9/22/20151 network research at college of computing and digital media james yu, ph.d. associate...
TRANSCRIPT
04/19/2304/19/23 11
Network ResearchNetwork Researchat at
College of Computing College of Computing and Digital Mediaand Digital Media
James Yu, Ph.D.James Yu, Ph.D.Associate Associate ProfessorProfessor
DePaul UniversityDePaul [email protected]@cdm.depaul.ed
uu08/31/09 DePaul University 1
OutlineOutline
Wireless LAN Security Protection Wireless LAN Security Protection against DoS Attacksagainst DoS Attacks
VoIP Traffic Engineering VoIP Traffic Engineering Netconf for Configuration Netconf for Configuration
ValidationValidation Hybrid Routing for MANETHybrid Routing for MANET
08/31/09 DePaul University 2
WLAN Security: Problem Statement
It is relatively easy for a hacker to send a faked deauthenitcaiton or disaasoication frame to a wireless client, and to terminate its connection to the Wireless Access Point (WAP).
Making it worse, a hacker could flood a wireless client with deauthentication or disassociatation frames.
During the attacks, communications to the client are dead.
802.11i provides an effective mechanism to address crypto attacks, but it does not prevent most DoS attacks.
08/31/09 DePaul University 3
Research Approach Building an empirical framework to
study DoS attacks over WLANs. Investigation of DoS attacks on
wireless communication. 802.11w – a draft solution to the
problem Network simulation of WLAN DoS
Attacks Implementation and improvement of
802.11w to resolve DoS attacks. Verification and Validation
08/31/09 DePaul University 4
DeauthF and DisassF DoS attacks
1.Deauthentication Flooding (DeauthF): A hacker floods the WLAN with faked deauthentication frames to force authenticated wireless clients to drop their connections with the AP.
2.Disassociation Flooding (DisassF): The attacker floods disassociation frames to wireless clients to force them to disconnect from the AP.
08/31/09 DePaul University 5
Test Environment for WLAN DoS Attacks
08/31/09 DePaul University 6
Flow Analysis of Deauthentication
attacks
08/31/09 DePaul University 7
802.11w (draft) A new draft standard to enhance
802.11i capability 802.11w extends the security
protection to 802.11 management frames
Deauthentication or disassociation frames are encrypted and sent to the client. The client check for the authenticity of the management frame and then accept (or reject) it.
08/31/09 DePaul University 8
Implementation and Analyses of 802.11w
We implement and investigate the performance and effectiveness of 802.11w to protect the management frames of deauthentication and disassociation.
We use the ns-2 simulator to analyze 802.11w under four cases. They are the 1. normal WLAN, 2. the WLAN under DeauthF, 3. the WLAN under DeauthF-802.11w, and 4. the WLAN under DeauthF-802.11w w/ Traffic
Shaping.
08/31/09 DePaul University 9
WLAN under Deauthentication Attacks
08/31/09 DePaul University 10
WLAN under 802.11w Protection
08/31/09 DePaul University 11
Traffic Shaping An enhancement implemented in the 802.1w
solution. Monitor the DoS attacking rate. When the attacking rate is higher than a
threshold value (which is configurable), the client will shape the traffic to no more than 10 fps.
When the attacking rate is below the threshold value, the standard 802.11w operation continues.
08/31/09 DePaul University 12
WLAN under Protection of
802.11w and Traffic Shaping
08/31/09 DePaul University 13
Contribution and Future Research
Empirical work Implementation of 802.11w To develop a queuing model to
explain the attacking scenarios. The queuing model is to be validated
by the empirical results and also the ns-2 simulation model.
08/31/09 DePaul University 14
Voice Traffic EngineeringVoice Traffic Engineering Goal: Design the network with sufficient Goal: Design the network with sufficient
capacity to meet the traffic demand with capacity to meet the traffic demand with satisfactory performancesatisfactory performance
Demand (A) - Traffic Intensity Demand (A) - Traffic Intensity
number of calls × duration of average callsnumber of calls × duration of average calls
ErlangErlang Resources (N) – Number of TrunksResources (N) – Number of Trunks Grade of Service (GoS) – blocking probabilityGrade of Service (GoS) – blocking probability Erlang B ModelErlang B Model
08/31/09 DePaul University 15
VoIP NetworkVoIP Network
PSTN Switch
SS7
IP (public)
Trunk MG
SoftSwitch
SS7
IP (private)
IP (internal)
PSTN Switc
h
Access MG
Call Manager(SIP Proxy)
SoftSwitch
V V V V Call Manager(Enterprise)
Trunk MG
Q.931
MG: Media Gateway
Carrier VoIPNetwork
08/31/09 DePaul University 16
Call Admission Control Call Admission Control (CAC)(CAC)
The network (call manager or softswitch) The network (call manager or softswitch) accepts a call request only if it could guarantee accepts a call request only if it could guarantee the quality of service (QoS) of the call.the quality of service (QoS) of the call.
In a network with dedicated bandwidth for In a network with dedicated bandwidth for VoIP, we can calculate VoIP, we can calculate the max number of the max number of simultaneous callssimultaneous calls based on the allocated based on the allocated bandwidth.bandwidth. This is the parameter N of the Erlang-B modelThis is the parameter N of the Erlang-B model Maximum Call Load Maximum Call Load
When there are N calls in the network, any When there are N calls in the network, any new call request will be rejected – new call request will be rejected – Same as Same as no trunks are availableno trunks are available to route the call. to route the call.
08/31/09 DePaul University 17
Experimental ResultsExperimental Results(Bandwidth Utilization)(Bandwidth Utilization)
0%
20%
40%
60%
80%
100%
Switched(10M)
768K(Serial)
2M(Serial)
4M(Serial)
10BaseT(HD)
100M(FD)
G.711G.729AG.723.1
Bandwidth Utilization = observed max call load ÷ expected max call load
08/31/09 DePaul University
Problem!
18
Analysis – Limiting Analysis – Limiting ResourceResource
Most studies consider the bandwidth (bps) Most studies consider the bandwidth (bps) as the limiting resource for the VoIP as the limiting resource for the VoIP network.network.
In our experiment, the device (router) is the In our experiment, the device (router) is the limiting resource.limiting resource. Packet Throughput of Cisco 2600 router: 15,000 Packet Throughput of Cisco 2600 router: 15,000
ppspps
15,000 ÷ (1000 ÷ 20) ÷ 4 = 75 calls/sec
Packet sampling rate: 20 ms
08/31/09 DePaul University 19
Current ResearchCurrent Research
Establish a research project with Establish a research project with Neutral Tandem – a Telecommunications Neutral Tandem – a Telecommunications Service Provider which has an IP-code Service Provider which has an IP-code network for voice traffic.network for voice traffic.
Collect and analyze the real traffic dataCollect and analyze the real traffic data Build a traffic engineering modelBuild a traffic engineering model
Model developmentModel development Model validationModel validation
08/31/09 DePaul University 20
NetconfNetconffor for
Network Network ManagementManagement
08/31/09 DePaul University 21
Network Management Network Management RequirementsRequirements
Easy to use Easy to use Ability to manipulate complete device Ability to manipulate complete device
configuration rather than individual entities configuration rather than individual entities Support multiple configurationsSupport multiple configurations Configuration transactions across multiple Configuration transactions across multiple
devices simultaneously devices simultaneously Human-readable format Human-readable format Integration with existing security Integration with existing security
infrastructureinfrastructure
08/31/09 DePaul University 22
Evolution of Network Evolution of Network ManagementManagement
Command-Oriented
Object-Oriented
Document-Oriented
Variable-Oriented
Transaction-Oriented
Vendor specific
SNMP/MIB
CORBA
XML-Based
NETCONFNETCONF
08/31/09 DePaul University 23
NETCONF TransportNETCONF Transport
Secure Shell (SSH) Secure Shell (SSH) Mandatory for NETCONF implementationMandatory for NETCONF implementation Secured Secured
Simple Object Access Protocol (SOAP)Simple Object Access Protocol (SOAP) SOAP over HTTP(s)SOAP over HTTP(s) Web Services support Web Services support
Blocks Extensible Exchange Protocol (BEEP)Blocks Extensible Exchange Protocol (BEEP) peers on the transport levelpeers on the transport level
NETCONFAgent
NETCONFManager
SSHSSH
SOAPSOAP
BEEPBEEP
08/31/09 DePaul University 24
Netconf-based Validation System
08/31/09 DePaul University 25
Data Model for Netconf Validation
08/31/09 DePaul University 26
Current Research Joint Research work with Tail-f which
provides the Netconf manager and Netconf agent.
Developing a formal language (based on Yang) to specify the data requirements.
Software Modules Parsers (requirements) Data aggregator (device configuration data) Validation
2nd phase: automation of configuration.
08/31/09 DePaul University 27
Position-based RoutingBackground
The cost of collecting and maintaining routing information in MANET is high.
On demand routing solves the problem partially, but still costly when mobility is involved.
Location Based Routing (using geographical information) became feasible with the spread of location-aware devices MANET: Mobile Ad Hoc Network
08/31/09 DePaul University 28
Location-Based Routing Greedy Forwarding: move the packet to
the node closer to destination. Pros:
No topology information is required No routing loops used by many location-based routing
protocols Cons:
Cannot recover dead ends (when the node holding the packet is closer to the destination than its neighbors)
Difficult to get the destination location
08/31/09 DePaul University 29
HMRP Approach Integration of both location-based
routing and on demand routing Two forwarding modes
Default is Greedy Forwarding Location information is required for first hop only
Obtained by exchanging a periodic hello message
On Demand shortest-path Used to recover greedy dead-ends Controlled broadcast mechanism to obtain route
and geographical information in one request/reply pair
Shortest path will be cached and served as a backup route
08/31/09 DePaul University 30
HMRP Approach (cont’d)
HMRP optionally utilizes a Minimum Connected Dominating Set (MCDS) Limit location and route requests to MCDS HMRP can automatically detect and adopt to
MCDS if exist HMRP adopts the concept of clustering in a loose
manner where a child node can accept replies from any neighboring Dominating nodes if they provide better route information
When a child node needs to send information requests, it forwards the request to its dominator which invokes the broadcast mechanism
Improved scalability and less overhead08/31/09 DePaul University 31
Performance Evaluation
0
2
4
6
8
10
12
14
16
18
0 5 10 15 20 25 30
Speed (m/s)
Perc
enta
ge o
f pac
kets
lost
(%)
HMRP AODV GPSR
Packet loss
0
50
100
150
200
250
300
0 5 10 15 20 25 30
Speed (m/s)A
vera
ge L
aten
cy (m
s)
HMRP AODV GPSR
End-to-End Latency
Performance results are from the ns2 simulator.
08/31/09 DePaul University 32
Performance Evaluation
1.51.71.92.12.32.52.72.93.13.33.5
0 5 10 15 20 25 30
Speed (m/s)
Ave
rage
Pat
h Le
ngth
(hop
s)
HMRP AODV GPSR
0
0.5
1
1.5
2
2.5
3
0 5 10 15 20 25 30
speed (m/s)
cont
rol t
o da
ta p
acke
t rat
io
HMRP AODV GPSR
Path Length Overhead
08/31/09 DePaul University 33
HMRP Summary
A new approach that combines on demand and location based routing:
HMRP has the benefits of both approaches Performance improvement over both
Location-Based and On-Demand Provide a new metric (routing capability)
which is exchanged in the hello message. This metric is used to improve routing decisions. It is calculated based on several factors such as available node power, and number of packets forwarded
08/31/09 DePaul University 34