1,606 research outputs found
Recommended from our members
Common security issues and challenges in wireless sensor networks and IEEE 802.11 wireless mesh networks
Both Wireless Mesh Network (WMN) and Wireless Sensor Network (WSN) are multi-hop wireless networks. WMN is an emerging community based integrated broadband wireless network which ensures high bandwidth ubiquitous internet provision to users, while, WSN is application specific and ensures large scale real-time data processing in complex environment. Both these wireless networks have some common vulnerable features which may increase the chances of different sorts of security attacks. Wireless sensor nodes have computation, memory and power limitations, which do not allow for implementation of complex security mechanism. In this paper, we discuss the common limitations and vulnerable features of WMN and WSN, along with the associated security threats and possible countermeasures. We also propose security mechanisms keeping in view the architecture and limitations of both. This article will serve as a baseline guide for the new researchers who are concern with the security aspects of WMN and WSN
An Efficient Analytical Solution to Thwart DDoS Attacks in Public Domain
In this paper, an analytical model for DDoS attacks detection is proposed, in
which propagation of abrupt traffic changes inside public domain is monitored
to detect a wide range of DDoS attacks. Although, various statistical measures
can be used to construct profile of the traffic normally seen in the network to
identify anomalies whenever traffic goes out of profile, we have selected
volume and flow measure. Consideration of varying tolerance factors make
proposed detection system scalable to the varying network conditions and attack
loads in real time. NS-2 network simulator on Linux platform is used as
simulation testbed. Simulation results show that our proposed solution gives a
drastic improvement in terms of detection rate and false positive rate.
However, the mammoth volume generated by DDoS attacks pose the biggest
challenge in terms of memory and computational overheads as far as monitoring
and analysis of traffic at single point connecting victim is concerned. To
address this problem, a distributed cooperative technique is proposed that
distributes memory and computational overheads to all edge routers for
detecting a wide range of DDoS attacks at early stage.Comment: arXiv admin note: substantial text overlap with arXiv:1203.240
DoS protection for a Pragmatic Multiservice Network Based on Programmable Networks
Proceedings of First International IFIP TC6 Conference, AN 2006, Paris, France, September 27-29, 2006.We propose a scenario of a multiservice network, based on pragmatic
ideas of programmable networks. Active routers are capable of processing both
active and legacy packets. This scenario is vulnerable to a Denial of Service attack,
which consists in inserting false legacy packets into active routers. We
propose a mechanism for detecting the injection of fake legacy packets into active
routers. This mechanism consists in exchanging accounting information on
the traffic between neighboring active routers. The exchange of accounting information
must be carried out in a secure way using secure active packets. The
proposed mechanism is sensitive to the loss of packets. To deal with this problem
some improvements in the mechanism has been proposed. An important issue
is the procedure for discharging packets when an attack has been detected.
We propose an easy and efficient mechanism that would be improved in future
work.Publicad
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks
Denial of Service (DoS) attacks are one of the most challenging threats to
Internet security. An attacker typically compromises a large number of
vulnerable hosts and uses them to flood the victim's site with malicious
traffic, clogging its tail circuit and interfering with normal traffic. At
present, the network operator of a site under attack has no other resolution
but to respond manually by inserting filters in the appropriate edge routers to
drop attack traffic. However, as DoS attacks become increasingly sophisticated,
manual filter propagation becomes unacceptably slow or even infeasible.
In this paper, we present Active Internet Traffic Filtering, a new automatic
filter propagation protocol. We argue that this system provides a guaranteed,
significant level of protection against DoS attacks in exchange for a
reasonable, bounded amount of router resources. We also argue that the proposed
system cannot be abused by a malicious node to interfere with normal Internet
operation. Finally, we argue that it retains its efficiency in the face of
continued Internet growth.Comment: Briefly describes the core ideas of AITF, a protocol for facing
Denial of Service Attacks. 6 pages lon
Poseidon: Mitigating Interest Flooding DDoS Attacks in Named Data Networking
Content-Centric Networking (CCN) is an emerging networking paradigm being
considered as a possible replacement for the current IP-based host-centric
Internet infrastructure. In CCN, named content becomes a first-class entity.
CCN focuses on content distribution, which dominates current Internet traffic
and is arguably not well served by IP. Named-Data Networking (NDN) is an
example of CCN. NDN is also an active research project under the NSF Future
Internet Architectures (FIA) program. FIA emphasizes security and privacy from
the outset and by design. To be a viable Internet architecture, NDN must be
resilient against current and emerging threats. This paper focuses on
distributed denial-of-service (DDoS) attacks; in particular we address interest
flooding, an attack that exploits key architectural features of NDN. We show
that an adversary with limited resources can implement such attack, having a
significant impact on network performance. We then introduce Poseidon: a
framework for detecting and mitigating interest flooding attacks. Finally, we
report on results of extensive simulations assessing proposed countermeasure.Comment: The IEEE Conference on Local Computer Networks (LCN 2013
- …