Denial of service attacks and challenges in broadband wireless networks

Broadband wireless networks are providing internet and related services to end users. The three most important broadband wireless technologies are IEEE 802.11, IEEE 802.16, and Wireless Mesh Network (WMN). Security attacks and vulnerabilities vary amongst these broadband wireless networks because of differences in topologies, network operations and physical setups. Amongst the various security risks, Denial of Service (DoS) attack is the most severe security threat, as DoS can compromise the availability and integrity of broadband wireless network. In this paper, we present DoS attack issues in broadband wireless networks, along with possible defenses and future directions

A Trust-based Secure Service Discovery (TSSD) Model for Pervasive Computing

To cope with the challenges posed by device capacity and capability, and also the nature of ad hoc networks, a Service discovery model is needed that can resolve security and privacy issues with simple solutions. The use of complex algorithms and powerful fixed infrastructure is infeasible due to the volatile nature of pervasive environment and tiny pervasive devices. In this paper, we present a trust-based secure Service discovery model, TSSD (trust-based secure service discovery) for a truly pervasive environment. Our model is a hybrid one that allows both secure and non-secure discovery of services. This model allows Service discovery and sharing based on mutual trust. The security model handles the communication and service sharing security issues. TSSD also incorporates a trust mode for sharing Services with unknown devices

Défense contre l'attaque d'analyse de trafic dans les réseaux de capteurs sans fil (WSN)

RÉSUMÉ Le réseau de capteurs sans fil WSN possède deux modes de fonctionnement, le mode infrastructure où un point d’accès lie les capteurs entre eux, et le mode ad-hoc où les capteurs sont liées directement entre eux. L’architecture de communication entre les capteurs d'un réseau WSN est basée sur différentes couches comme la couche l'application, de transport, de réseau, de liaison/MAC, et la couche physique. Chaque couche a ses propres protocoles de transmissions de données qui peuvent être simulés avec divers outils comme "NS2", "SensorSimil", "SSFNet", "J-Sim", "SENSE", "TOSSIM" et "GlomoSim". Les réseaux WSN sont omniprésents dans divers domaines tels que la santé et le secteur militaire. Ces réseaux ont plusieurs avantages comme la facilité de déploiement massif de leurs capteurs, la protection et la supervision des applications critiques, et le fonctionnement en continu du réseau à temps réel. Cependant, les attaques de dénis de service, comme l’attaque d’analyse de trafic, peuvent avoir des impacts négatifs sur les applications critiques des réseaux WSN, minimisant ainsi la sécurité au sein de ces réseaux. Donc, il est important de sécuriser ces réseaux afin de maintenir leur efficacité. Comme les capteurs sont incapables de traiter leur sécurité d’une manière autonome, une approche globale de la sécurité contre les attaques devient indispensable. Les attaques dans les réseaux WSN, dont les dénis de service font partie, ciblent les informations en circulation. Ces dénis de service se caractérisent par un type d’utilisateur, par un type de service partagé, et par un temps d'attente raisonnable. Plusieurs mécanismes de sécurité de réseaux WSN sont utilisés afin de contrer les effets des dénis de service. Notre étude s'intéresse spécifiquement à l’attaque d’analyse de trafic. Elle en décrit la démarche aboutissant à la localisation de la station de base pour ensuite l’isoler du reste du réseau, et rendre ainsi le réseau WSN désuet. Notre technique de protection utilisée est la génération aléatoire de faux trafic autour d’une fausse station de base mobile. Ce faux trafic est généré par des capteurs collaborateurs, qui injectent dans le réseau WSN du faux trafic à destination de la fausse station de base. L’élection de la fausse station de base et des capteurs collaborateurs est aléatoire. La validation de la technique proposée se fait avec une simulation J-Sim. Notre technique est faisable dans un réseau doté d’une station de base unique, et son application peut s’étendre à un réseau muni de plusieurs stations de base. L’inconvénient de notre solution est la consommation additionnelle élevée des ressources énergétiques des capteurs du réseau WSN protégé. En conclusion, les réseaux WSN peuvent être protégés de l’attaque d’analyse de trafic par l’utilisation d’une partie de leurs réseaux pour générer du faux trafic perturbant ainsi le mouvement de l’attaquant. Mots clés: Réseaux de capteurs sans fil (WSN), Dénis de service (DoS), Sécurité de WSN, Attaque d’analyse de trafic, Fausse station de base mobile.----------ABSTRACT The WSN has two modes, infrastructure mode where an access point connects the sensors between them, and the ad-hoc mode where the sensors are connected together directly. The communication architecture between sensors in a WSN is based on various layers: application, transport, network, link/MAC, and physical layer. Every layer has its own protocols of data transmissions, which can be simulated with different tools like: "NS2", "SensorSimil", "SSFNet", "J-Sim", "SENSE", "TOSSIM", and "GlomoSim". These WSN are omnipresent in several domains like health and military sectors. These networks have several advantages like their easiest massive deployment of its sensors, the protection and the supervision of the critical applications, and the nonstop functioning of the real time network. However, denials of service attacks, like traffic analysis attack can have negative impacts on the critical applications of the WSN, thus minimizing safety within these networks, so these networks require an important security against these DoS to maintain its efficiency. As sensors are incapable of handling their own security in an autonomous way, the security in the WSN becomes difficult, and a global approach of the security against attacks becomes indispensable. Attacks in the WSN network, including denials of services, target information in circulation. These denials of services are characterized by user type, by shared service type, and by reasonable latency. Several mechanisms of securing WSN are used, in order to counter the effects of denials of services. Our study discusses particularly the traffic analysis attack. It describes the approach leading to the localization of the base station, for then insulating it from the network, and thus making WSN network obsolete. Our protection technique uses the random generation of false traffic, around a mobile false base station. This false traffic is generated by collaborator sensors, which inject the false traffic to the false base station. The election of the false base station and the collaborator sensors is random. This technique is validated with J-Sim that confirms its good running. This base station protection technique is feasible in a network equipped with a single base station, and its application can be extended to a network provided with several base stations. The disadvantage of our solution is the high additional energy resource consumption of the sensors of a protected WSN. In conclusion, WSN can be protected from the analysis traffic attack by using a portion of the network sensors to generate a false traffic, thus disrupting the movement of the attacker. Keywords: Wireless sensors Network (WSN), Denials of services (DoS), WSN security, Traffic analysis attack, Mobile false base station

Defending against low-rate TCP attack: dynamic detection and protection.

Sun Haibin.Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.Includes bibliographical references (leaves 89-96).Abstracts in English and Chinese.Abstract --- p.iChinese Abstract --- p.iiiAcknowledgement --- p.ivChapter 1 --- Introduction --- p.1Chapter 2 --- Background Study and Related Work --- p.5Chapter 2.1 --- Victim Exhaustion DoS/DDoS Attacks --- p.6Chapter 2.1.1 --- Direct DoS/DDoS Attacks --- p.7Chapter 2.1.2 --- Reflector DoS/DDoS Attacks --- p.8Chapter 2.1.3 --- Spoofed Packet Filtering --- p.9Chapter 2.1.4 --- IP Traceback --- p.13Chapter 2.1.5 --- Location Hiding --- p.20Chapter 2.2 --- QoS Based DoS Attacks --- p.22Chapter 2.2.1 --- Introduction to the QoS Based DoS Attacks --- p.22Chapter 2.2.2 --- Countermeasures to the QoS Based DoS Attacks --- p.22Chapter 2.3 --- Worm based DoS Attacks --- p.24Chapter 2.3.1 --- Introduction to the Worm based DoS Attacks --- p.24Chapter 2.3.2 --- Countermeasures to the Worm Based DoS Attacks --- p.24Chapter 2.4 --- Low-rate TCP Attack and RoQ Attacks --- p.26Chapter 2.4.1 --- General Introduction of Low-rate Attack --- p.26Chapter 2.4.2 --- Introduction of RoQ Attack --- p.27Chapter 3 --- Formal Description of Low-rate TCP Attacks --- p.28Chapter 3.1 --- Mathematical Model of Low-rate TCP Attacks --- p.28Chapter 3 2 --- Other forms of Low-rate TCP Attacks --- p.31Chapter 4 --- Distributed Detection Mechanism --- p.34Chapter 4.1 --- General Consideration of Distributed Detection . --- p.34Chapter 4.2 --- Design of Low-rate Attack Detection Algorithm . --- p.36Chapter 4.3 --- Statistical Sampling of Incoming Traffic --- p.37Chapter 4.4 --- Noise Filtering --- p.38Chapter 4.5 --- Feature Extraction --- p.39Chapter 4.6 --- Pattern Matching via the Dynamic Time Warping (DTW) Method --- p.41Chapter 4.7 --- Robustness and Accuracy of DTW --- p.45Chapter 4.7.1 --- DTW values for low-rate attack: --- p.46Chapter 4.7.2 --- DTW values for legitimate traffic (Gaussian): --- p.47Chapter 4.7.3 --- DTW values for legitimate traffic (Self-similar): --- p.48Chapter 5 --- Low-Rate Attack Defense Mechanism --- p.52Chapter 5.1 --- Design of Defense Mechanism --- p.52Chapter 5.2 --- Analysis of Deficit Round Robin Algorithm --- p.54Chapter 6 --- Fluid Model of TCP Flows --- p.56Chapter 6.1 --- Fluid Math. Model of TCP under DRR --- p.56Chapter 6.1.1 --- Model of TCP on a Droptail Router --- p.56Chapter 6.1.2 --- Model of TCP on a DRR Router --- p.60Chapter 6.2 --- Simulation of TCP Fluid Model --- p.62Chapter 6.2.1 --- Simulation of Attack with Single TCP Flow --- p.62Chapter 6.2.2 --- Simulation of Attack with Multiple TCP flows --- p.64Chapter 7 --- Experiments --- p.69Chapter 7.1 --- Experiment 1 (Single TCP flow vs. single source attack) --- p.69Chapter 7.2 --- Experiment 2 (Multiple TCP flows vs. single source attack) --- p.72Chapter 7.3 --- Experiment 3 (Multiple TCP flows vs. synchro- nized distributed low-rate attack) --- p.74Chapter 7.4 --- Experiment 4 (Network model of low-rate attack vs. Multiple TCP flows) --- p.77Chapter 8 --- Conclusion --- p.83Chapter A --- Lemmas and Theorem Derivation --- p.85Bibliography --- p.8