Research Progress Report Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang

無線網狀網路中考量惡意與多重干擾器攻擊下最大化系統 存活度之高效網路規劃與防禦策略 Effective Network Planning and Defending Strategies to Maximize System Survivability of Wireless Mesh Networks under Malicious and Jamming Attacks 無線網狀網路中考量惡意與多重干擾器攻擊下最大化系統 存活度之高效網路規劃與防禦策略

2011/5/16 Outline Problem Description

Problem Description

Problem Description Problem Environment Role 2011/5/16 Problem Description Problem Topology information gathering Jamming attack Environment Infrastructure/Backbone WMNs Role Attacker Defender(Service provider)

Problem Description(cont’) 2011/5/16 Problem Description(cont’)

Scenario – Network Architecture 2011/5/16 Scenario – Network Architecture Base Station Mesh router

Scenario – Defender’s Planning Phase 2011/5/16 Scenario – Defender’s Planning Phase Base Station Mesh router Honeynode Attacker Nodes with more defense resource Why didn’t the defender protect all the nodes with high population? Budget limited. The effectiveness of doing so may not be the best. There are other ways to deploy resources. A B C D E F G

Scenario – Attacker’s Preparing Phase Signal Strength 20 90 Initially, the attacker has following info: (Communication channel) Defense Resource Traffic Amount A B C D E F G Defense strength Traffic amount 2011/5/16 Scenario – Attacker’s Preparing Phase Signal Strength

Scenario – Attacker’s Preparing Phase(cont’) Signal Strength 20 90 The honeynode: If the real channel is compromised, the attacker will be able to identify this target in Attacking Phase A B C D E F G 2011/5/16 Scenario – Attacker’s Preparing Phase(cont’)

Scenario – Attacker’s Preparing Phase(cont’) 2011/5/16 Scenario – Attacker’s Preparing Phase(cont’) The attacker’s goal: Maximize attack effectiveness. Maximize jammed range 20 F 20 D The node with the strongest signal power (Easiest fo find) The next hop selecting criteria would be.. 90 A 90 C E 20 The node with highest defense resource(Aggressive) 20 G 90 B Signal Strength

Scenario – Attacker’s Preparing Phase(cont’) 2011/5/16 Scenario – Attacker’s Preparing Phase(cont’) G L B I D E A H K F J 20 90 After compromise a mesh router, the attacker has following info: (Communication channel) Defense Resource Signal Strength Traffic Amount And… 90 20 Being compromised, and obtained: (Routing channel) Traffic Source Traffic Amount User number 90 90 20 90 20 20 90 Signal Strength

Scenario –Population Re-allocation 2011/5/16 Scenario –Population Re-allocation Reallocate population on D’s neighbor 20 6 G 90 22 P Intrusion detected 20 8 O 90 3 Q 20 E 90 5 A 20 4 R 90 15 C 20 8 D Re-allocation strategy might be: 90 2 B Signal Strength

Scenario –Population Re-allocation(cont’) 2011/5/16 Scenario –Population Re-allocation(cont’) Reallocate population on D’s neighbor 20 9 G 90 9 P Re-allocation strategy: Average Population Capable of attack detection 20 9 O 90 10 Q 20 9 E 90 9 A 20 10 R 90 9 C 20 9 D Average the QoS impact caused by jamming 90 10 B Signal Strength

Scenario –Population Re-allocation(cont’) 2011/5/16 Scenario –Population Re-allocation(cont’) Real population on D’s neighbor 20 6 G 90 22 P Re-allocation strategy: Average Traffic Capable of attack detection 20 8 O 90 3 Q 20 E 90 5 A 20 4 R 90 15 C 20 8 D Minimize the QoS impact caused by jamming B 2 90 Signal Strength

Scenario – Fake Traffic Generation Signal Strength 90 30 B 21 A 20 6 G 112 C 28 E D 27 K 24 L 25 M 18 N Relatively low traffic sources on important nodes. High traffic sources on unimportant nodes. Select node C as next hop 2011/5/16 Scenario – Fake Traffic Generation Fake Traffic Generation

Scenario – Attacker’s Preparing Phase(cont’) 2011/5/16 Scenario – Attacker’s Preparing Phase(cont’) Base Station Mesh router Honeynode Compromised mesh router Attacker Nodes with more defense resource A B C D E F G H I J K L M N O P Q R S T U V W X Succeed Failed

Scenario – Attacker’s Attacking Phase 2011/5/16 Scenario – Attacker’s Attacking Phase A B C D E F G H I J K L M N O P Q R S T U V W X Base Station Mesh router Honeynode Compromised mesh router Jammed mesh router Jammer Attacker Nodes with more defense resource 1) Jammed honeynode B 2) Jammed node V with high population 3) Jammed node P(not fake channel) 4) Jammed normal node F 5) Jammed honeynode U

Scenario – Defender’s Defending Phase - Channel Surfing 2011/5/16 Scenario – Defender’s Defending Phase - Channel Surfing The function of channel surfing function: Mitigate the impact of jamming Time Effectiveness Reduce difficulty to remove jammer Base Station Mesh router Honeynode Compromised mesh router Jammed mesh router Jammer Attacker Nodes with more defense resource Range overlapped. If the mesh router switch to other channel: Jammed time shotened. Jammers are not able to know which channel is the origin channel unless it’s compromised. H I T U V S W F J G X K L E R A D M N B C P Q O

Scenario – Defender’s Defending Phase - Localization 2011/5/16 Scenario – Defender’s Defending Phase - Localization Reference point 1 (useless) Reference point 2 Multiple jammers Reference point 3 Reference point 4 One of the jammers removed Static locator Mobile locator Jammer Mobile locator

Defender Nodes Base Station Mesh router(with 2 NICs) 2011/5/16 Defender Nodes Base Station Mesh router(with 2 NICs) Routing channel Communication channel Honeynode(with 3 NICs)[1] Fake communication channel Locator [1] S. Misra, et al., "Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks," Computers & Electrical Engineering, vol. 36, pp. 367-382, 2010.

Defender(cont’) Planning phase Defending phase Build Topology 2011/5/16 Defender(cont’) Planning phase Build Topology Deploy non-deception based defense resources General defense resource (ex. Firewall, Antivirus, etc.) Localization resource (routers with minimum capability) Deploy deception based defense resources Honeynode Defending phase Jamming mitigation Jammer localization

Defender(cont’) Defense Mechanisms False target (Honeynodes) 2011/5/16 Defender(cont’) Defense Mechanisms False target (Honeynodes) Fake traffic generation (Honeynodes) Channel surfing (BSs、Mesh Routers、Honeynodes) Population re-allocation (BSs、Mesh Routers、Honeynodes) Jammer localization (BSs、Mesh Routers、Honeynodes、Locators)

Defender(cont’) Honeynode[1] as false target Effect: Tradeoff 2011/5/16 Defender(cont’) Honeynode[1] as false target Effect: Preparing Phase Act as a false target to attract attack and consume attacker’s budget. Provide fake routing table information when compromised. Attacking Phase Prevent true channel from being jammed. Tradeoff Occupying available communication channels. (indirectly affects QoS)

Defender(cont’) Honeynode[1] as fake traffic generator Effect: 2011/5/16 Defender(cont’) Honeynode[1] as fake traffic generator Effect: Send fake traffic to neighbors to deceive attackers into believing that this node is important. Tradeoff Channel capacity Triggers when node compromising actions are detected by the nodes in the topology and the defender think it helps to turn on this function.

Defender(cont’) Channel Surfing[1] Population re-allocation Effect: 2011/5/16 Defender(cont’) Channel Surfing[1] Effect: Change frequency to another free channel to prevent from being jammed(with the help of honeynode) or reduce jamming effect. Tradeoff Availability Triggers when jamming attacks are detected by the nodes in the topology. Population re-allocation Reduce jamming effectiveness by re-allocating users. Strategies Average population Average traffic QoS Triggers when node compromising actions are detected by the nodes in the topology and the defender think it helps to turn on this function.

Defender(cont’) Jammer localization[2] Effect: Strategies Tradeoff 2011/5/16 Defender(cont’) Jammer localization[2] Effect: Localize jammer by exploiting hearing ranges of boundary nodes to permanently remove jammer from the topology. Strategies Importance oriented Difficulty oriented Tradeoff Budget QoS Triggers QoS constraints has not been met. [2] Z. Liu, et al., "Wireless Jamming Localization by Exploiting Nodes’ Hearing Ranges," in Distributed Computing in Sensor Systems. vol. 6131, R. Rajaraman, et al., Eds., ed: Springer Berlin / Heidelberg, 2010, pp. 348-361.

2011/5/16 [3] F. Cohen. Managing Network Security: Attack and Defense Strategies. Available: http://www.blacksheepnetworks.com/security/info/misc/9907.html Total Attackers

Attacker’s Next Hop Selecting Criteria 2011/5/16 Attacker’s Next Hop Selecting Criteria

Preferences Next Hop Selecting Criteria of Strategies 2011/5/16 Preferences Next Hop Selecting Criteria of Strategies Aggressive Least resistance Easiest to find Stealthy Topology extending Random Defense Resource High ↑ ↓ - X Low ○ Traffic Amount Signal Strength PS: ↑: Prefer when certain factor has high value ○: Purely prefer high - : No preference ↓: Prefer when certain factor has low value X : Purely prefer low

Attacker’s Attributes 2011/5/16 Attacker’s Attributes Budget General Distribution Preparing phase Node compromising Defending phase Buy jammers (Quality of jammer will affect the effectiveness of jamming.) Effects: Goal of attacker Capability Probability of: compromising nodes seeing through false target seeing through fake routing table information

Attacker’s Attributes(cont’) 2011/5/16 Attacker’s Attributes(cont’) Mentality General Distribution Effects: Next hop criteria selection Preference of success probability of compromising nodes Preference of using fake routing table information

Attacker’s Goal and Corresponding Strategies 2011/5/16 Attacker’s Goal and Corresponding Strategies Maximize effectiveness Aggressive Easiest to find Random Maximize jammed range Least resistance Stealthy Topology extending

Attacker’s Next Hop Selecting Criteria 2011/5/16 Attacker’s Next Hop Selecting Criteria From Surface Information (communication channel) Defense Resource Signal Strength Traffic Amount From Depth Information (routing channel) Traffic Source

Attacker’s Strategy transition rule 2011/5/16 Attacker’s Strategy transition rule Probability to choose strategy i : Strategyi’s success rate:

Attacker’s Next Hop Selecting Criteria Transition Rule 2011/5/16 Attacker’s Next Hop Selecting Criteria Transition Rule Probability of strategy i to choose criteria j : Criteraj’s success rate:

Attacker’s Next Hop Selecting Criteria Transition Rule(cont’) 2011/5/16 Attacker’s Next Hop Selecting Criteria Transition Rule(cont’) Value of pref(i,j) Aggressive Least resistance Easiest to find Stealthy Topology extending Random Defense Resource High 1 0.5 Low 1.5 Traffic Amount Signal Strength PS: ↑: Prefer when certain factor has high value ○: Purely prefer high - : No preference ↓: Prefer when certain factor has low value X : Purely prefer low

Contest Success Function 2011/5/16 Contest Success Function Determine the success probability of the attacker. Attackers will set a probability of success according to its mentality. : Function of attacker’s attack effectiveness. : Function of defender’s defense effectiveness.

Risk Level For fake traffic generator 2011/5/16 Risk Level For fake traffic generator Vij computes when node i compromising action are detected. Vij is the risk level of honeynode j with fake traffic generating function. Vij determines whether to turn on fake traffic generating function or not. Factor of defense strength of path from nodes being attacked to nodes equipped with the function： Factor of link degree of nodes equipped with the function： Factor of distance between nodes being attacked and nodes equipped with the function： Factor of distance between nodes equipped with the function and nearest BS：

Risk Level(cont’) For population re-allocation 2011/5/16 Risk Level(cont’) For population re-allocation Vij computes when node i compromising action are detected. Vij is the risk level of node j with population re-allocation function. Vij determines whether to turn on population re-allocation function or not. Factor of user numbers of nodes being attacked and its neighbor Factor of defense strength of path from nodes being attacked to nodes equipped with the function： Factor of link degree of nodes equipped with the function： Factor of distance between nodes being attacked and nodes equipped with the function：

2011/5/16 The End Thanks for your attention.

Mathematical Formulation

2011/5/16 Assumptions The communications between mesh routers and between mesh routers and mesh clients use different communication protocol. All the packets are encrypted. Thus, the attacker can’t directly obtain information in the communication channels. The defender has complete information of the network which is attacked by a single attacker with different strategies. The attacker is not aware of the topology of the network. Namely, it doesn’t know that there are honeynodes in the network and which nodes are important, i.e., the attacker only has incomplete information of the network.

2011/5/16 Assumptions(cont’) There are two kinds of defense resources, the non-deception based resources and the deception based resources. There are multiple jammers in the network, and their jamming ranges might overlap. There is only constructive interference between jamming signals.

Given parameters Notation Description N The index set of all nodes H 2011/5/16 Given parameters Notation Description N The index set of all nodes H The index set of all honeynodes P The index set of the nodes with channel surfing technique Q The index set of the nodes with precise localization technique R The index set of the nodes with detection technique

Given parameters Notation Description B The defender’s total budget Z 2011/5/16 Given parameters Notation Description B The defender’s total budget Z All possible attack configuration, including attacker’s attributes and corresponding strategies. E All possible defense configuration, including defense resources allocation and defending strategies F Total attacking times of all attackers An attack configuration, including the attributes and corresponding strategies , where 1≤ i ≤ F 1 if the attacker can achieve his goal successfully, and 0 otherwise, where 1≤ i ≤ F

Given parameters Notation Description m(ρi) 2011/5/16 Given parameters Notation Description m(ρi) The cost of constructing a node with the quality with quality ρi, where i∈N ni The non-deception based defense resources allocated to node i, where i∈N h(εi) The cost of constructing a honeynode with the interactive capability εi, where i∈H a(φ) The cost of constructing static locators with the density φ b The cost of constructing a channel surfing function to one node c The cost of constructing a precise localization technique to one node d The cost of constructing a detection technique to one node t(ρi) The maximum traffic of node i with quality ρi, where i∈N

Decision variables Notation Description 2011/5/16 Decision variables Notation Description The information regarding resources allocating and defending wi 1 if node i is equipped with honeynode function, and 0 otherwise, where i∈N xi 1 if node i is equipped with channel surfing function, and 0 otherwise, where i∈N yi 1 if node i is implemented with precise localization technique , and 0 otherwise, where i∈N zi 1 if node i is implemented with the detection technique, and 0 otherwise, where i∈N εi The interactive capability of honeypot i, where i∈N ρi The quality of node i, where i∈N φ The density of static locator

2011/5/16 Objective function (IP 1)

2011/5/16 Constraints Defender’s budget constraints (IP 1.1) (IP 1.2)

2011/5/16 Constraints Defender’s budget constraints (IP 1.3)

Constraints Defender’s budget constraints (IP 1.4) (IP 1.5) (IP 1.6) 2011/5/16 Constraints Defender’s budget constraints (IP 1.4) (IP 1.5) (IP 1.6) (IP 1.7)

Constraints Defender’s budget constraints (IP 1.8) (IP 1.9) (IP 1.10) 2011/5/16 Constraints Defender’s budget constraints (IP 1.8) (IP 1.9) (IP 1.10)

Constraints QoS constraints QoS is a function of: BS loading 2011/5/16 Constraints QoS constraints QoS is a function of: BS loading Utilization of mesh routers on the path to BS Hops to core node Fake traffic effect, Population re-allocation effect Channel surfing effect Jammer removal (IP 1.11)

Constraints QoS constraints 2011/5/16 Constraints QoS constraints The performance reduction cause by the jammed node should not violate IP1.11. The performance reduction cause by the channel surfing should not violate IP1.11. (IP 1.12) (IP 1.13) (IP 1.14)

Constraints Channel surfing constraints 2011/5/16 Constraints Channel surfing constraints The mesh router must equipped with channel surfing technique. The next channel to be selected must not be in use. Channel surfing function triggers only if the jammed channel is not a fake channel. Population re-allocation constraints The mesh clients to be re-allocated must be in the transmission range of the mesh routers other than current mesh router. The total traffic of the mesh router i after re-allocation must not exceed the maximum traffic limit t(ρi), where i∈N. (IP 1.15) (IP 1.16) (IP 1.17) (IP 1.18) (IP 1.19)

Constraints Approximate localization 2011/5/16 Constraints Approximate localization There must be at least three available reference points which is under the effect of jamming attack in the jammed channel. Precise localization There must be at least one mobile locator in the network. Fake traffic The fake traffic sent to mesh router i from the honeynodes must not make it exceed the maximum traffic limit t(ρi), where i∈N (IP 1.20) (IP 1.21) (IP 1.22)

Constraints Integer constraints (IP 1.23) (IP 1.24) (IP 1.25) 2011/5/16 Constraints Integer constraints (IP 1.23) (IP 1.24) (IP 1.25) (IP 1.26)