witness-based detection of forwarding misbehavior in wireless networks
DESCRIPTION
Witness-based Detection of Forwarding Misbehavior in Wireless Networks. Sookhyun Yang , Sudarshan Vasudevan, Jim Kurose University of Massachusetts Amherst. Outline. Introduction Witness-based detection: approach Witness-based detection: properties Detection accuracy with unreliable links. - PowerPoint PPT PresentationTRANSCRIPT
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer ScienceUUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Witness-based Detection of Forwarding
Misbehavior in Wireless Networks
Sookhyun Yang, Sudarshan Vasudevan, Jim Kurose
University of Massachusetts Amherst
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Outline
Introduction Witness-based detection:
approach Witness-based detection:
properties Detection accuracy with
unreliable links
2
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Motivation In a wireless ad-hoc network, an authenticated
node on forwarding path can be compromised
Goal: verify that each node on data forwarding path is correctly forwarding packets
Control-plane verification: against routing control disruption
Data-plane verification: against forwarding misbehavior
This paper: witness-based detection to verify correct (data-plane) forwarding, identify source(s) of forwarding misbehavior.
3
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Problem Statement
4
Reliable hop-by-hop data forwarding in a wireless ad hoc network
Source Destination
S A B C Dackackackack
data data data data
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Problem Statement
5
Reliable hop-by-hop data forwarding in a wireless ad hoc network
Source Destination
S A B C Dackackackack
data data data data
Question: How to verify that node B correctly forwards frame to Con S-A-B-C-D path?
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Prior Work: Neighborhood Watch
6
data
Node B’s transmission rangeNode A’s
transmission range
data
Witness node W overhears A and B, decides B’s forwarding correctness based on mismatch
rate between incoming and outgoing data packets at B.
Decision is error-prone so approach depends on long-term or cumulative observation for high
accuracy!
A B C
W
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Prior Work: Data-path-based Detection
7
Data
ACKACK
Without witness nodes, upstream node A decides node B’s forwarding correctness based on node C’s ACK packet forwarded by node B.
Decision is also error prone: node C can be compromised and a reverse path from node C to
node A can be unreliable!
A B C
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Outline
Introduction Witness-based detection:
approach Witness-based detection:
properties Detection accuracy with
unreliable links
8
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Our Work: Witness-based Detection
9
Data
Upstream node A decides node B’s forwarding correctness based on “tamper-proof evidence”
transmitted through diverse paths.
A B C
Node C’s transmission rangeNode B’s
transmission range
W
WACK
Evidence
Evidence
Evidence
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Tamper-proof Evidence B-signed message checksum:
Timestamp t
10
KB( )Private key of
a data forwarder,
node B
MessageM
Address of a data
recipient, node C
|addr(C)H[ ]
Node B says “I sent message M to node C.”
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Node C’s Evidence Generation
11
Data = M | B-Signed message checksum
KC( ) , tc
B C
W
, H[M|addr(C)]
Node C says “I received message M at tc from node B.”
B-Signed message checksum
“ACK-based Evidence”
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Node W’s Evidence Generation
12
Data = M | B-Signed message checksum
1. W generates “Data-based evidence”: KW(B-Signed message checksum, H[M|
addr(C)], tW)
B C
W
Node W says “I overheard message M at tw from node B.”
2. W relays “ACK-based evidence:W
ACK-based evidence
Node W says “I overheard node C saying it (node C) received message M at tc
from node B”
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Node A’s Decision Algorithm on Node B
Initially assume that once evidence is successfully generated, evidence does not fail to reach node A.
Lemma1: No evidence implies that node B does not correctly forward a data packet to node C.
Lemma2: Consistent evidence implies node B correctly forwards a data packet to node C.
For deriving whether evidence is consistent, upstream node A knows the correct checksum and message order.
If the checksum and message order of evidence do not have difference from node A’s, we call that evidence consistent.
13
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Outline
Introduction Witness-based detection:
approach Witness-based detection:
properties Detection accuracy with
unreliable links
14
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
When Node B is Compromised Packet drop: no evidence received at A
15
B C
W
Acompromised
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
When Node B is Compromised Fake forwarding: inconsistent Data-
based evidence received from witness node W and no ACK-based evidence from node C
16
B C
W
A
?
compromised
Inconsistent evidence
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
What if Node W or C is Compromised?
Badmouthing: W or C is compromised W or C can generate fake inconsistent evidence
for falsely accusing uncompromised node B. If there is at least one uncompromised node,
node A can receive consistent evidence from that node.
If there is no collusion, node A can recognize node W is compromised.
17
B CAData packet
WcompromisedInconsistent evidence
Consistent evidence
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
When Multiple Nodes Are Compromised
Node B is not compromised If there is at least one uncompromised
node, node A receives consistent evidence as well as inconsistent evidence.
18
B C
W1
A
W2
compromised
compromised
Inconsistent evidence
Inconsistent evidence
Consistent evidence
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
When Multiple Nodes Are Compromised
Node B is compromised If node B and node W1 do not
collude, consistent evidence cannot exist.
19
B C
W1
A
W2
compromised
compromised
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Outline
Introduction Witness-based detection:
approach Witness-based detection:
properties Detection accuracy with
unreliable links
20
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Detection Accuracy in Lossy Links
With reliable links, witness-based detection has no detection errors.
Using an analytical model, we compare data-path-based detection with witness-based detection in lossy links.
ploss: the loss probability that a node fails to receive or overhear a packet from its one-hop neighbor
pc: the probability that a node is compromised Λ: the expected number of witness nodes based on
2D-Poisson distribution Metric
FPP (False Positive Probability) FNP (False Negative Probability): Without collusion, FNP is
equal to 0 in both detection schemes.
21
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Detection Accuracy in Lossy Links
22
Data-path-based detection
pc=0.5Consistent evidence can be lost in lossy links.
As density of witness nodes (Λ) grows, FPP decreases by enhancing the availability of
consistent evidence.
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Detection Accuracy in Lossy Links
23
When a link is reliable, case 2 (badmouthing)
dominates FPP.
When a link is unreliable, FPP by case 1 increases,
but FPP by case 2 decreases.
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science 24
Conclusion Witness-based detection makes
instantaneous decision more precise by using witness nodes, rather than longterm or cumulative observation.
Witness-based detection supports error-free detection under various threat scenarios in reliable links.
Using an analytical model, we showed that witness-based detection can support low FPP and no FNP even in the presence of lossy wireless links.
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Open Questions
Collusion Evaluation of Communication
Overhead
25
UUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer ScienceUUNIVERSITY OF NIVERSITY OF MMASSACHUSETTSASSACHUSETTS, A, AMHERST • MHERST • Department of Computer Science Department of Computer Science
Thank you!Q&A