Download Low-Power DoS Attacks in Data Wireless LANs and Countermeasures

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
Document related concepts

Policies promoting wireless broadband in the United States wikipedia , lookup

Internet protocol suite wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Computer network wikipedia , lookup

RapidIO wikipedia , lookup

Network tap wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

Wireless security wikipedia , lookup

CAN bus wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Airborne Networking wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

IEEE 1355 wikipedia , lookup

Deep packet inspection wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Transcript 
Scalable Robust and Secure
Heterogeneous Wireless Networks
Guevara Noubir
College of Computer Science
Northeastern University, Boston, MA
[email protected]
1
The Heterogeneous Future of Wireless
Networks

Ambient intelligence aware of people’s presence, needs, and context

Ubiquitous computing: maintain seamless access to data and services

Nature and man-made disaster: require adequate operational modes




Safety services: better quality of life for elderly and disabled people
The need for the enabling technology

Limitations of current wireless technology:




No integration, QoS, seamless adaptivity, single-hop, limited data rates, battery life
Major issues: scalability, robustness, security
We need novel approaches!
As these applications become more ubiquitous new threats will appear:


Fast recovery through reconfiguration and prioritization of services
Resiliency to denial of service attack
Amplified by: untracability, limited resources (energy and computation power)
Talk focus on networking aspects
2
Outline

Characteristics of heterogeneous wireless networks

Some security aspects heterogeneous wireless networks



Some novel approaches to scalability and robustness




Physical, layer/link, and multi-layer attacks
Multicasting
Cross-layer design
Accumulative Relaying
Universal Network Structures
Conclusion
3
Characteristics








Limited radio spectrum
Shared Medium (collisions)
Limited energy available at the nodes
Limited computation power
Limited storage memory
Unreliable network connectivity
Dynamic topology
Need to enforce fairness
4
Flexibility








Use of various coding/modulation schemes
Use of various transmission power level
Use of multiple RF interfaces
Use of multi-hop relaying
Clustering and backbone formation
Planning of the fixed nodes location
Packets scheduling schemes
Application adaptivity
5
Multihop Heterogeneous Paths
Resource Efficient Paths:
Multirate, Power-Controlled, Contention and Mobility Aware
Cooperating paths:
Distributed MIMO, Accumulative Relaying
Internet
Access Points
Mobile Nodes
Sensor Nodes
Universal Network Design:
Universal Sensors Steiner Tree
Robust Distributed Compression:
Generalized Slepian-Wolf
Cross-layer power controlled MAC
6
Multilayer DoS in Wireless Networks

Physical layer


MAC layer


Jamming of control traffic and mechanisms
Network layer


Smart multilayer aware jammers
Malicious injection/disruption of routing information
Transport layer

Exploiting weaknesses in congestion control
mechanisms
7
Physical Layer Jamming

Leads to:



Network partition
Forcing packets to be routed over chosen paths
Low-Power: cyber-mines
8
Low-Power Physical Layer Jamming

Jamming effort:


IP packet:


Jamming duration/packet duration
1500 bytes = 12000 bits
Uncoded packet:

Jamming effort in the order of 10-4
9
Jamming IEEE802.11 and 802.11b
Modulation/coding
Rate
Packet length
IP packet
Number of bits
needed to jam
Jamming
Efficiency
BPSK
1500*8
1
12000
QPSK
1500*8
2
6000
CCK (5.5Mbps)
1500*8
4
3000
CCK (11Mbps)
1500*8
8
1500
10
Jamming Encoded Data Packets
Link Architecture
Jamming Unreliable
Communication
Jamming ECC Protected
Communication
UDP
UDP
EDP
…
Jamming Interleaved ECC
Protected Communication
UDP
EDP
IDP
JP
JP
JP
>dmin-1/2
UDP: Uncoded Data Packet
JP: Jamming Packet
EDP: Encoded Data Packet
in l codewords
RP: Received Packet
IDP: Interleaved Data Packet
DDP: De-Interleaved Packet
RP
DDP
P
dmin: code minimum
Hamming distace
>dmin-1/2 errors within
a single codeword
11
Traditional Anti-Jamming Techniques
Focus on bit-level
2
P
G
G
R
J
j
jr rj tr Lr B r

S Pt Gtr Grt R 2jr L j B j
Pj:
Gjr:
Grj:
Rtr:
Lr:
Br:

Pt:
Gtr:
Grt:
Rjr:
Lj:
Bj:
transmitter power
antenna gain from transmitter to receiver
antenna gain from receiver to transmitter
distance from jammer to receiver
jammer signal loss
jamming transmitter bandwidth
Spread-Spectrum in military provides:


jammer power
antenna gain from jammer to receiver
antenna gain from receiver to jammer
distance from transmitter to receiver
communication signal loss
communications receiver bandwidth
20-30dB processing gain
Low-power jamming requires:

40dB!
12
Mitigating Physical Layer DoS

Physical Layer:



Link Layer:


Spread-Spectrum
Directional Antennas
Cryptographic Interleaver + Efficient Coding
Routing:


Jamming-free paths
Use of Mobility
13
Proposed Solution for Link Layer
Cryptographic Interleaving
+
Efficient Adaptive Error Correction

For Binary Modulation:


Cryptographic interleaving transforms the
channel into a Binary Symmetric Channel
Capacity of BSC (Shannon):
C  1  H ( p)
C  1  p log 2 ( p )  (1  p) log 2 (1  p)
14
Practical Codes

Low Density Parity Codes:


Very Close to Shannon’s Bound
Best for long packets:

E.g., 16000 bits
Jamming Effort

Code Rate
Shannon Limit
8%
0.5
0.598
Code
Throughput
0.5
17.4%
0.25
0.333
0.25
Non-binary modulation e.g., IEEE802.11b (CCK): transmits 8 bits




Use a Reed-Solomon code with symbols of 8 bits
Maximum length: 256 bytes
Data: k  256bytes
Tolerates: (256-k)/2 errors
15
Conclusion on Physical Layer DoS

Existing Wireless Data Networks are easy targets of physical layer jamming

High transmission power, and spread-spectrum are not enough

Jammer effort in the order of 10-4 for an IP packet

Traditional anti-jamming focuses on bit protection

Cryptographic interleaving and Error Control Codes provide much better
resiliency to Jamming

Additional technique that derive from the J/S ratio: directional antennas

Need adaptivity and careful integration within the network stack
16
Link/MAC Layer DoS

Attack Control Traffic



RACH/Grant CH/BCCH channels in cellular
Authentication (e.g., sending deauth message)
MAC Mechanisms of IEEE802.11:

Reservation:




Backoff:


RTS/CTS are short packets: require less energy to be jammed
NAV: malicious nodes can force nodes to wait for long durations
EIFS: a single pulse every EIFS at high power
Backoff allows an attacker to spend less energy when Jamming
Selecting attacks on MAC/IP addresses
17
DoS on Routing

Malicious nodes can attack control traffic:




Attack goals: disruption or resource consumption
Techniques:









Jamming
Inject wrong information
Black hole: force all packets to go through an adversary node
Rooting loop: force packets to loop and consume bandwidth and
energy
Gray hole: drop some packets (e.g., data but not control)
Detours: force sub-optimal paths
Wormhole: use a tunnel between two attacking nodes
Rushing attack: drop subsequent legitimate RREQ
Inject extra traffic: consume energy and bandwidth
Blackmailing: ruining the routing reputation of a node
Proposed secure routing protocols are still not practical
18
DoS on Transport Layer

Transport layer should be able to differentiate
between:

Congestion



Wireless link packets loss



Due to traffic pattern change: new sessions
Requires source rate reduction
Due to mobility and interference
Requires modulation/coding/power/path change
Malicious nodes


Selective jamming and disruptions
Requires isolation of malicious nodes and dead areas
19

Protection against DoS in wireless
networks requires a careful cross-layer
design
20
Secure Multicasting
[with Kaya, Lin, Qian – Funded by Draper]

Goal:



Secure multicast applications:





Communication over a multihop wireless ad hoc network
Limited computation power, and energy
Services:


Secure remote tracking of mobiles
Sharing sensed data
Military: Data/Video streaming from UAV, multicasting of command decisions
Specificity:


Securely and efficiently acquire and disseminate time varying information
Example: location information
Authentication, integrity, confidentiality, revocation, group key management
Approach:

Overlay network of mobile nodes build secure multicast tree
21
Prototype Application
iPAQ PDA
Pharos Compact Flash GPS
IEEE 802.11 PCMCIA card
22
Ad Hoc vs. Wired Multicast

Wireless:



Mobility:



Higher packet loss
Necessity of frequent discovery of paths
Multihop:



Unreliable links
Loss of a packet results in node exclusion and necessity for new
join request
Cost of multicast depends on number of hops
Major factor because of radio resources scarcity
Ad hoc:


Limited computation: nodes cannot manage large groups
Active nodes
23
Group Management
1
2
5
3
4
9
6
7
10
8
11
12
x
13
Source
y Group member
24
Issues and Results

Efficient tree construction and maintenance

Under mobility greedy algorithms can be very good



Public key encryption is costly:


Close to optimal trees O(log n) in theory but in practice 1.5
approximation
Minimize broadcast cost and tree maintenance
Memory can be traded with computation
Revocation in an infrastructure-less environment
25
Novel Approaches to Scalability and
Robustness

Scalability to large networks with limited
resources requires novel techniques


Make use of specificity of the environment
Use techniques from a combination of fields:



Graph theory, linear programming, network flow
Information theory, coding theory
Accurate simulation and modeling tools

Accumulative relaying

Universal network design
26
Accumulative Power Relaying
[with Chen, Jia, Liu, Sundaram]
B
G
A

C
Reliable reception
Partial reception
Problem:

Determine a feasible schedule [(N1, P1), …, (Nk, Pk)] that
minimizes total energy consumption
27
Accumulative Power Relaying
[with Chen, Jia, Liu, Sundaram]
B
G
A

C
Reliable reception
Partial reception
Problem:

Determine a feasible schedule [(N1, P1), …, (Nk, Pk)] that
minimizes total energy consumption
28
Accumulative Relaying


Very similar to the relay problem in information
theory and still open in it’s general form
Simpler than the general relay problem:




Every energy optimal sequence can be transformed
into a canonical form called wavepath
In a wavepath each node in the sequence activates
its next hop neighbor and only its next hop neighbor
Finding a minimum energy wavepath is still NP-hard
for arbitrary networks
Heuristic for building a wavepath can achieve more
than 40% energy saving on a Euclidian plane
29
Universal Multicast Tree
[with Jia, Lin, Rajaraman, Sundaram]

Problem:




Given a graph G (V, E), n nodes, and a root/sink
Build a tree T such that for all subgroups T leads to a low weight
tree for all subgroups (through pruning)
CostT ( S )
}
i.e., build T that minimizes the stretch Max{
S V
OPT ( S )
Applications:




Environment: sensor network where routing is difficult
Dissemination: efficient multicasting to dynamic groups
Aggregation from changing groups
Distributed queries
30
Universal Tree for the Euclidian Space

Results:


Polynomial time algorithm to build a universal tree
with stretch O(log k) [where k is the size of the
selected subgroup]
Hardness result: no algorithm can build a tree with
stretch lower O(log n/loglog n)
31
Universal Structures

Other results:



Algorithm for a universal tree for non-Euclidian
metrics with poly-logarithmic stretch
Poly-logarithmic stretch for the universal Traveler
Salesman Problem
Extensions:



Universal tree for energy cost
Universal tree for planar, range limited wireless
communication
Fault-tolerant network structures
32
Conclusion

We live in an exciting era:




Wireless physical layer is capable of providing high
data rates
Software flexibility
Computation power
This provides the building blocks to enable
ubiquitous networking



Creates new threats
Need smart adaptive control of the physical layer
Need to deal with security and robustness in a
scalable way
33
Universal Tree for the Euclidian Space

Results:



Polynomial time algorithm to build a universal tree with stretch
O(log k) [where k is the size of selected subgroup]
Hardness result: no algorithm can build a tree with stretch lower
O(log n/loglog n)
Definition:

Level i of v: Liv = {u: 2i-1 < d(u, v) 2i}
L4r

Algorithm:


L3r
Divide V –{r} into L1r, L2r, …, LlogDr,
Run A(Lir, r) in parallel
34

Algorithm A(U, r)

L = {r}

Repeat




For every uU, let Iu denote the level of u to its nearest
neighbor in L;
Let I = max {Iu : u U}
Let H = {u U : Iu = I}
Let H’  H s.t.




u, v H’ d(u,v)  2I-1,
u H\H’ v H’ s.t. d(u,v) < 2I-1
u H’ output edge (u, nearest-neighbor(u))
L = L  H’; U = U\H’;
Until no edge output;
35
Universal Tree Algorithm
H
H’
36
Universal Tree Algorithm
H
H’
37
Universal Tree Algorithm
H
H’
38
Universal Tree Algorithm
H
H’
39
Related documents
Foundations of Networking Networking CS 3470, Section 1 Sarah Diesburg
Foundations of Networking Networking CS 3470, Section 1 Sarah Diesburg
MEDIA MODULE ACTIVITY
MEDIA MODULE ACTIVITY
Web
Web
networking - Department of Computer Engineering
networking - Department of Computer Engineering
Networks
Networks
Impact of Computers on Society
Impact of Computers on Society
Network Configurations - Super Substitute Teachers
Network Configurations - Super Substitute Teachers
Network Traffic Measurement and Modeling
Network Traffic Measurement and Modeling
15.1 Networking
15.1 Networking
A Survey of Energy efficient Network Protocols for Wireless Networks
A Survey of Energy efficient Network Protocols for Wireless Networks
Lecture8
Lecture8
IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p-ISSN: 2278-8727 PP 00-00 www.iosrjournals.org
IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p-ISSN: 2278-8727 PP 00-00 www.iosrjournals.org