PowerPoint Presentation - Department of Computer Science _ Engineering

Document Sample
PowerPoint Presentation - Department of Computer Science _ Engineering Powered By Docstoc
					Detecting MAC Layer Back-off Timer
Violations in Mobile Ad Hoc Networks

 Venkata Nishanth Lolla, Lap Kong Law, Srikanth V. Krishnamurthy,
         Chinya Ravishankar, and Dharmaiah Manjunath

         Dept. of Computer Science & Engineering, UC Riverside
  Dept. of Electrical Engineering, Indian Institute of Technology - Mumbai

                               ICDCS 2006
• Malicious nodes can cause a denial of service attack by
  simply manipulating the back-off timers prior to a
   – By not adhering to the IEEE 802.11 standard.
   – By choosing a small/constant back-off interval prior to a
• Consequences:
   – Misbehaving nodes can gain an unfair advantage by acquiring
     the wireless channel more often.
   – Causing bandwidth starvation of the well-behaved nodes.
• The lack of centralized arbiter (such as an access point)
  makes it hard to detect timer violations.
• Can we design a distributed framework to
   – discourage such attacks and,
   – detect such attacks and identify the misbehaving attackers?
• We propose a combination of deterministic and
  statistical methods that facilitate our objectives.
• Only involve minor changes to the 802.11 standard.
• Our performance evaluations shows that with our
  methods, it is possible to detect a malicious node with a
  probability close to one.
• Furthermore, the probability of false alarms (wrongly
  classifying a node as a misbehaving node) is lower than
•   The System Model
•   Our Proposed Framework
•   Simulation Results
•   Conclusions
                    System Model
•   Using Verifiable Back-off timers
    –   Use a deterministic/known sequence of back-off values that
        each node has to follow.
    –   Each node announces the state of its pseudo-random
        sequence generator in the RTS messages.
        •   Each node is aware of the back-off timers used by its neighbors.
•   Making Sense of the Uncertainty in System State
    –   Due to the interference effects, a node may not be able to
        deterministically ascertain the legitimacy of the back-off
        patterns of a neighbor.
    –   Therefore, it estimates the probability of the neighbor’s
        misbehavior statistically based on observed patterns.
Estimating the system state of neighbors
•   Goal: To allow a monitoring node to estimate the back-off timers used by its
•   Example: Let’s node R be monitoring node S
     – R wants to determine if S is misbehaving -- how?
     – R will estimate the system state of S and compare it with the value announced
       by S.
•   System state: The number of idle (I) / busy (B) slots of the monitored node
    (i.e., node S) in a period of N observed slots.
•   R can approximately estimate the number of idle (Iest) and busy (Best) slots
    observed by S:
Prob(S senses idle | R senses idle)                   Prob(S senses idle | R senses busy)
        Determining PI/I and PI/B analytically
Node R is monitoring node S

                   n nodes                                        Sx: sensing range of node x
                                                                  Tx: transmission range of node x

                                               k nodes
  •   Assumptions:
       – Only the interference effects within a two-hop neighborhood are considered.
       – Nodes are uniformly distributed.
       – The steady state load experienced by all nodes within the two hops radius are
         identical. (Due to the fairly large interference radius)
       – Node is aware of the position of its neighbors.
           • The areas of A2, A3, A4 and A5 can be easily computed.
           • The area A1 can be estimated by assuming a minimum overlap between SS and SR.
                                Determining PI/I
•   Deriving PB/I : Prob(S senses busy | R senses idle)
     – For R to sense idle                           n   nodes
        • No transmission can occur in A3, A4 and A5
        • However, transmissions can occur in A1  A2
                                                                             k nodes
     – For S to sense busy
           • Transmissions can only occur in A2

    Probability that the transmission occurs in A2.        Probability that at least one node
                                                           transmits in A1  A2.
                                 Determining PI/B
•    Deriving PI/B: Prob(S senses idle | R senses busy)
      – For S to sense idle                            n    nodes
         • No transmission can occur in A2, A3 and A4
         • However, transmissions can occur in A1 and A5                            k nodes
      – For R to sense busy
         • Transmissions can only occur in A5

    Probability that transmissions occur in A5.

                                                  Probability that S senses the channel to be idle.
     Our proposed framework
Let us call the node being monitored the tagged node.
Overview of the approach:
•    The monitoring node obtains the pseudo-random sequence generator
     announced by the tagged node.
•    The monitoring node can compare the expected back-off times of the
     tagged node and the announced back-off times.
•    In some cases, the monitoring node cannot deterministically determine if
     the tagged node is misbehaving (due to interference).
•    Therefore, the monitoring node uses a hypothesis test (Wilcoxon rank
     sum test) based on the estimation of PI/I and PI/B, to determine if the
     tagged node is misbehaving.
    Details of the proposed framework
•   The seed of the pseudo-random number generator (PRNG)
    – The MAC address of the node.
•   Simple modification to the RTS message

    –   SeqOff#: The offset to the PRNG. Increment by one upon each transmission.
    –   Attempt#: The number of retransmission attempts.
    –   MD: The message digest of the DATA packet. To prevent nodes from cheating on the
•   The wilcoxon rank sum test
    – Two populations: “x” be the sequential population of the dictated sequence of
      the back-off timers; “y” be the sequential population of the estimated sequence
      of the back-off timers.
    – Use the rank sum test to compute the significance probability p of the two
    – If p is small, the tagged node is likely to be malicious.
                  Simulation Set up
•   NS-2 simulator with extension of
    our framework.
•   Shadow channel fading model is
•   Poisson and CBR traffic.
•   Grid and Random topologies.
•   Static and Mobility scenarios.
•   Parameters of interest:
     – Traffic intensity
     – Percentage of Misbehavior (PM)
•   Metrics of interest:
     – Probability of correct diagnosis.
   Analysis v.s. Simulation: on PI/B and PB/I
• Two scenarios:
   – Grid topology with Poisson
   – Random topology with CBR
• Monitoring and tagged
  nodes are one-hop away
  and are placed at the center      Poisson traffic, Grid topology
  of the simulation area.
• All nodes are well behaved.
• The analysis results match
  with the simulation results.
   – Justify the assumptions that
     we made earlier
                                    CBR traffic, Random topology
    Probability of correct diagnosis

                       Static grid topology                      With mobility

•   Percentage of misbehavior (PM) of m% means a malicious node transmits
    a packet after counting down to (100-m)% of the dictated back-off value.
•   The probability of detecting misbehavior is close to one when the PM is
    large and the sample size is large.
•   In scenario with mobility, a larger number samples is required for
    convergence as compared to the case with no mobility.
      Probability of misdiagnosis

             Static grid scenario     Mobility scenario, Load=0.6

• The misdiagnosis probability is very low (<0.01) even when the
  sample size is 10.
• The misdiagnosis probability decreases drastically when the sample
  size is increased.
• With smaller load, the misdiagnosis probability is usually higher.
  This is because a longer time is needed to detect misbehavior.
• In this work, we focus on the problem of detecting back-
  off timer violations with the IEEE 802.11 MAC.
• We propose a framework that is based on a combination
  of deterministic and statistical methods to discern timer
  violations by neighboring nodes.
• Our extensive simulations show that our protocol can
  provide accurate assessments of the node misbehavior
  within short periods and with extremely low probability of
  false alarms.

Shared By: