A routing defense mechanism using evolutionary game theory for Delay Tolerant Networks

Delay Tolerant Networks (DTNs) often suffer from intermittent disruption due to factors such as mobility and energy. Though lots of routing algorithms in DTNs have been proposed in the last few years, the routing security problems have not attracted enough attention. DTNs are still facing the threats from different kinds of routing attacks. In this paper, a general purpose defense mechanism is proposed against various routing attacks on DTNs. The defense mechanism is based on the routing path information acquired from the forwarded messages and the acknowledgment (ACK), and it is suitable for different routing schemes. Evolutionary game theory is applied with the defense mechanism to analyze and facilitate the strategy changes of the nodes in the networks. Simulation results show that the proposed evolutionary game theory based defense scheme can achieve high average delivery ratio, low network overhead and low average transmission delay in various routing attack scenarios. By introducing the game theory, the networks can avoid being attacked and provide normal transmission service. The networks can reach evolutionary strategy stable (ESS) under special conditions after evolution. The initial parameters will affect the convergence speed and the final ESS, but the initial ratio of the nodes choosing different strategies can only affect the game process

Erkennung und Vermeidung von Fehlverhalten in fahrzeugbasierten DTNs

Delay- and Disruption-Tolerant Networks (DTNs) are a suitable technology for many applications when the network suffers from intermittent connections and significant delays. In current vehicular networks, due to the high mobility of vehicles, the connectivity in vehicular networks can be highly unstable, links may change or break soon after they have been established and the network topology varies significantly depending on time and location. When the density of networked vehicles is low, connectivity is intermittent and with only a few transmission opportunities. This makes forwarding packets very difficult. For the next years, until a high penetration of networked vehicles is realized, delay-tolerant methods are a necessity in vehicular networks, leading to Vehicular DTNs (VDTNs). By implementing a store-carry-forward paradigm, VDTNs can make sure that even under difficult conditions, the network can be used by applications. However, we cannot assume that all vehicles are altruistic in VDTNs. Attackers can penetrate the communication systems of vehicles trying their best to destroy the network. Especially if multiple attackers collude to disrupt the network, the characteristics of VDTNs, without continuous connectivity, make most traditional strategies of detecting attackers infeasible. Additionally, selfish nodes may be reluctant to cooperate considering their profit, and due to hard- or software errors some vehicles cannot send or forward data. Hence, efficient mechanisms to detect malicious nodes in VDTNs are imperative. In this thesis, two classes of Misbehavior Detection Systems (MDSs) are proposed to defend VDTNs against malicious nodes. Both MDSs use encounter records (ERs) as proof to document nodes' behavior during previous contacts. By collecting and securely exchanging ERs, depending on different strategies in different classes of MDSs, a reputation system is built in order to punish bad behavior while encouraging cooperative behavior in the network. With independently operating nodes and asynchronous exchange of observations through ERs, both systems are very well suited for VDTNs, where there will be no continuous, ubiquitous network in the foreseeable future. By evaluating our methods through extensive simulations using different DTN routing protocols and different realistic scenarios, we find that both MDS classes are able to efficiently protect the system with low overhead and prevent malicious nodes from further disrupting the network.In Netzwerken mit zeitweisen Unterbrechungen oder langen Verzögerungen sind Delay- and Disruption-Tolerant Networks (DTNs) eine geeignete Technologie für viele Anwendungen. Die Konnektivität in Fahrzeugnetzen ist bedingt durch die hohe Mobilität und die geringe Verbreitung von netzwerkfähigen Fahrzeugen oft instabil. Bis zur flächendeckenden Verbreitung von netzwerkfähigen Fahrzeugen ist es daher zwingend notwendig auf Methoden des Delay Tolerant Networking zurückzugreifen um die bestmögliche Kommunikation zu gewährleisten. In diesem Zusammenhang wird von Vehicular Delay Tolerant Networks (VDTNs) gesprochen. Durch das Store-Carry-Forward-Prinzip kann ein VDTN Kommunikation für Anwendungen ermöglichen. Allerdings ist davon auszugehen, dass sich nicht alle Fahrzeuge altruistisch verhalten: Angreifer können Fahrzeuge übernehmen und das Netzwerk attackieren oder Knoten sind aus egoistischen Motiven oder auf Grund von Defekten unkooperativ. Verfahren, die Fehlverhalten in stabilen Netzen durch direkte Beobachtung erkennen können, sind in VDTNs nicht anwendbar. Daher sind Methoden, die Fehlverhalten in VDTNs nachweisen können, zwingend erforderlich. In dieser Arbeit werden zwei Klassen von Misbehavior Detection Systems (MDSs) vorgestellt. Beide Systeme basieren auf Encounter Records (ERs): Nach einem Kontakt tauschen zwei Knoten kryptografisch signierte Meta-Informationen zu den erfolgten Datentransfers aus. Diese ERs dienen bei darauffolgenden Kontakten mit anderen Netzwerkteilnehmern als vertrauenswürdiger Nachweis für das Verhalten eines Knotens in der Vergangenheit. Basierend auf der Auswertung gesammelter ERs wird ein Reputationssystem entwickelt, das kooperatives Verhalten belohnt und unkooperatives Verhalten bestraft. Dauerhaft unkooperative Knoten werden aus dem Netzwerk ausgeschlossen. Durch den asynchronen Austausch von Informationen kann jeder Knoten das Verhalten seiner Nachbarn selbstständig und unabhängig evaluieren. Dadurch sind die vorgestellten MDS-Varianten sehr gut für den Einsatz in einem VDTN geeignet. Durch umfangreiche Evaluationen wird gezeigt, dass sich die entwickelten MDS-Verfahren für verschiedene Routingprotokolle und in unterschiedlichen Szenarien anwenden lassen. In allen Fällen ist das MDS in der Lage das System mit geringem Overhead gegen Angreifer zu verteidigen und eine hohe Servicequalität im Netzwerk zu gewährleisten

Defense and traceback mechanisms in opportunistic wireless networks

 In this thesis, we have identified a novel attack in OppNets, a special type of packet dropping attack where the malicious node(s) drops one or more packets (not all the packets) and then injects new fake packets instead. We name this novel attack as the Catabolism attack and propose a novel attack detection and traceback approach against this attack referred to as the Anabolism defence. As part of the Anabolism defence approach we have proposed three techniques: time-based, Merkle tree based and Hash chain based techniques for attack detection and malicious node(s) traceback. We provide mathematical models that show our novel detection and traceback mechanisms to be very effective and detailed simulation results show our defence mechanisms to achieve a very high accuracy and detection rate

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Towards a secure cooperation mechanism for Challenging Networks

A Challenging Network (CN) is a network paradigm adapting to the many issues of the environment in order to guarantee the communication among nodes. One of the most important issues of a CN is the problem of secure cooperation among nodes. In fact, an attacker, either internal or external, may constitute a threat for the network. In this work I investigate the problem of secure cooperation in three kinds of CNs: the Underwater Acoustic Net- works (UANs), the Delay Tolerant Networks (DTNs) and the Publish/Subscribe Networks (PSNs). A UAN is a network paradigm allowing communication among underwater nodes equipped with acoustic modems. Since the acoustic channel is an open medium, an attacker conveniently equipped could intercept the messages traversing the network. In this work I describe a cryptographic suite, aimed at protecting the communication among underwater acoustic nodes. A DTN is a network paradigm guaranteeing message delivery even in presence of network partitions. A DTN relies on the implicit assumption that nodes cooperate towards message forwarding. However, this assumption cannot be satisfied when there are malicious nodes acting as blackholes and voluntarily attracting and dropping messages. In this work I propose a reputation-based protocol for contrasting blackholes. A PSN is a network paradigm allowing communication from publishers to subscribers by means of an infrastructure, called Dispatcher. In this work I present a secure PSN conceived to support cooperation be- tween organizations. The service is based on the notion of security group, an overlay composed of brokers representing organizations that guarantees confidentiality and integrity in end-to-end delivery of messages and supports clients mobility

Establishing trust relationships and secure channels in opportunistic networks

&nbsp;An effective system with techniques and algorithms that preserve the completeness and integrity of packets in a network and protects Opportunistic Networks from packet dropping and modification attacks has been proposed in this thesis. The techniques and attributes used to create the system involve using Merkle trees, trust, and reputation.<br /

Security techniques for sensor systems and the Internet of Things

Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues. We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We develop nesCheck, a novel approach that combines static analysis and dynamic checking to efficiently enforce memory safety on TinyOS applications. As security guarantees come at a cost, determining which resources to protect becomes important. Our solution, OptAll, leverages game-theoretic techniques to determine the optimal allocation of security resources in IoT networks, taking into account fixed and variable costs, criticality of different portions of the network, and risk metrics related to a specified security goal. Monitoring IoT devices and sensors during operation is necessary to detect incidents. We design Kalis, a knowledge-driven intrusion detection technique for IoT that does not target a single protocol or application, and adapts the detection strategy to the network features. As the scale of IoT makes the devices good targets for botnets, we design Heimdall, a whitelist-based anomaly detection technique for detecting and protecting against IoT-based denial of service attacks. Once our monitoring tools detect an attack, determining its actual cause is crucial to an effective reaction. We design a fine-grained analysis tool for sensor networks that leverages resident packet parameters to determine whether a packet loss attack is node- or link-related and, in the second case, locate the attack source. Moreover, we design a statistical model for determining optimal system thresholds by exploiting packet parameters variances. With our techniques\u27 diagnosis information, we develop Kinesis, a security incident response system for sensor networks designed to recover from attacks without significant interruption, dynamically selecting response actions while being lightweight in communication and energy overhead

A dynamic trust and mutual authentication scheme for MANET security

MANETs are attractive technology in providing communication in the absence of a fixed infrastructure for applications such as, first responders at a disaster site or soldiers in a battlefield (Kumar, and Mishra, 2012). The rapid growth MANET has experienced in recent years is due to its Ad Hoc capabilities that have also made it prime target of cybercrimes (Jhaveri, 2012). This has raised the question of how could we embrace the benefits of MANET without the increased security risks. MANETs have several vulnerabilities such as lack of a central point, mobility, wireless links, limited energy resources, a lack of clear line of defence, cooperative nature and non-secure communication to mention a few. This research proposes a two-phase scheme. In phase-one a novel approach is suggested by using concept of exiting trust schemes and adopting the use of Dynamic Trust Threshold Scheme (DTTS) for the selection of trusted nodes in the network and using mutual trust acknowledgement scheme of neighbour nodes to authenticate two communicating nodes. The notion of trust is used for authenticating peer nodes. The trust scheme algorithm is based on real time network dynamics, relevant to MANET conditions, as opposed to pre-determined static values. The phase-one is implemented in AODV and tested in a simulated environment using NS2. The reason for using AODV is that it’s reactive and has comparatively low routing overhead, low energy consumption and relatively better performance (Morshed, et al 2010). In order to ensure data confidentiality and end-to-end security, in phase-two, the source and destination generates a shared secret key to communicate with each other using a highly efficient Diffie Hellman Elliptic Curve scheme (Wang, Ramamurthy and Zou, 2006). The shared key is used to encrypt data between the peer nodes