UConn CSE 5300 - Denial of Service Resilience in Ad Hoc Networks

Unformatted text preview:

Denial of Service Resilience in Ad Hoc NetworksOutlineThe war on protocol designDenial of ServiceJellyFish and Black HolesSystem model assumptionsJellyFish Reorder Attack (1/2)JellyFish Reorder Attack (2/2)JellyFish Periodic Dropping AttackJellyFish Delay Variance AttackImpact of JF-reorder on throughputJF-drop effect on throughputJF-jitter effect on throughputBlack HolesDiagnosing Misbehavior Detection of MAC Layer Failure (1)Diagnosing Misbehavior Passive Acknowledgement (2)Slide 17Slide 18Diagnosing Misbehavior Passive Acknowledgement (3)Diagnosing Misbehavior Layer 4 Endpoint Detection (4)Victim’s responseAnalytical model (1/2)Analytical model (2/2)Rushing AttackAssessment of performance under DoS AttackJellyFish PlacementMobilitySystem SizeConclusionCS395T – Wireless NetworksDenial of Service Resilience in Ad Hoc NetworksI. Aad, J. Hubaux and E. KnightlyEPFL, Switzerland and Rice UniversityPresented by Jeremy Holländer2CS395T – Wireless NetworksOutline•What is a Denial of Service attack•Types of nodes that initiate DoS attacks•Types of attacks•Victim’s response•Analytical model•Performance of network under DoS attack•Conclusion3CS395T – Wireless NetworksThe war on protocol design•Attackers constantly introduce new attacks•Retaliation by protocol designers•This papers aims to•Quantify the damage an attacker can have on the performance of a wireless network•Study the scalability of DoS attacks4CS395T – Wireless NetworksDenial of Service•Is an attempt by malicious user(s) to prevent legitimate users from using a service•This paper studies protocol-compliant DoSs only•Much more difficult to detect!5CS395T – Wireless NetworksJellyFish and Black Holes•JellyFish attacks conform to all routing and forwarding protocol specifications•Difficult to detect before the sting•Targets closed-loop flows•Responsive to network conditions such as loss and delay•Black holes participate in the routing protocol to establish routes through themselves, yet drop all received packets•Targets open-loop flows•Not responsive to above network conditions6CS395T – Wireless NetworksSystem model assumptions•Wireless network•Employs node authentication•Employs message authentication•Ensures one identity per node•Prevents control plane misbehavior•A malicious node will always participate in route setup operations•Source Routing: malicious nodes always relay Route Request packets to have many routes passing through them•Distance Vector Routing: malicious nodes obey all control-plane protocol specifications7CS395T – Wireless NetworksJellyFish Reorder Attack (1/2)•Problem of TCP in regards to ACKs•Msgs 1, …, N sent•Receipt of ACK-N means all msgs up to N received successfully•Receipt of duplicate ACKs means loss or out-of-order receipt•All TCP variants assume re-ordering is short-lived due to network changes8CS395T – Wireless NetworksJellyFish Reorder Attack (2/2)•JF nodes deliver all packets•Only after placing them randomly in a FIFO buffer•Results in near-zero goodput despite delivering all packets it is not detected by other nodes as being malicious because not dropping packets9CS395T – Wireless NetworksJellyFish Periodic Dropping Attack•Attacking nodes drop all packets for a short period of time once per retransmission time-out (RTO)•After JF’s first loss duration, the victim flow will enter timeout because JF choosing a dropping duration long enough to result in multiple losses•When the flow attempts to exit timeout RTO seconds later, JF will soon/immediately drop again•Why does it work?•Because like non-malicious nodes JFs drop only a small fraction of time so as not to be detected10CS395T – Wireless NetworksJellyFish Delay Variance Attack•JFs manipulate packet delays to reduce TCP throughput•This results in•TCP sending traffic in bursts due to “self-clocking”, leads to increased collisions and loss•Mis-estimations of available bandwidth•Excessively high RTO value11CS395T – Wireless NetworksImpact of JF-reorder on throughput•FIFO schedule that randomly selects one of first k packets of the queue to send•TCP is robust with reordering buffer of two packets•With larger reordering buffer, goodput collapses•Solution: TCP-PR  use timers to detect loss12CS395T – Wireless NetworksJF-drop effect on throughput•To obtain the null at 1 second, the JF drops packets for 90ms every 1 second dropping 9% of the time and forwarding 91% of the time•Hard to detect because these are values that can be incurred by a congested node•Multiple packet losses within a RT-time are an indication of severe congestion•Flow must back off aggressivelyand wait RTO seconds before entering slow start13CS395T – Wireless NetworksJF-jitter effect on throughput•JF alternates between periods of serving packets at its maximum capacity and serving no packets•Idle and active periods are of equal length TCP goodput decreases with increasing jitter14CS395T – Wireless NetworksBlack Holes•BH participate in all routing control operations•Once path established, BH drop all packets•JF has nearly same impact as BH•BH work with flows that are not congestion-related and therefore immune to JF disadvantage: much easier to detect BH15CS395T – Wireless NetworksDiagnosing MisbehaviorDetection of MAC Layer Failure (1)•Broken routes (for instance because of mobility) can be detected by routing protocols.•E.g.: DSR uses MAC layer transmission failure to generate a route error message•Message is sent upstream to the source node, which will establish a new route16CS395T – Wireless NetworksDiagnosing MisbehaviorPassive Acknowledgement (2)•Consider BH behavior: BH needs to forward packet. It first acknowledges the receipt of the packet to the sender but does not forward the packet to its intended destination. Can this be detected ?•PACK : if node i sends a packet to k via j, then i should overhear the subsequent transmission from j to k (exploits broadcast nature of wireless medium).17CS395T – Wireless NetworksDiagnosing MisbehaviorPassive Acknowledgement (2)•Energy-efficient transmission•PACK requires that node j’s transmission be overheard by node i•Unable to use dynamic power management•Even though j is very close to k, it must ensure that i hears the transmission•If i does not hear the transmission it will incorrectly infer that j is a misbehaving


View Full Document

UConn CSE 5300 - Denial of Service Resilience in Ad Hoc Networks

Download Denial of Service Resilience in Ad Hoc Networks
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Denial of Service Resilience in Ad Hoc Networks and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Denial of Service Resilience in Ad Hoc Networks 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?