Issue No.02 - April-June (2009 vol.6)
David Slater , University of Washington, Seattle
Patrick Tague , University of Washington, Seattle
Radha Poovendran , Unversity of Washington, Seattle
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2008.60
Joint analysis of security and routing protocols in wireless networks reveals vulnerabilities of secure network traffic that remain undetected when security and routing protocols are analyzed independently. We formulate a class of continuous metrics to evaluate the vulnerability of network traffic as a function of security and routing protocols used in wireless networks. We develop two complementary vulnerability definitions using set theoretic and circuit theoretic interpretations of the security of network traffic, allowing a network analyst or an adversary to determine weaknesses in the secure network. We formalize node capture attacks using the vulnerability metric as a nonlinear integer programming minimization problem and propose the GNAVE algorithm, a Greedy Node capture Approximation using Vulnerability Evaluation. We discuss the availability of security parameters to the adversary and show that unknown parameters can be estimated using probabilistic analysis. We demonstrate vulnerability evaluation using the proposed metrics and node capture attacks using the GNAVE algorithm through detailed examples and simulation.
Wireless networks, security, routing, node capture attacks, adversary models.
David Slater, Patrick Tague, Radha Poovendran, "Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis", IEEE Transactions on Dependable and Secure Computing, vol.6, no. 2, pp. 111-123, April-June 2009, doi:10.1109/TDSC.2008.60