Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis

Patrick Tague; Radha Poovendran; David Slater; Jason Rogers

doi:10.1109/TDSC.2008.60

Publication
2009
Issue No. 2 - April-June
Abstract - Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Patrick Tague Articles by David Slater Articles by Jason Rogers Articles by Radha Poovendran

Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis

April-June 2009 (vol. 6 no. 2)

pp. 111-123

	ASCII Text	x
	Patrick Tague, David Slater, Jason Rogers, Radha Poovendran, "Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis," IEEE Transactions on Dependable and Secure Computing, vol. 6, no. 2, pp. 111-123, April-June, 2009.

	BibTex	x
	@article{ 10.1109/TDSC.2008.60, author = {Patrick Tague and David Slater and Jason Rogers and Radha Poovendran}, title = {Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis}, journal ={IEEE Transactions on Dependable and Secure Computing}, volume = {6}, number = {2}, issn = {1545-5971}, year = {2009}, pages = {111-123}, doi = {http://doi.ieeecomputersociety.org/10.1109/TDSC.2008.60}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Dependable and Secure Computing TI - Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis IS - 2 SN - 1545-5971 SP111 EP123 EPD - 111-123 A1 - Patrick Tague, A1 - David Slater, A1 - Jason Rogers, A1 - Radha Poovendran, PY - 2009 KW - Wireless networks KW - security KW - routing KW - node capture attacks KW - adversary models. VL - 6 JA - IEEE Transactions on Dependable and Secure Computing ER -

Patrick Tague, University of Washington, Seattle

David Slater, University of Washington, Seattle

Jason Rogers, Naval Research Laboratory, Washington

Radha Poovendran, Unversity of Washington, Seattle

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2008.60

Joint analysis of security and routing protocols in wireless networks reveals vulnerabilities of secure network traffic that remain undetected when security and routing protocols are analyzed independently. We formulate a class of continuous metrics to evaluate the vulnerability of network traffic as a function of security and routing protocols used in wireless networks. We develop two complementary vulnerability definitions using set theoretic and circuit theoretic interpretations of the security of network traffic, allowing a network analyst or an adversary to determine weaknesses in the secure network. We formalize node capture attacks using the vulnerability metric as a nonlinear integer programming minimization problem and propose the GNAVE algorithm, a Greedy Node capture Approximation using Vulnerability Evaluation. We discuss the availability of security parameters to the adversary and show that unknown parameters can be estimated using probabilistic analysis. We demonstrate vulnerability evaluation using the proposed metrics and node capture attacks using the GNAVE algorithm through detailed examples and simulation.

[1] P. Tague, D. Slater, J. Rogers, and R. Poovendran, “Vulnerability of Network Traffic Under Node Capture Attacks Using CircuitTheoretic Analysis,” Proc. IEEE INFOCOM '08, pp.664-672, Apr. 2008.
[2] A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography. CRC, 1996.
[3] L. Eschenauer and V.D. Gligor, “A Key-Management Scheme for Distributed Sensor Networks,” Proc. Ninth ACM Conf. Computer and Comm. Security (CCS '02), pp. 41-47, Nov. 2002.
[4] P. Tague and R. Poovendran, “Modeling Adaptive Node Capture Attacks in Multi-Hop Wireless Networks,” Ad Hoc Networks, vol. 5, no. 6, pp. 801-814, Aug. 2007.
[5] H. Chan, A. Perrig, and D. Song, “Random Key Predistribution Schemes for Sensor Networks,” Proc. IEEE Symp. Security and Privacy (SP '03), pp. 197-213, May 2003.
[6] W. Du, J. Deng, Y.S. Han, P.K. Varshney, J. Katz, and A. Khalili, “A Pairwise Key Predistribution Scheme for Wireless Sensor Networks,” ACM Trans. Information and System Security, vol. 8, no. 2, pp. 228-258, May 2005.
[7] D. Liu, P. Ning, and R. Li, “Establishing Pairwise Keys in Distributed Sensor Networks,” ACM Trans. Information and System Security, vol. 8, no. 1, pp. 41-77, Feb. 2005.
[8] N. Cai and R.W. Yeung, “Secure Network Coding,” Proc. IEEE Int'l Symp. Information Theory (ISIT '02), p. 323, June/July 2002.
[9] K. Jain, “Security Based on Network Topology against the Wiretapping Attack,” IEEE Wireless Comm., vol. 11, no. 1, pp.68-71, Feb. 2004.
[10] T.H. Cormen, C.E. Leiserson, and R.L. Rivest, Introduction to Algorithms. MIT Press, McGraw-Hill, 2000.
[11] E.M. Royer and C.E. Perkins, “Ad Hoc On-Demand Distance Vector Routing,” Proc. Second IEEE Workshop Mobile Computing Systems and Applications (WMCSA '99), pp. 90-100, Feb. 1999.
[12] D.B. Johnson, D.A. Maltz, and J. Broch, DSR: The Dynamic Source Routing Protocol for Multihop Wireless Ad Hoc Networks. Addison-Wesley, ch. 5, pp. 139-172, 2001.
[13] C. Schurgers and M.B. Srivastava, “Energy Efficient Routing inWireless Sensor Networks,” Proc. Military Comm. Conf. (MILCOM'01), pp. 357-361, Oct. 2001.
[14] Y. Yu, R. Govindan, and D. Estrin, “Geographical and Energy Aware Routing: A Recursive Data Dissemination Protocol for Wireless Sensor Networks,” Dept. Computer Science, Univ. of California, Los Angeles, Technical Report UCLA/CSD-TR-01-0023, May 2001.
[15] A. Shamir, “How to Share a Secret,” Comm. ACM, vol. 22, no. 11, pp. 612-613, Nov. 1979.
[16] T. Ho, R. Koetter, M. Medard, D.R. Karger, and M. Effros, “The Benefits of Coding over Routing in a Randomized Setting,” Proc. IEEE Int'l Symp. Information Theory (ISIT '03), p. 441, June/July 2003.
[17] M. Ramkumar and N. Memon, “An Efficient Random Key Pre-Distribution Scheme,” Proc. IEEE Conf. Global Comm. (GLOBECOM '04), pp. 2218-2223, Nov./Dec. 2004.
[18] G. Danezis and R. Clayton, “Introducing Traffic Analysis,” Digital Privacy: Theory, Technologies, and Practices, A. Acquisti, S. Gritzalis, C. Lambrinoudakis, and S. di Vimercati, eds., Auerbach, Dec. 2007.
[19] G. Dobson, “Worst-Case Analysis of Greedy Heuristics for Integer Programming with Nonnegative Data,” Math. of Operations Research, vol. 7, no. 4, pp. 515-531, Nov. 1982.
[20] V. Chvatel, “Greedy Heuristic for the Set-Covering Problem,” Math. of Operations Research, vol. 4, no. 3, pp. 233-235, Aug. 1979.
[21] R. Diestel, Graph Theory, third ed. Springer, 2005.
[22] D.F. Tuttle Jr., Electric Networks: Analysis and Synthesis. McGraw-Hill, 1965.

Index Terms:

Wireless networks, security, routing, node capture attacks, adversary models.

Citation:

Patrick Tague, David Slater, Jason Rogers, Radha Poovendran, "Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis," IEEE Transactions on Dependable and Secure Computing, vol. 6, no. 2, pp. 111-123, April-June 2009, doi:10.1109/TDSC.2008.60

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.