Virtual Multipath Attack and Defense for Location Distinction in Wireless Networks

Virtual Multipath Attack and Defense for Location Distinction in Wireless Networks

Virtual Multipath Attack and Defense for Location Distinction in Wireless Networks

ABSTRACT:

In wireless networks, location distinction aims to detect location changes or facilitate authentication of wireless users. To achieve location distinction, recent research has focused on investigating the spatial uncorrelation property of wireless channels. Specifically, differences in wireless channel characteristics are used to distinguish locations or identify location changes. However, we discover a new attack against all existing location distinction approaches that are built on the spatial uncorrelation property of wireless channels. In such an attack, the adversary can easily hide her location changes or impersonate movements by injecting fake wireless channel characteristics into a target receiver. To defend against this attack, we propose a detection technique that utilizes an auxiliary receiver or antenna to identify these fake channel characteristics. We also discuss such attacks and corresponding defenses in OFDM systems. Experimental results on our USRP-based prototype show that the discovered attack can craft any desired channel characteristic with a successful probability of 95.0% to defeat spatial uncorrelation based location distinction schemes and our novel detection method achieves a detection rate higher than 91.2% while maintaining a very low false alarm rate.

EXISTING SYSTEM:

Existing location distinction approaches have been focused on exploiting the spatial uncorrelation property of wireless channels. These approaches demonstrated their success in various wireless scenarios, especially for the high-frequency systems (e.g., WiFi networks) that feature a very short electromagnetic wavelength. However, two recent studies identified a vulnerability of these approaches discovered that the wireless spatial uncorrelation property may be violated in a poor multipath environment (e.g., strong line-of-sight path).The work which made a further attempt to attack location distinction systems using channel impulse responses. The authors found that a third-party attacker may impersonate Alice to Bob by mimicking the channel impulse response of the wireless link between them, and the authors named such attacks as mimicry attacks. Although both mimicry attacks and the virtual multipath attacks are against the security measures based on the wireless channel characteristics, they differ from each other in the following aspects.

DISADVANTAGES OF EXISTING SYSTEM:

  • Conventional attack scenario is considered
  • Lack of accuracy in new attack scenario.
  • Detection of attack is more complex.

PROPOSED SYSTEM:

We propose a detection technique utilizing an auxiliary receiver (or antenna) at a different location to identify the virtual multipath channels and the fake channel characteristics. Specifically, the attacker must craft its transmitting signal to make the target receiver believe a particular channel characteristic. Our contributions are summarized as follows.

 We discover that multipath propagation can be artificially made in a lab environment, and create a technique that can successfully generate virtual multipath channels.

Based on the virtual multipath channel, we identify a new type of attack that can defeat all existing location distinction algorithms using the spatial uncorrelated property of wireless channels.

We create a defense technique to detect such attacks and protect location distinction systems. We specifically explore such attacks in OFDM systems and craft corresponding defenses according to the objective of attackers.

We implement real-world prototypes to examine the practical impact of the attacks and the effectiveness of the proposed defense method.

ADVANTAGES OF PROPOSED SYSTEM:

  • New attack scenario is introduced.
  • Detection rate is satisfactory when compared to other systems.
  • High accuracy rate on detection of attack.

SYSTEM ARCHITECTURE:

Virtual Multipath Attack and Defense for Location

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows XP/UBUNTU.
  • Implementation : NS2
  • NS2 Version : 2.28
  • Front End : OTCL (Object Oriented Tool Command  Language)
  • Tool : Cygwin (To simulate in Windows OS)

REFERENCE:

Song Fang, Yao Liu, Wenbo Shen, Haojin Zhu and Tao Wang, “Virtual Multipath Attack and Defense for Location Distinction in Wireless Networks”, IEEE Transactions on Mobile Computing, 2016.

Traffic Decorrelation Techniques for Countering a Global Eavesdropper in WSNs

Traffic Decorrelation Techniques for Countering a Global Eavesdropper in WSNs

Traffic Decorrelation Techniques for Countering a Global Eavesdropper in WSNs

ABSTRACT:

We address the problem of preventing the inference of contextual information in event-driven wireless sensor networks (WSNs). The problem is considered under a global eavesdropper who analyzes low-level RF transmission attributes, such as the number of transmitted packets, inter-packet times, and traffic directionality, to infer event location, its occurrence time, and the sink location. We devise a general traffic analysis method for inferring contextual information by correlating transmission times with eavesdropping locations. Our analysis shows that most existing countermeasures either fail to provide adequate protection, or incur high communication and delay overheads. To mitigate the impact of eavesdropping, we propose resource-efficient traffic normalization schemes. In comparison to the state-of-the-art, our methods reduce the communication overhead by more than 50%; and the end-to-end delay by more than 30%. To do so, we partition the WSN to minimum connected dominating sets that operate in a round-robin fashion. This allows us to reduce the number of traffic sources active at a given time, while providing routing paths to any node in the WSN. We further reduce packet delay by loosely coordinating packet relaying, without revealing the traffic directionality.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

  • The problem of preserving contextual information privacy has been studied under various adversarial scenarios. Threat models can be classified based on the adversary’s network view (local vs. global) or the capabilities of the eavesdropping devices (packet decoding, localization of the transmission source, etc.).
  • Under a local model, eavesdroppers are assumed to intercept only a fraction of the WSN traffic. Hiding methods include random walks, adding of pseudo-sources and pseudo-destinations, creation of routing loops, and flooding.
  • These methods can only provide probabilistic obfuscation guarantees, because eavesdroppers locations are unknown. Under a global model, all communications within the WSN are assumed to be intercepted and collectively analyzed.

DISADVANTAGES OF EXISTING SYSTEM:

  • First, eavesdroppers are passive devices that are hard to detect.
  • Second, the availability of low-cost commodity radio hardware makes it inexpensive to deploy a large number of eavesdroppers.
  • Third, even if encryption is applied to conceal the packet payload, some fields in the packet headers still need to be transmitted in the clear for correct protocol operation (e.g., PHY-layer headers used for frame detection, synchronization, etc.). These unencrypted fields facilitate accurate estimation of transmission attributes.
  • High communication overhead and increased end-to-end delay for reporting events.

PROPOSED SYSTEM:

  • We study the problem of resource efficient traffic randomization for hiding contextual information in event-driven WSNs, under a global adversary.
  • Our main contributions are summarized as follows:
  • We present a general traffic analysis method for inferring contextual information that is used as a baseline for comparing methods with varying assumptions.
  • Our method relies on minimal information, namely packet transmission time and eavesdropping location.
  • We propose traffic normalization methods that hide the event location, its occurrence time, and the sink location from global eavesdroppers.
  • Compared to existing approaches, our methods reduce the communication and delay overheads by limiting the injected bogus traffic. This is achieved by constructing minimum connected dominating sets (MCDSs) and MCDSs with shortest paths to the sink (SSMCDSs).
  • We characterize the algorithmic complexity for building SS-MCDSs and develop efficient heuristics.
  • To reduce the forwarding delay, we design a rate control scheme that loosely coordinates sensor transmissions over multi-hop paths without revealing real traffic patterns or the traffic directionality.

ADVANTAGES OF PROPOSED SYSTEM:

  • The proposed system reduces the communication and delay overheads by limiting the injected bogus traffic.
  • The proposed system reduces the forwarding delay
  • We compare privacy and overhead of our techniques to prior art and show the savings achieved.

SYSTEM ARCHITECTURE:

Traffic Decorrelation Techniques for Countering

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS:

 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows XP/UBUNTU.
  • Implementation : NS2
  • NS2 Version : 2.28
  • Front End : OTCL (Object Oriented Tool Command  Language)
  • Tool : Cygwin (To simulate in Windows OS)

REFERENCE:

Alejandro Proa˜no, Loukas Lazos, and Marwan Krunz, “Traffic Decorrelation Techniques for Countering a Global Eavesdropper in WSNs”, IEEE TRANSACTIONS ON MOBILE COMPUTING 2016

Towards Distributed Optimal Movement Strategy for Data Gathering in Wireless Sensor Networks

Towards Distributed Optimal Movement Strategy for Data Gathering in Wireless Sensor Networks

Towards Distributed Optimal Movement Strategy for Data Gathering in Wireless Sensor Networks

ABSTRACT:

In this paper, we address how to design a distributed movement strategy for mobile collectors, which can be either physical mobile agents or query/collector packets periodically launched by the sink, to achieve successful data gathering in wireless sensor networks. Formulating the problem as general random walks on a graph composed of sensor nodes, we analyze how much data can be successfully gathered in time under any Markovian random-walk movement strategies for mobile collectors moving over a graph (or network), while each sensor node is equipped with limited buffer space and data arrival rates are heterogeneous over different sensor nodes. In particular, from the analysis, we obtain the optimal movement strategy among a class of Markovian strategies so as to minimize the data loss rate over all sensor nodes, and explain how such an optimal movement strategy can be made to work in a distributed fashion. We demonstrate that our distributed optimal movement strategy can lead to about two times smaller loss rate than a standard random walk strategy under diverse scenarios. In particular, our strategy results in up to 70 percent cost savings for the deployment of multiple collectors to achieve the target data loss rate than the standard random walk strategy.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

  • As to the random walk-based routing for data gathering, the existing research studies have mainly focused on the performance of the following metrics: delay—the time for a random walk (a data or query packet) to reach its destination (a sink node or a sensor having certain information of interest), and cover time or its partial cover time—the time for the random walk until to visit all or partial set of sensors. These metrics are suitable for one shot information delivery or search/query.
  • Also, the random walk-based data gathering is typically for delay-insensitive applications in which the collected data is mainly used for post-processing or other research studies later. It is thus more important to measure how much data can be collected before it is lost due to limited buffer space, when the sink periodically generates query packets or collector packets moving over the network in a random walk fashion to gather measured data or its aggregated/compressed version from sensor nodes.

DISADVANTAGES OF EXISTING SYSTEM:

  • Improper way of data gathering using random walk.
  • Some collected data are lost due to its restricted buffer space.
  • High consumed battery power when mobile agents are utilized.
  • High examination over global network information like sensor distance, location information etc.

PROPOSED SYSTEM:

  • We develop an analytical framework to evaluate the network loss probability under any Markovian random walk strategy.
  • From the framework, we obtain the distributed optimal movement strategy for mobile collectors requiring only local information so as to minimize the network loss probability, which is essentially to come to each sensor i with long term visit frequency (stationary distribution) pi where pi is the data arrival rate to sensor i and B is the buffer size at sensors. Here the distributed implementation is made possible via the famous Metropolis Hastings (MH) algorithm.
  • We then demonstrate that our distributed optimal movement strategy leads to remarkable performance improvement over the standard random walk strategy under various settings of network topology, buffer size, and the number of deployed mobile agents, in addition to diverse data arrival scenarios in the sensor field.

ADVANTAGES OF PROPOSED SYSTEM:

  • Random walk is performed without use of global information.
  • Our strategy reduces the network loss probability by about 50 percent, while at the same time becoming more cost-effective in term of the required buffer size or the required number of mobile collectors to achieve a target loss probability under various scenarios.
  • The amount of reduction in the network loss probability that we achieve from our distributed optimal movement strategy (in comparison with the standard random walk strategy) also becomes larger for the increased number of nodes.

SYSTEM ARCHITECTURE:

Towards Distributed Optimal Movement Strategy

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows XP/UBUNTU.
  • Implementation : NS2
  • NS2 Version : 2.28
  • Front End : OTCL (Object Oriented Tool Command  Language)
  • Tool : Cygwin (To simulate in Windows OS)

REFERENCE:

Chul-Ho Lee, Jaewook Kwak, and Do Young Eun, “Towards Distributed Optimal Movement Strategy for Data Gathering in Wireless Sensor Networks”, IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 27, NO. 2, FEBRUARY 2016.

Top-k Query Processing and Malicious Node Identification Based on Node Grouping in MANETs

Top-k Query Processing and Malicious Node Identification Based on Node Grouping in MANETs

ABSTRACT:

In mobile ad hoc networks (MANETs), it is effective to retrieve data items using top-k query. However, accurate results may not be acquired in environments when malicious nodes are present. In this paper, we assume that malicious nodes attempt to replace necessary data items with unnecessary ones (we call these data replacement attacks), and propose methods for top-k query processing and malicious node identification based on node grouping in MANETs. In order to maintain the accuracy of the query result, nodes reply with k data items with the highest score along multiple routes, and the query-issuing node tries to detect attacks from the information attached to the reply messages. After detecting attacks, the query-issuing node tries to identify the malicious nodes through message exchanges with other nodes. When multiple malicious nodes are present, the query-issuing node may not be able to identify all malicious nodes at a single query. It is effective for a node to share information about the identified malicious nodes with other nodes. In our method, each node divides all nodes into groups by using the similarity of the information about the identified malicious nodes. Then, it identifies malicious nodes based on the information on the groups. We conduct simulation experiments by using a network simulator, QualNet5.2, to verify that our method achieves high accuracy of the query result and identifies malicious nodes.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

  • Existing System such as secure top-k query processing methods in the environment where there are some malicious nodes in a network, the authors have proposed a method in which each sensor node sends each data item attached both the hash value of one priority data item and that of one superior data item. After the source node received the top-k result, it ensures the safety of the received data items to check whether the received hash values correspond with hash values calculated by the received data items. In these methods, the sender node protects against fabrication of data items by sending data items encrypting with a symmetric key. However, these methods cannot handle DRAs.
  • Especially, the authors have proposed a method against false data injection attacks, where malicious nodes generate new and false data items (i.e., other nodes’ data items or data items whose score are not same as the score calculated from raw data items and query conditions) and send back them. However, we assume that raw data items are generated from some special devices and software’s such as medical sensors, which can be read but cannot be modified even by the owner nodes.

PROPOSED SYSTEM:

  • We describe a new attack model, DRA, in which a malicious node replaces necessary data items with unnecessary ones, and we analyze the effects of such an attack on top-k query processing when there are multiple malicious nodes in the networks.
  • We propose methods for processing top-k queries and for identifying malicious nodes against a DRA in MANETs.
  • We describe an attack model, FNA, in which a malicious node sends fake information that claims some normal nodes as malicious nodes, and we evaluate the effects of such an attack.
  • We verify that our proposed methods can achieve high accuracy of the query result and identify malicious nodes, through extensive simulations that take into account physical layer effects in the networks.

ADVANTAGES OF PROPOSED SYSTEM:

  • Accurate malicious node detection
  • High accuracy of query result

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows XP/UBUNTU.
  • Implementation : NS2
  • NS2 Version : 2.28
  • Front End : OTCL (Object Oriented Tool Command  Language)
  • Tool : Cygwin (To simulate in Windows OS)

REFERENCE:

TAKUJI TSUDA, YUKA KOMAI, TAKAHIRO HARA, (Senior Member, IEEE), AND SHOJIRO NISHIO, (Fellow, IEEE), “Top-k Query Processing and Malicious Node Identification Based on Node Grouping in MANETs”, IEEE ACCESS, 2016.

Thwarting Selfish Behavior in 802.11 WLANs

Thwarting Selfish Behavior in 802.11 WLANs

Thwarting Selfish Behavior in 802.11 WLANs

ABSTRACT:

The 802.11e standard enables user configuration of several MAC parameters, making WLANs vulnerable to users that selfishly configure these parameters to gain throughput. In this paper, we propose a novel distributed algorithm to thwart such selfish behavior. The key idea of the algorithm is for stations to react, upon detecting a misbehavior, by using a more aggressive configuration that penalizes the misbehaving station. We show that the proposed algorithm guarantees global stability while providing good response times. By conducting an analysis of the effectiveness of the algorithm against selfish behaviors, we also show that a misbehaving station cannot obtain any gain by deviating from the algorithm. Simulation results confirm that the proposed algorithm optimizes throughput performance while discouraging selfish behavior. We also present an experimental prototype of the proposed algorithm demonstrating that it can be implemented on commodity hardware.

EXISTING SYSTEM:

  • The Existing approach is based on selective jamming: If a station detects that another station is misbehaving, there-after it listens to its transmitted packets and switches to trans-mission mode, jamming enough bits so that the packets cannot be properly recovered at the receiver. While the use of jamming punishes misbehaving stations, it has the major drawback of relying on functionality not available in current wireless devices.
  • Indeed, due to the accurate timing required, the implementation of such a mechanism would need to be performed at the hard-ware level and entails substantial complexity.
  • The other existing method does not suffer from the above drawback, but addresses only two types of misbehaving stations: the so-called selfish stations, and So-called greedy stations, While the scheme proposed is effective when dealing with these two particular con-figurations, other CW configurations that may greatly benefit a misbehaving station are neither detected nor punished by this mechanism .Additionally, the algorithm of is based on heuristics that do Not guarantee quick convergence, and that this approach may suffer from convergence issues.

DISADVANTAGES OF EXISTING SYSTEM:

  • It Suffer from convergence issues
  • It is more complex
  • Vulnerable to attacks

PROPOSED SYSTEM:

  • We propose a novel distributed algorithm that penalizes misbehaving stations by making use of a more aggressive configuration of the 802.11e parameters upon detecting misbehavior.
  • We conduct a stability analysis of the algorithm to show that when all stations implement our algorithm, the WLAN convergences to the optimal point of operation.
  • We conduct an analysis of the effectiveness of the algorithm against selfish behavior that shows that a station cannot increase its throughput by deviating from the algorithm.
  • We extensively evaluate the performance of the proposed algorithm via simulation under a wide variety of conditions that confirm its good properties.
  • We show the feasibility of implementing the algorithm by deploying a prototype and evaluating it in a small experimental testbed.

ADVANTAGES OF PROPOSED SYSTEM:

  • It provides quick convergence
  • It is simple
  • The System is guarded

SYSTEM ARCHITECTURE:

Thwarting Selfish Behavior in 802.11 WLANs

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows XP/UBUNTU.
  • Implementation : NS2
  • NS2 Version : 2.28
  • Front End : OTCL (Object Oriented Tool Command  Language)
  • Tool : Cygwin (To simulate in Windows OS)

REFERENCE:

Albert Banchs, SeniorMember, IEEE, Jorge Ortin, Andres Garcia-Saavedra, Douglas J. Leith, SeniorMember, IEEE, and Pablo Serrano, Member, IEEE , “Thwarting Selfish Behavior in 802.11 WLANs”, IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 24, NO. 1, FEBRUARY 2016.

TCP-Aware Backpressure Routing and Scheduling

TCP-Aware Backpressure Routing and Scheduling

TCP-Aware Backpressure Routing and Scheduling

ABSTRACT:

In this work, we explore the performance of backpressure routing and scheduling for TCP flows over wireless networks. TCP and backpressure are not compatible due to a mismatch between the congestion control mechanism of TCP and the queue size based routing and scheduling of the backpressure framework. We propose a TCP-aware backpressure routing and scheduling mechanism that takes into account the behavior of TCP flows. TCP-aware backpressure provides throughput optimality guarantees in the Lyapunov optimization framework, and gracefully combines TCP and backpressure without making any changes to the TCP protocol. The simulation results show that TCP-aware backpressure (i) improves the throughput of TCP flows significantly, (ii) provides fairness across competing TCP flows, and (iii) accommodates both TCP and non-TCP flows in a wireless network, and improves throughput of these flows without hurting fairness.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

Maximum weight matching (MWM) is a switch scheduling algorithm and has similar properties as the max-weight scheduling algorithm and backpressure. Similar to the backpressure, there is incompatibility between TCP and MWM. Yet, we consider backpressure routing and scheduling over wireless networks rather than switch scheduling, and we take a holistic approach to address this problem; i.e., we propose TCP-aware backpressure to make TCP and backpressure compatible. The delay-based routing and scheduling algorithms can be also be utilized with TCP flows. However, the delay-based solutions have two disadvantages in this setup. First, providing performance guarantees for delay-based algorithms are quite involved and is an open problem for general networks. Furthermore, they require clock synchronization, which is quite difficult in practice. As compared to this line of work, we propose TCP-aware backpressure with provable performance guarantees. Also, since TCP-aware backpressure does not introduce complications such as clock synchronization, or updating TCP, it is very suitable for practical deployment

DISADVANTAGES OF EXISTING SYSTEM:

  • Less throughput of the network.
  • More packet losses in the network.
  • Consume more end-to-end delay.

PROPOSED SYSTEM:

We identify the mismatch between TCP and the backpres-sure framework; i.e., their joint behavior is so detrimental that some flows may never get a chance to transmit. In order to address the mismatch between TCP and backpressure, we develop “TCP-aware backpressure routing and scheduling”.

We show that (i) TCP-aware backpressure routing and scheduling stabilizes queues for any feasible traffic as the classical backpressure, (ii) TCP-aware back-pressure routing and scheduling provides the same utility-optimal operation guarantee when combined with a flow control algorithm as the classical backpressure .

We provide implementation details and explain how to tune TCP-aware backpressure so that it complies with TCP. Moreover, we combine network coding and TCP-aware backpressure to address the additional challenges such as out of order delivery, packet loss, and jitter. Thanks to employing network coding, which makes TCP flows sequence agnostic (with respect to packet IDs), TCP-aware backpressure fully complies with TCP.

We develop a TCP-friendly flow control mechanism, which when combined with TCP-aware backpressure, accommodates both TCP and non-TCP flows in a wireless network. In this setup, TCP-aware backpressure improves throughput of both TCP and non-TCP flows and provides fairness across competing flows.

We evaluate our schemes in a multi-hop setting, using ns-2. The simulation results (i) confirm the mismatch ofTCP and backpressure, (ii) show that TCP-aware back-pressure is compatible with TCP, and significantly im-proves throughput as compared to existing adaptive routing schemes, (iii) demonstrate that TCP-aware backpressure provides fairness across competing TCP flows, (iv) show that both TCP and non-TCP flows can be accommodated in wireless network with TCP-aware backpressure, and throughput is improved without hurting fairness.

ADVANTAGES OF PROPOSED SYSTEM:

  • Improve throughput of the network.
  • Decrease packet losses in the network.
  • Less end-to-end delay.

SYSTEM ARCHITECTURE:

TCP-Aware Backpressure Routing and Scheduling

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows XP/UBUNTU.
  • Implementation : NS2
  • NS2 Version : 2.28
  • Front End : OTCL (Object Oriented Tool Command  Language)
  • Tool : Cygwin (To simulate in Windows OS)

REFERENCE:

Hulya Seferoglu, Member, IEEE, Eytan Modiano, Fellow, IEEE, “TCP-Aware Backpressure Routing and Scheduling”, IEEE Transactions on Mobile Computing, 2016.

Security Analysis and Improvements on Two Homomorphic Authentication Schemes for Network Coding

Security Analysis and Improvements on Two Homomorphic Authentication Schemes for Network Coding

Security Analysis and Improvements on Two Homomorphic Authentication Schemes for Network Coding

ABSTRACT:

Recently, based on the homomorphic signatures, the authentication schemes, such as homomorphic subspace signature (HSS) and key predistribution-based tag encoding (KEPTE), have been proposed to resist against pollution attacks in network coding. In this paper, we show that there exists an efficient multigeneration pollution attack on HSS and KEPTE. In particular, we show that using packets and their signatures of different generations, the adversary can create invalid packets and their corresponding signatures that pass the verification of HSS and KEPTE at intermediate the nodes as well as at the destination nodes. After giving a more generic attack, we analyze the cause of the proposed attack. We then propose the improved key distribution schemes for HSS and KEPTE, respectively. Next, we show that the proposed key distribution schemes can combat against the proposed multi-generation pollution attacks. Finally, we analyze the computation and communication costs of the proposed key distribution schemes for HSS and KEPTE, and by implementing experiments, we demonstrate that the proposed schemes add acceptable burden on the system.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

  • Existing hybrid authentication schemes which combine the techniques of homomorphic signature and homomorphic MAC have been proposed. The work provides a public-key based homomorphic subspace signature (HSS) scheme that is combined with a symmetric-key based homomorphic MAC scheme to provide authentication for network coding based communication.
  • Another hybrid scheme called the key predistribution-based tag encoding (KEPTE) has been given,in which the intermediate and destination nodes use pre-distributed secrets to detect and filter the corrupted packets by verifying the validity of signatures appended with the received packets. A nice feature of KEPTE is that random linear network coding can be operated on a relatively small finite field Fq,
  • However, in both existing system only single generation pollution attacks are considered in their security analysis. Although the possibility of multi-generation pollution attacks has been mentioned, concrete details were not given, nor the success probability analyzed.

DISADVANTAGES OF EXISTING SYSTEM:

  • It suffers on high Computational & Communication Cost.
  • The problem of third-party information exchange presents a special case of the general problem of cooperative data exchange.

PROPOSED SYSTEM:

  • In this proposed system, we show that there exists an efficient multi-generation pollution attack on HSS and KEPTE. Specifically, we show that an adversary can use packets and their corresponding signatures of different generations to generate invalid packets and signatures that can pass the verification of HSS and KEPTE at intermediate nodes as well as at the destination nodes.
  • Although candidate approaches to resist against the possible repetitive attacks were proposed, we further show that the proposed approaches are not secure by launching a similar attack on them. After giving a more general attack, we analyze the cause of the proposed attack. Since for HSS and KEPTE, it is not a good choice to frequently update the public keys, we propose improved key distribution schemes for HSS and KEPTE, respectively.
  • Next, we show that the proposed key distribution schemes can combat against the proposed multi-generation pollution attacks by mitigating the homomorphic property which holds for messages belonging to two different generations. We also analyze the computation and communication costs of the proposed key distribution schemes for HSS and KEPTE.

ADVANTAGES OF PROPOSED SYSTEM:

  • It Decrease Computational & Communication Cost
  • To combat against the proposed multi-generation pollution attack, first of all the messages in each generation should be associated with an identifier id, which can help the honest nodes especially the receivers distinguish packets belong to different generations.
  • The proposed key distribution schemes could mitigate the homomorphic property which holds for messages belonging to two different generations, and thus resist against the proposed multi-generation pollution attack.

SYSTEM ARCHITECTURE:

Security Analysis and Improvements on Two Homomorphic

MODULES:

  • Network Model
  • Attack on HSS & KEPTE scheme
  • Improved Key Distribution Scheme for HSS
  • Performance Analysis

MODULES DESCSRIPTION:

Network Model

  • We first show the basic idea of network coding. We can see that there is a source node S that wants to send messages to destination nodes R1 and R2, respectively. We assume that all the links have capacity 1, which means in each time unit, the intermediate node can only send one packet.
  • We focus on the network coding based communications, in which a source node S wants to send a file F to a number of receivers, and random linear network coding is employed during the transmission.
  • As operated in practical network coding, the source node S divides the file F into subfiles or generations. We assume that each generation consists of m messages and only the messages that come from the same generation will be encoded.
  • The last m bits of each ui (1 ≤ i m) store the coding coefficients in the random linear network coding operation, which are called the global coding coefficients. During the data transmission, all the intermediate nodes perform random linear network coding. As the messages are propagated through the network, an intermediate node, which receives messages y1, y2, . . . , yd from its d incoming communication links, creates an outgoing message

Attack on HSS & KEPTE scheme

  • There are adversaries in the network coding based communication, which may try to attack the system by eavesdropping all the network traffic or launching pollution attacks. In pollution attacks, the attackers insert invalid packets into the network.
  • In this module, we propose attacks on HSS scheme and KEPTE scheme, respectively. For the case that the legal packets of previous generations are used to generate invalid packets for the following generations in HSS, the possible repetitive attacks like the multi-generation pollution attacks.
  • A hybrid scheme KEPTE was proposed to detect and filter the corrupted packets at the intermediate nodes as well as the destination nodes. In KEPTE, there is a key distribution center (KDC), which is always trusted by all the nodes in the network.

Improved Key Distribution Scheme for HSS

  • To provide authentication for the transmitted, the source node S can also sign with a conventional signature scheme such as RSA. Due to the fact that different secret vectors are used for messages belonging to different generations in the proposed key distribution scheme for HSS, the homomorphic property does not hold for messages belonging to different generations.
  • Therefore, the proposed key distribution scheme could resist against the proposed multi-generation pollution attack.
  • Prior to data transmission in the generation with identification idi , the proposed key distribution scheme is able to distribute s1, . . . , sl to the source node S, and send zN and xN to the intermediate node N in a secure way.

Performance Analysis

  • In this module, we give a comprehensive efficiency analysis of the improved HSS scheme and improved KEPTE scheme, respectively.
  • First of all, we analyze the computation and communication costs needed in the improved HSS scheme. During the data transmission in every generation, the communication cost is generally measured by number of bits required to communicate, and hence it includes the bits of message, its corresponding homomorphic signature and its corresponding conventional signature.
  • The computation cost of the improved HSS scheme can be analyzed in two parts: 1) the computation cost at the source node S, and 2) that at intermediate nodes.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS:

 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows XP/UBUNTU.
  • Implementation : NS2
  • NS2 Version : 2.28
  • Front End : OTCL (Object Oriented Tool Command  Language)
  • Tool : Cygwin (To simulate in Windows OS)

REFERENCE:

Chi Cheng, Member, IEEE, Jemin Lee, Member, IEEE, Tao Jiang, Senior Member, IEEE, and Tsuyoshi Takagi, “Security Analysis and Improvements on Two Homomorphic Authentication Schemes for Network Coding”, IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 5, MAY 2016.

Secure Transmission Against Pilot Spoofing Attack: A Two-Way Training-Based Scheme

Secure Transmission Against Pilot Spoofing Attack: A Two-Way Training-Based Scheme

Secure Transmission Against Pilot Spoofing Attack: A Two-Way Training-Based Scheme

ABSTRACT:

The pilot spoofing attack is one kind of active eavesdropping activities conducted by a malicious user during the channel training phase. By transmitting the identical pilot (training) signals as those of the legal users, such an attack is able to manipulate the channel estimation outcome, which may result in a larger channel rate for the adversary but a smaller channel rate for the legitimate receiver. With the intention of detecting the pilot spoofing attack and minimizing its damages, we design a two-way training-based scheme. The effective detector exploits the intrusive component created by the adversary, followed by a secure beamforming-assisted data transmission. In addition to the solid detection performance, this scheme is also capable of obtaining the estimations of both legitimate and illegitimate channels, which allows the users to achieve secure communication in the presence of pilot spoofing attack. The detection probability is evaluated based on the derived test threshold at a given requirement on the probability of false alarming. The achievable secrecy rate is utilized to measure the security level of the data transmission. Our analysis shows that even without any pre-assumed knowledge of eavesdropper, the proposed scheme is still able to achieve the maximal secrecy rate in certain cases. Numerical results are provided to show that our scheme could achieve a high detection probability as well as secure transmission.

EXISTING SYSTEM:

  • In Existing Method, the authors arose this attack problem from the pilot contamination scenario and mainly analyzed its damages. The two new channel estimation schemes were proposed with fundamentally modified pilot signal design and estimation process, the former suggested to transmit two random phase-shift keying (PSK) symbols as the pilot signal and tried to detect the pilot spoofing attack based on the phase difference of those two symbols; the latter proposed a new discriminatory channel estimation method and claimed to be secure from the pilot spoofing (contamination) attack by randomly choosing the newly designed stochastic pilot signals.
  • With the intention of incurring as less modifications as possible to the current pilot-assisted channel estimation process, the energy ratio detector (ERD) was proposed by exploiting the power unbalance between the transmitter side and the receiver side when they are under attack. Although the ERD provides good detection performance, it did not propose explicit backup plans to recover the secure data transmission.

DISADVANTAGES OF EXISTING SYSTEM:

  • Doesn’t achieve high detection probability of adversaries.
  • Lack of data confidentiality

PROPOSED SYSTEM:

  • We design a two-way training-based scheme which needs no drastic modification to current transmission structure. For example, in the LTE-TDD system, the uplink pilot time slot (UpPTS) and downlink pilot time slot (DwPTS) are already implemented.
  • The TWTD could achieve even higher detection probability than that of the ERD. Similar to the ERD, the threshold derived for the TWTD is also not dependent on the instantaneous channel conditions, which suggests such threshold could be used among different time frames.
  • Unlike the ERD, our scheme is able to estimate both channels, switch to secure beamforming almost immediately and finally achieve positive secrecy rate within the same time frame.
  • Even without any prior information about Eve, our scheme is able to obtain the maximal secrecy rate in some cases, e.g., the adversary utilizes relatively large power.

ADVANTAGES OF PROPOSED SYSTEM:

  • Achieve a high detection probability of adversaries
  • Provide data confidentiality

SYSTEM ARCHITECTURE:

Secure Transmission Against Pilot Spoofing Attack

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows XP/UBUNTU.
  • Implementation : NS2
  • NS2 Version : 2.28
  • Front End : OTCL (Object Oriented Tool Command  Language)
  • Tool : Cygwin (To simulate in Windows OS)

REFERENCE:

Qi Xiong, Student Member, IEEE, Ying-Chang Liang, Fellow, IEEE, Kwok Hung Li, Senior Member, IEEE, Yi Gong, Senior Member, IEEE, and Shiying Han, Member, IEEE, “Secure Transmission Against Pilot Spoofing Attack: A Two-Way Training-Based Scheme”, IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 5, MAY 2016.

Secure and Robust Multi-Constrained QoS Aware Routing Algorithm for VANETs

Secure and Robust Multi-Constrained QoS Aware Routing Algorithm for VANETs

Secure and Robust Multi-Constrained QoS Aware Routing Algorithm for VANETs

ABSTRACT:

Secure QoS routing algorithms are a fundamental part of wireless networks that aim to provide services with QoS and security guarantees. In vehicular ad hoc networks (VANETs), vehicles perform routing functions, and at the same time act as end-systems thus routing control messages are transmitted unprotected over wireless channels. The QoS of the entire network could be degraded by an attack on the routing process, and manipulation of the routing control messages. In this paper, we propose a novel secure and reliable multi-constrained QoS aware routing algorithm for VANETs. We employ the ant colony optimisation (ACO) technique to compute feasible routes in VANETs subject to multiple QoS constraints determined by the data traffic type. Moreover, we extend the VANET-oriented evolving graph (VoEG) model to perform plausibility checks on the routing control messages exchanged among vehicles. Simulation results show that the QoS can be guaranteed while applying security mechanisms to ensure a reliable and robust routing service.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

  • Existing two distinct approaches adopted to solve MC(O)P problems, exact QoS routing algorithms and approximation routing algorithms. In the exact solutions, different strategies have been followed such as nonlinear definition of the path length , look-ahead feature , and k shortest paths .
  • Unfortunately, these strategies are not suitable for application in highly dynamic networks like VANETs. For instance, the look-ahead strategy proposes computing the shortest path tree rooted at the destination to each node in the network for each of them link weights separately where mis the number of QoS constraints. This proposal means that Dijkstra’s algorithm should be executed m times. This strategy is not suitable for application in VANETs because it adds extra time complexity to the routing algorithm that is expected to establish routes for real time applications.

DISADVANTAGES OF EXISTING SYSTEM:

  • High security overhead
  • Vulnerable to various attack
  • It is more complex

PROPOSED SYSTEM:

  • We propose a novel secure ACO-based MCQ aware (S-AMCQ) routing algorithm for VANETs. S-AMCQ aims to identify feasible routes between two vehicles subject to multiple QoS constraints, and provide a reliable and robust routing service.
  • The novelty of S-AMCQ lies in the unique design of its ACO-based algorithm components that considers the topological properties of VANETs including variable communication link quality and frequent link breakages. More specifically, the rules of S-AMCQ routing algorithm consider the reliability of communication links among vehicles as the most important factor while searching for a desired route. Focusing on the fundamental problem of developing a secure and robust MCQ routing algorithm, the paper makes two major contributions.
  • Firstly, we develop S-AMCQ routing algorithm that adapts to the characteristics of the vehicular network’s topology and computes the optimal route, if such a route exists. Secondly, we utilise the evolving graph theory and extend the VANET-oriented evolving graph (VoEG) model that captures the evolving characteristics of the vehicular network topology. The extended VoEG (E-VoEG) model represents the vehicular network’s current status, and helps to ensure consistency of the authenticated received routing control messages in S-AMCQ, i.e., it mitigates suspicious behaviour or attacks that could be mounted by compromised vehicles if any exist. This is accomplished via plausibility checks that are developed specifically for S-AMCQ routing algorithm.
  • To further illustrate the effectiveness of the proposed S-AMCQ routing algorithm, we perform simulation experiments that introduce the security information overhead into the routing process. Simulation results demonstrate that S-AMCQ can guarantee significant performance in terms of QoS guarantees and reliable routing service while applying security mechanisms.

ADVANTAGES OF PROPOSED SYSTEM:

  • Increase packet delivery ratio
  • Decrease security overhead
  • Decrease security vulnerabilities

SYSTEM ARCHITECTURE:

Secure and Robust Multi-Constrained QoS Aware Routing

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows XP/UBUNTU.
  • Implementation : NS2
  • NS2 Version : 2.28
  • Front End : OTCL (Object Oriented Tool Command  Language)
  • Tool : Cygwin (To simulate in Windows OS)

REFERENCE:

Mahmoud Hashem Eiza, Thomas Owens, and Qiang Ni, Senior Member, IEEE, “Secure and Robust Multi-Constrained QoS Aware Routing Algorithm for VANETs”, IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 13, NO. 1, JANUARY/FEBRUARY 2016.

SCRP: Stable CDS-Based Routing Protocol for Urban Vehicular Ad Hoc Networks

SCRP: Stable CDS-Based Routing Protocol for Urban Vehicular Ad Hoc Networks

SCRP: Stable CDS-Based Routing Protocol for Urban Vehicular Ad Hoc Networks

ABSTRACT:

This paper addresses the issue of selecting routing paths with minimum end-to-end delay (E2ED) for nonsafety applications in urban vehicular ad hoc networks (VANETs). Most existing schemes aim at reducing E2ED via greedy-based techniques (i.e., shortest path, connectivity, or number of hops), which make them prone to the local maximum problem and to data congestion, leading to higher E2ED. As a solution, we propose SCRP, which is a distributed routing protocol that computes E2ED for the entire routing path before sending data messages. To do so, SCRP builds stable backbones on road segments and connects them at intersections via bridge nodes. These nodes assign weights to road segments based on the collected information of delay and connectivity. Routes with the lowest aggregated weights are selected to forward data packets. Simulation results show that SCRP outperforms some of the well-known protocols in literature.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

  • Almost all of them are greedy-based, i.e., a routing decision is to be made whenever an intersection is reached.
  • This decision hinges on the routing metric used.
  • For example, GPSR, GSR, and GPCR select the shortest distance path between source and destination, while GyTAR, A-STAR, RBVT, and IGRP forward packets through well connected road segments.

DISADVANTAGES OF EXISTING SYSTEM:

  • These protocols and several others suffer two main issues: the local maximum problem and data congestion.
  • The former occurs when no other connected road segment is closer to the destination than the current one; in this case, carry-and-forward is deployed, incurring longer delivery delay.
  • The latter arises when the same routing path is used by different source-destination pairs, leading to longer queuing delay at intermediate nodes; this escalates further the total delivery delay.
  • GPSR is not suited for urban settings as it endures routing loops due to the presence of intersections.
  • Most of the aforementioned protocols are exposed to the local maximum problem since they only acquire local network topology.

PROPOSED SYSTEM:

  • To overcome Existing limitations, we propose Stable CDS-based Routing Protocol (SCRP). It is a distributed geographic source routing scheme that takes advantage of the global network topology to select routing paths with low E2ED.
  • To achieve this goal, SCRP builds stable backbones over road segments by considering vehicles’ speed and spatial distribution. These backbones are connected at intersections via bridge nodes that keep an up-to-date network topology and monitor the delay to incur for transmitting data packets over road segments.
  • Based on this information, SCRP assigns weights to road segments; the ones with the lowest weights are selected to construct routing paths. This way, SCRP avoids the local maximum problem and balances data traffic over all possible routing paths.

ADVANTAGES OF PROPOSED SYSTEM:

  • Exploiting the global network topology forged by the establishment of stable backbones at road segments and the collection of connectivity and delay information via bridge nodes.
  • Identifying various routing paths between source and destination to be used for load balancing, reducing therefore E2ED.

SYSTEM ARCHITECTURE:

SCRP Stable CDS-Based Routing Protocol

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 gb

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows XP/UBUNTU.
  • Implementation : NS2
  • NS2 Version : 2.28
  • Front End : OTCL (Object Oriented Tool Command  Language)
  • Tool : Cygwin (To simulate in Windows OS)

REFERENCE:

Mohammed Amine Togou, Abdelhakim Hafid, and Lyes Khoukhi, “SCRP: Stable CDS-Based Routing Protocol for Urban Vehicular Ad Hoc Networks”, IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 17, NO. 5, MAY 2016.