• 제목/요약/키워드: Routing Attack

검색결과 90건 처리시간 0.029초

무선 센서 네트워크 라우팅 보안 강화 기법의 설계 (A design of the wireless sensor network routing improved security method)

  • 김우진;길아라
    • 한국정보과학회:학술대회논문집
    • /
    • 한국정보과학회 2010년도 한국컴퓨터종합학술대회논문집 Vol.37 No.2(A)
    • /
    • pp.101-106
    • /
    • 2010
  • 본 논문에서 제안하는 라우팅 기법은 분산된 센서 네트워크 상의 시작 노드에서 목적지 노드까지 데이터를 전송 할 때, 유효 데이터를 암호화 하고 그것을 분할하여 서로 다른 경로를 통해 전송함으로써 스니핑 공격에 암호화된 부분 데이터만 노출하여 정보 유출의 가능성을 감소한다. 스니핑 공격에 의한 정보 유출 가능성 감소의 정도는 시뮬레이션을 이용하여 전체 데이터를 단일 경로로 전송하는 경우와 비교한 실험 결과를 통하여 나타내 보이며, 해당 경로의 선택을 위한 알고리즘은 이론의 증명을 통해 나타내 보인다.

  • PDF

ZCN과 N2N 인증 기법을 이용한 패킷 전송에 대한 신뢰성 향상에 관한 연구 (A Study on Trust Improvement of Packets Transmission using ZCN and N2N Authentication Technique)

  • 양환석
    • 디지털산업정보학회논문지
    • /
    • 제11권4호
    • /
    • pp.61-68
    • /
    • 2015
  • MANET has various vulnerability in wireless network and is more vulnerable in security because central management is not performed. In particular, routing attack may decrease performance of the overall network because the mobile node acts as a router. In this paper, we proposed authentication technique for improving the reliability of the network by increasing the integrity of the routing control packet and blocking effectively attacks that occur frequently in the inside. The proposed technique is consisted of two authentication methods of ZCN and N2N. ZCN authentication method is to elect CA nodes and monitor the role of the CA nodes. N2N authentication method is for an integrity check on the routing packets between nodes. Index key is determined by combining the hop count value to shared key table issued from CA in order to increase the robustness of the internal attack. Also, the overhead of key distribution was reduced by distributing a shared key to nodes certificated from CA. The excellent performance of the proposed method was confirmed through the comparison experiments.

Survivability Analysis of MANET Routing Protocols under DOS Attacks

  • Abbas, Sohail;Haqdad, Muhammad;Khan, Muhammad Zahid;Rehman, Haseeb Ur;Khan, Ajab;Khan, Atta ur Rehman
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제14권9호
    • /
    • pp.3639-3662
    • /
    • 2020
  • The network capability to accomplish its functions in a timely fashion under failures and attacks is known as survivability. Ad hoc routing protocols have been studied and extended to various domains, such as Intelligent Transport Systems (ITSs), Unmanned Aerial Vehicles (UAVs), underwater acoustic networks, and Internet of Things (IoT) focusing on different aspects, such as security, QoS, energy. The existing solutions proposed in this domain incur substantial overhead and eventually become burden on the network, especially when there are fewer attacks or no attack at all. There is a need that the effectiveness of these routing protocols be analyzed in the presence of Denial of Service (DoS) attacks without any intrusion detection or prevention system. This will enable us to establish and identify the inherently stable routing protocols that are capable to survive longer in the presence of these attacks. This work presents a DoS attack case study to perform theoretical analysis of survivability on node and network level in the presence of DoS attacks. We evaluate the performance of reactive and proactive routing protocols and analyse their survivability. For experimentation, we use NS-2 simulator without detection or prevention capabilities. Results show that proactive protocols perform better in terms of throughput, overhead and packet drop.

Wireless Ad Hoc Network에서 보안 영역과 노드 인증을 이용한 보안 라우팅 기법에 관한 연구 (A Study on Secure Routing using Secure Zone and Nodes Authentication in Wireless Ad Hoc Network)

  • 양환석
    • 디지털산업정보학회논문지
    • /
    • 제10권3호
    • /
    • pp.161-169
    • /
    • 2014
  • Wireless Ad Hoc Network is suitable for emergency situations such as and emergency, disaster recovery and war. That is, it has a characteristic that can build a network and use without help of any infrastructure. However, this characteristic is providing a cause of many security threats. In particular, routing attack is not applied the existing routing methods as it is and it is difficult to determine accurately whether nodes that participate in routing is malicious or not. The appropriate measure for this is necessary. In this paper, we propose a secure routing technique through a zone architecture-based node authentication in order to provide efficient routing between nodes. ZH node is elected for trust evaluation of the member nodes within each zone. The elected ZH node issues a certification of the member nodes and stores the information in ZMTT. The routing involvement of malicious nodes is blocked by limiting the transfer of data in the nodes which are not issued the certification. The superior performance of the proposed technique is confirmed through experiments.

Polymorphic Path Transferring for Secure Flow Delivery

  • Zhang, Rongbo;Li, Xin;Zhan, Yan
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제15권8호
    • /
    • pp.2805-2826
    • /
    • 2021
  • In most cases, the routing policy of networks shows a preference for a static one-to-one mapping of communication pairs to routing paths, which offers adversaries a great advantage to conduct thorough reconnaissance and organize an effective attack in a stress-free manner. With the evolution of network intelligence, some flexible and adaptive routing policies have already proposed to intensify the network defender to turn the situation. Routing mutation is an effective strategy that can invalidate the unvarying nature of routing information that attackers have collected from exploiting the static configuration of the network. However, three constraints execute press on routing mutation deployment in practical: insufficient route mutation space, expensive control costs, and incompatibility. To enhance the availability of route mutation, we propose an OpenFlow-based route mutation technique called Polymorphic Path Transferring (PPT), which adopts a physical and virtual path segment mixed construction technique to enlarge the routing path space for elevating the security of communication. Based on the Markov Decision Process, with considering flows distribution in the network, the PPT adopts an evolution routing path scheduling algorithm with a segment path update strategy, which relieves the press on the overhead of control and incompatibility. Our analysis demonstrates that PPT can secure data delivery in the worst network environment while countering sophisticated attacks in an evasion-free manner (e.g., advanced persistent threat). Case study and experiment results show its effectiveness in proactively defending against targeted attacks and its advantage compared with previous route mutation methods.

FuzzyGuard: A DDoS attack prevention extension in software-defined wireless sensor networks

  • Huang, Meigen;Yu, Bin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제13권7호
    • /
    • pp.3671-3689
    • /
    • 2019
  • Software defined networking brings unique security risks such as control plane saturation attack while enhancing the performance of wireless sensor networks. The attack is a new type of distributed denial of service (DDoS) attack, which is easy to launch. However, it is difficult to detect and hard to defend. In response to this, the attack threat model is discussed firstly, and then a DDoS attack prevention extension, called FuzzyGuard, is proposed. In FuzzyGuard, a control network with both the protection of data flow and the convergence of attack flow is constructed in the data plane by using the idea of independent routing control flow. Then, the attack detection is implemented by fuzzy inference method to output the current security state of the network. Different probabilistic suppression modes are adopted subsequently to deal with the attack flow to cost-effectively reduce the impact of the attack on the network. The prototype is implemented on SDN-WISE and the simulation experiment is carried out. The evaluation results show that FuzzyGuard could effectively protect the normal forwarding of data flow in the attacked state and has a good defensive effect on the control plane saturation attack with lower resource requirements.

신뢰도와 키를 이용한 보안 라우팅 기법에 관한 연구 (A Study on Secure Routing Technique using Trust Value and Key in MANET)

  • 양환석
    • 디지털산업정보학회논문지
    • /
    • 제11권3호
    • /
    • pp.69-77
    • /
    • 2015
  • MANET is composed of only the mobile nodes have a limited transmission range. The dynamic topology by the frequent movement of nodes makes routing difficult and is also cause exposed to security vulnerabilities. In this paper, we propose the security routing technique consisted of mechanism of two steps in order to respond effectively to attack by the modification of the routing information and transmit secure data. The hierarchical structure is used and the authentication node that issues the key of the nodes within each cluster is elected in this proposed method. The authentication node manages key issues and issued information for encrypting the routing information from the source node. The reliability value for each node is managed to routing trust table in order to secure data transmission. In the first step, the route discovery is performed using this after the routing information is encrypted using the key issued by the authentication node. In the second step, the average reliability value of the node in the found path is calculated. And the safety of the data transmission is improved after the average reliability value selects the highest path. The improved performance of the proposed method in this paper was confirmed through comparative experiments with CBSR and SEER. It was confirmed a better performance in the transmission delay, the amount of the control packet, and the packet transmission success ratio.

Grayhole 공격이 있는 MANET의 전송성능 (Transmission Performance of MANET under Grayhole Attack)

  • 김영동
    • 한국정보통신학회:학술대회논문집
    • /
    • 한국정보통신학회 2015년도 춘계학술대회
    • /
    • pp.639-642
    • /
    • 2015
  • MANET(Mobile Ad-Hoc Network)의 라우팅 기능에 대한 공격인 홀 공격은 네트워크 전송성능에 중요한 영향을 미친다. MANET은 단말기만으로 구성되는 임시 네트워크로 악성공격에 대한 대응이 쉽지 않아 홀 공격에 매우 취약하여 전송성능에 치명적인 영향을 받을 수 있다. 본 연구에서는 홀공격의 일종은 그레이홀 공격이 MANET의 전송 성능에 미치는 영향을 컴퓨터 시뮬레이션을 사용하여 분석하여 본다. 연구의 대상 트래픽으로는 음성 트래픽을 사용하였으며, 그레이홀 공격의 영향을 블랙홀 공격과 비교하여 본다. 본 연구의 방법과 결과는 MANET에서 악성공격에 대응하기 위한 자료로 활용될 수 있다.

  • PDF

An Algorithm to Detect Bogus Nodes for a Cooperative Intrusion Detection Architecture in MANETs

  • Hieu Cao Trong;Dai Tran Thanh;Hong Choong-Seon
    • 한국정보처리학회:학술대회논문집
    • /
    • 한국정보처리학회 2006년도 춘계학술발표대회
    • /
    • pp.1117-1120
    • /
    • 2006
  • Wide applications because of their flexibilities and conveniences of Wireless Mobile Ad-hoc Networks (MANETs) also make them more interesting to adversaries. Currently, there is no applied architecture efficient enough to protect them against many types of attacks. Some preventive mechanisms are deployed to protect MANETs but they are not enough. Thus, MANETs need an Intrusion Detection System (IDS) as the second layer to detect intrusion of adversaries to response and diminish the damage. In this paper, we propose an algorithm for detecting bogus nodes when they attempt to intrude into network by attack routing protocol. In addition, we propose a procedure to find the most optimize path between two nodes when they want to communicate with each other. We also show that our algorithm is very easy to implement in current proposed architectures.

  • PDF

애드혹 센서 네트워크에서 AODV 라우팅 정보변조 공격노드 탐지 및 추출기법 (Method of Detecting and Isolating an Attacker Node that Falsified AODV Routing Information in Ad-hoc Sensor Network)

  • 이재현;김진희;권경희
    • 한국정보통신학회논문지
    • /
    • 제12권12호
    • /
    • pp.2293-2300
    • /
    • 2008
  • 애드 혹 센서 네트워크 환경에서 사용되는 대표적인 라우팅 방식인 AODV(Ad-hoc On-Demand Distance Vector)는 무선보안 메커니즘의 부재로 라우팅 정보가 모든 노드에게 노출되어 있다. AODV방식의 문제점은 공격자가 네트워크 내부에 침입하여 임의대로 라우팅 경로를 수정하여 자신을 통과하는 경로를 최단경로로 판단하게 하는 라우팅 정보 변조공격이 가능하다는 것이다. 본 논문에서는 AODV 라우팅 정보 중 공격자가 RREQ(Route Request) 패킷의 소스 시퀀스 번호와 홉 카운트를 변조하여 사용하는 공격을 설계했다. 그리고 설계한 공격을 보안 암호화 및 인증방식이 아닌 AODV의 메커니즘 안에서 공격자를 발견하고 발견된 공격자를 고립시켜 네트워크 성능저하를 막을 수 있는 방법을 제안한다. 본 연구는 네트워크 보안을 위해 과도한 보안 알고리즘의 도입으로 생기는 오버헤드를 네트워크 메커니즘을 통하여 줄이고자 한다. 제안된 메커니즘의 성능 평가는 NS-2를 이용하였으며 정상적인 네트워크 상황, 공격 시 네트워크 상황 그리고 제안 메커니즘이 적용된 네트워크 상황하에서 목적지 노드의 데이터 총 수신량을 통하여 성능을 비교 분석하였다. 그 결과 본 논문에서 제안하는 방식을 도입하였을 경우 데이터의 총 수신량이 정상적인 네트워크 상황과 거의 동일하게 나타남을 확인하였다.