Surviving Attacks on DisruptionTolerant Networks without Authentication

1
Surviving Attacks on Disruption-Tolerant Networks
without Authentication

• John Burgess, George Dean Bissias,  Mark Corner, 
  Brian Neil Levine 

University of Massachusetts, Amherst
2
Goal

• Understand DTN vulnerability
• Attack analysis
• Experimental evaluation

3
Disruption Tolerant Networks

• Networking for intermittently connected nodes
• Rural Internet
• Urban blind spots
• Sparse sensor networks
• Connectivity on a spectrum

4
Unique Vulnerability

• Measured by packet delivery rate
• Nodes physically unsecured
• Traditional defenses are inappropriate
• graph theoretical results are limited
• identity management not always practical

5
Attack Universe

• Weak attacks
• random node selection
• easy to evaluate

• Strong attacks
• optimal node selection
• strong attack NP-hard to evaluate

6
Outline

• Attack Strategies
• Data
• Experimental Results
• Conclusion

7
Attacks Weak

• Nodes chosen at random
• Attack defined by enumerating strategies
• Remove Node
• Drop all packets
• Flood packets
• Routing table falsification
• ACK counterfeiting

8
Attacks Strong

• Intractable to determine optimal attack set
• Throughput is difficult metric to analyze
• Even simple metrics lead to NP-hard problem
• Instead, greedily remove vertices that most lower
  temporal connectivity

9
Data DieselNet

• 40 buses
• 802.11 protocol
• 60 days of traces
• Transmission events feed a simulator
• Various routing protocols tested

10
Data Haggle

• 41 devices in human mobility experiment
• Bluetooth
• 3 days of traces
• Haggle connections more frequent than DieselNet
• Haggle traces broken down to better match
  DieselNet

11
Experiments weak attack

• Evaluated delivery rate via given routing
  protocol subject to given attack strategy
• Used DieselNet data only

Routing Protocols
Attack Strategies

• Remove node
• Drop all
• Flooding
• Routing table Falsification
• ACK counterfeiting

12
Experiments weak attack

• MaxProp
• Minimum delivery rate above 20
• ACK counterfeiting is most effective attack

13
Experiments ACK Counterfeiting

• Devise an ACK counterfeiting defense
• ACKs should propagate after packets
• Drop ACK if you havent seen packet yet
• Defense improves minimum packet delivery rate
• Drop All attack just as effective as ACK
  counterfeiting

14
Experiments strong attack

• Seek to establish the validity of greedy attack
• Find best k vertices in terms of temporal
  reachability via brute force evaluation for small
  k
• Compare brute force results to greedy approach
• Evaluate greedy attack for larger values of k
• Evaluate both DieselNet and Haggle

15
Experiments strong attack

• Haggle Brute vs. Greedy

• For temporal reachability- best 5 nodes to remove
  almost always the same as 5 greedy choices
• Results for DieselNet similar

16
Experiments strong attack

• Haggle greedy attack

• Displays roughly the same resilience to attack at
  DieselNet
• Packet delivery rate degrades more slowly as more
  nodes are

17
Conclusion

• DTNs have unique susceptibility to attack
• Susceptibility understood with attack analysis
• Experiments on real traces show attack efficacy