Elsevier

Ad Hoc Networks

Volume 6, Issue 3, May 2008, Pages 363-379
Ad Hoc Networks

Defending against cache consistency attacks in wireless ad hoc networks

https://doi.org/10.1016/j.adhoc.2007.02.005Get rights and content

Abstract

Caching techniques can be used to reduce bandwidth consumption and data access delay in wireless ad hoc networks. When cache is used, the issue of cache consistency must be addressed, and maintaining strong cache consistency is desired in some strategic scenarios (e.g., battlefields). In these situations, the invalidation-based approach is preferred due to its low overhead. However, this approach may suffer from some security attacks. For example, malicious nodes (also called intruders) may drop, insert or modify invalidation messages to mislead receivers to use stale data or unnecessarily invalidate data that are still valid. In this paper, we first propose to employ the Invalidation Report (IR) based cache invalidation strategy to prevent intruders from dropping or modifying invalidation messages. Although digital signatures can be used to protect IRs, this has significantly high overhead in terms of computational and bandwidth overhead. To address this problem, we further propose a family of randomized grouping-based schemes for intrusion detection, damage recovery and intruder identification. Extensive analysis and simulations are performed to evaluate the proposed schemes. The results show that our solution can achieve a satisfactory level of security with low overhead.

Introduction

Mobile ad hoc networks have been the focus of recent research due to their potential applications in civilian and military environments such as battlefield, disaster recovery, group conference, and wireless office. In ad hoc networks, mobile nodes communicate with each other using multi-hop wireless links. Due to lack of infrastructural support, each node acts as a router, forwarding data packets for other nodes. Most of the previous research in ad hoc networks focuses on the development of dynamic routing protocols [1], [2], [3], [4] that can efficiently find routes between two communicating nodes. Although routing is an important issue in ad hoc networks, other issue such as information (data) access is also very important since the ultimate goal of using ad hoc networks is to provide information access to mobile nodes.

Caching frequently accessed data items at the client side is an effective technique to improve performance in mobile environments. With caching, both bandwidth consumption and data access delay can be reduced since some data access requests can be served from the local cache, thereby obviating the need for data transmission over the scarce wireless links. Fig. 1 shows an example in a battlefield, where the communication equipments held by a commander and a group of soldiers form an ad hoc network. The commander has the data center, and the soldiers need to access the data center to get information about the enemy, the battlefield, and the attack plans. After a soldier obtained some information from the data center, he or other soldiers near him may need to access it again and again. To save bandwidth and reduce access delay, the soldier can cache a copy of the data locally and serve requests from the local cache, as long as the cached copy is consistent with the copy at the data center.

Problems related to cache consistency have been studied in many other systems such as multi-processor architectures, distributed file systems, distributed shared memory, and database systems. Two widely used cache consistency models are the weak consistency model and the strong consistency model. In the weak consistency model, a stale data might be returned to the client. In the strong consistency model, after a write completes, no stale copy of the modified data will be returned to the client. In some adversarial and strategic scenarios such as the battlefield (see Fig. 1), accessing stale data (e.g., outdated enemy information) may be life threatening, and hence we need to study how to achieve strong consistency.

For strong cache consistency, the polling-based approach can be used. In this approach, every time the user requests a data item and there is a cached copy, the cache first contacts the server to validate the cached copy, and then returns the valid copy to the user. However, in a large network, many clients may cache and frequently access some data items. Using the polling-based approach may generate significant network traffic [5], since a large number of clients need to frequently contact the server to validate their cached data items. To address the problem, the invalidation-based approach is widely used. In this approach, the server keeps track of all the clients that cache the data item, and sends invalidation messages to the clients when the data is changed.

In the adversarial scenarios such as in the battlefield, some nodes in the network may be malicious; the adversary may also capture and compromise some nodes, and make use of the compromised nodes to launch various kinds of attacks on the invalidation-based approach. The attacks may prevent the systems from achieving the strong consistency. Basically, there are two kinds of attacks on the invalidation-based approach. First, the malicious or compromised node (intruder) may stop propagating invalidation messages, hence, mobile nodes far away from the data source may not be able to receive the invalidation messages and may use the stale cache (or replica) without realizing it. Second, an intruder may inject false invalidation messages, or modify passing invalidation messages, to mislead innocent receivers to use their stale caches or invalidate their caches which are still valid. If the data source authenticates each invalidation messages with a digital signature, receivers can verify messages and avoid the second kind of attack. However, digital signatures cannot be used to defend against the first kind of attack, since the mobile node may never receive the signed invalidation message.

In this paper, we propose solutions to deal with such attacks on cache consistency. To prevent malicious nodes from dropping the invalidation messages, we borrow ideas from the IR-based cache invalidation [6], [7]. In this approach, the server periodically broadcasts an invalidation report (IR) in which the changed data items are indicated. Since IRs are sent out regularly, the clients expect the IR at regular time interval. If a client maliciously drops an IR, the nodes that are expecting the IR can detect it, and some measures can be taken to address the attack. To prevent malicious nodes from modifying the IRs and to authenticate the data source, digital signature can be used. To reduce the high overhead associated with the digital signature approach, we propose a family of randomized grouping-based techniques for intrusion detection, damage recovery and intruder identification. Extensive analysis and simulations are performed to evaluate the proposed schemes. The results show that our solution can achieve satisfactory level of security with low overhead.

The paper is organized as follows. In the next section, a brief review of the related work is presented. In Section 3, we propose solutions to defend against dropping invalidation messages. In Section 4, we propose randomized grouping techniques to reduce the authentication overhead. Security analysis of the proposed solution is presented in Section 5. Section 6 discusses the issues of reducing packet size and revoking intruders. Section 7 reports the simulation results and Section 8 concludes the paper.

Section snippets

Related work

Recently, many researchers have investigated the security issues in ad hoc networks. Hubaux et al. [8] addressed the issue of distributing public keys in ad hoc networks, by proposing to let users issue certificates for each other based on their personal acquaintances. Zhou and Haas [9] proposed a solution based on threshold cryptography, in which an (n, t + 1) threshold cryptography scheme (with n  3t + 1) allows n parties to share the ability to perform a cryptography operation (e.g., creating a

Defending against dropping invalidation messages

To prevent malicious nodes from dropping invalidation messages, we borrow ideas from the IR-based cache invalidation [6], [7]. In this approach, the server periodically broadcasts an invalidation report (IR) which indicates the changed data items. The IR consists of the current timestamp Ti and a list of 2-tuples (dx, tx), where dx is the data item id, tx is the most recent update timestamp of dx, w is the invalidation broadcast window size, and tx > (Ti  w × L). In other words, IR contains the

Reducing the authentication overhead by randomized grouping

To authenticate data source, digital signatures can be used. However, this approach has high overhead both in terms of computation and bandwidth [13]. To address this issue, researchers apply symmetric cryptographic techniques such as TESLA [12] to secure multicast and routing in ad hoc networks. TESLA provides source authentication with message authentication codes (MACs) using only symmetric cryptography, based on delayed disclosure of keys by the sender. However, when applying TESLA to a

Security analysis

In this section, we show the level of security that our proposed schemes can achieve through analysis. Specifically, we use the following metrics: misdetection probability (i.e., the probability that intrusions are not detected by any node) and cc-victim probability (i.e., the probability that a node becomes a cc-victim). We also study the distance between a victim and a detector of the same intrusion (called Victim-Detector distance), since the distance is related to the guarding delay.

Reducing message size

With the proposed scheme, several MACs should be attached to each message, and the MACs may occupy a large space. For example, if M = 10 and MD5 is used, the MACs occupy up to 1280 bits per packet, while each IR message typically has only tens of bytes. To reduce message size, the size of each MAC should be reduced, and the simplest way is to use a MAC with smaller size. This however will degrade the security level. To study the impact of smaller size MACs on the security level of the system,

Performance evaluations

In this section, we evaluate the proposed intrusion detection and damage recovery schemes in more practical scenarios. We first present the simulation methodology, and then present and analyze the simulation results.

Conclusions

When caching techniques are used, the issue of cache consistency must be addressed. The invalidation-based approach is widely used to maintain strong cache consistency. However, this approach may suffer from some security attacks. For example, the invalidation messages may be dropped or modified by malicious nodes. To defend against such attacks, we proposed a solution based on the IR-based cache invalidation strategy. Since using digital signatures to protect the IR has significantly high

Wensheng Zhang received his BS degree from Tongji University, Shanghai, China, and his MS degree from Chinese Academy of Sciences. He received his Ph.D. degree in computer science from the Pennsylvania State University in 2005. Since then, he has been with the Department of Computer Science at Iowa State University as an assistant professor. His research interests are wireless networks and network security. He is an IEEE member.

References (20)

  • S. Das et al.

    Performance comparison of two on-demand routing protocols for ad hoc networks

    IEEE Infocom

    (2000)
  • D. Johnson et al.

    Dynamic source routing in ad hoc wireless networks

    Mobile Computing, Kluwer

    (1996)
  • Y. Ko et al.

    Location-aided routing in mobile ad hoc networks

    ACM Mobicom

    (1998)
  • S. Lee et al.

    On-demand multicast routing protocol in multihop wireless mobile networks

    ACM/Kluwer Mobile Networks and Applications (MONET)

    (2002)
  • P. Cao et al.

    Maintaining strong cache consistency in the World Wide Web

    IEEE Transactions on Computers

    (1998)
  • D. Barbara et al.

    Sleepers and workaholics: caching strategies for mobile environments

    ACM SIGMOD

    (1994)
  • G. Cao, A scalable low-latency cache invalidation strategy for mobile environments, ACM Mobicom,...
  • H. Hubaux et al.

    The quest for security in mobile ad hoc networks

    ACM MobiHoc

    (2001)
  • L. Zhou et al.

    Securing ad hoc networks

    IEEE Network

    (1999)
  • K. Sanzgiri, B. Dahill, B. Levine, C. Shields, E. Belding-Royer, A secure routing protocol for ad hoc networks, in:...
There are more references available in the full text version of this article.

Cited by (3)

  • Cache consistency in Wireless Multimedia Sensor Networks

    2010, Ad Hoc Networks
    Citation Excerpt :

    In [29] the authors present an on demand relay placement algorithm in order to solve the problem of placing relay nodes in network regions where congestion is detected. Remotely related to the present work are the cache placement algorithms developed for wireless sensor networks [30,31] and ad hoc networks [32], the intrusion detection and intruder identification algorithms for cache consistency policies for ad hoc networks [33], and finally caching architectures and protocols for Internet-based wireless ad hoc and mesh networks [34–36]. In the rest of the paper we use a number of notations.

  • Security aware routing protocols for mobile ad hoc networks

    2012, Technological Advancements and Applications in Mobile Ad-Hoc Networks: Research Trends

Wensheng Zhang received his BS degree from Tongji University, Shanghai, China, and his MS degree from Chinese Academy of Sciences. He received his Ph.D. degree in computer science from the Pennsylvania State University in 2005. Since then, he has been with the Department of Computer Science at Iowa State University as an assistant professor. His research interests are wireless networks and network security. He is an IEEE member.

Guohong Cao received his BS degree from Xian Jiaotong University, Xian, China. He received the MS degree and Ph.D. degree in computer science from the Ohio State University in 1997 and 1999 respectively. Since then, he has been with the Department of Computer Science and Engineering at the Pennsylvania State University, where he is currently an Associate Professor. His research interests are wireless networks and mobile computing. He has published one hundred papers in the areas of sensor networks, data dissemination, resource management, wireless network security, and distributed fault-tolerant computing. He is an editor of the IEEE Transactions on Mobile Computing and IEEE Transactions on Wireless Communications, a co-guest editor of special issue on heterogeneous wireless networks in ACM/Kluwer Mobile Networking and Applications, and has served on the program committee of many conferences. He was a recipient of the Presidential Fellowship at the Ohio State University in 1999, and a recipient of the NSF CAREER award in 2001. He is a senior member of IEEE.

View full text