1 / 26

Witness-based Detection of Forwarding Misbehavior in Wireless Networks

Witness-based Detection of Forwarding Misbehavior in Wireless Networks. Sookhyun Yang , Sudarshan Vasudevan, Jim Kurose University of Massachusetts Amherst. Outline. Introduction Witness-based detection: approach Witness-based detection: properties Detection accuracy with unreliable links.

toni
Download Presentation

Witness-based Detection of Forwarding Misbehavior in Wireless Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Witness-based Detection of Forwarding Misbehavior in Wireless Networks Sookhyun Yang, Sudarshan Vasudevan, Jim Kurose University of Massachusetts Amherst

  2. Outline Introduction Witness-based detection: approach Witness-based detection: properties Detection accuracy with unreliable links

  3. Motivation • In a wireless ad-hoc network, an authenticated node on forwarding path can be compromised • Goal: verify that each node on data forwarding path is correctly forwarding packets • Control-plane verification: against routing control disruption • Data-plane verification: against forwarding misbehavior • This paper: witness-based detection to verify correct (data-plane) forwarding, identify source(s) of forwarding misbehavior.

  4. Problem Statement data data data data ack ack ack ack Reliable hop-by-hop data forwarding in a wireless ad hoc network S A B C D Destination Source

  5. Problem Statement data data data data ack ack ack ack Reliable hop-by-hop data forwarding in a wireless ad hoc network S A B C D Destination Source Question: How to verify that node B correctly forwards frame to C on S-A-B-C-D path? 5

  6. Prior Work: Neighborhood Watch Node B’s transmission range Node A’s transmission range W data data A B C Witness node W overhears A and B, decides B’s forwarding correctness based on mismatch rate between incoming and outgoing data packets at B. Decision is error-prone so approach depends on long-term or cumulative observation for high accuracy!

  7. Prior Work: Data-path-based Detection Data A B C ACK ACK Without witness nodes, upstream node A decides node B’s forwarding correctness based on node C’s ACK packet forwarded by node B. Decision is also error prone: node C can be compromised and a reverse path from node C to node A can be unreliable!

  8. Outline Introduction Witness-based detection: approach Witness-based detection: properties Detection accuracy with unreliable links 8

  9. Our Work: Witness-based Detection Node C’s transmission range Node B’s transmission range W Evidence Data A B C Evidence ACK W Evidence Upstream node A decides node B’s forwarding correctness based on “tamper-proof evidence” transmitted through diverse paths.

  10. Tamper-proof Evidence H[ ] Message KB( ) |addr(C) M Node B says “I sent message M to node C.” Address of a data recipient, node C Private key of a data forwarder, node B • B-signed message checksum: • Timestamp t

  11. Node C’s Evidence Generation W B C “ACK-based Evidence” KC( ) , tc B-Signed message checksum , H[M|addr(C)] Data = M | B-Signed message checksum Node C says “I received message M at tc from node B.”

  12. Node W’s Evidence Generation 1. W generates “Data-based evidence”: KW(B-Signed message checksum, H[M|addr(C)], tW) Node W says “I overheard message M at tw from node B.” W B C ACK-based evidence Data = M | B-Signed message checksum W 2. W relays “ACK-based evidence: Node W says “I overheard node C saying it (node C) received message M at tc from node B”

  13. Node A’s Decision Algorithm on Node B • Initially assume that once evidence is successfully generated, evidence does not fail to reach node A. • Lemma1: No evidence implies that node B does not correctly forward a data packet to node C. • Lemma2: Consistent evidence implies node B correctly forwards a data packet to node C. • For deriving whether evidence is consistent, upstream node A knows the correct checksum and message order. • If the checksum and message order of evidence do not have difference from node A’s, we call that evidence consistent.

  14. Outline Introduction Witness-based detection: approach Witness-based detection: properties Detection accuracy with unreliable links 14

  15. When Node B is Compromised W B C A compromised Packet drop: no evidence received at A

  16. When Node B is Compromised W Inconsistent evidence compromised B C A ? Fake forwarding: inconsistent Data-based evidence received from witness node W and no ACK-based evidence from node C

  17. What if Node W or C is Compromised? W compromised Inconsistent evidence Data packet B C A Consistent evidence • Badmouthing: W or C is compromised • W or C can generate fake inconsistent evidence for falsely accusing uncompromised node B. • If there is at least one uncompromised node, node A can receive consistent evidence from that node. • If there is no collusion, node A can recognize node W is compromised.

  18. When Multiple Nodes Are Compromised W1 compromised Inconsistent evidence Inconsistent evidence B C A compromised W2 Consistent evidence • Node B is not compromised • If there is at least one uncompromised node, node A receives consistent evidence as well as inconsistent evidence.

  19. When Multiple Nodes Are Compromised W1 compromised B C A compromised W2 • Node B is compromised • If node B and node W1 do not collude, consistent evidence cannot exist.

  20. Outline Introduction Witness-based detection: approach Witness-based detection: properties Detection accuracy with unreliable links 20

  21. Detection Accuracy in Lossy Links • With reliable links, witness-based detection has no detection errors. • Using an analytical model, we compare data-path-based detection with witness-based detection in lossy links. • ploss: the loss probability that a node fails to receive or overhear a packet from its one-hop neighbor • pc: the probability that a node is compromised • Λ: the expected number of witness nodes based on 2D-Poisson distribution • Metric • FPP (False Positive Probability) • FNP (False Negative Probability): Without collusion, FNP is equal to 0 in both detection schemes.

  22. Detection Accuracy in Lossy Links Data-path-based detection pc=0.5 Consistent evidence can be lost in lossy links. As density of witness nodes (Λ) grows, FPP decreases by enhancing the availability of consistent evidence.

  23. Detection Accuracy in Lossy Links When a link is reliable, case 2 (badmouthing) dominates FPP. When a link is unreliable, FPP by case 1 increases, but FPP by case 2 decreases.

  24. Conclusion • Witness-based detection makes instantaneous decision more precise by using witness nodes, rather than longterm or cumulative observation. • Witness-based detection supports error-free detection under various threat scenarios in reliable links. • Using an analytical model, we showed that witness-based detection can support low FPP and no FNP even in the presence of lossy wireless links.

  25. Open Questions Collusion Evaluation of Communication Overhead

  26. Thank you! Q&A

More Related