A homomorphic linear authenticator (HLA) based public auditing architecture that allows the detector to verify the truthfulness of the packet loss information reported by nodes, and achieves significantly better detection accuracy than conventional methods such as a maximum-likelihood based detection.
Abstract:
In a multi-hop wireless ad hoc network, packet losses are attributed to harsh channel conditions and intentional packet discard by malicious nodes. In this paper, while observing a sequence of packet losses, we are interested in determining whether losses are due to link errors only, or due to the combined effect of link errors and malicious drop. We are especially interested in insider's attacks, whereby a malicious node that is part of the route exploits its knowledge of the communication context to selectively drop a small number of packets that are critical to network performance. Because the packet dropping rate in this case is comparable to the channel error rate, conventional algorithms that are based on detecting the packet loss rate cannot achieve satisfactory detection accuracy. To improve the detection accuracy, we propose to exploit the correlations between lost packets. Furthermore, to ensure truthful calculation of these correlations, we develop a homomorphic linear authenticator (HLA) based public auditing architecture that allows the detector to verify the truthfulness of the packet loss information reported by nodes. This architecture is privacy preserving, collusion proof, and incurs low communication and storage overheads. Through extensive simulations, we verify that the proposed mechanism achieves significantly better detection accuracy than conventional methods such as a maximum-likelihood based detection.
TL;DR: A channel-aware reputation system with adaptive detection threshold (CRS-A) to detect selective forwarding attacks in WSNs and identify the compromised sensor nodes is proposed, while the attack-tolerant data forwarding scheme can significantly improve the data delivery ratio of the network.
TL;DR: A comprehensive system called Audit-based Misbehavior Detection (AMD) that effectively and efficiently isolates both continuous and selective packet droppers and integrates reputation management, trustworthy route discovery, and identification of misbehaving nodes based on behavioral audits.
TL;DR: This work designs a promising privacy-preserving intrusion detection mechanism, the main feature of which is that the process of signature matching does not reveal any specific content of network packets by means of a fingerprint-based comparison.
TL;DR: The improved failure aware third party Auditor (IFTPA) based homomorphism linear authenticator (HLA) mechanism (IFHM) is proposed with the secured ad hoc on demand distance vector (SAODV) for trustworthiness verification of packet loss information and malicious node detection by dropping identifying of routing and data packet.
TL;DR: KDet is a decentralized protocol for the detection of forwarding faults by establishing overlapping logical boundaries that monitor the behavior of the routers within them, designed to be collusion resistant, ensuring that compromised routers cannot cover for others to avoid detection.
TL;DR: Two techniques that improve throughput in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so are described, using a watchdog that identifies misbehaving nodes and a pathrater that helps routing protocols avoid these nodes.
TL;DR: A short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyperelliptic curves is introduced, designed for systems where signatures are typed in by a human or signatures are sent over a low-bandwidth channel.
TL;DR: The Dynamic Source Routing protocol (DSR) is a simple and efficient routing protocol designed specifically for use in multi-hop wireless ad hoc networks of mobile nodes, and a summary of some of the simulation and testbed implementation results for the protocol is provided.
TL;DR: The provable data possession (PDP) model as discussed by the authors allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it.
TL;DR: Ateniese et al. as discussed by the authors introduced the provable data possession (PDP) model, which allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it.
Q1. What are the contributions mentioned in the paper "Detection of malicious packet dropping in wireless ad hoc networks based on privacy-preserving public auditing" ?
In this paper, while observing a sequence of packet losses, the authors are interested in determining whether losses are due to link errors only, or due to the combined effect of link errors and malicious drop. The authors are especially interested in insider ’ s attacks, whereby a malicious node that is part of the route exploits its knowledge of the communication context to selectively drop a small number of packets that are critical to network performance. To improve the detection accuracy, the authors propose to exploit the correlations between lost packets. Furthermore, to ensure truthful calculation of these correlations, the authors develop a homomorphic linear authenticator ( HLA ) based public auditing architecture that allows the detector to verify the truthfulness of the packet loss information reported by nodes. Through extensive simulations, the authors verify that the proposed mechanism achieves significantly better detection accuracy than conventional methods such as a maximum-likelihood based detection.
Q2. What future works have the authors mentioned in the paper "Detection of malicious packet dropping in wireless ad hoc networks based on privacy-preserving public auditing" ?
In their future work, the authors will study the optimization of this threshold.
Q3. What are the main tasks of Ad in the detection phase?
The main tasks of Ad in this phase include the following: detecting any overstatement of packet loss at each node, constructing a packet-loss bitmap for each hop, calculating the autocorrelation function for the packet loss on each hop, and deciding whether malicious behavior is present.
Q4. What is the main challenge in realizing their mechanism?
The main challenge in realizing their mechanism lies in how to guarantee that the packet-loss bitmaps reported by individual nodes along the route are truthful, i.e., reflect the actual status of each packet transmission.
Q5. What is the importance of acquiring truthful packet-loss information at individual nodes?
To correctly calculate the correlation between lost packets, it is critical to acquire truthful packet-loss information at individual nodes.
Q6. Why is the detection error higher under the proposed scheme?
It can be observed that a small M is enough to achieve good detection accuracy under the proposed scheme, due to the short-range dependence property of the channel.
Q7. What should be done if the verification of Pi fails?
If the verification of Pi fails, node n1 should also stop forwarding the packet and should mark it accordingly in its proof-of-reception database.
Q8. What is the difficulty of detecting malicious packet drops?
On the other hand, for the small number of works that differentiate between link errors and malicious packet drops, their detection algorithms usually require the number of dropped packets by the attacker to be significantly higher than link errors, in order to provide an acceptable detection accuracy.
Q9. What is the problem with observing the packet loss rate?
In this case, observing the packet loss rate is not enough to accurately identify the exact cause of a packet loss, because the packet drop rate by the malicious node is comparable to that of wireless link errors.
Q10. How can one identify suspicious hops that exhibit high packet loss rates?
By examining the number of relayed packets at successive hops along a route, one can identify suspicious hops that exhibit high packet loss rates.