Feng Li, Jie Wu, Avinash Srinivasan Thwarting Blackhole Attacks in Disruption-Tolerant Networks using Encounter Tickets Feng Li, Jie Wu, Avinash Srinivasan

Delay-Tolerant Networking DTN stands for: Delay Tolerant Networking Disruption Tolerant Networking Disconnection Tolerant Networking EX: Buses on the road Contact with other encounter buses Contact with road side AP

DTN and Wireless Network E2E Connectivity Continues Frequent Disconnection Propagation Delay Short Long Transmission Reliability High Low Link Data Rate Symmetric Asymmetric An end-to-end link may never exist in DTN

Opportunistic Networks DTN Routing Considering contact types Knowledge Based No knowledge Flooding, Controlled Flooding, coding based Partial Knowledge Prediction using past history Contact patterns Delay Tolerant Networks (DTN) Opportunistic Networks Scheduled Networks Predictable Networks

Who can help sending the message? Suppose “A” want to send a message to “C” Tell “C” his professor is very ANGRY!!! I’ve met C 2 times a day B 5 times a day A D Your professor is very ANGRY!!! C 4 times a week E

Metric-based DTN routing protocol Using Past contact history to predict future contacts. C 5 D 10 E 3 B B 5 E 7 C 7 E 2 A D C B 3 D 2 E

MaxProp [J. Burgess, UMass, INFOCOM 2006] No knowledge, flooding based MaxProp uses several mechanisms to route packets in a DTN: At each TransOpp, packets are scheduled in an order based on: Likelihood of delivery to destination Packets with low hop-counts are prioritized. When storage is low, packets are deleted in reverse order. MaxProp reports delivery of packets globally, to clear buffers. Hoplists reduce repeated propagation

However...... If a node provides forged numbers of contacts. It is just like a “BLACKHOLE” I’ve meet every one 99 times a day B A D C E

Main Contribution of this paper Examining Blackhole attacks Basic: forged metrics Adv : Tailgating source or destination nodes Introduce the notion of encounter ticket Verifiable contact evidence Proposing and encounter prediction system Utilizing the time information record in encounter ticket to avoid the advanced Blackhole attacks. Real trace driven simulation prove the proposed method. (UMass DiselNet)

Assumptions Each node has a fixed buffer for carrying messages Transmission opportunities are limited both duration and bandwidth Each node holds a unique ID and a public/private key pair Each Packet has a delay requirement D Nodes communicate using radio transmission Becoming neighbors when they are within the range Generate an encounter ticket

Encounter Ticket Generation Each node has A private key (RK) A public key (PK) Issued by the PKI (public key infrastructure) Signed by the CA’s(certificate authority) private key How to use these key for authentication Exchange certificate if first meet Using nodes public key Authenticate it to the CA The encounter record is encrypted by the destination nodes private key Can’t be forged

The Process of Encounter Exchange

Encounter Ticket Generation Hash function of concatenation (A,B,t) Node A contact node B at time t encryption using node A’s private key. Packet ID

Are We Safe Now? Could we prevent from Blackhole attack by using encounter tickets? Encounter records can’t be forged. Advanced Blackhole attack Tailgating source or destination node B C A

Robust History Interpretation Nodes need to interpret an attacker’s tailgating pattern. Make an observation based on accumulated encounter history Procedure Generate evolving graph based on contact history Make an observation based on the graph Encounter prediction and decision making

Generate evolving graph based on contact history

Make an observation based on the graph We want to know: Whether a path over time exists on which the packet can traverse within delay requirement “D“ A journey: existing a path start at “ts” end at “td” “td” < “D”

Four Possible Situation in Observation Success +1 failure +1 overlap success +1 overlap failure +1 success +1

Encounter prediction and decision making Success(existing a path) : α Failure: β Can’t decide which node is better without further evaluating Destination C α 5 β B A Destination C α 2 β 1 D

Deciding which node’s competence Follow Dempster-Shafer theory Mathematical theory of evidence based on belief functions plausible reasoning combine separate pieces of information (evidence) to calculate the probability of an event.

Deciding which node’s competence - Follow Dempster-Shafer theory Node A has a packet, has a proposition on node B’s competence. X: All states under A’s consideration P(X): All possible subset of X According to Dempster-Shafer theory the next step is to find proper mass assignment of X in “P(X)”

Deciding which node’s competence - Follow Dempster-Shafer theory Using Bayesian inference to connect observation results with the mass assignment for “P(X)” statistical model in which evidence or observations are used to update or to newly infer the probability that a hypothesis is true. Use Beta Distribution is used here in Bayesian inference

Deciding which node’s competence - Follow Dempster-Shafer theory Initial: Beta(1,1) When an observation is made Success Beta(α+1, β) Failure Beta(α, β +1)

Deciding which node’s competence - Follow Dempster-Shafer theory The distribution of Beta(α, β) represent the delivery likelihood The mass of “P(X)” should based on Beta(α, β)

Deciding which node’s competence - Follow Dempster-Shafer theory Assign a proper mass of Node B We know the number success and failure journeys But we don’t know the uncertainty Uncertainty u: (defined in their previous work) u=1 when α = β = 1 Certainty = 1-u

Deciding which node’s competence - Follow Dempster-Shafer theory The set {B is competent}

Deciding which node’s competence - Follow Dempster-Shafer theory Decision Rule: A node should select and forward the packets to the most competent forwarders with sufficient contact evidences. Substituting the delivery likelihood matric by

An example t1 ~ t4, success t4 ~ t7, failure t7 ~ t9, failure A generates a packet for G with D = 3 at time t9 and c = 1 B is an attacker Observation t1 ~ t4, success t4 ~ t7, failure t7 ~ t9, failure B: α =2, β =3 ,u=0.48, b = 0.208 C: α =3, β =2 ,u=0.48, b = 0.312

Simulation and Analysis Setup trace-driven simulation Real trace from UmassDieselNet 33 Nodes Assign at most 5 attackers can exist

Delivery rate with\without tickets

Packet attract with\without tickets

Delivery Rate in Different Attacks

Conclusion Strength Weakness Proposing an encounter ticket scheme to secure the evidence of contacts. Using Dempster-Shafer theory to decied a proper node’s competence Weakness Some errors on the paper (weird) Message overhead to the certificate authority Encoding and decoding complexity When there are lots of nodes