Presentation on theme: "Detecting MAC Layer Back-off Timer Violations in Mobile Ad Hoc Networks Venkata Nishanth Lolla, Lap Kong Law, Srikanth V. Krishnamurthy, Chinya Ravishankar,"— Presentation transcript:
Detecting MAC Layer Back-off Timer Violations in Mobile Ad Hoc Networks Venkata Nishanth Lolla, Lap Kong Law, Srikanth V. Krishnamurthy, Chinya Ravishankar, and Dharmaiah Manjunath Dept. of Computer Science & Engineering, UC Riverside Dept. of Electrical Engineering, Indian Institute of Technology - Mumbai ICDCS 2006
Problem Malicious nodes can cause a denial of service attack by simply manipulating the back-off timers prior to a transmission. –By not adhering to the IEEE 802.11 standard. –By choosing a small/constant back-off interval prior to a transmission. Consequences: –Misbehaving nodes can gain an unfair advantage by acquiring the wireless channel more often. –Causing bandwidth starvation of the well-behaved nodes.
Motivation The lack of centralized arbiter (such as an access point) makes it hard to detect timer violations. Can we design a distributed framework to –discourage such attacks and, –detect such attacks and identify the misbehaving attackers?
Contributions We propose a combination of deterministic and statistical methods that facilitate our objectives. Only involve minor changes to the 802.11 standard. Our performance evaluations shows that with our methods, it is possible to detect a malicious node with a probability close to one. Furthermore, the probability of false alarms (wrongly classifying a node as a misbehaving node) is lower than 1%.
Roadmap The System Model Our Proposed Framework Simulation Results Conclusions
System Model Using Verifiable Back-off timers –Use a deterministic/known sequence of back-off values that each node has to follow. –Each node announces the state of its pseudo-random sequence generator in the RTS messages. Each node is aware of the back-off timers used by its neighbors. Making Sense of the Uncertainty in System State –Due to the interference effects, a node may not be able to deterministically ascertain the legitimacy of the back-off patterns of a neighbor. –Therefore, it estimates the probability of the neighbor’s misbehavior statistically based on observed patterns.
Estimating the system state of neighbors Goal: To allow a monitoring node to estimate the back-off timers used by its neighbors. Example: Let’s node R be monitoring node S –R wants to determine if S is misbehaving -- how? –R will estimate the system state of S and compare it with the value announced by S. System state: The number of idle (I) / busy (B) slots of the monitored node (i.e., node S) in a period of N observed slots. R can approximately estimate the number of idle (I est ) and busy (B est ) slots observed by S: Prob(S senses idle | R senses idle) Prob(S senses idle | R senses busy)
Determining P I/I and P I/B analytically Assumptions: –Only the interference effects within a two-hop neighborhood are considered. –Nodes are uniformly distributed. –The steady state load experienced by all nodes within the two hops radius are identical. (Due to the fairly large interference radius) –Node is aware of the position of its neighbors. The areas of A2, A3, A4 and A5 can be easily computed. The area A1 can be estimated by assuming a minimum overlap between S S and S R. Sx: sensing range of node x Tx: transmission range of node x n nodes k nodes Node R is monitoring node S
Determining P I/I Deriving P B/I : Prob(S senses busy | R senses idle) –For R to sense idle No transmission can occur in A3, A4 and A5 However, transmissions can occur in A1 A2 –For S to sense busy Transmissions can only occur in A2 n nodes k nodes Probability that at least one node transmits in A1 A2. Probability that the transmission occurs in A2.
Determining P I/B Deriving P I/B : Prob(S senses idle | R senses busy) –For S to sense idle No transmission can occur in A2, A3 and A4 However, transmissions can occur in A1 and A5 –For R to sense busy Transmissions can only occur in A5 Probability that transmissions occur in A5. Probability that S senses the channel to be idle. n nodes k nodes
Our proposed framework Let us call the node being monitored the tagged node. Overview of the approach: The monitoring node obtains the pseudo-random sequence generator announced by the tagged node. The monitoring node can compare the expected back-off times of the tagged node and the announced back-off times. In some cases, the monitoring node cannot deterministically determine if the tagged node is misbehaving (due to interference). Therefore, the monitoring node uses a hypothesis test (Wilcoxon rank sum test) based on the estimation of P I/I and P I/B, to determine if the tagged node is misbehaving.
Details of the proposed framework The seed of the pseudo-random number generator (PRNG) –The MAC address of the node. Simple modification to the RTS message –SeqOff#: The offset to the PRNG. Increment by one upon each transmission. –Attempt#: The number of retransmission attempts. –MD: The message digest of the DATA packet. To prevent nodes from cheating on the Attempt#. The wilcoxon rank sum test –Two populations: “x” be the sequential population of the dictated sequence of the back-off timers; “y” be the sequential population of the estimated sequence of the back-off timers. –Use the rank sum test to compute the significance probability p of the two populations. –If p is small, the tagged node is likely to be malicious.
Simulation Set up NS-2 simulator with extension of our framework. Shadow channel fading model is considered. Poisson and CBR traffic. Grid and Random topologies. Static and Mobility scenarios. Parameters of interest: –Traffic intensity –Percentage of Misbehavior (PM) Metrics of interest: –Probability of correct diagnosis.
Analysis v.s. Simulation: on P I/B and P B/I Two scenarios: –Grid topology with Poisson traffic –Random topology with CBR traffic Monitoring and tagged nodes are one-hop away and are placed at the center of the simulation area. All nodes are well behaved. The analysis results match with the simulation results. –Justify the assumptions that we made earlier Poisson traffic, Grid topology CBR traffic, Random topology
Probability of correct diagnosis Percentage of misbehavior (PM) of m% means a malicious node transmits a packet after counting down to (100-m)% of the dictated back-off value. The probability of detecting misbehavior is close to one when the PM is large and the sample size is large. In scenario with mobility, a larger number samples is required for convergence as compared to the case with no mobility. Static grid topology With mobility
Probability of misdiagnosis The misdiagnosis probability is very low (<0.01) even when the sample size is 10. The misdiagnosis probability decreases drastically when the sample size is increased. With smaller load, the misdiagnosis probability is usually higher. This is because a longer time is needed to detect misbehavior. Static grid scenario Mobility scenario, Load=0.6
Conclusions In this work, we focus on the problem of detecting back- off timer violations with the IEEE 802.11 MAC. We propose a framework that is based on a combination of deterministic and statistical methods to discern timer violations by neighboring nodes. Our extensive simulations show that our protocol can provide accurate assessments of the node misbehavior within short periods and with extremely low probability of false alarms.