TY - GEN
T1 - Making DTNs robust against spoofing attacks with localized countermeasures
AU - Uddin, Md Yusuf Sarwar
AU - Khurshid, Ahmed
AU - Jung, Hee Dong
AU - Gunter, Carl
AU - Caesar, Matthew Chapman
AU - Abdelzaher, Tarek
PY - 2011
Y1 - 2011
N2 - In this paper, we propose countermeasures to mitigate damage caused by spoofing attacks in Delay-Tolerant Networks (DTNs). In our model, an attacker spoofs someone else's address (the victim's) to absorb packets from the network intended for that victim. Address spoofing is arguably a very severe attack in DTNs, compared to other known attacks, such as dropping packets. Without a Public Key Infrastructure in DTNs, providing protection against this attack is challenging. We propose SPREAD (countermeasure against SPoofing by REplica ADjustment), a solution that assesses evidence of spoofing and offers countermeasures designed for quota-based multi-copy routing protocols. Our solution relies on reducing the weight of packet copies, charged to the routing quota, when these packets are given to a node suspected of spoofing. The weight reduction increases as spoofing evidence mounts against a node. The approach is designed to probabilistically maintain the same number of packet copies in the network as would be the case in the absence of attacks, despite the actual occurrence of spoofing. We show that SPREAD makes DTNs robust against spoofing attacks, does not overburden the network, and limits the overall overhead within a certain bound.
AB - In this paper, we propose countermeasures to mitigate damage caused by spoofing attacks in Delay-Tolerant Networks (DTNs). In our model, an attacker spoofs someone else's address (the victim's) to absorb packets from the network intended for that victim. Address spoofing is arguably a very severe attack in DTNs, compared to other known attacks, such as dropping packets. Without a Public Key Infrastructure in DTNs, providing protection against this attack is challenging. We propose SPREAD (countermeasure against SPoofing by REplica ADjustment), a solution that assesses evidence of spoofing and offers countermeasures designed for quota-based multi-copy routing protocols. Our solution relies on reducing the weight of packet copies, charged to the routing quota, when these packets are given to a node suspected of spoofing. The weight reduction increases as spoofing evidence mounts against a node. The approach is designed to probabilistically maintain the same number of packet copies in the network as would be the case in the absence of attacks, despite the actual occurrence of spoofing. We show that SPREAD makes DTNs robust against spoofing attacks, does not overburden the network, and limits the overall overhead within a certain bound.
UR - http://www.scopus.com/inward/record.url?scp=80052794226&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80052794226&partnerID=8YFLogxK
U2 - 10.1109/SAHCN.2011.5984915
DO - 10.1109/SAHCN.2011.5984915
M3 - Conference contribution
AN - SCOPUS:80052794226
SN - 9781457700934
T3 - 2011 8th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON 2011
SP - 332
EP - 340
BT - 2011 8th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON 2011
T2 - 2011 8th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON 2011
Y2 - 27 June 2011 through 30 June 2011
ER -