Presentation is loading. Please wait.

Presentation is loading. Please wait.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao."— Presentation transcript:

1 Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao

2 Motivation Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there attack and system factors that can lead to devastating effects?

3 Outline Introduction and system model DoS attacks Analytical model Evaluation Related works Conclusion

4 Introduction to Ad hoc networks

5 System Model (1) Ensure node authentication Ensure message authentication Ensure one identity per node Prevent control plane misbehavior (query floods, rushing attacks)

6 System Model (2)

7 Outline Introduction and system model DoS attacks JellyFish Black holes Analytical model Evaluation Related works Conclusion

8 JellyFish Attack Protocol Compliance Protocols with congestion control such as TCP Just like any IP service, it can: Drop packets, Reorder packets, Delay / jitter packets But in a MALICIOUS way Detection and diagnosis are time consuming! Three attack ways JF Reorder Attack JF Periodic Dropping Attack JF Delay Variance Attack

9 JF Reorder Attack Facts TCP ’ s use of cumulative acknowledgements All such TCP variants assume that reordering events are rare Attack strategy deliver all packets, yet after placing them in a re-ordering buffer rather than a FIFO buffer.

10 Attack strategy

11 Impact of JF Reorder Attack

12 JF Periodic Dropping Attack Facts If losses occur periodically near the retransmission time out (RTO) timescale (in the 1s range as RTO is intended to address severe congestion), then end-to-end throughput is nearly zero Endpoint attack Attack strategy Periodic dropping attack in which attacking nodes drop all packets for a short duration (e.g., tens of ms) once per RTO Passive

13 Attack strategy

14 Impact of JF Periodic Dropping Attack

15 JF Delay Variance Attack High delay will cause TCP to send traffic in bursts due to “ self- clocking, ” leading to increased collisions and loss cause mis-estimations of available bandwidth for delay-based congestion control protocols such as TCP Westwood and Vegas, lead to an excessively high RTO value Attack strategy wait a random time before servicing each packet, maintaining FIFO order, but significantly increasing delay variance.

16 Attack strategy

17 Impact of JF Delay Variance Attack

18 Black Hole Attacks (1) Passive Forwards routing packets "Absorbs" all data packets Hard to detect

19 Black Hole Attacks (2)

20 Misbehavior Diagnosis Detection of MAC Layer Failure Cross-layer design in DSR Passive Acknowledgement (PACK) Watchdog Endpoint Detection If severe loss detected Can find the malicious guy?

21 PACK Energy Efficient Transmission: i cannot overhear j Directional Antennas: j pretends to i to forward to k Variable Power: j pretends to i to forward to k

22 Victim Response Establish an alternate path Employ multipath routing Establishment of backup routes

23 Outline Introduction and system model DoS attacks Analytical model Evaluation Related works Conclusion

24 Analytical Model N nodes and pN nodes are JF or Black Holes If the selected nodes represent a random sample of the N network nodes, then the path contains no attacking nodes with probability (1-p) h.

25 Theoretical Results (1)

26 Theoretical Results (2)

27 Outline Introduction and system model DoS attacks Analytical model Evaluation Related works Conclusion

28 Methodology System fairness Number of hops for received packets Total system throughput Probability of interception

29 Baseline 200 nodes move randomly in a 2000m × 2000m topology Maximum velocity of 10 m/s, pausing for 10 s on average. (Random Walk) IEEE 802.11 MAC with a node receive range of 250 m. 100 of these nodes communicate with each other to create 50 flows UDP packets are transmitted at a constant rate of 800 bits/s, corresponding to one 500 byte packet every 5 s. JF nodes are placed in grid

30 JF Placement

31 Distribution of the number of hops for received packets

32 Fairness

33 Average number of hops for received packets

34 Extensive simulations Offered Load and TCP JellyFish Placement Mobility Node Density System Size

35 Related Work Securing Routing Protocols Usage of Multiple Routes Securing Packet Forwarding

36 Conclusion TCP collapses with malicious Dropping, reordering, jitter... More generally, all closed-loop mechanisms are vulnerable to malicious tampering “ Protocol-compliance ” makes defense more problematic First paper to quantify DoS effects on ad-hoc networks: DoS increases capacity! BUT … Network gets partitioned Fairness decreases System throughput, alone, is not enough to measure DoS impacts

Download ppt "Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao."

Similar presentations

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Capacity of wireless ad-hoc networks By Kumar Manvendra October 31,2002.

Capacity of wireless ad-hoc networks By Kumar Manvendra October 31,2002.
Detecting MAC Layer Back-off Timer Violations in Mobile Ad Hoc Networks Venkata Nishanth Lolla, Lap Kong Law, Srikanth V. Krishnamurthy, Chinya Ravishankar,

Detecting MAC Layer Back-off Timer Violations in Mobile Ad Hoc Networks Venkata Nishanth Lolla, Lap Kong Law, Srikanth V. Krishnamurthy, Chinya Ravishankar,
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Denial of Service in Sensor Networks Szymon Olesiak.

Denial of Service in Sensor Networks Szymon Olesiak.
Queuing Network Models for Delay Analysis of Multihop Wireless Ad Hoc Networks Nabhendra Bisnik and Alhussein Abouzeid Rensselaer Polytechnic Institute.

Queuing Network Models for Delay Analysis of Multihop Wireless Ad Hoc Networks Nabhendra Bisnik and Alhussein Abouzeid Rensselaer Polytechnic Institute.
DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.

DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Congestion Control Created by M Bateman, A Ruddle & C Allison As part of the TCP View project.

Congestion Control Created by M Bateman, A Ruddle & C Allison As part of the TCP View project.
Priority Queuing Achieving Flow ‘Fairness’ in Wireless Networks Thomas Shen Prof. K.C. Wang SURE 2005.

Priority Queuing Achieving Flow ‘Fairness’ in Wireless Networks Thomas Shen Prof. K.C. Wang SURE 2005.
CS 495 Advanced Networking David R. Choffnes, Spring 2005 Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, Edward W. Knightly.

CS 495 Advanced Networking David R. Choffnes, Spring 2005 Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, Edward W. Knightly.
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June 17-19 2002.

Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.

NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.
6/3/2015 1 Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross-Layer Information Awareness CS495 – Spring 2005 Northwestern University.

6/3/ Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross-Layer Information Awareness CS495 – Spring 2005 Northwestern University.
An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.

An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.
Ad-Hoc Networking Course Instructor: Carlos Pomalaza-Ráez D. D. Perkins, H. D. Hughes, and C. B. Owen: ”Factors Affecting the Performance of Ad Hoc Networks”,

Ad-Hoc Networking Course Instructor: Carlos Pomalaza-Ráez D. D. Perkins, H. D. Hughes, and C. B. Owen: ”Factors Affecting the Performance of Ad Hoc Networks”,
Presented by Prasanth Kalakota & Ravi Katpelly

Presented by Prasanth Kalakota & Ravi Katpelly
© Manasa Resilience of Flooding Protocol – A Case Study EECS 801 Graduate Reading © 2008–Manasa K Aug 14 2008 Manasa K Department of Electrical Engineering.

© Manasa Resilience of Flooding Protocol – A Case Study EECS 801 Graduate Reading © 2008–Manasa K Aug Manasa K Department of Electrical Engineering.
NCKU CSIE CIAL1 Principles and Protocols for Power Control in Wireless Ad Hoc Networks Authors: Vikas Kawadia and P. R. Kumar Publisher: IEEE JOURNAL ON.

NCKU CSIE CIAL1 Principles and Protocols for Power Control in Wireless Ad Hoc Networks Authors: Vikas Kawadia and P. R. Kumar Publisher: IEEE JOURNAL ON.
The Impact of Multihop Wireless Channel on TCP Throughput and Loss Zhenghua Fu, Petros Zerfos, Haiyun Luo, Songwu Lu, Lixia Zhang, Mario Gerla INFOCOM2003,

The Impact of Multihop Wireless Channel on TCP Throughput and Loss Zhenghua Fu, Petros Zerfos, Haiyun Luo, Songwu Lu, Lixia Zhang, Mario Gerla INFOCOM2003,

Similar presentations

Ads by Google