30-10-2012, 12:37 PM
hi i need project idea and document for this topic..
30-10-2012, 12:37 PM
hi i need project idea and document for this topic..
30-05-2013, 04:37 PM
Stealthy Attacks in Wireless Ad Hoc Networks: Detection and Countermeasure Stealthy Attacks.pdf (Size: 1.9 MB / Downloads: 26) Abstract Stealthy packet dropping is a suite of four attacks—misrouting, power control, identity delegation, and colluding collision—that can be easily launched against multihop wireless ad hoc networks. Stealthy packet dropping disrupts the packet from reaching the destination through malicious behavior at an intermediate node. However, the malicious node gives the impression to its neighbors that it performs the legitimate forwarding action. Moreover, a legitimate node comes under suspicion. A popular method for detecting attacks in wireless networks is behavior-based detection performed by normal network nodes through overhearing the communication in their neighborhood. This leverages the open broadcast nature of wireless communication. An instantiation of this technology is local monitoring. We show that local monitoring, and the wider class of overhearing-based detection, cannot detect stealthy packet dropping attacks. Additionally, it mistakenly detects and isolates a legitimate node. We present a protocol called SADEC that can detect and isolate stealthy packet dropping attack efficiently. SADEC presents two techniques that can be overlaid on baseline local monitoring: having the neighbors maintain additional information about the routing path, and adding some checking responsibility to each neighbor. Additionally, SADEC provides an innovative mechanism to better utilize local monitoring by considerably increasing the number of nodes in a neighborhood that can do monitoring. We show through analysis and simulation experiments that baseline local monitoring fails to efficiently mitigate most of the presented attacks while SADEC successfully mitigates them. INTRODUCTION WIRELESS Ad hoc and Sensor Networks (WASN) are becoming an important platform in several domains, including military warfare and command and control of civilian critical infrastructure [33], [34]. They are especially attractive in scenarios where it is infeasible or expensive to deploy significant networking infrastructure. Examples in the military domain include monitoring of friendly and enemy forces, equipment and ammunition monitoring, targeting, and nuclear, biological, and chemical attack detection [33], [34]. Consider a military network scenario where more powerful and less energy-constrained ad hoc nodes may be carried by soldiers or in vehicles, while a large number of low cost and low-energy sensor nodes with limited energy resources may be distributed over the battlefield. This network setup can guide a troop of soldiers to move through the battlefield by detecting and locating enemy tanks and troops. The soldiers can use information collected by the sensor nodes to strategically position to minimize any possible causality. Examples in the civilian domain include habitat monitoring, animal tracking, forestfire detection, disaster relief and rescue, oil industry management, and traffic control and monitoring [33], [35]. RELATED WORK In the last few years, researchers have been actively exploring many mechanisms to ensure the security of control and data traffic in wireless networks. These mechanisms can be broadly categorized into the following classes—authentication and integrity services, protocols that rely on path diversity, protocols that use specialized hardware, protocols that require explicit acknowledgments or use statistical methods, and protocols that overhear neighbor communication. The path diversity techniques increase route robustness by first discovering multipath routes [9], [13] and then using these paths to provide redundancy in the data transmission between a source and a destination. The data are encoded and divided into multiple shares sent to the destination via different routes. The method is effective in well-connected networks, but does not provide enough path diversity in sparse networks. Moreover, many of these schemes are expensive for resource-constrained networks due to the data redundancy. Additionally, these protocols could be vulnerable to route discovery attacks, such as the Sybil attack, that prevent the discovery of nonadversarial paths. Examples of protection mechanisms that require specialized hardware include [5] and [11]. The authors in [5] introduce a scheme called packet leashes that uses either tight time synchronization or location awareness through GPS hardware. The work in [11] relies on hardware threshold signature implementations to prevent one node from propagating errors or attacks in the whole network. FOUNDATIONS Attack Model and System Assumptions Attack Model An attacker can control an external node or an internal node, which, since it possesses the keys, can be authenticated by other nodes in the network. An insider node may be created, for example, by compromising a legitimate node. A malicious node can perform packet dropping by itself or by colluding with other nodes. The collusion may happen through out-of-band channels (e.g., a wireline channel). However, we do not consider the denial of service attacks through physical-layer jamming [22], or through identity spoofing and Sybil attacks [10]. There exist several approaches to mitigate these attacks—[22] for jamming and [10] for the Sybil attack. A malicious node can be more powerful than a legitimate node and can have highpowered controllable transmission capability but is limited to Omnidirectional antennas. The attacks do not affect only a specific routing protocol; rather, they apply to a wide class where an intermediate node determines the next-hop node toward the final destination. This includes routing protocols specific to WSNs such as the beacon routing protocol. Drop through Power Control In this type of attack, a malicious node relays the packet by carefully reducing its transmission power, thereby reducing the range and excluding the legitimate next-hop node. This kind of transmission power control is available in today’s commercial wireless nodes, such as the Crossbow Mica family of nodes. Consider the scenario shown in Fig. 3. A node S sends a packet to a malicious node M to be relayed to node T. Node M drops the packet by sending it over a range that does not reach T (the dotted circle centered at M). Fig. 3a shows the guards ofM that are satisfied by the controlled transmission ofM (region II) and the set of guards that detectM (region I) as dropping the packet since they did not overhear M. Fig. 3b shows all the guards of M over S ! M. Fig. 3d shows the set of guards of T over M ! T that wrongly accuse T of dropping the packet. The farther T is from M, the better it is for the attacker since more guards can be satisfied and therefore, the stealthier the attack. Drop through Identity Delegation In this form of the attack, the attacker uses two malicious nodes to drop the packet. One node is spatially close to the sender. The other node is the next hop from the sender. The first malicious node could be externally or an internally compromised node while the latter has to be an internally compromised node. Consider the scenario shown in Fig. 5, node S sends a packet to a malicious next-hop node M2 to be relayed to node T. The attacker delegates the identity and the credentials of the compromised node M2 to a colluding node M1 close to S. After S sends the packet to M2, M1 uses the delegated identity of M2 and transmits the packet. The intended next hop T does not hear the message since T 62 RðM1Þ. The guards of M2 over S ! M2 are the nodes in the shaded areas I and II and they are all satisfied since they are in RðM1Þ. Again, the consequences of this attack are twofold: 1) the packet has been successfully dropped without detection, and 2) the set of nodes in the shaded area II overhear a packet transmission (purportedly) from M2 to T. These nodes are included in GðM2; TÞ and will subsequently accuse T of dropping the packet. Mitigating Other Stealthy Drop Attacks The key observation behind the other types of the stealthy packet dropping attack is that the attack defeats local monitoring-based detection by reducing the number of guards that overhear a packet to zero or to a number that is less than the confidence index . In the power control attack shown in Fig. 3a, the attacker narrows the guards that can detect the packet drop into the lightly shaded area (region I in Fig. 3a) while the majority of the guards (region II in Fig. 3a) are satisfied. In the colluding collision attack (Fig. 4) and identity delegation attack (Fig. 5), the attacker completely evades detection by satisfying all the guards (the nodes in region I of Figs. 4 and 5). The countermeasure we propose against these attacks is based on the observation that an adversary evades detection by allowing only a subset of guards to overhear the message being forwarded. Therefore, we expand the set of nodes that can guard a node from only the common neighbors of the node being monitored and its previoushop node to include all the neighbors of the node being monitored. Since the number of guards involved in monitoring a node (all the node’s neighbors) increases, the probability of detecting the stealthy packet drop increases. SADEC’S detection technique makes use of the fact that, under the stealthy packet dropping attacks, neighbors have differing views of a node in terms of the volume of traffic it has forwarded and all the neighbors cannot be convinced by a single broadcast. CONCLUSION We have introduced a new class of attacks called stealthy packet dropping which disrupts a packet from reaching the destination by malicious behavior at an intermediate node. This can be achieved through misrouting, controlling transmission power, malicious jamming at an opportune time, or identity sharing among malicious nodes. However, the malicious behavior cannot be detected by any behaviorbased detection scheme presented to date. Specifically, we showed that BLM-based detection cannot detect these attacks. Additionally, it will cause a legitimate node to be accused. We then presented a protocol called SADEC that successfully mitigates all the presented attacks. SADEC builds on local monitoring and requires nodes to maintain additional routing path information and adds some checking responsibility to each neighbor. |
|