Defence against packet injection in ad hoc networks
International Journal of Security and Networks
| Hi-index | 0.00 |
Wireless networks are becoming more and more important in our lives. However, due to the fact that wireless communication is on air, an adversary can easily eavesdrop on packets, imitate other wireless devices, forge packets, and so on. Hence, enhancing the security in wireless networks has become of vital importance. In this thesis, we mainly study two security aspects of wireless networks. One is service confidentiality and access control, that is to ensure only legitimate users can access service data according to their privileges. The other is the prevention of denial-of-service (DoS) attacks, that is to prevent injection of junk packets in wireless networks. To this end, we investigate the following two topics: key management in wireless broadcast services and hop-by-hop source authentication in wireless ad hoc networks. Wireless broadcast is a convenient and effective approach for disseminating data to a number of users. To provide secure access to broadcast data, key-based encryption ensures that only users who own valid keys can decrypt the data. Regarding various subscriptions in broadcast services, a key management system for distributing new keys efficiently and securely is in great demand. Hence, we propose a key management scheme, namely KTR, to address this need. KTR uses a shared key structure which exploits the overlapping relationships among different subscriptions and allows multiple programs to share a single key tree so that users who subscribe to these programs can manage less keys. KTR further reduces rekey cost by identifying the minimum number of keys that must be changed to ensure broadcast security. Wireless ad hoc networks have very limited network resources and are thus susceptible to attacks that focus on resource exhaustion, such as the injection of junk packets. These attacks cause serious denial-of-service via wireless channel contention and network congestion. Although ad hoc network security has been extensively studied, most previous work focuses on secure routing and cannot prevent attackers from injecting a large number of junk data packets into a route that has been established. We propose an on-demand hop-by-hop source authentication protocol, namely SAF, to defend against this type of packet injection attacks. The protocol can either immediately filter out injected junk packets with very high probability or expose the true identity of an injector. Unlike other forwarding defenses, this protocol is designed to fit in the unreliable environment of ad hoc networks and incurs very lightweight overhead in communication and computation. In summary, this study presents two security aspects of wireless networks. First, a key management scheme is proposed to address secrecy and efficiency in broadcast services, where keys are used for service confidentiality and access control. (Abstract shortened by UMI.)