1 / 71

Research Direction Introduction

Research Direction Introduction. Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang. Outline. Problem Description Mathematical Formulation. Problem Description. Problem Description. Problem Topology information gathering Jamming attack Environment

deana
Download Presentation

Research Direction Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research Direction Introduction Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang

  2. NTU OPLab Outline • Problem Description • Mathematical Formulation

  3. Problem Description

  4. NTU OPLab Problem Description • Problem • Topology information gathering • Jamming attack • Environment • Infrastructure/Backbone WMNs • Role • Attacker • Defender(Service provider)

  5. NTU OPLab Defender • Attributes • Nodes • Base Station • Mesh router(with 2 NICs) • Mesh client • Honeynode(with 3 NICs) • Locator • Static • Mobile

  6. NTU OPLab Defender(cont’) • Attributes • Budget • Planning phase • Topology planning • Non-deception based • General defense resource • Detection resource • Localization resource • Deception based • Defending phase • Jamming mitigation • Localization • Approximate • Precise

  7. NTU OPLab Defender(cont’) • Strategies • Planning phase • Deterrence • Deception • Goal • Protect BS • Protect Nodes with high population • Protect with high traffic • Protect valuable information(ex. routing table, traffic)

  8. NTU OPLab Defender(cont’) • Strategies • Defending phase • Population re-allocation • Average population • Average traffic • Priority of jammer removing • Importance oriented • Difficulty oriented

  9. NTU OPLab Attacker • Attributes • Budget • Preparing phase • Node compromising • Jammer choosing • High quality jammers • Normal jammers • Capability • Capability of compromising nodes • Capability of recognizing fake info.

  10. NTU OPLab Attacker(cont’) • Strategies • Preparing phase • Node compromising • Be aggressive • Least resistance • Be stealthy • Easiest to find • Topology extending • Random

  11. NTU OPLab Attacker(cont’) • Strategies • Preparing phase(cont’) • Jammer selection • Maximize attack effectiveness • Maximize jammed range

  12. NTU OPLab Attacker(cont’) • Strategies • Attacking phase • Maximize jammed users • Maximize affected traffic

  13. NTU OPLab Scenario Base Station Mesh router Nodes with more defense resource Compromised mesh router Jammed mesh router Honeynode Jammer Attacker

  14. NTU OPLab Scenario(cont’) • For attacker • Objective: • Service disruption • Incomplete information of the network • Budget limited • For defender • Objective: • Maintain the quality of service • Budget limited

  15. NTU OPLab Scenario – Network Architecture Base Station Mesh router

  16. NTU OPLab Scenario – Defender’s Planning Phase Base Station Mesh router BS I must protect Core Nodes Node with high population

  17. NTU OPLab Scenario – Defender’s Planning Phase(cont’) • Why didn’t the defender protect all the nodes with high population? • Budget limited. • The effectiveness of doing so may not be the best. • There are other ways to deploy resources. Base Station Mesh router Nodes with more defense resource Honeynode Attacker I must protect Core Nodes F G E D A B C

  18. NTU OPLab Scenario – Defender’s Planning Phase(cont’) Effect of the defense resource may be: Base Station • Reduce the probability of being compromised Mesh router Nodes with more defense resource Honeynode Attacker I must protect Core Nodes

  19. NTU OPLab Scenario – Defender’s Planning Phase(cont’) Effect of the defense resource may be: Base Station • Prevent the attacker from getting closer to the important nodes. Mesh router Nodes with more defense resource Honeynode Attacker I must protect Core Nodes

  20. NTU OPLab Scenario – Defender’s Planning Phase(cont’) Effect of the defense resource may be: Base Station • Attract attacks to prevent it from getting close to the important nodes. Mesh router Nodes with more defense resource Honeynode Attacker I must protect Core Nodes

  21. NTU OPLab Scenario – Defender’s Planning Phase(cont’) Effect of the defense resource may be: Base Station • Avoid attacks to prevent it from getting close to the important nodes. Mesh router Nodes with more defense resource Honeynode Attacker I must protect Core Nodes F G E D A B C

  22. NTU OPLab Scenario – Attacker’s Preparing Phase • Initially, the attacker has following info: • Number of channels. • Signal power of each channel. • Traffic amount of each channel. • Defense strength of each mesh node. F D A C E B G 20 20 90 20 90 20 90 Signal Strength

  23. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) The honeynode: If the real channel is compromised, the attacker will be able to identify this target in attacking phase F D A C E B G 20 20 90 20 90 20 90 Signal Strength

  24. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) The attacker’s strategies: Maximize attack effectiveness. Maximize jammed users F D The node with the strongest signal power The initial node will be.. A C E B G 90 20 90 20 20 20 90 Signal Strength

  25. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) Base Station Mesh router Nodes with more defense resource Compromised mesh router Honeynode Attacker H I F G J K L E D A B C

  26. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) I E • After compromise a mesh router, the attacker has following info: • Number of channels. • Signal power of each channel. • Traffic amount of each channel. • Defense strength of each mesh node. • And… K J Being compromised, and obtained: routing table info Location info of the mesh router. Traffic info Number of users H L B F G D 90 90 90 20 90 20 90 90 20 20 20 A Signal Strength

  27. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) I E • After compromise a mesh router, the attacker has following info: • Number of channels. • Signal power of each channel. • Traffic amount of each channel. • Defense strength of each mesh node. • Number of traffic sources K J Number of users H L 88 21 95 B F G 28 6 31 35 35 21 28 D 90 90 90 20 20 90 20 20 90 90 20 A Signal Strength

  28. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) I E The attacker selects next hop with obtained info from compromised mesh routers if available. K J The node with the highest number of traffic sources H L 95 88 21 B F G 28 28 21 31 35 35 6 D 90 90 90 90 90 20 20 20 20 20 90 A Signal Strength

  29. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) • The action of compromising a honeynode will has following results: • Succeed • Aware of the fact that it’s a honeynode. • Not aware of • Failed Base Station Mesh router Nodes with more defense resource Compromised mesh router Honeynode Attacker I H F G J K L E D A M N B C

  30. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) E The attacker selects next hop with obtained info from compromised mesh routers if available. L N M K D C G 24 30 18 B 27 112 21 28 25 6 90 90 90 90 90 20 90 20 90 90 20 A Signal Strength

  31. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) The defender will lead the attacker to: Unimportant area Nodes with greater defense strength. E However, the node which was compromised by attacker was a honeynode. Thus, it obtained following fake info: Population Traffic of the neighbors N L K D M G C 18 30 24 B 112 25 90 28 21 6 27 90 90 90 90 20 90 90 90 20 20 A Signal Strength

  32. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) E Relatively low traffic sources on important nodes. N L D K M G C 18 30 24 B 21 25 6 28 112 27 90 90 90 90 High traffic sources on unimportant nodes. Select node C as next hop 90 90 90 90 20 20 20 A Signal Strength

  33. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) Base Station Mesh router Nodes with more defense resource Compromised mesh router Honeynode Attacker I H F G J K L E D A M N B Failed to compromise C

  34. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) Base Station Mesh router Nodes with more defense resource Compromised mesh router Honeynode Attacker I H F G J K L E R Compromised 2nd choice node D D A M N B P Q C O

  35. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) Select node N as next hop. But what will the attacker do if he compromised a honeynode? E Attackers with high capacity have greater probability to distinguish between true and fake. Q R P D O G C When the attacker compromised a honeynode, he may obtain: Only fake info Mixture of fake and true info. What should I do ? Just ignore it? Or attack the node they try to protect? 98 30 B 8 35 29 32 28 6 22 21 90 90 20 90 90 20 20 90 20 20 A Signal Strength

  36. NTU OPLab Scenario – Attacker’s Preparing Phase – Attack Detection E Capable of attack detection Q O P D R G C 98 30 B Being attacked? What should I do to protect QoS? 6 29 22 32 8 35 28 21 90 90 20 20 90 20 20 90 90 20 A Signal Strength

  37. NTU OPLab Scenario – Attacker’s Preparing Phase – Attack Detection(cont’) E Capable of attack detection Q O P D R G C 98 30 B Re-allocate the population on its neighbors. 6 29 22 32 8 35 28 21 90 90 20 20 90 20 20 90 90 20 A Signal Strength

  38. NTU OPLab Scenario – Attacker’s Preparing Phase – Attack Detection(cont’) Real population on D’s neighbor E Capable of attack detection Q R O P D G C 3 2 B 5 20 8 6 15 8 22 4 Re-allocation strategy might be: 90 90 90 20 90 20 20 90 20 20 A Signal Strength

  39. NTU OPLab Scenario – Attacker’s Preparing Phase – Attack Detection(cont’) Real population on D’s neighbor E • Re-allocation strategy: • Average Population Capable of attack detection Q P O R D C G 10 10 B 9 9 9 9 9 9 9 10 Average the QoS impact caused by jamming 90 90 20 20 20 20 90 90 90 20 A Signal Strength

  40. NTU OPLab Scenario – Attacker’s Preparing Phase – Attack Detection(cont’)

  41. NTU OPLab Scenario – Attacker’s Preparing Phase – Attack Detection(cont’)

  42. NTU OPLab Scenario – Attacker’s Preparing Phase – Attack Detection(cont’) Real population on D’s neighbor E • Re-allocation strategy: • Average Traffic Capable of attack detection Q P O R C G 3 6 15 22 4 5 8 20 8 D Minimize the QoS impact caused by jamming 90 B 2 20 90 90 20 20 20 90 20 A 90 Signal Strength

  43. NTU OPLab Scenario – Attacker’s Preparing Phase(cont’) Base Station Mesh router Nodes with more defense resource Compromised mesh router Honeynode Attacker I H T U V S F W G J X K L E R D A M N B P Q C O

  44. NTU OPLab Scenario – Attacker’s Attacking Phase Jammed node V with high population Base Station Jammed normal node F Mesh router Nodes with more defense resource Jammed honeynode U Compromised mesh router Jammed mesh router Honeynode I H T U V S Jammer F W G J Jammed honeynode B X Attacker Jammed node P(not fake channel) K L E R D A M N B P Q C O

  45. NTU OPLab Scenario – Attacker’s Attacking Phase(cont’) Base Station Mesh router Nodes with more defense resource Although they seems overlapped, but the jammers attacked two different channel Compromised mesh router Jammed mesh router Honeynode I H T U V S Jammer F W G J Range overlapped, the fake channel jammed. X Attacker K L E R D A M N B P Q C O

  46. NTU OPLab Scenario – Defender’s Defending Phase • To minimize the total effectiveness of jamming, the defender will tend to remove these nodes first: • High population • Not fake channel • Their sequence will be… 1)Jammed node V with high population Base Station Mesh router Nodes with more defense resource Compromised mesh router 2)Jammed normal node F 5)Jammed honeynode U Jammed mesh router Honeynode I H T U V S Jammer F W G J 4)Jammed honeynode B X Attacker 3)Jammed node P(not fake channel) K L E R D A M N B P Q C O

  47. NTU OPLab Scenario – Defender’s Defending Phase - Channel Surfing • The function of channel surfing function: • Mitigate the impact of jamming • Time • Effectiveness Base Station Mesh router Range overlapped. If the mesh router switch to other channel: Jammed time shotened. Jammers are not able to know which channel is the origin channel unless it’s compromised. Nodes with more defense resource Compromised mesh router Jammed mesh router Honeynode I H T U V S Jammer F W G J X Attacker K L E R D A M N B P Q C O

  48. NTU OPLab Scenario – Defender’s Defending Phase - Localization Two types of locator: Static Mobile Base Station Mesh router Nodes with more defense resource Compromised mesh router Jammed mesh router Honeynode Jammer Attacker

  49. NTU OPLab Scenario – Defender’s Defending Phase - Localization Static locator: Mesh routers Base Station Mesh router Nodes with more defense resource Compromised mesh router Jammed mesh router Honeynode Jammer Attacker

  50. NTU OPLab Scenario – Defender’s Defending Phase - Localization Static locator: Reference points Base Station Mesh router Nodes with more defense resource Deployed in the topology with the given density Compromised mesh router Jammed mesh router Honeynode Jammer Attacker The density is defined as locater per length unit. In this case, the unit is 10 meter

More Related