Slander-Resistant Forwarding Isolation in Ad Hoc Networks

Slander-Resistant Forwarding Isolation in Ad Hoc Networks

This paper focuses on how to isolate attackers that inject packets to cause Denial-of-Service (DoS) in ad hoc networks. Our security analysis shows that current hop-by-hop source authentication protocols only partially achieve the defence goals, although they allow legitimate nodes to effectively id...

Full description

Saved in:
Bibliographic Details
Main Authors: GU, Qijun, CHU, Chao-Hsien, LIU, Peng, ZHU, Sencun
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2006
Subjects:
denial of service
DoS attacks
source authentication
Chinese remainder theorem
CRT
slander-resistant forwarding isolation
ad hoc networks
wireless networks
authentication protocols
packet filters
attacker isolation
security
packet injection attacks
mobile networks
Computer Sciences
Digital Communications and Networking
Online Access:https://ink.library.smu.edu.sg/sis_research/1192
http://dx.doi.org/10.1504/IJMNDI.2006.012086
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:This paper focuses on how to isolate attackers that inject packets to cause Denial-of-Service (DoS) in ad hoc networks. Our security analysis shows that current hop-by-hop source authentication protocols only partially achieve the defence goals, although they allow legitimate nodes to effectively identify and discard injected or modified packets. The other important defence goal, which has not been achieved yet, is to isolate the attackers so that they cannot inject in the future. Current authentication protocols provide evidence of injection attacks, since injected packets will incur verification failures. Nevertheless, the evidence may be exploited by attackers to deceive defenders. We find that a non-injection attacker can slander any good forwarding node in a route by modifying the authentication information carried in the packets. In order to correctly isolate suspicious nodes, we propose a new authentication approach. The approach not only preserve the function to filter junk packets as in current authentication approaches, but also help to isolate the attackers with a high probability. This approach ensures that defenders can focus on investigating only two nodes to find out the real attacker once failed verifications are detected.

Similar Items