Low-complexity secure protocols to defend cyber-physical systems against network isolation attacks

This paper studies the network isolation attack, a devastating type of attacks on cyber-physical systems. In this attack, an adversary compromises a set of nodes that enclose a region in order to isolate the region from the rest of the network. Assuming that the compromised nodes wish not to be detected, we propose a solution to defend against the network isolation attack. Our goal is to achieve the following security guarantee: either a legitimate node can successfully deliver a message to another legitimate node, or the network control center can identify a small set of suspect nodes, which are guaranteed to contain a compromised node. Toward achieving this goal, we develop two protocols: one is for secure delivery of messages among nodes and the other is for secure collection of messages from nodes at the network control center. We show that our proposed protocols are provably secure, i.e., attain the aforementioned security guarantee. Further, our protocols achieve this guarantee with overhead that is orders-of-magnitude smaller than existing baseline protocols. Our proposed protocols are thus scalable for large networks.

[1]  Panagiotis Papadimitratos,et al.  Secure link state routing for mobile ad hoc networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[2]  Saurabh Bagchi,et al.  Optimal monitoring in multi-channel multi-radio wireless mesh networks , 2009, MobiHoc '09.

[3]  Yih-Chun Hu,et al.  SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks , 2003, Ad Hoc Networks.

[4]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[5]  Saurabh Bagchi,et al.  An optimization framework for monitoring multi-channel multi-radio wireless mesh networks , 2013, Ad Hoc Networks.

[6]  Saurabh Bagchi,et al.  A delay-bounded event-monitoring and adversary-identification protocol in resource-constraint sensor networks , 2013, Ad Hoc Networks.

[7]  J. Sommers,et al.  A Geometric Approach to Improving Active Packet Loss Measurement , 2008, IEEE/ACM Transactions on Networking.

[8]  Reza Curtmola,et al.  ODSBR: An on-demand secure Byzantine resilient routing protocol for wireless ad hoc networks , 2008, TSEC.

[9]  Issa M. Khalil,et al.  LITEWORP: a lightweight countermeasure for the wormhole attack in multihop wireless networks , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[10]  SommersJoel,et al.  Improving accuracy in end-to-end packet loss measurement , 2005 .

[11]  Paul Barford,et al.  Accurate and efficient SLA compliance monitoring , 2007, SIGCOMM '07.

[12]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2005, Wirel. Networks.

[13]  Victor C. M. Leung,et al.  Secure Routing for Mobile Ad Hoc Networks , 2006 .

[14]  Saurabh Bagchi,et al.  Toward optimal sniffer-channel assignment for reliable monitoring in multi-channel wireless networks , 2013, 2013 IEEE International Conference on Sensing, Communications and Networking (SECON).

[15]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[16]  Saurabh Bagchi,et al.  Distributed online channel assignment toward optimal monitoring in multi-channel wireless networks , 2012, 2012 Proceedings IEEE INFOCOM.

[17]  Xin Zhang,et al.  Packet-dropping adversary identification for data plane security , 2008, CoNEXT '08.

[18]  Ieee Staff,et al.  2013 IEEE Conference on Communications and Network Security (CNS) , 2013 .

[19]  Paul Barford,et al.  Improving accuracy in end-to-end packet loss measurement , 2005, SIGCOMM '05.