Collaborative Network Security: Targeting Wide-area Routing and Edge-network Attacks

Hiran, Rahul Gokulchand

January 2016

To ensure that services can be delivered reliably and continuously over theInternet, it is important that both Internet routes and edge networks aresecured. However, the sophistication and distributed nature of many at-tacks that target wide-area routing and edge networks make it difficult foran individual network, user, or router to detect these attacks. Thereforecollaboration is important. Although the benefits of collaboration betweendifferent network entities have been demonstrated, many open questionsstill remain, including how to best design distributed scalable mechanismsto mitigate attacks on the network infrastructure. This thesis makes severalcontributions that aim to secure the network infrastructure against attackstargeting wide-area routing and edge networks. First, we present a characterization of a controversial large-scale routinganomaly, in which a large Telecom operator hijacked a very large numberof Internet routes belonging to other networks. We use publicly availabledata from the time of the incident to understand what can be learned aboutlarge-scale routing anomalies and what type of data should be collected inthe future to diagnose and detect such anomalies. Second, we present multiple distributed mechanisms that enable col-laboration and information sharing between different network entities thatare affected by such attacks. The proposed mechanisms are applied in thecontexts of collaborating Autonomous Systems (ASes), users, and servers,and are shown to help raise alerts for various attacks. Using a combina-tion of data-driven analysis and simulations, based on publicly availablereal network data (including traceroutes, BGP announcements, and net-work relationship data), we show that our solutions are scalable, incur lowcommunication and processing overhead, and provide attractive tradeoffsbetween attack detection and false alert rates. Finally, for a set of previously proposed routing security mechanisms,we consider the impact of regional deployment restrictions, the scale of thecollaboration, and the size of the participants deploying the solutions. Al-though regional deployment can be seen as a restriction and the participationof large networks is often desirable, we find interesting cases where regionaldeployment can yield better results compared to random global deployment,and where smaller networks can play an important role in achieving bettersecurity gains. This study offers new insights towards incremental deploy-ment of different classes of routing security mechanisms.

Collaboration

network security

BGP attacks

routing security

hijack

Optimising routing and trustworthiness of ad hoc networks using swarm intelligence

Amin, Saman Hameed

January 2014

This thesis proposes different approaches to address routing and security of MANETs using swarm technology. The mobility and infrastructure-less of MANET as well as nodes misbehavior compose great challenges to routing and security protocols of such a network. The first approach addresses the problem of channel assignment in multichannel ad hoc networks with limited number of interfaces, where stable route are more preferred to be selected. The channel selection is based on link quality between the nodes. Geographical information is used with mapping algorithm in order to estimate and predict the links’ quality and routes life time, which is combined with Ant Colony Optimization (ACO) algorithm to find most stable route with high data rate. As a result, a better utilization of the channels is performed where the throughput increased up to 74% over ASAR protocol. A new smart data packet routing protocol is developed based on the River Formation Dynamics (RFD) algorithm. The RFD algorithm is a subset of swarm intelligence which mimics how rivers are created in nature. The protocol is a distributed swarm learning approach where data packets are smart enough to guide themselves through best available route in the network. The learning information is distributed throughout the nodes of the network. This information can be used and updated by successive data packets in order to maintain and find better routes. Data packets act like swarm agents (drops) where they carry their path information and update routing information without the need for backward agents. These data packets modify the routing information based on different network metrics. As a result, data packet can guide themselves through better routes. In the second approach, a hybrid ACO and RFD smart data packet routing protocol is developed where the protocol tries to find shortest path that is less congested to the destination. Simulation results show throughput improvement by 30% over AODV protocol and 13% over AntHocNet. Both delay and jitter have been improved more than 96% over AODV protocol. In order to overcome the problem of source routing introduced due to the use of the ACO algorithm, a solely RFD based distance vector protocol has been developed as a third approach. Moreover, the protocol separates reactive learned information from proactive learned information to add more reliability to data routing. To minimize the power consumption introduced due to the hybrid nature of the RFD routing protocol, a forth approach has been developed. This protocol tackles the problem of power consumption and adds packets delivery power minimization to the protocol based on RFD algorithm. Finally, a security model based on reputation and trust is added to the smart data packet protocol in order to detect misbehaving nodes. A trust system has been built based on the privilege offered by the RFD algorithm, where drops are always moving from higher altitude to lower one. Moreover, the distributed and undefined nature of the ad hoc network forces the nodes to obligate to cooperative behaviour in order not to be exposed. This system can easily and quickly detect misbehaving nodes according to altitude difference between active intermediate nodes.

006.3

Routing And Security In Wireless Sensor Networks, An Experimental Evaluation Of A Proposed Trust Based Routing Protocol

Chalabianloo, Niaz

01 February 2013

Satisfactory results obtained from sensor networks and the ongoing development in electronics and wireless communications have led to an impressive boost in the number of applications based on WSNs. Along with the growth in popularity of WSNs, previously implemented solutions need further improvements and new challenges arise which need to be solved. One of the main concerns regarding WSNs is the existence of security threats against their routing operations. Likelihood of security attacks in a structure suffering from resource constraints makes it an important task to choose proper security mechanisms for the routing decisions in various types of WSN applications. The main purpose of this study is to survey WSNs, routing protocols, security attacks against routing layer of a WSN, introduction of Trust based models which are an effective defense mechanism against security attacks in WSNs and finally, to implement a proposed Trust based routing protocol in order to overcome security attacks. The study begins with a survey of Sensor Networks, after the introduction of WSNs and their related routing protocols, the issue of security attacks against the network layer of a Sensor Network is described with a presentation of different types of attacks and some of Trust based related works. In the final chapters of this research, a novel Trust based AODV protocol will be proposed, implemented and examined in a simulation environment. For this purpose, multiple number of scenarios will be simulated on the AODV protocol with and without Trust mechanism, then the achieved results will be compared to derive a conclusion.

Routing And Security In Wireless Sensor Networks, An Experimental Evaluation Of A Proposed Trust Based Routing Protocol

Chalabianloo, Niaz

01 February 2013

Satisfactory results obtained from sensor networks and the ongoing development in electronics and wireless communications have led to an impressive boost in the number of applications based on WSNs. Along with the growth in popularity of WSNs, previously implemented solutions need further improvements and new challenges arise which need to be solved. One of the main concerns regarding WSNs is the existence of security threats against their routing operations. Likelihood of security attacks in a structure suffering from resource constraints makes it an important task to choose proper security mechanisms for the routing decisions in various types of WSN applications. The main purpose of this study is to survey WSNs, routing protocols, security attacks against routing layer of a WSN, introduction of Trust based models which are an effective defense mechanism against security attacks in WSNs and finally, to implement a proposed Trust based routing protocol in order to overcome security attacks. The study begins with a survey of Sensor Networks, after the introduction of WSNs and their related routing protocols, the issue of security attacks against the network layer of a Sensor Network is described with a presentation of different types of attacks and some of Trust based related works. In the final chapters of this research, a novel Trust based AODV protocol will be proposed, implemented and examined in a simulation environment. For this purpose, multiple number of scenarios will be simulated on the AODV protocol with and without Trust mechanism, then the achieved results will be compared to derive a conclusion.

Intrusion Detection and Response Systems for Mobile Ad Hoc Networks

Huang, Yi-an

20 November 2006

A mobile ad hoc network (MANET) consists of a group of autonomous mobile nodes with no infrastructure support. In this research, we develop a distributed intrusion detection and response system for MANET, and we believe it presents a second line of defense that cannot be replaced by prevention schemes. We based our detection framework on the study of attack taxonomy. We then propose a set of detection methods suitable of detecting different attack categories. Our approaches are based on protocol specification analysis with categorical and statistical measures. Node-based approaches may be too restrictive in scenarios where attack patterns cannot be observed by any isolated node. Therefore, we have developed cooperative detection approaches for a more effective detection model. One approach is to form IDS clusters by grouping nearby nodes, and information can be exchanged within clusters. The cluster-based scheme is more efficient in terms of power consumption and resource utilization, it is also proved resilient against common security compromises without changing the decentralized assumption. We further address two response techniques, traceback and filtering. Existing traceback systems are not suitable for MANET because they rely on incompatible assumptions such as trustworthy routers and static route topology. Our solution, instead, adapts to dynamic topology with no infrastructure requirement. Our solution is also resilient in the face of arbitrary number of collaborative adversaries. We also develop smart filtering schemes to maximize the dropping rate of attack packets while minimizing the dropping rate of normal packets with real-time guarantee. To validate our research, we present case study using both ns-2 simulation and MobiEmu emulation platform with three ad hoc routing protocols: AODV, DSR and OLSR. We implemented various representative attacks based on the attack taxonomy. Our experiments show very promising results using node-based and cluster-based approaches.

Data mining

Intrusion detection

Routing security

Mobile ad hoc networks

Network security

Design and evaluation of security mechanism for routing in MANETs : elliptic curve Diffie-Hellman cryptography mechanism to secure Dynamic Source Routing protocol (DSR) in Mobile Ad Hoc Network (MANET)

Almotiri, Sultan H.

January 2013

Ensuring trustworthiness through mobile nodes is a serious issue. Indeed, securing the routing protocols in Mobile Ad Hoc Network (MANET) is of paramount importance. A key exchange cryptography technique is one such protocol. Trust relationship between mobile nodes is essential. Without it, security will be further threatened. The absence of infrastructure and a dynamic topology changing reduce the performance of security and trust in mobile networks. Current proposed security solutions cannot cope with eavesdroppers and misbehaving mobile nodes. Practically, designing a key exchange cryptography system is very challenging. Some key exchanges have been proposed which cause decrease in power, memory and bandwidth and increase in computational processing for each mobile node in the network consequently leading to a high overhead. Some of the trust models have been investigated to calculate the level of trust based on recommendations or reputations. These might be the cause of internal malicious attacks. Our contribution is to provide trustworthy communications among the mobile nodes in the network in order to discourage untrustworthy mobile nodes from participating in the network to gain services. As a result, we have presented an Elliptic Curve Diffie-Hellman key exchange and trust framework mechanism for securing the communication between mobile nodes. Since our proposed model uses a small key and less calculation, it leads to a reduction in memory and bandwidth without compromising on security level. Another advantage of the trust framework model is to detect and eliminate any kind of distrust route that contain any malicious node or suspects its behavior.

004.6

Design and Evaluation of Security Mechanism for Routing in MANETs. Elliptic Curve Diffie-Hellman cryptography mechanism to secure Dynamic Source Routing protocol (DSR) in Mobile Ad Hoc Network (MANET).

Almotiri, Sultan H.

January 2013

Ensuring trustworthiness through mobile nodes is a serious issue. Indeed, securing the routing protocols in Mobile Ad Hoc Network (MANET) is of paramount importance. A key exchange cryptography technique is one such protocol. Trust relationship between mobile nodes is essential. Without it, security will be further threatened. The absence of infrastructure and a dynamic topology changing reduce the performance of security and trust in mobile networks. Current proposed security solutions cannot cope with eavesdroppers and misbehaving mobile nodes. Practically, designing a key exchange cryptography system is very challenging. Some key exchanges have been proposed which cause decrease in power, memory and bandwidth and increase in computational processing for each mobile node in the network consequently leading to a high overhead. Some of the trust models have been investigated to calculate the level of trust based on recommendations or reputations. These might be the cause of internal malicious attacks. Our contribution is to provide trustworthy communications among the mobile nodes in the network in order to discourage untrustworthy mobile nodes from participating in the network to gain services. As a result, we have presented an Elliptic Curve Diffie-Hellman key exchange and trust framework mechanism for securing the communication between mobile nodes. Since our proposed model uses a small key and less calculation, it leads to a reduction in memory and bandwidth without compromising on security level. Another advantage of the trust framework model is to detect and eliminate any kind of distrust route that contain any malicious node or suspects its behavior.

Dynamic Source Routing protocol (DSR)

Mobile Ad Hoc Network (MANET)

Routing security

Design

Evaluation