-
[show abstract]
[hide abstract]
ABSTRACT: Recent work in multicast routing for wireless mesh networks has focused on metrics that estimate link quality to maximize throughput. Nodes must collaborate in order to compute the path metric and forward data. The assumption that all nodes are honest and behave correctly during metric computation, propagation, and aggregation, as well as during data forwarding, leads to unexpected consequences in adversarial networks where compromised nodes act maliciously. In this work, we identify novel attacks against high-throughput multicast protocols in wireless mesh networks. The attacks exploit the local estimation and global aggregation of the metric to allow attackers to attract a large amount of traffic. We show that these attacks are very effective against multicast protocols based on high-throughput metrics. We conclude that aggressive path selection is a double-edged sword: While it maximizes throughput, it also increases attack effectiveness in the absence of defense mechanisms. Our approach to defend against the identified attacks combines measurement-based detection and accusation-based reaction techniques. The solution accommodates transient network variations and is resilient against attempts to exploit the defense mechanism itself. A detailed security analysis of our defense scheme establishes bounds on the impact of attacks. We demonstrate both the attacks and our defense using ODMRP, a representative multicast protocol for wireless mesh networks, and SPP, an adaptation of the well-known ETX unicast metric to the multicast setting.
IEEE Transactions on Mobile Computing 06/2011; · 2.28 Impact Factor
-
[show abstract]
[hide abstract]
ABSTRACT: This paper presents the first hierarchical byzantine fault-tolerant replication architecture suitable to systems that span multiple wide-area sites. The architecture confines the effects of any malicious replica to its local site, reduces message complexity of wide-area communication, and allows read-only queries to be performed locally within a site for the price of additional standard hardware. We present proofs that our algorithm provides safety and liveness properties. A prototype implementation is evaluated over several network topologies and is compared with a flat byzantine fault-tolerant approach. The experimental results show considerable improvement over flat byzantine replication algorithms, bringing the performance of byzantine replication closer to existing benign fault-tolerant replication techniques over wide area networks.
IEEE Transactions on Dependable and Secure Computing 04/2010; · 1.14 Impact Factor
-
[show abstract]
[hide abstract]
ABSTRACT: The goal of enabling ubiquitous video broadcasting on the Internet has been a long cherished vision in the networking community. Prior efforts aimed at achieving this goal based on the IP Multicast architecture have been unsuccessful. In recent years, peer-to-peer (P2P) streaming has emerged as a promising alternative technology, which has matured to the point that there are several commercial offerings available to users. While these developments are encouraging, P2P streaming systems are susceptible to attacks by malicious participants, and their viability depends on how effectively they can perform under such attacks. In this paper, we explore this issue in the context of mesh-based designs, which have emerged as the dominant architecture for P2P streaming. We provide a taxonomy of the implicit commitments made by nodes when peering with others. We show that when these commitments are not enforced explicitly, they can be exploited by malicious nodes to conduct attacks that degrade the data delivery service. We consider an important class of attacks where malicious nodes deliberately become neighbors of a large number of nodes and do not upload data to them. We focus on these attacks given the limited attention paid to them, and the significant impact they can have on overall data delivery. We present mechanisms that can enhance the resilience of mesh-based streaming against such attacks. A key part of the solution is a novel reputation scheme that combines feedback from both the control and data planes of the overlay. We evaluate our design with real-world experiments on the PlanetLab testbed and show that our design is effective. Even when there are 30% attackers, nodes can receive 92% of the data with our schemes compared to 10% of the data without our schemes. Overall these results indicate the feasibility of enabling effective P2P streaming even under the presence of malicious participants.
Communication Systems and Networks (COMSNETS), 2010 Second International Conference on; 02/2010
-
[show abstract]
[hide abstract]
ABSTRACT: Hybrid networks consisting of cellular and Wi-Fi networks were proposed as a high-throughput architecture for cellular services. In such networks, devices equipped with cellular and Wi-Fi network cards access Internet services through the cellular base station. The Wi-Fi interface is used to provide a better service to clients that are far away from the base station, via multihop ad hoc paths. The modified trust model of hybrid networks generates a set of new security challenges as clients rely on intermediate nodes to participate effectively in the resource reservation process and data forwarding. In this paper, we introduce JANUS, a framework for scalable, secure, and efficient routing for hybrid cellular and Wi-Fi networks. JANUS uses a scalable routing algorithm with multiple channel access, for improved network throughput. In addition, it provides protection against selfish nodes through a secure crediting protocol and protection against malicious nodes through secure route establishment and data forwarding mechanisms. We evaluate JANUS experimentally and show that its performance is 85 percent of the optimum algorithm, improving with a factor greater than 50 percent over previous work. We evaluate the security overhead of JANUS against two types of attacks: less aggressive, but sufficient for some applications, selfish attacks and purely malicious attacks.
IEEE Transactions on Dependable and Secure Computing 01/2010; · 1.14 Impact Factor
-
[show abstract]
[hide abstract]
ABSTRACT: Multihop wireless networks rely on node cooperation to provide multicast services. The multihop communication offers increased coverage for such services but also makes them more vulnerable to insider (or Byzantine) attacks coming from compromised nodes that behave arbitrarily to disrupt the network. In this work, we identify vulnerabilities of on-demand multicast routing protocols for multihop wireless networks and discuss the challenges encountered in designing mechanisms to defend against them. We propose BSMR, a novel secure multicast routing protocol designed to withstand insider attacks from colluding adversaries. Our protocol is a software-based solution and does not require additional or specialized hardware. We present simulation results that demonstrate that BSMR effectively mitigates the identified attacks.
IEEE Transactions on Mobile Computing 05/2009; · 2.28 Impact Factor
-
[show abstract]
[hide abstract]
ABSTRACT: In recent years, network coding has emerged as a new communication paradigm that can significantly improve the efficiency of network protocols by requiring intermediate nodes to mix packets before forwarding them. Recently, several real-world systems have been proposed to leverage network coding in wireless networks. Although the theoretical foundations of network coding are well understood, a real-world system needs to solve a plethora of practical aspects before network coding can meet its promised potential. These practical design choices expose network coding systems to a wide range of attacks. In this paper, we identify two general frameworks that encompass several network coding-based systems proposed for unicast in wireless networks. Our systematic analysis of the components of these frameworks reveals vulnerabilities to a wide range of attacks, which may severely degrade system performance. Adequate understanding of these threats is essential to effectively design secure practical network coding systems.
Secure Network Protocols, 2008. NPSec 2008. 4th Workshop on; 11/2008
-
[show abstract]
[hide abstract]
ABSTRACT: Wireless mesh networks (WMNs) have emerged as a promising technology that offers low-cost community wireless services. Security is critical for the deployment of these services. Previous work focused primarily on MAC and routing protocol security, while application-level security has received relatively little attention. In this paper we focus on providing data confidentiality for group communications in WMNs. We propose a new protocol framework, secure group overlay multicast (SeGrOM), that employs decentralized group membership, promotes localized communication, and exploits the wireless broadcast nature to achieve efficient and secure group communication. We analyze the performance and discuss the security properties of our protocols. We demonstrate through simulations that our protocols provide good performance and incur a significantly smaller overhead than a baseline centralized protocol optimized for WMNs.
World of Wireless, Mobile and Multimedia Networks, 2008. WoWMoM 2008. 2008 International Symposium on a; 07/2008
-
[show abstract]
[hide abstract]
ABSTRACT: Recent work in multicast routing for wireless mesh networks has focused on metrics that estimate link quality to maximize throughput. Nodes must collaborate in order to compute the path metric and forward data. The assumption that all nodes are honest and behave correctly during metric computation, propagation, and aggregation, as well as during data forwarding, leads to unexpected consequences in adversarial networks where compromised nodes act maliciously. In this work we identify novel attacks against high-throughput multicast protocols in wireless mesh networks. The attacks exploit the local estimation and global aggregation of the metric to allow attackers to attract a large amount of traffic. We show that these attacks are very effective against multicast protocols based on high-throughput metrics. This leads us to conclude that aggressive path selection is a double-edged sword: it maximizes throughput, but in the absence of protection mechanisms it also increases attack effectiveness. Our approach to mitigate the identified attacks combines measurement-based detection and accusation- based reaction techniques. The solution also accommodates transient network variations and is resilient against attempts to exploit the defense mechanism itself. We demonstrate the attacks and our defense using ODMRP, a representative multicast protocol for wireless mesh networks, and SPP, an adaptation of the well- known ETX unicast metric to the multicast setting.
Sensor, Mesh and Ad Hoc Communications and Networks, 2008. SECON '08. 5th Annual IEEE Communications Society Conference on; 07/2008
-
[show abstract]
[hide abstract]
ABSTRACT: Key requirements of effective distance learning are interactivity among participants and the student's sense of presence in the classroom. This system meets those requirements, letting the instructor perceive remote students' body language and facial expressions as they listen and speak, and letting remote students participate in the on-campus classroom.
IEEE Computer Graphics and Applications 02/2008; · 1.41 Impact Factor
-
[show abstract]
[hide abstract]
ABSTRACT: In this paper, we present an extensive study of key dissemination schemes in an overlay multicast context, and the first to involve actual implementation, real traces, and performance in Internet environments. Given that rekey traffic has stronger resilience requirements and is burstier than data traffic, we consider whether data and keys must be distributed using the same overlay or using two separate dissemination structures. Our key findings are: (i) a coupled architecture is effective in achieving resilient key dissemination. Using TCP in each hop of the dissemination structure (an opportunity unique to overlays) is effective in achieving resiliency in end-to-end key delivery. The performance can be further enhanced if convergence properties of overlays are considered; and (ii) a coupled architecture optimized for data delivery has high overheads, while a coupled architecture optimized for key delivery may not honor access bandwidth constraints of nodes. Distributing data and keys using separate overlays achieves low overhead for key dissemination while honoring access bandwidth constraints of nodes.
IEEE Journal on Selected Areas in Communications 01/2008; · 3.41 Impact Factor
-
[show abstract]
[hide abstract]
ABSTRACT: A new online distance learning system was created by an interdisciplinary team comprised of computer science, graphics, networking, security, and educational science faculty and graduate students to research, implement, and assess the ability to extend a face-to-face classroom to accommodate remotely located students. Comprised of a face-to-face classroom setting with remote students' images projected on the wall of the classroom, this "virtual classroom" is a 3-D rendering of a geometric model populated with real-time video avatars of remote students. Through increased presence, (i.e. being able to view remote students' facial expressions, general body language) and better integration of the virtual classroom into the local classroom, developers intended to increase both learning and motivation to learn. In a formative evaluation regarding the "presence" and "interactivity" afforded by the system, the following elements were analyzed: learning; social, cognitive, and physical presence; student-to-content interaction; and student-to-technology interaction. This paper reports on this new distance learning technology and the evaluation used to assess its effectiveness.
Frontiers In Education Conference - Global Engineering: Knowledge Without Borders, Opportunities Without Passports, 2007. FIE '07. 37th Annual; 11/2007
-
[show abstract]
[hide abstract]
ABSTRACT: In this work we identify vulnerabilities of on- demand multicast routing protocols for multi-hop wireless networks and discuss the challenges encountered in designing mechanisms to defend against them- We propose BSMR, a novel secure multicast routing protocol that withstands insider attacks from colluding adversaries. Our protocol is a software-based solution and does not require additional or specialized hardware. We present simulation results which demonstrate that BSMR effectively mitigates the identified attacks.
Sensor, Mesh and Ad Hoc Communications and Networks, 2007. SECON '07. 4th Annual IEEE Communications Society Conference on; 07/2007
-
[show abstract]
[hide abstract]
ABSTRACT: This paper presents the first hierarchical Byzantine fault-tolerant replication architecture suitable to systems that span multiple wide area sites. The architecture confines the effects of any malicious replica to its local site, reduces message complexity of wide area communication, and allows read-only queries to be performed locally within a site for the price of additional hardware. A prototype implementation is evaluated over several network topologies and is compared with a flat Byzantine fault-tolerant approach
Dependable Systems and Networks, 2006. DSN 2006. International Conference on; 02/2006
-
[show abstract]
[hide abstract]
ABSTRACT: Survivable routing protocols are able to provide service in the presence of attacks and failures. The strongest attacks that protocols can experience are attacks where adversaries have full control of a number of authenticated nodes that behave arbitrarily to disrupt the network, also referred to as Byzantine attacks. This work examines the survivability of ad hoc wireless routing protocols in the presence of several Byzantine attacks: black holes, flood rushing, wormholes and overlay network wormholes. Traditional secure routing protocols that assume authenticated nodes can always be trusted, fail to defend against such attacks. Our protocol, ODSBR, is an on-demand wireless routing protocol able to provide correct service in the presence of failures and Byzantine attacks. We demonstrate through simulation its effectiveness in mitigating such attacks. Our analysis of the impact of these attacks versus the adversarys effort gives insights into their relative strengths, their interaction and their importance when designing wireless routing protocols.
Security and Privacy for Emerging Areas in Communications Networks, 2005. SecureComm 2005. First International Conference on; 10/2005
-
[show abstract]
[hide abstract]
ABSTRACT: In this paper we analyze the security vulnerabilities of positionbased routing protocols and virtual home region (VHR)-based distributed position service systems. We propose methods to protect the position information from both external and internal attackers. We then discuss and propose several mitigation mechanisms against position abuse by internal attackers that exploit the position service to trace their targets. Finally, we propose a position verification mechanism that allows the position service to verify that the positions reported by nodes are correct.
Security and Privacy for Emerging Areas in Communications Networks, 2005. SecureComm 2005. First International Conference on; 10/2005
-
[show abstract]
[hide abstract]
ABSTRACT: Group communication systems are high-availability distributed systems providing reliable and ordered message delivery, as well as a membership service, to group-oriented applications. Many such systems are built using a distributed client-server architecture where a relatively small set of servers provide service to numerous clients. In this work, we show how group communication systems can be enhanced with security services without sacrificing robustness and performance. More specifically, we propose several integrated security architectures for distributed client-server group communication systems. In an integrated architecture, security services are implemented in servers, in contrast to a layered architecture, where the same services are implemented in clients. We discuss performance and accompanying trust issues of each proposed architecture and present experimental results that demonstrate the superior scalability of an integrated architecture.
IEEE Transactions on Dependable and Secure Computing 08/2005; 2(3):248- 261. · 1.14 Impact Factor
-
[show abstract]
[hide abstract]
ABSTRACT: We present DST, a dynamic spanning tree based algorithm, as a routing protocol for hybrid networks. It is scalable with the network size and achieves high throughput by taking advantage of multiple channels. DST maintains a close to optimal spanning tree of the network by using distributed topology trees. DST is fully dynamic and generates only O(log n) messages per update operation. We show experimentally that DST scales well with network size, making it ideal for metropolitan environment hybrid networks.
World of Wireless Mobile and Multimedia Networks, 2005. WoWMoM 2005. Sixth IEEE International Symposium on a; 07/2005
-
[show abstract]
[hide abstract]
ABSTRACT: Contributory group key agreement protocols generate group keys based on contributions of all group members. Particularly appropriate for relatively small collaborative peer groups, these protocols are resilient to many types of attacks. Unlike most group key distribution protocols, contributory group key agreement protocols offer strong security properties such as key independence and perfect forward secrecy. We present the first robust contributory key agreement protocol resilient to any sequence of group changes. The protocol, based on the Group Diffie-Hellman contributory key agreement, uses the services of a group communication system supporting virtual synchrony semantics. We prove that it provides both virtual synchrony and the security properties of Group Diffie-Hellman, in the presence of any sequence of (potentially cascading) node failures, recoveries, network partitions, and heals. We implemented a secure group communication service, Secure Spread, based on our robust key agreement protocol and Spread group communication system. To illustrate its practicality, we compare the costs of establishing a secure group with the proposed protocol and a protocol based on centralized group key management, adapted to offer equivalent security properties.
IEEE Transactions on Parallel and Distributed Systems 06/2004; · 1.40 Impact Factor
-
[show abstract]
[hide abstract]
ABSTRACT: This paper proposes several integrated security architecture designs for client-server group communication systems. In an integrated architecture, security services are implemented in servers, in contrast to a layered architecture where the same services are implemented in clients. We discuss the performance and accompanying trust issues of each proposed architecture and present experimental results that demonstrate the superior scalability of an integrated architecture.
DARPA Information Survivability Conference and Exposition, 2003. Proceedings; 05/2003
-
[show abstract]
[hide abstract]
ABSTRACT: Group key agreement (GKA) is a fundamental building block for securing peer group communication systems (GCS). Several group key agreement protocols were proposed in the past, all assuming an underlying group communication infrastructure. This paper presents a performance evaluation of 5 notable GKA protocols integrated with a reliable group communication system (Spread). They are: centralized group key distribution (CKD), Burmester-Desmedt (BD), Steer et al. (STR), group Diffie-Hellman GDH) and tree-based group Diffie-Hellman (TGDH).. We present concrete results obtained in experiments on local- and wide-area networks. Our analysis of these results offers insights into their relative scalability and practicality.
Distributed Computing Systems, 2002. Proceedings. 22nd International Conference on; 02/2002
