate the effectiveness of secret key extraction, for private communication between two wireless devices, from the received signal strength (RSS) variations on the wireless channel between the two devices. We use real world measurements of RSS in a variety of environments and settings. The results from our experiments with 802.11-based laptops show that in certain environments, due to lack of variations in the wireless channel, the extracted bits have very low entropy making these bits unsuitable for a secret key, an adversary can cause predictable key generation in these static environments, and in dynamic scenarios where the two devices are mobile, and/or where there is a significant movement in the environment, high entropy bits are obtained fairly quickly. Building on the strengths of existing secret key extraction approaches, we develop an environment adaptive secret key generation scheme that uses an adaptive lossy quantizer in conjunction with Cascade-based information reconciliation and privacy amplification. Our measurements show that our scheme, in comparison to the existing ones that we evaluate, performs the best in terms of generating high entropy bits at a high bit rate. The secret key bit streams generated by our scheme also pass the randomness tests of the NIST test suite that we conduct. We also build and evaluate the performance of secret key extraction using small, low-power, hand-held devices-Google Nexus One phones-that are equipped 802.11 wireless network cards. Last, we evaluate secret key extraction in a multiple input multiple output (MIMO)-like sensor network testbed that we create using multiple TelosB sensor nodes. We find that our MIMO-like sensor environment produces prohibitively high bit mismatch, which we address using an iterative distillation stage that we add to the key extraction process. Ultimately, we show that the secret key generation rate is increased when multiple sensors are involved in the key extraction process.

Radio frequency (RF) sensor networks are wireless sensor networks (WSNs) which use only the received signal strength (RSS) to perform tasks such as device-free localization (DFL) and tracking of individuals. In these systems, people to be located do not participate in the localization effort by carrying any radio device or sensor. Instead, a static deployed wireless network measures RSS on its links and locates people based on the variations caused by the movements of people in the monitored area. In this paper, we present features and functioning of an RF sensor network deployed in a home for indoor localization and tracking for ambient assisted living (AAL). Our system is composed of low-power IEEE 802.15.4 transceivers, operating in the 2.4 GHz ISM band, that collect and process RSS data in real-time and estimate the locations of people over time.

Variance-based Radio Tomographic Imaging (VRTI) is an emerging technology that locates moving objects in areas surrounded by simple and inexpensive wireless sensor nodes. VRTI uses human motion induced variation in RSS and spatial correlation between link variations to locate and track people. An artificially induced power variations in the deployed network by an adversary can introduce unprecedented errors in localization process of VRTI and, given the critical applications of VRTI, can potentially lead to serious consequences including loss of human lives. In this paper, we tackle the problem of detecting malicious receivers that report false RSS values to induce artificial power variations in a VRTI system. We use the term “Receiver Attack” to refer to such malicious power changes. We use a combination of statistical hypothesis testing and heuristics to develop real-time methods to detect receiver attack in a VRTI system. Our results show that we can detect receiver attacks of reasonable intensity and identify the source(s) of malicious activity with very high accuracy.

Orthogonal frequency division multiplexing (OFDM), widely recommended for sharing the spectrum among different nodes in a dynamic spectrum access network, imposes tight timing and frequency synchronization requirements. We examine the use of filterbank multicarrier (FBMC), a somewhat lesser known and understood alternative, for dynamic spectrum access. FBMC promises very low out-of-band energy of each subcarrier signal when compared to OFDM. In order to fully understand and evaluate the promise of FBMC, we first examine the use of special pulse shaping filters of the FBMC PHY layer in reliably transmitting data packets at a very high rate. Next, to understand the impact of FBMC beyond the PHY layer, we devise a distributed and adaptive medium access control (MAC) protocol that coordinates data packet traffic among the different nodes in the network in a best effort manner. Using extensive simulations, we show that FBMC consistently achieves at least an order of magnitude performance improvement over OFDM in several aspects including packet transmission delays, channel access delays, and effective data transmission rate available to each node. Using measurements of power spectral density and high data rate transmissions from a transceiver that we build using our National Instruments hardware platform, we show that while FBMC can decode/distinguish all the received symbols without any errors, OFDM cannot. In summary, FBMC offers a much higher performing alternative to OFDM for networks that dynamically share the spectrum among multiple nodes.

A radio channel-based location distinction system monitors physical layer measurements of received signals to detect if a transmitter has changed position since its previous transmission. This paper explores the design space for MIMO-based location distinction systems. Using extensive channel measurements collected with two different MIMO testbeds, we make several observations about the tradeoffs inherent in MIMO location distinction, and the scaling of performance with respect to bandwidth, history size and insertion delay, and number of antenna elements. We show that MIMO location distinction is very reliable. For example, a 2×2 MIMO channel with a bandwidth of 80 MHz allows a 64-fold reduction in miss rate over the single-input single-output (SISO) channel for a fixed false alarm rate, achieving false alarm rates as low as 4 × 10-4 for a 2.4 × 10-4 probability of missed detection.

New techniques in cross-layer wireless networks are building demand for ubiquitous channel sounding, that is, the capability to measure channel impulse response (CIR) with any standard wireless network and node. Towards that goal, we present a software-defined IEEE 802.11b receiver and CIR measurement system with little additional computational complexity compared to 802.11b reception alone. The system implementation, using the universal software radio peripheral (USRP) and GNU Radio, is described and compared to previous work. We validate the CIR measurement system and present the results of a measurement campaign which measures millions of CIRs between WiFi access points and a mobile receiver in urban and suburban areas.

Orthogonal frequency-division multiplexing (OFDM), widely recommended for sharing the spectrum among different nodes in a dynamic spectrum access network, imposes tight timing and frequency synchronization requirements. We examine the use of filterbank multicarrier (FBMC), a some-what lesser known and understood alternative, for dynamic spectrum access in vehicular networks. FBMC promises very low out-of-band energy of each subcarrier signal when compared to OFDM. In order to fully understand and evaluate the promise of FBMC in mobile, outdoor settings, we first examine the use of special pulse shaping filters of the FBMC PHY layer in reliably transmitting data packets at a very high rate. Next, to gain an understanding of the cross-layer performance of FBMC, as well as to understand its impact beyond the PHY layer, we build a discrete event simulator using realistic models. Using extensive simulations, we show that FBMC consistently achieves an order of magnitude performance improvement over OFDM in terms of packet transmission delays and effective data transmission rate available to each node, over large distances in comparison to OFDM. Finally, our analysis in the case of multi-hop networks shows that FBMC can achieve about 20x smaller end-to-end data packet delivery delays, and relatively low packet drop probabilities in comparison to OFDM. In summary, our results can serve as guidelines for designing ad hoc, dynamic spectrum access communication standards for future vehicular networks.

Emergency "911" service is a critical function provided in the PSTN, cellular and VOIP networks. Wi-Fi, despite its growing importance, has no such service. In this paper, we develop a 911-like service for Wi-Fi capable devices, enabling them to send emergency messages through any available hotspot or access point. Our service makes use of existing 802.11 management frames and does not require the client device to associate or authenticate with the access point; this makes it available even on protected networks to which the client would not normally have access, even encrypted ones. This design ensures maximum potential reach and usability, and helps to increase public safety.

Measurements of received signal strength (RSS) on wireless links provide position information in various localization systems, including multilateration-based and fingerprint-based positioning systems, and device-free localization systems. Existing localization schemes assume a fixed or known transmit power. Therefore, any variation in transmit power can result in error in location estimate. In this paper, we present a generic framework for detecting power attacks and identifying the source of such transmit power variation. Our results show that we can achieve close to zero missed detections and false alarms with RSS measurements of only 50 transmissions. We also present an analysis of trade-off between accuracy and latency of detection for our method.

Perimeter distinction in a wireless network is the ability to distinguish locations belonging to different perimeters. It is complementary to existing localization techniques. A draw-back of the localization method is that when a transmitter is at the edge of an area, an algorithm with isotropic error will estimate its location in the wrong area at least half of the time. In contrast, perimeter distinction classifies the location as being in one area or the adjacent regardless of the transmitter position within the area. In this paper, we use the naturally different wireless fading conditions to accurately distinguish locations across perimeters. We examine the use of two types of wireless measurements: received signal strength (RSS) and wireless link signature (WLS), and propose multiple methods to retain good distinction rates even when the receiver faces power manipulation by malicious transmitters. Using extensive measurements of indoor and outdoor perimeters, we find that WLS outperforms RSS in various fading conditions. Even without using signal power WLS can achieve accurate perimeter distinction up to 80%. When we train our perimeter distinction method with multiple measurements within the same perimeter, we show that we are able to improve the accuracy of perimeter distinction, up to 98%.

We investigate location distinction, the ability of a receiver to determine when a transmitter has changed location, which has application for energy conservation in wireless sensor networks, for physical security of radio- tagged objects, and for wireless network security in detection of replication attacks. In this paper, we investigate using a measured temporal link signature to uniquely identify the link between a transmitter (TX) and a receiver (RX). When the TX changes location, or if an attacker at a different location assumes the identity of the TX, the proposed location distinction algorithm reliably detects the change in the physical channel. This detection can be performed at a single RX or collaboratively by multiple receivers. We use 9,000 link signatures recorded at different locations and over time to demonstrate that our method significantly increases the detection rate and reduces the false alarm rate, in comparison to existing methods. We present a procedure to estimate the mutual information in link and link signature using the Edgeworth approximation. For the measured data set, we show that approximately 66 bits of link information is contained in each measured link signature.

Social networks can serve as an effective mechanism for distribution of vulnerability patches and other malware immunization code. We propose a novel approach—SocialSwarm—by which peers exploit distances to their social peers to approximate levels of altruism and to collaborate on flash distribution of large files. SocialSwarm supports heterogeneous BitTorrent swarms of mixed social and non-social peers. We implement SocialSwarm as an extension to the Rasterbar libtorrent library—widely used by BitTorrent clients—and evaluate it on a testbed of 500 independent clients with social distances extracted from Facebook. We show that SocialSwarm can significantly reduce the average file distribution time, not only among socially connected peers, but also among other swarm participants.

In this paper, we shed light on the cross-layer interactions between the PHY, link and routing layers in networks with MIMO links operating in the diversity mode. Many previous studies assume an overly simplistic PHY layer model that does not sufficiently capture these interactions. We show that the use of simplistic models can in fact lead to misleading conclusions with regards to the higher layer performance with MIMO diversity. Towards understanding the impact of various PHY layer features on MIMO diversity, we begin with a simple but widely-used model and progressively incorporate these features to create new models. We examine the goodness of these models by comparing the simulated performance results with each, with measurements on an indoor 802.11n testbed. Our work reveals several interesting cross-layer dependencies that affect the gains due to MIMO diversity. In particular, we observe that relative to SISO links: (a) PHY layer gains due to MIMO diversity do not always carry over to the higher layers, (b) the use of other PHY layer features such as FEC codes significantly influence the gains due to MIMO diversity, and (c) the choice of the routing metric can impact the gains possible with MIMO.

This paper presents novel methodologies which allow robust secret key extraction from radio channel measurements which suffer from real-world non-reciprocities and a priori unknown fading statistics. These methodologies have low computational complexity, automatically adapt to differences in transmitter and receiver hardware, fading distribution and temporal correlations of the fading signal to produce secret keys with uncorrelated bits. Moreover, the introduced method produces secret key bits at a higher rate than has previously been reported. We validate the method using extensive measurements between TelosB wireless sensors.

We propose an approach where wireless devices, interested in establishing a secret key, sample the channel impulse response (CIR) space in a physical area to collect and combine uncorrelated CIR measurements to generate the secret key. We study the impact of mobility patterns in obtaining uncorrelated measurements. Using extensive measurements in both indoor and outdoor settings, we find that (i) when movement step size is larger than one foot the measured CIRs are mostly uncorrelated, and (ii) more diffusion in the mobility results in less correlation in the measured CIRs. We develop efficient mechanisms to encode CIRs and reconcile the differences in the bits extracted between the two devices. Our results show that our scheme generates very high entropy secret bits and that too at a high bit rate. The secret bits, that we generate using our approach, also pass the 8 randomness tests of the NIST test suite.

We explore the use of clock skew of a wireless local area network access point (AP) as its fingerprint to detect unauthorized APs quickly and accurately. The main goal behind using clock skews is to overcome one of the major limitations of existing solutions - the inability to effectively detect Medium Access Control (MAC) address spoofing. We calculate the clock skew of an AP from the IEEE 802.11 Time Synchronization Function (TSF) time stamps sent out in the beacon/probe response frames. We use two different methods for this purpose - one based on linear programming and the other based on least-square fit. We supplement these methods with a heuristic for differentiating original packets from those sent by the fake APs. We collect TSF time stamp data from several APs in three different residential settings. Using our measurement data as well as data obtained from a large conference setting, we find that clock skews remain consistent over time for the same AP but vary significantly across APs. Furthermore, we improve the resolution of received time stamp of the frames and show that with this enhancement, our methodology can find clock skews very quickly, using 50-100 packets in most of the cases. We also discuss and quantify the impact of various external factors including temperature variation, virtualization, clock source selection, and NTP synchronization on clock skews. Our results indicate that the use of clock skews appears to be an efficient and robust method for detecting fake APs in wireless local area networks.

Secret keys can be generated and shared between two wireless nodes by measuring and encoding radio channel characteristics without ever revealing the secret key to an eavesdropper at a third location. This paper addresses bit extraction, i.e., the extraction of secret key bits from noisy radio channel measurements at two nodes such that the two secret keys reliably agree. Problems include 1) nonsimultaneous directional measurements, 2) correlated bit streams, and 3) low bit rate of secret key generation. This paper introduces high-rate uncorrelated bit extraction (HRUBE), a framework for interpolating, transforming for decorrelation, and encoding channel measurements using a multibit adaptive quantization scheme which allows multiple bits per component. We present an analysis of the probability of bit disagreement in generated secret keys, and we use experimental data to demonstrate the HRUBE scheme and to quantify its experimental performance. As two examples, the implemented HRUBE system can achieve 22 bits per second at a bit disagreement rate of 2.2 percent, or 10 bits per second at a bit disagreement rate of 0.54 percent.

In this paper, to improve the performance of multi- hop wireless networks, we explore a cross layer multirate adap- tation scheme (we call it CROMA) that uses the phenomenon of physical capture at the physical layer for effectively distinguishing losses due to collisions from those due to channel-error. We first estimate the number of packets dropped due to collisions, at each node by counting the number of packets that are not successfully retrieved by physical capture. Next, using a simple algorithm, we assign this collision loss to neighboring sources of packets that might have generated the colliding packets. Using extensive ns- 2 simulations, we show that our multirate adaptation scheme consistently outperforms the existing schemes.

We evaluate the effectiveness of secret key extraction, for private communication between two wireless devices, from the received signal strength (RSS) variations on the wireless channel between the two devices. We use real world measurements of RSS in a variety of environments and settings. Our experimental results show that (i) in certain environments, due to lack of variations in the wireless channel, the extracted bits have very low entropy making these bits unsuitable for a secret key, (ii) an adversary can cause predictable key generation in these static environments, and (iii) in dynamic scenarios where the two devices are mobile, and/or where there is a significant movement in the environment, high entropy bits are obtained fairly quickly. Building on the strengths of existing secret key extraction approaches, we develop an environment adaptive secret key generation scheme that uses an adaptive lossy quantizer in conjunction with Cascade-based information reconciliation and privacy amplification. Our measurements show that our scheme, in comparison to the existing ones that we evaluate, performs the best in terms of generating high entropy bits at a high bit rate. The secret key bit streams generated by our scheme also pass the randomness tests of the NIST test suite that we conduct.

A radio channel-based location distinction system monitors physical layer measurements of received signals to detect if a transmitter has changed position since its previous transmission. This paper explores the design space for MIMO-based location distinction systems. Using extensive channel measurements collected with two different MIMO testbeds, we make several observations about the tradeoffs inherent in MIMO location distinction, and the scaling of performance with respect to bandwidth, history size and insertion delay, and number of antenna elements. We show that MIMO location distinction is very reliable. For example, a 2×2 MIMO channel with a bandwidth of 80 MHz allows a 64-fold reduction in miss rate over the single-input single-output (SISO) channel for a fixed false alarm rate, achieving false alarm rates as low as 4 × 10-4 for a 2.4 × 10-4 probability of missed detection.

In this paper, we conduct a systematic experimental study to identify the challenges for multirate adaptation in the context of multihop ad hoc networks. We first investigate the existing multirate adaptation algorithms to study how they operate in multihop ad hoc networks and obtain insights on the sources of their behavior. Second, we design and implement a novel multirate adaptation scheme, Reduced Packet Probing (RPP), that allows a sender node to effectively approximate channel-error loss in the presence of collisions. We find that our RPP scheme, implemented in the Emulab wireless mesh network, achieves 41%–53% higher TCP throughput in comparison to the default multirate adaptation scheme, SampleRate, in the Mad- Wifi IEEE 802.11 driver.

We explore the use of clock skew of a wireless local area network access point (AP) as its fingerprint to detect unauthorized APs quickly and accurately. The main goal behind using clock skews is to overcome one of the major limitations of existing solutions- the inability to effectively detect Medium Access Control (MAC) address spoofing. We calculate the clock skew of an AP from the IEEE 802.11 Time Synchronization Function (TSF) timestamps sent out in the beacon/probe response frames. We use two different methods for this purpose- one based on linear programming and the other based on least square fit. We supplement these methods with a heuristic for differentiating original packets from those sent by the fake APs. We collect TSF timestamp data from several APs in two different residential settings. Using our measurement data as well as data obtained from a large conference setting, we find that clock skews remain consistent over time for the same AP but vary significantly across APs. Furthermore, we improve the resolution of received timestamp of the frames and show that with this enhancement our methodology can find clock skews very quickly, using 50-100 packets in most of the cases. We also discuss and quantify the impact of various external factors including temperature variation, virtualization, and NTP synchronization on clock skews. Our results indicate that the use of clock skews appears to be an efficient and robust method for detecting fake APs in wireless local area networks.

Location distinction is the ability to determine when a device has changed its position. We explore the opportunity to use sophisticated PHY-layer measurements in wireless networking systems for location distinction. We first compare two existing location distinction methods - one based on channel gains of multi-tonal probes, and another on channel impulse response. Next, we combine the benefits of these two methods to develop a new link measurement that we call the complex temporal signature. We use a 2.4 GHz link measurement data set, obtained from CRAWDAD [10], to evaluate the three location distinction methods. We find that the complex temporal signature method performs significantly better compared to the existing methods. We also perform new measurements to understand and model the temporal behavior of link signatures over time. We integrate our model in our location distinction mechanism and significantly reduce the probability of false alarms due to temporal variations of link signatures.

We design a framework that implements security at the TCP layer to meet the necessity for a practical and truly end-to-end security solution. We call our framework TCPsec. TCPsec is a security extension to TCP and implemented in the kernel. Applications may use TCPsec through regular TCP sockets by setting special socket options. TCPsec uses a Secure Socket Layer (SSL)-like handshake to set up a secure session. It is interoperable with Network Address Translators. We implement TCPsec in the FreeBSD 4.7 kernel and evaluate its performance. Our implementation and evaluation show that TCPsec incurs only a modest overhead as compared to TCP and performs competitively with SSL. We also provide a formal verification of our protocol state machine.

We present a new distributed approach that establishes reputation-based trust among sensor nodes in order to identify malfunctioning and malicious sensor nodes and minimize their impact on applications. Our method adapts well to the special characteristics of wireless sensor networks, the most important being their resource limitations. Our methodology computes statistical trust and a confidence interval around the trust based on direct and indirect experiences of sensor node behavior. By considering the trust confidence interval, we are able to study the tradeoff between the tightness of the trust confidence interval with the resources used in collecting experiences. Furthermore, our approach allows dynamic scaling of redundancy levels based on the trust relationship between the nodes of a wireless sensor network. Using extensive simulations we demonstrate the benefits of our approach over an approach that uses static redundancy levels in terms of reduced energy consumption and longer life of the network. We also find that high confidence trust can be computed on each node with a relatively small memory overhead and used to determine the level of redundancy operations among nodes in the system.

Congestion caused by a large number of interacting TCP flows at a bottleneck network link is different from that caused by a lesser number of flows sending large amounts of data -the former would require cutting down the number of competing flows, while cutting down the data sending rate is sufficient for the latter. However, since existing congestion control schemes view congestion only from a packet-level perspective, they treat both to be the same, resulting in suboptimal performance. We propose two best effort, search-based, session (or flow) level congestion control strategies for the Internet, to complement existing packet-level congestion control schemes. Our strategies control the number of competing flows to optimize for the flow completion rate and the flow completion time. Furthermore, our session control mechanisms do not require any per- flow state or computation at the routers, make no assumption about input traffic characteristics and requirements, avoid starvation of new flows when existing flows do not leave the system, and do not require any end host TCP modifications. Using evaluations under a wide variety of static and varying traffic load conditions, we demonstrate the significant performance and fairness gains that our session control mechanisms provide.

The ability of a receiver to determine when a transmitter has changed location is important for energy conservation in wireless sensor networks, for physical security of radio-tagged objects, and for wireless network security in detection of replication attacks. In this paper, we propose using a measured temporal link signature to uniquely identify the link between a transmitter and a receiver. When the transmitter changes location, or if an attacker at a different location assumes the identity of the transmitter, the proposed link distinction algorithm reliably detects the change in the physical channel. This detection can be performed at a single receiver or collaboratively by multiple receivers. We record over 9,000 link signatures at different locations and over time to demonstrate that our method significantly increases the detection rate and reduces the false alarm rate, in comparison to existing methods.

To aid security in the Internet, we propose a new connection oriented architecture to restrict reachability in the Internet to only those end hosts that explicitly request it. We first describe the various components of our architecture. Next, using qualitative arguments, and some preliminary computations, we show the benefits of our architecture. We also present viable strategies for minimizing connection state at routers, and discuss relevant security issues.

Networked systems are often evaluated on overlay testbeds such as PlanetLab and emulation testbeds such as Emulab. Emulation testbeds give users great control over the host and network environments and offer easy reproducibility, but only artificial network conditions. Overlay testbeds provide real network conditions, but are not repeatable environments and provide less control over the experiment. We describe the motivation, design, and implementation of Flexlab, a new testbed with the strengths of both overlay and emulation testbeds. It enhances an emulation testbed by providing the ability to integrate a wide variety of network models, including those obtained from an overlay network. We present three models that demonstrate its usefulness, including "application-centric Internet modeling" that we specifically developed for Flexlab. Its key idea is to run the application within the emulation testbed and use its offered load to measure the overlay network. These measurements are used to shape the emulated network. Results indicate that for evaluation of applications running over Internet paths, Flexlab with this model can yield far more realistic results than either PlanetLab without resource reservations, or Emulab without topological information.

The authors propose to secure ad hoc networks against data injection attacks by placing firewall functionality at strategic locations in the ad hoc network. The authors first show that, given the locations of attackers and victims, the problem of placement of firewall functionality at a fixed number of ad hoc nodes while minimizing the impact of the data injection attack is identical to the k-coverage problem, this problem is known to be NP-hard. Then, the authors develop a near-optimal approximate algorithm for placing firewall functions. The authors also incorporate the loss behavior of wireless links in our algorithm. Next, the authors develop an architecture to determine the location of the attackers. Our architecture uses a separate control network (a cellular network in this paper) in conjunction with ad hoc networks to provide a provable attack detection mechanism. The authors evaluate our firewall placement algorithm for various topologies obtained from ns-2 simulations. Our results show that our algorithm can find near-optimal solutions. Based on a simple analysis and measurement results, the authors also find that the overhead of our provable attack detection mechanism is low.

Research prototypes of networked systems are often evaluated on overlay testbeds and emulation testbeds. Most of the strengths and weaknesses of these two types of testbeds are complementary. We outline the motivation, design, implementation, and sample results of an environment that seeks to provides the best of each type. Flexlab couples an emulation testbed with arbitrary network models. We also present a novel modeling technique tuned for this environment, application-centric Internet modeling. The key idea is to monitor the application’s offered network load within the emulation testbed, replicate that load on the overlay testbed, measure the path’s characteristics through analysis of the traffic, and use those to shape the emulated network.

We propose multi-class signaling overload control algorithms, for telecommunication switches, that are robust against different input traffic patterns and system upgrades. In order to appropriately measure the system load when several classes of signaling traffic are present, we first introduce the concept of equivalent system load measure that converts the multiple system measures associated with different classes of traffic into a single measure with respect to a pre-defined base class. We use this measure to develop three multi-class overload detection and measurement algorithms. Next, we develop a new algorithm for partitioning the allowable equivalent system load across multiple traffic classes, using a strict priority scheme. Using simulations of call flows from mobile telecommunications standards, we compare different multi-class overload algorithms under a variety of overload conditions. Our simulation results indicate that our algorithm that measures system load using a combination of request acceptance rate and processor occupancy provides highly reactive and robust overload control. Last, for the purpose of making the overload control algorithms more robust, we propose a measurement-based simple regression technique to dynamically estimate key system parameters. We find that estimates derived in this manner converge rapidly to their true values.

We identify two typical problems in WLAN hotspots that result in unbounded unfairness between upstream and downstream flows. The first unfairness problem arises due to the uniformity of the MAC layer protocol at the access point (AP) and user nodes that result in equal share to the AP and the user nodes but not to the individual flows. The second unfairness problem arises due to the inability of the physical layer to distinguish frame errors due to hidden terminal based collisions and frame errors due to poor signal strength. We present FairMAC, a deployable solution that addresses these unfairness problems without requiring a change to the 802.11 protocol. Thus, our solution is immediately deployable in the millions of currently operational hotspots. We evaluate the performance of our protocol using simulations and a prototype implementation. We show that FairMAC provides fair access to all the flows regardless whether they are originating at the AP or a host.

We present a new metric, Expected Data Rate (EDR), for accurately finding high-throughput paths in multi-hop ad hoc wireless networks. Our metric is based upon a new model for transmission interference which is a critical factor in determining path throughput. We construct a realistic and practical transmission interference model by (1) determining transmission contention degree of each link as a function of the wireless link loss, (2) quantifying the impact of the wireless link loss on medium access backoff, and (3) considering possible concurrent transmissions when two links do not interfere with each other. Our transmission interference model also takes the non-optimality of IEEE 802.11 medium access scheduling into account. Using extensive ns-2 simulations of IEEE 802.11 ad hoc networks, we find that EDR can accurately determine the achievable data rates of ad hoc paths, thereby significantly outperforming the other existing metrics.

Although multicast communication is well-suited to shared wireless links, receiver heterogeneity impedes the use of multicast in wireless networks. In this paper, we examine an approach that addresses the receiver heterogeneity problem in cellular multicast with the help of an additional IEEE 802.11 ad hoc network. The basic idea is to allow the cellular receivers experiencing poor channel conditions to use the ad hoc network to connect to those cellular receivers that are experiencing good cellular channel conditions. The good receivers (called proxies) relay multicast data to the poor receivers through the ad hoc network. We specifically consider the third generation cellular high data rate (HDR) broadcast/multicast services (BCMCS). We develop a new routing algorithm to find efficient ad hoc paths from the proxies to the cellular multicast receivers. Unlike existing algorithms (Luo et al. (2003)), our routing algorithm considers the effect of ad hoc path interference. Using simulations of an HDR BCMCS network in conjunction with an IEEE ad hoc network, we show that our algorithm improves the receiver goodput by up to 280% compared to that obtained without using ad hoc paths. We also show that our algorithm achieves up to 98% higher receiver goodput in comparison to the greedy algorithm proposed in Luo.