Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean...
-
Upload
cuthbert-osborne -
Category
Documents
-
view
222 -
download
0
Transcript of Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean...
Surviving Attacks on Disruption-Tolerant Networks without
Authentication
John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine
University of Massachusetts, Amherst
Goal
• Understand DTN vulnerability• Attack analysis• Experimental evaluation
Disruption Tolerant Networks• Networking for intermittently connected
nodes• Rural Internet• Urban blind spots• Sparse sensor networks
• Connectivity on a spectrum
Unique Vulnerability
• Measured by packet delivery rate
• Nodes physically unsecured
• Traditional defenses are inappropriate:• graph theoretical results are limited • identity management not always
practical
Undisturbed Decimated
Attack strengthWeak Strong
Network impact
Attack Universe
Weak attacks:
•random node selection
•easy to evaluate
Strong attacks:
•optimal node selection
•strong attack NP-hard to evaluate
Outline
• Attack Strategies• Data• Experimental Results• Conclusion
Attacks: Weak
• Nodes chosen at random• Attack defined by enumerating
strategies• Remove Node• Drop all packets• Flood packets• Routing table falsification• ACK counterfeiting
Attacks: Strong
• Intractable to determine optimal attack set • Throughput is difficult metric to analyze• Even simple metrics lead to NP-hard
problem
• Instead, greedily remove vertices that most lower temporal connectivity
Data: DieselNet
• 40 buses • 802.11 protocol• 60 days of
traces• Transmission
events feed a simulator
• Various routing protocols tested
Data: Haggle
• 41 devices in human mobility experiment
• Bluetooth• 3 days of traces• Haggle connections more frequent
than DieselNet• Haggle traces broken down to better
match DieselNet
Experiments: weak attack
• Evaluated delivery rate via given routing protocol subject to given attack strategy
• Used DieselNet data only
Replicative Forwarding
Metric based
MaxProp MaxForw
Random RandProp RandForw
Routing Protocols Attack Strategies•Remove node
•Drop all
•Flooding
•Routing table Falsification
•ACK counterfeiting
Experiments: weak attack
MaxProp• Minimum
delivery rate above 20%
• ACK counterfeiting is most effective attack
Experiments: ACK Counterfeiting• Devise an ACK counterfeiting defense
• ACKs should propagate after packets• Drop ACK if you haven’t seen packet yet
• Defense improves minimum packet delivery rate
• Drop All attack just as effective as ACK counterfeiting
Experiments: strong attack• Seek to establish the validity of greedy
attack• Find best k vertices in terms of temporal
reachability via brute force evaluation for small k
• Compare brute force results to greedy approach
• Evaluate greedy attack for larger values of k
• Evaluate both DieselNet and Haggle
Haggle: Brute vs. Greedy
Experiments: strong attack
• For temporal reachability- best 5 nodes to remove almost always the same as 5 greedy choices
• Results for DieselNet similar
Experiments: strong attack
Haggle: greedy attack• Displays
roughly the same resilience to attack at DieselNet
• Packet delivery rate degrades more slowly as more nodes are
Conclusion
• DTNs have unique susceptibility to attack
• Susceptibility understood with attack analysis
• Experiments on real traces show attack
efficacy