Tema 5.- Seguridad. Problemas Soluciones
|
|
- Kory Short
- 7 years ago
- Views:
Transcription
1 Tema 5.- Seguridad Problemas Soluciones
2 Wireless medium is easy to snoop on Routing security vulnerabilities Due to ad hoc connectivity and mobility, it is hard to guarantee access to any particular node (for instance, to obtain a secret key) Easier for trouble-makers to insert themselves into a mobile ad hoc network (as compared to a wired network) Open medium Dynamic topology Distributed cooperation (absence of central authorities) Constrained capability (energy)
3 Securing Ad Hoc Networks Definition of Attack from the RFC 2828 Internet Security Glossary : An assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of the system. Goals Availability: ensure survivability of the network despite denial of service attacks. The DoS can be targeted at any layer Confidentiality: ensures that certain information is not disclosed to unauthorized entities. Eg Routing information information should not be leaked out because it can help to identify and locate the targets Integrity: guarantee that a message being transferred is never corrupted. Authentication: enables a node to ensure the identity of the nodes communicating. Non-Repudiation: ensures that the origin of the message cannot deny having sent the message
4 Classification: External attack vs. Internal attack Routing attacks External: Intruder nodes can pose to be a part of the network injecting erroneous routes, replaying old information or introduce excessive traffic to partition the network Internal: The nodes themselves could be compromised. Detection of such nodes is difficult since compromised nodes can generate valid signatures. Passive attack vs. Active attack Passive attack: Attempts to learn or make use of information from the system but does not affect system resources (RFC 2828) Active attack: Attempts to alter system resources or affect their operation (RFC 2828)
5 Information source Information destination Normal Flow
6 Passive Attacks Sniffer Passive attacks Interception (confidentiality) Release of message contents Traffic analysis
7 All machines on a network can hear ongoing traffic Sniffers A machine will respond only to data addressed specifically to it Network interface: promiscuous mode able to capture all frames transmitted on the local area network segment Risks of Sniffers: Serious security threat Capture confidential information Authentication information Private data Capture network traffic information
8 Interception Information source Information destination Unauthorized party gains access to the asset Confidentiality Example: wiretapping, unauthorized copying of files
9 Release of message contents Passive attacks Intruder is able to interpret and extract information being transmitted Highest risk: authentication information Can be used to compromise additional system resources Traffic analysis Intruder is not able to interpret and extract the transmitted information Intruder is able to derive (infer) information from the traffic characteristics
10 Protection against passive attacks Shield confidential data from sniffers: cryptography Disturb traffic pattern: Traffic padding Onion routing Modern switch technology: network traffic is directed to the destination interfaces Detect and eliminate sniffers
11 Active attacks Active attacks Interruption Modification Fabrication (availability) (integrity) (integrity)
12 Information source Interruption Information destination Asset is destroyed or becomes unavailable - Availability Example: destruction of hardware, cutting communication line, disabling file management system, etc.
13 Adversary floods irrelevant data Consume network bandwidth Consume resource of a particular node Denial of service attack bombing attack: floods victim s mail with large bogus messages Popular Free tools available Smurf attack: Attacker multicast or broadcast an Internet Control Message Protocol (ICMP) with spoofed IP address of the victim system Each receiving system sends a respond to the victim Victim s system is flooded
14 TCP SYN flooding Server: limited number of allowed half-open connections Backlog queue: Existing half-open connections Full: no new connections can be established Time-out, reset Attack: Attacker: send SYN requests to server with IP source that unable to response to SYN-ACK Server s backlog queue filled No new connections can be established Keep sending SYN requests Does not affect Existing or open incoming connections Outgoing connections
15 Hard to provide full protection Some of the attacks can be prevented Protection against DoS, DDoS Filter out incoming traffic with local IP address as source Avoid established state until confirmation of client s identity Internet trace back: determine the source of an attack
16 Modification Information source Information destination Unauthorized party tampers with the asset Integrity Example: changing values of data, altering programs, modify content of a message, etc.
17 Attacks using modification Idea: Attacks using modification Malicious node announces better routes than the other nodes in order to be inserted in the ad-hoc network How? Redirection by changing the route sequence number Redirection with modified hop count Denial Of Service (DOS) attacks Modify the protocol fields of control messages Compromise the integrity of routing computation Cause network traffic to be dropped, redirected to a different destination or take a longer route
18 Attacks using modification Redirection with modified hop count: - The node C announces to B a path with a metric value of one - The intruder announces to B a path with a metric value of one too - B decides which path is the best by looking into the hop count value of each route Node C Metric 1 and 3 hops Node A Node B Node D Metric 1 and 1 hop Intruder
19 Attacks using modification Denial Of Service (DOS) attacks with modified source routes: A malicious node is inserted in the network The malicious node changes packet headers it receives The packets will not reach the destination: The transmission is aborted Node A sends packets with header: (route cache to reach node E) A-B-I-C-D-E Intruder I decapsulates packets, change the header: A-B-I-C-E Node C has no direct route with E, also the packets are dropped Node A Node B Intruder I Node C Node D Node E
20 Information source Fabrication Information destination Unauthorized party insets counterfeit object into the system Authenticity Example: insertion of offending messages, addition of records to a file, etc.
21 Attacks using fabrication Idea: Attacks using fabrication Generates traffic to disturb the good operation of an ad-hoc network How? Falsifying route error messages Corrupting routing state Routing table overflow attack Replay attack Black hole attack
22 Falsifying route error messages: Attacks using fabrication When a node moves, the closest node sends error message to the others A malicious node can usurp the identity of another node (e.g. By using spoofing) and sends error messages to the others The other nodes update their routing tables with these bad information The victim node is isolated
23 Corrupting routing state: Attacks using fabrication In DSR, routes can be learned from promiscuously received packets A node should add the routing information contained in each packet s header it overhears A hacker can easily broadcast a message with a spoofed IP address such as the other nodes add this new route to reach a special node S It s the malicious node which will receive the packets intended to S.
24 Routing table overflow attack: Available in pro-active protocols. Attacks using fabrication These protocols try to find routing information before they are needed A hacker can send in the network a lot of route to non-existent nodes until overwhelm the protocol
25 Replay attack: A hacker sends old advertisements to a node The node updates its routing table with stale routes Black hole attack: Attacks using fabrication A hacker advertises a zero metric route for all destinations All the nodes around it will route packets towards it
26 Attacks using impersonation Attacks using impersonation Idea : Usurpates the identity of another node to perform changes How? Spoofing MAC address of other nodes
27 Forming loops by spoofing MAC address: Attacks using impersonation A malicious node M can listen all the nodes when the others nodes can only listen their closest neighbors Node M first changes its MAC address to the MAC address of the node A Node M moves closer to node B than node A is, and stays out of range of node A Node M announces node B a shorter path to reach X than the node D gives A B M C D E X
28 Forming loops by spoofing MAC address: Node B changes its path to reach X Packets will be sent first to node A Attacks using impersonation Node M moves closer to node D than node B is, and stays out of range of node B Node M announces node D a shorter path to reach X than the node E gives A M C B D E X
29 Attacks using impersonation Forming loops by spoofing MAC address: Node D changes its path to reach X Packets will be sent first to node B X is now unreachable because of the loop formed A C B M D E X
30 Attacks for routing: Wormhole attack (tunneling) Invisible node attack The Sybil attack Rushing attack Non-cooperation Other Routing attacks
31 Wormhole attack Colluding attackers uses tunnels between them to forward packets Place the attacker in a very powerful position The attackers take control of the route by claiming a shorter path S M tunnel... N C D A B
32 Invisible node attack Attack on DSR Malicious does not append its IP address M becomes invisible on the path S B M C D
33 The Sybil attack Represents multiple identities Disrupt geographic and multi-path routing B M 1 M 2 M3 M 4 M 5
34 Rushing attack Directed against on-demand routing protocols The attacker hurries route request packet to the next node to increase the probability of being included in a route
35 Non-cooperation Node lack of cooperation, not participate in routing or packet forwarding Node selfishness, save energy for itself
36 Tema 5.- Seguridad Problemas Soluciones
37 Ariadne Overview Authenticate routing messages using one of: Shared secrets between each pair of nodes Avoids need for synchronization Shared secrets between communicating nodes combined with broadcast authentication Requires loose time synchronization Allows additional protocol optimizations Digital signatures
38 TESLA Overview Broadcast authentication protocol used here for authenticating routing messages Efficient and adds only a single message authentication code (MAC) to a message Requires asymmetric primitive to prevent others from forging MAC TESLA achieves asymmetry through clock synchronization and delayed key disclosure
39 TESLA Overview (cont.) 1. Each sender splits the time into intervals 2. It then chooses random initial key (K N ) 3. Generates one-way key chain through repeated use of a one-way hash function (generating one key per time interval) K N-1 =H[K N ], K N-2 =H[K N-1 ] These keys are used in reverse order of generation 4. The sender discloses the keys based on the time intervals
40 Sender attaches MAC to each packet Computed over the packet s contents TESLA Overview (cont.) Sender determines time interval and uses corresponding value from oneway key chain With the packet, the sender also sends the most recent disclosable oneway chain value
41 Receiver knows the key disclosing schedule TESLA Overview (cont.) Checks that the key used to compute the MAC is still secret by determining that the sender could not have disclosed it yet As long as the key is still secret, the receiver buffers the packet When the key is disclosed, receiver checks its correctness (through self-authentication) and authenticates the buffered packets
42 Network Assumptions Network links are bidirectional The network may drop, corrupt, reorder or duplicate packets Each node must be able to estimate the end-to-end transmission time to any other node in the network Disregard physical attacks and Medium Access Control attacks
43 Node Assumptions Resources of nodes may vary greatly, so Ariadne assumes constrained nodes All nodes have loosely synchronized clocks
44 Three authentication mechanism possibilities: Pairwise secret keys (requires n(n+1)/2 keys) TESLA (shared keys between all source-destination pairs) Digital signatures (requires powerful nodes) Security Assumptions
45 Shared secret keys Key distribution center Bootstrapping from a Public Key Infrastructure Pre-loading at initialization Initial TESLA keys Embed at initialization Assume PKI and embed Certifications Authority s public key at each node Key Setup
46 A and B are principals (e.g., communicating nodes) Ariadne Notation K AB and K BA are secret MAC keys shared between A and B MAC KAB (M) is computation of MAC of message M using key K AB
47 Route Discovery Assume sender and receiver share secret (non-tesla) keys for message authentication Target authenticates ROUTE REQUESTS Initiator includes a MAC computed with end-to-end key Target verifies authenticity and freshness of request using shared key Data authentication using TESLA keys Each hop authenticates new information in the REQUEST Target buffers REPLY until intermediate nodes release TESLA keys TESLA security condition is verified at the target Target includes a MAC in the REPLY to certify the condition was met Attacker can remove a node from node list in a REQUEST One-way hash functions verify that no hop was omitted (per-hop hashing)
48 Route Discovery (cont.) Assume all nodes know an authentic key of the TESLA one-way key chain of every other node Securing ROUTE REQUEST Target can authenticate the sender (using their additional shared key) Initiator can authenticate each path entry using intermediate TESLA keys No intermediate node can remove any other node in the REQUEST or REPLY
49 Route Discovery (cont.) ROUTE REQUEST packet contains eight fields: ROUTE REQUEST: label initiator: address of the sender target: address of the recipient id: unique identifier time interval: TESLA time interval of the pessimistic arrival time hash chain: sequence of MAC hashes node list: sequence of nodes on the path MAC list: MACs of the message using TESLA keys
50 Upon receiving ROUTE REQUEST, a node: 1. Processes the request only if it is new Route Discovery (cont.) 2. Processes the request only if the time interval is valid (not too far in the future, but not for an already disclosed TESLA key) 3. Modifies the request and rebroadcasts it Appends its address to the node list, replaces the hash chain with H[A, hash chain], appends MAC of entire REQUEST to MAC list using K Ai where i is the index for the time interval specified in the REQUEST
51 When the target receives the route request: Route Discovery (cont.) 1. Checks the validity of the REQUEST (determining that the keys from the time interval have not been disclosed yet and that hash chain is correct) 2. Returns ROUTE REPLY containing eight fields ROUTE REPLY, target, initiator, time interval, node list, MAC list target MAC: MAC computed over above fields with key shared between target and initiator key list: disclosable MAC keys of nodes along the path
52 Node forwarding ROUTE REPLY Route Discovery (cont.) Waits until it can disclose TESLA key from specified interval Appends that key to the key list This waiting does delay the return of the ROUTE REPLY but does not consume extra computational power
53 When initiator receives ROUTE REPLY Route Discovery (cont.) 1. Verifies each key in the key list is valid 2. Verifies that the target MAC is valid 3. Verifies that each MAC in the MAC list is valid using the TESLA keys
54 Based on DSR Route Maintenance Node forwarding a packet to the next hop returns a ROUTE ERROR to the original sender Prevent unauthorized nodes from sending errors, we require errors to be authenticated by the sender
55 Route Maintenance (cont.) ROUTE ERROR contains six fields ROUTE ERROR: label sending address: node encountering error receiving address: intended next hop time interval: pessimistic arrival time of error at destination error MAC: MAC of the preceding fields of the error (computed using sender s TESLA key) recent TESLA key: most recent disclosable TESLA key
56 Route Maintenance Errors are propagated just as regular data packets Intermediate nodes remove routes that use the bad link Sending node continues to send data packets along the route until error is validated Generates additional errors, which are all cleaned up when the error is finally validated
57 Anonymous Communication Sometimes security requirement may include anonymity Availability of an authentic key is not enough to prevent traffic analysis We may want to hide the source or the destination of a packet, or simply the amount of traffic between a given pair of nodes
58 Traffic Analysis Traditional approaches for anonymous communication, for instance, based on MIX nodes or dummy traffic insertion, can be used in wireless ad hoc networks as well However, it is possible to develop new approaches considering the broadcast nature of the wireless channel
59 Mix Nodes [Chaum] Mix nodes can reorder packets from different flows, insert dummy packets, or delay packets, to reduce correlation between packets in and packets out D G C M3 M1 B M2 E F A
60 Mix Nodes Node A wants to send message M to node G. Node A chooses 2 Mix nodes (in general n mix nodes), say, M1 and M2 D G C M3 M1 B M2 E F A
61 Mix Nodes Node A transmits to M1 message K1(R1, K2(R2, M)) where Ki() denotes encryption using public key Ki of Mix i, and Ri is a random number D G C M3 M1 B M2 E F A
62 Mix Nodes M1 recovers K2(R2,M) and send to M2 D G C M3 M1 B M2 E F A
63 Mix Nodes M2 recovers M and sends to G D G C M3 M1 B M2 E F A
64 Mix Nodes If M is encrypted by a secret key, no one other than G or A can know M Since M1 and M2 mix traffic, observers cannot determine the source-destination pair without compromising M1 and M2 both
65 Alternative Mix Nodes Suppose A uses M2 and M3 (not M1 and M2) Need to take fewer hops Choice of mix nodes affects overhead D G C M3 M1 B M2 E F A
66 Mix Node Selection Intelligent selection of mix nodes can reduce overhead [Jiang04] With mobility, the choice of mix nodes may have to be modified to reduce cost However, change of mix selection has the potential for divulging more information
How To Write A Transport Layer Protocol For Wireless Networks
Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks Introduction Issues Design Goals Classifications TCP Over Ad Hoc Wireless Networks Other Transport Layer Protocols Security
More informationAriadne A Secure On-Demand Routing Protocol for Ad-Hoc Networks
Ariadne A Secure On-Demand Routing Protocol for Ad-Hoc Networks Authors: Yih-Chun Hu, Adrian Perrig, David B Johnson Presenter: Sameer Korrapati Date: 4/21/2003 Overview of presentation Introduction :
More informationSecurity in Ad Hoc Network
Security in Ad Hoc Network Bingwen He Joakim Hägglund Qing Gu Abstract Security in wireless network is becoming more and more important while the using of mobile equipments such as cellular phones or laptops
More informationSECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)
SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS) Neha Maurya, ASM S IBMR ABSTRACT: Mobile Ad hoc networks (MANETs) are a new paradigm of wireless network, offering unrestricted mobility without any underlying
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK AN OVERVIEW OF MOBILE ADHOC NETWORK: INTRUSION DETECTION, TYPES OF ATTACKS AND
More informationAriadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks
Wireless Networks 11, 21 38, 2005 2005 Springer Science + Business Media, Inc. Manufactured in The Netherlands. Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks YIH-CHUN HU and ADRIAN PERRIG
More informationAriadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks
Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks Yih-Chun Hu Carnegie Mellon University yihchun@cs.cmu.edu Adrian Perrig Carnegie Mellon University adrian+@cs.cmu.edu David B. Johnson Rice
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More informationContent Distribution Networks (CDN)
229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationDSR: The Dynamic Source Routing Protocol for Multi-Hop Wireless Ad Hoc Networks
DSR: The Dynamic Source Routing Protocol for Multi-Hop Wireless Ad Hoc Networks David B. Johnson David A. Maltz Josh Broch Computer Science Department Carnegie Mellon University Pittsburgh, PA 15213-3891
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationSecure Unicast Position-based Routing Protocols for Ad-Hoc Networks
Acta Polytechnica Hungarica Vol. 8, No. 6, 2011 Secure Unicast Position-based Routing Protocols for Ad-Hoc Networks Liana Khamis Qabajeh, Miss Laiha Mat Kiah Faculty of Computer Science and Information
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationA Comparison Study of Qos Using Different Routing Algorithms In Mobile Ad Hoc Networks
A Comparison Study of Qos Using Different Routing Algorithms In Mobile Ad Hoc Networks T.Chandrasekhar 1, J.S.Chakravarthi 2, K.Sravya 3 Professor, Dept. of Electronics and Communication Engg., GIET Engg.
More information18-731 Midterm. Name: Andrew user id:
18-731 Midterm 6 March 2008 Name: Andrew user id: Scores: Problem 0 (10 points): Problem 1 (10 points): Problem 2 (15 points): Problem 3 (10 points): Problem 4 (20 points): Problem 5 (10 points): Problem
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationTo Study the Various Attacks and Protocols in MANET
International Journal of Computer Sciences and Engineering Open Access Review Paper Volume-4, Issue-4 E-ISSN: 2347-2693 To Study the Various Attacks and Protocols in MANET Harkiranpreet Kaur 1* and Rasneet
More informationDynamic Source Routing in Ad Hoc Wireless Networks
Dynamic Source Routing in Ad Hoc Wireless Networks David B. Johnson David A. Maltz Computer Science Department Carnegie Mellon University 5000 Forbes Avenue Pittsburgh, PA 15213-3891 dbj@cs.cmu.edu Abstract
More informationWireless Sensor Network Security. Seth A. Hellbusch CMPE 257
Wireless Sensor Network Security Seth A. Hellbusch CMPE 257 Wireless Sensor Networks (WSN) 2 The main characteristics of a WSN include: Power consumption constrains for nodes using batteries or energy
More informationRouting Security in Ad Hoc Wireless Networks 1
Network Security Scott Huang, David MacCallum, and Ding Zhu Du(Eds.) pp. - c 2005 Springer Routing Security in Ad Hoc Wireless Networks 1 Mohammad O. Pervaiz, Mihaela Cardei, and Jie Wu Department of Computer
More informationAd hoc On Demand Distance Vector (AODV) Routing Protocol
Ad hoc On Demand Distance Vector (AODV) Routing Protocol CS: 647 Advanced Topics in Wireless Networks Dr. Baruch Awerbuch & Dr. Amitabh Mishra Department of Computer Science Johns Hopkins 4-1 Reading Chapter
More informationAll vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices
Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly
More informationIY2760/CS3760: Part 6. IY2760: Part 6
IY2760/CS3760: Part 6 In this part of the course we give a general introduction to network security. We introduce widely used security-specific concepts and terminology. This discussion is based primarily
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationSEcure Neighbour Discovery: A Report
SEcure Neighbour Discovery: A Report Arun Raghavan (Y6111006) CS625: Advanced Computer Networks Abstract The IPv6 [5] Neighbour Discovery [12] protocol is used by nodes in IPv6 for such purposes as discover
More informationPreventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System
Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System Shams Fathima M.Tech,Department of Computer Science Kakatiya Institute of Technology & Science, Warangal,India
More informationBehavior Analysis of TCP Traffic in Mobile Ad Hoc Network using Reactive Routing Protocols
Behavior Analysis of TCP Traffic in Mobile Ad Hoc Network using Reactive Routing Protocols Purvi N. Ramanuj Department of Computer Engineering L.D. College of Engineering Ahmedabad Hiteishi M. Diwanji
More informationSecurity Technology White Paper
Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without
More informationSession Hijacking Exploiting TCP, UDP and HTTP Sessions
Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being
More informationRouting Protocols Security in Ah Hoc Networks
Routing Protocols Security in Ah Hoc Networks Ebrahim Mohammed Louis Dargin Oakland University School of Computer Science and Engineering CSE 681 Information Security ledargin@oakland.edu eamohamm@oakland.edu
More informationAd hoc networks security. 1. Introduction
Ad hoc networks security Pietro Michiardi and Refik Molva 1. Introduction An ad hoc network is a collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure
More informationSecure Routing for Mobile Ad hoc Networks
Secure Routing for Mobile Ad hoc Networks Patroklos G. Argyroudis Networks and Telecommunications Research Group Department of Computer Science University of Dublin, Trinity College argp@cs.tcd.ie Donal
More informationSecure Routing in Wireless Sensor Networks
Secure Routing in Wireless Sensor Networks Introduction to Wireless Sensor Networks Ida Siahaan / Leonardo Fernandes DIT Ida Siahaan / Leonardo Fernandes (DIT) Secure Routing in Wireless Sensor Networks
More informationOutline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg
Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationA Review of Secure Ad-hoc Routing
www..org 30 A Review of Secure Ad-hoc Routing Tannu Arora 1, Deepika Arora 2 1 Computer Science, M.D.U/GIET, Sonipat, Haryana, India tannu.arora@gmail.com 2 Computer Science, C.D.L.U, Sirsa, Haryana, India
More informationAdvanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech
Advanced Topics in Distributed Systems Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Security Introduction Based on Ch1, Cryptography and Network Security 4 th Ed Security Dr. Ayman Abdel-Hamid,
More informationWireless Sensor Networks Chapter 14: Security in WSNs
Wireless Sensor Networks Chapter 14: Security in WSNs António Grilo Courtesy: see reading list Goals of this chapter To give an understanding of the security vulnerabilities of Wireless Sensor Networks
More informationDenial of Service in Sensor Networks
Denial of Service in Sensor Networks Authors : From: Anthony D. Wood John A. Stankovic University of Virginia Presented by: Luba Sakharuk Agenda for the DOS in Sensor Networks Abstract Theory and Application
More informationSecurity for Ad Hoc Networks. Hang Zhao
Security for Ad Hoc Networks Hang Zhao 1 Ad Hoc Networks Ad hoc -- a Latin phrase which means "for this [purpose]". An autonomous system of mobile hosts connected by wireless links, often called Mobile
More informationFinal for ECE374 05/06/13 Solution!!
1 Final for ECE374 05/06/13 Solution!! Instructions: Put your name and student number on each sheet of paper! The exam is closed book. You have 90 minutes to complete the exam. Be a smart exam taker -
More informationAbstract. Introduction. Section I. What is Denial of Service Attack?
Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss
More informationAttacks on neighbor discovery
Cryptographic Protocols (EIT ICT MSc) Dr. Levente Buttyán associate professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu
More informationLoad Balancing and Resource Reservation in Mobile Ad-Hoc Networks 1
Load Balancing and Resource Reservation in Mobile Ad-Hoc Networks 1 Gautam Chakrabarti Sandeep Kulkarni Department of Computer Science and Engineering Michigan State University Abstract To ensure uninterrupted
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationTransport Layer Protocols
Transport Layer Protocols Version. Transport layer performs two main tasks for the application layer by using the network layer. It provides end to end communication between two applications, and implements
More informationSPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, J.D. Tygar, Victor Wen, and David Culler Department of Electrical Engineering & Computer Sciences, University of California
More informationSECURING APACHE : DOS & DDOS ATTACKS - I
SECURING APACHE : DOS & DDOS ATTACKS - I In this part of the series, we focus on DoS/DDoS attacks, which have been among the major threats to Web servers since the beginning of the Web 2.0 era. Denial
More informationProtocols and Architecture. Protocol Architecture.
Protocols and Architecture Protocol Architecture. Layered structure of hardware and software to support exchange of data between systems/distributed applications Set of rules for transmission of data between
More informationReview of Prevention techniques for Denial of Service Attacks in Wireless Sensor Network
Review of Prevention techniques for Denial of Service s in Wireless Sensor Network Manojkumar L Mahajan MTech. student, Acropolis Technical Campus, Indore (MP), India Dushyant Verma Assistant Professor,
More informationEfficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu Peng Ning Department of Computer Science North Carolina State University Raleigh,
More informationSecurity Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress
Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Alan Davy and Lei Shi Telecommunication Software&Systems Group, Waterford Institute of Technology, Ireland adavy,lshi@tssg.org
More informationSecurity Sensor Network. Biswajit panja
Security Sensor Network Biswajit panja 1 Topics Security Issues in Wired Network Security Issues in Wireless Network Security Issues in Sensor Network 2 Security Issues in Wired Network 3 Security Attacks
More informationA Catechistic Method for Traffic Pattern Discovery in MANET
A Catechistic Method for Traffic Pattern Discovery in MANET R. Saranya 1, R. Santhosh 2 1 PG Scholar, Computer Science and Engineering, Karpagam University, Coimbatore. 2 Assistant Professor, Computer
More informationTomás P. de Miguel DIT-UPM. dit UPM
Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability
More informationIntroduction to Security
2 Introduction to Security : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l01, Steve/Courses/2013/s2/its335/lectures/intro.tex,
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationDenial of Service. Tom Chen SMU tchen@engr.smu.edu
Denial of Service Tom Chen SMU tchen@engr.smu.edu Outline Introduction Basics of DoS Distributed DoS (DDoS) Defenses Tracing Attacks TC/BUPT/8704 SMU Engineering p. 2 Introduction What is DoS? 4 types
More informationSIMULATION STUDY OF BLACKHOLE ATTACK IN THE MOBILE AD HOC NETWORKS
Journal of Engineering Science and Technology Vol. 4, No. 2 (2009) 243-250 School of Engineering, Taylor s University College SIMULATION STUDY OF BLACKHOLE ATTACK IN THE MOBILE AD HOC NETWORKS SHEENU SHARMA
More informationSecurity Issues in Mobile Ad Hoc Networks - A Survey
Security Issues in Mobile Ad Hoc Networks - A Survey Wenjia Li and Anupam Joshi Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County Abstract In this paper,
More informationNotes on Network Security - Introduction
Notes on Network Security - Introduction Security comes in all shapes and sizes, ranging from problems with software on a computer, to the integrity of messages and emails being sent on the Internet. Network
More informationIntroduction to Wireless Sensor Network Security
Smartening the Environment using Wireless Sensor Networks in a Developing Country Introduction to Wireless Sensor Network Security Presented By Al-Sakib Khan Pathan Department of Computer Science and Engineering
More informationProtocol Rollback and Network Security
CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationSECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET
SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET MR. ARVIND P. PANDE 1, PROF. UTTAM A. PATIL 2, PROF. B.S PATIL 3 Dept. Of Electronics Textile and Engineering
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationVulnerabilities of Intrusion Detection Systems in Mobile Ad-hoc Networks - The routing problem
Vulnerabilities of Intrusion Detection Systems in Mobile Ad-hoc Networks - The routing problem Ernesto Jiménez Caballero Helsinki University of Technology erjica@gmail.com Abstract intrusion detection
More informationEFS: Enhanced FACES Protocol for Secure Routing In MANET
EFS: Enhanced FACES Protocol for Secure Routing In MANET Geethu Bastian Department of Information Technology Rajagiri School of Engineering & Technology, Rajagiri Valley P O Kochi-39, India geethubastian@gmail.com
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationLIST OF FIGURES. Figure No. Caption Page No.
LIST OF FIGURES Figure No. Caption Page No. Figure 1.1 A Cellular Network.. 2 Figure 1.2 A Mobile Ad hoc Network... 2 Figure 1.3 Classifications of Threats. 10 Figure 1.4 Classification of Different QoS
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationDr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu. DDoS and IP Traceback. Overview
DDoS and IP Traceback Dr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu Louisiana State University DDoS and IP Traceback - 1 Overview Distributed Denial of Service
More informationMOBILE AD HOC NETWORKS SECURITY
MOBILE AD HOC NETWORKS SECURITY DRAGAN MLADENOVIĆ The Guard, Serbian Army Forces, Belgrade, dragan.mladenovic@vs.rs DANKO JOVANOVIĆ Logistics Department J-4, Serbian Army Forces General Staff, Belgrade,
More informationWireless Mesh Networks under FreeBSD
Wireless Networks under FreeBSD Rui Paulo rpaulo@freebsd.org The FreeBSD Project AsiaBSDCon 2010 - Tokyo, Japan Abstract With the advent of low cost wireless chipsets, wireless mesh networks became much
More informationAnonymous Communication in Peer-to-Peer Networks for Providing more Privacy and Security
Anonymous Communication in Peer-to-Peer Networks for Providing more Privacy and Security Ehsan Saboori and Shahriar Mohammadi Abstract One of the most important issues in peer-to-peer networks is anonymity.
More informationSecurity for Ubiquitous and Adhoc Networks
Security for Ubiquitous and Adhoc Networks Mobile Adhoc Networks Collection of nodes that do not rely on a predefined infrastructure Adhoc networks can be formed merged together partitioned to separate
More informationA Research Study on Packet Sniffing Tool TCPDUMP
A Research Study on Packet Sniffing Tool TCPDUMP ANSHUL GUPTA SURESH GYAN VIHAR UNIVERSITY, INDIA ABSTRACT Packet sniffer is a technique of monitoring every packet that crosses the network. By using this
More informationACHILLES CERTIFICATION. SIS Module SLS 1508
ACHILLES CERTIFICATION PUBLIC REPORT Final DeltaV Report SIS Module SLS 1508 Disclaimer Wurldtech Security Inc. retains the right to change information in this report without notice. Wurldtech Security
More informationNetwork Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015
Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan April 23, 2015 1 / 24 Secure networks Before the advent of modern telecommunication network,
More informationFederal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks
Threat Paper Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks Federal Computer Incident Response Center 7 th and D Streets S.W. Room 5060 Washington,
More informationProject 4: (E)DoS Attacks
Project4 EDoS Instructions 1 Project 4: (E)DoS Attacks Secure Systems and Applications 2009 Ben Smeets (C) Dept. of Electrical and Information Technology, Lund University, Sweden Introduction A particular
More informationPacket Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA
A Seminar report On Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org Preface I have made
More informationHANDBOOK 8 NETWORK SECURITY Version 1.0
Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives
More informationDjenouri Djamel & Nadjib Badache
Djenouri Djamel & Nadjib Badache LSI-TR0504 February 2004 A Survey on Security Issues in Mobile Ad hoc Networks Djamel DJENOURI, Nadjib BADACHE : Basic Software Laboratory, CERIST Center of Research, Algiers,
More informationInternational Journal of Advanced Research in Computer Science and Software Engineering
Volume 3, Issue 1, January 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Analysis of
More informationCOMPARATIVE ANALYSIS OF ON -DEMAND MOBILE AD-HOC NETWORK
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 2 Issue 5 May, 2013 Page No. 1680-1684 COMPARATIVE ANALYSIS OF ON -DEMAND MOBILE AD-HOC NETWORK ABSTRACT: Mr.Upendra
More informationFrequent Denial of Service Attacks
Frequent Denial of Service Attacks Aditya Vutukuri Science Department University of Auckland E-mail:avut001@ec.auckland.ac.nz Abstract Denial of Service is a well known term in network security world as
More informationssumathy@vit.ac.in upendra_mcs2@yahoo.com
S. Sumathy 1 and B.Upendra Kumar 2 1 School of Computing Sciences, VIT University, Vellore-632 014, Tamilnadu, India ssumathy@vit.ac.in 2 School of Computing Sciences, VIT University, Vellore-632 014,
More informationco Characterizing and Tracing Packet Floods Using Cisco R
co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More information