160 likes | 271 Vues
Selective Forwarding Attack: Detecting Colluding Nodes in Wireless Mesh Networks. Shankar Karuppayah. National Advanced IPv6 Centre (NAv6) Universiti Sains Malaysia. Network Security Workshop, February 14, 2012. Contents. Introduction Problem Statement Related Work
E N D
Selective Forwarding Attack: Detecting Colluding Nodes in Wireless Mesh Networks Shankar Karuppayah National Advanced IPv6 Centre (NAv6)UniversitiSains Malaysia Network Security Workshop, February 14, 2012
Contents • Introduction • Problem Statement • Related Work • Our Proposed Mechanism • Result and Analysis • Conclusion and Future Work
Introduction Wireless mesh networks (WMNs) • Self-organized • Self-configured • Self-healing • Low up front costs • Scalable
Introduction (cont.) • Overcome last-mile Internet access problems • Advantages: • Adapts to dynamic topology changes • Distributed cooperation routing • WMN applications: • Community networking • Disaster relief • Surveillance and monitoring • Vulnerabilities exist in WMNs • Shared wireless medium • Distributed architecture
Problem Statement • Two type of attacks • Passive attack • Active attack • Denial of service (DoS) attacks • Preventing legitimate users from accessing information, services or resources • Gray Hole attack • Also known as selective forwarding attack • A variation from Black Hole attack • Motivation of the attacks: • Rational intentions • Malicious intentions Network Performance Deteriorates!!!
Problem Statement (cont.) • Existing security solutions • Cryptographic mechanisms • Public/private key exchange • Not entirely applicable in WMNs • Decentralized network architecture • Routers physically tampered or software vulnerabilities exploited The need for non-cryptographic security mechanism arises
Related Work • Marti et al. introduce watchdog • Monitoring principle in “promiscuous” mode • S. Banerjee propose an algorithm to detect and remove Black/Gray Hole attackers • Splits transmission data into several blocks • Introduction of prelude and postlude message • Shilaet al. introduce Channel Aware Detection (CAD) algorithm to detect Gray Hole attackers • Consider normal losses • medium access collisions • bad channel quality
CAD (Channel Aware Detection) Algorithm • Methodology: • Channel estimation (Dynamic detection threshold) • Hop-by-hop packet loss monitoring Data transmission: Split into several blocks (Ws) S|2|0 0|V0|2|0 0|V1|2|1 0|V2|2|0 1|V3|1 2 0 1 0 2 1 2 1 0 1 0 0 1 However… CAD algorithm will not be able to detect an attack in the event of colluding nodes • New packet types : • PROBE Packet marking with opinion and behavior parameter • PROBE-ACK PROBE replies • When node forwards a packet: • Buffer link layer acknowledgement (MAC-ACK) • Overhears downstream traffic WMN router nodes: Maintain packets count history with corresponding packet sequence number
Assumptions • Routers have no energy constraints and have buffer of infinite size • Packet drop due to: • Bad channel quality • Medium access collision • Presence of attackers • Free from general wireless attacks: • Sybil attacks • Jamming (signal) attacks • Colluding nodes are located next to each other • Route caching to mitigate overhead • Nodes have authentication methods implemented
CAD+ Algorithm • Source compares the filtered irregularities with the list of sent packets • Source refers the verified irregularities list to conduct final confirmation • Retains existing features of CAD • Source and Destination perform hashing on sent and received data packets respectively • Destination keeps a list of monitoring nodes (MN) vs monitored nodes • MN monitors data packets received and forwarded by the node being monitored based on the monitoring parameters • MN maintains irregularities history • Destination compares the reported irregularities with the list of received packets and then replies to Source with a modified PROBE-ACK(including filtered irregularities) • Introduction of three new packet types: • Prelude • Prelude-Notify • Prelude-Ack • When MN overhears a PROBE packet sent to Destination, it forwards the list of irregularities (if applicable) towards Destination. Count > COUNT_THRESH ?Interval > INTERVAL_THRESH? *MNx is not colluding but may not be reliable
Detection of Threats • Threats detected (colluding nodes): • Gray Hole attack • Selectively drops packet • Packet Injection • Fabricates packet towards Destination node • Packet Alteration • Node alters a received packet (bit or data manipulation) • Bad Mouthing Attack • Framing an innocent node Stealthy attacks by colluding nodes!!!
Result and Analysis Packet delivery ratio comparison with colluding selective dropping rate. (no channel loss)
Result and Analysis (cont.) Packet delivery ratio comparison with channel loss rate. Colluding selective dropping attacks present.
Result and Analysis (cont.) Average detection rate of Gray Hole attackers with respect to simulation time.
Conclusion and Future Work • Developed a detection algorithm CAD+ which: • Integrates CAD with neighborhood monitoring feature • Enables detection and isolation of colluding Gray Hole attackers • Detects other variation of colluding attacks: • Packet alteration • Packet injection • Packet dropping • Future Work: • Investigate possibilities of mobile MN • Incentives for MN to encourage cooperation • Extend CAD+ to detect other network layer attacks
References • Sergio Marti, T. J. Giuli, Kevin Lai, and Mary Baker. Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the 6th annual international conference on Mobile computing and networking, MobiCom ’00, pages 255–265, New York, NY, USA, 2000. • SuklaBanerjee. Detection/Removal of Cooperative Black and Gray Hole Attack in Mobile Ad-Hoc Networks. In Proceedings of the World Congress on Engineering and Computer Science 2008, WCECS ’08, October 22 - 24, 2008, San Francisco, USA, Lecture Notes in Engineering and Computer Science, pages 337–342. Newswood Limited, 2008. • D.M. Shila, Yu Cheng, and T. Anjali. Mitigating selective forwarding attacks with a channel-aware approach in WMNS. Wireless Communications, IEEE Transactions on, 9(5):1661 –1675, May 2010.