Jiejun Kong
ABSTRACT
In this paper, we propose a formal notion of network security for ad hoc networks. We adopt a probabilistic security framework, that is, security is defined by a polynomially bounded adversary model, the cost of attack and the cost of defense. In a complex and probabilistic system, we speak of the "infeasibility" of breaking the security system rather than the "impossibility" of breaking the same system. Security is defined on the concept of "negligible", which is asymptotically sub-polynomial with respect to a pre-defined system parameter x. Intuitively, the parameter x in cryptography is the key length n. We apply the same bounds in ad hoc network security research, but in regard to scalability from now on. We propose an RP (n-runs) complexity class with a global virtual god oracle (GVG) to model a general class of network protocols. In GVG-RP (n-runs) class, the network scale (i.e., number of network members) N replaces the role of key length n in cryptography. From our formal rigorous treatment, we show that "rushing attack" is a severe attack that can reduce the success probability of common ad hoc routing schemes to negligible.Fortunately, countermeasures can be devised to answer this challenge. (1) Common network protocols are not designed to ensure that probability of security failure is negligible. In such designs, the system's security is not related to scalability. There is no asymptotic security guarantee in the network design; (2) We seek to devise security schemes to ensure that the probability of security failure is negligible in regard to network scale. In Theorem 2, we present an asymptotic invariant for scalable networks: "a polynomial-time network algorithm that ensures negligible probability of security failure at each step would stay in the state of ensuring negligible probability of security failure globally". This invariant demonstrates the existence of asymptotic security guarantee in ad hoc networks. It leads to the design of community-based secure routing to defend against rushing attacks. Nevertheless, it is unknown to us whether the ideal invariant can be practically implemented.
- I. Aad, J.-P. Hubaux, and E. W. Knightly. Denial of Service Resilience in Ad Hoc Networks. In ACM MOBICOM, pages 202--215, 2004. Google Scholar
Digital Library
- G. Acs, L. Buttyán, and I. Vajda. Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks. In European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS), 2005. Google ScholarDigital Library
- B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens. An On-Demand Secure Routing Protocol Resilient to Byzantine Failures. In First ACM Workshop on Wireless Security (WiSe), pages 21--30, 2002. Google ScholarDigital Library
- C. Bettstetter and C. Wagner. The Spatial Node Distribution of the Random Waypoint Mobility Model. In German Workshop on Mobile Ad Hoc Networks (WMAN), pages 41--58, 2002. Google ScholarDigital Library
- S. Brands and D. Chaum. Distance-Bounding Protocols (Extended Abstract). In T. Helleseth, editor, EUROCRYPT'93, Lecture Notes in Computer Science 765, pages 344--359, 1993. Google ScholarDigital Library
- J. Broch, D. A. Maltz, D. B. Johnson, Y.-C. Hu, and J. Jetcheva. A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols. In ACM MOBICOM, pages 85--97, 1998. Google ScholarDigital Library
- N. Cressie. Statistics for Spatial Data. John Wiley and Sons, 1993.Google Scholar
- J. Douceur. The Sybil Attack. In Proceedings of the 1st International Peer To Peer Systems Workshop (IPTPS 2002), 2002. Google ScholarDigital Library
- Y.-C. Hu, A. Perrig, and D. B. Johnson. Ariadne: A Secure On-demand Routing Protocol for Ad Hoc Networks. In ACM MOBICOM, pages 12--23, 2002. Google ScholarDigital Library
- Y.-C. Hu, A. Perrig, and D. B. Johnson. Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks. In IEEE INFOCOM, 2003.Google ScholarCross Ref
- Y.-C. Hu, A. Perrig, and D. B. Johnson. Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols. In ACM WiSe'03 in conjunction with MOBICOM'03, pages 30--40, 2003. Google ScholarDigital Library
- Y.-C. Hu and H. J. Wang. A Framework for Location Privacy in Wireless Networks. In ACM SIGCOMM Asia Workshop, 2005.Google Scholar
- D. B. Johnson and D. A. Maltz. Dynamic Source Routing in Ad Hoc Wireless Networks. In T. Imielinski and H. Korth, editors, Mobile Computing, volume 353, pages 153--181. Kluwer Academic Publishers, 1996.Google Scholar
- J. Kong. GVG-RP: A Net-centric Negligibility-based Security Model for Self-organizing Networks. Technical Report 2006/140, IACR Cryptology ePrint Archive, April 2006.Google Scholar
- J. Kong and X. Hong. ANODR: ANonymous On Demand Routing with Untraceable Routes for Mobile Ad-hoc Networks. In ACM MOBIHOC'03, pages 291--302, 2003. Google ScholarDigital Library
- J. Kong, X. Hong, J.-S. Park, Y. Yi, and M. Gerla. L'Hospital: Self-healing Secure Routing for Mobile Ad-hoc Networks. Technical Report CSD-TR040055, Dept. of Computer Science, UCLA, January 2005.Google Scholar
- J. Kong, X. Hong, Y. Yi, J.-S. Park, J. Liu, and M. Gerla. A Secure Ad-hoc Routing Approach using Localized Self-healing Communities. In ACM MOBIHOC'05, pages 254--265, 2005. Google ScholarDigital Library
- J. Kong, D. Wu, X. Hong, and M. Gerla. Mobile Traffic Sensor Network versus Motion-MIX: Tracing and Protecting Mobile Wireless Nodes. In ACM SASN '05 in conjunction with CCS'06, pages 97--106, 2005. Google ScholarDigital Library
- M. K. Marina and S. R. Das. Ad Hoc On-demand Multipath Distance Vector Routing. In IEEEICNP, pages 14--23, 2001. Google ScholarDigital Library
- P. Papadimitratos and Z. J. Haas. Secure Routing for Mobile Ad Hoc Networks. In SCS Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2002), 2002. Google ScholarDigital Library
- P. Papadimitratos and Z. J. Haas. Secure Data Transmission in Mobile Ad Hoc Networks. In Second ACM Workshop on Wireless Security (WiSe), pages 41--50, 2003. Google ScholarDigital Library
- C. E. Perkins and E. M. Royer. Ad-Hoc On-Demand Distance Vector Routing. In IEEE WMCSA '99, pages 90--100, 1999. Google ScholarDigital Library
- A. Perrig, R. Canetti, D. Tygar, and D. Song. The TESLA Broadcast Authentication Protocol. RSA CryptoBytes, 5(2):2--13, 2002.Google Scholar
- P. Sambasivam, A. Murthy, and E. M. Belding-Royer. Dynamically Adaptive Multipath Routing based on AODV. In Med-Hoc-Net, 2004.Google Scholar
- K. Sanzgiri, B. Dahill, B. N. Levine, C. Shields, and E. Royer. A Secure Routing Protocol for Ad Hoc Networks. In 10th International Conference on Network Protocols (IEEE ICNP '02), 2002. Google ScholarDigital Library
- C. Sengul and R. Kravets. Bypass Routing: An On-Demand Local Recovery Protocol for Ad Hoc Networks. In Med-Hoc-Net, 2004. Google ScholarDigital Library
- S. Čapkun, L. Buttyán, and J.-P. Hubaux. SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks. In ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), pages 21--32, 2003. Google ScholarDigital Library
Index Terms
- Modeling Ad-hoc rushing attack in a negligibility-based security framework
Recommendations
Rushing Attack in Mobile Ad Hoc Networks
INCOS '11: Proceedings of the 2011 Third International Conference on Intelligent Networking and Collaborative SystemsRushing attacks in mobile ad hoc networks (MANETs) cause system resources to become scarce and isolates legitimate users from the network. Therefore, this sort of attack significantly influences network connectivity and weakens networking functions and ...
Rushing attacks and defense in wireless ad hoc network routing protocols
WiSe '03: Proceedings of the 2nd ACM workshop on Wireless securityIn an ad hoc network, mobile computers (or nodes) cooperate to forward packets for each other, allowing nodes to communicate beyond their direct wireless transmission range. Many of the proposed routing protocols for ad hoc networks operate in an on-...
A Wormhole Attack in Mobile Ad-hoc Network: Detection and Prevention
ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive StrategiesIn Mobile Ad hoc Network (MANET) is a self-organizing session of communication between wireless mobile nodes build up dynamically regardless of any established infrastructure or central authority. In MANET each node behaves as a sender, receiver and ...
Comments