STATUS QUO: WIMAX PARAMETERS AND
MAC-LEVEL DoS ATTACKS
July 9th-11th, 2012
Katherine Cameron and Richard R Brooks
WiMAX networks are vulnerable to Denial of Service (DoS) attacks. Our work considers a new type of DoS attack that exploits WiMAX system parameters. The behavior of the WiMAX MAC level protocol is sensitive to such parameters. Analyzing parameters of the Bandwidth Contention Resolution (BCR) process of WiMAX, we will determine which have significant effect on client throughput. Experiments have been simulated using the ns-2 simulator and hardware experiments are currently being conducted on GENI WiMAX testbeds. Analysis of Variance (ANOVA) techniques are applied on throughput and packet-loss measurements to identify which parameters and combinations affect WiMAX vulnerability to DoS attacks. The primary goals of our research include:
• Compare effects of setting different values for a single parameter,
• Learn which parameter(s) are dominant, compare the effect of important parameter interactions,
• Provide recommendations on best settings for system parameters,
• And analyze difference between software and hardware
simulations and determine the accuracy of the ns-2 simulator.
- Software simulations analyzed a low, medium, and high setting for, frame duration, request_retries, and backoff_start, for a set of attacker SS’s and client SS’s. A total of 100 nodes were used and 3 ratios of attacker to client nodes were considered. In each experiment all SS’s used a constant-bit rate generator to send traffic for 120 s to a sink node. All parameter combinations were ran and ANOVA analysis of throughput and packet-loss measurements indicate that attacker settings have effect on user throughput, but are minimal in comparison to the following user SS’s settings:
- Frame duration explains about 21% of the variability, while request_retries accounts for another 31%,
- And the most significant 2nd order effect is the interaction of frame duration and request_retries, which accounts for an additional 18%.
- Initial hardware experiments that included 56 trials analyzed the effect of a low, medium, and high setting for backoff_start and backoff_end on an indoor and outdoor WiMAX environment. Figure 1 summarizes ANOVA results of these experiments.
Hardware simulations analyze the influence of two parameters on DoS attacks for client and attacker nodes. Both the indoor and outdoor WiMAX testbeds of Rutgers University’s ORBIT facility are used for experiments. All hardware experiments consist of 1 base station (BS), 8 WiMAX subscriber stations (SS’s) and 1 sink node. SS’s send UDP traffic for 120 s to the sink node and measurements are collected using ORBIT’s Measurement Library. Our work follows factorial experiment design for data collection and ANOVA is used for analysis. Some changes of the parameters were required between software and hardware simulation due to the WiMAX equipment used. Frame duration is fixed at 5 ms for WiMAX equipment and request_retries is no longer considered. The parameter backoff_end is used as a replacement for request_retries due to the role it plays in determining when data packets are dropped during BCR process which is similar to request_retries.
FIG. 1: INDOOR AND OUTDOOR HARDWARE RESULTS
- It is important to note the difference between the indoor and outdoor environments and also:
- Individual parameters do not have significant affect on throughput, but interaction of parameters are significant in indoor environment. (FO>For PROB> FO < 0.5),
- And 2nd-order interaction of backoff_start and backoff_end accounts for 10% of variance in outdoor and 42% in indoor.
FILE SYSTEM (/)
WIMAX SOURCE CODE
- We are determining which source files of the wimax-1.5.1 package for IntelCentrinoAdvanced + Wireless 6250handle system parameters and pass info to the firmware. Figure 3 displays wimax-1.5.1 file hierarchy. The following files may handle these duties:
- NDnSAgent_DB_Common.c, NDnSAgent_DB_Update.c
- Some of the parameters we are investigating are:
- Within the Linux file system is various WiMAX related files. Some our configuration files, other log files, but we are attempting to find out if the system parameters of BCR are stored somewhere within the file system. The Linux file system is displayed as a tree in Figure 2. The promising parent directories include:
- /proc - interface to kernel data structures
- /var - system writes to files within during operation
- /sys - exports kernel device info to user space
- /usr - secondary hierarchy for user data
- Each of these directories stores information related to WiMAX and network devices. Scripts are being used to write the contents of files from these directories to a text file that is later compared for different system parameters. Hopefully, we will find a specific file that changes to reflect system parameter changes. Controlling the system parameters could be accomplished by overwriting this specific file.
FIG. 2: LINUX FILE SYSTEM - WIMAX FILES
FIG. 3: WiMAX-1.5.1FILE SYSTEM
Future work includes completing the rest of hardware simulations on the indoor and outdoor testbeds and determining whether it is best to modify Linux memory or WiMAX drivers to allow us to set the client and attackers system parameters separately. Following conclusion of hardware experiments, we will conduct a full analysis of the parameters backoff_start and backoff_end and compare these results to the ns-2 simulations. Other possible future work includes:
- Expand experiments to include more than 8 nodes, possibly 20 or more nodes,
- Find a more complete response surface for the BCR parameters that significantly influence DoS vulnerability,
- And determine how BCR parameters affect other factors such as robustness to environmental conditions and other forms of DoS attacks.
- This material is based upon work supported by, or in part by, the EAGER-GENI Experiments on Network Security and Traffic Analysis contract/grant number CNS-1049765. Opinions expressed are those of the author and not the National Science Foundation.
- This research effort has contributed to the following publication and dissertation:
- J. Deng, R. R. Brooks, J. Martin. Assessing the Sensitivity of WiMAX Parameters to MAC-level DoS Attacks, International Journal of Performability Engineering. Volume 8, pages 163-178, 2012
- J. Deng, Connected Vehicle Information Assurance. Clemson University. May 2011