ABSTRACT
Significant progress has been made towards making ad hoc networks secure and DoS resilient. However, little attention has been focused on quantifying DoS resilience: Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there attack and system factors that can lead to devastating effects? In this paper, we design and study DoS attacks in order to assess the damage that difficult-to-detect attackers can cause. The first attack we study, called the JellyFish attack, is targeted against closed-loop flows such as TCP; although protocol compliant, it has devastating effects. The second is the Black Hole attack, which has effects similar to the JellyFish, but on open-loop flows. We quantify via simulations and analytical modeling the scalability of DoS attacks as a function of key performance parameters such as mobility, system size, node density, and counter-DoS strategy. One perhaps surprising result is that such DoS attacks can increase the capacity of ad hoc networks, as they starve multi-hop flows and only allow one-hop communication, a capacity-maximizing, yet clearly undesirable situation.
- F. M. Anjum. TCP algorithms and multiple paths: Considerations for the future of the Internet. Information Systems Frontiers, 1:91--104, March 2004.]] Google ScholarDigital Library
- Baruch Awerbuch, David Holmer, Cristina Nita-Rotaru, and Herbert Rubens. An on-demand secure routing protocol resilient to byzantine failures. In Proceedings of the ACM Workshop on Wireless Security (WiSe), Atlanta, Georgia, September 2002.]] Google ScholarDigital Library
- E. Blanton and M. Allman. On making TCP more robust to packet reordering. ACM Computer Communications Review, 32(1):20--30, January 2003.]] Google ScholarDigital Library
- S. Bohacek, J. Hespanha, J. Lee, C. Lim, and K. Obraczka. TCP-PR: TCP for persistent packet reordering. In Proceedings of the 23rd IEEE International Conference on Distributed Computing Systems, May 2003.]] Google ScholarDigital Library
- L. Brakmo, S. O'Malley, and L. Peterson. TCP Vegas: New techniques for congestion detection and avoidance. In Proceedings of ACM SIGCOMM '94, May 1994.]] Google ScholarDigital Library
- Sonja Buchegger and Jean-Yves~Le Boudec. Performance Analysis of the CONFIDANT Protocol: Cooperation Of Nodes --- Fairness In Dynamic Ad-hoc NeTworks. In Proceedings of IEEE/ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), Lausanne, CH, June 2002.]] Google ScholarDigital Library
- L. Buttyan and J. P. Hubaux. Enforcing Service Availability in Mobile Ad-Hoc WANs. In Proceedings of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHoc), Boston, MA, USA, August 2000.]] Google ScholarDigital Library
- S. Capkun, J. P. Hubaux, and L. Buttyan. Mobility Helps Peer-to-Peer Security. To appear in IEEE Transactions on Mobile Computing, 2005.]] Google ScholarDigital Library
- C. Casetti, M. Gerla, S. Mascolo, M. Sanadidi, and R. Wang. TCP Westwood: Bandwidth estimation for enhanced transport over wireless links. In Proceedings of ACM MobiCom 2001, Rome, Italy, July 2001.]] Google ScholarDigital Library
- M. Chan and R. Ramjee. TCP/IP performance over 3G wireless links with rate and delay variation. In Proceedings of ACM MobiCom 2002, Atlanta, GA, October 2002.]] Google ScholarDigital Library
- Bridget Dahill, Kimaya Sanzgiri, Brian~Neil Levine, Clay Shields, and Elizabeth M. Belding-Royer. A secure routing protocol for ad hoc networks. In Proceedings of ICNP, 2002.]] Google ScholarDigital Library
- K. Fall and S. Floyd. Simulation-based comparison of Tahoe, Reno and SACK TCP. ACM Computer Communications Review, 5(3):5--21, July 1996.]] Google ScholarDigital Library
- S. Floyd, M. Handley, J. Padhye, and J. Widmer. Equation-based congestion control for unicast applications. In Proceedings of ACM SIGCOMM '00, Stockholm, Sweden, August 2000.]] Google ScholarDigital Library
- M. Gerla, S. Lee, and G. Pau. TCP Westwood simulation studies in multiple-path cases. In Proceedings of SPECTS 2002, San Deigo, CA, July 2002.]]Google Scholar
- V. Gupta, S.V. Krishnamurthy, and M. Faloutsos. Denial of Service Attacks at the MAC Layer in Wireless Ad Hoc Networks. In Proceedings of MILCOM, 2002.]]Google ScholarCross Ref
- Yih-Chun Hu, David~B. Johnson, and Adrian Perrig. SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks. Ad Hoc Networks, 1(1):175--192, 2003.]]Google ScholarCross Ref
- Yih-Chun Hu, Adrian Perrig, and David B. Johnson. Ariadne: A secure on-demand routing protocol for ad hoc networks. In Proceedings of the Eighth ACM International Conference on Mobile Computing and Networking (MobiCom 2002), September 2002.]] Google ScholarDigital Library
- Yih-Chun Hu, Adrian Perrig, and David B. Johnson. Efficient security mechanisms for routing protocols. In Network and Distributed System Security Symposium, NDSS '03, February 2003.]]Google Scholar
- Yih-Chun Hu, Adrian Perrig, and David B. Johnson. Packet leashes: A defense against wormhole attacks in wireless networks. In Proceedings of IEEE Infocom 2003, April 2003.]]Google ScholarCross Ref
- Yih-Chun Hu, Adrian Perrig, and David B. Johnson. Rushing attacks and defense in wireless ad hoc network routing protocols. In Proceedings of WiSe 2003, September 2003.]] Google ScholarDigital Library
- R. Jain. The Art of Computer System Performance Analysis. John Wiley and Sons, Inc., 1991.]]Google Scholar
- M. Jakobsson, S. Wetzel, and B. Yener. Stealth attacks on ad hoc wireless networks. In Proceedings of VTC, 2003.]]Google ScholarCross Ref
- David B. Johnson and D. Maltz. The dynamic source routing protocol for mobile ad hoc networks (DSR), April 2003. http://www.ietf.org/internet-drafts/draft-ietf-manet-dsr-09.txt.]]Google Scholar
- V. Kawadia and P. R. Kumar. Power control and clustering in ad hoc networks. In Proceedings of IEEE Infocom, 2003.]]Google Scholar
- A. Kuzmanovic and E. Knightly. Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants. In Proceedings of ACM SIGCOMM 2003, Karlsruhe, Germany, August 2003.]] Google ScholarDigital Library
- Haiyun Luo, Jiejun Kong, Petros Zerfos, Songwu Lu, and Lixia Zhang. URSA: Ubiquitous and Robust Access Control for Mobile Ad-Hoc Networks. To appear in IEEE/ACM Transactions on Networking. October 2004.]] Google ScholarDigital Library
- Sergio Marti, T. J. Giuli, Kevin Lai, and Mary Baker. Mitigating routing misbehavior in mobile ad hoc networks. In Mobile Computing and Networking, pages 255--265, 2000.]] Google ScholarDigital Library
- P. Michiardi and R. Molva. CORE: A Collaborative Reputation Mechanism To Enforce Node Cooperation In Mobile Ad Hoc Networks. In Proceedings of The 6th IFIP Communications and Multimedia Security Conference, Portorosz, Slovenia, September 2002.]] Google ScholarDigital Library
- P. Papadimitratos and Z. Haas. Secure routing for mobile ad hoc networks. In Proceedings of CNDS, 2002.]]Google ScholarDigital Library
- P. Papadimitratos and Z. Haas. Secure data transmission in mobile ad hoc networks. In Proceedings of WiSe, 2003.]] Google ScholarDigital Library
- V. Paxson and M. Allman. Computing TCP's retransmission timer, November 2000. Internet RFC 2988.]] Google ScholarDigital Library
- N. Sadagopan, F. Bai, B. Krishnamachari, and A. Helmy. PATHS: analysis of path duration Statistics and their impact on reactive MANET routing protocols. In Proceedings of MobiHoc, 2003.]] Google ScholarDigital Library
- F. Wang and Y. Zhang. Improving TCP performance over mobile ad-hoc networks with out-of-order detection and response. In Proceedings of IEEE/ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), Lausanne, CH, June 2002.]] Google ScholarDigital Library
- Manuel Zapata and N. Asokan. Securing ad hoc routing protocols. In Proceedings of the ACM Workshop on Wireless Security (WiSe), Atlanta, Georgia, September 2002.]] Google ScholarDigital Library
- M. Zhang, B. Karp, S. Floyd, and L. Peterson. RR-TCP: A reordering robust TCP with DSACK. In Proceedings of IEEE ICNP 2003, Atlanta, GA, November 2003.]] Google ScholarDigital Library
- Sheng Zhong, Jiang Chen, and Yang~Richard Yang. Sprite: A simple, cheat-proof, credit-based system for mobile ad-hoc networks. In Proceedings of IEEE Infocom, 2003.]]Google ScholarCross Ref
- Lidong Zhou and Zygmunt~J. Haas. Securing ad hoc networks. IEEE Network, 13(6), 1999.]] Google ScholarDigital Library
Index Terms
Denial of service resilience in ad hoc networks
Recommendations
Impact of denial of service attacks on ad hoc networks
Significant progress has been made towards making ad hoc networks secure and DoS resilient. However, little attention has been focused on quantifying DoS resilience: Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make ...
Defence against packet injection in ad hoc networks
Wireless ad hoc networks have very limited network resources and are thus susceptible to attacks that focus on resource exhaustion, such as the injection of junk packets. These attacks cause serious denial-of-service via wireless channel contention and ...
Detect DDoS flooding attacks in mobile ad hoc networks
Mobile Ad hoc NETworks (MANETs) are vulnerable to the Denial of Service (DoS) attack. In this work, we focus on one specific DoS attack, Distributed DoS (DDoS) flooding attack. First of all, we present a quantitative model to characterise the flooding ...
Comments