Académique Documents
Professionnel Documents
Culture Documents
NEELAVATHY PARI
attack: a compromised/misbehaving node can easily ruin data communication by dropping or corrupting packets it is supposed to forward.
Two approaches to mitigate misbehavior: 1. End to End misbehavior detection using error detection coding.
Shortcomings : 1. Throughput of network is reduced even if there is no misbehaving node. 2. In this scheme , the source and the destination has no knowledge about the location of misbehaving node.
Malicious behavior in the network should be detected with high probability despite adverse channel conditions and interference.
comparable to the throughput without detection in the absence of any attack. Intuitively , these two goals are conflicting.
detection code properly , a misbehaving node can be detected with high probability while the throughput approaches optimal.
A simple protocol is proposed , that identifies the
misbehaving node exactly two watchdog nodes per unreliable relay node.
Once a node is deemed to be misbehaving, the source would choose a new route free of misbehaving node with the aid of Path rater
Such watchdog mechanisms do not do not perform well in
the presence of adverse channel conditions and interference allowing the misbehaving node to corrupt a single packet while being undetected with high probability.
VARIANT OF WATCHDOG
Here , the next-hops behavior is measured with the local
evaluation record , defined as 2 tuple : byte ratio and packet ratio , forwarded by the next hop neighbor.
Local evaluation records are broadcast to all the neighbors.
Trust level of the of a node is the combination of its local
DETECTING MISBEHAVIOR
This paper is focused on multi hop wireless networks in
which data packets are transmitted from source to destination through multiple relay nodes.
Assumption : Relay nodes do not perform any coding and
the data packets are forwarded as they are received at the relay nodes.
Focus is on single node adversary model . i.e. the adversary
Continued..
In such a network , a node W can be assigned as a
watchdog for a relay node R if W can overhear both incoming/outgoing transmissions to/from R.
More specifically , a node W that can overhear the data
packets from being transmitted by R and by Rs upstream neighbor can compare the two copies of the packet and report an attack to the source or destination if there is a mismatch.
node of forwarding corrupted data even though the relay node is well-behaving.
adversary is computationally unbounded and has complete knowledge of the misbehavior detection scheme being employed in the network.
Since the watchdog node may only be able to overhear a
fraction of transmissions to/from the node it is monitoring, an adversary may be able to avoid being detected by the watchdog with high probability by keeping the fraction of packets it tampers lower than a certain threshold u.
detect an attack during the decoding process with high probability if the fraction of packets tampered by the adversary is lower than a certain threshold c.
If w<c , even an omniscient adversary will be detected
will be caught by W.
Hence , in order to remain undetected by both the
watchdog W and the destinations decoder , it is of Rs interest to just attack the minimum number of packets per block : n-k+1.
Assumption : All transmissions along the path S-R-D are
reliable while W can only overhear both transmission of a packet with probability q , called observe probability.
increases .
The source node can scramble coded packets of multiple (
in order to destroy a particular block , which makes it easier to be detected by the watchdog.
and S2-R2-D2 .
The flows are far enough and there is no inter-flow
interference , but the watchdog W is between the two flows and can overhear transmissions on all the four links.
probability .
misbehaving node with just a single extra watchdog , including the cases when the watchdog is misbehaving.
If watchdog misbehaves , the protocol locates the
misbehaving node deterministically. If relay node misbehaves, the protocol is guaranteed to locate the node with a probability that approaches to unity.
A. THE PROTOCOL
Here , the relay node R is observed by two watchdogs W1
and W2 and relays the information from a source node S to the destination node D.
Each packet contains a unique generation number that
relay node is misbehaving based on all the overheard packets that belong to the current generation.
(source node or destination node or both ) .else it transmits a decision bit 0 to the judge node.
It is assumed that if the watchdog is misbehaving , it may
transmit a 0 or 1 for any particular relay node (same watchdog may transmit different decisions for different relay nodes ) Let the bits received from W1 and W2 be w1 and w2.
be misbehaving with equal probability and the miss detection probability for W1 and W2 are both P miss .probability of a particular node misbehaving can be calculated , given w1w2 = 01 as :
bit 1 is misbehaving , which is precisely the maximum likelihood decision since P W2|01 > P R|01
Let P L|N denote the probability of correctly locating the
misbehaving node in the network. P F|N denote the probability that the node other than N is accused to be misbehaving P U|N denote the probability when the adversary at node N operates undetected.
then R goes undetected if and only if w1w2=00. i.e. when both the watchdogs miss all the packets corrupted by the attacker.
On the other hand , R will be detected if and only if none
probability P miss.
to D1(D2) , which will certainly imply that the corresponding relay node is under attack.
decision made by any of the destination nodes say D1 ,is dependent only on the decision bits of the watchdogs observing the relay node.
Lemma 3 : In the two flow case , the protocol
deterministically locates the attacker if it attacks at any of the watchdogs . collaboration of destination nodes does not play a role here.
MULTIHOP ROUTING
compromised by the adversary and assume that there is no other watchdog other than R1 and R2. There are 3 ways the adversary can attack the data communication : R2 corrupts the packet and claims that R3 is misbehaving. 2. R2 only corrupts the packets. 3. R2 claims that R3 is misbehaving.
1.
two nodes claim their next hop is misbehaving , the judge can always correctly identify the misbehaving node to the one with a larger index.
However , if only one node declares an attack , there is no
multi hop flows is either to corrupt the packets or claim that the node its watching is misbehaving.
FINAL REMARKS
Studied the problem of misbehavior detection in wireless
networks.
Lightweight misbehavior detection scheme is proposed ,
relay node , locates the misbehaving node with probability approaching to unity.
Reference
Guanfeng Liang , Rachit Agarwal and Nitin Vaidya When