Elsevier

Computer Communications

Volume 71, 1 November 2015, Pages 111-118
Computer Communications

Catabolism attack and Anabolism defense: A novel attack and traceback mechanism in Opportunistic Networks

https://doi.org/10.1016/j.comcom.2015.10.004Get rights and content

Abstract

Security is a major challenge in Opportunistic Networks (OppNets) because of its characteristics, such as open medium, dynamic topology, no centralized management and absent clear lines of defense. A packet dropping attack is one of the major security threats in OppNets since neither source nodes nor destination nodes have the knowledge of where or when the packet will be dropped. In this paper, we present a novel attack and traceback mechanism against a special type of packet dropping where the malicious node drops one or more packets and then injects new fake packets instead. We call this novel attack a Catabolism attack and we call our novel traceback mechanism against this attack Anabolism defense. Our novel detection and traceback mechanism is very powerful and has very high accuracy. Each node can detect and then traceback the malicious nodes based on a solid and powerful idea that is, hash chain techniques. In our defense techniques we have two stages. The first stage is to detect the attack, and the second stage is to find the malicious nodes. Simulation results show this robust mechanism achieves a very high accuracy and detection rate.

Introduction

Opportunistic Networks (OppNets) refer to a number of wireless nodes that opportunistically communicate with each other in the form of “Store-Carry-Forward” when they come into contact with each other without proper network infrastructure. Due to these characteristics, OppNets have gained significant research attention due to the security and privacy challenges that have emerged. A packet dropping attack is one of the major security threats in OppNets. It can be classified as a denial of service attacks (DoS) where the malicious node drops all or some of the packets. This attack is one of the most difficult DoS attacks since neither source node nor the destination node has the knowledge of where or when the packet will be dropped. Packet dropping can degrade the performance of the network and may obstruct the propagation of sensitive data. It is a significant challenge to deal with such an attack since the unreliable wireless communication and resource limitations can result in communication failure and result in the wrong prediction about the presence of a packet dropping attack. Moreover, a node’s resources, such as energy and bandwidth can be the real reasons behind packet dropping. A power shortage or communication failure such as physical damage can make a node unavailable. It may be difficult to recognize whether packets were dropped due to a security attack or for non security reasons. Dropping packets can lead to an increase in the number of packet retransmissions, transfer time, response time and network overhead. However, there is no doubt about the malicious behavior if the node drops some legitimate packets and then injects fake packets to replace them. In this case the malicious node obviously has enough resources to do this.

In this paper, we present a novel packet dropping attack and novel traceback mechanism. A malicious node can selectively drop some packets and inject fake packets so it can maintain the original total number of packets originated from the sender node. The existing packet dropping defense mechanism, such as the multipath routing based mechanisms [1], [2], [3], [4], [5], reputation based mechanism [6], data provenance based mechanisms [7], acknowledgment based mechanisms [8], [9], [10], are inefficient as in OppNets we have no end to end connections and usually have no alternative paths from the sender to the destination or vice versa. Network coding based mechanisms [11], are inefficient as the destination nodes should have a copy of all neighbors packets/messages so it can decode its message, which is difficult to achieve in OppNets. Watchdog and pathrater mechanism [12], [13], [14], [15], [16], [17] are inefficient for detecting this type of attack as the detection idea is based on the calculation of the total number of transmitted/received packets. Encryption techniques [18] are inefficient as well, as we required the use of a secret key which is difficult to manage in OppNets since we have no centralized management.

Our new detection and traceback mechanism is very accurate for addressing this type of attack as we relied on the use of hash chain techniques [19] to maintain packet integrity.

Contribution. To the best of our knowledge, this is the first attempt to identify this type of attack and the traceback mechanism. The main contributions of this work are:

  • 1.

    To identify a Catabolism attack where malicious nodes drop some packets and then inject fake packets instead.

  • 2.

    To identify an Anabolism defense where the legitimate nodes can check the received packets to detect the attack, and then traceback and identify the malicious nodes that triggered this attack.

The remainder of this paper is organized as follows. In Section 2, we present related work. In Section 3, we present the Catabolism attack and Anabolism defense. In Section 4, we present our mathematical model. In Section 5, we present our simulation results and in Section 6, we present our conclusion and future work.

Section snippets

Related work

Defense mechanisms for packet dropping attacks use multipath routing based mechanisms where packets divide into a number of groups and then send to a destination in more than one path [1], [2], [3], [4], [5].

E-HSAM [1] propose a security improvement mechanism where packets that go through a path with a malicious node redirect to an alternative path. However, in OppNets this variety is not always available since there is no end to end connection and no alternative path available all the time.

Overview on Catabolism attack and Anabolism defense

In “Catabolism Attack” malicious nodes can drop or modify some packets (but not all the packets) and then inject new fake packets instead. We have developed a new defense technique for this type of attack in Opportunistic Networks. We called it “Anabolism Defense” where each legitimate node can detect the attack by relying on the hash chain techniques and then traceback the malicious nodes. No more fake packets propagation through the network as the legitimate nodes can stop fake packets

Mathematical model

The aim of the mathematical model is to derive a formula for the probability of achieving the sufficient condition leading to malicious node detection. The sufficient condition is: receiving at least 1 fake packet from any malicious node, and receiving at least 1 legitimate packet or at least 1 fake packet from a different malicious node. We first introduce the notation used.

  • n be total number of hops;

  • m be the number of malicious hops;

  • k be the number of packets;

  • p the probability that a packet

Conclusion and future work

Security is a major challenge in OppNets due to its characteristics, such as open medium, dynamic topology, dependence on cooperative techniques, no centralized management, and absent clear lines of defense. With the absence of an end to end connection, packet dropping attacks have become one of the hardest security threats in OppNets. In addition, neither source nor destination nodes have knowledge of when or where a packet will be dropped in a packet dropping attack. In this paper, we present

References (21)

  • A. Baadache et al.

    Fighting against packet dropping misbehavior in multi-hop wireless ad hoc networks

    J. Netw. Comput. Appl.

    (2012)
  • M. Obaidat et al.

    Preventing packet dropping and message tampering attacks on AODV-based mobile ad hoc networks

    International Conference on Computer, Information and Telecommunication Systems (CITS)

    (2012)
  • S. Lee et al.

    A resilient packet-forwarding scheme against maliciously packet-dropping nodes in sensor networks

    Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks

    (2006)
  • J. Sen et al.

    A distributed protocol for detection of packet dropping attack in mobile ad hoc networks

    IEEE International Conference on Telecommunications and Malaysia International Conference on Communication

    (2007)
  • S. Lee et al.

    Split multipath routing with maximally disjoint paths in ad hoc networks

    IEEE International Conference on Communications

    (2001)
  • Y. Lu et al.

    An energy-efficient multipath routing protocol for wireless sensor networks

    International Journal of Communication Systems

    (2007)
  • M. Ke et al.

    A new packet dropping policy in delay tolerant network

    Twelfth IEEE International Conference on Communication Technology (ICCT)

    (2010)
  • S. Sultana et al.

    A Provenance based mechanism to identify malicious packet dropping adversaries in sensor networks

    Proceedings of the 2011 Thirty First International Conference on Distributed Computing Systems Workshops

    (2011)
  • X. Zhang et al.

    Packet-dropping adversary identification for data plane security

    Proceedings of the 2008 ACM CoNEXT Conference

    (2008)
  • B. Carbunar et al.

    JANUS: Towards robust and malicious resilient routing in hybrid wireless networks

    Proceedings of the Third ACM Workshop on Wireless Security

    (2004)
There are more references available in the full text version of this article.

Cited by (0)

View full text