Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.580339
Title: Mitigating denial of sevice (DoS) attacks in delay/disruption tolerant networks (DTNs)
Author: Ansa, Godwin Okon
Awarding Body: University of Surrey
Current Institution: University of Surrey
Date of Award: 2012
Availability of Full Text:
Access through EThOS:
Abstract:
A Delay/Disruption Tolerant Network (DTN) is an overlay on top of a number of diverse networks such as mobile ad hoc networks, wireless sensor networks, satellite networks, vehicular networks and the Internet. In terrestrial DTNs, the effectiveness of data dissemination is greatly affected by node mobility and end-to-end disconnections. The inherent mobility of nodes is exploited to forward data opportunistically when a contact arises through the store-carry-and- forward technique. Thus a DTN is characterized by limited bandwidth, long queuing delays, low data rate, low power and intermittent connectivity. The real challenge is how to make DTN resilient against Denial of Service (DoS) attacks. In this thesis, we have investigated several DoS mitigating schemes for wired and wireless networks and found most of them to be highly interactive requiring several protocol rounds, resource-consuming, complex, assume persistent connectivity and hence not suitable for DTN. This thesis proposes three variants of DTN-Cookies of which any is selected as the light-weight authenticator based on the perceived Network Threat Level. For the intra-region scenario, it proposes a DoS-Resilient Authentication Mechanism to mitigate the effect of resource exhaustion DoS attacks. For the inter-region scenario, it proposes an enhanced version of the DoS-Resilient Authentication Mechanism. The proposed mechanism exploits the loose time-synchronization property of DTN, dividing communication contact time into timeslots. The mechanism uses variable seed values in different time slots for the computation and verification of DTN-Cookies, incorporates an ingress filter at the region gateways and uses the HMAC variant of DTN-Cookie. This work also proposes a comprehensive defence mechanism against flooding DoS attacks. The aim of the proposed mechanism is to restrict the volume of malicious traffic during an attack. The rate limiting component monitors the number of bundles per traffic flow and different nodes are assigned different threshold values based on their capability and role in the network. The results show that the proposed DTN-Cookies accurately detect DoS attacks and outperform RSA- 1024 digital signatures in terms of energy and bandwidth efficiency. The proposed mechanisms have been verified through simulations and their superior performance is established over solutions which are based purely on Public-Key Cryptography.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.580339  DOI: Not available
Share: