Prevention of Denial of Service Prevention of Denial of Service
Attacks in MANET Attacks in MANET
Pietro
Pietro Michiardi Michiardi - - Refik Refik Molva Molva Institut EURECOM Institut EURECOM
Security in MANET Security in MANET
A priori trust (military, corporate) A priori trust (military, corporate)
Entity authentication ⇒Entity authentication ⇒correct operationcorrect operation
But: But:
requirement for
requirement for tampertamper--proof hardware and strong proof hardware and strong authentication infrastructure
authentication infrastructure
No a priori trust (metropolitan) No a priori trust (metropolitan)
authentication does not guarantee correct operationauthentication does not guarantee correct operation
cooperative security schemescooperative security schemes
Node Misbehavior Node Misbehavior
Selfish Nodes Selfish Nodes
Do not cooperateDo not cooperate
Priority: battery saving Priority: battery saving
No intentional damage to No intentional damage to other nodes.
other nodes.
Attacks:Attacks:
passive denial of passive denial of service
service
black holeblack hole
idle statusidle status
Malicious Nodes Malicious Nodes
Goal: damage to other Goal: damage to other nodes
nodes
Battery saving is not a Battery saving is not a priority
priority
Attacks:Attacks:
active denial of active denial of service
service
traffic subversiontraffic subversion
attacks exploiting attacks exploiting the security the security mechanism mechanism
20 Nodes , Speed: 2m/s
0 0.2 0.4 0.6 0.8 1 1.2
0 5 10 15 20 25 30 35 40 45 50
% of Se lfish Node s
Throughput Type 1
Type 2
60 Nodes , Speed: 2m/s
0 0.2 0.4 0.6 0.8 1 1.2
0 5 10 15 20 25 30 35 40 45 50
% of Selfish Nodes
Throughput
Type 1
Type 2
20 Nodes , Speed: 2m/s
1.5 2 2.5
]
Type 2
60 Nodes , Speed: 2m/s
0.6 0.7 0.8 0.9 1
Example: passive denial of service attacks
Cooperation enforcement in Cooperation enforcement in
MANET MANET
Prevent network/service utilization by Prevent network/service utilization by misbehaving nodes.
misbehaving nodes.
Approaches: Approaches:
metering (currency) metering (currency)
monitoring monitoring
CORE: design principles CORE: design principles
Local Reputation
Local Reputation as a measure of a node’s behavior.as a measure of a node’s behavior.
Basic idea Basic idea:: good reputation
good reputation ⇒⇒node can use the networknode can use the network bad reputation
bad reputation ⇒⇒network utilization gradually deniednetwork utilization gradually denied
⇓⇓
Isolation of misbehaving nodes Isolation of misbehaving nodes Utilization Contribution
requestor provider
req(f)
Start
monitoring f execute(f)
Validate(f) ack(f)
promiscuous listening
CORE: the protocol CORE: the protocol
Provider’s Direct Reputation Ê Indirect Reputation
for all cooperating nodes Ê
No Attack No Attack
a
b c i
d
g l
e
h m
f n
b: Ê
d: Ê Ê
e: Ê
h: Ê
m: Ê
Reputation table
Direct reputation
Indirect reputation
S
D
Black Hole (Passive DoS) Black Hole (Passive DoS)
a
b c i
d
g l
e
h m
f n
d: — —
l: — —
h: Ì —
b: — —
c: — —
Node l has a valid route to node e:
<l, g, h, e>
Node h does not perform the PF function
No Distribution of Negative Ratings
DoS using CORE? (active DoS) DoS using CORE? (active DoS)
a
b c i
d
g k
e
h m
f n
b: — —
e: —
g: —
...
c: good —
d: — —
g: Ì Ì ...
c : good —
m: — —
g : Ì Ì ...
Since nodes b and k know that node c has a good reputation, the peer validation mechanism detects the bogus explicit DoS and decreases g’s reputation.
Traffic subversion (active DoS) Traffic subversion (active DoS)
a
b c i
d
g l
e h
m
f n
l: — —
e: — —
g: Ê Ê
...
b: — —
i : — —
g: Ì Ì — ...
source destination
DSR route request function
DSR route reply Packet forwarding function
c: — —
a: — —
g: Ì Ì — ...
CORE: Properties CORE: Properties
•Passive DoS attacks are detected and cooperation is enforced
•Active DoS attacks are prevented
• Decaying of reputation
• Reputation is hard to build
DoS attacks exploiting CORE are prevented
Peer validation No rating distribution +
Game Theory Example Game Theory Example
MANET MANET
a
b c d
• m-dimensional prisoner’s dilemma
• sequential game
• players = {a, b, c}
• Set of actions {cooperate, defect}
• Players’ choice based on utility function
BEST STRATEGY: defect f = Packet forwarding
Game Theory Example Game Theory Example
MANET with CORE MANET with CORE
a
b c d
• Find a utility function that reflects the reputation mechanism
• Show that best strategy is to cooperate
f = Packet forwarding
Utility Function Utility Function
Equity, reciprocity and competition (ERC) Equity, reciprocity and competition (ERC)
large group of players large group of players
= ∑
+
j j i i
i i i
i
y y
r y
u σ
σ β α
: share relative
: function
utility ( ) ( )
One One - - shot PD Game shot PD Game
Cooperation payoff
Cooperation payoff y y
ii=B(k = B(k) ) – – C(k C(k) ) Defection payoff
Defection payoff y y
ii=B(k = B(k) ) N nodes, k cooperate N nodes, k cooperate
+ +
− +
+
− + +
+
−
+ . ( 1) ( 1) ( 1)
) 1 ( ) 1 )] (
1 ( ) 1 (
[ NB k k C k
k C k
r B k
C k
B
u i
i β
α
: fect) Utility(de
: operate) Utility(co
Incentive Structure based on CORE Incentive Structure based on CORE
A1. Cooperation is socially desirable:
A1. Cooperation is socially desirable:
A2. Cooperation is individually desirable:
A2. Cooperation is individually desirable:
Analysis (based on A1 and A2):
Analysis (based on A1 and A2):
Utility(cooperateUtility(cooperate) ) ≥≥Utility(defectUtility(defect))
Solutions (Nash equilibrium): k = 0 and k Solutions (Nash equilibrium): k = 0 and k ≥≥ N/2N/2
) ( )
( )
1 ( ) 1 ( ) 1
( k k C k N B k k C k
B
N ⋅ + − + + ≥ ⋅ − ⋅
) ( )
( )
1 (
) 1
( k C k B k C k
B + − + ≥ −
Future work Future work
Further investigation of ERC types ( Further investigation of ERC types ( α, α , β) β )
Incentive structures (Shapley Incentive structures ( Shapley value) value)
Further validation by simulation NS Further validation by simulation NS → → QualNet QualNet
