Denial of service resilience in ad hoc networks

Significant progress has been made towards making ad hoc networks secure and DoS resilient. However, little attention has been focused on quantifying DoS resilience: Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there attack and system factors that can lead to devastating effects? In this paper, we design and study DoS attacks in order to assess the damage that difficult-to-detect attackers can cause. The first attack we study, called the JellyFish attack, is targeted against closed-loop flows such as TCP; although protocol compliant, it has devastating effects. The second is the Black Hole attack, which has effects similar to the JellyFish, but on open-loop flows. We quantify via simulations and analytical modeling the scalability of DoS attacks as a function of key performance parameters such as mobility, system size, node density, and counter-DoS strategy. One perhaps surprising result is that such DoS attacks can increase the capacity of ad hoc networks, as they starve multi-hop flows and only allow one-hop communication, a capacity-maximizing, yet clearly undesirable situation.

[1]  Yih-Chun Hu Efficient Security Mechanisms for Routing Protocols , 2003 .

[2]  Ray Jain,et al.  The art of computer systems performance analysis - techniques for experimental design, measurement, simulation, and modeling , 1991, Wiley professional computing.

[3]  Vikas Kawadia,et al.  Power control and clustering in ad hoc networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[4]  Sheng Zhong,et al.  Sprite: a simple, cheat-proof, credit-based system for mobile ad-hoc networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[5]  Ren Wang,et al.  TCP westwood: Bandwidth estimation for enhanced transport over wireless links , 2001, MobiCom '01.

[6]  Ahmed Helmy,et al.  PATHS: analysis of PATH duration statistics and their impact on reactive MANET routing protocols , 2003, MobiHoc '03.

[7]  Baruch Awerbuch,et al.  An on-demand secure routing protocol resilient to byzantine failures , 2002, WiSE '02.

[8]  Elizabeth M. Belding-Royer,et al.  A secure routing protocol for ad hoc networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[9]  Mario Gerla,et al.  TCP Westwood Simulation Studies in Multiple-Path Cases , 2000 .

[10]  N. Asokan,et al.  Securing ad hoc routing protocols , 2002, WiSE '02.

[11]  João P. Hespanha,et al.  TCP-PR: TCP for persistent packet reordering , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[12]  David B. Johnson,et al.  The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks , 2003 .

[13]  Farooq Anjum TCP Algorithms and Multiple Paths: Considerations for the Future of the Internet , 2004, Inf. Syst. Frontiers.

[14]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2005, Wirel. Networks.

[15]  Victor C. M. Leung,et al.  Secure Routing for Mobile Ad Hoc Networks , 2006 .

[16]  Michalis Faloutsos,et al.  Denial of service attacks at the MAC layer in wireless ad hoc networks , 2002, MILCOM 2002. Proceedings.

[17]  Larry Peterson,et al.  TCP Vegas: new techniques for congestion detection and avoidance , 1994, SIGCOMM 1994.

[18]  Ming Zhang,et al.  RR-TCP: a reordering-robust TCP with DSACK , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[19]  Feng Wang,et al.  Improving TCP performance over mobile ad-hoc networks with out-of-order detection and response , 2002, MobiHoc '02.

[20]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[21]  Mun Choon Chan,et al.  TCP/IP Performance over 3G Wireless Links with Rate and Delay Variation , 2005, Wirel. Networks.

[22]  Srdjan Capkun,et al.  Mobility helps peer-to-peer security , 2006, IEEE Transactions on Mobile Computing.

[23]  Vern Paxson,et al.  Computing TCP's Retransmission Timer , 2000, RFC.

[24]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[25]  Yih-Chun Hu,et al.  Efficient Security Mechanisms for Routing Protocolsa , 2003, NDSS.

[26]  Sally Floyd,et al.  Simulation-based comparisons of Tahoe, Reno and SACK TCP , 1996, CCRV.

[27]  Haiyun Luo,et al.  URSA: ubiquitous and robust access control for mobile ad hoc networks , 2004, IEEE/ACM Transactions on Networking.

[28]  Yih-Chun Hu,et al.  Rushing attacks and defense in wireless ad hoc network routing protocols , 2003, WiSe '03.

[29]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[30]  J.-P. Hubaux,et al.  Enforcing service availability in mobile ad-hoc WANs , 2000, 2000 First Annual Workshop on Mobile and Ad Hoc Networking and Computing. MobiHOC (Cat. No.00EX444).

[31]  Markus Jakobsson,et al.  Stealth attacks on ad-hoc wireless networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[32]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[33]  Mark Handley,et al.  Equation-based congestion control for unicast applications , 2000, SIGCOMM.

[34]  Yih-Chun Hu,et al.  SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks , 2003, Ad Hoc Networks.

[35]  Panagiotis Papadimitratos,et al.  Secure data transmission in mobile ad hoc networks , 2003, WiSe '03.

[36]  Mark Allman,et al.  On making TCP more robust to packet reordering , 2002, CCRV.

[37]  Refik Molva,et al.  Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks , 2002, Communications and Multimedia Security.

[38]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.