Journal of Computer Sciences and Applications
ISSN (Print): 2328-7268 ISSN (Online): 2328-725X Website: http://www.sciepub.com/journal/jcsa Editor-in-chief: Minhua Ma, Patricia Goncalves
Open Access
Journal Browser
Go
Journal of Computer Sciences and Applications. 2017, 5(2), 50-63
DOI: 10.12691/jcsa-5-2-2
Open AccessArticle

A Security Scheme to Mitigate Denial of Service Attacks in Delay Tolerant Networks

Godwin Ansa1, , Haitham Cruickshank2, Zhili Sun2 and Mazin Alshamrani3

1Department of Computer Science, Akwa Ibom State University, Mkpat Enin, Nigeria

2Institute of Communications Systems, University of Surrey, Guildford, United Kingdom

3Studies and Decision Support Center, Department of Planning and Development, Ministry of Haj, Saudi Arabia

Pub. Date: June 30, 2017

Cite this paper:
Godwin Ansa, Haitham Cruickshank, Zhili Sun and Mazin Alshamrani. A Security Scheme to Mitigate Denial of Service Attacks in Delay Tolerant Networks. Journal of Computer Sciences and Applications. 2017; 5(2):50-63. doi: 10.12691/jcsa-5-2-2

Abstract

Denial of Service (DoS) attacks are a major network security threat which affects both wired and wireless networks. The effect of DoS attacks is even more damaging in Delay Tolerant Networks (DTNs) due to their unique features and network characteristics. DTN is vulnerable to resource exhaustion and flooding DoS attacks. Several DoS mitigating schemes for wired and wireless networks have been investigated and most of them have been found to be highly interactive requiring several protocol rounds, resource-consuming, complex, assume persistent connectivity and hence not suitable for DTN. To mitigate the impact of resource exhaustion and flooding attacks in DTN, we propose a security scheme which integrates ingress filtering, rate limiting and light-weight authentication security mechanisms to monitor, detect and filter attack traffic. We propose three variants of light-weight bundle authenticators called DTNCookies. To make the proposed DTNCookies random and hard to forge, we exploit the assumption that DTN nodes are loosely time-synchronized to generate different nonce values in different timeslots for the computation and verification of our proposed DTNCookies. The results demonstrate the efficiency and effectiveness of the proposed scheme to detect and drop attack traffic. The simulation results also show good performance for the proposed scheme in terms of energy and bandwidth efficiency, high delivery ratio and low latency.

Keywords:
denial of service DTNCookie flooding resource exhaustion

Creative CommonsThis work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

References:

[1]  Ansa, G., Johnson, E., Cruickshank, H., and Sun, Z, “Mitigating Denial of Service Attacks in Delay-an-Disruption Tolerant Networks,” in Personal Satellite Services Conference, vol. 43, Rome, 2010, pp. 221-234.
 
[2]  Khabbaz, M. J., Assi, C. M. and Fawaz, W. F, “Disruption Tolerant Networking: A Comprehensive Survey of Recent Developments and Challenges,” IEEE Communications Surveys and Tutorials, 2011.
 
[3]  Caini, C., Cruickshank, H., Farrel, S. and Marchese, M. “Delay-and Disruption-Tolerant-Networking (DTN): An Alternative Solution for Future Satellite Networking Applications,” IEEE Proceedings, vol.99, no. 11, pp. 1980-1987, 2011.
 
[4]  Jonson, T., Pezeshki, J., Choa, V., Smith, K.. and Fazio, J. “Application of Delay Tolerant Networking (DTN) in Airborne Networks,” in Military Communications Conference, San Diego, California, USA, 2008.
 
[5]  Ehsan, S. et al., “Design and Analysis of Delay-Tolerant Sensor Networks for Monitoring and Tracking Free-Roaming Animals,” IEEE Transactions on Wireless Communications, vol. 11, no. 3, pp. 1220-1227, March 2012.
 
[6]  Pereira, P. et al., “From Delay-Tolerant Networks to Vehicular Delay-Tolerant Networks,” IEEE Communications Surveys and Tutorials, vol. PP, no. 99, pp. 1-17, September 2011.
 
[7]  Small, T. and Haas, Z.J, “The Shared Wireless Infostation Model: A New Ad hoc Networking Paradigm (Or Where There is a Whale, There is a Way),” in ACM MobiHoc'03, Annapolis, Maryland, USA, 2003.
 
[8]  Hui, P. et al., “Pocket-Stiched Networks and Human Mobility in Conference Environments,” in ACM SIGCOMM Workshop on Delay Tolerant Networking, Philadelphia, Pennsylvania, USA, 2005.
 
[9]  Zhang, Z., “Routing in Intermittently Connected Mobile Ad hoc Networks and Delay Tolerant Networks: Overview and Challenges,” IEEE Communications Surveys and Tutorials, vol. 8, no. 1, pp. 24-37, 2006.
 
[10]  Fall, K., “A Delay-Tolerant Network Architecture for Challenged Internets,” in ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, 2003.
 
[11]  Wood, L., Eddy, W., Ivancic, W., McKim, J., and Jackson, C, “Saratoga: A Delay-Tolerant Networking Convergence Layer for Efficient Link Utilization,” in Satellite and Space Communications, Oston Maryland, USA, 2007.
 
[12]  Wood, L. and Holliday, P, “Using Http for Delivery in Delay/Disruption Tolerant Networks,” Network Working Group, draft-wood-dtnrg-http-dtn-delivery-07, USA, 2011.
 
[13]  De Rango, F., Tropea, M,. Laratta, G., and Marano, S., “Hop-by-hop Local Flow Control Over InterPlanetary Networks Based on DTN Architecture,” in IEEE International Conference on Communications, Glasgow, Scotland, 2008.
 
[14]  Dierks, T. and Rescorla, E., “The Transport Layer Security Protocol,” Version 1.2, RFC 5246, Network Working Group, 2008.
 
[15]  Kent, S. and Seo, K., “Security Architecture for the Internet Protocol” RFC 4301, Network Working Group, 2005.
 
[16]  Dwork, C. and Noar, M., “Pricing via Processing or Combating Junk Mails Springer, Heidelberg, 1998.
 
[17]  Juels, A. and Brainard, J., “Client Puzzles: A Cryptographic Countermeasure against Connection Depletion Attacks,” in Proc. Network and Distributed Systems Security Symposium, pp. 151-165, 1999.
 
[18]  Maughan, G., Schnertler, M., Schneider, M., and Turner, J., “Internet Security Association Key Management Protocol (ISAKMP),” RFC 2408, 1998.
 
[19]  Onen, M. and Molva, R., “Denial of Service Prevention in Satellite Networks,” IEEE International Conference on Communications, vol. 7, pp. 4387-4391, 2004.
 
[20]  Meadows, C., “A Formal Framework and Evaluation Method for Network Denial of Service,” in Proc. IEEE Computer Security Foundations Workshop, 1999.
 
[21]  Symington, S., Farrell, S., Weiss, H., and Lovell, P., “Bundle Security Overview,” Internet Draft, 2008.
 
[22]  Burgess, J., Bissias, G., Corner, M., and Levine, B., “Surviving Attacks on Disruption-Tolerant Networks without Authentication,” in Proc. ACM MOBIHOC, 2007.
 
[23]  Li, F., Wu, J., and Srinivasan, A., “Thwarting Blackhole Attacks in Disruption-Tolerant Networks using Encounter Tickets,” in Proc. IEEE INFOCOM, 2009.
 
[24]  Ren, Y., Chuah, M., Yang, J., and Chen, Y., “Detecting Wormhole Attacks in Delay-Tolerant Networks,” in Proc. IEEE Wireless Communications, 2010.
 
[25]  Lee, F., Goh, W., and Yeo, C., “A Queuing Mechanism to Alleviate Flooding Attacks in Probabilistic Delay Tolerant Networks,” in Proc. AICT, 2010.
 
[26]  Choo, F., Chan, M., and Chang, E., “Robustness of DTN against Routing Attacks,” in Proc. COMSNETS, 2010.
 
[27]  Asokan, N., Kostiainen, K., Ginzboorg, P., Ott, J., and Luo, C., “Applicability of Identity-based Cryptography for Disruption- Tolerant Networking,” in Proc. ACM MOBIOPP, 2007.
 
[28]  Seth, A. and Keshav, S. “Practical Security for Disconnected Nodes,” in Proc. of IEEE ICIP Workshop on Secure Network Protocols, 2008.
 
[29]  Kate, A., Zaverucha, G.M., and Hengartner, U., “Anonymity and Security in Delay Tolerant Networks,” 3rd International Conference on Security and Privacy in Communications Networks, pp. 504-513, 2007.
 
[30]  Householder, A., Manion, A., Pesante, L., Weaver, G.M, “Managing the Threat of Denial of Service Attacks,” Version 10.0, CERT Coordination Centre, Carnegie Mellon University, Oct., 2001.
 
[31]  Demmer, M. et al., “Implementing Delay Tolerant Networking,” Intel Corporation Berkeley, Technical Report TRB-TR-04-020, 2004.
 
[32]  Jea, D., Somasundra, A.A., and Srivastava, M.B, “Multiple Controlled Mobile Elements (Data mules) for Data Collection in Sensor Networks,” in 7th IEEE Conference on Distributed Computing in Sensor Systems, pp. 244-257, 2005.
 
[33]  Shah, R.C., Roy, S., Jain, S., and Brunette, W., Data mules: Modelling and Analysis of Three-Tier Architecture for Sparse Sensor Networks, Elsevier Ad Hoc Networks Journal, vol. 1, pp. 215-233, Sept., 2003.
 
[34]  Symington, S., Farrell, S., Weiss, H., and Lovell, P., “Bundle Security Protocol Specification,” Draft-irft-dtnrg-bundle- security-17, 2010.
 
[35]  Krawczyk, H., Bellare, M., and Canetti, R., “HMAC: Keyed Hashing for Message Authentication,” in Crypto 1996, 1996, pp. 1-15.
 
[36]  Bindra, H.S. and Sangal, A.L, Considerations and Open Issues in Delay Tolerant Networks (DTNs) Security, Wireless Sensor Network Scientific Research Journal, pp. 635-648, Aug., 2010.
 
[37]  Keränen, A., “Opportunistic Network Environment Simulator,” Helsinki University of Technology, Department of Communications and Networking, Finland, Special Assignment Report, 2008.
 
[38]  Spyropoulos, T., Psounis, K., and Raghavendra, C.S, “Spray and Wait: An Efficient Routing Scheme for Intermittently Connected Mobile Networks,” in ACM SIGCOMM Workshop on Delay Tolerant Networking, New York, USA, 2005.