dong xuan: cse885 on 11/07/07 the ohio state university 1 research in networking dong xuan dept. of...

1Dong Xuan: CSE885 on 11/07/07The Ohio State University

Research in Networking

Dong Xuan

Dept. of Computer Science and EngineeringThe Ohio State University


Outline

Group Research Overview Performance - Optimal Deployment in

Wireless Sensor Networks Security - Flow Marking in the Internet


Group Members

Student members: Xiaole Bai, Adam Champion, Sriram Chellappan (to be assistant professor in Univ. of Missouri at Rolla), Boxuan Gu, Wenjun Gu, Thang Le, Zhimin Yang

Former members: Sandeep Reddy (M.S., 2004, Microsoft), Lamonte Glove (M.S., 2004, Avaya) and Kurt Schosek (M.S., 2005), Xun Wang (Ph.D, 2007, CISCO)

Faculty member: Dong Xuan


Research Interests Real-time computing and communications

Deterministic and statistic QoS guarantees [ICDCS00, INFOCOM01, RTSS01, ToN04]

Voice over IP [RTAS02, TPDS05] Performance

Topology control [MOBIHOC06, INFOCOM08] Mobility control [TPDS06, TMC07]

Security Internet security

• Overlay security [ICDCS04, TPDS06]• Anonymous communications [IPDPS05, SP07,

INFOCOM08_mini]• Worm/Malware defense[SECURECOM06, 07, ACSAC06]

Wireless network security [IWQoS06, TPDS06]


Research Grants

ARO: “Defending against Physical Attacks in Wireless Sensor Networks”, (PI, 2007-2010)

NSF: “Efficient Resource Over-Provisioning for Network Systems and Services”, (PI, CAREER award, 2005-2010)

NSF: “Overlay Network Support to Remote Visualization on Time-Varying Data”, (PI, 2003-2006)

SBC/Ameritech: “Providing Statistic Real-time Guarantees to Multimedia Teleconferences”, (PI, 2002-2003)


Performance: Optimal Deployment Patterns in WSNs

Xiaole Bai, Santosh Kumar, Dong Xuan, Ziqiu Yun and Ten H. Lai, Deploying Wireless Sensors to Achieve Both Coverage and Connectivity, in ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), 2006

Xiaole Bai, Ziqiu Yun, Dong Xuan, Ten H. Lai and Weijia Jia, Deploying Four-Connectivity And Full-Coverage Wireless Sensor Networks, in IEEE International Conference on Computer Communications (INFOCOM), 2008


Problem Definition

What is the optimal number of sensors needed to achieve p-coverage and q-connectivity in WSNs?

An important problem in WSNs: Connectivity is for information transmission and coverage

is for information collection Avoid ad hoc deployment to save cost To help design topology control algorithms and protocols other practical benefits

The Ohio State University


p-Coverage and q-Connectivity

q-connectivity: there are at least q disjoint paths between any two sensors

p-coverage: every point in the plane is covered by at least p different sensors

rs

rc

Node ANode B

For example, nodes A, B, C andD are two connected

Node C

Node D


Relationship between rs and rc

Most existing work is focused on In reality, there are various values of

sc rr 3

The communication range of the Extreme Scale Mote (XSM) platform is 30 m and the sensing range of the acoustics sensor is 55 m

Sometimes even when it is claimed for a sensor to have , it may not hold in practice because the reliable communication range is often 60-80% of the claimed value

sc rr /

sc rr 3


A Big Picture

Research on Asymptotically Optimal Number of Nodes

[1] R. Kershner. The number of circles covering a set. American Journal of Mathematics, 61:665–671, 1939, reproved by Zhang and Hou recently.[2] R. Iyengar, K. Kar, and S. Banerjee. Low-coordination topologies for redundancy in sensor networks. MobiHoc2005.

MobiHoc06 INFOCOM08


Known Results: Triangle Pattern [1]

sc rr 3

srd 31

Notice it actually achieves 1-coverage and 6-connectivity

d1srd

232

d2


Place enough disks between the strips to connect them See the paper for a

precise expression The number is disks

needed is negligible asymptotically

sc rrd 3,min14

22

2 ss rrd

Our Optimal Pattern for 1-Connectivity

Note : it may be not the only possible deployment pattern d1

d2

A


Connect the neighboring horizontal strips at its two ends


Note : it may be not the only possible deployment pattern

sc rrd 3,min14

22

2 ss rrd

d1

d2

A



/ 2c sr r

Note : it may be not the only possible deployment pattern

crdd 21d1

d2

A

Square pattern



sc rr /2

sc rrd 3,min1 )2/arcsin2sin(12 sc rrdd

Note : it may be not the only possible deployment pattern d1

d2

A

Diamond pattern


Workflow of optimality proof (1) Step 1

We lay out the theoretical foundation of the optimality proof: for any collection of the Voronoi polygons forming a tessellation, the average edge number of them is not larger than six asymptotically.

• It is built on the well known Euler formula.

Step 2 We show that any collection of Voronoi polygons generated in

any deployment can be transformed into the same number of Voronoi polygons generated in a regular deployment while full coverage and desired connectivity can still be achieved.

• The proof is based on the technique of pattern transformation and the theoretical foundation obtained in Step 1.


Workflow of optimality proof (2) Step 3

We prove the number of Voronoi polygons from any regular deployment has a lower bound.

Step 4 We show that the number of Voronoi polygons used

in the patterns we proposed is exactly the lower bound value. Hence the patterns we proposed are the optimal in all regular deployment patterns.

• Based on the conclusion obtained in Step 2, the patterns we proposed are also the optimal among all the deployment patterns.


Future WorkResearch on Asymptotically Optimal Number of Nodes


Security: Flow Marking Techniques in the Internet Security Wei Yu, Xinwen Fu, Steve Graham, Dong Xuan and

Wei Zhao, DSSS-Based Flow Marking Technique for Invisible Traceback, in Proc. of IEEE Symposium on Security and Privacy (Oakland), May 2007, pp18-32

Xun Wang, Wei Yu, Xinwen Fu, Dong Xuan and Wei Zhao, iLOC: An invisible LOCalization Attack to Internet Threat Monitoring System, accepted to appear in the mini-conference conjunction with IEEE International Conference on Computer Communications (INFOCOM), April 2008.


Invisible Traceback in the Internet Internet has brought convenience to our

everyday lives However, it has also become a breeding

ground for a variety of crimes Network forensics has become part of

legal surveillance We study flow marking for a

fundamental network-based forensic technique, traceback


Problem Definition

Suspect Sender is sending traffic through encrypted and anonymous channel, how can Investigators trace who is the receiver?

ReceiverSenderNetwork


Traffic Confirmation by Flow Marking Investigators want to know if Sender

and Receiver are communicatingReceiverSender

SnifferInterferer

AnonymousChannel

The investigators know that Sender communicates with Receiver

InvestigatorHQ


Issues in Flow Marking

Traceback accuracy Periodic pattern ok?

Traceback secrecy Traceback without conscience of suspects

DSSS-based technique for accuracy and secrecy in traceback!


Basic Direct Sequence Spread Spectrum (DSSS)

A pseudo-noise code is used for spreading a signal and despreading the spread signal

DespreadingSpreading

PN Code

Original Signal

tb

ct

dt

PN Code

cr

Recovered Signal

noisychannel

Interferer Snifferrb dr


Example – Spreading and Despreading

Signal dt: 1 -1 DSSS code ct: 1 1 1 -1 1 -1 -1 Spread signal tb=dt.ct=1 1 1 -1 1 -1 -1 -1 -1 -1 +1 -1 1 1

One symbol is “represented” by 7 chips PN code is random and not visible in time and frequency domains

Despreading is the reverse process of spreading

+1

-1dt t

ct

+1

-1

Tc (chip)

t

NcTc

t

tb


Mark Generation by Interferer

1. Choose a random signal

2. Obtain the spread signal

3. Modulate a target traffic flow by appropriate interference

Chip +1: without interference

Chip -1: with interference Low interference favors

traceback secrecy

PN Code

Original Signal dt

FlowModulator

Internet

rx = spread signal + noise

tb

ct

tx


Mark Recognition by Sniffer1. Sample received traffic to

derive traffic rate time series

2. Use high-pass filter to remove direct component by Fast Fourier Transform (FFT)

3. Despreading by local DSSS code

4. Use low-pass filter to remove high-frequency noise

5. Make decision Recovered signal == Original

signal?

PN Code

Decision Rule

rx = spread signal + noise

High-pass Filter

Low-pass Filter

rx’

rb

cr


Invisible Location Attack to Internet Monitoring Systems Widespread attackers attempt to evade the

distributed monitoring/detection systems We design invisible LOCalization (iLOC) attack

which can locate the detection monitors accurately and invisibly. Then the widespread attacks can evade these located monitors.

Effectiveness of iLOC attack We implement iLOC attack, carry out

experiments and analyze the effectiveness of iLOC attack.


Internet Threat Monitoring SystemsGlobal traffic monitoring based Internet Threat Monitor Systems (ITM):

- Distributed monitors - Data center Data center

monitors

Network A Network B

Internet

Attacker

Network C

MONITORS’ LOG UPDATE

monitors

Attacker

A vulnerability: location privacy of monitors (ITM only monitors a small part of whole IP address space.)


invisible LOCalization Attack

Basic idea: Verify attack traffic in traffic report, verify existence of monitors.

Two Stages: - Attack traffic generating - Attack traffic decoding

Embed an attack mark in the attack traffic, which can be recognized by the attacker.


Final Remarks

Group research: theorem and implementation Research on Performance

Optimal deployment pattern in WSNs Limited mobility WSNs

Research Security Flow marking in internet security Worm detection Wireless security


Thank you !Questions?

dong xuan: cse885 on 11/07/07 the ohio state university 1 research in networking dong xuan dept. of...

Documents