Presentation is loading. Please wait.

Presentation is loading. Please wait.

Denial of Service Resilience in Ad Hoc Networks (MobiCom 2004) Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly November 21 th, 2006 Jinkyu Lee.

Similar presentations


Presentation on theme: "Denial of Service Resilience in Ad Hoc Networks (MobiCom 2004) Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly November 21 th, 2006 Jinkyu Lee."— Presentation transcript:

1 Denial of Service Resilience in Ad Hoc Networks (MobiCom 2004) Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly November 21 th, 2006 Jinkyu Lee

2 2 Contents Introduction DoS Attacks Analytical Model Assessment of Performance under DoS Attack Conclusion

3 3 Introduction Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there attack and system factors that can lead to devastating effects? Related Work Securing Routing Protocols Usage of Multiple Routes Securing Packet Forwarding Identification of the Attacking Nodes

4 4 Introduction Goal of the paper –To quantify via analytical models and simulation experiments the damage that a successful attacker (using DoS attack) can have on the performance of an ad hoc network

5 5 DoS Attacks System Model –To ensure node authentication –To ensure message authentication –To ensure one identity per node –To prevent control plane misbehavior (query floods, rushing attacks …)

6 6 DoS Attacks Jellyfish Attack –Target Closed-loop flows (such as TCP) –Protocol compliance To obey routing and forwarding protocol specification –Malicious behaviors Reorder attack Periodic dropping attack Delay variance attack

7 7 DoS Attacks Impact of Jellyfish Reorder Attack

8 8 DoS Attacks Impact of Jellyfish Drop Attack

9 9 DoS Attacks Impact of Jellyfish Jitter Attack

10 10 DoS Attacks Black Hole Attacks –Target Flows that are not congestion controlled –Protocol compliance To obey routing and forwarding protocol specification –Malicious behaviors To absorb all data packets –Hard to detect

11 11 DoS Attacks Misbehavior Diagnosis – Fail! –Detection of MAC layer failure Cross-layer design in DSR –Passive acknowledgement (PACK) Watchdog –Layer 4 endpoint detection Hard to detect the malicious node Victim Response –To establish an alternate path –To employ multi-path routing –To establish backup routes

12 12 Analytical Model # of total nodes: N # of Jellyfish or Black hole nodes: pN

13 13 Assessment of Performance under DoS Attack Methodology –System Fairness –Number of Hops for Received Packets –Total System Throughput –Probability of interception

14 14 Assessment of Performance under DoS Attack Baseline –200 nodes –2000m X 2000m –Random movement (Max velocity: 10m/s, pausing for 10s on average) –IEEE 802.11 MAC (transmission range: 250m) –100 nodes communicate with each other (50 flows) –Jellyfish nodes are placed in grid

15 15 Assessment of Performance under DoS Attack Distribution of the Number of Hops for Received Packets

16 16 Assessment of Performance under DoS Attack Fairness Index for the Baseline Case

17 17 Assessment of Performance under DoS Attack Average Number of Hops for Received Packets

18 18 Assessment of Performance under DoS Attack Offered Load and TCP 1 2 3 4 3 2 1 4 1 2 3 4 1 2 3 4

19 19 Assessment of Performance under DoS Attack Extensive Simulations –Jellyfish Placement –Mobility –Node Density –System Size

20 20 Conclusion This is the first paper to quantify DoS effects on ad hoc networks –DoS increases capacity, but blocks long flows –DoS decreses fairness –Throughput is not enough to measure DoS impacts


Download ppt "Denial of Service Resilience in Ad Hoc Networks (MobiCom 2004) Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly November 21 th, 2006 Jinkyu Lee."

Similar presentations


Ads by Google