Securing Ad Hoc Wireless Networks Against Data Injection Attacks Using Firewalls

The authors propose to secure ad hoc networks against data injection attacks by placing firewall functionality at strategic locations in the ad hoc network. The authors first show that, given the locations of attackers and victims, the problem of placement of firewall functionality at a fixed number of ad hoc nodes while minimizing the impact of the data injection attack is identical to the k-coverage problem, this problem is known to be NP-hard. Then, the authors develop a near-optimal approximate algorithm for placing firewall functions. The authors also incorporate the loss behavior of wireless links in our algorithm. Next, the authors develop an architecture to determine the location of the attackers. Our architecture uses a separate control network (a cellular network in this paper) in conjunction with ad hoc networks to provide a provable attack detection mechanism. The authors evaluate our firewall placement algorithm for various topologies obtained from ns-2 simulations. Our results show that our algorithm can find near-optimal solutions. Based on a simple analysis and measurement results, the authors also find that the overhead of our provable attack detection mechanism is low.

[1]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[2]  K. J. Ray Liu,et al.  Secure cooperative mobile ad hoc networks against injecting traffic attacks , 2005, 2005 Second Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks, 2005. IEEE SECON 2005..

[3]  Sneha Kumar Kasera,et al.  Expected data rate: an accurate high-throughput path metric for multi-hop wireless routing , 2005, 2005 Second Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks, 2005. IEEE SECON 2005..

[4]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[5]  Hari Balakrishnan,et al.  Divert: fine-grained path selection for wireless LANs , 2004, MobiSys '04.

[6]  Michael T. Goodrich,et al.  Efficient packet marking for large-scale IP traceback , 2002, CCS '02.

[7]  Donal O'Mahony,et al.  Secure routing for mobile ad hoc networks , 2005, IEEE Communications Surveys & Tutorials.

[8]  Sushil Jajodia,et al.  An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[9]  Yih-Chun Hu,et al.  SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks , 2003, Ad Hoc Networks.

[10]  Sneha Kumar Kasera,et al.  Enhancing cellular multicast performance using ad hoc networks , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[11]  Jangeun Jun,et al.  Theoretical maximum throughput of IEEE 802.11 and its applications , 2003, Second IEEE International Symposium on Network Computing and Applications, 2003. NCA 2003..

[12]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[13]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[14]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[15]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[16]  Micah Adler,et al.  Efficient probabilistic packet marking , 2005, 13TH IEEE International Conference on Network Protocols (ICNP'05).

[17]  D. Hochbaum,et al.  Analysis of the greedy approach in problems of maximum k‐coverage , 1998 .

[18]  Haiyun Luo,et al.  UCAN: a unified cellular and ad-hoc network architecture , 2003, MobiCom '03.

[19]  Yih-Chun Hu,et al.  Rushing attacks and defense in wireless ad hoc network routing protocols , 2003, WiSe '03.

[20]  Edward W. Knightly,et al.  Denial of service resilience in ad hoc networks , 2004, MobiCom '04.

[21]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[22]  Chunming Qiao,et al.  Integrated cellular and ad hoc relay (iCAR) systems: pushing the performance limits of conventional wireless networks , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[23]  Raghupathy Sivakumar,et al.  On using the ad-hoc network model in cellular packet data networks , 2002, MobiHoc '02.

[24]  Jun Li,et al.  Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[25]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2002, MobiCom '02.

[26]  Xiaoyan Hong,et al.  A secure ad-hoc routing approach using localized self-healing communities , 2005, MobiHoc '05.

[27]  Panagiotis Papadimitratos,et al.  Secure Routing for Mobile Ad Hoc Networks , 2002 .

[28]  A. M. Abdullah,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1997 .

[29]  Manel Guerrero Zapata Secure Ad hoc On-Demand Distance Vector (SAODV) Routing , 2006 .

[30]  Yih-Chun Hu,et al.  SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks , 2002, Proceedings Fourth IEEE Workshop on Mobile Computing Systems and Applications.

[31]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[32]  Haiyun Luo,et al.  Statistical en-route filtering of injected false data in sensor networks , 2004, IEEE INFOCOM 2004.

[33]  Songwu Lu,et al.  Self-organized network-layer security in mobile ad hoc networks , 2002, WiSE '02.

[34]  Robert Tappan Morris,et al.  a high-throughput path metric for multi-hop wireless routing , 2003, MobiCom '03.

[35]  DeanDrew,et al.  An algebraic approach to IP traceback , 2002 .

[36]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[37]  Robert Tappan Morris,et al.  Architecture and evaluation of an unplanned 802.11b mesh network , 2005, MobiCom '05.

[38]  Jitendra Padhye,et al.  Routing in multi-radio, multi-hop wireless mesh networks , 2004, MobiCom '04.

[39]  A. Udaya Shankar,et al.  An Empirical Characterization of Instantaneous Throughput in 802.11b WLANs , 2002 .

[40]  Jaesheung Shin,et al.  Secure reporting of traffic forwarding activity in mobile ad hoc networks , 2005, The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services.

[41]  Elizabeth M. Belding-Royer,et al.  A secure routing protocol for ad hoc networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..