On the use of radio resource tests in wireless ad hoc networks

Editor's Notes

• #2: Overview of the road map. TEMPO: 10s
• #3: We will start to talk about the environment (Wireless ad hoc networks) We will then talk about the problem we wish to address And then we will briefly introduce the generic class of solutions Then we will talk about our specific solution – radio resource tests About the framework we created to be able to compare them And the analysis of all the tests according to a set of relevant metrics Finally we will conclude our presentation
• #4: This work is focused on the development of security mechanisms for wireless ad hoc networks. These networks are particularly difficult to protect due to a series of characteristics First of all we have the communication medium, in this case the air, which is more vulnerable than the cable communications The nodes are also vulnerable since they are normally more exposed than in conventional networks The absence of infrastructure makes the usage of centralized security mechanism much more difficult, since there is no centralized resource in ad hoc networks
• #5: The Sybil attack is in its essence a impersonation attack, and happens when a malicious user is able to participate with multiple identities in a system This way, we assume that a correct entity is always associated with one identity, in contrary to malicious entities that can present multiple identities simultaneously, whether it is by stealing other nodes identities, or simply generating new ones For example, in this figure, the malicious entity represented in red can present a series of distinct identities. It presents identity a, but it can also present Tempo:30s
• #6: Identity b Tempo:30s
• #7: Or even identity C If a malicious entity is able to present multiple valid identities to a system, its said that it successfully did a sybil attack What are the disadvantages of a sybil attack, what does the attacker gain in doing one. Tempo:30s
• #8: One attack to which this attack is effective is against quorum systems (or other systems based on voting) As shown in this figure, a malicious entity can vote multiple times, with different identities, being able to deterministically alter the final outcome TEMPO:30s
• #9: In resource tests… Tempo:45s
• #12: The way in which this assumption is explored is by requesting identities to transmit some message on distinct channels If these identities belong in fact to distinct nodes, they will be able to do so
• #15: While working in these radio resource tests, we realized there were some distinguishing parameters in all the tests, that allowed us to caracterize them, and compare them with each other. So, we devised a framework with these parameters. Tempo:30s
• #16: We are now going to apply this framework to the previously described sender test. Tempo:30s
• #17: The sender test is a RRT with h equal to K, c equal to one, and w equal to 1. The number of identities that are tested simultaneously in the test h, is limited by the number of available channels. If we only have two channels, we can only have two identities communicating simultaneously. Regarding the number of active challengers, we have that the challenger node assigns the frequencies to every tested identity, so, there is only one active challenger. Finally, regarding the parameter w, since only the challenger node knows in which frequencies each identity is transmiting, there is only one node that can extract information from the test. Repetir: As said before, we devised an optimization for this test, that is based on the exact same assumptions: no node possesses more than one radio device, and no radio device is able to transmit simultaneously on two distinct frequencies. Tempo:30s
• #18: There are essentially two main differences: First, we realized that channel assignment can be done deterministically. This removes the need for an explicit channel assignment from a challenger node. Also, this also increases the number of witnesses w, since now, and due to the deterministic channel assignment, every non-participating node is able to extract information from the test. One other test that we devised was the Receiver Test. Tempo:30s
• #19: This test is based on a different assumption than the previous two. Instead of assuming nodes cannot simultaneously transmit in two distinct channels, we assume that they cannot listen simultaneously, on more than one channel. Tempo:30s
• #20: As before, we also have to repeat the test for a certain number of Rounds, to be able to increase the probability of detection. Now applying our framework for the Receiver Test Tempo:30s
• #22: With all these tests, we analyzed and compared them for a series of metrics
• #23: With these metrics, lets go back to our first example, the osst. Tempo:30s
• #24: The first metric analyzed is the vulnerability to collusion. The problem with colluding nodes is the following, imagine if we have a malicious node in the network. If this node presents two identities to the network and is tested, at least one of the identities will be excluded as a sybil identity. However, if there is another malicious node, and both of them are colluding, the node not being tested could defend the sybil identity by simply transmitting in the corresponding channel.
• #25: The first metric analyzed is the vulnerability to collusion. The problem with colluding nodes is the following, imagine if we have a malicious node in the network. If this node presents two identities to the network and is tested, at least one of the identities will be excluded as a sybil identity. However, if there is another malicious node, and both of them are colluding, the node not being tested could defend the sybil identity by simply transmitting in the corresponding channel.
• #28: The different tests have a different assymetry in the resource spent by the nodes beeing tested, and the tester,. For example, If a malicious node is able to ask for several tests, it could make an effective denial-of-service, requiring the nodes to do unecessary tests So, we use resource consumption essentially as a metric of the denial of service threat of the tests.
• #29: The different tests have a different assymetry in the resource spent by the nodes beeing tested, and the tester,. For example, If a malicious node is able to ask for several tests, it could make an effective denial-of-service, requiring the nodes to do unecessary tests So, we use resource consumption essentially as a metric of the denial of service threat of the tests.
• #30: In practice, nodes are not required to have a perfect synchronization; it is enough to ensure that the time to transmit a message is orders of magnitude larger than the allowed amount of desynchronization among nodes (such that a node cannot leverage on the desynchronization to send a message on both channels)
• #31: In practice, nodes are not required to have a perfect synchronization; it is enough to ensure that the time to transmit a message is orders of magnitude larger than the allowed amount of desynchronization among nodes (such that a node cannot leverage on the desynchronization to send a message on both channels)
• #33: Until now we analyzed each test individually. However, one has to consider the application of this test to a group of nodes.
• #39: From this we can conclude the following application scenarios for our test examples Tempo:30s
• #40: We can also analyse the number of messages in relation to the number of nodes in the network Tempo:30s
• #41: Meter FCT Tempo:30s
• #42: With all these tests, we analyzed and compared them for a series of metrics
• #43: Tempo:30s
• #44: Chegamos assim, ao fim da nossa apresentação, muito obrigado pela atenção. Se tiverem alguma questão…