Effect of Intrusion Detection on Reliability

1
Effect of Intrusion Detection on Reliability
of Mission-Oriented Mobile Group Systems
in Mobile Ad Hoc Networks

• Jin-Hee Cho, Member, IEEE, Ing-Ray Chen, Member,
  IEEE, and Phu-Gui Feng
• IEEE TRANSACTIONS ON RELIABILITY, VOL. 59, NO. 1,
  MARCH 2010

Reporter Clarence Bingsheng Wang
2
Outline

• Introduction Background
• System Model
• Performance Model
• Parameterization
• Numerical Results Analysis
• Applicability Conclusion
• Reference
• Q A

3
Introduction

• Analyzing the effect of intrusion detection
  system (IDS) techniques on the reliability of a
  mission-oriented group communication in mobile ad
  hoc networks.
• Knowing design conditions for employing intrusion
  detection system (IDS) techniques that can
  enhance the reliability, and thus prolong the
  lifetime of GCS.

4
Introduction

• Identify the optimal rate at which IDS should be
  executed to maximize the system lifetime.
• Consider the effect of security threats, and
  Intrusion Detection Systems (IDSs) techniques on
  system lifetime of a mission-oriented Group
  Communication System (GCS) in Mobile Ad Hoc
  Networks (MANETs).

5
Background

• Mobile ad hoc networks (MANETs)
• Move Independently Rapid Change in Topology
• Forward Traffic

6
Background

• Group Communication Systems.
• Group Directly Communicate
• Group Partition
• Group Merge
• Security Protocol in MANETs
• Characteristics
• Actions Against Malicious Attacks
• Prevention Security holes
• Detection Mission-Oriented GCSs
• Recovery

7
Background

• Optimal setting for IDS techniques
• Maximize the security-induced failure time

security-induced failure time
Prolong

• MMTSF Mean time to security failure
• Reflect the expected system lifetime

8
System Model

• Connectivity-Oriented Mobile Group
• Defined based on Connectivity
• Single Hop All members are connected
• Multi Hops Separation between groups

9
System Model

• Mission-Oriented GCSs
• Mission execution is an application-level goal
  built on top of connectivity-oriented group
  communications

10
System Model

• Secure Group Communications Broadcast
• Group Key
• Encrypt the message for Confidentiality
• Rekey Group member Join/Leave/Eviction, Group
  Partition/Merge
• Contributory key agreement protocol GDH

11

• Group Members Authenticity
• Public/Private key pair
• Challenge/Response mechanism
• Assumption The public keys of all group members
  preloaded into every node. No certificate
  authority (CA) in the MANET during mission period
• A nodes public key servers as the identifier of
  the node

12
System Model-IDSs

•  

Detection Situation Detection Situation
Bad Nodes Good Nodes
Actual Situation Bad Nodes a(TP) b(FN)
Actual Situation Good Nodes c(FP) d(TN)
 
 
13
System Model-IDSs

•  

14
System Model-IDSs

•  

• (a) The per-node false negative, and positive
  probabilities ( ??1, and ??2)
• (b) The number of vote-participants, ??
• (c) The estimate of the current number of
  compromised nodes which may collude with the
  objective to disrupt the service of the system.

15
System Model-IDSs

• Intrusion tolerance
• For the selection of participants, each node
  periodically exchanges its routing information,
  location, and identifier with its neighboring
  nodes
• Candidates all neighbor nodes of a target node
• A coordinator is selected randomly so that the
  adversaries will not have specific targets

Coordinator
16
System Model-IDSs

•  

17
System Model-IDSs

• Intrusion tolerance
• Any node not following the protocol raises a flag
  as a potentially compromised node, and may get
  itself evicted when it is being evaluated as a
  target node.
• The vote-participants are known to other nodes,
  and based on votes received, they can determine
  whether or not a target node is to be evicted.

18
System Model

• Failure Definition
• Definition 1 The failure of any group leads to
  GCSs failure. (SF1)
• Definition 2 The failures of all groups lead to
  GCSs failure. (SF2)
• Condition 1 a compromised but undetected group
  member requests and subsequently obtains data
  using the group key. (C1)
• Condition 2 more than 1/3 of group member nodes
  are compromised, but undetected by IDS (Byzantine
  Failure model) (C2)

19
System Model

• Network Connectivity, System Failure
• Group nodes are connected within a single hop,
  forming a single group in the system without
  experiencing group merge or partition events
• Only a single group in the system, SF1 and SF2
  (i.e., the two system failure definitions) are
  the same.
• Group nodes are connected through multi-hops so
  that there are multiple groups in the system due
  to group partition/merge events because of node
  mobility or node failure.

20
System Model

• Reliability Metric MTTSF
• Indicates the lifetime of the GCSs before it
  fails.
• A GCS fails when one mobile group fails, or when
  all mobile groups fail in the mission-oriented
  GCS, as defined by SF1 or SF2.
• A mobile group fails when either C1 or C2 is
  true.
• A lower MTTSF Implies a faster loss of system
  integrity, or availability.
• The goal is to maximize MTTSF.

21
Performance Model

• Use places to deposit tokens.
• Use transitions to model events.
• Tracks the behavior of a single mobile group
• Tracks the number of mobile groups existing in
  the GCSs during the system lifetime
• A transition is eligible to fire when the firing
  conditions associated with the event are met,
  including (a) its input places each must contain
  at least one token, and (b) the associated
  enabling guard function, if it exists, must
  return true

22
Performance Model

• SPN

23
Performance Model
24
Performance Model

•  

25
Performance Model

•  

26
Performance Model

•  

27
Performance Model

•  

28
Performance Model

•  

29
Performance Model

•  

30
Parameterization

•  

31
Parameterization

•  

32
Parameterization

•  

33
Parameterization

•  

34
Parameterization
Collusion
Incorrect factor
35
Parameterization
36
 
False Alarm
Good nodes-gt Bad nodes
37
 
SF1
Node Density
SF2
38
 
Data Leak
Good nodes-gt Bad nodes
39
 
SF1
Node Density
SF2
40
 
Compromised Rate
41
 
SF1
Node Density
SF2
42
Applicability Conclusion
Attacker Behavior
System Failure definitions
Operational Conditions
mathematic model
Optimal Intrusion Detection interval T_IDS
43
Applicability Conclusion

• Results

m
Node Density
 
 
m
Node Density
 
 
Optimal intrusion detection interval T_IDS for
maximizing the MTTSF decreases
44
Reference

1. Jin-Hee Cho, Ing-Ray Chen, Phu-Gui Feng,
   Effect of Intrusion Detection on Reliability of
   Mission-Oriented Mobile Group Systems in Mobile
   Ad Hoc Networks, IEEE TRANSACTIONS ON
   RELIABILITY, pp. 231 241, VOL. 59, NO. 1, MARCH
   2010.
2. Jin-Hee Cho, Design and Analysis of QoS-Aware
   Key Management and Intrusion Detection Protocols
   for Secure Mobile Group Communications in
   Wireless Networks, PhD. Dissertation, Nov. 12,
   2008.
3. http//en.wikipedia.org/wiki/Challenge-response_au
   thentication
4. http//en.wikipedia.org/wiki/Public-key_cryptograp
   hy

45
(No Transcript)