denial of service resilience in ad hoc networks (mobicom 2004) imad aad, jean-pierre hubaux, and...
DESCRIPTION
3 Introduction Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there attack and system factors that can lead to devastating effects? Related Work Securing Routing Protocols Usage of Multiple Routes Securing Packet Forwarding Identification of the Attacking NodesTRANSCRIPT
Denial of Service Resilience in Ad Hoc Networks (MobiCom 2004)Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly
November 21th, 2006Jinkyu Lee
2
Contents
• Introduction• DoS Attacks• Analytical Model• Assessment of Performance under DoS Attack• Conclusion
3
Introduction
• Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective?
• Or are there attack and system factors that can lead to devastating effects?
• Related WorkSecuring Routing Protocols
Usage of Multiple RoutesSecuring Packet Forwarding
Identification of the Attacking Nodes
4
Introduction
• Goal of the paper
– To quantify via analytical models and simulation experiments the damage that a successful attacker (using DoS attack) can have on the performance of an ad hoc network
5
DoS Attacks
• System Model– To ensure node authentication– To ensure message authentication– To ensure one identity per node– To prevent control plane misbehavior (query floods,
rushing attacks …)
6
DoS Attacks
• Jellyfish Attack
– Target• Closed-loop flows (such as TCP)
– Protocol compliance• To obey routing and forwarding protocol
specification– Malicious behaviors
• Reorder attack• Periodic dropping attack• Delay variance attack
7
DoS Attacks
• Impact of Jellyfish Reorder Attack
8
DoS Attacks
• Impact of Jellyfish Drop Attack
9
DoS Attacks
• Impact of Jellyfish Jitter Attack
10
DoS Attacks
• Black Hole Attacks
– Target• Flows that are not congestion
controlled– Protocol compliance
• To obey routing and forwarding protocol specification
– Malicious behaviors• To absorb all data packets
– Hard to detect
11
DoS Attacks
• Misbehavior Diagnosis – Fail!– Detection of MAC layer failure
• Cross-layer design in DSR– Passive acknowledgement (PACK)
• Watchdog– Layer 4 endpoint detection
• Hard to detect the malicious node
• Victim Response– To establish an alternate path– To employ multi-path routing– To establish backup routes
12
Analytical Model
• # of total nodes: N• # of Jellyfish or Black hole nodes: pN
13
Assessment of Performance under DoS Attack
• Methodology– System Fairness
– Number of Hops for Received Packets
– Total System Throughput
– Probability of interception
14
Assessment of Performance under DoS Attack
• Baseline– 200 nodes– 2000m X 2000m– Random movement (Max velocity: 10m/s, pausing for
10s on average)– IEEE 802.11 MAC (transmission range: 250m)– 100 nodes communicate with each other (50 flows)– Jellyfish nodes are placed in grid
15
Assessment of Performance under DoS Attack
• Distribution of the Number of Hops for Received Packets
16
Assessment of Performance under DoS Attack
• Fairness Index for the Baseline Case
17
Assessment of Performance under DoS Attack
• Average Number of Hops for Received Packets
18
Assessment of Performance under DoS Attack
• Offered Load and TCP
1234
3
2
14
1234
1
23
4
19
Assessment of Performance under DoS Attack
• Extensive Simulations
– Jellyfish Placement– Mobility– Node Density– System Size
20
Conclusion
• This is the first paper to quantify DoS effects on ad hoc networks– DoS increases capacity, but blocks long flows– DoS decreses fairness– Throughput is not enough to measure DoS impacts