A Test-Bed for Mobile Ad-hoc Networks How Much Can Watchdogs Really - - PowerPoint PPT Presentation

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 1

A Test-Bed for Mobile Ad-hoc Networks

How Much Can Watchdogs Really Do?

Sonja Buchegger, Cedric Tissieres, Jean-Yves Le Boudec EPFL (Swiss Federal Institute of Technology Lausanne) WMCSA, December 3, 2004

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 2

Presentation Outline

• Problem: Detecting Misbehavior in Mobile Ad-hoc

Networks

• Attacks on Dynamic Source Routing (DSR)
• Detectability of Attacks
• Proposed Solution:
• Enhanced Passive Acknowledgment
• Test-Bed
• Performance Evaluation: Some Experimental Results
• Related Work
• Conclusions

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 3

Mobile Ad-hoc Networks

Network of devices, no infrastructure, nodes forward packets for others. Nodes cooperate to communicate.

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 4

But Why Cooperate? Misbehavior Pays Off

Selfish: to save power

Example: No or incorrect forwarding

Malicious: to attack the net

Example: Route deviation

Faulty: (no reason)

Example: Repeating packets

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 5

Here’s the Dilemma!

Tragedy of the Commons: Free ground for everyone to let sheep graze Individually: good to put many sheep Overall: too many sheep!

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 6

Problem Statement

• How can we make a system work despite misbehavior?
• Which types of misbehavior are actually detectable and

how?

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 7

Background: Dynamic Source Routing (DSR)

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 8

DSR - Route Request

R

• u

t e R e q u e s t ( D [ A , B ] )

A B C D E

Route Request(E[A]) Route Request(E[A]) R

• u

t e R e q u e s t ( E [ A , B ] ) Cache: E Route Request (E[A,B]) Route Request(E[A,C])

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 9

DSR - Route Reply

A B C D E

Route Reply(A, [E,B,A]) Route Reply(A, [E,D,C,A]) Route Reply(A, [E,D,C,A]) Route Reply(A, [E,B,A]) Cache: E

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 10

DSR – Data

A B C D E

Data(E, [A,C,D]) Cache: E Data(E, [A,C,D]) D a t a ( E , [ A , C , D ] )

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 11

Acknowledgments in DSR

• Explicit ACK
• Passive ACK
• Link-layer notification

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 12

Enhanced Passive Acknowledgment

• PACK: Overhearing of
• Forwarding
• Tampering
• Fabrication
• In addition: Packet

Reception

A B C

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 13

Attacks on DSR

• Dropping Attacks
• All or partial
• Omit Route Error
• Modification Attacks
• Forged routing packets
• Added nodes
• Last Hop External
• Salvage intact routes
• Loops
• Tamper with RREQ, RREP
• Decrease TTL
• Fabrication Attacks
• Forged RERR
• Spoofed RREQ
• Forged RREP
• Frequent RREQ
• Timing Attacks
• RREP

disproportionally fast

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 14

Test-Bed Components

• Piconet with PACK, enhanced PACK, and

attacks

• APE
• Netfilter with promiscuous mode
• Pcmcia-cs with promiscuous mode
• Setup: Laptops with Linux kernels 2.4.19 and

2.4.20, Orinoco Classic Gold 802.11b cards

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 15

Test-Bed Architecture

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 16

Implemented Example Attacks

• Header Modification
• Selfish Attacks
• Remove from RREP
• RERR modification
• Attacks work!
• Malicious Attacks
• Change Source Route
• RERR destination
• Attacks work!
• Partial Dropping
• Attack works!
• RERR Fabrication
• Attack works!

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 17

Experimental Results

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 18

Experimental Results II

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 19

Related Work: Economic Incentives

• Forwarding is

rewarded.

• Target: selfish/rational

nodes

• Examples:

nuglets/counters, Crowcroft, Sprite

• Solution only for the

non-forwarding type of misbehavior.

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 20

Related Work: Secure Routing

• Solution only for route
• discovery. Nodes can

still deviate traffic or drop packets.

• Using Cryptography to

secure route discovery

• Target: malicious

nodes

• Examples: Ariadne,

SRP, S-AODV, BISS

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 21

Related Work: Reputation Systems 1

• In MANET or P2P:
• Keep track of

misbehaving nodes, exclude them

• Target: misbehaving

nodes regardless of reason

• Examples: Watchdog,

CORE, Context, OCEAN, ID, Aberer, SECURE

• Either
• Use only first-hand

information, so only detect neighbors, or

• are vulnerable to

spurious ratings, or

• assume trust

transitivity, or

• nly consider

negative (positive) information

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 22

Related Work: Reputation Systems 2

• Centralized
• E-Commerce
• History of

transactions for future choice of partners

• Target: human

decision makers, agents

• Examples: E-Bay

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 23

Solution Proposal: CONFIDANT

• Target both routing and forwarding misbehavior
• Regardless whether selfish, faulty, or malicious
• Be able to detect misbehavior before meeting (use

second-hand information)

• Cope with spurious ratings
• Fully distributed

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 24

Purpose of CONFIDANT

• CONFIDANT detects misbehaving nodes

by means of observation or reports about several types of attacks

• and thus allows nodes

to route around misbehaved nodes and

to isolate misbehaved nodes from the network, so that misbehavior

does not pay off,

cannot continue, and

routes are functional.

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 25

F A B E C D G

Misbehavior

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 26

F A B E C D G

Publication

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 27

F A B E C D G

Isolation and Rerouting

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 28

Conclusions

• Watchdogs can work well
• Enhanced Passive ACK can detect quite a lot
• Watchdogs with enhanced PACK can give useful

input to misbehavior detection and reputation systems

• Need to do larger test-bed experiments to find

limitations, false positives

• Make code and documentation freely available

12/3/04 A Test-Bed for Mobile Ad-hoc Networks S. Buchegger, C. Tissieres, JY. Le Boudec 29

Watch This Space!

• Code and Documentation will be available from
• http://icapeople.epfl.ch/sbuchegg
• Soon.