A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks 1 Haojin Zhu Zhaoyu Gao Mianxiong Dong Zhenfu.

Slides:



Advertisements
Similar presentations
Supporting Cooperative Caching in Disruption Tolerant Networks
Advertisements

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Advisor : Prof. Yu-Chee Tseng Student : Yi-Chen Lu 12009/06/26.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By Al-Sakib.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.
Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Computer Science 1 CSC 774 Advanced Network Security Enhancing Source-Location Privacy in Sensor Network Routing (ICDCS ’05) Brian Rogers Nov. 21, 2005.
Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong.
University of Waterloo & UOIT & INRIA Lille Presenter: Rongxing Lu
Forwarding Redundancy in Opportunistic Mobile Networks: Investigation and Elimination Wei Gao 1, Qinghua Li 2 and Guohong Cao 3 1 The University of Tennessee,
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
By Libo Song and David F. Kotz Computer Science,Dartmouth College.
1 Complexity of Network Synchronization Raeda Naamnieh.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Dissemination protocols for large sensor networks Fan Ye, Haiyun Luo, Songwu Lu and Lixia Zhang Department of Computer Science UCLA Chien Kang Wu.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
RTS/CTS-Induced Congestion in Ad Hoc Wireless LANs Saikat Ray, Jeffrey B. Carruthers, and David Starobinski Department of Electrical and Computer Engineering.
1 Secure Cooperative MIMO Communications Under Active Compromised Nodes Liang Hong, McKenzie McNeal III, Wei Chen College of Engineering, Technology, and.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
1 / 18 Fariba alamshahi Secure Routing and Intrusion Detection in Ad Hoc Networks Supervisor: Mr.zaker Translator: fariba alamshahi.
VIRTUAL ROUTER Kien A. Hua Data Systems Lab School of EECS University of Central Florida.
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.
Wei Gao1 and Qinghua Li2 1The University of Tennessee, Knoxville
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
1 Core-PC: A Class of Correlative Power Control Algorithms for Single Channel Mobile Ad Hoc Networks Jun Zhang and Brahim Bensaou The Hong Kong University.
Wireless Sensor Networks COE 499 Energy Aware Routing
Prediction Assisted Single-copy Routing in Underwater Delay Tolerant Networks Zheng Guo, Bing Wang and Jun-Hong Cui Computer Science & Engineering Department,
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
Computer Science 1 CSC 774 Advanced Network Security Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig,
Routing In Socially Selfish Delay Tolerant Networks Chan-Myung Kim
Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
PRoPHET+: An Adaptive PRoPHET- Based Routing Protocol for Opportunistic Network Ting-Kai Huang, Chia-Keng Lee and Ling-Jyh Chen.
1 - CS7701 – Fall 2004 Review of: Detecting Network Intrusions via Sampling: A Game Theoretic Approach Paper by: – Murali Kodialam (Bell Labs) – T.V. Lakshman.
Ad Hoc Network.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
An Evaluation of Routing Reliability in Non-Collaborative Opportunistic Networks Ling-Jyh Chen, Che-Liang Chiou, and Yi-Chao Chen Institute of Information.
Tufts Wireless Laboratory School Of Engineering Tufts University Paper Review “An Energy Efficient Multipath Routing Protocol for Wireless Sensor Networks”,
Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)
A Framework for Reliable Routing in Mobile Ad Hoc Networks Zhenqiang Ye Srikanth V. Krishnamurthy Satish K. Tripathi.
Multicasting in delay tolerant networks a social network perspective networks October2012 In-Seok Kang
Energy-Efficient Randomized Switching for Maximizing Lifetime in Tree- Based Wireless Sensor Networks Sk Kajal Arefin Imon, Adnan Khan, Mario Di Francesco,
1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.
Hierarchical Trust Management for Wireless Sensor Networks and Its Applications to Trust-Based Routing and Intrusion Detection Wenhai Sun & Ruide Zhang.
Jinfang Jiang, Guangjie Han, Lei Shu, Han-Chieh Chao, Shojiro Nishio
Structure-Free Data Aggregation in Sensor Networks.
Risk-Aware Mitigation for MANET Routing Attacks Submitted by Sk. Khajavali.
A Secure Routing Protocol with Intrusion Detection for Clustering Wireless Sensor Networks International Forum on Information Technology and Applications.
Enforce Collaboration in Mobile Ad Hoc Network Ning Jiang School of EECS University of Central Florida
Author:Zarei.M.;Faez.K. ;Nya.J.M.
Delay-Tolerant Networks (DTNs)
PROVEST: Provenance-based Trust Model for Delay Tolerant Networks
Packet Leashes: Defense Against Wormhole Attacks
任課教授:陳朝鈞 教授 學生:王志嘉、馬敏修
ITIS 6010/8010 Wireless Network Security
Presentation transcript:

A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks 1 Haojin Zhu Zhaoyu Gao Mianxiong Dong Zhenfu Cao Presented by Jia Guo

Outline Introduction Preliminary The basic iTrust The advanced iTrust: a probabilistic misbehavior detection scheme in DTNs Experiment Results and conclusions 2

Outline Introduction –Scenario –Motivations and Objective –Contributions –Related work 3

Scenario “store-carry-and-forward” strategy –In DTNs, the in-transit messages, also named bundles, can be sent over an existing link and buffered at the next hop until the next link in the path appears (e.g., a new node moves into the range or an existing one wakes up). In DTNs, a node could misbehave by dropping packets intentionally even when it has the capability to forward the data (e.g., sufficient buffers and meeting opportunities). –selfish (or rational) nodes try to maximize their own benefits by enjoying the services provided by DTN while refusing to forward the bundles for others –malicious nodes that drop packets or modifying the packets to launch attacks. 4

Motivations and Objective The recent researches show that routing misbehavior will significantly reduce the packet delivery rate and thus pose a serious threat against the network performance of DTN. Therefore, a misbehavior detection and mitigation protocol is highly desirable to assure the secure DTN routing as well as the establishment of the trust among DTN nodes in DTNs. Develop an efficient and adaptive misbehavior detection and reputation management scheme in DTN 5

Contributions Propose a general misbehavior detection framework based on a series of newly introduced data forwarding evidences. The proposed evidence framework could not only detect various misbehaviors but also be compatible to various routing protocols. Introduce a probabilistic misbehavior detection scheme by adopting the Inspection Game. The cost of misbehavior detection could be significantly reduced without compromising the detection performance. A user’s reputation (or trust level) is correlated to the detection probability, which further reduces the detection probability. Use extensive simulations as well as detailed analysis to demonstrate the effectiveness and the efficiency of the iTrust. 6

Related work Most of them are based on forwarding history verification –multi-layered credit –three-hop feedback mechanism –encounter ticket They are costly in terms of transmission overhead and verification cost The security overhead incurred by forwarding history checking is critical for a DTN since expensive security operations will be translated into more energy consumptions, which represents a fundamental challenge in resourceconstrained DTN. Further, even from the Trusted Authority (TA) point of view, misbehavior detection in DTNs inevitably incurs a high inspection overhead, which includes the cost of collecting the forwarding history evidence via deployed judgenodes and transmission cost to TA. 7

Outline Preliminary –System Model –Routing Model –Threat Model –Design Requirements 8

System Model A normal DTN consisted of mobile devices owned by individual users.  Each node i has a unique ID Ni and a corresponding public/private key pair.  Each node must pay a deposit C before it joins the network, and the deposit will be paid back after the node leaves if there is no misbehavior activity of the node. A periodically available Trust Authority (TA) exists to take the responsibility of misbehavior detection in DTN.  For a specific detection target Ni, TA will request Ni’s forwarding history in the global network. Therefore, each node will submit its collected Ni’s forwarding history to TA 9

Routing Model We adopt the single-copy routing mechanism  such as First Contact routing protocol. The communication range of a mobile node is finite.  A data sender out of destination node’s communication range can only transmit packetized data via a sequence of intermediate nodes in a multi-hop manner. The misbehaving detection scheme can be applied to delegation based routing protocols or multi-copy based routing ones 10

Threat Model each node in the networks is rational and a rational node’s goal is to maximize its own profit. In this work, we mainly consider two kinds of DTN nodes: selfish nodes and malicious nodes.  Due to the selfish nature and energy consuming, selfish nodes are not willing to forward bundles for others without sufficient reward.  As an adversary, the malicious nodes arbitrarily drop others’ bundles (blackhole or greyhole attack), which often take place beyond others’ observation in a sparse DTN, leading to serious performance degradation. 11

Design Requirements Distributed: We require that a network authority responsible for the administration of the network is only required to be periodically available and consequently incapable of monitoring the operational minutiae of the network. Robust: We require a misbehavior detection scheme that could tolerate various forwarding failures caused by various network environments. Scalability: We require a scheme that works independent of the size and density of the network. 12

Outline The basic iTrust –Routing Evidence Generation Phase –Auditing Phase 13

Routing Evidence Generation Phase a three-step data forwarding process example: Suppose that node A has packets, which will be delivered to node C. Now, if node A meets another node B that could help to forward the packets to C, A will replicate and forward the packets to B. Thereafter, B will forward the packets to C when C arrives at the transmission range of B. we define three kinds of data forwarding evidences which could be used to judge if a node is a malicious one or not 14 ACB

Routing Evidence Generation Phase three kinds of data forwarding evidences to judge if a node is a malicious one or not 15

Routing Evidence Generation Phase 16

Routing Evidence Generation Phase 17

Routing Evidence Generation Phase 18

Auditing Phase 19

Auditing Phase 20

Auditing Phase 21 The misbehavior detection procedure has the following three cases.  Class I (An Honest Data Forwarding with Sufficient Contacts)  Class II (An Honest Data Forwarding with Insufficient Contacts)  Class III (A Misbehaving Data Forwarding with/without Sufficient Contacts)

Auditing Phase 22 Class I (An Honest Data Forwarding with Sufficient Contacts) –A normal user will honestly follow the routing protocol by forwarding the essages as long as there are enough contacts. –which shows that the requested message has been forwarded to the next hop, the chosen next hop nodes are desirable nodes according to a specific DTN routing protocol, and the number of forwarding copies satisfy the requirement defined by a multi- copy forwarding routing protocol.

Auditing Phase 23 Class II (An Honest Data Forwarding with Insufficient Contacts) –In this class, users will also honestly perform the routing protocol but fail to achieve the desirable results due to lack of sufficient contacts. –Equation 5 refers to the extreme case that there is no contact during period [Tts(m), t2] while Equation 6 shows the general case that only a limited number of contacts are available in this period and the number of contacts is less than the number of copies required by the routing protocols. In both cases, even though the DTN node honestly performs the routing protocol, it cannot fulfill the routing task due to lack of sufficient contact chances. We still regard this kind of users as honest users.

Auditing Phase 24 Class III (A Misbehaving Data Forwarding with/without Sufficient Contacts) A Misbehaving node will drop the packets or refuse to forward the data even when there are sufficient contacts Note that Equation 7 refers to the case that the forwarder refuses to forward the data even when the forwarding opportunity is available. The second case is that the forwarder has forwarded the data but failed to follow the routing protocol, which is referred to Equation 8. The last case is that the forwarder agrees to forward the data but fails to propagate the enough number of copies predefined by a multi-copy routing protocol, which is shown in Equation 9.

Auditing Phase 25 TA judges if node Nj is a misbehavior or not by triggering the Algorithm 1.

Auditing Phase 26 The proposed algorithm itself incurs a low checking overhead. However, to prevent malicious users from providing fake delegation/forwarding/contact evidences, TA should check the authenticity of each evidence by verifying the corresponding signatures, which introduce a high transmission and signature verification overhead.

Outline The advanced iTrust: a probabilistic misbehavior detection scheme in DTNs –Game Theory Analysis –The Reduction of Misbehavior Detection Cost by Probabilistic Verification –Exploiting Reputation System to Further Improve the Performance of iTrust 27

THE ADVANCED ITRUST: A PROBABILISTIC MISBEHAVIOR DETECTION SCHEME IN DTNS 28

Game Theory Analysis 29 –we assume that the forwarding transmission costs each node of g to make a packet forwarding. –It is also assumed that each node will receive a compensation w from TA, if successfully passing TA’s investigation; otherwise, it will receive a punishment C from TA –TA will also benefit from each successful data forwarding by gaining v, which could be charged from source node. –In the auditing phase, TA checks the node Ni with the probability pi b. Since checking will incur a cost h, TA has two strategies, inspecting (I) or not inspecting (N). Each node also has two strategies, forwarding (F) and offending (O).

Game Theory Analysis 30

Game Theory Analysis 31 If the node chooses offending strategy, its payoff is If the node chooses forwarding strategy, its payoff is

Game Theory Analysis 32

Probabilistic Verification 33

Probabilistic Verification 34

Probabilistic Verification 35

Probabilistic Verification 36

Reputation System 37 We have shown that the basic iTrust could assure the security of DTN routings at the reduced detection cost. However, the basic scheme assumes the same detection probability for each node, which may not be desirable in practice. Intuitively, an honest node could be detected with a low detection probability to further reduce the cost while a misbehaving node should be detected with a higher detection probability to prevent its future misbehavior. Therefore, we could combine iTrust with a reputation system which correlates the detection probability with nodes’ reputation.

Reputation System 38

Outline Experiment Results and conclusions –Experimental results –Conclusions and future work 39

Experiment Result Experiment results with user number of 100, 80, 50 40

Experiment Result Experiment results with different MNRs(Malicious Node Rate) 41

Experiment Result Experiment results with different PLRs(Packet Loss Rate) 42

Experiment Result Experiment results with different MNRs(Malicious Node Rates) 43

Experiment Result Experiment Results with Different Detection Probabilities 44

Conclusions and Future work a Probabilistic Misbehavior Detection Scheme (iTrust) –reduce the detection overhead effectively. –Model it as the Inspection Game and show that an appropriate probability setting could assure the security of the DTNs at a reduced detection overhead. –Simulation results confirm that iTrust will reduce transmission overhead incurred by misbehavior detection and detect the malicious nodes effectively. Future work will focus on the extension of iTrust to other kinds of networks. 45