CollusiveHijack: A New Route Hijacking Attack and Countermeasures in Opportunistic Networks

In this paper, we first show that Hybrid Routing and Prophet protocols in Opportunistic Networks are vulnerable to the CollusiveHijack attack. In this attack, a malicious attacker, Eve, compromises a set of nodes and lies about their Inter Contact Times (ICTs). Eve claims that her nodes meet more frequently than in reality, with the goal of hijacking the routes of legitimate nodes. The CollusiveHijack enables Eve to launch more severe attacks like packet modification attack, traffic analysis attack, and incentive seeking attack. To identify the CollusiveHijack attack, we propose the Kolmogorov-Smirnov two-sample test to determine whether the statistical distribution of the packets' delays follows the derived distribution from the ICTs among the nodes. We propose two techniques to detect the CollusiveHijack attack: the Path Detection Technique (PDT) and the Hop Detection Technique (HDT), which trade off compatibility with the Bundle Security Protocol and the detection rate. We evaluated PDT and HDT through extensive simulations and a proof-of-concept system implementation. The results show that PDT and HDT are able to detect CollusiveHijack attacks with 80.0% and 99.4% detection rates, respectively (when Eve hijacks more than 60 packets) while maintaining a low false positive rate of 3.6%.

[1]  Alex Pentland,et al.  Reality mining: sensing complex social systems , 2006, Personal and Ubiquitous Computing.

[2]  Stephen Farrell,et al.  Bundle Security Protocol Specification , 2011, RFC.

[3]  Zhuoqing Morley Mao,et al.  Accurate Real-time Identification of IP Prefix Hijacking , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[4]  Alberto Dainotti,et al.  ARTEMIS: Neutralizing BGP Hijacking Within a Minute , 2018, IEEE/ACM Transactions on Networking.

[5]  Randy Bush,et al.  iSPY: Detecting IP Prefix Hijacking on My Own , 2008, IEEE/ACM Transactions on Networking.

[6]  B. Ravichandran,et al.  Statistical traffic modeling for network intrusion detection , 2000, Proceedings 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (Cat. No.PR00728).

[7]  Georg Carle,et al.  HEAP: Reliable Assessment of BGP Hijacking Attacks , 2016, IEEE Journal on Selected Areas in Communications.

[8]  C. Pipper,et al.  [''R"--project for statistical computing]. , 2008, Ugeskrift for laeger.

[9]  Arun Venkataramani,et al.  R3: robust replication routing in wireless networks with diverse connectivity characteristics , 2011, MobiCom '11.

[10]  Sven Lahde,et al.  IBR-DTN: an efficient implementation for embedded systems , 2008, CHANTS '08.

[11]  Khaled Smaili,et al.  Hypoexponential Distribution with Different Parameters , 2013 .

[12]  Jörg Ott,et al.  The ONE simulator for DTN protocol evaluation , 2009, SimuTools.

[13]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[14]  Steven Gianvecchio,et al.  An Entropy-Based Approach to Detecting Covert Timing Channels , 2011, IEEE Transactions on Dependable and Secure Computing.

[15]  Mauro Conti,et al.  AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[16]  Jie Wu,et al.  Thwarting Blackhole Attacks in Disruption-Tolerant Networks using Encounter Tickets , 2009, IEEE INFOCOM 2009.

[17]  F. Massey The Kolmogorov-Smirnov Test for Goodness of Fit , 1951 .

[18]  Chen Yang,et al.  Hybrid routing in wireless networks with diverse connectivity , 2016, MobiHoc.

[19]  Qinghua Li,et al.  To Lie or to Comply: Defending against Flood Attacks in Disruption Tolerant Networks , 2013, IEEE Transactions on Dependable and Secure Computing.

[20]  Juan E. Tapiador,et al.  Measuring normality in HTTP traffic for anomaly-based intrusion detection , 2004, Comput. Networks.

[21]  Juliana Carvalho Ferreira,et al.  What does the p value really mean? , 2015, Jornal brasileiro de pneumologia : publicacao oficial da Sociedade Brasileira de Pneumologia e Tisilogia.

[22]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[23]  A. Laouiti,et al.  Optimized link state routing protocol for ad hoc networks , 2001, Proceedings. IEEE International Multi Topic Conference, 2001. IEEE INMIC 2001. Technology for the 21st Century..

[24]  Volker Roth,et al.  Listen and whisper: security mechanisms for BGP , 2004 .

[25]  Anders Lindgren,et al.  Probabilistic Routing Protocol for Intermittently Connected Networks , 2012, RFC.

[26]  Vicky H. Mak-Hau,et al.  Defense against packet collusion attacks in opportunistic networks , 2017, Comput. Secur..

[27]  Anders Lindgren,et al.  Probabilistic routing in intermittently connected networks , 2003, MOCO.

[28]  Lixia Zhang,et al.  Cyclops: the AS-level connectivity observatory , 2008, CCRV.

[29]  Arun Venkataramani,et al.  DTN routing as a resource allocation problem , 2007, SIGCOMM '07.

[30]  Xiaodong Wang,et al.  Robust detection of selfish misbehavior in wireless networks , 2007, IEEE Journal on Selected Areas in Communications.

[31]  Dan Pei,et al.  A light-weight distributed scheme for detecting ip prefix hijacks in real-time , 2007, SIGCOMM '07.

[32]  Qinghua Li,et al.  Mitigating Routing Misbehavior in Disruption Tolerant Networks , 2012, IEEE Transactions on Information Forensics and Security.

[33]  Xiaodong Lin,et al.  Pi: A practical incentive protocol for delay tolerant networks , 2010, IEEE Transactions on Wireless Communications.

[34]  John Burgess,et al.  Surviving attacks on disruption-tolerant networks without authentication , 2007, MobiHoc '07.

[35]  Matt Lepinski,et al.  BGPsec Protocol Specification , 2017, RFC.

[36]  Yang Xiang,et al.  Detecting prefix hijackings in the internet with argus , 2012, Internet Measurement Conference.

[37]  Mauro Conti,et al.  Robust Smartphone App Identification via Encrypted Network Traffic Analysis , 2017, IEEE Transactions on Information Forensics and Security.

[38]  A T nnesen Implementing and extending the Optimized Link State Routing protocol , 2004 .

[39]  Mooi Choo Chuah,et al.  Detecting wormhole attacks in delay-tolerant networks [Security and Privacy in Emerging Wireless Networks] , 2010, IEEE Wireless Communications.

[40]  Dirk Eddelbuettel,et al.  Rcpp: Seamless R and C++ Integration , 2011 .

[41]  Mohit P. Tahiliani,et al.  Detecting packet modification attack by misbehaving router , 2014, 2014 First International Conference on Networks & Soft Computing (ICNSC2014).

[42]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.