In an ad hoc network, mobile computers (or nodes) cooperate to forward packets for each other, allowing nodes to communicate beyond their direct wireless transmission range. Many proposed routing protocols for ad hoc networks operate in an on-demand fashion, as on-demand routing protocols have been shown to often have lower overhead and faster reaction time than other types of routing based on periodic (proactive) mechanisms. Significant attention recently has been devoted to developing secure routing protocols for ad hoc networks, including a number of secure ondemand routing protocols, that defend against a variety of possible attacks on network routing. In this paper, we present the rushing attack, a new attack that results in denial-of-service when used against all previous on-demand ad hoc network routing protocols. For example, DSR, AODV, and secure protocols based on them, such as Ariadne, ARAN, and SAODV, are unable to discover routes longer than two hops when subject to this attack. This attack is also particularly damaging because it can be performed by a relatively weak attacker. We analyze why previous protocols fail under this attack. We then develop Rushing Attack Prevention (RAP),a generic defense against the rushing attack for on-demand protocols. RAP incurs no cost unless the underlying protocol fails to find a working route, and it provides provable security properties even against the strongest rushing attackers.

Sharing data between widely distributed intrusion detection systems offers the possibility of significant improvements in speed and accuracy over isolated systems. In this paper, we describe and evaluate DOMINO (Distributed Overlay for Monitoring InterNet Outbreaks); an architecture for a distributed intrusion detection system that fosters collaboration among heterogeneous nodes organized as an overlay network. The overlay design enables DOMINO to be heterogeneous, scalable, and robust to attacks and failures. An important component of DOMINO’s design is the use of active sink nodes which respond to and measure connections to unused IP addresses. This enables efficient detection of attacks from spoofed IP sources, reduces false positives, enables attack classification and production of timely blacklists. We evaluate the capabilities and performance of DOMINO using a large set of intrusion logs collected from over 1600 providers across the Internet. Our analysis demonstrates the significant marginal benefit obtained from distributed intrusion data sources coordinated through a system like DOMINO. We also evaluate how to configure DOMINO in order to maximize performance gains from the perspectives of blacklist length, blacklist freshness and IP proximity. We perform a retrospective analysis on the 2002 SQL-Snake and 2003 SQL-Slammer epidemics that highlights how information exchange through DOMINO would have reduced the reaction time and false-alarm rates during outbreaks. Finally, we provide preliminary results from our prototype active sink deployment that illustrates the limited variability in the sink traffic and the feasibility of efficient classification and discrimination of attack types. 1

Abstract — The quality of peer-to-peer content distribution can suffer when malicious participants intentionally corrupt content. Some systems using simple block-by-block downloading can verify blocks with traditional cryptographic signatures and hashes, but these techniques do not apply well to more elegant systems that use rateless erasure codes for efficient multicast transfers. This paper presents a practical scheme, based on homomorphic hashing, that enables a downloader to perform on-the-fly verification of erasure-encoded blocks. I.

A number of multi-hop, wireless, network programming systems have emerged for sensor network retasking but none of these systems support a cryptographically-strong, publickey-based system for source authentication and integrity verification. The traditional technique for authenticating a program binary, namely a digital signature of the program hash, is poorly suited to resource-contrained sensor nodes. Our solution to the secure programming problem leverages authenticated streams, is consistent with the limited resources of a typical sensor node, and can be used to secure existing network programming systems. Under our scheme, a program binary consists of several code and data segments that are mapped to a series of messages for transmission over the network. An advertisement, consisting of the program name, version number, and a hash of the very first message, is digitally signed and transmitted first. The advertisement authenticates the first message, which in turn contains a hash of the second message. Similarly, the second message contains a hash of the third message, and so on, binding each message to the one logically preceding it in the series through the hash chain. We augmented the Deluge network programming system with our protocol and evaluated the resulting system performance.

Abstract not found

Authenticating broadcast packet communications poses a challenge that cannot be addressed efficiently with public key signatures on each packet, or securely with the use of a pre-distributed shared secret key, or practically with unicast tunnels. Unreliability is an intrinsic problem: many broadcast protocols assume that some information will be lost, making it problematic to amortize the cost of a single public key signature across multiple packets. Forward Error Correction (FEC) can compensate for loss of packets, but denial of service risks prevent the naive use of both public keys and FEC in authentication. In this paper we introduce a protocol, Broadcast Authentication Streams (BAS), that overcomes these barriers and provides a simple and efficient scheme for authenticating broadcast packet communications based on a new technique called selective verification. We analyze BAS theoretically, experimentally, and architecturally. 1

We propose application specific virtual machines as a method to safely and efficiently program sensor networks.

We investigate the design space of sensor network broadcast authentication. We show that prior approaches can be organized based on a taxonomy of seven fundamental proprieties, such that each approach can satisfy at most six of the seven proprieties. An empirical study of the design space reveals possibilities of new approaches, which we present in the following two new authentication protocols: RPT and LEA. Based on this taxonomy, we offer guidance in selecting the most appropriate protocol based on an application’s desired proprieties. Finally, we pose the open challenge for the research community to devise a protocol simultaneously providing all seven properties.

Broadcast authentication is a critical security service in wireless sensor networks. There are two general approaches for broadcast authentication in wireless sensor networks: digital signatures and µTESLA-based techniques. However, both signature-based and µTESLA-based broadcast authentication are vulnerable to Denial of Services (DoS) attacks: An attacker can inject bogus broadcast packets to force sensor nodes to perform expensive signature verifications (in case of signature-based broadcast authentication) or packet forwarding (in case of µTESLA-based broadcast authentication), thus exhausting their limited battery power. This paper presents an efficient mechanism called message specific puzzle to mitigate such DoS attacks. In addition to signaturebased or µTESLA-based broadcast authentication, this approach adds a weak authenticator in each broadcast packet, which can be efficiently verified by a regular sensor node, but takes a computationally powerful attacker a substantial amount of time to forge. Upon receiving a broadcast packet, each sensor node first verifies the weak authenticator, and performs the expensive signature verification (in signature-based broadcast authentication) or packet forwarding (in µTESLA-based broadcast authentication) only when the weak authenticator is valid. A weak authenticator cannot be pre-computed without a non-reusable (or short-lived) key disclosed only in a valid packet. Even

Multicast is an internetwork service that provides efficient delivery of data from a source to multiple receivers. It reduces the bandwidth requirements of the network and the computational overhead of the host devices. This makes multicast an ideal technology for communication among a large group of participants. Secure group communications involves many service types include teleconferencing, pay TV and realtime delivery of stock quotes.