![Page 1: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/1.jpg)
1
Building A Trustworthy, Secure, And Privacy Preserving Network
Bharat BhargavaCERIAS Security CenterCWSA Wireless Center
Department of CS and ECEPurdue University
Supported by NSF IIS 0209059, NSF IIS 0242840 ,
NSF ANI 0219110, CISCO, Motorola, IBM
![Page 2: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/2.jpg)
2
Research Team
• Faculty Collaborators– Dongyan Xu, middleware and privacy– Mike Zoltowski, smart antennas, wireless security– Sonia Fahmy, Internet security – Ninghui Li, trust– Cristina Nita-Rotaru, Internet security
• Postdoc– Lezsek Lilien, privacy and vulneribility– Xiaoxin Wu, wireless security– Jun Wen, QoS– Mamata Jenamani, privacy
• Ph.D. students– Ahsan Habib, Internet Security– Mohamed Hefeeda, peer-to-peer– Yi Lu, wireless security and congestion control– Yuhui Zhong, trust management and fraud– Weichao Wang, security of ad hoc networks
More information at http://www.cs.purdue.edu/people/bb
![Page 3: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/3.jpg)
3
Motivation
• Lack of trust, privacy, security, and reliability impedes information sharing among distributed entities.– San Diego supercomputer center detected 13,000
DoS attacks in a three-week period [eWeek, 2003]– Internet attacks in February, 2004 caused an
estimated $68 billion to $83 billion in damages worldwide [British Computer Security Report]
– Business losses due to privacy violations• Online consumers worry about revealing personal data• This fear held back $15 billion in online revenue in 2001
– 52,658 reported system crashes caused by software vulnerabilities in 2002 [Express Computers 2002]
![Page 4: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/4.jpg)
4
Research is required for the creation of knowledge and learning in secure networking, systems, and applications.
![Page 5: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/5.jpg)
5
• Enable the deployment of security sensitive applications in the pervasive computing and communication environments.
Goal
![Page 6: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/6.jpg)
6
Problem Statement
• A trustworthy, secure, and privacy preserving network platform must be established for trusted collaboration. The fundamental research problems include:– Trust management– Privacy preserved interactions– Dealing with a variety of attacks and frauds in
networks– Intruder identification in ad hoc networks (focus
of this seminar)
![Page 7: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/7.jpg)
7
Applications/Broad Impacts
• Guidelines for the design and deployment of security sensitive applications in the next generation networks– Data sharing for medical research and treatment– Collaboration among government agencies for
homeland security– Transportation system (security check during travel,
hazardous material disposal)– Collaboration among government officials, law
enforcement and security personnel, and health care facilities during bio-terrorism and other emergencies
![Page 8: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/8.jpg)
8
Scientific Contributions
A. Trust formalization
B. Privacy preservation in interactions
C. Network tomography techniques for DoS attacks
D. Intrusion detection and intruder identification in ad hoc networks
E. Vulnerability analysis and threat assessment
![Page 9: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/9.jpg)
9
A. Trust Formalization• Problem
– Dynamically establish and update trust among entities in an open environment.
• Research directions– Handling uncertain evidence– Modeling dynamic trust– Formalization and detection of fraud
• Challenges– Uncertain information complicates the inference procedure.– Subjectivity leads to various interpretations toward the same
information.– The multi-faceted and context-dependent characteristics of trust
require tradeoff between representation comprehensiveness and computation simplicity of the trust model.
![Page 10: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/10.jpg)
10
Uncertain Evidence• Probability-based approach to evaluate the
uncertainty of a logic expression given a set of uncertain evidence– Atomic formula: Bayes network + causal
inference + conditional probability interpretation of opinion
– AND/OR expressions: rule defined by Jsang [Jsang'01]
– Subjectivity is realized using discounting operator proposed by Shafer [Shafer'76]
![Page 11: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/11.jpg)
11
Dynamic Trust• Trust production based on direct interaction
– Identify behavior patterns and their characteristic features
– Determine which pattern is the best match of an interaction sequence
– Develop personalized trust production algorithms considering behavior patterns
• Reputation aggregation– Global reputation vs. personalized reputation– Personalized reputation aggregation
• Determine the subset of trust information useful for a specific trustor by using collaborative filters
• Translate trust information into the scale of a specific trustor
![Page 12: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/12.jpg)
12
Trust Enhanced Role Assignment (TERA) Prototype
• Trust enhanced role mapping (TERM) server assigns roles to users based on – Uncertain & subjective evidence
– Dynamic trust
• Reputation server – Dynamic trust information repository– Evaluate reputation from trust information by using
algorithms specified by TERM server
Prototype and demo are available at
http://www.cs.purdue.edu/homes/bb/NSFtrust/
![Page 13: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/13.jpg)
13
TERA Architecture
T E R M s er v er
T E R M s er v er
T r u s t b as ed o n b eh av io r s
T r u s t b as ed o n b eh av io r s
R ep u ta tio n
R ep u ta tio n
R ep u ta tio n s er v er
Alic e
Bo b
T E R A
R o le r eq u es t
As s ig n ed r o le
R o le r eq u es t
As s ig n ed r o le
R BAC en h an c edap p lic a tio n s er v er
R BAC en h an c edap p lic a tio n s er v er
Us er 's b eh av io r
Us er 's b eh av io r
I n te r ac tio n s
I n te r ac tio n s
![Page 14: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/14.jpg)
14
Trust Enhanced Role Mapping (TERM) Server
• Evidence rewriting
• Role assignment– Policy parser – Request processor & inference engine– Constraint enforcement
• Policy base
• Trust information management– User behavior modeling – Trust production
![Page 15: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/15.jpg)
15
TERM Server
TERM
Credential Manager
Assign role
Credentials provided / retrieved
Role Assignment
Evidence statement
Evidence statement
Evidence Rewriting Trust toward
issuer
Trust toward user/issuer
Trust
Information Management
Behaviors
Policy Base
Role-assignment Policy
Role-assignment policies
Reputation
user
Reputation server
Policy maker
Application server
Trust information
Request role
![Page 16: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/16.jpg)
16
Fraud Formalization and Detection
• Model fraud intention– Uncovered deceiving intention– Trapping intention– Illusive intention
• Fraud detection– Profile-based anomaly detection
• Monitor suspicious actions based upon the established patterns of an entity
– State transition analysis• Build an automaton to identify activities that lead
towards a fraudulent state
![Page 17: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/17.jpg)
17
Model Fraud Intentions
• Uncovered deceiving intention– Satisfaction ratings
are stably low. – Ratings vary in a
small range over time.
![Page 18: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/18.jpg)
18
Model Fraud Intentions
• Trapping intention– Rating sequence can
be divided into two phases: preparing and trapping.
– A swindler behaves well to achieve a trustworthy image before he conducts frauds.
![Page 19: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/19.jpg)
19
Model Fraud Intentions
• Illusive intention– A smart swindler
attempts to cover the bad effects by intentionally doing something good after misbehaviors.
– Process of preparing and trapping is repeated.
![Page 20: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/20.jpg)
20
B. Private and Trusted Interactions
• Problem– Preserve privacy, gain trust, and control dissemination of data
• Research directions– Dissemination of private data– Privacy and trust tradeoff– Privacy metrics
• Challenges– Specify policies through metadata and establish guards as
procedures– Efficient implementation– Estimate privacy depending on who will get this information,
possible uses of this information, and information disclosed in the past
– Privacy metrics are usually ad hoc and customized
Detail slides at http://www.cs.purdue.edu/homes/bb/priv_trust_cerias.ppt
![Page 21: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/21.jpg)
21
Preserving Privacy in Data Dissemination
• Design self-descriptive private objects
• Construct a mechanism for apoptosis of private objects
apoptosis = clean self-destruction
• Develop proximity-based evaporation of private objects
• Develop schemes for data distortions
![Page 22: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/22.jpg)
22
Privacy-Trust Tradeoff• Gain a certain level of trust with the least loss of
privacy• Build trust based on digital credentials of users
that contain private information• Formulate the privacy-trust tradeoff problem• Estimate privacy loss due to disclosing a set of
credentials• Estimate trust gain due to disclosing a set of
credentials• Develop algorithms that minimize privacy loss
for required trust gain
![Page 23: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/23.jpg)
23
Privacy Metrics
• Determine the degree of data privacy– Size of anonymity set metrics– Entropy-based metrics
• Privacy metrics should account for:– Dynamics of legitimate users– Dynamics of violators– Associated costs
![Page 24: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/24.jpg)
24
Size of Anonymity Set Metrics
• The larger set of indistinguishable entities, the lower probability of identifying any one of them– Can use to ”anonymize” a selected private attribute value
within the domain of its all possible values
“Hiding in a crowd”
“More” anonymous (1/n)
“Less” anonymous (1/4)
![Page 25: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/25.jpg)
25
Dynamics of Entropy
• Decrease of system entropy with attribute disclosures (capturing dynamics)
– When entropy reaches a threshold (b), data evaporation can be invoked to increase entropy by controlled data distortions
– When entropy drops to a very low level (c), apoptosis can be triggered to destroy private data
– Entropy increases (d) if the set of attributes grows or the disclosed attributes become less valuable – e.g., obsolete or more data now available
(a)
(b)
(c) (d)
Disclosed attributes
H*
Allattribut
es
Entropy
Level
![Page 26: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/26.jpg)
26
Private and Trusted System (PRETTY) Prototype
(1)
[2a]
(3) User Role
[2b] [2d][2c1]
[2c2]
(2)
(4)
TERA = Trust-Enhanced Role Assignment
![Page 27: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/27.jpg)
27
Information Flow for PRETTY
1) User application sends query to server application.
2) Server application sends user information to TERA server for trust evaluation and role assignment.
a) If a higher trust level is required for query, TERA server sends the request for more user’s credentials to privacy negotiator.
b) Based on server’s privacy policies and the credential requirements, privacy negotiator interacts with user’s privacy negotiator to build a higher level of trust.
c) Trust gain and privacy loss evaluator selects credentials that will increase trust to the required level with the least privacy loss. Calculation considers credential requirements and credentials disclosed in previous interactions.
d) According to privacy policies and calculated privacy loss, user’s privacy negotiator decides whether or not to supply credentials to the server.
3) Once trust level meets the minimum requirements, appropriate roles are assigned to user for execution of his query.
4) Based on query results, user’s trust level and privacy polices, data disseminator determines: (i) whether to distort data and if so to what degree, and (ii) what privacy enforcement metadata should be associated with it.
![Page 28: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/28.jpg)
28
Experimental Studies
• Private object implementation– Validate and evaluate the cost, efficiency, and the impacts on the
dissemination of objects– Study the apoptosis and evaporation mechanisms for private objects
• Tradeoff between privacy and trust– Study the effectiveness and efficiency of the probability-based and
lattice-based privacy loss evaluation methods– Assess the usability of the evaluator of trust gain and privacy loss
• Location-based routing and services– Evaluate the dynamic mappings between trust levels and distortion
levels
![Page 29: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/29.jpg)
29
C. Tomography Research• Problem
– Defend against denial of service attacks – Optimize the selection of data providers in peer-to-
peer systems
• Research Directions– Stripe based probing to infer individual link loss by
edge-to-edge measurements– Overlay based monitoring to identify congested links
by end-to-end path measurement– Topology inference to estimate available bandwidth
by path segment measurements
![Page 30: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/30.jpg)
30
Defeating DoS Attacks in Internet
![Page 31: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/31.jpg)
31
Overlay-based Monitoring
• Do not need individual link loss to identify all congested links
• Edge routers form an overlay network for probing. Each edge router probe part of the network
• Problem statement– Given topology of a network domain, identify
which links are congested and possibly under attack
![Page 32: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/32.jpg)
32
Attack Scenarios
(a) Changing delay pattern due to attack
(b) Changing in loss pattern due to attack
Time (sec) Time (sec)
D
ela
y (
ms)
L
oss
Rati
o
![Page 33: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/33.jpg)
33
Identified Congested Links
(a) Counter clockwise probing (b) Clockwise probing
Probe46 in graph (a) and Probe76 in graph (b) observe high losses, which means link C4 E6 is congested.
Time (sec) Time (sec)
Loss
Rati
o
L
oss
Rati
o
![Page 34: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/34.jpg)
34
Probing: Simple Method
(a) Topology (b) Overlay (c) internal links
Congested link
![Page 35: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/35.jpg)
35
Analyzing Simple Method
• Lemma 1. If P and P’ are probe paths in the first and the second round of probing respectively, |P P’ | ≤ 1
• Theorem 1. If only one probe path P is shown to be congested in any round of probing, the simple method successfully identifies status of each link in P
• Performs better if edge-to-edge paths are congested
• The average length of the probe paths in the Simple method is ≤ 4
![Page 36: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/36.jpg)
36
Performance: Simple Method
Theorem 2. Let p be the probability of a link being congested in any arbitrary overlay network. The simple method determines the status of any link of the topology with probability at least 2(1-p)4-(1-p)7+p(1-p)12
Frac of actual congested links
Dete
ctio
n P
robabili
ty
![Page 37: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/37.jpg)
37
Advanced MethodAdvancedMethod()begin
Conduct Simple Method. E is the unsolved equation set
for Each undecided variable Xij of E do
node1 = FindNode(Tree T, vi, IN)
node2 = FindNode(Tree T, vj , OUT) if node1 ≠ NULL AND node2 ≠ NULL then
Probe(node1, node2). Update equation set E end if Stop if no more probe exists
endforend
![Page 38: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/38.jpg)
38
Analyzing Advanced Method
• Lemma 2. For an arbitrary overlay network with n edge routers, on the average a link lies on b = edge-to-edge paths
• Lemma 3. For an arbitrary overlay network with n edge routers, the average length of all edge-to-edge paths is d =
• Theorem 3. Let p be the probability of a link being congested. The advanced method can detect the status of a link with probability at least (1-(1-(1-p)d)b)
n
nn
log8
)23(
n
n
log2
3
![Page 39: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/39.jpg)
39
D. Intruder Identification in Adhoc On-demand Distance Vector (AODV)
• Problem – AODV are vulnerable to various attacks such as false
distance vector, false destination sequence, and wormhole attacks
– Detecting attacks without identifying and isolating the malicious hosts leaves the security mechanisms in a passive mode
• Challenges– Locate the sources of attacks in a self-organized
infrastructure– Combine local decisions with knowledge from other
hosts to achieve consistent conclusions on the malicious hosts
![Page 40: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/40.jpg)
40
Attacks on Routing in Mobile Ad Hoc Networks
Attacks on routing
Active attacks Passive attacks
Packet silent discard
Routing information hiding
Routing procedure
Flood network
False reply Wormhole attacks
Route request
Route broken message
![Page 41: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/41.jpg)
41
• Related Work– Vulnerability model of ad hoc routing protocols [Yang
et al., SASN ’03]– A generic multi layer integrated IDS structure [Zhang
and Lee, MobiCom ’00]– IDS combining with trust [Albert et al., ICEIS ’02]– Information theoretic measures using entropy
[Okazaki et al., SAINT ’02]– SAODV adopts both hash chain and digital signature
to protect routing information [Zapata et al, WiSe’03]– Security-aware ad hoc routing [Kravets et al,
MobiHOC’01]
![Page 42: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/42.jpg)
42
Ideas
• Monitor the sequence numbers in the route request packets to detect abnormal conditions
• Apply reverse labeling restriction to identify and isolate attackers
• Combine local decisions with knowledge from other hosts to achieve consistent conclusions
• Combine with trust assessment methods to improve robustness
![Page 43: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/43.jpg)
43
Introduction to AODV
• Introduced in 97 by Perkins at NOKIA, Royer at UCSB
• 12 versions of IETF draft in 4 years, 4 academic implementations, 2 simulations
• Combines on-demand and distance vector• Broadcast Route Query, Unicast Route Reply• Quick adaptation to dynamic link condition
and scalability to large scale network• Support multicast
![Page 44: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/44.jpg)
44
Route Discovery in AODV (An Example)
S
D
S1
S2
S3
S4
Route to the source
Route to the destination
![Page 45: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/45.jpg)
45
Attacks on AODV• Route request flooding
– query non-existing host (RREQ will flood throughout the network)
• False distance vector– reply “one hop to destination” to every request and select a
large enough sequence number
• False destination sequence number– select a large number (even beat the reply from the real
destination)
• Wormhole attacks– tunnel route request through wormhole and attract the data
traffic to the wormhole
• Coordinated attacks– The malicious hosts establish trust to frame other hosts, or
conduct attacks alternatively to avoid being identified
![Page 46: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/46.jpg)
46
Impacts of Attacks on AODV
Packet Delivery Ratio
Control packet / data packet
No Attacks 96% 0.38
Vicious Flooding 91% 2.93
False Distance 75% 0.38
False Destination Sequence
53% 0.66
Wormhole 61% 0.41
We simulate the attacks and measure their impacts on packet delivery ratios and protocol overhead
![Page 47: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/47.jpg)
47
False Destination Sequence Attack
D
S S1
S2 M
S3
RREQ(D, 3)
RREQ(D, 3)
RREQ(D, 3)
RREQ(D, 3)
RREP(D, 5)
RREP(D, 20)
Packets from S to D are sinking at M. Node movement breaks the path from S to M (trigger route rediscovery).
![Page 48: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/48.jpg)
48
During Route Rediscovery, False Destination Sequence Attack Is Detected
D
S S1
S2 M
S3
S4
RREQ(D, 21)
(1). S broadcasts a request that carries the old sequence + 1 = 21
(2) D receives the RREQ. Local sequence is 5, but the sequence in RREQ is 21. D detects the false desti-nation sequence attack.
Propagation of RREQ
![Page 49: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/49.jpg)
49
Reverse Labeling Restriction (RLR)
Blacklists are updated after an attack is detected.• Basic Ideas
• Every host maintains a blacklist to record suspicious hosts. Suspicious hosts can be released from the blacklist.
• The destination host will broadcast an INVALID packet with its signature when it finds that the system is under attack on sequence. The packet carries the host’s identification, current sequence, new sequence, and its own blacklist.
• Every host receiving this packet will examine its route entry to the destination host. If the sequence number is larger than the current sequence in INVALID packet, the presence of an attack is noted. The previous host that provides the false route will be added into this host’s blacklist.
![Page 50: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/50.jpg)
50
D
S S1
S2 M
S3
S4
BL {}
BL {S2}
BL {}BL {M}
BL {S1}
BL {}
D broadcasts INVALID packet with current sequence = 5, new sequence = 21. S3 examines its route table, the entry to D is not false. S3 forwards packet to S1. S1 finds that its route entry to D has sequence 20, which is > 5. It knows that the route is false. The hop which provides this false route to S1 was S2. S2 will be put into S1’s blacklist. S1 forwards packet to S2 and S. S2 adds M into its blacklist. S adds S1 into its blacklist. S forwards packet to S4. S4 does not change its blacklist since it is not involved in this route.
INVALID ( D, 5, 21, {}, SIGN )
Correct destination sequence number is broadcasted.
Blacklist at each host in the path is determined.
![Page 51: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/51.jpg)
51
D4
D1
S3
S1
M
D3
S4
S2
D2
M attacks 4 routes (S1-D1, S2-D2, S3-D3, and S4-D4). When the first two false routes are detected, D3 and D4 add M into their blacklists. When later D3 and D4 become victim destinations, they will broadcast their blacklists, and every host will get two votes that M is malicious host.
[M]
[M]
[M]
[M]
Hosts closer to malicious site are in blacklists of multiple hosts. In the above figure, M is in four blacklists.
![Page 52: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/52.jpg)
52
Combine Local Decisions with Knowledge from Other Hosts• When a host is destination of a route and is
victim by any malicious host, it will broadcast its blacklist.
• Each host obtains blacklists from victim hosts.
• If M is in multiple blacklists, M is classified as a malicious host based on certain threshold.
• Intruder is identified.• Trust values can be assigned to other hosts
based on past information.
![Page 53: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/53.jpg)
53
D3
M1
S1
D1
Routing topology Reverse labeling procedure
Multiple attackers exist in the network. More routes are under attack. When the false routes are detected, more blacklists will be broadcasted.
D2
M2 M3
S2 S3
D3
M1
S1
D1D2
M2 M3
S2 S3
Acceleration in Intruder Identification
![Page 54: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/54.jpg)
54
Reverse Labeling Restriction
• Update Blacklist by INVALID Packet• Next hop on the invalid route will be put into
local blacklist, a timer starts, and a counter increases. The time duration that the host stays in blacklist is exponential to the counter value.
• Labeling process will be conducted in the reverse direction of the false route.
• When timer expires, the suspicious host will be released from the blacklist and routing information from it will be accepted.
![Page 55: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/55.jpg)
55
Deal With Hosts in Blacklist
• Packets from hosts in blacklist• Route request: If the request is from suspicious
hosts, ignore it. • Route reply: If the previous hop is suspicious and
the query destination is not the previous hop, the reply will be ignored.
• Route error: will be processed as usual. RERR will activate re-discovery, which will help to detect attacks on destination sequence.
• INVALID: if the sender is suspicious, the packet will be processed but the blacklist will be ignored.
![Page 56: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/56.jpg)
56
Attacks of Malicious Hosts on RLR
• Attack 1: Malicious host M sends false INVALID packet• Because the INVALID packets are signed, it
cannot send the packets in other hosts’ name• If M sends INVALID in its own name
• If the reported sequence number is greater than the real sequence number, every host ignores this attack
• If the reported sequence number is less than the real sequence number, RLR will converge at the malicious host. M is included in blacklist of more hosts. M accelerated the intruder identification directing towards M.
![Page 57: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/57.jpg)
57
• Attack 2: Malicious host M frames other innocent hosts by sending false blacklist• If the malicious host has been identified, the
blacklist will be ignored• If the malicious host has not been identified, this
operation can only make the threshold lower. If the threshold is selected properly, it will not impact the identification results.
• Combining trust can further limit the impact of this attack.
![Page 58: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/58.jpg)
58
• Attack 3: Malicious host M only sends false destination sequence about some special host• The special host will detect the attack and
send INVALID packets.• Other hosts can establish new routes to the
destination by receiving the INVALID packets.
![Page 59: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/59.jpg)
59
Experimental Studies of RLR
• The experiments are conducted using ns2.• Various network scenarios are formed by
varying the number of independent attackers, number of connections, and host mobility.
• The examined parameters include:– Packet delivery ratio– Identification accuracy: false positive and
false negative ratio– Communication and computation overhead
![Page 60: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/60.jpg)
60
Simulation Parameter
Simulation duration 1000 seconds
Simulation area 1000 * 1000 m
Number of mobile hosts 30
Transmission range 250 m
Pause time between the host reaches current target and moves to next target
0 – 60 seconds
Maximum speed 5 m/s
Number of CBR connection 25/50
Packet rate 2 pkt / sec
![Page 61: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/61.jpg)
61
Experiment 1: Measure the Changes in Packet Delivery Ratio
Purpose: investigate the impacts of host mobility, number of attackers, and number of connections on the performance improvement brought by RLR
Input parameters: host pause time, number of independent attackers, number of connections
Output parameters: packet delivery ratioObservation: When only one attacker exists in the
network, RLR brings a 30% increase in the packet delivery ratio. When multiple attacker exist in the system, the delivery ratio will not recover before all attackers are identified.
![Page 62: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/62.jpg)
62
Increase in Packet Delivery Ratio: Single Attacker
X-axis is host pause time, which evaluates the mobility of host. Y-axis is delivery ratio. 25 connections and 50 connections are considered. RLR brings a 30% increase in delivery ratio. 100% delivery is difficult to achieve due to network partition, route discovery delay and buffer.
![Page 63: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/63.jpg)
63
X-axis is number of attackers. Y-axis is delivery ratio. 25 connections and 50 connections are considered. RLR brings a 20% to 30% increase in delivery ratio.
Increase in Packet Delivery Ratio: Multiple Attackers
![Page 64: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/64.jpg)
64
Experiment 2: Measure the Accuracy of Intruder Identification
Purpose: investigate the impacts of host mobility, number of attackers ,and connection scenarios on the detection accuracy of RLR
Input parameters: number of independent attackers, number of connections, host pause time
Output parameters: false positive alarm ratio, false negative alarm ratio
Observation: The increase in connections may improve the detection accuracy of RLR. When multiple attackers exist in the network, RLR has a high false positive ratio.
![Page 65: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/65.jpg)
65
Accuracy of RLR: Single Attacker
30 hosts, 25 connections 30 hosts, 50 connections
Host Pause time (sec)
# of normal hosts identify the attacker
# of normal hosts marked as malicious
# of normal hosts identify the attacker
# of normal hosts marked as malicious
0 24 0.22 29 2.2
10 25 0 29 1.4
20 24 0 25 1.1
30 28 0 29 1.1
40 24 0 29 0.6
50 24 0.07 29 1.1
60 24 0.07 24 1.0
The accuracy of RLR when there is only one attacker in the system
![Page 66: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/66.jpg)
66
Accuracy of RLR: Multiple Attackers
30 hosts, 25 connections 30 hosts, 50 connections
# of attackers # of normal hosts identify all attackers
# of normal hosts marked as malicious
# of normal hosts identify all attackers
# of normal hosts marked as malicious
1 28 0 29 1.1
2 28 0.65 28 2.6
3 25 1 27 1.4
4 21 0.62 25 2.2
5 15 0.67 19 4.1
The accuracy of RLR when there are multiple attackers
![Page 67: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/67.jpg)
67
Experiment 3: Measure the Communication Overhead
Purpose: investigate the impacts of host mobility and connection scenarios on the overhead of RLR
Input parameters: number of connections, host pause time
Output parameters: control packet overhead
Observation: When no false destination sequence attacks exist in the network, RLR introduces small packet overhead into the system.
![Page 68: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/68.jpg)
68
X-axis is host pause time, which evaluates the mobility of host. Y-axis is normalized overhead (# of control packet / # of delivered data packet). 25 connections and 50 connections are considered. RLR increases the overhead slightly.
Control Packet Overhead
![Page 69: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/69.jpg)
69
Research Opportunities: Improve Robustness of RLR
• Protect the good hosts from being framed by malicious hosts• The malicious hosts can frame the good hosts
by putting them into blacklist. • By lowering the trust values of both complainer
and complainee, we can restrict the impacts of the gossip distributed by the attackers.
• Adopting the trust management scheme proposed by Aberer and Despotovic [CIKM’01] to determine the lowering speed.
![Page 70: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/70.jpg)
70
• Avoid putting every host into blacklist• Combining the host density and movement
model, we can estimate the time ratio that two hosts are neighbors
• The counter for a suspicious host decreases as time passes
• Adjusting the decreasing ratio to control the average percentage of time that a host stays in the blacklist of another host
![Page 71: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/71.jpg)
71
• Defend against coordinated attacks• The behaviors of collusive attackers show
Byzantine manners. The malicious hosts may establish trust to frame other hosts, or conduct attacks alternatively to avoid being identified.
• Look for the effective methods to defend against such attacks. Possible research directions include:
• Apply classification methods to detect the hosts that have similar behavior patterns
• Study the behavior histories of the hosts that belong to the same group and detect the pattern of malicious behavior (time-based, order-based)
![Page 72: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/72.jpg)
72
An Architecture of Intruder Identification Agent
![Page 73: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/73.jpg)
73
• Intruder identification can be applied to detect more attacks in ad hoc networks:– DoS attacks– Malicious discard– Trust abuse and privacy violation
• Reverse labeling mechanism can be applied to identify the attackers that– Disseminate false routing information– Discard data packets– Generate gossip to destroy other hosts’
reputation
![Page 74: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/74.jpg)
74
Conclusions on Intruder Identification• False destination sequence attacks can be
detected by the anomaly patterns of the sequence numbers
• Reverse labeling method can reconstruct the false routing tree
• Isolating the attackers brings a sharp increase in network performance
• On going research will improve the robustness of the mechanism and the accuracy of identification
![Page 75: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/75.jpg)
75
Related Ongoing Research
A. Detecting wormhole attacks
B. Position-based private routing in ad hoc networks
C. Fault tolerant authentication in movable base station systems
D. Congestion avoidance routing in ad hoc networks
![Page 76: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/76.jpg)
76
Detecting Wormhole Attacks
• Problem statement The malicious nodes can eavesdrop the packets,
tunnel them to another location in the network, and retransmit them. This generates a false scenario that the original sender is in the neighborhood of the remote location.
wireless node 1
wireless node 2
attacker 1 attacker 2
tunnel
![Page 77: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/77.jpg)
77
• Research challenges– Detect wormholes when the malicious host can be
the legal member of the network– Control the overhead introduced by wormhole
detection to avoid the hosts being overwhelmed
![Page 78: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/78.jpg)
78
Classification of Wormholes• the wormholes are divided into 3 groups:
– Closed– Half open
– Open
![Page 79: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/79.jpg)
79
The Approach: End-to-End Mechanism• Assumption:
– The hosts have the positioning devices and loosely synchronized clocks
– Pair-wise keys have been deployed
• Ideas:– The source and the intermediate hosts will attach the
<time, position> pairs that record the receiving and forwarding events
– The attached information is protected by message authentication codes (MAC)
– The neighbor relation validations are conducted by the destination
![Page 80: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/80.jpg)
80
Validation at the Destination
• The MAC codes are calculated correctly
• The neighbor hosts are within the radio range when the packet is passed
• The average moving speed between the <time, position> pairs from the same host does not exceed the maximum value.
![Page 81: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/81.jpg)
81
• Divide the area into same-sized cells and the time into same-length slots
• Require a constant storage space and linear computation operations for every intermediate host
• Have a configurable wormhole detection capability
Controlling Overhead: Cell-based Open Tunnel Avoidance
![Page 82: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/82.jpg)
82
Computation Efficiency• The experiments are conducted on a iPAQ 3630
with 206M Hz CPU and 64M RAM• The computation overhead of wormhole
detection for one 10-hop route consumes less than 0.5% of its CPU.
• The computation resource of a real PDA can support wormhole detection using COTA without trouble.
![Page 83: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/83.jpg)
83
Conclusions
• The end-to-end mechanism can detect half open and open wormholes in ad hoc networks
• As a position information management scheme, COTA requires constant storage space and linear computation resource for every intermediate host
• The proposed mechanism can be adopted by real mobile devices
![Page 84: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/84.jpg)
84
B. Position-based Private Routing in Ad Hoc Networks
• Problem statement– To hide the identities of the nodes who are
involved in routing in mobile wireless ad hoc networks.
• Challenges– Traditional ad hoc routing algorithms depend
on private information (e.g., ID) exposure in the network.
– Privacy solutions for P2P networks are not suitable in ad hoc networks.
![Page 85: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/85.jpg)
85
Weak Privacy for Traditional Position-based Ad Hoc Routing Algorithm
• Position information of each node has to be locally broadcast periodically.
• Adversaries are able to obtain node trajectory based on the position report.
• Adversaries can estimate network topology.• Once a match between a node position and its
real ID is found, a tracer can always stay close to this node and monitor its behavior.
![Page 86: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/86.jpg)
86
AO2P: Ad Hoc On-Demand Position-based Private Routing• Position of destination is the information
exposed in the network for routing discovery.• A receiver-contention scheme is designed to
determine the next hop in a route.• Pseudo IDs are used instead of real IDs for data
packet delivery after a route is built up.• Route with a smaller number of hops will be
used for better end-to-end throughput.
![Page 87: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/87.jpg)
87
AO2P Routing Privacy and Accuracy
• Only the position of destination is revealed in the network for routing discovery. The privacy of the destination relies on the difficulty of matching a position to a node ID.
• Node mobility enhances destination privacy because a match between a position to a node ID is temporary.
• The privacy for the source and the intermediate forwarders is well preserved.
• Routing accuracy relies on the fact that at a specific time, only one node can be at a position. Since the pseudo ID for a node is generated from its position and the time it is at that position, the probability that more than one node have the same pseudo ID is negligible.
![Page 88: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/88.jpg)
88
Privacy Enhancement: R-AO2P
• The position of reference point is carried in rreq instead of the position of the destination.
• The reference point is on the extended line from the sender to the destination. It can be used for routing discovery because generally, a node that processes the rreq closer to the reference point will also process the rreq closer to the destination.
• The position of the destination is only disclosed to the nodes who are involved in routing.
Reference point in R-AO2P
![Page 89: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/89.jpg)
89
Illustrated Results
• Average delay for next hop determination
![Page 90: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/90.jpg)
90
Illustrated Results
• Packet delivery ratio
![Page 91: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/91.jpg)
91
Conclusions
• AO2P preserves node privacy in mobile ad hoc networks.
• AO2P has low next hop determination delay.
• Compared to other position-based ad hoc routing algorithm, AO2P has little routing performance degradation.
![Page 92: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/92.jpg)
92
C. Fault Tolerant Authentication in Movable Base Station System• Problem
– To ensure security and prevent theft of resources (like bandwidth), all the packets originating inside the network should be authenticated.
– Authentication may become unreliable when base station fails or node moves from one cell to another.
• Challenge– How to design fault tolerant authentication
methods that are robust in the above conditions– How to design the protocols adaptable and re-
configurable
![Page 93: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/93.jpg)
93
Proposed Schemes
• We propose two schemes to solve the problem.
– Virtual Home Agent– Hierarchical Authentication
• They differ in the architecture and the responsibilities that the Mobile Nodes and Base Stations (Agents) hold.
![Page 94: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/94.jpg)
94
Virtual Home Agent Scheme
VHA ID = IP ADDRESSMaster Home Agent (MHA) Database Server
Shared SecretsDatabase
Backup Home Agents Other nodes in the network
![Page 95: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/95.jpg)
95
Advantages of Proposed Scheme
• Has only 3 states and hence the overhead of state maintenance is negligible.
• Very few tasks need to be performed in each state (outlined in the tech report).
• Flexible – there could be multiple VHAs in the same LAN and a MHA could be a BHA for another VHA, a BHA could be a BHA for more than one VHA at the same time.
![Page 96: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/96.jpg)
96
Disadvantages of Virtual HA Solution
• Not scalable if every packet has to be authenticated– Ex: huge audio or video data
• BHA (Backup Home Agents) are idle most of the time (they just listen to MHA’s advertisements.
• Central Database is still a single point of failure.
![Page 97: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/97.jpg)
97
Hierarchical Authentication Scheme
• Multiple Home Agents in a LAN are organized in a hierarchy (like a tree data structure).
• A Mobile Node shares a key with each of the Agents above it in the tree (Multiple Keys).
• At any time, highest priority key is used for sending packets or obtaining any other kind of service.
![Page 98: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/98.jpg)
98
Hierarchical Authentication Scheme
A
CB
GFED
K2
K1
(K1, P1)(K2, P2)
Database
Database
![Page 99: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/99.jpg)
99
Hierarchical Authentication Scheme
Key Priority depends on several factors and computed as cumulative sum of weighted priorities of each factors:
Example Factors:• Communication Delays• Processing Speed of the Agents• Key Usage• Life Time of the Key
![Page 100: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/100.jpg)
100
D. Congestion Avoidance Routing in Ad Hoc Networks• Objective
– To bring the consideration of congestion in the design of the routing protocols.
• Thrust– To avoid congestion by minimizing contention for
channel access.
• Challenges– The global coupling effect of wireless channel access
in ad hoc networks.– Quantification of congestion without exchanging
messages with neighbors.
![Page 101: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/101.jpg)
101
Intermediate Delay (IMD)
• IMD is a routing metric that characterizes the impacts of channel contention, the length of the route, and the traffic load at individual nodes.
• IMD estimates the delay introduced by the intermediate nodes along the route using the sum of delays from each node.
![Page 102: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/102.jpg)
102
Ad Hoc Routing Based on IMD
B
A C
D E
F
H I
G
J
2P/C 2P/C
P/CPC
P/C
P/CP/C
Simplification of delay computation:
1. If channel capacity is C and packet size is P, delay is P/C.
2. If n nodes are in contention for a channel, each node gets C/n share of the channel capacity. The delay is nP/C.
Adapt to changes in traffic and network topology
B
A C
![Page 103: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/103.jpg)
103
Delay Estimation
• A mobile node is modeled as a single server queuing system.
• Total delay includes the delay for transmitting a packet and the delay in the queue.
• The key is to estimate the delay for transmitting a packet.– Node with active traffic
• Use the mean value to estimate the delay.
– Node without active traffic• Study the procedure of packet transmission to
obtain the expectation of the delay.
![Page 104: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/104.jpg)
104
IEEE 802.11 DCF (Distributed Coordination Function)
E[Tsucc]=TRTS+TCTS+TDATA+TACK+3TSIFS+E[Tbackoff]
E[Tfail]=TRTS+Ttimeout+E[Tbackoff]
![Page 105: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/105.jpg)
105
SAGA: Self-Adjusting Congestion Avoidance Routing Protocol
• SAGA is a distance vector routing protocol.– use IMD instead of hop count as the distance– bypass hop spots where contention is intense
• Lazy route query uses special route advertisement for local route discovery.
• Approach to reduce the oscillation of IMD and prevent a node from switching back and forth among alternative routes.
![Page 106: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/106.jpg)
106
Experimental Evaluation• Objective
– Study the performance of SAGA, AODV, DSR, and DSDV under congestion.
• Performance metrics– Throughput, delivery ratio, protocol overhead, and
end-to-end delay• Method
– Simulation using the network simulator ns2– Two types of UDP traffic: constant bit rate (CBR) and
pareto on/off (POO)– The offered traffic load is taken as the input parameter– Six experiments by varying the maximum speed of
movement of nodes and the number of connections– Five independent runs with random scenarios for each
experiment
![Page 107: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/107.jpg)
107
30 CBR Connections, Low Mobility (4m/s)
![Page 108: Building A Trustworthy, Secure, And Privacy Preserving Network](https://reader035.vdocument.in/reader035/viewer/2022062720/56813419550346895d9b0610/html5/thumbnails/108.jpg)
108
10 POO Connections, High Mobility (20m/s)