0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
31 Ansichten4 Seiten
Ad-hoc low-power wireless networks are an exciting research direction in sensing and pervasive computing. Prior security work in this area has focused primarily on denial of communication at the routing or medium access control levels. This paper explores resource depletion attacks at the routing protocol layer, which permanently disable networks by quickly draining nodes’ battery power. These “Vampire” attacks are not specific to any specific protocol, but rather rely on the properties of many popular classes of routing protocols. We find that all examined protocols are suscepti-ble to Vampire attacks, which are devastating, difficult to detect, and are easy to carry out using as few as one mali-cious insider sending only protocol- compliant messages. In the worst case, a single Vampire can increase network-wide energy usage by a factor of O(N), where N in the number of network nodes. We discuss methods to mitigate these types of attacks, including a new proof-of-concept protocol that provably bounds the damage caused by Vampires during the packet forwarding phase.
Ad-hoc low-power wireless networks are an exciting research direction in sensing and pervasive computing. Prior security work in this area has focused primarily on denial of communication at the routing or medium access control levels. This paper explores resource depletion attacks at the routing protocol layer, which permanently disable networks by quickly draining nodes’ battery power. These “Vampire” attacks are not specific to any specific protocol, but rather rely on the properties of many popular classes of routing protocols. We find that all examined protocols are suscepti-ble to Vampire attacks, which are devastating, difficult to detect, and are easy to carry out using as few as one mali-cious insider sending only protocol- compliant messages. In the worst case, a single Vampire can increase network-wide energy usage by a factor of O(N), where N in the number of network nodes. We discuss methods to mitigate these types of attacks, including a new proof-of-concept protocol that provably bounds the damage caused by Vampires during the packet forwarding phase.
Ad-hoc low-power wireless networks are an exciting research direction in sensing and pervasive computing. Prior security work in this area has focused primarily on denial of communication at the routing or medium access control levels. This paper explores resource depletion attacks at the routing protocol layer, which permanently disable networks by quickly draining nodes’ battery power. These “Vampire” attacks are not specific to any specific protocol, but rather rely on the properties of many popular classes of routing protocols. We find that all examined protocols are suscepti-ble to Vampire attacks, which are devastating, difficult to detect, and are easy to carry out using as few as one mali-cious insider sending only protocol- compliant messages. In the worst case, a single Vampire can increase network-wide energy usage by a factor of O(N), where N in the number of network nodes. We discuss methods to mitigate these types of attacks, including a new proof-of-concept protocol that provably bounds the damage caused by Vampires during the packet forwarding phase.
Peer Reviewed Online International Journal Volume 1, Issue 1, May 2014 179
Efficient Detection and Elimination of Vampire
Attacks in Wireless Ad hoc Sensor Networks
Ashish BK Dept of Computer Science and Engineering YD Institute of Technology Bangalore, India ashishkale34@gmail.com
Swathi P Dept of Computer Science and Engineering YD Institute of Technology Bangalore, India swathipalavalli@gmail.com
Rashmi RK Dept of Computer Science and Engineering YD Institute of Technology Bangalore, India rashmikoradakeri@gmail.com
Sujatha D and Geetha C Mara Dept of Computer Science and Engineering YD Institute of Technology, Bangalore, India sujatadoddamani3@gmail.com and g_mara@yahoo.com
Abstract
Ad-hoc low-power wireless networks are an exciting re- search direction in sensing and pervasive computing. Prior security work in this area has focused primarily on denial of communication at the routing or medium access control lev- els. This paper explores resource depletion attacks at the routing protocol layer, which permanently disable networks by quickly draining nodes battery power. These Vampire attacks are not specific to any specific protocol, but rather rely on the properties of many popular classes of routing protocols. We find that all examined protocols are suscepti- ble to Vampire attacks, which are devastating, difficult to detect, and are easy to carry out using as few as one mali- cious insider sending only protocol- compliant messages. In the worst case, a single Vampire can increase network-wide energy usage by a factor of O(N), where N in the number of network nodes. We discuss methods to mitigate these types of attacks, including a new proof-of-concept protocol that provably bounds the damage caused by Vampires during the packet forwarding phase.
Ad-hoc wireless sensor networks (WSNs) promise excit- ing new applications in the near future, such as ubiquitous on-demand computing power, continuous connectivity, and instantly-deployable communication for military and first responders. Such networks already monitor environmental conditions, factory performance, and troop deployment, to name a few applications. As WSNs become more and more crucial to the everyday functioning of people and organiza- tions, availability faults become less tolerable lack of availability can make the difference between business as usual and lost productivity, power outages, environmental disasters, and even lost lives; thus high availability of these networks is a critical property, and should hold even under malicious conditions. While these schemes can prevent at- tacks on the short-term availability of a network, they do not address attacks that affect long-term availability the most permanent denial of service attack is to entirely deplete nodes batteries. This is an instance of a resource depletion attack, with battery power as the resource of interest. In this paper we consider how routing protocols, even those de- signed to be secure, lack protection from these attacks, which we call Vampire attacks, since they drain the life from networks nodes. These attacks are distinct from previously- studied DoS reduction of quality (RoQ), and routing infra- structure attacks as they do not disrupt immediate availabil- ity, but rather work over time to entirely disable a network. International Journal of Innovatory Research in Engineering and Technology IJIRET www.ijirusa.webs.com
Peer Reviewed Online International Journal Volume 1, Issue 1, May 2014 180 Vampire attacks are not protocol-specific, in that they do not rely on design properties or implementation faults of particu- lar routing protocols. Neither do these attacks rely on flood- ing the network with large amounts of data, but rather try to transmit as little data as possible to achieve the largest ener- gy drain, preventing a rate limiting solution.
Related Work
We do not imply that power draining itself is novel, but rather that these attacks have not been rigorously defined, evaluated, or mitigated at the routing layer. There is also significant past literature on attacks and defenses against quality of service (QoS) degradation, or reduction of quality (RoQ) attacks, that produce long-term degradation in net- work performance. The effect of denial or degradation of service on battery life and other finite node resources has not generally been a security consideration, making our work tangential to the research mentioned above. Current work in minimal-energy routing, which aims to increase the lifetime of power-constrained networks by using less energy to transmit and receive packets (e.g. by minimizing wireless transmission distance), is likewise orthogonal: these proto- cols focus on cooperative nodes and not malicious scenarios.
Existing System Existing work on secure routing attempts to ensure that adversaries cannot cause path discovery to return an invalid network path, but Vampires do not disrupt or alter discov- ered paths, instead using existing valid network paths and protocol compliant messages. Protocols that maximize pow- er efficiency are also inappropriate, since they rely on coop- erative node behavior and cannot optimize out malicious action. Below figure 1 shows the carousel attack of same node appears in the route many times. Figure 2 represents stretch attack where malicious path takes the longest route.
Fig.1 Carousel attacks
Fig.2 Stretch attack
Proposed System
In proposed system we show simulation results quantifying the performance of several representative protocols in the presence of a single Vampire. Then, we modify an existing sensor network routing protocol to provably bound the dam- age from Vampire attacks during packet forwarding. In this paper,we focus on the route discovery part of on-demand source routing protocols, but we believe that the general principles of our approach are applicable to the route discov- ery part of other types of protocols too. At a very informal level, security of a routing protocol means that it can per- form its functions even in the presence of an adversary. Ob- viously, the objective of the adversary is to prevent the cor- rect functioning of the routing protocol. Since we are focus- ing on the route discovery part of on-demand source routing protocols, in our case, attacks are aiming at achieving that honest nodes receive incorrect routes as a result of the route discovery procedure. We will make it more precise later what we mean by an incorrect route.
System Architecture
Fig.3 System Architecure of vampire attack
The above architecture is explained module by module be- low:
International Journal of Innovatory Research in Engineering and Technology IJIRET ww.ijirusa.webs.com Peer Reviewed Online International Journal Volume 1, Issue 1, May 2014 181 a. Node Configuration Setting: The mobile nodes are designed and configured dynami- cally, designed to employ across the network, the nodes are set according to the X, Y, Z dimension, which the nodes have the direct transmission range to all other nodes.
b. Data Routing: The source and destination are set at larger distance, the source transmits the data packets to destination through the intermediate hop nodes using UDP user data gram protocol, link state routing like PLGP act as an ad hoc routing proto- col.
c. Vampire Attack: The malicious node enters the network, and affects the one of the intermediate node by sending false packets. So the malicious node drain the energy of the intermediate node, the intermediate energy level goes to 0 joules. So the data transmission is affected, the path tends to be failure between source and destination. As a result source retransmits the data in another path to destination. If the vampire attack con- tinues it will disable the whole network . d. Backtracking Technique: The back tracking technique is used to identify legitimate nodes in the particular path; the nodes accept the data only after the execution of back tracking technique. If source transmits the data to next neighbor node, the next node veri- fies the source identity using back tracking process. Through this technique the data is transmitted securely in the presence of vampire nodes.
e. Intrusion Detection System: The energy constraint IDS is used to detect the malicious nodes from the network, for that purpose the energy level for all nodes are calculated after every data iteration process. Maximum nodes have an average energy level in certain range, due to the nature of vampire nodes have a abnormal energy level like malicious node energy level is three times more than the average energy level, by this technique the malicious nodes can be identified easily.
f. Malicious Node Elimination: After the IDS process the malicious nodes detected. The TA trusted authority informs to all nodes in the network and eliminate the malicious node from the network. So by elimi- nating malicious node we can form a secure network.
g. Graph Examination: The performance analysis of the existing and proposed work is examined through graphical analysis.
Experimental Details
In our project we use ns2 software,with the cigwin con- figuration and configured in windows 7 os and with c++ as backend language and oTCL(object tool command lang) as frontend.
In this part we discuss about the performance analysis of the vampire attacks,as shown in the below snapshots we discuss about performance of the nodes.
Fig.4 Initialization of nodes
Fig.5 Detecting of vampire nodes
Fig.6 Data transferring from source and destination.
International Journal of Innovatory Research in Engineering and Technology IJIRET www.ijirusa.webs.com
Peer Reviewed Online International Journal Volume 1, Issue 1, May 2014 182
Fig.7 Carousel and stretch attack
Fig.8 Routing performance analysis on avg throughput
Fig.9 Performance analysis of nodes
Conclusion
As our proposed energy level constraint algorithm effi- ciently detects the malicious nodes from the network, by eliminating those affected nodes we can form the secure network with authenticated data transmission. The graphical results shows the improved network performance with in- creased throughput rate and improved packet delivery ratio. I have explained The working procedure, algorithm and prov- ing its efficiency theoretically by comparing it with the ex- isting system models. Simulation results show that depend- ing on the location of the adversary, network energy ex- penditure during the forwarding phase increases from be- tween 50 to 1,000 percent. Theoretical worst-case energy usage can increase by as much as a factor of O(N) per adver- sary per packet, where N is the network size.
References
1. I. Aad, J.-P. Hubaux, and E.W. Knightly, Denial of Service Resilience in Ad Hoc Networks, Proc. ACM MobiCom, 2004. 2. G. Acs, L. Buttyan, and I. Vajda, Provably Secure On- Demand Source Routing in Mobile Ad Hoc Networks, 2006. 3. T. Aura, Dos-Resistant Authentication with Client Puzzles, Proc. Intl Workshop Security Protocols, 2001. 4. J.W. Bos, D.A. Osvik, and D. Stefan, Fast Implementa- tions of AES Various Platforms, Cryptology ePrint Archive, Report 2009/ 501, http://eprint.iacr.org, 2009. 5. M. Guirguis, A. Bestavros, I. Matta, and Y. Zhang, Reduction of Quality (RoQ) Attacks on Internet End- Systems, Proc. IEEE INFOCOM, 2005.