advertisement

A simulation study on one and two hop neighbourhood denial of service attack in IEEE 802.11 and FAIRMAC protocol

58 %
42 %
advertisement
Information about A simulation study on one and two hop neighbourhood denial of service...
Education

Published on March 8, 2014

Author: JACOTECH

Source: slideshare.net

advertisement

Journal of Advanced Computing and Communication Technologies (ISSN: 2347 - 2804) Volume No 2 Issue No.1, February 2014 A simulation study on one and two hop neighbourhood denial of service attack in IEEE 802.11 and FAIRMAC protocol By Ankit Rajpal, Nikhil Kumar Rajput, P.K. Hazra Department of Computer Science, Deen Dayal Upadhyaya College, University of Delhi, Delhi, India Department of Computer Science, Ramanujan College, University of Delhi, Delhi, India Department of Computer Science, University of Delhi, Delhi, India ankit30sep@gmail.com, nikhilrajput@gmail.com, pradyot.k.hazra@gmail.com ABSTRACT We investigated the Denial of Service (DoS) attack for one and two hop neighbourhood in IEEE 802.11 and FAIRMAC protocol. The simulation was done using GloMoSim (GLobal MObile information system SIMulator). The network with 36 nodes in grid pattern was studied. Throughput analysis with and without DoS attack was carried out for varying number of nodes. The DoS attacks which we considered is one hop and two hop neighbourhood attacks. The importance of fairness in MAC layer is also justified through the results obtained. Keywords DoS; MAC; Simulation; GloMoSim; FAIRMAC 1. INTRODUCTION Denial of Service is a constant concern in the world of networking. By DoS attack, we mean any effort to “prevent or impair the legitimate use of computer or network resources,” interrupting or delaying services which can cause a node or an entire network to become unavailable [1]. The industry standard for handling DoS attacks includes a three-step process of protection, detection and reaction. Protection, however, is the best defense because if a system is not protected, or a network is not prepared, then detection is more difficult and reaction can be more costly. There is no way to completely harden a network against DoS attacks, but the best way to minimize the damage is to put in as many measures to prevent attacks or mitigate the effect as feasible balanced against resource availability and cost [2]. DoS can occur at any of the seven layers of the OSI model. For an ad hoc network, DoS attacks at layer 1, the physical layer, generally involve jamming to disrupt the signal. The best defense against such an attack, spread spectrum is the default standard within most wireless protocols. Attacks at the data link layer generally focus on overflowing a node’s buffer, affecting its ability to receive and forward packets. The network layer, the third layer of the OSI model, is where routing and the Internet Protocol (IP) exist and where a large number of attacks are aimed. Any disruption of routing within an ad hoc network can isolate any or all nodes. The majority of DoS attacks occur within layer 4, targeted against the TCP and UDP protocols, impacting Layer 5 which relies on these protocols to maintain sessions. Layer 6 and 7 are prone to application-specific DoS attacks. More specifically, we investigated attacks at the medium access control layer. An attacker causes congestion in the network by either generating an excessive amount of traffic by itself, or by having other nodes generate excessive amounts of traffic. In wireless networks, DoS attacks are difficult to prevent and protect against. They can cause a severe degradation of network performance in terms of the achieved throughput and latency. We investigate the vulnerabilities of the IEEE 802.11 MAC protocol [3, 4] that make DoS attacks easy. To gain an understanding of how fairness may prevent some of the DoS attacks, we emulate a perfectly Fair MAC (FAIRMAC) protocol. We simulate various scenarios to understand the local and global effects of various types of DoS attacks with both the IEEE 802.11 MAC protocol and with FAIRMAC and discuss possible solutions to overcome or alleviate these effects. Our results show that the extent to which the performance of a wireless network or a service degrades on DoS depends on many factors such as location of malicious nodes, their traffic patterns, fairness provided in the network resources. Now let us examine how the hidden-terminal problem causes shortterm unfairness. Consider the situation that the CWs at nodes A and C are very small e.g. 31 (A and C are hidden from each other). The transmission of RTSs of nodes A and C may overlap partially, and as a result collide. The collision may occur several times until the CWs are large enough to allow either node to get control of the medium. In particular, one of the two nodes (let us say, node A) may select a small back-off time from its CW, while the other node (i.e. C) selects a large value. Once the Frame Exchange Sequence (FES) from A to B is completed, node A resets its CW and backs-off before initiating another FES. However, the remaining back-off timer at 1

Journal of Advanced Computing and Communication Technologies (ISSN: 2347 - 2804) Volume No 2 Issue No.1, February 2014 node C may be large compared to the back-off timer at node A, which is drawn from the range [0,CWmin]. In that case, nodes A and B may exchange several more FESs before node C’s back-off timer reduces to zero. Whenever the back-off timer at node C reduces to zero, node C contends for the medium. However, as the CW at node A is equal to CWmin, the contention is most likely to result in a collision. After the collision, node A doubles its CW from CWmin whereas node C doubles its CW from a larger value (at least 63). Therefore, the CW at node C is greater than that at A, and node A is more likely to get control of the medium again. This is obviously unfair for node C since A has already transmitted several packets while C is starved during this period. Moreover, this process (i.e. several packet transmissions by node A, followed by collisions, and then packet transmissions by node A again) may repeat several times, leading to starvation at node C for a long period (compared to the time needed for a FES). 3. SIMULATION STUDY We quantify and evaluate attacks at the MAC layer. We have used we have used GLOMOSIM [5] for our simulations. Mobility and randomness of the topology complicate the analysis and therefore have not been studied in this work. We test various attack scenarios for a static 6 x 6 grid topology, consisting of 36 nodes. Each node is separated from its neighbor by 350 meters. The transmission range of each node is fixed at 376m. We should note that the short-term unfairness problem is also known as “capture” in Ethernet. However, the main reason of capture in Ethernet is due to the deficiency of the BEB algorithm when the number of contending stations is very large. Moreover, the capture phenomenon scarcely occurs in an Ethernet when there are only two contending stations. On the contrary, in an IEEE 802.11 wireless network, the capture phenomenon poses severe problem even in the scenario with just two contending stations (e.g. in the hidden-terminal scenario). Clearly, in addition to the deficiency of the BEB, the freezing mechanism of the back-off timer, and the hidden-terminal problem itself (which is rooted in wireless networks) causes unfairness. Vikram et.al.[5] provided an analysis of IEEE 802.11 and FAIRMAC protocol for single node up to eight nodes. Here we have simulated a vast version with varying topology for neighborhood attacks with zero to thirty five nodes. Fig A 2. DoS ATTACKS AT MAC LAYER At the MAC layer the following attacks can be attempted: At MAC layer there can be two types of attacks which needs consideration:  It is assumed that there is a single channel that is used again, which keeps the channel busy in the vicinity of a node. It leads to a denial of service attack at that node.  Using continuously a particular node for relay spurious data the battery life of that node may drain out. These attacks can be prevented from being launched through end-toend authentication. If a node does not contain a certificate of authentication it might be averted from accessing the channel. MAC layer attacks are very much feasible if nodes collude and one of the nodes is the sending node and the other is the destination. 2.1 One hop neighbour attack The objective of this experiment is to show that a service is vulnerable to an attack from any of its 1- hop neighbors. The attacking node creates congestion by continually transmitting packets in the neighborhood of the service. 2.2 Two hop neighbour attack The objective of this experiment is to show that a service is vulnerable to an attack from a node that is two hops away from it. The metric for quantifying the effects of DoS attacks are the achieved throughputs as seen by 8 clients from a particular server. The clients are placed at the corners (nodes 0, 5, 30 and 35) and mid-way (nodes 2, 12, 17 and 32) along the edges of the grid. The server (node 20) is placed approximately at the center of the grid. The nodes R1 and R2 in the figure represent nodes that route data through the server. We use FTP application clients in GLOMOSIM for the TCP connections. Each client sends 10 packets of variable size to the server by establishing a TCP connection with it. The simulation time is 900 seconds. The attack is simulated as a Constant Bit Rate (CBR) application client using UDP. The rate at which the attacker sends data is different for various attacks that we have simulated. We have 2

Journal of Advanced Computing and Communication Technologies (ISSN: 2347 - 2804) Volume No 2 Issue No.1, February 2014 extended GLOMOSIM to include a perfectly fair MAC protocol (FAIRMAC) by implementing and using the facility of post backoff. Through the comparison of performance of the network in presence of DoS attacks with 802.11 and FAIRMAC, we aim to characterize the effects of MAC layer fairness on a node’s ability to withstand DoS. 4. RESULTS AND ANALYSIS 4.1 Attack 1: One hop neighbour attack The attacking node creates congestion by continually transmitting packets in the neighborhood of the service. For example, Node N1 (see figure A) sends data continuously to one of its neighbors (as shown by the arrow). The simulation results with both the IEEE 802.11 MAC and FAIRMAC are shown in the following graphs: We notice that node N1 was able to capture the media completely when the IEEE 802.11 MAC was used. However, the degradation in the case of FAIRMAC is not severe. Thus, MAC layer fairness is necessary in preventing attacks that capture the channel. Furthermore, our inability to provide any bandwidth to Node 2, even though a perfectly fair MAC (FAIRMAC), proves that MAC layer fairness is not sufficient as a prevention mechanism for such attacks. 4.2 Attack 2: Two hop neighbour attack The objective of this experiment is to show that a service is vulnerable to an attack from a node that is two hops away from it. For example, Node N2 sends data continuously to one of its neighbors. We experiment with two different scenarios. The simulation results for both IEEE 802.11 MAC and FAIRMAC are shown in figure. 4.2.1 Node N2 sends data to node N1 (that is in the neighborhood of the service) We observed the following  Under the attack when the IEEE 802.11 MAC is used throughput goes down to almost zero for all nodes. This is because of the server’s inability to receive data or to transmit TCP ACK packets.  Under the attack the FAIRMAC throughput does not suffer degradation in throughput in most cases.  One of the nodes (Node 2) gets negligible bandwidth even with FAIRMAC. This is because the attacking node lies on the path from node 2 to the server. Packets from Node 2 suffer large queuing delays at node N1, thereby causing the degradation in throughput. 3

Journal of Advanced Computing and Communication Technologies (ISSN: 2347 - 2804) Volume No 2 Issue No.1, February 2014 4.2.2 Node N2 sends data to a different neighbor. node 2 (the reason is similar to case of attack 1). This is an expected result. We notice that when using the IEEE 802.11 MAC a service is affected even if the attacking nodes are 2-hops away. From the observation (b) above, we find that throughput of server node S is affected because node N1 keeps sending CTS messages in response to N2’s RTS messages. If node N1 identifies Node N2 to be a source of unwarranted flows, then it will stop responding to Node N2’s RTS messages. Such a scheme is beyond MAC layer functionality and needs support from the network and other layers. Arguably, corroboration amongst different neighbor of the malicious node might be essential in isolating the node from harming the entire network. 5. CONCLUSION Under the one-hop attack i.e. attack from a neighbor situated at one hop distance from the server, the 802.11 protocol’s throughput shows a marked degradation. On the contrary, the throughput degradation using the FAIRMAC protocol is not that severe. This makes us conclude that the MAC layer fairness is necessary for preventing denial of service attacks. However, we also saw that MAC layer fairness is not sufficient for preventing such attacks. For an attack from a neighbor 2-hop away from the server, we saw that 802.11 throughput was degraded for both cases (attack from N2 to N1 as well as for attack from N2 to node 7). FAIRMAC throughput was also affected for each of the attacks. 6. REFERENCES [1] [2] We observe that  Even if the attack is from 2-hops away from the server, the degradation in throughput with IEEE 802.11 MAC is high.  When the IEEE 802.11 MAC is used and the attack is launched through N1, the average throughput of the server goes down. This is because the server has to wait for the duration indicated in the CTS messages sent by node N1 before it can receive data from any neighbor. Furthermore, the TCP ACK packets that it has to send get delayed resulting in timeouts at the client’s TCP Layer.  Aggregated throughput of WLAN goes down in FAIRMAC scenario as compared to IEEE 802.11. The only node to suffer was [3] [4] [5] [6] L. Zhou and Z. Haas. Securing ad hoc networks. IEEE Network, 13(6):24--30, November/December 1999. Y. Zhang and W. Lee, "Intrusion detection in wireless ad hoc networks," ACM MOBICOM, 2000. B. P. Crow, I. Widjaja, J. G. Kim, and P. T. Sakai, "IEEE 802.11 wireless local area networks", IEEE Commun. Mag., pp.116 -126 1997 H. AhleHagh, WR. Michalson and D. Finkel, "Statistical Characteristics of Wireless Network Traffic and Its Impact on Ad Hoc Network Performance," In Proceedings of the 2003 Applied Telecommunication Symposium, 2003. Vikram Gupta, Srikanth Krishnamurthy and Michalis Faloutso, “Denial of Service Attacks at the MAC Layer in Wireless Ad Hoc Networks,” Proceedings of MILCOM Conference, 2002. L. Bajaj, M. Takai, R. Ahuja, K. Tang, R. Bagrodia, and M. Gerla, GlomoSim: A scalable network simulation environment, 1997 :Univ. California 4

Add a comment

Related presentations

Related pages

A simulation study on one and two hop neighbourhood denial ...

A simulation study on one and two hop neighbourhood denial of service attack in IEEE 802.11 and FAIRMAC protocol
Read more

CiteSeerX — By

Abstract. A simulation study on one and two hop neighbourhood denial of service attack in IEEE 802.11 and FAIRMAC protocol
Read more

A simulation study on one and two hop neighbourhood denial ...

×Close Share A simulation study on one and two hop neighbourhood denial of service attack in IEEE 802.11 and FAIRMAC protocol
Read more

CORE: Connecting Repositories

Abstract. A simulation study on one and two hop neighbourhood denial of service attack in IEEE 802.11 and FAIRMAC protocol
Read more

A Simulation Study of Collusion and Network Partition ...

A Simulation Study of Collusion and Network Partition Denial of Service Attack in IEEE 802.11 and FAIRMAC Protocol ... one of the two nodes ...
Read more

Accurately Measuring Denial of Service in Simulation and ...

Accurately Measuring Denial of Service in Simulation ... study on one and two hop neighbourhood denial of service attack in IEEE 802.11 and FAIRMAC protocol.
Read more

A Study of On-Off Attack Models for Wireless Ad Hoc Networks

... a simulation study with these two attack ... 802.11 standard and the AODV routing protocol. ... Denial of service in sensor networks,” IEEE ...
Read more

A simulation study of xcp-b performance in wireless multi ...

Simulator and scripts for "A Simulation Study of XCP-b in Multi-Hop ... protocols provide routing services ... attacks within IEEE 802.11 ...
Read more

A Study on Various Attacks in Wireless Ad hoc Sensor ...

A Study on Various Attacks in Wireless ... properties compared to IEEE 802.11. ... W. Knightly”Denial of Service Resilience in Ad ...
Read more

Detection of Fabricated CTS Packet Attacks in Wireless LANs

Detection of Fabricated CTS Packet Attacks in Wireless LANs Xiaocheng Zou and Jing Deng Department of Computer Science University of North Carolina at ...
Read more