Yi-an Huang
ABSTRACT
Traceback schemes are useful to identify the source of an attack. Existing traceback systems are not suitable for Mobile Ad Hoc Networks (MANET) because they rely on assumptions such as trustworthy routers and static route topology that do not hold in the ad hoc platform. In this paper, we propose a single-packet traceback solution that is extended from the hash-based traceback scheme [19] but not relying on these assumptions. In particular, our solution is fully distributed and resilient in the face of arbitrary number of collaborative adversaries.In this paper, we develop a new technique, namely Tagged Bloom Filters, as an efficient means to store additional information associated with each incoming packet. The additional information can be used to accurately recover the attack path when an attack packet is queried in a traceback session. Based on this technique, we propose several distributed schemes, collectively called Hotspot-Based Traceback schemes, to defeat attacks under different security requirements. We present the protocol design, study possible security caveats and propose the corresponding countermeasures.We present both theoretical and experimental results using ns-2 [8] simulations to show the effectiveness and efficiency of our approach.
- S. M. Bellovin. ICMP traceback messages. Internet draft draft-bellovin-itrace-00.txt, Network Working Group, Mar. 2000. expired 2000.]]Google Scholar
- J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and secure message authentication. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO'99), pages 216--233, London, UK, 1999. Springer-Verlag.]] Google ScholarDigital Library
- B. H. Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of ACM, 13(7):422--426, July 1970.]] Google ScholarDigital Library
- H. Burch and B. Cheswick. Tracing anonymous packets to their approximate source. In Proceedings of the USENIX LISA Conference, Dec. 2000.]] Google ScholarDigital Library
- S. Capkun, L. Buttyán, and J.-P. Hubaux. Self-organized public-key management for mobile ad hoc networks. In Proceedings of the ACM International Workshop on Wireless Security (WiSe'02), 2002.]]Google Scholar
- S. Capkun, J.-P. Hubaux, and L. Buttyán. Mobility helps security in ad hoc networks. In Proceedings of the Fourth ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc'03), 2003.]] Google ScholarDigital Library
- S. Cheung and K. N. Levitt. Protecting routing infrastructures from denial of service using cooperative intrusion detection. In Proceedings of the New Security Paradigms Workshop, Cumbria, UK, Sept. 1997.]] Google ScholarDigital Library
- K. Fall, K. Varadhan, and the VINT project. The ns Manual (formerly ns Notes and Documentation), 2000.]]Google Scholar
- L. Fan, P. Cao, J. Almeida, and A. Z. Broder. Summary cache: a scalable wide-area Web cache sharing protocol. IEEE/ACM Transactions on Networking, 8(3):281--293, 2000.]] Google ScholarDigital Library
- Y.-C. Hu, A. Perrig, and D. B. Johnson. Ariadne: A secure on-demand routing protocol for ad hoc networks. In Proceedings of the Eighth Annual International Conference on Mobile Computing and Networking (MobiCom'02), Sept. 2002.]] Google ScholarDigital Library
- Y.-C. Hu, A. Perrig, and D. B. Johnson. Packet leashes: A defense against wormhole attacks in wireless networks. In Proceedings of IEEE INFOCOM, pages 1976--1986, San Francisco, CA, Apr. 2003.]]Google ScholarCross Ref
- Y. Huang and W. Lee. A cooperative intrusion detection system for ad hoc networks. In Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'03), Oct. 2003.]] Google ScholarDigital Library
- Y. Huang and W. Lee. Attack analysis and detection for ad hoc routing protocols. In Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID'04), pages 125--145, French Riviera, France, Sept. 2004.]]Google ScholarCross Ref
- J.-P. Hubaux, L. Buttyán, and S. Capkun. The quest for security in mobile ad hoc networks. In Proceeding of the ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc'01), Long Beach, CA, 2001.]] Google ScholarDigital Library
- D. Liu and P. Ning. Multilevel ≥TESLA: Broadcast authentication for distributed sensor networks. ACM Transactions on Embedded Computing Systems (TECS), 3(4):800--836, Nov. 2004.]] Google ScholarDigital Library
- S. Marti, T. J. Giuli, K. Lai, and M. Baker. Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the 6th Annual International Conference on Mobile Computing and Networking (Mobicom'00), pages 255--265, 2000.]] Google ScholarDigital Library
- C. E. Perkins, E. M. Belding-Royer, and I. Chakeres. Ad hoc on demand distance vector (AODV) routing. Internet draft draft-perkins-manet-aodvbis-00.txt, Internet Engineering Task Force, Oct. 2003. (Work in Progress).]] Google ScholarDigital Library
- S. Savage, D. Wetherall, A. Karlin, and T. Anderson. Network support for IP traceback. ACM/IEEE Transactions on Networking, 9(3):226--239, June 2001.]] Google ScholarDigital Library
- A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer. Hash-based IP traceback. In Proceedings of the ACM Conference on Communications Architectures, Protocols and Applications(SIGCOMM'01), 2001.]] Google ScholarDigital Library
- D. X. Song and A. Perrig. Advanced and authenticated marking schemes for IP traceback. In Proceedings of the IEEE INFOCOM, volume 2, 2001.]]Google Scholar
- F. Stajano and R. Anderson. The resurrecting duckling: Security issues for ad-hoc wireless networks. Security Protocols. 7th International Workshop Proceedings, Lecture Notes in Computer Science, pages 172--194, 1999.]] Google ScholarDigital Library
- N. H. Vaidya. Weak duplicate address detection in mobile ad hoc networks. In Proceeding of the Third ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc'02), pages 206--216, Lausanne, Switzerland, June 2002.]] Google ScholarDigital Library
- X. Wang, D. S. Reeves, S. F. Wu, and J. Yuill. Sleepy watermark tracing: An active intrusion response framework. In Proceedings of the 16th International Information Security Conference (IFIP/Sec'01), June 2001.]] Google ScholarDigital Library
- A. Yaar, A. Perrig, and D. X. Song. FIT: Fast internet traceback. In Proceedings of IEEE INFOCOM, Miami, FL, Mar. 2005.]]Google ScholarCross Ref
Index Terms
- Hotspot-based traceback for mobile ad hoc networks
Recommendations
A hotspot-based protocol for attack traceback in mobile ad hoc networks
ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications SecurityBased on the principle of divide and conquer, in this paper we propose an efficient traceback protocol for mobile ad hoc networks, The protocol is capable of detecting a hotspot where the attacker resides. It works by dividing the forwarding path of ...
Node-disjointness-based multipath routing for mobile ad hoc networks
PE-WASUN '04: Proceedings of the 1st ACM international workshop on Performance evaluation of wireless ad hoc, sensor, and ubiquitous networksMobile ad hoc networks are characterized by the use of wireless links with limited bandwidth, dynamically varying network topology and multi-hop connectivity. AODV and DSR are the two most widely studied on-demand ad hoc routing protocols. Previous work ...
Defence against packet injection in ad hoc networks
Wireless ad hoc networks have very limited network resources and are thus susceptible to attacks that focus on resource exhaustion, such as the injection of junk packets. These attacks cause serious denial-of-service via wireless channel contention and ...
Comments