Off-campus UMass Amherst users: To download campus access dissertations, please use the following link to log into our proxy server with your UMass Amherst user name and password.

Non-UMass Amherst users: Please talk to your librarian about requesting this dissertation through interlibrary loan.

Dissertations that have an embargo placed on them will not be available to anyone until the embargo expires.

Author ORCID Identifier



Open Access Dissertation

Document Type


Degree Name

Doctor of Philosophy (PhD)

Degree Program

Computer Science

Year Degree Awarded


Month Degree Awarded


First Advisor

Jim Kurose

Second Advisor

Brian Neil Levine

Third Advisor

Arun Venkataramani

Fourth Advisor

Lixin Gao

Subject Categories

Information Security | OS and Networks


The Internet recently passed an historic inflection point, with the number of broadband wireless/mobile devices surpassing the number of wired PCs and servers connected to the Internet. Smartphones, laptops, tablets, machine-to-machine (M2M) devices, and other portable devices have penetrated our daily lives. According to Cisco, by 2018, wired devices will account for only 39% of IP traffic, with the remaining traffic produced by wireless/mobile devices. This proliferation of wireless/mobile devices is profoundly changing many of the characteristics of network applications, protocols, and operation, and posing fundamental challenges to the Internet architecture. In light of this new trend, this thesis focuses on forensic and mobility-management challenges in wireless/mobile network environments. The first half of this thesis addresses two network-forensic challenges that arise due to the broadcast nature of wireless communications. In the first network-forensic challenge, we develop a mechanism to detect anomalous forwarding behaviors such as packet dropping, and packet reordering, and to identify the source of forwarding-behavior attacks that can disrupt a wireless ad hoc network. Our mechanism employs witness nodes that can overhear transmissions made by nearby wireless network nodes. In the second challenge, we investigate a method for gathering network-based evidence, based on constraints imposed by current U.S. law, for remotely disambiguating a sender's network access type (wired versus wireless); such a technique could be used to determine that a sender is connected physically to a network inside a building. We discuss several factors that might affect our classification results and identify the scenarios in which residential network access type can be accurately determined. The second half of this thesis takes a more global and network-level point of view on mobility management and delves into a clean-state approach to designing a future Internet architecture that considers mobility as a first-order property. Before discussing architectural design issues, we present a measurement and modeling study of user transitioning among points of attachment to today's Internet. These transitions could result from a user's physical mobility or a stationary ``multi-homed" user's changing his/her devices or NICs. This research provides insights and implications regarding control-plane workload for a mobility-management architecture. Our measurement results to date show that users spend the majority of their time attached to a small number of networks, and that a surprisingly large number of users access two networks contemporaneously. In the last part of our thesis research, we design techniques for efficiently handling group mobility in the context of the MobilityFirst architecture; MobilityFirst uses flat, globally unique names, binding a flat name to its network location via a logically centralized name- and location-resolution server. Using the empirical model from our measurement study as well as more abstract models of group mobility, we evaluate our group mobility management techniques.