Surviving attacks on disruption-tolerant networks without authentication Export

@inproceedings{burgess:attacks, abstract = {Disruption-Tolerant Networks (DTNs) deliver data in network environments composed of intermittently connected nodes. Just as in traditional networks, malicious nodes within a DTN may attempt to delay or destroy data in transit to its destination. Such attacks include dropping data, flooding the network with extra messages, corrupting routing tables, and counterfeiting network acknowledgments. Many existing methods for securing routing protocols require authentication supported by mechanisms such as a public key infrastructure, which is difficult to deploy and operate in a DTN, where connectivity is sporadic. Furthermore, the complexity of such mechanisms may dissuade node participation so strongly that potential attacker impacts are dwarfed by the loss of contributing participants. In this paper, we use connectivity traces from our UMass Diesel- Net project and the Haggle project to quantify routing attack effectiveness on a DTN that lacks security. We introduce plausible attackers and attack modalities and provide complexity results for the strongest of attackers. We show that the same routing with packet replication used to provide robustness in the face of unpredictable mobility allows the network to gracefully survive attacks. In the case of the most effective attack, acknowledgment counterfeiting, we show a straightforward defense that uses cryptographic hashes but not a central authority. We conclude that disruption-tolerant networks are extremely robust to attack; in our trace-driven evaluations, an attacker that has compromised 30\% of all nodes reduces delivery rates from 70\% to 55\%, and to 20\% with knowledge of future events. By comparison, contemporaneously connected networks are significantly more fragile}, address = {Montreal, Quebec, Canada}, author = {Burgess, John and Bissias, George D. and Corner, Mark D. and Levine, Brian N.}, booktitle = {MobiHoc '07: Proceedings of the 8th ACM international symposium on Mobile ad hoc networking and computing}, citeulike-article-id = {2820513}, citeulike-linkout-0 = {http://dx.doi.org/http://doi.acm.org/10.1145/1288107.1288116}, citeulike-linkout-1 = {http://dx.doi.org/10.1145/1288107.1288116}, doi = {http://doi.acm.org/10.1145/1288107.1288116}, keywords = {cambridge\_haggle, crawdad, deployment, dtn, measurement, mobility, routing, security, umass\_diesel, wireless}, pages = {61--70}, posted-at = {2008-05-21 17:13:00}, priority = {2}, publisher = {ACM Press}, title = {Surviving attacks on disruption-tolerant networks without authentication}, url = {http://dx.doi.org/http://doi.acm.org/10.1145/1288107.1288116}, year = {2007} }

TY - CONF ID - burgess:attacks L3 - citeulike-article-id:2820513 N2 - Disruption-Tolerant Networks (DTNs) deliver data in network environments composed of intermittently connected nodes. Just as in traditional networks, malicious nodes within a DTN may attempt to delay or destroy data in transit to its destination. Such attacks include dropping data, flooding the network with extra messages, corrupting routing tables, and counterfeiting network acknowledgments. Many existing methods for securing routing protocols require authentication supported by mechanisms such as a public key infrastructure, which is difficult to deploy and operate in a DTN, where connectivity is sporadic. Furthermore, the complexity of such mechanisms may dissuade node participation so strongly that potential attacker impacts are dwarfed by the loss of contributing participants. In this paper, we use connectivity traces from our UMass Diesel- Net project and the Haggle project to quantify routing attack effectiveness on a DTN that lacks security. We introduce plausible attackers and attack modalities and provide complexity results for the strongest of attackers. We show that the same routing with packet replication used to provide robustness in the face of unpredictable mobility allows the network to gracefully survive attacks. In the case of the most effective attack, acknowledgment counterfeiting, we show a straightforward defense that uses cryptographic hashes but not a central authority. We conclude that disruption-tolerant networks are extremely robust to attack; in our trace-driven evaluations, an attacker that has compromised 30% of all nodes reduces delivery rates from 70% to 55%, and to 20% with knowledge of future events. By comparison, contemporaneously connected networks are significantly more fragile AD - Montreal, Quebec, Canada EP - 70 TI - Surviving attacks on disruption-tolerant networks without authentication PB - ACM Press T2 - MobiHoc '07: Proceedings of the 8th ACM international symposium on Mobile ad hoc networking and computing SP - 61 KW - cambridge_haggle KW - crawdad KW - deployment KW - dtn KW - measurement KW - mobility KW - routing KW - security KW - umass_diesel KW - wireless AU - Burgess, John AU - Bissias, George AU - Corner, Mark AU - Levine, Brian PY - 2007/// UR - http://dx.doi.org/http://doi.acm.org/10.1145/1288107.1288116 ER -