Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis(2009)

Note: Please Scroll Down to See the Download Link.

Abstract:

Joint analysis of security and routing protocols in wireless networks reveals vulnerabilities of secure network traffic that remain undetected when security and routing protocols are analyzed independently. We formulate a class of continuous metrics to evaluate the vulnerability of network traffic as a function of security and routing protocols used in wireless networks. We develop two complementary vulnerability definitions using set theoretic and circuit theoretic interpretations of the security of network traffic, allowing a network analyst or an adversary to determine weaknesses in the secure network.

Algorithm / Technique used:

GNAVE Algorithm.

Algorithm Description:

We define a class of metrics for the vulnerability of network traffic and formulate the minimum cost node capture attack problem as a nonlinear integer program using the defined vulnerability metrics. We present the GNAVE algorithm, a Greedy Node capture Approximation using Vulnerability Evaluation, to approximate the minimum cost node capture attack.

Existing System:

Clustering approaches have been found useful in providing scalable data aggregation, security and coding for large scale distributed sensor networks (DSNs). Clustering (also known as sub grouping) has also been effective in containing and compartmentalizing node compromise in large scale networks. We consider the problem of designing a clustered DSN when the probability of node compromise in different deployment regions is known a priori. We make use of the a priori probability to design a variant of random key predistribution method that improves the resilience and hence the fraction of compromised communications compared to seminal works. We further relate the key ring size of the subgroup node to the probability of node compromise, and design an effective scalable security mechanism that increases the resilience to the attacks for the sensor subgroups. Simulation results show that by using our scheme, the performance can be substantially improved in the sensor network (including the resilience and the fraction of compromised communications) that only sacrifices a small extent in the probability of a shared key exists between two nodes, compared to those of the prior results.

Proposed System:

We formalize node capture attacks using the vulnerability metric as a nonlinear integer programming minimization problem and propose the GNAVE algorithm, a Greedy Node capture Approximation using Vulnerability Evaluation. We discuss the availability of security parameters to the adversary and show that unknown parameters can be estimated using probabilistic analysis. We demonstrate vulnerability evaluation using the proposed metrics and node capture attacks using the GNAVE algorithm.

Modules:

1.     Network Module

2.     Key Assignment Module

3.     Adversarial Module

4.     Route Vulnerability Metric(RVM)

5.     Circuit Theoretic Method

Module Description:

1.     Network Module

Client-server computing or networking is a distributed application architecture that partitions tasks or workloads between service providers (servers) and service requesters, called clients. Often clients and servers operate over a computer network on separate hardware. A server machine is a high-performance host that is running one or more server programs which share its resources with clients. A client also shares any of its resources; Clients therefore initiate communication sessions with servers which await (listen to) incoming requests.

2.     Key Assignment Module

To measure the effective security offered in a wireless network as a function of the routing topology and the link security provided by the key assignment protocol. Jointly considering the information from routing and key assignment a protocol leads to a significant reduction in resource expenditure in comparison to consideration of information from either protocol separately.

3.     Adversarial Module

This joint protocol analysis allows a network analyst or an adversary to evaluate the vulnerability of network traffic and isolate weakly secured connections. We approach the problem from an adversarial perspective and show how an intelligent adversary can mount a node capture attack using vulnerability evaluation to focus the attack on the nodes which contribute maximally to the compromise of network traffic.

4.     Route Vulnerability Metric(RVM)

We define a class of route vulnerability metrics (RVMs) to quantify the effective security of traffic traversing a given route. Using the RVM definition, we formulate the minimum cost node capture attack problem as a nonlinear integer programming minimization problem. Since determining the optimal node capture attack is likely infeasible, we propose the GNAVE algorithm using a greedy heuristic to iteratively capture nodes which maximize the increase in route vulnerability.

5.     Circuit Theoretic Method

We formulate a circuit theoretic RVM realization which jointly considers all edge cuts of G using duality properties of planar graphs and electric circuits. As a basis of the formulation, we first outline a mapping between edge cuts of G and current flowing through a corresponding electric circuit.

Hardware Requirements:

•         System                 : Pentium IV 2.4 GHz.

•         Hard Disk            : 40 GB.

•         Floppy Drive        : 1.44 Mb.

•         Monitor                 : 15 VGA Colour.

•         Mouse                  : Logitech.

•         Ram                     : 256 Mb.

Software Requirements:

•         Operating system         : Windows XP Professional.

•         Coding Language         : Java.

•         Tool Used                       : Eclipse.

Click here to download Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis(2009) source code