1 / 17

Cross-layer Analysis for detecting Wireless Misbehavior

Cross-layer Analysis for detecting Wireless Misbehavior. Anand Patwardhan Ph.D Candidate eBiquity Group Computer Science and Electrical Engineering Department. October 19, 2005. Securing MANETs. Security for resources Malicious behavior (Activity monitoring) Misuse (Resource protection)

thaddeus-cortez
Download Presentation

Cross-layer Analysis for detecting Wireless Misbehavior

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cross-layer Analysis for detecting Wireless Misbehavior Anand Patwardhan Ph.D Candidate eBiquity Group Computer Science and Electrical Engineering Department October 19, 2005

  2. Securing MANETs • Security for resources • Malicious behavior (Activity monitoring) • Misuse (Resource protection) • Response/recourse (Accountability) • Trust in other resources • Dependence on recommendations (Identities and Reputations) • Reliability of information

  3. Security Issues • Wireless communication • Short range (802.11, Bluetooth etc.) • Open medium • Identification and Authentication • PKI based solutions infeasible • No prior trust relationships • Routing • Based on dynamic cooperative peer relations • Key to survival of MANET • Device constraints • Power Conservation • Finite Storage • Computation power

  4. Intrusion Detection Challenges • Identity • Use SUCVs • Mobility, congestion, radio interference • False positives • Scalability • Large radio-ranges or dense networks • Aggregation of data • Communicate intrusions data to warn others

  5. B A dgram_in dgram_out C • Datagram dgram_in has: • Source IPv6 address, x  U – {B,C} • Destination IPv6 address, y  U – {B,C} • MAC source, mac(u), u  U – {B,C} • MAC destination, mac(B) • Corresponding dgram_out must have: • Source IPv6 address, x • Destination IPv6 address, y • MAC source, mac(B) • MAC destination, mac(u), u ε U – {B,C} Packet Forwarding

  6. { TCP Sequence no., TCP checksum } { RREQ, RREP, RERR } Build and Maintain Neighbor table (mac, ipv6) pairs And route status Update in-memory Hash table AODV TCP Packets that should be forwarded IPv6 Ethernet Frame From the packet capture library (pcap) Stateful Packet Monitoring

  7. Threats • MAC/PHY level attacks • RTS, CTS attacks – gain unfair share of bandwidth, disruption • Routing attacks • gray holes, black holes, worm holes … • Attacks on data traffic • Dropping, mangling or injecting data packets • Trustworthiness of resources, reliability of information • Identities, reputations, trust evolution

  8. MAC vulnerabilities • Wireless Misbehavior • MAC protocols have no inbuilt mechanism to prevent unfair contention resolution • Adversaries can: • gain unfair share of bandwidth • temporarily stall parts of the network, affect the routing process • Prevention • Misbehavior-resilient backoff for contention resolution • Challenges and shortcomings • Require core MAC protocol to be changed • Colluding adversaries can still subvert the scheme

  9. Related Work • Proposed approaches • Game theoretic models • Incentives for fair-sharing • Misbehavior resistant MAC contention • Drawbacks • Colluding adversaries can subvert these schemes • Require changing core MAC protocol • Inefficient • Cannot prevent jamming

  10. Sophisticated attacks • Classical attacks are easy to detect using thresholds • Packet dropping, mangling,misrouting etc. • To evade detection attacker must stay under the detection threshold (insignificant disruption) • However more sophisticated attacks are possible • Launching attacks at multiple levels, e.g. Combining RTS attacks and packet drops • Any single attack signature might not suffice for detection • Observations on a single layer in isolation will be inconclusive

  11. Intrusion Detection challenges • Classifying intrusions • Threshold based • False positives – mobility, environmental conditions, limited radio range, short period of observations • Increase accuracy and efficiency by • Incorporate factors like mobility, congestion and distance in classifying intrusions • Use signal strengths, response times to judge distance • Monitor media contention and incoming traffic to judge congestion

  12. Cross-layer Analysis Trust evolution, reputation management, recourse Intrusion Detection Application Commendations Accusations (to other devices) Packet dropping, Mangling, injection Transport Routing attacks, disruptions Link Unfair contention, Jamming MAC/PHY Response

  13. Neighbor table size

  14. True positives (no RTS attack)

  15. True positives (RTS attack)

  16. Goodput with RTS attacks

  17. References • Jim Parker et al., “Cross Layer Analysis for Detecting Wireless Misbehavior,” Proceedings of CCNC 2006 • Anand Patwardhan et al., "Active Collaborations for Trustworthy Data Management in Ad Hoc Networks", Proceedings of the 2nd IEEE International Conference on Mobile Ad-Hoc and Sensor Systems, November 2005 • Anand Patwardhan et al., "Secure Routing and Intrusion Detection in Ad Hoc Networks", Proceedings of the 3rd International Conference on Pervasive Computing and Communications, March 2005 • Jim Parker et al., "On Intrusion Detection in Mobile Ad Hoc Networks", 23rd IEEE International Performance Computing and Communications Conference -- Workshop on Information Assurance , April 2004

More Related