What is DDoS

Document Sample
What is DDoS Powered By Docstoc
					              Mitigating
             The Blackhole
           Problem in Mobile
           Ad Hoc Networks

8/2/2004         Sherif Khattab   1
                 Outline

           •Introduction
           •Problem Statement
           •Related Work
           •AODV
           •AODV Watch-dog



8/2/2004          Sherif Khattab   2
                 Introduction

           A wants to communicate with B

           A          C
                                       D
                                             B




                                           Network Node
                                           Link
8/2/2004              Sherif Khattab              3
                (Traditional)
               Wired Network

                   C                D
           A

                                         B




                                        Router
                                        Wired Link
8/2/2004           Sherif Khattab                4
           Wireless Network


                C                D
       A


                                         B
                    Access Point
                    Wireless Link

8/2/2004        Sherif Khattab       5
               Wireless Ad Hoc
                  Network


           A       C
                                    D

                                        B




                       Wireless Link

8/2/2004           Sherif Khattab           6
      Ad Hoc Networks (1/3)
•All nodes perform routing and packet forwarding

•Typically wireless but can be wired:
  • P2P (e.g., CHORD)
  • Overlay networks

•Self-organized (no infrastructure)

•Static or mobile nodes
  • In P2P: high join/leave rates
     (topology changes)

 8/2/2004            Sherif Khattab        7
      Ad Hoc Networks (2/3)
• Nodes have:
   • Limited power
   • Limited computational capabilities

• Critical functions (routing and forwarding)
  performed by less-secure, less-trusted nodes

• Example applications:
   • Military and Search-and-Rescue
   • Networks of cars
   • Wide-Area Ad Hoc (Terminodes Project)

 8/2/2004            Sherif Khattab          8
        Ad Hoc Networks (3/3)
• Routing Algorithms:

  • Source Routing (DSR) or
    Distance Vector (AODV)
  • On-demand or Proactive
  • Hybrid




   8/2/2004             Sherif Khattab   9
      Routing vs. Forwarding
 •Routing: Routing Table
    •Construction
    (metric measurement and propagation)
    •Maintenance (breakage detection)

 •Forwarding:                       Next Hop Metric
    •Routing table look-up
    •Packet sending


                          Packet     Routing
                                     Table

8/2/2004           Sherif Khattab                10
                 Outline

           •Introduction
           •Problem Statement
           •Related Work
           •AODV
           •AODV Watch-dog



8/2/2004          Sherif Khattab   11
           Problem Statement
  Link breakage causes routing table updates

                              E


           A        C
                                      D
                  B D E                   B



               C’s Routing Table




8/2/2004             Sherif Khattab           12
           Problem Statement
  Stealth packet dropping:
   Packet loss and…


           A        C
                                      D
                  B D                     B



               C’s Routing Table




8/2/2004             Sherif Khattab           13
           Problem Statement
  …possible loss of available bandwidth
                  E
                                       F



           A          C
                                           D
                  B D                          B



               C’s Routing Table




8/2/2004              Sherif Khattab               14
           Stealth Packet
             Dropping

                                    D




           S                    Route Request
                                Route Reply
8/2/2004       Sherif Khattab
                                Data 15
           Problem Statement
  Stealth packet dropping can be caused by:
  • Selfishness (save power while still connected)
  • Malice (cause damage)

  •10%-40% of malicious nodes causes
  16%-32% degradation in average throughput
  With CBR traffic




8/2/2004           Sherif Khattab          16
           Problem Statement
  • Other DoS attacks not considered:
     • Jamming
     • Bogus routing updates (partitioning)

  • Stealth Packet dropping attack is attractive:
     • little or no energy
     • more stealth than active attacks
     • longer attacking duration




8/2/2004            Sherif Khattab            17
                 Outline

           •Introduction
           •Problem Statement
           •Related Work
           •AODV
           •AODV Watch-dog



8/2/2004          Sherif Khattab   18
               Watchdog
  • C Promiscuously detects E’s misbehavior

  • C notifies A after E’s repeated misbehaviors

           A      C
                                    D
                                        B
                            E




8/2/2004           Sherif Khattab             19
               Path rater
   • Implemented in each legitimate node
   • Assigns a rating to each node
      • + well-behaving
      • - misbehaving
   • Path rating is an average over node ratings
   • Choose path with highest rating
   • Rating:
      •+ each successful transmission
      •- each unsuccessful transmission
      • --- notification of misbehavior
          •Returns neutral after a timeout

8/2/2004            Sherif Khattab           20
              Formulation
     •The Metric:
        • Path and node rating
     • Measurement:
        • Promiscuous listening
        (-) Collision (at sender and receiver)
        (-) Packet subversion and partial dropping
        (-) Not always available
     • Dissemination
        • Notification messages
        (-) blackmail a well-behaving node
     • Usage
        (-) No penalty on misbehaving nodes
8/2/2004            Sherif Khattab           21
                   Nuglets
       • Simple Pricing scheme (virtual currency)

       • Each packet needs some amount of nuglets

       • Either sender and/or receiver pays
         for the packet

       • Nodes gain nuglets by forwarding others’
         packets
            Selfish nodes stimulated to cooperate

8/2/2004             Sherif Khattab           22
           Packet Purse Model
                 (PPM)
       • Sender pays


           10      10                   10
                       C
           A                            D    10
                                             B




8/2/2004               Sherif Khattab             23
           Packet Purse Model
       • Sender pays


           5       10                   10
               5
                       C
           A                            D    10
                                             B




8/2/2004               Sherif Khattab             24
           Packet Purse Model
       • Sender pays


           5       12                   10
                       C       3
           A                            D    10
                                             B




8/2/2004               Sherif Khattab             25
           Packet Purse Model
       • Sender pays


           5       12                   13
                       C
           A                            D    10
                                             B




8/2/2004               Sherif Khattab             26
           Packet Purse Model
   • Issues:
      • How much nuglets the sender should put?
         • Fixed per-hop (how much?)
         • Auction-based (secure and efficient?)
      • How to prevent nuglet forgery?
         • Tamper-proof hardware
      • Nuglet loss (packet loss)
         • Buy nuglets with money
           (better to earn than to buy?)
      • Malicious nodes can still drop packets

8/2/2004           Sherif Khattab          27
           Packet Trade Model
                  (PTM)
       • Receiver pays


           10       10                10
                    C
           A                          D    10
                                           B




8/2/2004             Sherif Khattab             28
           Packet Trade Model
       • Receiver pays


           10       10                10
                    C
           A                          D    10
                                           B




8/2/2004             Sherif Khattab             29
           Packet Trade Model
       • Receiver pays


           10       12                8
                    C
           A                          D   10
                                          B




8/2/2004             Sherif Khattab            30
           Packet Trade Model
       • Receiver pays


           10       12                13
                    C
           A                          D    5
                                           B




8/2/2004             Sherif Khattab            31
           Packet Trade Model
• Issues:
   • Prevents dropping (partially)
   (the attacker needs to buy the packet
      except for sender’s neighbor)
   • No prevention from flooding attacks
   • How to ensure that a node forwards
      a packet after it sells it?
   • How to prevent a node from selling the same
     packet more than once?
   • Not analyzed

8/2/2004           Sherif Khattab          32
              Hybrid Model

• Sender puts “some” nuglets in the packet (PPM)

• When not enough nuglets,
   use (PTM) till destination




  8/2/2004           Sherif Khattab          33
           Formulation (PTM)
     •The Metric:
        • Profit (Nuglets)
     • Measurement:
        • Neighbors send bids
     • Dissemination
        • No incentive
     • Usage
        • Sell to (second) highest bid
        • Drop if not “enough” nuglets



8/2/2004            Sherif Khattab       34
                      CORE
• COllaborative REputation
• Reputation of a node:
   • - with time
   • + with service provision

• Each node keeps reputations of other nodes:
   • Direct Observation
   (e.g., A node requests a service and gets an ACK)
   • Indirect from other nodes (only positive)

• Weighted sum over multiple functions

  8/2/2004            Sherif Khattab          35
              Formulation
•The Metric:
   • Reputation
• Measurement:
   • Direct observation
   • Positive notifications
• Dissemination
   • Only positive values (no blackmailing)
• Usage
   • Drop if negative reputation
   • Not specified how to avoid misbehaving nodes

 8/2/2004           Sherif Khattab          36
                   CORE
• Issues:
   • Game-theoretic analysis
   • No overhead analysis
   • No analysis of effectiveness
   • Mobility:
      • Neighbor changing gives malicious
        nodes another chance
   • Node Collusion (All schemes fail)



8/2/2004           Sherif Khattab           37
  COllaborative REputation
• Each node keeps reputation values of
other nodes it knows about in a
reputation table
• Positive reputation values indicate
trusted nodes
• Negative reputation values indicate
misbehaving nodes
• Misbehaving nodes are denied the
network service
 8/2/2004       Sherif Khattab     38
             Reputation Table
• One table for each function,
e.g. routing and packet forwarding
  Node ID       Subjective              Indirect   Total


   A set of direct observations:
      {ωk: observation at time k}
   ω k=  1 : observed  expected
            
             1 : observed  expected
     r ( s j | f )    (t , t k ).  k
      t
      si
                      k
 8/2/2004                    Sherif Khattab                39
            Reputation Table
• One table for each function,
e.g. routing and packet forwarding
  Node ID    Subjective              Indirect   Total


   A set of reputation values reported by other
   nodes. Only reporting positive reputation

              {ir tsi ( s j | f )}

 8/2/2004                Sherif Khattab                 40
            Reputation Table
• One table for each function,
e.g. routing and packet forwarding
  Node ID    Subjective               Indirect      Total




              t
             r si ( s j | f )  irtsi ( s j | f )


 8/2/2004                  Sherif Khattab                   41
         Combined Reputation

              Over k functions.

  r ( s j )  k wk {r ( s j | f k )  irtsi ( s j | f k )}
    t                    t
    sj                si




8/2/2004                 Sherif Khattab                       42
     Mechanism Parameters
• Remove the Indirect Reputation part
• (t,tk) in
            r ( s j | f )    (t , t k ).  k
             t
             si




 8/2/2004               Sherif Khattab            43
            Contribution
• All previous research considered
Source Routing (DSR)

• Distance-Vector routing protocols
 (AODV)
  • Upon detecting a misbehaving
  node, remove it from the routing
  table

 8/2/2004       Sherif Khattab       44
                 Outline

           •Introduction
           •Problem Statement
           •Related Work
           •AODV
           •AODV Watch-dog



8/2/2004          Sherif Khattab   45
                            AODV
                 (Ad-hoc On-demand Distance Vector)


   Routing Table

Destination   Next hop   # of hops    Sequence   Expiry   Flags
                                         no.      Time




 8/2/2004                    Sherif Khattab                46
                     AODV
           (Ad-hoc On-demand Distance Vector)


  Routing Messages:
    • Route Request (RREQ)
    • Route Reply (RREP)
    • Route Error (RERR)




8/2/2004             Sherif Khattab             47
                AODV
                (Route Request)

RREQ Unique ID:
  • Source Address
  • Sequence Number
                                      D




           S                      Route Request

8/2/2004        Sherif Khattab            48
               AODV
               (Route Reply)




                                    D




           S                    Route Reply

8/2/2004       Sherif Khattab           49
                   AODV
                   (Route Error)

Two route maintenance modes:
  • Hello packets (Proactive)
  • MAC feedback
                                        D




            S                       Route Error

 8/2/2004          Sherif Khattab           50
               Watch-dog
               Mechanism
Node A promiscuously listens for node B to
forward the packet
                                         D

                              B
               A




           S
                                      Data
8/2/2004           Sherif Khattab            51
                       Watch-dog
                       Mechanism
Each node maintains two tables:
           Packet ID   Next Hop    Expiry Time     Packet
                                                 Destination

                       Pending Packets

           Node ID      Errors         Packet    Misbehave
                                      Forwards

                        Node Ratings
8/2/2004                   Sherif Khattab                      52
            Operation (1/3)
• Packet sent by MAC
   => add to pending packet buffer

• Packet expired in pending buffer
   => increment number of errors for packet’s
      next hop
   => if number of errors > Threshold (3)
         try to find another route (Send a request)
   => if errors / packets forwarded > Threshold (1)
         mark the node as misbehaving

 8/2/2004            Sherif Khattab          53
           Operation (2/3)
• Packet “tapped” promiscuously
  => if in pending buffer
      delete the packet from buffer
  => if not a data packet or not being forwarded
     (sender is not the packet’s source)
       ignore packet
  => increment number of packets forwarded
         for the forwarding node in rating table.
  => if errors / packets forwarded < Threshold
         mark the node as well-behaving

8/2/2004           Sherif Khattab           54
           Operation (3/3)
• Error feedback from MAC
   => Delete from pending buffer all packets
      sent to this hop
• Route Reply received
   => if from a misbehaving node, drop it
   => if from a node with better error/forward
       ratio than the current next hop, update
       routing table



8/2/2004           Sherif Khattab          55
             Black Mailing
• Two features can cause black-mailing:
   • explicit messages: (Not used, not even a
   RERR)
   • peer observation: observing packets
   originated by other nodes as they get
   forwarded and wait for them to get relayed
   (Also, not used)




8/2/2004           Sherif Khattab         56
            False Positives
•False positives can occur due to:
   • collisions: at sender
   • back-pressure
• A false positive will return well-behaving after
it forwards “enough” packets for other nodes
                                     B
                   A



            S
8/2/2004            Sherif Khattab            57
           Partial Dropping
• A misbehaving node can still drop packets
without being detected as misbehaving:

  It forwards packets and keeps
  (errors / packets forwarded <= Threshold)




8/2/2004           Sherif Khattab             58
            Node Collusion
• Colluding nodes can forward packets to each
other to fool the watch-dog mechanism.




8/2/2004           Sherif Khattab          59
           Simulation Setup
• NS2
• Added a routing agent inherited from AODV
• Number of nodes: 50
• Area: 1000mx500m
• Mobility: Random waypoint with max speed
20m/s
• Pause times: 0, 100, 200 s
• 10 scenario files for each pause time
(different seed)



8/2/2004          Sherif Khattab         60
           Simulation Setup
• Simulation time: 200 sec
• Traffic: CBR (UDP) with rate 4 pkts/s and
packet size 512B
• Number of connections: 5, 20
• Misbehaving nodes: 0, 30, 50%




8/2/2004           Sherif Khattab             61
             Metrics
• Goodput =
Σi Received Packetsi/ Σi Sent Packetsi

•Number of intentionally dropped
packets

• Routing overhead: RREQs + RREPs +
RERRs

 8/2/2004       Sherif Khattab     62
8/2/2004   Sherif Khattab   63
8/2/2004   Sherif Khattab   64
8/2/2004   Sherif Khattab   65
8/2/2004   Sherif Khattab   66
8/2/2004   Sherif Khattab   67
8/2/2004   Sherif Khattab   68
           Animation
            (NAM)

8/2/2004      Sherif Khattab   69

				
DOCUMENT INFO