This Article 
 Bibliographic References 
 Add to: 
Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis
April-June 2009 (vol. 6 no. 2)
pp. 111-123
Patrick Tague, University of Washington, Seattle
David Slater, University of Washington, Seattle
Jason Rogers, Naval Research Laboratory, Washington
Radha Poovendran, Unversity of Washington, Seattle
Joint analysis of security and routing protocols in wireless networks reveals vulnerabilities of secure network traffic that remain undetected when security and routing protocols are analyzed independently. We formulate a class of continuous metrics to evaluate the vulnerability of network traffic as a function of security and routing protocols used in wireless networks. We develop two complementary vulnerability definitions using set theoretic and circuit theoretic interpretations of the security of network traffic, allowing a network analyst or an adversary to determine weaknesses in the secure network. We formalize node capture attacks using the vulnerability metric as a nonlinear integer programming minimization problem and propose the GNAVE algorithm, a Greedy Node capture Approximation using Vulnerability Evaluation. We discuss the availability of security parameters to the adversary and show that unknown parameters can be estimated using probabilistic analysis. We demonstrate vulnerability evaluation using the proposed metrics and node capture attacks using the GNAVE algorithm through detailed examples and simulation.

[1] P. Tague, D. Slater, J. Rogers, and R. Poovendran, “Vulnerability of Network Traffic Under Node Capture Attacks Using CircuitTheoretic Analysis,” Proc. IEEE INFOCOM '08, pp.664-672, Apr. 2008.
[2] A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography. CRC, 1996.
[3] L. Eschenauer and V.D. Gligor, “A Key-Management Scheme for Distributed Sensor Networks,” Proc. Ninth ACM Conf. Computer and Comm. Security (CCS '02), pp. 41-47, Nov. 2002.
[4] P. Tague and R. Poovendran, “Modeling Adaptive Node Capture Attacks in Multi-Hop Wireless Networks,” Ad Hoc Networks, vol. 5, no. 6, pp. 801-814, Aug. 2007.
[5] H. Chan, A. Perrig, and D. Song, “Random Key Predistribution Schemes for Sensor Networks,” Proc. IEEE Symp. Security and Privacy (SP '03), pp. 197-213, May 2003.
[6] W. Du, J. Deng, Y.S. Han, P.K. Varshney, J. Katz, and A. Khalili, “A Pairwise Key Predistribution Scheme for Wireless Sensor Networks,” ACM Trans. Information and System Security, vol. 8, no. 2, pp. 228-258, May 2005.
[7] D. Liu, P. Ning, and R. Li, “Establishing Pairwise Keys in Distributed Sensor Networks,” ACM Trans. Information and System Security, vol. 8, no. 1, pp. 41-77, Feb. 2005.
[8] N. Cai and R.W. Yeung, “Secure Network Coding,” Proc. IEEE Int'l Symp. Information Theory (ISIT '02), p. 323, June/July 2002.
[9] K. Jain, “Security Based on Network Topology against the Wiretapping Attack,” IEEE Wireless Comm., vol. 11, no. 1, pp.68-71, Feb. 2004.
[10] T.H. Cormen, C.E. Leiserson, and R.L. Rivest, Introduction to Algorithms. MIT Press, McGraw-Hill, 2000.
[11] E.M. Royer and C.E. Perkins, “Ad Hoc On-Demand Distance Vector Routing,” Proc. Second IEEE Workshop Mobile Computing Systems and Applications (WMCSA '99), pp. 90-100, Feb. 1999.
[12] D.B. Johnson, D.A. Maltz, and J. Broch, DSR: The Dynamic Source Routing Protocol for Multihop Wireless Ad Hoc Networks. Addison-Wesley, ch. 5, pp. 139-172, 2001.
[13] C. Schurgers and M.B. Srivastava, “Energy Efficient Routing inWireless Sensor Networks,” Proc. Military Comm. Conf. (MILCOM'01), pp. 357-361, Oct. 2001.
[14] Y. Yu, R. Govindan, and D. Estrin, “Geographical and Energy Aware Routing: A Recursive Data Dissemination Protocol for Wireless Sensor Networks,” Dept. Computer Science, Univ. of California, Los Angeles, Technical Report UCLA/CSD-TR-01-0023, May 2001.
[15] A. Shamir, “How to Share a Secret,” Comm. ACM, vol. 22, no. 11, pp. 612-613, Nov. 1979.
[16] T. Ho, R. Koetter, M. Medard, D.R. Karger, and M. Effros, “The Benefits of Coding over Routing in a Randomized Setting,” Proc. IEEE Int'l Symp. Information Theory (ISIT '03), p. 441, June/July 2003.
[17] M. Ramkumar and N. Memon, “An Efficient Random Key Pre-Distribution Scheme,” Proc. IEEE Conf. Global Comm. (GLOBECOM '04), pp. 2218-2223, Nov./Dec. 2004.
[18] G. Danezis and R. Clayton, “Introducing Traffic Analysis,” Digital Privacy: Theory, Technologies, and Practices, A. Acquisti, S. Gritzalis, C. Lambrinoudakis, and S. di Vimercati, eds., Auerbach, Dec. 2007.
[19] G. Dobson, “Worst-Case Analysis of Greedy Heuristics for Integer Programming with Nonnegative Data,” Math. of Operations Research, vol. 7, no. 4, pp. 515-531, Nov. 1982.
[20] V. Chvatel, “Greedy Heuristic for the Set-Covering Problem,” Math. of Operations Research, vol. 4, no. 3, pp. 233-235, Aug. 1979.
[21] R. Diestel, Graph Theory, third ed. Springer, 2005.
[22] D.F. Tuttle Jr., Electric Networks: Analysis and Synthesis. McGraw-Hill, 1965.

Index Terms:
Wireless networks, security, routing, node capture attacks, adversary models.
Patrick Tague, David Slater, Jason Rogers, Radha Poovendran, "Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis," IEEE Transactions on Dependable and Secure Computing, vol. 6, no. 2, pp. 111-123, April-June 2009, doi:10.1109/TDSC.2008.60
Usage of this product signifies your acceptance of the Terms of Use.