Successfully reported this slideshow.
Your SlideShare is downloading. ×

On the use of radio resource tests in wireless ad hoc networks

Ad

1 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks
Distributed Systems Group - INESC-ID
technology
f...

Ad

 Introduction
Radio Resource Tests
Analysis
Summary
2
Distributed Systems Group - INESC-ID
technology
from seed
Road Map
...

Ad

3
Distributed Systems Group - INESC-ID
technology
from seed
Introduction – Wireless ad hoc
Networks
Securing Wireless ad h...

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Loading in …3
×

Check these out next

1 of 43 Ad
1 of 43 Ad
Advertisement

More Related Content

Slideshows for you (17)

Advertisement

Similar to On the use of radio resource tests in wireless ad hoc networks (20)

Advertisement

On the use of radio resource tests in wireless ad hoc networks

  1. 1. 1 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Distributed Systems Group - INESC-ID technology from seed On the Use of Radio Resource Tests in Wireless ad hoc Networks Diogo Mónica, João Leitão, Luís Rodrigues, Carlos Ribeiro INESC-ID/IST {diogo.monica, joao.c.leitao, ler, carlos.ribeiro} @ist.utl.pt
  2. 2.  Introduction Radio Resource Tests Analysis Summary 2 Distributed Systems Group - INESC-ID technology from seed Road Map 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks
  3. 3. 3 Distributed Systems Group - INESC-ID technology from seed Introduction – Wireless ad hoc Networks Securing Wireless ad hoc Networks is particularly difficult 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks • Denial-of-service • Eavesdropping • Node hijacking • Impersonation - Sybil Attack
  4. 4. 4 Distributed Systems Group - INESC-ID technology from seed Introduction – The Sybil Attack The sybil identity can be generated by the malicious node, or stolen from an existing correct node 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks A Sybil attack happens when a malicious node participates with multiple identities in a system
  5. 5. 5 Distributed Systems Group - INESC-ID technology from seed Introduction – The Sybil Attack The sybil identity can be generated by the malicious node, or stolen from an existing correct node 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks A Sybil attack happens when a malicious node participates with multiple identities in a system
  6. 6. 6 Distributed Systems Group - INESC-ID technology from seed Introduction – The Sybil Attack The sybil identity can be generated by the malicious node, or stolen from an existing correct node 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks A Sybil attack happens when a malicious node participates with multiple identities in a system
  7. 7. 7 Distributed Systems Group - INESC-ID technology from seed Introduction – The Sybil Attack Easily defeats quorum systems, or other voting schemes In order to obtain a majority in a network with 5 correct nodes, a malicious node has to create 5 sybil identities 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks
  8. 8. 8 Distributed Systems Group - INESC-ID technology from seed Introduction – Resource Tests 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks In resource testing we determine if a set of identities possess fewer aggregated resources than would be expected • Computational Power • Storage • Network Bandwidth • … • Radio Resource
  9. 9. Introduction  Radio Resource Tests Analysis Summary 9 Distributed Systems Group - INESC-ID technology from seed Road Map 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks
  10. 10. 10 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests Radio Resource Tests (RRTs) assume that each node has access to a single radio device, and builds upon the limitations of these devices 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks The first RRT was introduced by Newsome et. al 2004 We will call it Sender Test
  11. 11. 11 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests – Sender Test 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks • The Sender Test is based on the assumption that nodes cannot simultaneously transmit in more than one channel Sender Test (SST)
  12. 12. 12 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests – Sender Test 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Sender Test (SST) • The Sender Test is based on the assumption that nodes cannot simultaneously transmit in more than one channel
  13. 13. 13 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests – Detection Probability 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks • Denoting by h the number of simultaneously tested identities, and by pd the probability of detection of a Sybil Identity in a test, we have The challenger is unable listen in more than one channel at the same time, so we repeat the test r times
  14. 14. 14 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests – Contribution We introduce two new tests and an optimization for the Sender Test 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks • Optimized Sender Test (oSST) • Receiver Test (SRT) • Collision Test (FCT)
  15. 15. 15 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests - Framework Each RRT is characterized by a set of parameters, RRT(h, c, w) 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks • h – Size of the set of simultaneously tested identities • c – Number of challenger identities actively participating in the test • w – Number of tester nodes that extract information from the test
  16. 16. 16 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests – Sender Test 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks • h is limited by the number of available channels (K) • c is one, since the challenger needs to assign in which channel identities transmit in • w is one since only the challenger extracts information from the test The Sender Test is a RRT(K,1,1)
  17. 17. 17 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests – Optimized Receiver Test 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks • h is limited by the number of available channels (K) • c is zero, since the channels can be chosen deterministically • w is N – K, since every node not participating in the test can extract information from it The Optimized Sender Test is a RRT(K,0,N-K)
  18. 18. 18 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests – Receiver Test Receiver Test 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks • The Simultaneous Receiver Test is based on the assumption that nodes cannot simultaneously listen in more than one channel
  19. 19. 19 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests – Receiver Test Receiver Test 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks • The Simultaneous Receiver Test is based on the assumption that nodes cannot simultaneously listen in more than one channel
  20. 20. 20 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests – Receiver Test 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks • h is limited by the number of available channels K • c is one, since the challenger needs to send a challenge on one of the channels • w is one since only the challenger can extract information from the test (no other node knows the chosen channel) The Receiver Test is a RRT(K,1,1)
  21. 21. Introduction Radio Resource Tests  Analysis Summary 21 Distributed Systems Group - INESC-ID technology from seed Road Map 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks
  22. 22. 22 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests - Analysis 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks • Vulnerability to collusion • Message cost • Resource consumption • Synchronization requirements • Number of messages needed to achieve a desired probability of detection We compared the tests using the following metrics
  23. 23. 23 Distributed Systems Group - INESC-ID technology from seed Analysis – Optimized Sender Test – Vulnerability to collusion 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Vulnerability to collusion
  24. 24. 24 Distributed Systems Group - INESC-ID technology from seed Analysis – Optimized Sender Test – Vulnerability to collusion 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks The Optimized Sender Test Handles at most h – 1 colluding malicious nodes (m) Vulnerability to collusion
  25. 25. 25 Distributed Systems Group - INESC-ID technology from seed Analysis – Optimized Sender Test – Message Cost 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Message Cost
  26. 26. 26 Distributed Systems Group - INESC-ID technology from seed Analysis – Optimized Sender Test – Message Cost 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks In the Optimized Sender Test, tested nodes send a total of h messages per round Message Cost
  27. 27. 27 Distributed Systems Group - INESC-ID technology from seed Analysis – Optimized Sender Test – Resource Consumption 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Resource Consumption (DoS Opportunity)
  28. 28. 28 Distributed Systems Group - INESC-ID technology from seed Analysis – Optimized Sender Test – Resource Consumption 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks In the Optimized Sender Test, when there is a malicious tester, Δ = rh – 1. Resource Consumption (DoS Opportunity)
  29. 29. 29 Distributed Systems Group - INESC-ID technology from seed Analysis – Optimized Sender Test – Synchronization Requirements 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Synchronization Requirements
  30. 30. 30 Distributed Systems Group - INESC-ID technology from seed Analysis – Optimized Sender Test – Synchronization Requirements 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks In the Optimized Sender Test, tested nodes are required to transmit simultaneously Synchronization Requirements
  31. 31. 31 Distributed Systems Group - INESC-ID technology from seed Analysis – Comparison Table 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Metric Tests Optimized Sender Test Receiver Test Collision Test Collusion h - 1 h - 1 1 Message Cost h 2 2 Resource Consumption (malicious tester) Synchronization Strong Strong Weak
  32. 32. Metric Tests Optimized Sender Test Receiver Test Collision Test Collusion h - 1 h - 1 1 Message Cost h 2 2 Resource Consumption (malicious tester) Synchronization Strong Strong Weak 32 Distributed Systems Group - INESC-ID technology from seed Analysis – Comparison Table 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks
  33. 33. 33 Distributed Systems Group - INESC-ID technology from seed Analysis – Testing a Population of Nodes 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Every node in the one-hop neighborhood has to test every other node Testing a group of nodes
  34. 34. 34 Distributed Systems Group - INESC-ID technology from seed Analysis – Testing a Population of Nodes 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Every node in the one-hop neighborhood has to test every other node Testing a group of nodes
  35. 35. 35 Distributed Systems Group - INESC-ID technology from seed Analysis – Testing a Population of Nodes 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Every node in the one-hop neighborhood has to test every other node Testing a group of nodes
  36. 36. 36 Distributed Systems Group - INESC-ID technology from seed Analysis – Testing a Population of Nodes 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Every node in the one-hop neighborhood has to test every other node Testing a group of nodes
  37. 37. 37 Distributed Systems Group - INESC-ID technology from seed Analysis – Testing a Population of Nodes 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Every node in the one-hop neighborhood has to test every other node Testing a group of nodes
  38. 38. 38 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests - Performance Performance in number of messages 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks For a probability of sybil detection of 0.95.
  39. 39. 39 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests - Performance Performance with collusion tolerance 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks For a network with 20 nodes and a probability of sybil detection of 0.95. Higher collusion
  40. 40. 40 Distributed Systems Group - INESC-ID technology from seed Radio Resource Tests – Application Scenarios Application Scenarios 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks Test Best Performance Context Optimized Sender Test No DoS threat Receiver Test High collusion and/or DoS threat Collision Test One Channel
  41. 41. Introduction Radio Resource Tests Analysis  Summary 41 Distributed Systems Group - INESC-ID technology from seed Road Map 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks
  42. 42. 42 Distributed Systems Group - INESC-ID technology from seed Summary 28/06/09On the Use of Radio Resource Tests in Wireless ad hoc Networks • Radio Resource Tests are a viable mechanism for detecting sybil identities in Wireless ad hoc Networks • We presented two new RRTs and an optimization to an existing RRT • We presented a framework to compare the RRTs • We analyzed all the tests both in isolation, and when used to test a one-hop neighborhood. • We have shown that each test is best adapted to a specific scenario, which we described.
  43. 43. 43 10/08/2008Thwarting the Sybil Attack in Wireless Ad Hoc Networks Distributed Systems Group - INESC-ID technology from seed technology from seed

Editor's Notes

  • Overview of the road map.
    TEMPO: 10s
  • We will start to talk about the environment (Wireless ad hoc networks)

    We will then talk about the problem we wish to address

    And then we will briefly introduce the generic class of solutions

    Then we will talk about our specific solution – radio resource tests
    About the framework we created to be able to compare them
    And the analysis of all the tests according to a set of relevant metrics

    Finally we will conclude our presentation
  • This work is focused on the development of security mechanisms for wireless ad hoc networks. These networks are particularly difficult to protect due to a series of characteristics

    First of all we have the communication medium, in this case the air, which is more vulnerable than the cable communications

    The nodes are also vulnerable since they are normally more exposed than in conventional networks

    The absence of infrastructure makes the usage of centralized security mechanism much more difficult, since there is no centralized resource in ad hoc networks
  • The Sybil attack is in its essence a impersonation attack, and happens when a malicious user is able to participate with multiple identities in a system

    This way, we assume that a correct entity is always associated with one identity, in contrary to malicious entities that can present multiple identities simultaneously, whether it is by stealing other nodes identities, or simply generating new ones

    For example, in this figure, the malicious entity represented in red can present a series of distinct identities. It presents identity a, but it can also present

    Tempo:30s
  • Identity b

    Tempo:30s
  • Or even identity C

    If a malicious entity is able to present multiple valid identities to a system, its said that it successfully did a sybil attack

    What are the disadvantages of a sybil attack, what does the attacker gain in doing one.

    Tempo:30s
  • One attack to which this attack is effective is against quorum systems (or other systems based on voting)

    As shown in this figure, a malicious entity can vote multiple times, with different identities, being able to deterministically alter the final outcome

    TEMPO:30s
  • In resource tests…

    Tempo:45s

  • The way in which this assumption is explored is by requesting identities to transmit some message on distinct channels
    If these identities belong in fact to distinct nodes, they will be able to do so
  • While working in these radio resource tests, we realized there were some distinguishing parameters in all the tests, that allowed us to caracterize them, and compare them with each other. So, we devised a framework with these parameters.

    Tempo:30s

  • We are now going to apply this framework to the previously described sender test.

    Tempo:30s
  • The sender test is a RRT with h equal to K, c equal to one, and w equal to 1.

    The number of identities that are tested simultaneously in the test h, is limited by the number of available channels. If we only have two channels, we can only have two identities communicating simultaneously.

    Regarding the number of active challengers, we have that the challenger node assigns the frequencies to every tested identity, so, there is only one active challenger.

    Finally, regarding the parameter w, since only the challenger node knows in which frequencies each identity is transmiting, there is only one node that can extract information from the test.

    Repetir: As said before, we devised an optimization for this test, that is based on the exact same assumptions: no node possesses more than one radio device, and no radio device is able to transmit simultaneously on two distinct frequencies.

    Tempo:30s
  • There are essentially two main differences:

    First, we realized that channel assignment can be done deterministically. This removes the need for an explicit channel assignment from a challenger node.

    Also, this also increases the number of witnesses w, since now, and due to the deterministic channel assignment, every non-participating node is able to extract information from the test.

    One other test that we devised was the Receiver Test.

    Tempo:30s
  • This test is based on a different assumption than the previous two. Instead of assuming nodes cannot simultaneously transmit in two distinct channels, we assume that they cannot listen simultaneously, on more than one channel.

    Tempo:30s
  • As before, we also have to repeat the test for a certain number of Rounds, to be able to increase the probability of detection.


    Now applying our framework for the Receiver Test
    Tempo:30s
  • With all these tests, we analyzed and compared them for a series of metrics
  • With these metrics, lets go back to our first example, the osst.

    Tempo:30s
  • The first metric analyzed is the vulnerability to collusion.

    The problem with colluding nodes is the following, imagine if we have a malicious node in the network. If this node presents two identities to the network and is tested, at least one of the identities will be excluded as a sybil identity. However, if there is another malicious node, and both of them are colluding, the node not being tested could defend the sybil identity by simply transmitting in the corresponding channel.
  • The first metric analyzed is the vulnerability to collusion.

    The problem with colluding nodes is the following, imagine if we have a malicious node in the network. If this node presents two identities to the network and is tested, at least one of the identities will be excluded as a sybil identity. However, if there is another malicious node, and both of them are colluding, the node not being tested could defend the sybil identity by simply transmitting in the corresponding channel.
  • The different tests have a different assymetry in the resource spent by the nodes beeing tested, and the tester,. For example, If a malicious node is able to ask for several tests, it could make an effective denial-of-service, requiring the nodes to do unecessary tests

    So, we use resource consumption essentially as a metric of the denial of service threat of the tests.
  • The different tests have a different assymetry in the resource spent by the nodes beeing tested, and the tester,. For example, If a malicious node is able to ask for several tests, it could make an effective denial-of-service, requiring the nodes to do unecessary tests

    So, we use resource consumption essentially as a metric of the denial of service threat of the tests.
  • In practice, nodes are not required to have a perfect synchronization; it is enough to ensure that the time to transmit a message is orders of magnitude larger than the allowed amount of desynchronization among nodes (such that a node cannot leverage on the desynchronization to send a message on both channels)
  • In practice, nodes are not required to have a perfect synchronization; it is enough to ensure that the time to transmit a message is orders of magnitude larger than the allowed amount of desynchronization among nodes (such that a node cannot leverage on the desynchronization to send a message on both channels)
  • Until now we analyzed each test individually. However, one has to consider the application of this test to a group of nodes.
  • From this we can conclude the following application scenarios for our test examples

    Tempo:30s
  • We can also analyse the number of messages in relation to the number of nodes in the network
    Tempo:30s
  • Meter FCT

    Tempo:30s
  • With all these tests, we analyzed and compared them for a series of metrics

  • Tempo:30s
  • Chegamos assim, ao fim da nossa apresentação, muito obrigado pela atenção.

    Se tiverem alguma questão…

×