9/22/20151 network research at college of computing and digital media james yu, ph.d. associate...

04/19/2304/19/23 11

Network ResearchNetwork Researchat at

College of Computing College of Computing and Digital Mediaand Digital Media

James Yu, Ph.D.James Yu, Ph.D.Associate Associate ProfessorProfessor

DePaul UniversityDePaul [email protected]@cdm.depaul.ed

uu08/31/09 DePaul University 1

OutlineOutline

Wireless LAN Security Protection Wireless LAN Security Protection against DoS Attacksagainst DoS Attacks

VoIP Traffic Engineering VoIP Traffic Engineering Netconf for Configuration Netconf for Configuration

ValidationValidation Hybrid Routing for MANETHybrid Routing for MANET

08/31/09 DePaul University 2

WLAN Security: Problem Statement

It is relatively easy for a hacker to send a faked deauthenitcaiton or disaasoication frame to a wireless client, and to terminate its connection to the Wireless Access Point (WAP).

Making it worse, a hacker could flood a wireless client with deauthentication or disassociatation frames.

During the attacks, communications to the client are dead.

802.11i provides an effective mechanism to address crypto attacks, but it does not prevent most DoS attacks.


Research Approach Building an empirical framework to

study DoS attacks over WLANs. Investigation of DoS attacks on

wireless communication. 802.11w – a draft solution to the

problem Network simulation of WLAN DoS

Attacks Implementation and improvement of

802.11w to resolve DoS attacks. Verification and Validation


DeauthF and DisassF DoS attacks

1.Deauthentication Flooding (DeauthF): A hacker floods the WLAN with faked deauthentication frames to force authenticated wireless clients to drop their connections with the AP.

2.Disassociation Flooding (DisassF): The attacker floods disassociation frames to wireless clients to force them to disconnect from the AP.


Test Environment for WLAN DoS Attacks


Flow Analysis of Deauthentication

attacks


802.11w (draft) A new draft standard to enhance

802.11i capability 802.11w extends the security

protection to 802.11 management frames

Deauthentication or disassociation frames are encrypted and sent to the client. The client check for the authenticity of the management frame and then accept (or reject) it.


Implementation and Analyses of 802.11w

We implement and investigate the performance and effectiveness of 802.11w to protect the management frames of deauthentication and disassociation.

We use the ns-2 simulator to analyze 802.11w under four cases. They are the 1. normal WLAN, 2. the WLAN under DeauthF, 3. the WLAN under DeauthF-802.11w, and 4. the WLAN under DeauthF-802.11w w/ Traffic

Shaping.


WLAN under Deauthentication Attacks


WLAN under 802.11w Protection


Traffic Shaping An enhancement implemented in the 802.1w

solution. Monitor the DoS attacking rate. When the attacking rate is higher than a

threshold value (which is configurable), the client will shape the traffic to no more than 10 fps.

When the attacking rate is below the threshold value, the standard 802.11w operation continues.


WLAN under Protection of

802.11w and Traffic Shaping


Contribution and Future Research

Empirical work Implementation of 802.11w To develop a queuing model to

explain the attacking scenarios. The queuing model is to be validated

by the empirical results and also the ns-2 simulation model.


Voice Traffic EngineeringVoice Traffic Engineering Goal: Design the network with sufficient Goal: Design the network with sufficient

capacity to meet the traffic demand with capacity to meet the traffic demand with satisfactory performancesatisfactory performance

Demand (A) - Traffic Intensity Demand (A) - Traffic Intensity

number of calls × duration of average callsnumber of calls × duration of average calls

ErlangErlang Resources (N) – Number of TrunksResources (N) – Number of Trunks Grade of Service (GoS) – blocking probabilityGrade of Service (GoS) – blocking probability Erlang B ModelErlang B Model


VoIP NetworkVoIP Network

PSTN Switch

SS7

IP (public)

Trunk MG

SoftSwitch

SS7

IP (private)

IP (internal)

PSTN Switc

h

Access MG

Call Manager(SIP Proxy)

SoftSwitch

V V V V Call Manager(Enterprise)

Trunk MG

Q.931

MG: Media Gateway

Carrier VoIPNetwork


Call Admission Control Call Admission Control (CAC)(CAC)

The network (call manager or softswitch) The network (call manager or softswitch) accepts a call request only if it could guarantee accepts a call request only if it could guarantee the quality of service (QoS) of the call.the quality of service (QoS) of the call.

In a network with dedicated bandwidth for In a network with dedicated bandwidth for VoIP, we can calculate VoIP, we can calculate the max number of the max number of simultaneous callssimultaneous calls based on the allocated based on the allocated bandwidth.bandwidth. This is the parameter N of the Erlang-B modelThis is the parameter N of the Erlang-B model Maximum Call Load Maximum Call Load

When there are N calls in the network, any When there are N calls in the network, any new call request will be rejected – new call request will be rejected – Same as Same as no trunks are availableno trunks are available to route the call. to route the call.


Experimental ResultsExperimental Results(Bandwidth Utilization)(Bandwidth Utilization)

0%

20%

40%

60%

80%

100%

Switched(10M)

768K(Serial)

2M(Serial)

4M(Serial)

10BaseT(HD)

100M(FD)

G.711G.729AG.723.1

Bandwidth Utilization = observed max call load ÷ expected max call load

08/31/09 DePaul University

Problem!

18

Analysis – Limiting Analysis – Limiting ResourceResource

Most studies consider the bandwidth (bps) Most studies consider the bandwidth (bps) as the limiting resource for the VoIP as the limiting resource for the VoIP network.network.

In our experiment, the device (router) is the In our experiment, the device (router) is the limiting resource.limiting resource. Packet Throughput of Cisco 2600 router: 15,000 Packet Throughput of Cisco 2600 router: 15,000

ppspps

15,000 ÷ (1000 ÷ 20) ÷ 4 = 75 calls/sec

Packet sampling rate: 20 ms


Current ResearchCurrent Research

Establish a research project with Establish a research project with Neutral Tandem – a Telecommunications Neutral Tandem – a Telecommunications Service Provider which has an IP-code Service Provider which has an IP-code network for voice traffic.network for voice traffic.

Collect and analyze the real traffic dataCollect and analyze the real traffic data Build a traffic engineering modelBuild a traffic engineering model

Model developmentModel development Model validationModel validation


NetconfNetconffor for

Network Network ManagementManagement


Network Management Network Management RequirementsRequirements

Easy to use Easy to use Ability to manipulate complete device Ability to manipulate complete device

configuration rather than individual entities configuration rather than individual entities Support multiple configurationsSupport multiple configurations Configuration transactions across multiple Configuration transactions across multiple

devices simultaneously devices simultaneously Human-readable format Human-readable format Integration with existing security Integration with existing security

infrastructureinfrastructure


Evolution of Network Evolution of Network ManagementManagement

Command-Oriented

Object-Oriented

Document-Oriented

Variable-Oriented

Transaction-Oriented

Vendor specific

SNMP/MIB

CORBA

XML-Based

NETCONFNETCONF


NETCONF TransportNETCONF Transport

Secure Shell (SSH) Secure Shell (SSH) Mandatory for NETCONF implementationMandatory for NETCONF implementation Secured Secured

Simple Object Access Protocol (SOAP)Simple Object Access Protocol (SOAP) SOAP over HTTP(s)SOAP over HTTP(s) Web Services support Web Services support

Blocks Extensible Exchange Protocol (BEEP)Blocks Extensible Exchange Protocol (BEEP) peers on the transport levelpeers on the transport level

NETCONFAgent

NETCONFManager

SSHSSH

SOAPSOAP

BEEPBEEP


Netconf-based Validation System


Data Model for Netconf Validation


Current Research Joint Research work with Tail-f which

provides the Netconf manager and Netconf agent.

Developing a formal language (based on Yang) to specify the data requirements.

Software Modules Parsers (requirements) Data aggregator (device configuration data) Validation

2nd phase: automation of configuration.


Position-based RoutingBackground

The cost of collecting and maintaining routing information in MANET is high.

On demand routing solves the problem partially, but still costly when mobility is involved.

Location Based Routing (using geographical information) became feasible with the spread of location-aware devices MANET: Mobile Ad Hoc Network


Location-Based Routing Greedy Forwarding: move the packet to

the node closer to destination. Pros:

No topology information is required No routing loops used by many location-based routing

protocols Cons:

Cannot recover dead ends (when the node holding the packet is closer to the destination than its neighbors)

Difficult to get the destination location


HMRP Approach Integration of both location-based

routing and on demand routing Two forwarding modes

Default is Greedy Forwarding Location information is required for first hop only

Obtained by exchanging a periodic hello message

On Demand shortest-path Used to recover greedy dead-ends Controlled broadcast mechanism to obtain route

and geographical information in one request/reply pair

Shortest path will be cached and served as a backup route


HMRP Approach (cont’d)

HMRP optionally utilizes a Minimum Connected Dominating Set (MCDS) Limit location and route requests to MCDS HMRP can automatically detect and adopt to

MCDS if exist HMRP adopts the concept of clustering in a loose

manner where a child node can accept replies from any neighboring Dominating nodes if they provide better route information

When a child node needs to send information requests, it forwards the request to its dominator which invokes the broadcast mechanism

Improved scalability and less overhead08/31/09 DePaul University 31

Performance Evaluation

0

2

4

6

8

10

12

14

16

18

0 5 10 15 20 25 30

Speed (m/s)

Perc

enta

ge o

f pac

kets

lost

(%)

HMRP AODV GPSR

Packet loss

0

50

100

150

200

250

300

0 5 10 15 20 25 30

Speed (m/s)A

vera

ge L

aten

cy (m

s)

HMRP AODV GPSR

End-to-End Latency

Performance results are from the ns2 simulator.


Performance Evaluation

1.51.71.92.12.32.52.72.93.13.33.5

0 5 10 15 20 25 30

Speed (m/s)

Ave

rage

Pat

h Le

ngth

(hop

s)

HMRP AODV GPSR

0

0.5

1

1.5

2

2.5

3

0 5 10 15 20 25 30

speed (m/s)

cont

rol t

o da

ta p

acke

t rat

io

HMRP AODV GPSR

Path Length Overhead


HMRP Summary

A new approach that combines on demand and location based routing:

HMRP has the benefits of both approaches Performance improvement over both

Location-Based and On-Demand Provide a new metric (routing capability)

which is exchanged in the hello message. This metric is used to improve routing decisions. It is calculated based on several factors such as available node power, and number of packets forwarded


9/22/20151 network research at college of computing and digital media james yu, ph.d. associate...

Documents

depaul university deauthf

w w traffic

depaul university802

depaul universitycontribution

depaul universitywlan

manet083109depaul university

w solution

w operation