TY - GEN
T1 - DoS-resistant broadcast authentication protocol with low end-to-end delay
AU - Huang, Ying
AU - He, Wenbo
AU - Nahrstedt, Klara
AU - Lee, Whay C.
PY - 2008
Y1 - 2008
N2 - In mission-critical networks, command, alerts, and critical data are frequently broadcast over wireless networks. Broadcast traffic must be protected from malicious attacks, wherein sources are impersonated or broadcast packets are forged. Even though broadcast authentication eliminates such attacks, attackers can still launch Denial-of-Service attacks by injecting substantive false packets, which consume both communication and computation resources. Due to inevitable proliferation of duplicates of broadcast packets, it is especially important to limit false packet propagation range. Evidently, authenticating each packet before forwarding can effectively contain false packets within one hop. But it results in considerable end-to-end delay penalty on authentic packets. In this paper, we propose a randomized authentication scheme, DREAM, which contains most of false packets in one-hop range of attackers and yet keeps end-to-end delay relatively low. Dream also continuously monitors the contextual threat and dynamically adjusts the trade-off among containment and end-to-end delay performance. Extensive evaluations in ns2 validate our idea.
AB - In mission-critical networks, command, alerts, and critical data are frequently broadcast over wireless networks. Broadcast traffic must be protected from malicious attacks, wherein sources are impersonated or broadcast packets are forged. Even though broadcast authentication eliminates such attacks, attackers can still launch Denial-of-Service attacks by injecting substantive false packets, which consume both communication and computation resources. Due to inevitable proliferation of duplicates of broadcast packets, it is especially important to limit false packet propagation range. Evidently, authenticating each packet before forwarding can effectively contain false packets within one hop. But it results in considerable end-to-end delay penalty on authentic packets. In this paper, we propose a randomized authentication scheme, DREAM, which contains most of false packets in one-hop range of attackers and yet keeps end-to-end delay relatively low. Dream also continuously monitors the contextual threat and dynamically adjusts the trade-off among containment and end-to-end delay performance. Extensive evaluations in ns2 validate our idea.
UR - http://www.scopus.com/inward/record.url?scp=51049117329&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=51049117329&partnerID=8YFLogxK
U2 - 10.1109/INFOCOM.2008.4544589
DO - 10.1109/INFOCOM.2008.4544589
M3 - Conference contribution
AN - SCOPUS:51049117329
SN - 9781424422197
T3 - Proceedings - IEEE INFOCOM
BT - 2008 IEEE INFOCOM Workshops
T2 - 2008 IEEE INFOCOM Workshops
Y2 - 13 April 2008 through 18 April 2008
ER -