Coping with packet replay attacks in wireless networks

In this paper, we consider a variant of packet replay attacks wherein, an attacker simply replays overheard frames as they are, or with minor manipulations in the packet header; we refer to this as the copycat attack. When routers forward such replayed packets, the levels of congestion and interference increase in large portions of the network. Our experiments indicate that even a single attacker can degrade the route throughput by up to 61%. While simple to use techniques such as digitally signing every packet can stem the dissemination of such packets, they are resource intense. Thus, we design a lightweight detection and prevention system, COPS (for Copycat Online Prevention System), that intelligently uses a combination of digital signatures and Bloom filters to cope with the attack. With our system, the task of identifying and discarding replayed packets is distributed across a plurality of nodes on a route. We implement COPS on real hardware and perform experiments on our 42 node wireless testbed. Our measurements indicate that COPS achieves its objective; it can efficiently contain the effects of replayed packets to a local neighborhood without incurring high resource consumption penalties. Specifically, we show that COPS reduces the route throughput degradation by up to 66%.

[1]  David A. Maltz,et al.  DSR: the dynamic source routing protocol for multihop wireless ad hoc networks , 2001 .

[2]  Jane Zhen,et al.  Preventing Replay Attacks for Secure Routing in Ad Hoc Networks , 2003, ADHOC-NOW.

[3]  Dawn Song,et al.  The TESLA Broadcast Authentication Protocol , 2002 .

[4]  Eric Li,et al.  Anti-replay window protocols for secure IP , 2000, Proceedings Ninth International Conference on Computer Communications and Networks (Cat.No.00EX440).

[5]  Ying Huang,et al.  DoS-resistant broadcast authentication protocol with low end-to-end delay , 2008, IEEE INFOCOM Workshops 2008.

[6]  P. Jacquet,et al.  Securing the OLSR protocol , 2003 .

[7]  Joshua Wright,et al.  Detecting Wireless LAN MAC Address Spoofing , 2003 .

[8]  Sondre Wabakken Engell Securing the OLSR Protocol , 2004 .

[9]  Geoffrey C. Fox,et al.  A Framework for Secure End-to-End Delivery of Messages in Publish/Subscribe Systems , 2006, 2006 7th IEEE/ACM International Conference on Grid Computing.

[10]  Srinivasan Seshan,et al.  Understanding and mitigating the impact of RF interference on 802.11 networks , 2007, SIGCOMM 2007.

[11]  Sencun Zhu,et al.  SDAP: a secure hop-by-Hop data aggregation protocol for sensor networks , 2006, MobiHoc '06.

[12]  Tuomas Aura,et al.  Strategies against replay attacks , 1997, Proceedings 10th Computer Security Foundations Workshop.

[13]  Donal O'Mahony,et al.  Secure routing for mobile ad hoc networks , 2005, IEEE Communications Surveys & Tutorials.

[14]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[15]  Paul Syverson,et al.  A Taxonomy of Replay Attacks , 1994 .

[16]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[17]  Jim Alves-Foss,et al.  On Preventing Replay Attacks on Security Protocols , 2002 .

[18]  Shouhuai Xu,et al.  LHAP: A lightweight network access control protocol for ad hoc networks , 2006, Ad Hoc Networks.

[19]  Dan Rubenstein,et al.  Using Channel Hopping to Increase 802.11 Resilience to Jamming Attacks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[20]  Klaus Wehrle,et al.  ALPHA: an adaptive and lightweight protocol for hop-by-hop authentication , 2008, CoNEXT '08.

[21]  Semyon Mizikovsky,et al.  CDMA 1x EV-DO security , 2007, Bell Labs Technical Journal.

[22]  Pål Spilling,et al.  Replay Attacks in Mobile Wireless Ad Hoc Networks: Protecting the OLSR Protocol , 2005, ICN.