Slander-resistant forwarding isolation in ad hoc networks

This paper focuses on how to isolate attackers that inject packets to cause Denial-of-Service (DoS) in ad hoc networks. Our security analysis shows that current hop-by-hop source authentication protocols only partially achieve the defence goals, although they allow legitimate nodes to effectively identify and discard injected or modified packets. The other important defence goal, which has not been achieved yet, is to isolate the attackers so that they cannot inject in the future. Current authentication protocols provide evidence of injection attacks, since injected packets will incur verification failures. Nevertheless, the evidence may be exploited by attackers to deceive defenders. We find that a non-injection attacker can slander any good forwarding node in a route by modifying the authentication information carried in the packets. In order to correctly isolate suspicious nodes, we propose a new authentication approach. The approach not only preserve the function to filter junk packets as in current authentication approaches, but also help to isolate the attackers with a high probability. This approach ensures that defenders can focus on investigating only two nodes to find out the real attacker once failed verifications are detected.

[1]  Wen-Tsuen Chen,et al.  Secure Broadcasting Using the Secure Lock , 1989, IEEE Trans. Software Eng..

[2]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[3]  Edwin K. P. Chong,et al.  Efficient multicast packet authentication using signature amortization , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[4]  Haiyun Luo,et al.  Self-securing ad hoc wireless networks , 2002, Proceedings ISCC 2002 Seventh International Symposium on Computers and Communications.

[5]  Philippe Golle,et al.  Authenticating Streamed Data in the Presence of Random Packet Loss , 2001, NDSS.

[6]  David B. Johnson,et al.  The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks , 2003 .

[7]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[8]  Byrav Ramamurthy,et al.  Chinese Remainder Theorem Based Hierarchical Access Control for Secure Group Communication , 2001, ICICS.

[9]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[10]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[11]  Qijun Gu,et al.  Defending against packet injection attacks unreliable ad hoc networks , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[12]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[13]  Pankaj Rohatgi,et al.  A compact and fast hybrid signature scheme for multicast packet authentication , 1999, CCS '99.

[14]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[15]  Sushil Jajodia,et al.  An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[16]  Wenke Lee,et al.  Intrusion detection in wireless ad-hoc networks , 2000, MobiCom '00.

[17]  Dawn Xiaodong Song,et al.  Expander graphs for digital stream authentication and robust overlay networks , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[18]  Adrian Perrig,et al.  Distillation Codes and Applications to DoS Resistant Multicast Authentication , 2004, NDSS.

[19]  Shouhuai Xu,et al.  Establishing pairwise keys for secure communication in ad hoc networks: a probabilistic approach , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[20]  Edwin K. P. Chong,et al.  Efficient multicast stream authentication using erasure codes , 2003, TSEC.

[21]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[22]  Yunghsiang Sam Han,et al.  A pairwise key pre-distribution scheme for wireless sensor networks , 2003, CCS '03.

[23]  Dawn Song,et al.  The TESLA Broadcast Authentication Protocol , 2002 .

[24]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1999, TNET.

[25]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[26]  N. Asokan,et al.  Securing ad hoc routing protocols , 2002, WiSE '02.

[27]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2002, MobiCom '02.

[28]  Yih-Chun Hu,et al.  SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks , 2003, Ad Hoc Networks.

[29]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[30]  Wenke Lee,et al.  A cooperative intrusion detection system for ad hoc networks , 2003, SASN '03.

[31]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.