Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research Direction Introduction Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang.

Similar presentations


Presentation on theme: "Research Direction Introduction Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang."— Presentation transcript:

1 Research Direction Introduction Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang

2 Outline Previous Comments Problem Description 2010/11/18 2 NTU OPLab

3 Previous Comments

4 Exploit Nodes’ Hearing Ranges Multiple jammers Topology planning Budget allocation 2010/11/18 4 NTU OPLab

5 Exploit Nodes’ Hearing Ranges Can we exploit nodes’ hearing ranges by adjusting transmission power? ▫ : the minimum SNR(the threshold value required to decode a signal successfully. ▫ 2010/11/18 5 NTU OPLab

6 Exploit Nodes’ Hearing Ranges(cont’) 2010/11/18 6 NTU OPLab

7 Exploit Nodes’ Hearing Ranges(cont’) Algorithm description 2010/11/18 7 NTU OPLab Distance between A and J Suppose we know: 1.A’s coordinates 2.A’s hearing range(distance between A and B)

8 Exploit Nodes’ Hearing Ranges(cont’) Estimating the hearing range ▫ Average of:  The location of the furthest remaining neighbor(lower bound)  The location of the nearest lost neighbor(upper bound)  Estimation error between: 2010/11/18 8 NTU OPLab

9 Exploit Nodes’ Hearing Ranges(cont’) It’s possible to exploit nodes’ hearing ranges by adjusting transmission power. Suppose B is a ▫ Fully jammed neighbor of A  Inform B to increase its transmission power until the SNR received by A meets the threshold. ▫ Partially jammed neighbor of A  Inform B to decrease its transmission power until the SNR received by A meets the threshold. 2010/11/18 9 NTU OPLab

10 Multiple jammers Assumption When jamming ranges overlapped, 1.the edge of the ranges will not become fuzzy( 邊界不會模糊 化 ) 2.the signal strength received by the nodes which are located in the overlapped area is dominated by the stronger one. 2010/11/18 10 NTU OPLab JAJA JBJB Node A Jammer JB’s signal strength is stronger in this case

11 Multiple jammers(cont) Challenges 1.The shape of overlapped jamming range 的 is irregular. 2010/11/18 11 NTU OPLab 1.The defender is not able to see the detailed jamming range figure. 2.The defender only know the nodes which are being jammed. 3.Thus, the defender can only sequentially make suggestions about the number of jammers in the network.

12 Multiple jammers(cont) Challenges 2.How to localize multiple jammer’s position? 2010/11/18 12 NTU OPLab 1.Some nodes are suitable to be used to localize jammers. 2.But the others are not, they are located in overlapped jamming area. 3.The question is, how do they know if they are located in the same jamming range? Node C Node A Node B JAJA JBJB

13 Multiple jammers(cont) Challenges 3.Heterogeneous jammers. 2010/11/18 13 NTU OPLab 1.Some times the jamming area seems like there is only one jammer in the network. 2.And the nodes are able to estimate the location of the jammer. 3.Yes, the jammer is removed, but the network is still jammed. 4.Because there are actually multiple jammers in the network. JAJA JBJB JDJD JEJE JFJF JCJC Node C Node B Node A Node D Node E Node F ?

14 Multiple jammers(cont) Jammer number estimation ▫ Consider the effect on the jammed node’s ability to communicate 2010/11/18 14 NTU OPLab JAJA JBJB JDJD JCJC Node C Node B Node A Node D Node E Node F Some nodes may not be able to be recognized.

15 Multiple jammers(cont) Jammer number estimation ▫ Chart with graphical information 2010/11/18 15 NTU OPLab Node C Relatively high(compare to other observation points with similar distance)

16 Other Previous Comments Topology planning Budget allocation 2010/11/18 16 NTU OPLab

17 Problem Description

18 Problem ▫ Topology information gathering ▫ Jamming attack Environment ▫ Infrastructure/Backbone WMNs Role ▫ Attacker ▫ Defender 2010/11/18 18 NTU OPLab

19 Defender Attributes ▫ Nodes  Base Station  Mesh router(with 2 NICs)  Mesh client  Honeynode(with 3 NICs)  Guard Node 2010/11/18 19 NTU OPLab

20 Defender(cont’) Attributes ▫ Budget  Planning phase  Topology planning  Non-deception based  Deception based  Defending phase  Localization ▫ Approximate ▫ Precise 2010/11/18 20 NTU OPLab

21 Defender(cont’) Strategies ▫ Planning phase  Protect core nodes  Protect BS  Nodes with high population  Protect valuable information(ex. routing table, traffic)  Ensure QoS  Protect Traffic 2010/11/18 21 NTU OPLab

22 Defender(cont’) Strategies ▫ Defending phase  Real-time reaction  Priority of jammer removing ▫ Minimize the total effectiveness of jamming ▫ Retrieve QoS  Methods of jammer removing(precise or approximate) ▫ Determined by its possibility of being approximated. 2010/11/18 22 NTU OPLab

23 Attacker Attributes ▫ Budget  Preparing phase  Node compromising  Jammer choosing ▫ High quality jammers ▫ Normal jammers ▫ Capability  Capability of compromising nodes  Capability of recognizing fake info. 2010/11/18 23 NTU OPLab

24 Attacker(cont’) Strategies ▫ Preparing phase  Node compromising  Compromise core nodes  Be stealthy  Reduce QoS  Topology extending  Random 2010/11/18 24 NTU OPLab

25 Attacker(cont’) Strategies ▫ Attacking phase  Attacker’s Objective  Maximize attack effectiveness  QoS  Maximize number of jammed mesh routers  Random 2010/11/18 25 NTU OPLab

26 Scenario 2010/11/18 26 NTU OPLab Base Station Mesh router Honeynode Compromised mesh router Jammed mesh router Jammer Attacker Nodes with more defense resource

27 Scenario(cont’) For attacker ▫ Objective:  Maximize the effect to the network (Metrics of time and user numbers) ▫ Incomplete information of the network ▫ Budget limited For defender ▫ Objective:  Minimize the maximized negative effect cased by the attacker.  Maximize the budget ▫ Budget limited 2010/11/18 27 NTU OPLab

28 Scenario(cont’) Assumptions: 1.The communications between mesh routers and between mesh routers and mesh clients use different communication protocol. 2.All the packets are encrypted. Thus, the attacker can’t directly obtain information in the communication channels. 3.The defender has complete information of the network which is attacked by a single attacker with different strategies. 4.The attacker is not aware of the topology of the network. Namely, it doesn’t know that there are honeynodes in the network and which nodes are important, i.e., the attacker only has incomplete information of the network. 2010/11/18 28 NTU OPLab

29 Scenario(cont’) Assumptions: 5.There are two kinds of defense resources, the non-deception based resources and the deception based resources. 6.There are multiple jammers in the network, and their jamming ranges might be overlapped. 7.When multiple jammers attack the same channel, the received signal strength at a jammed mesh router is dominated by the larger one. 8. 在 jammer 的電波之間沒有任何的疊加、抵消等作用, jamming range 重 疊後邊緣不會有任何改變。 2010/11/18 29 NTU OPLab

30 Scenario – Network Architecture 2010/11/18 30 NTU OPLab Base Station Mesh router

31 I must protect Core Nodes Scenario – Defender’s Planning Phase 2010/11/18 31 NTU OPLab BS Node with high population Base Station Mesh router

32 Scenario – Defender’s Planning Phase(cont’) 2010/11/18 32 NTU OPLab Base Station Mesh router Honeynode Attacker Nodes with more defense resource I must protect Core Nodes A B C D E F G Why didn’t the defender protect all the nodes with high population? 1.Budget limited. 2.The effectiveness of doing so may not be the best. 3.There are other ways to deploy resources.

33 Scenario – Defender’s Planning Phase(cont’) 2010/11/18 33 NTU OPLab Base Station Mesh router Honeynode Attacker Nodes with more defense resource I must protect Core Nodes Effect of the defense resource may be: 1.Reduce the probability of being compromised

34 Scenario – Defender’s Planning Phase(cont’) 2010/11/18 34 NTU OPLab Base Station Mesh router Honeynode Attacker Nodes with more defense resource I must protect Core Nodes Effect of the defense resource may be: 2.Prevent the attacker from getting close to the important nodes.

35 Scenario – Defender’s Planning Phase(cont’) 2010/11/18 35 NTU OPLab Base Station Mesh router Honeynode Attacker Nodes with more defense resource I must protect Core Nodes Effect of the defense resource may be: 3.Attract attacks to prevent it from getting close to the important nodes.

36 Scenario – Defender’s Planning Phase(cont’) 2010/11/18 36 NTU OPLab Base Station Mesh router Honeynode Attacker Nodes with more defense resource I must protect Core Nodes A B C D E F G Effect of the defense resource may be: 4.Avoid attacks to prevent it from getting close to the important nodes.

37 Scenario – Attacker’s Preparing Phase 2010/11/18 37 NTU OPLab Signal Strength 20 902090 Initially, the attacker has following info: 1.Number of channels. 2.Signal power of each channel. 3.Traffic amount of each channel. 4.Defense strength of each mesh node. 20 90 A B C D E F G

38 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 38 NTU OPLab Signal Strength 20 902090 The honeynode: Which channel is being attacked does not matter. 20 90 A B C D E F G

39 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 39 NTU OPLab Signal Strength 90 20 The attacker’s objective: Maximize attack effectiveness. Compromise core nodes. The initial node might be.. The node with the strongest signal power 90 A B C 20 D E F G

40 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 40 NTU OPLab Base Station Mesh router Honeynode Compromised mesh router Attacker Nodes with more defense resource A B C D E F G H I J K L

41 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 41 NTU OPLab Signal Strength After compromise a mesh router, the attacker has following info: 1.Number of channels. 2.Signal power of each channel. 3.Traffic amount of each channel. 4.Defense strength of each mesh node. And… 90 209020 9020 90 20 G L B I D E A H K F J Being compromised, and obtained: 1.routing table info 2.Location info of the mesh router. 3.Traffic info 4.Number of users

42 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 42 NTU OPLab Signal Strength After compromise a mesh router, the attacker has following info: 1.Number of channels. 2.Signal power of each channel. 3.Traffic amount of each channel. 4.Defense strength of each mesh node. 5.Number of traffic sources 90 21 20 35 90 31 20 35 20 28 90 28 20 6 Number of users 90 95 90 21 90 88 20 G L B I D E A H K F J

43 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 43 NTU OPLab Signal Strength The attacker selects next hop with obtained info from compromised mesh routers if available. The node with the highest number of traffic sources 20 6 G 90 21 L 90 95 B I 20 D 28 E 90 21 A 90 28 H 90 31 K 20 35 F 20 35 J 90 88

44 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 44 NTU OPLab Base Station Mesh router Honeynode Compromised mesh router Attacker Nodes with more defense resource The action of compromising a honeynode will has following results: 1.Succeed 2.Failed Simply failed, or Had been deceived. A B C D E F G HI J K L M N

45 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 45 NTU OPLab Signal Strength The attacker selects next hop with obtained info from compromised mesh routers if available. 90 30 B 90 21 A 20 6 G 90 112 C 20 28 E 20 90 D 27 K 90 24 L 90 25 M 90 18 N

46 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 46 NTU OPLab Signal Strength 90 30 B 90 21 A 20 6 G 28 E 90 27 K 90 24 L 90 25 M 90 18 N However, the attacker was deceived by honeynode B. Thus, it obtained following fake info: 1.Population of the honeynode. 2.Traffic of the neighbors of the honeynode. The defender will lead the attacker to: 1.Unimportant area 2.Nodes with greater defense strength. 90 112 C 20 90 D

47 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 47 NTU OPLab Signal Strength 90 30 B 90 21 A 20 6 G 28 E 90 27 K 90 24 L 90 25 M 90 18 N Relatively low traffic sources on important nodes. High traffic sources on unimportant nodes. 90 112 C 20 90 D Select node C as next hop

48 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 48 NTU OPLab Base Station Mesh router Honeynode Compromised mesh router Attacker Nodes with more defense resource A B C D E F G HI J K L M N Failed to compromise

49 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 49 NTU OPLab Base Station Mesh router Honeynode Compromised mesh router Attacker Nodes with more defense resource Compromised 2 nd choice node D A B C D E F G HI J K L M N O PQ R

50 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 50 NTU OPLab Signal Strength 90 30 B 90 21 A 20 6 G 28 E 20 29 O 20 22 R 90 98 Q 90 32 C 20 8 D 90 35 P Select node N as next hop. But what will the attacker do if he compromised a honeynode? When the attacker compromised a honeynode, he may obtain: 1.Only fake info 2.Mixture of fake and true info. What should I do ? Just ignore it? Or attack the node they try to protect? Attackers with high capacity have greater probability to distinguish between true and fake.

51 Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 51 NTU OPLab Base Station Mesh router Honeynode Compromised mesh router Attacker Nodes with more defense resource A B C D E F G HI J K L M N O PQ R S TU V W X

52 Scenario – Attacker’s Attacking Phase 2010/11/18 52 NTU OPLab A B C D E F G HI J K L M N O PQ R S TU V W X Base Station Mesh router Honeynode Compromised mesh router Jammed mesh router Jammer Attacker Nodes with more defense resource Jammed honeynode B Jammed node V with high population Jammed node P(not fake channel) Jammed normal node F Jammed honeynode U

53 Scenario – Attacker’s Attacking Phase(cont’) 2010/11/18 53 NTU OPLab A B C D E F G HI J K L M N O PQ R S TU V W X Base Station Mesh router Honeynode Compromised mesh router Jammed mesh router Jammer Attacker Nodes with more defense resource Range overlapped, the fake channel jammed. Although they seems overlapped, but the jammers attacked two different channel

54 Scenario – Defender’s Defending Phase 2010/11/18 54 NTU OPLab A B C D E F G HI J K L M N O PQ R S TU V W X Base Station Mesh router Honeynode Compromised mesh router Jammed mesh router Jammer Attacker Nodes with more defense resource To minimize the total effectiveness of jamming, the defender will tend to remove these nodes first: 1.High population 2.Not fake channel Their sequence will be… 1)Jammed node V with high population 2)Jammed normal node F 3)Jammed node P(not fake channel) 5)Jammed honeynode U 4)Jammed honeynode B

55 The End Thanks for your attention. 2010/11/18 55 NTU OPLab

56 References [1]D. J. Thuente and M. Acharya, "Intelligent Jamming in Wireless Networks with Applications to 802.11b and Other Networks " in Proc. of IEEE MILCOM, 2006. [2]S. Misra, et al., "Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks," Computers & Electrical Engineering, vol. 36, pp. 367-382, 2010. [3]I. F. Akyildiz, et al., "Wireless mesh networks: a survey," Computer Networks, vol. 47, pp. 445-487, 2005. [4]W. Xu, et al., "Jamming sensor networks: attack and defense strategies," Network, IEEE, vol. 20, pp. 41-47, 2006. [5]K. Pelechrinis, et al., "Lightweight Jammer Localization in Wireless Networks: System Design and Implementation," in Global Telecommunications Conference, 2009. GLOBECOM 2009. IEEE, 2009, pp. 1-6. [6]H. Liu, et al., "Localizing jammers in wireless networks," in Pervasive Computing and Communications, 2009. PerCom 2009. IEEE International Conference on, 2009, pp. 1-6. [7]Z. Liu, et al., "Wireless Jamming Localization by Exploiting Nodes’ Hearing Ranges," in Distributed Computing in Sensor Systems. vol. 6131, R. Rajaraman, et al., Eds., ed: Springer Berlin / Heidelberg, 2010, pp. 348-361. 2010/11/18 56 NTU OPLab


Download ppt "Research Direction Introduction Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang."

Similar presentations


Ads by Google