• Documents
  • Authors
  • Tables
  • Log in
  • Sign up
  • MetaCart
  • DMCA
  • Donate

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols (2002)

by Yih-Chun Hu, Adrian Perrig, David B Johnson
Add To MetaCart

Tools

Sorted by:
Results 1 - 10 of 216
Next 10 →

Ariadne: a secure on-demand routing protocol for ad hoc networks," in

by Yih-Chun Hu , Adrian Perrig , David B Johnson - Proc. 8th ACM International Conf. Mobile Computing Networking , , 2002
"... Abstract An ad hoc network is a group of wireless mobile computers (or nodes), in which individual nodes cooperate by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range. Prior research in ad hoc networking has generally studied the routing prob ..."
Abstract - Cited by 925 (12 self) - Add to MetaCart
Abstract An ad hoc network is a group of wireless mobile computers (or nodes), in which individual nodes cooperate by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range. Prior research in ad hoc networking has generally studied the routing problem in a non-adversarial setting, assuming a trusted environment. In this paper, we present attacks against routing in ad hoc networks, and we present the design and performance evaluation of a new secure on-demand ad hoc network routing protocol, called Ariadne. Ariadne prevents attackers or compromised nodes from tampering with uncompromised routes consisting of uncompromised nodes, and also prevents many types of Denial-of-Service attacks. In addition, Ariadne is efficient, using only highly efficient symmetric cryptographic primitives.

INSENS: Intrusion-tolerant routing in wireless sensor networks”, In:

by J Deng , R Han , S Mishra , 2002
"... Abstract: This paper describes an INtrusion-tolerant routing protocol for wireless SEnsor NetworkS (INSENS). INSENS securely and efficiently constructs tree-structured routing for wireless sensor networks (WSNs). The key objective of an INSENS network is to tolerate damage caused by an intruder who ..."
Abstract - Cited by 107 (5 self) - Add to MetaCart
Abstract: This paper describes an INtrusion-tolerant routing protocol for wireless SEnsor NetworkS (INSENS). INSENS securely and efficiently constructs tree-structured routing for wireless sensor networks (WSNs). The key objective of an INSENS network is to tolerate damage caused by an intruder who has compromised deployed sensor nodes and is intent on injecting, modifying, or blocking packets. To limit or localize the damage caused by such an intruder, INSENS incorporates distributed lightweight security mechanisms, including efficient oneway hash chains and nested keyed message authentication codes that defend against wormhole attacks, as well as multipath routing. Adapting to WSN characteristics, the design of INSENS also pushes complexity away from resource-poor sensor nodes towards resource-rich base stations. An enhanced single-phase version of INSENS scales to large networks, integrates bidirectional verification to defend against rushing attacks, accommodates multipath routing to multiple base stations, enables secure joining/leaving, and incorporates a novel pairwise key setup scheme based on transitory global keys that is more resilient than LEAP. Simulation results are presented to demonstrate and assess the tolerance of INSENS to various attacks launched by an adversary. A prototype implementation of INSENS over a network of MICA2 motes is presented to evaluate the cost incurred. Keywords: Sensor network; Security; Intrusion tolerance; Fault tolerance; Secure routing Article: 1. Introduction Wireless sensor networks (WSNs) are rapidly growing in their importance and relevance to both the research community and the public at large. WSNs are comprised of many small and highly resource-constrained sensor nodes that are distributed in an environment to collect sensor data and forward that data to interested users. Applications of WSNs are rapidly emerging and have become increasingly diverse, ranging from habitat monitoring Security is critical for a variety of sensor network applications, such as home security monitoring and military deployments. In these applications, each sensor node is highly vulnerable to many kinds of attacks, both physical and digital, due to each node"s cost and energy limitations, wireless communication, and exposed location in the field. As a result, mechanisms to achieve both fault tolerance and intrusion tolerance are necessary for sensor networks. Although intrusion tolerance has been studied in the context of wired networks
(Show Context)

Citation Context

...ng and communication equipment. Third and perhaps the most unique, sensor nodes are distributed in the field in-situ and therefore lack physical security that is available to most wired and other forms of wireless networks. As a result, WSNs are highly susceptible to the physical compromise of one or more sensor nodes. Once compromised, the sensor node(s) can be exploited by an intruder to damage the WSN through DOS, jamming, spoofing and several other attacks. Several salient forms of attacks on WSN routing protocols have been described, including the sinkhole attack [20], the rushing attack [18], the wormhole attack [19], and the Sybil attack [14]. These attacks try to induce incorrect routing information in the network to prevent sensor nodes from sending their data to the correct destination. In a sinkhole attack [20], a malicious node claims that it has the shortest path to a well-known destination, e.g. a base station. If a routing scheme allows sensor nodes to select their routing path based on neighborhood routing information, a sinkhole attack can result in several sensor nodes setting their routing path towards the malicious node. In a rushing attack [18], a malicious node ge...

MOCA: Mobile certificate authority for wireless ad hoc networks

by Seung Yi, Robin Kravets - In Proceedings of the 2nd Annual PKI Research Workshop (PKI 03 , 2003
"... An authentication service is one of the the most fundamental building blocks for providing communication security. In this paper, we present the MOCA (MObile Certificate Authority) key management framework designed to provide authentication service for ad hoc wireless networks. MOCA is a distributed ..."
Abstract - Cited by 94 (4 self) - Add to MetaCart
An authentication service is one of the the most fundamental building blocks for providing communication security. In this paper, we present the MOCA (MObile Certificate Authority) key management framework designed to provide authentication service for ad hoc wireless networks. MOCA is a distributed certificate authority (CA) based on threshold cryptography. We present a set of guidelines for a secure configuration of threshold cryptography to maintain strong security. MOCA utilizes a carefully selected set of mobile nodes to function as a collective certificate authority while the MOCA nodes are kept anonymous. Equipped with a novel routing protocol designed to support the unique communication pattern for certification traffic, MOCA achieves high availability without sacrificing security. Both the security of the framework and the operational performance is evaluated with rigorous analysis and extensive simulation study. 1
(Show Context)

Citation Context

...des. • Routing Layer Attacks - Malicious nodes can disrupt routing behavior by advertising false routing information, injecting incorrect routing packets, or even luring all packets and dropping them =-=[2, 10, 11, 12, 13, 16, 27]-=-. Some routing layer attacks can be used to mount a simple denial-of-service attack if the attacker can either block or reroute all of the victim’s packets. The MOCA framework uses a set of routing pr...

Denial of Service Resilience in Ad Hoc Networks

by Imad Aad, Jean-Pierre Hubaux, Edward W. Knightly - In Proc. of ACM MobiCom , 2004
"... Significant progress has been made towards making ad hoc networks secure and DoS resilient. However, little attention has been focused on quantifying DoS resilience: Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there ..."
Abstract - Cited by 82 (4 self) - Add to MetaCart
Significant progress has been made towards making ad hoc networks secure and DoS resilient. However, little attention has been focused on quantifying DoS resilience: Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there attack and system factors that can lead to devastating effects? In this paper, we design and study DoS attacks in order to assess the damage that difficultto -detect attackers can cause. The first attack we study, called the JellyFish attack, is targeted against closed-loop flows such as TCP; although protocol compliant, it has devastating effects. The second is the Black Hole attack, which has effects similar to the JellyFish, but on open-loop flows. We quantify via simulations and analytical modeling the scalability of DoS attacks as a function of key performance parameters such as mobility, system size, node density, and counter-DoS strategy. One perhaps surprising result is that such DoS attacks can increase the capacity of ad hoc networks, as they starve multi-hop flows and only allow one-hop communication, a capacity-maximizing, yet clearly undesirable situation.
(Show Context)

Citation Context

...ute query-flood attacks [17]; and “rushing attack prevention” that seeks to inhibit malicious nodes from attracting an excessive number of routes, which would increase their ability to inflict dam=-=age [20]. Ye-=-t, there remains an indefinite “arms race” in system and protocol design: attackers (or researchers anticipating the moves of attackers) will continually introduce increasingly sophisticated attac...

Visualization of Wormholes in Sensor Networks

by W Wang, B Bhargava , 2004
"... Several protocols have been proposed to defend against wormholes in ad hoc networks by adopting positioning devices, synchronized clocks, or directional antennas. In this paper, we propose a mechanism, MDS-VOW, to detect wormholes in a sensor network. MDS-VOW first reconstructs the layout of the sen ..."
Abstract - Cited by 71 (3 self) - Add to MetaCart
Several protocols have been proposed to defend against wormholes in ad hoc networks by adopting positioning devices, synchronized clocks, or directional antennas. In this paper, we propose a mechanism, MDS-VOW, to detect wormholes in a sensor network. MDS-VOW first reconstructs the layout of the sensors using multi-dimensional scaling. To compensate the distortions caused by distance measurement errors, a surface smoothing scheme is adopted. MDS-VOW then detects the wormhole by visualizing the anomalies introduced by the attack. The anomalies, which are caused by the fake connections through the wormhole, bend the reconstructed surface to pull the sensors that are faraway to each other. Through detecting the bending feature, the wormhole is located and the fake connections are identified. The contributions of MDS-VOW are: (1) it does not require the sensors to be equipped with special hardware, (2) it adopts and combines the techniques from social science, computer graphics, and scientific visualization to attack the problem in network security. We examine the accuracy of the proposed mechanism when the sensors are deployed in a circle area and one wormhole exists in the network. The results show that MDS-VOW has a low false alarm ratio when the distance measurement errors are not large.
(Show Context)

Citation Context

...d by attackers) exists between the two ends of the wormhole, the tunneled packets can propagate faster than those through a normal multi-hop route. This forms the “rushing attack” studied by Hu et al =-=[14]-=-. Wormhole attacks put severe threats to both routing protocols and some security enhancements in sensor networks. For example, the sensors may depend on the neighbor discovery procedures to construct...

Preventing Wormhole Attacks on Wireless Ad Hoc Networks: A Graph Theoretic Approach

by L. Lazos, R. Poovendran, C. Meadows, P. Syverson, L. W. Chang - in IEEE Wireless Communications and Networking Conference (WCNC , 2005
"... Abstract — We study the problem of characterizing the wormhole attack, an attack that can be mounted on a wide range of wireless network protocols without compromising any cryptographic quantity or network node. Making use of geometric random graphs induced by the communication range constraint of t ..."
Abstract - Cited by 55 (2 self) - Add to MetaCart
Abstract — We study the problem of characterizing the wormhole attack, an attack that can be mounted on a wide range of wireless network protocols without compromising any cryptographic quantity or network node. Making use of geometric random graphs induced by the communication range constraint of the nodes, we present the necessary and sufficient conditions for detecting and defending against wormholes. Using our theory, we also present a defense mechanism based on local broadcast keys. We believe our work is the first one to present analytical calculation of the probabilities of detection. We also present simulation results to illustrate our theory. Index Terms — wormhole, security, vulnerability, ad hoc networks, geometric random graph. I.
(Show Context)

Citation Context

...protects the communication. Hence, a wormhole attack is implemented with few resources and is difficult to detect. Several approaches have been presented for defending against the wormhole attack [1]–=-=[3]-=-. The solutions proposed attempt to bound the distance that any message can travel using time-based methods [1], [3], cryptography [2], or exploiting location information [1]. Time-based methods eithe...

So near and yet so far: Distance-bounding attacks in wireless networks

by Jolyon Clulow, Gerhard P. Hancke, Markus G. Kuhn, Tyler Moore - In Security and Privacy in Ad-hoc and Sensor Networks , 2006
"... Abstract. Distance-bounding protocols aim to prevent an adversary from pretending that two parties are physically closer than they really are. We show that proposed distance-bounding protocols of Hu, Perrig and Johnson (2003), Sastry, Shankar and Wagner (2003), and Čapkun and Hubaux (2005, 2006) are ..."
Abstract - Cited by 45 (4 self) - Add to MetaCart
Abstract. Distance-bounding protocols aim to prevent an adversary from pretending that two parties are physically closer than they really are. We show that proposed distance-bounding protocols of Hu, Perrig and Johnson (2003), Sastry, Shankar and Wagner (2003), and Čapkun and Hubaux (2005, 2006) are vulnerable to a guessing attack where the malicious prover preemptively transmits guessed values for a number of response bits. We also show that communication channels not optimized for minimal latency imperil the security of distance-bounding protocols. The attacker can exploit this to appear closer himself or to perform a relaying attack against other nodes. We describe attack strategies to achieve this, including optimizing the communication protocol stack, taking early decisions as to the value of received bits and modifying the waveform of transmitted bits. We consider applying distance-bounding protocols to constrained devices and evaluate existing proposals for distance bounding in ad hoc networks. 1
(Show Context)

Citation Context

...een proposed as a protective measure for wireless networks, where relaying attacks (in this context also known as wormhole attacks) could be used to circumvent key establishment and routing protocols =-=[4,5,6]-=- if an adversary tunnels messages across the network using a low latency, out-of-band channel [5,7]. This emulates nodes at either end of the wormhole being closer than they actually are. L. Buttyan, ...

Detection of denial-of-message attacks on sensor network broadcasts

by Jonathan M. Mccune, Elaine Shi, Adrian Perrig, Michael K. Reiter - in Proceedings of IEEE Symposium on Security and Privacy , 2005
"... So far, sensor network broadcast protocols assume a trustworthy environment. However, in safety and missioncritical sensor networks this assumption may not be valid and some sensor nodes might be adversarial. In these environments, malicious sensor nodes can deprive other nodes from receiving a broa ..."
Abstract - Cited by 43 (2 self) - Add to MetaCart
So far, sensor network broadcast protocols assume a trustworthy environment. However, in safety and missioncritical sensor networks this assumption may not be valid and some sensor nodes might be adversarial. In these environments, malicious sensor nodes can deprive other nodes from receiving a broadcast message. We call this attack a Denial-of-Message Attack (DoM). In this paper, we model and analyze this attack, and present countermeasures. We present SIS, a Secure Implicit Sampling scheme that permits a broadcasting base station to probabilistically detect the failure of nodes to receive its broadcast, even if these failures result from an attacker motivated to induce these failures undetectably. SIS works by eliciting authenticated acknowledgments from a subset of nodes per broadcast, where the subset is unpredictable to the attacker and tunable so as to mitigate acknowledgment implosion on the base station. We use a game-theoretic approach to evaluate this scheme in the face of an optimal attacker that attempts to maximize the number of nodes it denies the broadcast while remaining undetected by the base station, and show that SIS significantly constrains such an attacker even in sensor networks exhibiting high intrinsic loss rates. We also discuss extensions that permit more targeted detection capabilities. 1.
(Show Context)

Citation Context

...ltiple times. An attacker can defeat an insecure (i.e., a simple unique identifier for each broadcast consisting of a sequence number) duplicate-suppression technique by performing the rushing attack =-=[14]-=-. In this attack, two or more malicious nodes are assumed to have a means of communicating which is faster than ordinary broadcast propagation. Alternatively, the malicious nodes can use a denial-of-s...

A Survey on Attacks and Countermeasures in Mobile Ad Hoc Networks

by Bing Wu, Jianmin Chen, Jie Wu, Mihaela Cardei , 2006
"... Security is an essential service for wired and wireless network communications. The success of mobile ad hoc networks (MANET) strongly depends on people’s confidence in its security. However, the characteristics of MANET pose both challenges and opportunities in achieving security goals, such as con ..."
Abstract - Cited by 37 (2 self) - Add to MetaCart
Security is an essential service for wired and wireless network communications. The success of mobile ad hoc networks (MANET) strongly depends on people’s confidence in its security. However, the characteristics of MANET pose both challenges and opportunities in achieving security goals, such as confidentiality, authentication, integrity, availability, access control, and non-repudiation. We provide a survey on attacks and countermeasures in MANET in this paper. The countermeasures are features or functions that reduce or eliminate security vulnerabilities and attacks. First, we give an overview of attacks according to the protocols stacks, and to security attributes and mechanisms. Then we present preventive approaches following the order of the layered protocol stacks. We also put forward an overview of MANET intrusion detection systems (IDS), which are reactive approaches to thwart attacks and used as a second line of defense.

Security considerations in ad hoc sensor networks

by Fei Hu , Neeraj K. Sharma , 2005
"... In future smart environments, ad hoc sensor networks will play a key role in sensing, collecting, and disseminating information about environmental phenomena. As sensor networks come to be wide-spread deployment, security issues become a central concern. So far, the main research focus has been on m ..."
Abstract - Cited by 35 (0 self) - Add to MetaCart
In future smart environments, ad hoc sensor networks will play a key role in sensing, collecting, and disseminating information about environmental phenomena. As sensor networks come to be wide-spread deployment, security issues become a central concern. So far, the main research focus has been on making sensor networks feasible and useful, and less emphasis has been placed on security. This paper analyzes security challenges in wireless sensor networks and summarizes key issues that need be solved for achieving security in an ad hoc network. It gives an overview of the current state of solutions on such key issues as secure routing, prevention of denial-of-service, and key management service.
Powered by: Apache Solr
  • About CiteSeerX
  • Submit and Index Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2019 The Pennsylvania State University