Showing papers by "Issa Khalil published in 2006"

MOBIWORP: Mitigation of the Wormhole Attack in Mobile Multihop Wireless Networks

Abstract: In multihop wireless systems, the need for cooperation among nodes to relay each other's packets exposes them to a wide range of security attacks. A particularly devastating attack is the wormhole attack, where a malicious node records control traffic at one location and tunnels it to a colluding node, possibly far away, which replays it locally. This can have an adverse effect on route establishment by preventing nodes from discovering legitimate routes that are more than two hops away. Previous works on tolerating wormhole attacks have focused only on detection and used specialized hardware, such as directional antennas or extremely accurate clocks. More recent work has addressed the problem of locally isolating the malicious nodes. However, all of this work has been done in the context of static networks due to the difficulty of secure neighbor verification with mobile nodes. The existing work on secure neighbor verification has limitations in accuracy, resource requirements, and applicability to ad-hoc and sensor networks. In this paper, we present a countermeasure for the wormhole attack, called MOBIWORP, which alleviates these drawbacks and efficiently mitigates the wormhole attack in mobile networks. MOBIWORP uses a secure central authority (CA) for global tracking of node positions. Local monitoring is used to detect and isolate malicious nodes locally. Additionally, when sufficient suspicion builds up at the CA, it enforces a global isolation of the malicious node from the whole network. The effect of MOBIWORP on the data traffic and the fidelity of detection is brought out through extensive simulation using ns-2

Mitigation of control and data traffic attacks in wireless ad-hoc and sensor networks

Abstract: ....................................................................................................................XII

Detection, Diagnosis, and Isolation of Control and Data Attacks in Sensor Networks

Abstract: Detection, Diagnosis, and Isolation of Control and Data Attacks in Sensor Networks Issa Khalil, Saurabh Bagchi, Cristina Nita-Rotaru, Ness B. Shroff Center for Wireless Systems and Applications (CWSA) School of Electrical & Computer Engineering and Department of Computer Science Purdue University Email: {ikhalil, sbagchi, crisn, shroff}@purdue.edu Contact Author: Saurabh Bagchi Abstract Sensor networks enable a wide range of applications in both military and civilian domains. However, the deployment scenarios, the functionality requirements, and the limited capabilities of these networks expose them to a wide-range of attacks against control traffic (such as wormholes, rushing, Sybil attacks, etc) and data traffic (such as selective forwarding). In this paper we propose a framework called DICAS that mitigates such attacks by detecting, diagnosing, and isolating the malicious nodes. DICAS uses as a fundamental building block the ability of a node to oversee its neighboring nodes’ communication. On top of DICAS, we build a secure routing protocol, LSR, that provides additional protection against malicious nodes by supporting multiple node-disjoint paths. We analyze the security guarantees of DICAS and use ns-2 simulations to show its effectiveness against representative control and data attacks. The overhead analysis we present shows that DICAS is a lightweight protocol appropriate for securing resource constrained sensor networks.

MOBIWORP:Mitigation oftheWormholeAttack inMobileMultihop Wireless Networks

Abstract: infeasible or expensive todeploy significant networking infrastructure. However, theopennature ofthewireless communication channels, thelackofinfrastructure, andthe Inmultihop wireless systems, theneedforcooperation hostile environments wheretheymaybedeployed, make amongnodes torelay each others packets exposes themtoa themvulnerable toawiderange ofsecurity attacks. These widerangeofsecurity attacks. A particularly devastating attacks could involve eavesdropping, message tampering, or attack isthewormhole attack, wherea malicious node identity spoofing, whichhavebeenaddressed bycustomized records control traffic atonelocation andtunnels ittoa cryptographic primitives. Manyattacks aretargeted directly colluding node, possibly faraway,whichreplays itlocally, atthedatatraffic bydropping alldatapackets (blackhole Thiscanhaveanadverse effect onrouteestablishment by attack), selectively dropping datapackets (grayhole attack), preventing nodes fromdiscovering legitimate routes that are andperforming statistical analysis onthedatapackets to morethantwohopsaway.Previous worksontolerating obtain critical information, suchasthelocation ofprimary wormhole attacks havefocused only ondetection andused entities inthenetwork. Foranattacker tobeabletolaunch specialized hardware, suchas directional antennasor damaging dataattacks, oneoption istohavealarge number extremely accurate clocks. Morerecent workhasaddressed ofpowerful adversary nodesdistributed overthenetwork theproblem oflocally isolating themalicious nodes.andpossessing cryptographic keys. Alternately, theattacker However, allofthis workhasbeendoneinthecontext of canachieve suchattacks byhaving afewpowerful adversary static networks duetothedifficulty ofsecureneighbor nodesthat neednotauthenticate themselves tothenetwork verification withmobile nodes. Theexisting workonsecure(i.e., external nodes). Theattacker canachieve thisby neighbor verification haslimitations inaccuracy, resourcetargeting specific control traffic inthenetwork. Typical requirements, andapplicability to ad-hocandsensorexamples ofcontrol traffic arerouting, monitoring liveness networks. Inthis paper, wepresent acountermeasure forthe ofa node, topology discovery, anddistributed location wormhole attack, called MOBIWORP, whichalleviates thesedetermination. A particularly severe control attack onthe drawbacks andefficiently mitigates thewormhole attack in