An On-demand Secure Routing Protocol Resilient to Byzantine Failures

Similar documents
An On-demand Secure Routing Protocol Resilient to Byzantine Failures. Routing: objective. Communication Vulnerabilities

On Demand secure routing protocol resilient to Byzantine failures

CERIAS Tech Report

On the Survivability of Routing Protocols in Ad Hoc Wireless Networks

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks

An On-Demand Secure Routing Protocol Resilient to Byzantine Failures

Enhanced Secure Routing Model for MANET

Secure Multi-Hop Infrastructure Access

Wireless Network Security Spring 2013

Secure and Efficient Routing Mechanism in Mobile Ad-Hoc Networks

A Mechanism for Detection of Gray Hole Attack in Mobile Ad Hoc Networks

Wormhole Attack in Wireless Ad-Hoc Networks

Secure Routing and Transmission Protocols for Ad Hoc Networks

Wireless Network Security Spring 2015

A SYMMETRIC TOKEN ROUTING FOR SECURED COMMUNICATION OF MANET

International Journal of Advance Research in Computer Science and Management Studies

Security in Ad Hoc Networks Attacks

DETECTION OF PACKET FORWARDING MISBEHAVIOR IN WIRELESS NETWORK

A Mechanism for Detection of Cooperative Black Hole Attack in Mobile Ad Hoc Networks

Lecture 13: Routing in multihop wireless networks. Mythili Vutukuru CS 653 Spring 2014 March 3, Monday

Channel Aware Detection based Network Layer Security in Wireless Mesh Networks

BISS: Building secure routing out of an Incomplete Set of Security associations

An On-Demand Byzantine-Resilient Secure Routing Protocol for Wireless Adhoc Networks

Secure Data Forwarding in Wireless Ad Hoc Networks

CERIAS Tech Report

LHAP: A Lightweight Hop-by-Hop Authentication Protocol For Ad-Hoc Networks

SECURE ROUTING PROTOCOLS IN AD HOC NETWORKS

Defenses against Wormhole Attack

Wormhole Attack in Wireless Ad Hoc Networks: Analysis and Countermeasure

hash chains to provide efficient secure solutions for DSDV [7].

Mitigating Routing Misbehavior in Mobile Ad Hoc Networks

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Detecting and Preventing Wormhole Attacks In Wireless Sensor Networks

An Improvement to Mobile Network using Data Mining Approach

Detecting Malicious Nodes For Secure Routing in MANETS Using Reputation Based Mechanism Santhosh Krishna B.V, Mrs.Vallikannu A.L

Toward Intrusion Tolerant Clouds

Security in Ad Hoc Networks *

HADOF: Defense Against Routing Disruptions in Mobile Ad Hoc Networks

On the Pitfalls of High-Throughput Multicast Metrics in Adversarial Wireless Mesh Networks

An Attacker Model for MANET Routing Security

Survey on Attacks in Routing Protocols In Mobile Ad-Hoc Network

Wireless Network Security Spring 2016

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks

[Nitnaware *, 5(11): November 2018] ISSN DOI /zenodo Impact Factor

SRPS: Secure Routing Protocol for Static Sensor Networks

Provably Secure Competitive Routing against Proactive Byzantine Adversaries via Reinforcement Learning

INNOVATIVE SCIENCE AND TECHNOLOGY PUBLICATIONS. Manuscript Title A PACKET DROPPING ATTACK DETECTION FOR WIRELESS AD HOC NETWORK USING KEY MANAGEMENT

Performance Investigation and Analysis of Secured MANET Routing Protocols

Security Issues In Mobile Ad hoc Network Routing Protocols

PerformanceEvaluation of AODV based on black hole attack in ad hoc network

NETLMM Security Threats on the MN-AR Interface draft-kempf-netlmm-threats-00.txt

Secure routing in ad hoc and sensor networks

Reputation-based System for Encouraging the Cooperation of Nodes in Mobile Ad Hoc Networks

Defense Against Packet Injection in Ad Hoc Networks

Sybil Attack In High Throughput Multicast Routing In Wireless Mesh Network

Secure Cooperative Mobile Ad Hoc Networks Against Injecting Traffic Attacks

Simulation and Analysis of Blackhole Attack in MANETs for Performance Evaluation

Detecting Misbehaving Node In Ad-Hoc Network By Audit Mechanism

Cooperative Routing in Mobile Ad-hoc Networks: Current Efforts Against Malice and Selfishness

Detection and Avoidance of Routing Attack in Mobile Ad-hoc Network using Intelligent Node

Detection of Malicious Nodes in Mobile Adhoc Network

A Pigeon Agents based Analytical Model to Optimize Communication in Delay Tolerant Network

Performance Analysis of DSR Routing Protocol With and Without the Presence of Various Attacks in MANET

An Optimized Inter-Router Authentication Scheme for Ad hoc Networks

Secure Routing for Mobile Ad-hoc Networks

PRIVACY AND TRUST-AWARE FRAMEWORK FOR SECURE ROUTING IN WIRELESS MESH NETWORKS

Packet Estimation with CBDS Approach to secure MANET

International Journal of Advance Engineering and Research Development

WAP: Wormhole Attack Prevention Algorithm in Mobile Ad Hoc Networks

A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks

Peer-to-peer Sender Authentication for . Vivek Pathak and Liviu Iftode Rutgers University

Secure On Demand Multicast Routing Protocol for Mobile Ad-Hoc Networks

A DISTRIBUTED APPROACH FOR DETECTING WORMHOLE ATTACK IN WIRELESS NETWORK CODING SYSTEM

Management Science Letters

ABSTRACT: INTRODUCTION:

Secure Routing Techniques to Mitigate Insider Attacks in Wireless Ad Hoc Networks

CERIAS Tech Report

Security for Structured Peer-to-peer Overlay Networks. Acknowledgement. Outline. By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818

International Journal of Advanced Research in Computer Science and Software Engineering

Comparing the Impact of Black Hole and Gray Hole Attacks in Mobile Adhoc Networks

International Journal of Scientific & Engineering Research Volume 9, Issue 4, April ISSN

CIS 5373 Systems Security

the Presence of Adversaries Sharon Goldberg David Xiao, Eran Tromer, Boaz Barak, Jennifer Rexford

Wormhole Attacks Detection in Wireless Ad Hoc Networks: A Statistical Analysis Approach

HMM Sequential Hypothesis Tests for Intrusion Detection in MANETs Extended Abstract

Configuring attack detection and prevention 1

Analysis of Attacks and Defense Mechanisms for QoS Signaling Protocols in MANETs

Prevention of Cooperative Black Hole Attack in Wireless Ad Hoc Networks

Distributed Deadlock

Wireless Network Security Spring 2016

Configuring Anomaly Detection

Enhance the Throughput of Wireless Network Using Multicast Routing

AODV Routing Protocol in MANET based on Cryptographic Authentication Method

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

Simulation-based Analysis of Security Exposures in Mobile Ad Hoc Networks

Defend Against Cache Consistency Attacks in Wireless Ad Hoc Networks

Wireless Network Security Spring 2015

Arvind Krishnamurthy Fall A source node s wants to send a packet to a destination node d through a network that might have Byzantine nodes

Multipath Routing Based Secure Data Transmission in Ad Hoc Networks

Transcription:

An On-demand Secure Routing Protocol Resilient to Byzantine Failures Baruch Awerbuch Johns Hopkins University Joint work with David Holmer, Cristina Nita-Rotaru, and Herbert Rubens Based on paper at WiSe2002

On-Demand vs. Proactive Routing On-Demand Security Concerns Source Authentication Caching presents adversarial opportunity Pro-active Harder to secure since pieces of information can not be traced back to a single source.

Communication Vulnerabilities Eavesdropping & Impersonation Denial of Service (DOS) Routing: (Hard Problem) Encrypt Data Authenticate Users Monitor traffic Localize damage Sweep under rug This talk s focus

Routing: objective s r If there is a fault- free path from source to receiver: - communication should proceed undisturbed - consumes minimal resources in the reliable component

Problem Description Source Destination Shortest Path Fault Free Path Trusted Node Correct Node Adversarial Node

Worm Holes Two attackers establish a path and tunnel packets from one to the other The worm hole turns many adversarial hops into one virtual hop creating shortcuts in the network This allows a group of adversaries to easily draw packets into a black hole Source Destination

Black hole attack Packets are simply dropped Adversaries can move thru the network Aggravated by wormhole attack Source Destination

Terminodes Related Work [Hubaux, Buttyan, Capkun 2001] Cornell [Zhou, Haas 1999] [Papadimitratos,, Haas 2002] Watchdog [Marti, Giuli,, Lai, Baker 2000] Wormhole Detection, SEAD, Ariadne [Hu, Perrig, Johnson 2002] University of Massachusetts [Dahill,, Levine, Shields, Royer 2002]

This talk: Unlimited # faults model Trust model Source and Destination are trusted Intermediate nodes are authenticated but not trusted Adversarial model Majority of colluding byzantine adversaries Focus on containment (not defeating) adversaries

Black Hole Attack Problem: Adversary may delete a packet How do we detect and avoid black holes? Reliable node may be blamed Detecting failing node: Consensus? X a b c X a b c

Impossibility of detection Can t tell who is the adversary a b c X a b X c This talk: avoid both endpoints of contentious link

This Talk: link reputation system Link Weight : reflection of performance statistics (doubled for each fault) Shortest paths w.r.t.. link weights avoid faulty area a b c d

Protocol Overview Route Discovery with Fault Avoidance Discovered Path Byzantine Fault Detection Weight List Link Weight Management Faulty Link

Route Discovery Phase Route Discovery with Fault Avoidance Discovered Path Byzantine Fault Detection Weight List Link Weight Management Faulty Link

Route Discovery On-demand protocol Finds a least weight path Request flood Request includes weight list and signature Signature verified at every hop Prevents un-authorized route requests Request Response

Flood Blocking Flood Blocking Attack Adversary propagates a false short path Intermediate nodes do not forward inferior valid path information Source ignores the false path No path is established Path must be verified at intermediate nodes

Route Discovery (cont.) Response flood Prevents response block attack Path and weight accumulated hop by hop Appends signature to response Only lower cost updates are re-broadcast Every hops verifies the entire path Prevents flood blocking attack Path is not guaranteed to be fault free Some path is always established

Fault Detection Phase Route Discovery with Fault Avoidance Discovered Path Byzantine Fault Detection Weight List Link Weight Management Faulty Link

Fault Detection Strategy Probing technique using authenticated acknowledgements Naïve probing technique Too much overhead per data packet!

Secure Adaptive Probing Source Destination Success Fault 1 Fault 2 Fault 3 Fault 4 Binary search = identified in log n faults Trusted Node Intermediate Node Successful Probe Failed Probe Successful Interval Faulty Interval

Probes Probe & Ack Properties Inseparable from data - listed on all packets Integrity checked at each probe - HMAC Enforces path order - onion encrypted list Acks Authenticated - HMAC Single combined ack packet - individual acks added at each probe point & onion encrypted Adversary can t drop selective acks Staggered timeouts - restarts ack packet A A node can t incriminate any link but its own

Probe & Ack Specification Probes List of probes attached to every packet Each probe is specified by an HMAC Probes listed in path order Remainder of probe list is onion encrypted Ack Authentication via HMAC Collected and onion encrypted at each probe point

Fault Definition Fault Identification Packet loss rate violates a fixed threshold Excessive delay also causes packet loss Identifies faulty links regardless of reason Malicious behavior Adverse network behavior Congestion Intermittent connectivity

Link Weight Management Phase Route Discovery with Fault Avoidance Discovered Path Byzantine Fault Detection Weight List Link Weight Management Faulty Link

Link Weight Management Maintains a weight list of identified links Faulty links have their weight doubled Resets link weights Timed by successful transmissions Bounds average loss rate Network is never partitioned

Analysis Network of n nodes of which k are adversaries Assume a fault free path exists + q ρ q b kn log 2 n Protocol bounds the number of packets lost communicating with the destination

Conclusion On-demand routing protocol resilient to colluding byzantine attackers Adaptive probing identifies a faulty link in log n faults Bounded long term loss rate Bounded total losses beyond long term rate

Future Work Investigate more sophisticated fault detection Adaptive threshold Probabilistic scheme Route caching Simulation and implementation

Funding by Questions? Johns Hopkins Information Security Institute DARPA www.cnds.jhu.edu/archipelago/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback