MITRE 7 April 2009 CS 5214 Presenter: Phu-Gui Feng Performance Analysis of Distributed IDS Protocols for Mobile GCS Dr. Jin-Hee Cho, Dr. Ing-Ray Chen MITRE
2 Agenda l Introduction l System Description lSecure GCS lDistributed IDS lResulting Metrics l Performance Model (SPN) l Key Parameterization l SRN Calculations l Conclusions
3 MANET Design Challenges Paper Objective: to Design Secure GCS –Mobile Ad Hoc Network (MANET) hosts form secure group communication systems (Secure GCS) –In GCS, mobile nodes join and leave a group dynamically High security vulnerability: –Outsider attacks: 1 st line of defense with key pairs –Insider attacks: IDS is 2 nd line of defense Unique characteristics: –Open medium, Dynamic topology –De-centralized decision and cooperation –Lack of centralized authority –Lack of resources (power, BW, memory) –No clear line of defense [7] The Problem: System Failure Before Mission Completion Our Goal: To Improve High Survivability (MTTSF)
4 Related Work & Application Related Work: –No reactive IDS against changing attacker behaviors –No analysis on detection latency vs performance degradation –No impact of IDS on performance degradation Our Unique Contribution: –The need for Secure GCS in MANET –Trade off between security and performance –Insider attacks and IDS defects –Identify optimal design of adaptive IDS –Develop SRN to describe and analyze IDS & tradeoff –Evaluate Maxed MTTSF and optimal IDS detection interval
5 System Description (1 of 3) Secure GCS: –Shared key to maintain group confidentiality –Group key agreement protocol [9] –Distributed key management protocol– CKA GDH[10] –Dynamic group rekeying to change group key –Forward secrecy: know previous key, not current –Backward secrecy: know current key, not previous –Mission oriented to detect/evict compromised nodes –E.g. Rescue teams in disaster recovery –E.g. Soldiers groups in battle field –Compromised nodes result in compromised system –Accepting leaked info (C1) resulted in loss of system integrity –More than 1/3 member nodes are un-detected & compromised (C2) resulted in loss of system availability –Collusion (Pfn, Pfp) result in detection defects
6 System Description (2 of 3) Distributed IDS: –Host based IDS [15] –Local detection on compromised neighboring nodes –Pre-install host-based IDS –misuse detection, anomaly detection [15] –Voting based IDS –Independent framework –Cooperative detection –Majority voting on sensor networks [2] –Approach: –Host-based IDS collects info –Periodically, a target node evaluated/being voted –m voters are selected Host-based IDSP1=false negative probabilityP2=false positive probability Voting based IDSPfn=false negative probabilityPfp=false positive probability
7 System Description (3 of 3) Security and Performance Metrics: –MTTSF: –Average time before reaching failure absorption state –Lower MTTSF means faster C1 or C2 –Goal: maximize MTTSF –Communication Traffic Cost ( ) –Total traffic per sec: –Group communication, –Status exchange, rekeying, –Intrusion detection, beacon, –Group partition/merge –High cost means high contention, high delay –Goal: to minimize total cost
8 Performance Model
9 Key Parameterization
10 SRN Calculations Expected cumulative reward: MTTSF –Reward assignment: –Operational states, 1 –Failure state, 0
11 Conclusions (1 of 3) Optimal T IDS Sensitivity: higher m lower Pfp, Pfn MTTSF increases Cost is high smaller m large Pfp, Pfn MTTSF decreases, 1.Before Topt, T IDS increases so that fewer IDS less probable false alarms less probable GF from C2 MTTSF increases 2.After Topt, T IDS increases so that fewer IDS more T_CP more UCm more probable GF from C1 MTTSF decreases
12 Conclusions (2 of 3) Optimal T IDS : tradeoff C GC, C IDS higher m lower Pfp, Pfn C GC higher higher m more voters C IDS higher Sensitive T IDS : higher m higher Cost saving
13 Conclusions (3 of 3) Secure GCS: –Identify optimal design of adaptive IDS in response to changing attacker strength