Results 1 - 10
of
216
Ariadne: a secure on-demand routing protocol for ad hoc networks," in
- Proc. 8th ACM International Conf. Mobile Computing Networking ,
, 2002
"... Abstract An ad hoc network is a group of wireless mobile computers (or nodes), in which individual nodes cooperate by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range. Prior research in ad hoc networking has generally studied the routing prob ..."
Abstract
-
Cited by 925 (12 self)
- Add to MetaCart
Abstract An ad hoc network is a group of wireless mobile computers (or nodes), in which individual nodes cooperate by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range. Prior research in ad hoc networking has generally studied the routing problem in a non-adversarial setting, assuming a trusted environment. In this paper, we present attacks against routing in ad hoc networks, and we present the design and performance evaluation of a new secure on-demand ad hoc network routing protocol, called Ariadne. Ariadne prevents attackers or compromised nodes from tampering with uncompromised routes consisting of uncompromised nodes, and also prevents many types of Denial-of-Service attacks. In addition, Ariadne is efficient, using only highly efficient symmetric cryptographic primitives.
INSENS: Intrusion-tolerant routing in wireless sensor networks”, In:
, 2002
"... Abstract: This paper describes an INtrusion-tolerant routing protocol for wireless SEnsor NetworkS (INSENS). INSENS securely and efficiently constructs tree-structured routing for wireless sensor networks (WSNs). The key objective of an INSENS network is to tolerate damage caused by an intruder who ..."
Abstract
-
Cited by 107 (5 self)
- Add to MetaCart
(Show Context)
Abstract: This paper describes an INtrusion-tolerant routing protocol for wireless SEnsor NetworkS (INSENS). INSENS securely and efficiently constructs tree-structured routing for wireless sensor networks (WSNs). The key objective of an INSENS network is to tolerate damage caused by an intruder who has compromised deployed sensor nodes and is intent on injecting, modifying, or blocking packets. To limit or localize the damage caused by such an intruder, INSENS incorporates distributed lightweight security mechanisms, including efficient oneway hash chains and nested keyed message authentication codes that defend against wormhole attacks, as well as multipath routing. Adapting to WSN characteristics, the design of INSENS also pushes complexity away from resource-poor sensor nodes towards resource-rich base stations. An enhanced single-phase version of INSENS scales to large networks, integrates bidirectional verification to defend against rushing attacks, accommodates multipath routing to multiple base stations, enables secure joining/leaving, and incorporates a novel pairwise key setup scheme based on transitory global keys that is more resilient than LEAP. Simulation results are presented to demonstrate and assess the tolerance of INSENS to various attacks launched by an adversary. A prototype implementation of INSENS over a network of MICA2 motes is presented to evaluate the cost incurred. Keywords: Sensor network; Security; Intrusion tolerance; Fault tolerance; Secure routing Article: 1. Introduction Wireless sensor networks (WSNs) are rapidly growing in their importance and relevance to both the research community and the public at large. WSNs are comprised of many small and highly resource-constrained sensor nodes that are distributed in an environment to collect sensor data and forward that data to interested users. Applications of WSNs are rapidly emerging and have become increasingly diverse, ranging from habitat monitoring Security is critical for a variety of sensor network applications, such as home security monitoring and military deployments. In these applications, each sensor node is highly vulnerable to many kinds of attacks, both physical and digital, due to each node"s cost and energy limitations, wireless communication, and exposed location in the field. As a result, mechanisms to achieve both fault tolerance and intrusion tolerance are necessary for sensor networks. Although intrusion tolerance has been studied in the context of wired networks
MOCA: Mobile certificate authority for wireless ad hoc networks
- In Proceedings of the 2nd Annual PKI Research Workshop (PKI 03
, 2003
"... An authentication service is one of the the most fundamental building blocks for providing communication security. In this paper, we present the MOCA (MObile Certificate Authority) key management framework designed to provide authentication service for ad hoc wireless networks. MOCA is a distributed ..."
Abstract
-
Cited by 94 (4 self)
- Add to MetaCart
(Show Context)
An authentication service is one of the the most fundamental building blocks for providing communication security. In this paper, we present the MOCA (MObile Certificate Authority) key management framework designed to provide authentication service for ad hoc wireless networks. MOCA is a distributed certificate authority (CA) based on threshold cryptography. We present a set of guidelines for a secure configuration of threshold cryptography to maintain strong security. MOCA utilizes a carefully selected set of mobile nodes to function as a collective certificate authority while the MOCA nodes are kept anonymous. Equipped with a novel routing protocol designed to support the unique communication pattern for certification traffic, MOCA achieves high availability without sacrificing security. Both the security of the framework and the operational performance is evaluated with rigorous analysis and extensive simulation study. 1
Denial of Service Resilience in Ad Hoc Networks
- In Proc. of ACM MobiCom
, 2004
"... Significant progress has been made towards making ad hoc networks secure and DoS resilient. However, little attention has been focused on quantifying DoS resilience: Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there ..."
Abstract
-
Cited by 82 (4 self)
- Add to MetaCart
(Show Context)
Significant progress has been made towards making ad hoc networks secure and DoS resilient. However, little attention has been focused on quantifying DoS resilience: Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there attack and system factors that can lead to devastating effects? In this paper, we design and study DoS attacks in order to assess the damage that difficultto -detect attackers can cause. The first attack we study, called the JellyFish attack, is targeted against closed-loop flows such as TCP; although protocol compliant, it has devastating effects. The second is the Black Hole attack, which has effects similar to the JellyFish, but on open-loop flows. We quantify via simulations and analytical modeling the scalability of DoS attacks as a function of key performance parameters such as mobility, system size, node density, and counter-DoS strategy. One perhaps surprising result is that such DoS attacks can increase the capacity of ad hoc networks, as they starve multi-hop flows and only allow one-hop communication, a capacity-maximizing, yet clearly undesirable situation.
Visualization of Wormholes in Sensor Networks
, 2004
"... Several protocols have been proposed to defend against wormholes in ad hoc networks by adopting positioning devices, synchronized clocks, or directional antennas. In this paper, we propose a mechanism, MDS-VOW, to detect wormholes in a sensor network. MDS-VOW first reconstructs the layout of the sen ..."
Abstract
-
Cited by 71 (3 self)
- Add to MetaCart
(Show Context)
Several protocols have been proposed to defend against wormholes in ad hoc networks by adopting positioning devices, synchronized clocks, or directional antennas. In this paper, we propose a mechanism, MDS-VOW, to detect wormholes in a sensor network. MDS-VOW first reconstructs the layout of the sensors using multi-dimensional scaling. To compensate the distortions caused by distance measurement errors, a surface smoothing scheme is adopted. MDS-VOW then detects the wormhole by visualizing the anomalies introduced by the attack. The anomalies, which are caused by the fake connections through the wormhole, bend the reconstructed surface to pull the sensors that are faraway to each other. Through detecting the bending feature, the wormhole is located and the fake connections are identified. The contributions of MDS-VOW are: (1) it does not require the sensors to be equipped with special hardware, (2) it adopts and combines the techniques from social science, computer graphics, and scientific visualization to attack the problem in network security. We examine the accuracy of the proposed mechanism when the sensors are deployed in a circle area and one wormhole exists in the network. The results show that MDS-VOW has a low false alarm ratio when the distance measurement errors are not large.
Preventing Wormhole Attacks on Wireless Ad Hoc Networks: A Graph Theoretic Approach
- in IEEE Wireless Communications and Networking Conference (WCNC
, 2005
"... Abstract — We study the problem of characterizing the wormhole attack, an attack that can be mounted on a wide range of wireless network protocols without compromising any cryptographic quantity or network node. Making use of geometric random graphs induced by the communication range constraint of t ..."
Abstract
-
Cited by 55 (2 self)
- Add to MetaCart
(Show Context)
Abstract — We study the problem of characterizing the wormhole attack, an attack that can be mounted on a wide range of wireless network protocols without compromising any cryptographic quantity or network node. Making use of geometric random graphs induced by the communication range constraint of the nodes, we present the necessary and sufficient conditions for detecting and defending against wormholes. Using our theory, we also present a defense mechanism based on local broadcast keys. We believe our work is the first one to present analytical calculation of the probabilities of detection. We also present simulation results to illustrate our theory. Index Terms — wormhole, security, vulnerability, ad hoc networks, geometric random graph. I.
So near and yet so far: Distance-bounding attacks in wireless networks
- In Security and Privacy in Ad-hoc and Sensor Networks
, 2006
"... Abstract. Distance-bounding protocols aim to prevent an adversary from pretending that two parties are physically closer than they really are. We show that proposed distance-bounding protocols of Hu, Perrig and Johnson (2003), Sastry, Shankar and Wagner (2003), and Čapkun and Hubaux (2005, 2006) are ..."
Abstract
-
Cited by 45 (4 self)
- Add to MetaCart
(Show Context)
Abstract. Distance-bounding protocols aim to prevent an adversary from pretending that two parties are physically closer than they really are. We show that proposed distance-bounding protocols of Hu, Perrig and Johnson (2003), Sastry, Shankar and Wagner (2003), and Čapkun and Hubaux (2005, 2006) are vulnerable to a guessing attack where the malicious prover preemptively transmits guessed values for a number of response bits. We also show that communication channels not optimized for minimal latency imperil the security of distance-bounding protocols. The attacker can exploit this to appear closer himself or to perform a relaying attack against other nodes. We describe attack strategies to achieve this, including optimizing the communication protocol stack, taking early decisions as to the value of received bits and modifying the waveform of transmitted bits. We consider applying distance-bounding protocols to constrained devices and evaluate existing proposals for distance bounding in ad hoc networks. 1
Detection of denial-of-message attacks on sensor network broadcasts
- in Proceedings of IEEE Symposium on Security and Privacy
, 2005
"... So far, sensor network broadcast protocols assume a trustworthy environment. However, in safety and missioncritical sensor networks this assumption may not be valid and some sensor nodes might be adversarial. In these environments, malicious sensor nodes can deprive other nodes from receiving a broa ..."
Abstract
-
Cited by 43 (2 self)
- Add to MetaCart
(Show Context)
So far, sensor network broadcast protocols assume a trustworthy environment. However, in safety and missioncritical sensor networks this assumption may not be valid and some sensor nodes might be adversarial. In these environments, malicious sensor nodes can deprive other nodes from receiving a broadcast message. We call this attack a Denial-of-Message Attack (DoM). In this paper, we model and analyze this attack, and present countermeasures. We present SIS, a Secure Implicit Sampling scheme that permits a broadcasting base station to probabilistically detect the failure of nodes to receive its broadcast, even if these failures result from an attacker motivated to induce these failures undetectably. SIS works by eliciting authenticated acknowledgments from a subset of nodes per broadcast, where the subset is unpredictable to the attacker and tunable so as to mitigate acknowledgment implosion on the base station. We use a game-theoretic approach to evaluate this scheme in the face of an optimal attacker that attempts to maximize the number of nodes it denies the broadcast while remaining undetected by the base station, and show that SIS significantly constrains such an attacker even in sensor networks exhibiting high intrinsic loss rates. We also discuss extensions that permit more targeted detection capabilities. 1.
A Survey on Attacks and Countermeasures in Mobile Ad Hoc Networks
, 2006
"... Security is an essential service for wired and wireless network communications. The success of mobile ad hoc networks (MANET) strongly depends on people’s confidence in its security. However, the characteristics of MANET pose both challenges and opportunities in achieving security goals, such as con ..."
Abstract
-
Cited by 37 (2 self)
- Add to MetaCart
Security is an essential service for wired and wireless network communications. The success of mobile ad hoc networks (MANET) strongly depends on people’s confidence in its security. However, the characteristics of MANET pose both challenges and opportunities in achieving security goals, such as confidentiality, authentication, integrity, availability, access control, and non-repudiation. We provide a survey on attacks and countermeasures in MANET in this paper. The countermeasures are features or functions that reduce or eliminate security vulnerabilities and attacks. First, we give an overview of attacks according to the protocols stacks, and to security attributes and mechanisms. Then we present preventive approaches following the order of the layered protocol stacks. We also put forward an overview of MANET intrusion detection systems (IDS), which are reactive approaches to thwart attacks and used as a second line of defense.
Security considerations in ad hoc sensor networks
, 2005
"... In future smart environments, ad hoc sensor networks will play a key role in sensing, collecting, and disseminating information about environmental phenomena. As sensor networks come to be wide-spread deployment, security issues become a central concern. So far, the main research focus has been on m ..."
Abstract
-
Cited by 35 (0 self)
- Add to MetaCart
In future smart environments, ad hoc sensor networks will play a key role in sensing, collecting, and disseminating information about environmental phenomena. As sensor networks come to be wide-spread deployment, security issues become a central concern. So far, the main research focus has been on making sensor networks feasible and useful, and less emphasis has been placed on security. This paper analyzes security challenges in wireless sensor networks and summarizes key issues that need be solved for achieving security in an ad hoc network. It gives an overview of the current state of solutions on such key issues as secure routing, prevention of denial-of-service, and key management service.