Volume I, Issue II, June - 2014
69
FINDING END TO END COMMUNICATION FOR
DISCOVERY SYSTEM IN MANET USING
ANONYMOUS SUPERNODE
K.Prabakar, K.Gopalakrishnan PG Student, Assistant Professor (CSE)
Nandha College of Technology, Erode
ABSTRACT: Many inscrutability attractive techniques have been discovered on the basis of packet encryption method to protect the communication inscrutability of MANETs. In this paper we defined that MANETs are still weak under passive statistical traffic analysis attack. To define how to find the communication pattern without decrypting the consumed packets, we provide a generalized statistical traffic pattern discovery system(GSTPDS). GSTPDS works nodes are close to each other by treating the close nodes as a super node. Here is the capable of finding the source, the destination, and the communication relations. Emprical Studies shows that GSTDPS achieves best accuracy in finding the hidden traffic patterns.
Index Terms—unspecified communication, mobile ad hoc networks, statistical traffic analysis
I. INTRODUCTION
MOBILE ad hoc networks (MANETs) are mainly developed for military tactic environments. Communication scrutability is a main problems in MANETs, which generally consists of the following aspects: 1) Source/ destination inscrutability—it is difficult to find the sources or the destinations of the network flows. 2) End-to-end relationship inscrutability—it is difficult to find the end- to-end communication relations. To get inscrutable MANET communications, most inscrutable routing protocols such as ANODR, MASK, and OLAR have been proposed. Though some variety of inscrutability enhancing techniques like onion routing and mix-net are used, these protocols mainly rely on packet encryption to hide sensitive information from the adversaries
In addition, the STPDS is inherited as GSTPDS which 1) divides the whole network into multiple regions geographically; 2) deploys sensors along the boundaries of each region to monitor the CCT; 3) treats each and every region as a supernode and
use GSTPDS to point out the sender, receiver, and end-to-end communication relations; and 4) analyzes the traffic even when nodes are nearer to each other by pointing the close nodes as a super node.
II RELATED WORK
Volume I, Issue II, June - 2014
70 can also tag some of the forwarded messages for traffic analysis
Different from the attacks which mentioned above, statistical traffic analysis intend to find sensitive information from the statistical characteristics of the network traffic, for example, the traffic volume. The source usually does not change the network behavior (such as modifying packets). The only thing they do is to quitely collect traffic information and perform statistical calculations. The ancestor attacks are first pointed out by Reiter and Rubin [14].
Later works such as [15] and [16] extend them to all kinds of inscrutability communication systems including onion routing [9], mix-net [10], and DC-net [22]. In a typical predecessor attack, the hackers act exactly as legitimate nodes in the network communications. They maintain a single predecessor counter for each legitimate node in the system. When an hacker finds himself to be on an inscrutability path to the destination, he increments the shared counter for its predecessor node in this path.
III SYSTEM MODELS
In this section, we provide the fundamental system models assumed by STARS.
Communication Model:
We assume the inscrutability enhancing techniques (such as [1], [2], [3]) are used to save the MANETs. However, these techniques are designed to different levels of inscrutability. To focus on the statistical traffic analysis, we assume, based on [21], that a combination of these techniques is applied and the targeted MANET communication system is subject to the following model:
1. The PHY/MAC layer is controlled by the usually used 802.11(a/b/g) protocol. But all MAC frames (packets) are encrypted so that the adversaries cannot decrypt them to look into the contents.
2. Padding is applied so that all MAC frames (packets) have the similar size. Nobody can trace a packet according to its unique size.
3. The “virtual carrier sensing” option is not visible. The source/destination addresses in MAC and IP headers are set to a broadcasting address or to use identifier changing techniques.
In this case, adversaries are prevented from find point-to-point communication relations.
4. No information about the traffic patterns is disclosed from the routing layer and above.
5. Fake traffic and fake delay are not used due to the highly limited resources in MANETs.
Attack Model:
The hackers’ goal is to discover the traffic patterns among mobile nodes. Mainly, we have the following four assumptions for hackers:
1. The adversaries are passive signal detectors, i.e., they are not actively involved in the communications. They can even monitor every single packet transmitted through the network. 2. The adversary nodes are linked through an additional channel which is different from the one used by the target MANET. Therefore, the message between adversaries will not influence the MANET communication.
3. The adversaries can locate the signal resource according to certain properties of the detected signal, using wireless location tracking .
The adversaries can trace the movement of each mobile node, by cameras or other types of sensors. In this case, the signals (packets) trans- mitted by a node can always be associated with it even when the node moves from one spot to another.
IV GEOGRAPHICAL STATISTICAL
TRAFFIC PATTERN DISCOVERY SYSTEM
Volume I, Issue II, June - 2014
71 Second, further calculating the end-to- end traffic matrix, it analyze the probability for each node to be a source/destination probability distribution and that for each pair of node to be the end-to-end link probability distribution.
4.1 Traffic Matrices Construction 4.1.1 Point-to-Point Traffic Matrix
With the captured one-hop traffic in a certain period T, we first need to design point-to-point traffic matrices such that every traffic matrix only contains “independent” point-point packets. such as the two packets put by node 1 and node 2 consecutively in Fig. 1, so they are “dependent” on each other. To avoid a single hop traffic matrix from containing two dependent packets, we use a “time slicing” technique as shown in Fig. 2. That is, we take shots of the network, and each and every snapshot is triggered by a captured packet. The “time slicing” has to make sure that all packets captured in any of the time intervals are independent with each other. In other terms, two packets residing in different entries of the same matrix must not be the similar packet transmitted through multiple hops. In addition to the “time slicing,” we need to follow the three rules listed below: 1) The number of captured packets rather than the actual size of payloads is considered as the “traffic volume,” since the size of payloads does not affect the traffic pattern . 2) All nodes within the sending range of a packet have the same probability to be the actual recipient
4.1.2 End-to-End Traffic Matrix
Given a sequence of point-to-point traffic matrices, our goal is to derive the end-to-end traffic matrix, where the traffic volume from node i to node j, including both the one hop traffic captured directly and multi hop traffic reduced from the point-to-point matrices. In this paper, we use the term accumulative traffic matrix and end-to-end traffic matrix interchangeably. The following Algorithm 1 (function f) takes K as the inputs to derive accumulative traffic matrix
In this algorithm, each update to R (line 3) includes the multihop traffic derivation function g shown as in Algorithm 2, and the addition of the point-to-point traffic matrix which is the evidence of possible direct (single-hop) communication. Applying Algorithm 1, we derive the following matrix R for our presented example. For simplicity, we assume the timing and hop-count thresholds do not filter any packet out.
4.2 Traffic Pattern Discovery
The traffic matrix R tells us the reduced end-to-end traffic volume between every couple of nodes. However, we still need to perform further investigation to find the actual source/destination probability distribution and end-to-end link probability distribution, that is, to point out who are the actual sources and destinations and who are all communicating with whom.
4.2.1 Source/Destination Probability Distribution
we only care about to know which nodes are more possible to be the actual sources but not the total number m, we can always imagine m ¼ 1. It is the same case for D and all the probability vectors we will calculate later in this paper. All probability distribution vectors in this paper are normalized1 and only the relative orders among the elements of each vector actually make sense.
To reduce the neighborhood noise, we utilize the vector space similarity assessment. The vector space similarity (or cosine similarity) of two vectors V and U is defined as follows:
Volume I, Issue II, June - 2014
72 4.2.2 End-to-End Link Probability Distribution
Like other wireless communication systems, a jamming attack is one of the most difficult threats in CRNs. A jamming attacker may transmit continuous packets to force a legitimate secondary user to never sense an idle channel. This leads to a DoS type attack whereby the legitimate user is unable to access any white space. In order to detect the above mentioned attacks, there have been many scattered proposals, which have been surveyed in. However, IDS-based attack detection strategy has not yet been studied extensively. In fact, it is important to have a common ID with a general detection policy to fit most, if not all, the threats. In the next section, we present our proposed IDS to deal with this issue.
Our objective in this section is to get a probability distribution matrix in which each entry represents the probability of the i ! j link ability. Again, note that only the relative order among these entries is of notice, since we aim at discovering the most possible communication links.
The majority of anti-jamming techniques make use of diversity. For example, anti-jamming protocols may employ multiple frequency bands, different MAC channels, or multiple routing paths. Such diversity techniques help to curb the effects of the jamming attack by requiring the jammer to act on multiple resources simultaneously. In this paper, we consider the anti-jamming diversity based on the use of multiple routing paths. Using multiple-path variants of source routing protocols such as Dynamic Source Routing (DSR) [9] or Ad Hoc On-Demand Distance Vector (AODV), for example the MP-DSR protocol, each source node can request several routing paths to the destination node for concurrent use. To make effective use of this routing diversity, however, each source node must be able to make an intelligent allocation of traffic across the available paths while considering the potential effect of jamming on the resulting data throughput. In order to characterize the effect of jamming on throughput, each source must collect information on the impact of the jamming attack in
various parts of the network. However, the extent of jamming at each network node depends on a number of unknown parameters, including the strategy used by the individual jammers and the relative location of the jammers with respect to each transmitter–receiver pair. Hence, the impact of jamming is probabilistic from the
perspective of the network,1 and the characterization of
the jamming impact is further complicated by the fact that the jammers’ strategies may be dynamic and the
jammers themselves may be mobile.
Conventional anti-jamming techniques rely extensively on spread-spectrum (SS) communications [25], or some form of jamming evasion (e.g., slow frequency hopping, or spatial retreats [37]). SS techniques provide bit-level protection by spreading bits according to a secret pseudo-noise (PN) code, known only to the communicating parties. These methods can only protect wireless transmissions under the external threat model. Potential disclosure of secrets due to node compromise, neutralizes the gains of SS. Broadcast communications are particularly vulnerable under an internal threat model because all intended receivers must be aware of the secrets used to protect transmissions. Hence, the compromise of a single receiver is sufficient to reveal relevant cryptographic information.
2.PROBLEM STATEMENT AND
ASSUMPTIONS
Fig. 1 illustrates an example network with sources S={r,s}. The subgraph Gr consists of the two routing Paths
Pr 1= {(r,i),(r,k),(k,m),(m,u)} Pr 2= {(r,i),(i,j),(j,n),(n,u)}
and the subgraph Gs consists of the two routing paths
Ps1={(s,i),(i,k),(k,m),(m,t)} Ps1={(s,j),(j,n),(n,m),(m,t)}
Volume I, Issue II, June - 2014
73 as part of the reply message for the routing path. Using the information from the routing reply, each source node is thus provided with additional information about the jamming impact on the individual nodes.
We assume the inscrutability enhancing techniques (such as [1], [2], [3]) are used to save the MANETs. However, these techniques are designed to different levels of inscrutability. To focus on the statistical traffic analysis, we assume, based on [21], that a combination of these techniques is applied and the targeted MANET communication system is subject to the following model:
1. The PHY/MAC layer is controlled by the usually used 802.11(a/b/g) protocol. But all MAC frames (packets) are encrypted so that the adversaries cannot decrypt them to look into the contents.
2. Padding is applied so that all MAC frames (packets) have the similar size. Nobody can trace a packet according to its unique size.
3. The “virtual carrier sensing” option is not visible. The source/destination addresses in MAC and IP headers are set to a broadcasting address or to use identifier changing techniques. In this case, adversaries are prevented from find point-to-point communication relations.
4. No information about the traffic patterns is disclosed from the routing layer and above.
5. Fake traffic and fake delay are not used due to the highly limited resources in MANETs.
Adversary Model–We assume the adversary is in control of the communication medium and can
jam messages at any part of the network of his choosing. The adversary can operate in full-duplex mode, thus being able to receive and transmit simultaneously. This can be achieved, for example, with the use of multi-radio transceivers. In addition, the adversary is equipped with directional antennas that enable the reception of a signal from one node and jamming of the same signal at another. For analysis purposes, we assume that the adversary can pro-actively jam a number of bits just below the ECC capability early in the transmission. He can then decide to irrecoverably corrupt a transmitted packet by jamming the last symbol. In reality, it has been demonstrated that selective jamming can be achieved with far less resources. A jammer equipped with a
single half-duplex transceiver is sufficient to classify and jam transmitted packets. However, our model captures a more potent adversary that can be effective even at high transmission speeds.
Source/Destination Probability Distribution The first two scenarios demonstrate the ability of STARS to find the source and destination by calculating the source/destination probability distribution. node 2 has much higher probability than other nodes to be the source, and node 3 also has the highest probability to be the destination, which match the replication setup.
V CONCLUSION
In this paper, we propose a novel GSTDPS for MANETs. GSTDPS is basically an attacking system, which also needs to get the raw traffic from the PHY/MAC layer without looking into the contents of the intercepted packets. From the captured packets, GSTDPS constructs a sequence of point-to-point traffic matrices to derive the end-to-end traffic matrix, and then uses a heuristic data full processing model to reveal the hidden traffic patterns from the end-to-end matrix. Our empirical study shows that the existing MANET systems can achieve very restricted communication inscrutability under the attack of GSTDPS.
REFERENCES
[1] J. Kong, X. Hong, and M. Gerla, “An Identity-Free and On-Demand Routing Scheme against Anonymity Threats in Mobile Ad Hoc Networks,” IEEE Trans. Mobile Computing, vol. 6, no. 8, pp. 888-902, Aug. 2007.
Volume I, Issue II, June - 2014
74 [4] M. Blaze, J. Ioannidis, A. Keromytis, T. Malkin, and A. Rubin, “WAR: Wireless Anonymous Routing,” Proc. Int’l Conf. Security Protocols, pp. 218-232, 2005.
[5] A. Boukerche, K. El-Khatib, L. Xu, and L. Korba, “SDAR: A Secure Distributed Anonymous Routing Protocol for Wireless and Mobile Ad Hoc Networks,” Proc. IEEE 29th Ann. Int’l Conf. Local Computer Networks (LCN ’04), pp. 618-624, 2004.
[6] S. Seys and B. Preneel, “ARM: Anonymous Routing Protocol for Mobile Ad Hoc Networks,” Proc. IEEE 20th Int’l Conf. Advanced Information Networking and Applications Workshops (AINA Work-shops ’06), pp. 133-137, 2006.
[7] R. Shokri, M. Yabandeh, and N. Yazdani, “Anonymous Routing in MANET Using Random Identifiers,” Proc. Sixth Int’l Conf. Networking (ICN ’07), p. 2, 2007.
[8] R. Song, L. Korba, and G. Yee, “AnonDSR: Efficient Anonymous Dynamic Source Routing for Mobile Ad-Hoc Networks,” Proc. Third ACM Workshop Security of Ad Hoc and Sensor Networks (SASN ’05), pp. 33-42, 2005.
[9] M. Reed, P. Syverson, and D. Goldschlag, “Anonymous Connec-tions and Onion Routing,” IEEE J. Selected Areas in Comm., vol. 16, no. 4, pp. 482-494, May 2002.
[10] D. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms,” Comm. ACM, vol. 24, no. 2, pp. 84-88, 1981. [11] J. Raymond, “Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems,” Proc. Int’l Workshop Designing Privacy Enhancing Technologies: Design Issues in Anonymity and Unobserva-bility, pp. 10-29, 2001.
[12] W. Dai, “Two Attacks against a PipeNet-Like Protocol Once Used by the Freedom Service,” http://weidai.com/freedom-attacks.txt, 2013.
[13] X. Wang, S. Chen, and S. Jajodia, “Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems,” Proc. IEEE Symp. Security and Privacy, pp. 116-130, 2007.
[14] M. Reiter and A. Rubin, “Crowds: Anonymity for Web Transac-tions,” ACM Trans. Information and System Security, vol. 1, no. 1, pp.
66-92, 1998.
[15] M. Wright, M. Adler, B. Levine, and C. Shields, “The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems,” ACM Trans. Information and System Security, vol. 7, no. 4, pp. 489-522, 2004. [16] D. Figueiredo, P. Nain, and D. Towsley, “On the Analysis of the Predecessor Attack on Anonymity Systems,” technical report, Computer Science, pp. 04-65, 2004.
[17] G. Danezis, “Statistical Disclosure Attacks: Traffic Confirmation in Open Environments,” Proc. Security and Privacy in the Age of Uncertainty (SEC ’03), vol. 122, pp. 421-426, 2003.
[18] G. Danezis and A. Serjantov, “Statistical Disclosure or Intersection Attacks on Anonymity Systems,” Proc. Sixth Information Hiding Workshop (IH ’04), pp. 293-308, 2004.
[19] G. Danezis, C. Diaz, and C. Troncoso, “Two-Sided Statistical Disclosure Attack,” Proc. Seventh Int’l Conf. Privacy Enhancing Technologies, pp. 30-44, 2007.
[20] C. Troncoso, B. Gierlichs, B. Preneel, and I. Verbauwhede, “Perfect Matching Disclosure Attacks,” Proc. Eighth Int’l Symp. Privacy Enhancing Technologies, pp. 2-23, 2008.
[21] D. Huang, “Unlinkability Measure for IEEE 802.11 Based MANETs,” IEEE Trans. Wireless Comm., vol. 7, no. 3, pp. 1025-1034, Mar. 2008.
[22] D. Chaum, “The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability,” J. Cryptology, vol. 1, no. 1, pp. 65-75, 1988.
[23] A. Boldyreva, N. Chenette, and A. O’Neill, “Order-preserving encryption revisited: Improved security analysis and alternative solutions,” in Proc. 31st Annu. Int. Conf. Adv. Cryptology, Aug. 2011, pp. 578–595.
[24] P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes,” in Proc. 17th Int. Conf. Theory Appl. Crypto- graphic Tech., May 1999, pp. 223–238.
[25] D. Song, D. Wagner, and A. Perrig, “Practical techniques for searches on encrypted data,” in Proc. IEEE Symp. Security Privacy, May 2000, pp. 44–55.
Volume I, Issue II, June - 2014
75 for public cloud database services,” presented at the 7th Int. Conf. Emerging Security Information, Systems and Technology, Barcelona, Spain, Aug. 2013.
