Various malicious and selfish misdeeds against wireless networks have already been perpetrated. But as these networks are becoming ubiquitous, much worse is to be expected. In this talk, we will briefly address the future development of wireless networks. Focusing first on security, we will discuss secure neighbor discovery and location privacy. After a brief introduction to game theory, we will then address selfishness and (non-)cooperative behavior and discuss the so-called "Chimp-Bonobo cross-layer schizophrenia." Finally, we will describe the impact of non-cooperative behavior on security mechanisms. For that purpose, we will consider the case of revocation in high-mobility (or "ephemeral") networks.

Note: some of the material of this talk appears in the book Security and Cooperation in Wireless Networks by L. Buttyan and J.-P. Hubaux, Cambridge University Press, 2008, available at http://secowinet.epfl.ch.

In this talk we report on our recent research on jamming-resistant MAC protocols. I will present a very simple randomized algorithm called "AntiJam" that allows nodes to adapt their sending probabilities quickly. AntiJam avoids collisions due to interference, and achieves a high throughput despite a powerful, adaptive adversary jamming a large fraction of all time steps.

We first study the performance of AntiJam on completely connected graphs, and then present a variation of the protocol that is suitable for multi-hop networks modelled as Unit Disk graphs.

AntiJam is a joint work with Andrea Richa, Christian Scheideler, and Jin Zhang.

We consider a leader election problem in ad-hoc single hop radio sensor network with an adversary. The aim of the adversary is to be chosen as a leader. In many scenarios it can be a starting point for performing other attacks and taking control over the whole network. In our work we show that in typical and well-known algorithms it is not possible to avoid this threat, i.e. the adversary can always use such strategy, that the node under its control becomes a leader with high probability. This attack is efficient even if the adversary controls a very small number of nodes. Moreover, we show that it is not even possible in practice to detect such malicious behaviour. Our second contribution is a new leader election algorithm that provides, to some extent, immunity against these types of attack. We consider several realistic network models and we design appropriate methods for each of them. We also show that in some scenarios it is not possible to prevent the adversary from becoming the leader. We present also some ideas how to extend this approach to more complicated models.

This talk will review adversarial models relevant to wireless networks. Adversaries are personifications of the external world that either wants to use a network or disrupt its functionality. Benign adversaries control such aspects as injections of packets to be broadcast or asynchrony. More disruptive adversaries control crashes of nodes or jamming. Malicious adversaries play to undermine security or control Byzantine behavior of the nodes. We will review some of the recent work done on adversarial models that are located on the benign side of the spectrum.

Using k-Selection in Radio Networks as an example of unique-resource dispute among k unknown contenders, the conflict-resolution protocol presented in this paper shows that, for any sensible probability of error \eps, all of them get access to such resource in asymptotically optimal time (e+1+\ksi)k+O(log^2(1/\eps)), where \ksi > 0 is any constant arbitrarily close to 0. This protocol works under a model where not even an upper bound on k is known and conflicts can not be detected by all the contenders.

We study the complexity of broadcasting in single-hop radio networks by distributed protocols. The main communication constraint in single-hop radio networks is that concurrent transmissions result in a collision, preventing successful reception of the transmitted packets. Thus, at most one station can successfully transmit its packet in a round. Our goal is to minimize packet latency and the size of packet queues at each station. Packet injection is modeled using the concept of a leaky bucket adversary. The adversary is determined by injection rate and the number of packets that can be injected in one round. We consider a number of deterministic protocols and give upper bounds on their queue size and packet latency. We also show lower bounds on packet latency and queue size. Finally, we provide the results of simulations, in which we compare the performance of our protocols with theoretical result and the performance of randomized backoff protocols.

This talk will review some of the past work on detecting and tolerating Byzantine faults in wireless networks. The broadcast nature of the wireless networks provides both opportunities and challenges for protocol design, including protocols for Byzantine fault tolerance. The talk will address some of these issues.

The objective of this talk is to foster discussion on distributed system models for wireless ad-hoc networks with a particular focus in environments where nodes can be captured and controlled by a malicious adversary. The purpose is not only to obtain feedback on the ongoing research, but also to foster an open discussion on some of the future challenges that lie ahead of this line of research. The talk describes ongoing research on the suitability of the communication failure model for wireless ad-hoc networks. The appropriate context will be provided by presenting existing intrusion-tolerant agreement protocols, and comparing their performance in wireless environments to more traditional settings such as wired networks. From these results, it will be clear that the resource-constrained nature of wireless networks, both in terms of communication and computing power, imposes considerable performance penalties in existing intrusion-tolerant agreement protocols. This will give the motivation to discuss: (1) the specific characteristics of wireless networks that can be explored in order to improve the efficiency of such protocols; (2) how these characteristics led to the identification of the communication failure model as appropriate to wireless environments; (3) the limitations (i.e., impossibility results) associated to this model and the ways to circumvent them; (4) how to extend the communication failure model in order to accommodate Byzantine nodes, which represents the current state of research.

In this talk we will present the aims and the challenges of the S-Mobile project. The objective of S-Mobile is to create a framework and technological solutions for trusted deployment and execution of mobile applications in heterogeneous environments. While today the development of third party applications for mobile platforms (i.e. mobile phones, cars, etc.) is tightly controlled by single entities (i.e. telecom operators, mainly due to security risks), there is a need to open the software market of nomadic devices (from smart phones to PDA, from RFID systems to cars) to third party applications with a higher degree of assurance. S-Mobile will make this possible by extending the existing security model beyond the sandbox model and by integrating mechanisms for trust management and credentials negotiation. A licence-based security mechanism will lie at the core of the framework. A licence will be associated to each application stating in detail what are the capabilities needed to be executed. A licence is a fine-grained claim done by a mobile application regarding the interaction with relevant security and privacy features of a mobile platform. This licence should be published by applications, understood by devices and all stakeholders (users, mobile operators, developers, platform developers, etc.). The licence should be enforced at time of delivery and loading, and during execution of the application by the mobile platform. The resulting new paradigm will not replace, but enhance existing security mechanism, and will provide a flexible, simple and scalable security and privacy protection mechanism for future mobile systems. It will allow a network operator and a user to decide what an application is allowed to do, prevent bad code from running, and allow good code to be easily designed and deployed.