denial of service resilience in ad hoc networks (mobicom 2004) imad aad, jean-pierre hubaux, and...

Denial of Service Resilience in Ad Hoc Networks (MobiCom 2004)Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly

November 21th, 2006Jinkyu Lee

2

Contents

• Introduction• DoS Attacks• Analytical Model• Assessment of Performance under DoS Attack• Conclusion

3

Introduction

• Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective?

• Or are there attack and system factors that can lead to devastating effects?

• Related WorkSecuring Routing Protocols

Usage of Multiple RoutesSecuring Packet Forwarding

Identification of the Attacking Nodes

4

Introduction

• Goal of the paper

– To quantify via analytical models and simulation experiments the damage that a successful attacker (using DoS attack) can have on the performance of an ad hoc network

5

DoS Attacks

• System Model– To ensure node authentication– To ensure message authentication– To ensure one identity per node– To prevent control plane misbehavior (query floods,

rushing attacks …)

6

DoS Attacks

• Jellyfish Attack

– Target• Closed-loop flows (such as TCP)

– Protocol compliance• To obey routing and forwarding protocol

specification– Malicious behaviors

• Reorder attack• Periodic dropping attack• Delay variance attack

7

DoS Attacks

• Impact of Jellyfish Reorder Attack

8

DoS Attacks

• Impact of Jellyfish Drop Attack

9

DoS Attacks

• Impact of Jellyfish Jitter Attack

10

DoS Attacks

• Black Hole Attacks

– Target• Flows that are not congestion

controlled– Protocol compliance

• To obey routing and forwarding protocol specification

– Malicious behaviors• To absorb all data packets

– Hard to detect

11

DoS Attacks

• Misbehavior Diagnosis – Fail!– Detection of MAC layer failure

• Cross-layer design in DSR– Passive acknowledgement (PACK)

• Watchdog– Layer 4 endpoint detection

• Hard to detect the malicious node

• Victim Response– To establish an alternate path– To employ multi-path routing– To establish backup routes

12

Analytical Model

• # of total nodes: N• # of Jellyfish or Black hole nodes: pN

13

Assessment of Performance under DoS Attack

• Methodology– System Fairness

– Number of Hops for Received Packets

– Total System Throughput

– Probability of interception

14

Assessment of Performance under DoS Attack

• Baseline– 200 nodes– 2000m X 2000m– Random movement (Max velocity: 10m/s, pausing for

10s on average)– IEEE 802.11 MAC (transmission range: 250m)– 100 nodes communicate with each other (50 flows)– Jellyfish nodes are placed in grid

15

Assessment of Performance under DoS Attack

• Distribution of the Number of Hops for Received Packets

16

Assessment of Performance under DoS Attack

• Fairness Index for the Baseline Case

17

Assessment of Performance under DoS Attack

• Average Number of Hops for Received Packets

18

Assessment of Performance under DoS Attack

• Offered Load and TCP

1234

3

2

14

1234

1

23

4

19

Assessment of Performance under DoS Attack

• Extensive Simulations

– Jellyfish Placement– Mobility– Node Density– System Size

20

Conclusion

• This is the first paper to quantify DoS effects on ad hoc networks– DoS increases capacity, but blocks long flows– DoS decreses fairness– Throughput is not enough to measure DoS impacts