surviving attacks on disruption- tolerant networks without authentication john burgess, george dean...
TRANSCRIPT
![Page 1: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/1.jpg)
Surviving Attacks on Disruption-Tolerant Networks without
Authentication
John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine
University of Massachusetts, Amherst
![Page 2: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/2.jpg)
Goal
• Understand DTN vulnerability• Attack analysis• Experimental evaluation
![Page 3: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/3.jpg)
Disruption Tolerant Networks• Networking for intermittently connected
nodes• Rural Internet• Urban blind spots• Sparse sensor networks
• Connectivity on a spectrum
![Page 4: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/4.jpg)
Unique Vulnerability
• Measured by packet delivery rate
• Nodes physically unsecured
• Traditional defenses are inappropriate:• graph theoretical results are limited • identity management not always
practical
![Page 5: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/5.jpg)
Undisturbed Decimated
Attack strengthWeak Strong
Network impact
Attack Universe
Weak attacks:
•random node selection
•easy to evaluate
Strong attacks:
•optimal node selection
•strong attack NP-hard to evaluate
![Page 6: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/6.jpg)
Outline
• Attack Strategies• Data• Experimental Results• Conclusion
![Page 7: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/7.jpg)
Attacks: Weak
• Nodes chosen at random• Attack defined by enumerating
strategies• Remove Node• Drop all packets• Flood packets• Routing table falsification• ACK counterfeiting
![Page 8: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/8.jpg)
Attacks: Strong
• Intractable to determine optimal attack set • Throughput is difficult metric to analyze• Even simple metrics lead to NP-hard
problem
• Instead, greedily remove vertices that most lower temporal connectivity
![Page 9: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/9.jpg)
Data: DieselNet
• 40 buses • 802.11 protocol• 60 days of
traces• Transmission
events feed a simulator
• Various routing protocols tested
![Page 10: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/10.jpg)
Data: Haggle
• 41 devices in human mobility experiment
• Bluetooth• 3 days of traces• Haggle connections more frequent
than DieselNet• Haggle traces broken down to better
match DieselNet
![Page 11: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/11.jpg)
Experiments: weak attack
• Evaluated delivery rate via given routing protocol subject to given attack strategy
• Used DieselNet data only
Replicative Forwarding
Metric based
MaxProp MaxForw
Random RandProp RandForw
Routing Protocols Attack Strategies•Remove node
•Drop all
•Flooding
•Routing table Falsification
•ACK counterfeiting
![Page 12: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/12.jpg)
Experiments: weak attack
MaxProp• Minimum
delivery rate above 20%
• ACK counterfeiting is most effective attack
![Page 13: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/13.jpg)
Experiments: ACK Counterfeiting• Devise an ACK counterfeiting defense
• ACKs should propagate after packets• Drop ACK if you haven’t seen packet yet
• Defense improves minimum packet delivery rate
• Drop All attack just as effective as ACK counterfeiting
![Page 14: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/14.jpg)
Experiments: strong attack• Seek to establish the validity of greedy
attack• Find best k vertices in terms of temporal
reachability via brute force evaluation for small k
• Compare brute force results to greedy approach
• Evaluate greedy attack for larger values of k
• Evaluate both DieselNet and Haggle
![Page 15: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/15.jpg)
Haggle: Brute vs. Greedy
Experiments: strong attack
• For temporal reachability- best 5 nodes to remove almost always the same as 5 greedy choices
• Results for DieselNet similar
![Page 16: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/16.jpg)
Experiments: strong attack
Haggle: greedy attack• Displays
roughly the same resilience to attack at DieselNet
• Packet delivery rate degrades more slowly as more nodes are
![Page 17: Surviving Attacks on Disruption- Tolerant Networks without Authentication John Burgess, George Dean Bissias, Mark Corner, Brian Neil Levine University](https://reader036.vdocuments.site/reader036/viewer/2022062423/5697bfb91a28abf838ca0064/html5/thumbnails/17.jpg)
Conclusion
• DTNs have unique susceptibility to attack
• Susceptibility understood with attack analysis
• Experiments on real traces show attack
efficacy