05-07-2013, 12:26 PM
Mitigating Selective Forwarding Attacks with a Channel-Aware Approach in WMNs
Mitigating Selective.pdf (Size: 783.03 KB / Downloads: 40)
Abstract
In this paper, we consider a special case of denial of
service (DoS) attack in wireless mesh networks (WMNs) known
as selective forwarding attack (a.k.a gray hole attacks). With such
an attack, a misbehaving mesh router just forwards a subset of
the packets it receives but drops the others. While most of the
existing studies on selective forwarding attacks focus on attack
detection under the assumption of an error-free wireless channel,
we consider a more practical and challenging scenario that packet
dropping may be due to an attack, or normal loss events such as
medium access collision or bad channel quality. Specifically, we
develop a channel aware detection (CAD) algorithm that can
effectively identify the selective forwarding misbehavior from
the normal channel losses. The CAD algorithm is based on
two strategies, channel estimation and traffic monitoring. If the
monitored loss rate at certain hops exceeds the estimated normal
loss rate, those nodes involved will be identified as attackers.
Moreover, we carry out analytical studies to determine the
optimal detection thresholds that minimize the summation of
false alarm and missed detection probabilities. We also compare
our CAD approach with some existing solutions, through
extensive computer simulations, to demonstrate the efficiency of
discriminating selective forwarding attacks from normal channel
losses.
INTRODUCTION
WIRELESS mesh networks (WMNs) [1] are emerging
as a popular choice for Internet service providers
(ISPs) to provision broadband wireless access in the future.
The WMNs are expected to incorporate the attributes of
self-organization, self-healing, and self-configuration for high
reliability and scalability. In spite of the multiple aspects of
advantages, theWMNs lack security guarantees due to its open
medium, distributed architecture, and dynamic topology [1]-
[5].
The WMN is a multi-hop network, which relies on mesh
routers to forward the packets to the destination. It is clear that
successful collaboration among routers is the foundation for
a strong and reliable network.
RELATED WORK
In the last few years, several secure routing protocols
resilient to external attacks, such as SAODV [9], SEAD [10],
ARAN [15] and Ariadne [16], were proposed. However, none
of these protocols are capable in defending against internal
attacks. Wireless specific attacks such as rushing attacks,
wormhole attacks were recently identified and studied. These
attacks can form a serious threat, because once launched
the attacker can easily inject bogus packets, eavesdrop on
communication or selectively drop the data packets. RAP
[17] prevents the rushing attack by waiting for up to m
ROUTE REQUEST packets and then randomly selecting one
to transmit the data packets, rather than always selecting
the first ROUTE REQUEST packet for forwarding. However,
RAP has significant network overhead and is ineffective if
the adversary has compromised m or more nodes. Packet
leashes [18] and LiteWorp [8] are two well-known techniques
to defend against wormhole attacks. The former one restricts
the maximum transmission distance of the packet by using
either a clock synchronization or location information. The
latter one uses guard nodes to overhear the communications
between the neighboring nodes and exploits the directional
antenna techniques [19].
A. Network Model
We consider a single channel multi-hop infrastructure mesh
network [1]. InfrastructureWMNs are commonly used in community
and neighborhood networks. In this type of network,
mesh nodes are statically deployed, e.g., on the roof of houses
in a neighborhood, and communicate with one another to form
a multi-hop wireless backbone. One or more mesh nodes are
connected to the Internet and serve as gateways to provide
Internet connectivity for the entire mesh network. The mesh
nodes can aggregate traffic from its end clients and forward
the traffic to and from the Internet.
B. Threat Model
In a wireless mesh network, we consider that the adversary
may compromise certain mesh nodes through physical capture
or software bugs, thus gaining full control of them. Once
captured, the attacker gains access to all stored information,
including public, private keys and reprogram them to behave
in a malicious manner. In a multi-hop network like ad hoc,
sensor, and mesh networks, effective routing algorithms are
required to find high throughput path between source and
destination. All the distributed routing protocols for multihop
networks [20] assume that all the nodes are collaborative
and behave normally. However, due to the open medium, the
normal routing behavior can be attacked easily. A typical
threat model to the distributed routing is that the attackers
broadcast misleading routing messages.
CONCLUSION AND FUTURE WORK
In this paper, we proposed an effective algorithm to detect
and locate the selective forwarding attackers in WMNs.
The particular challenging scenario we consider is that the
intentional selective dropping may be interleaved with normal
loss events due to wireless channel quality or medium
access collisions. The proposed channel aware detection algorithm
utilizes the methodologies of channel estimation and
upstream/downstream traffic monitoring to discriminate the
selective dropping attack from the estimated normal loss
rates. We demonstrate how to compute the false alarm and
missed detection probabilities for the CAD algorithm, and
further derive the optimal detection thresholds to minimize the
summation of the the false alarm and missed detection probabilities.