watchdog.ppt

8/12/2019 Watchdog.ppt

1/50

GUIDE : Ms . NEELAVATHY PARI


2/50

WHEN WATCHDOG MEETS CODING


3/50

MISBEHAVIOR DETECTION IN WIRELESS NETWORKS Multi-hop nature makes wireless networks subject to tampering

attack: a compromised/misbehaving node can easily ruin datacommunication by dropping or corrupting packets it is supposed toforward.

Two approaches to mitigate misbehavior:1. End to End misbehavior detection using error detection coding.

Shortcomings : 1. Throughput of network is reduced even if there

is no misbehaving node.2. In this scheme , the source and the destination

has no knowledge about the location of misbehaving node.


4/50

APPROACHES TO MITIGATE MISBEHAVIOR

2.A commonly adopted approach is to exploit thebroadcast nature of the wireless medium , where nodesmonitor their downstream neighbors locally using

overheard messages . Such nodes are called Watchdogs.

Main Challenges : 1. channel fading

2.collision with other transmissions3.interference

So watchdog may not be able to overhear every transmission.


5/50

GOALS TO BE ACHIEVED BY WATCHDOG MECHANISM

1. Malicious behavior in the network should be detectedwith high probability despite adverse channel conditionsand interference.

2. The throughput with the detection mechanism should becomparable to the throughput without detection in theabsence of any attack.

Intuitively , these two goals are conflicting.


6/50

HOW BOTH THE GOALS CAN BE ACHIEVED ? These goals can be achieved by introducing error detection

coding to the watchdog mechanism.

In this paper , its shown that by choosing the errordetection code properly , a misbehaving node can bedetected with high probability while the throughputapproaches optimal.

A simple protocol is proposed , that identifies themisbehaving node exactly two watchdog nodes perunreliable relay node.


7/50

MAIN IDEA OF WATCHDOG

The main idea of watchdog is promiscuous monitoring .Once a node is deemed to be misbehaving, the source

would choose a new route free of misbehaving node with

the aid of Path rater

Such watchdog mechanisms do not do not perform well inthe presence of adverse channel conditions and

interference allowing the misbehaving node to corrupt asingle packet while being undetected with high probability.


8/50

VARIANT OF WATCHDOG Here , the next-hops behavior is measured with the local

evaluation record , defined as 2 tuple : byte ratio andpacket ratio , forwarded by the next hop neighbor.

Local evaluation records are broadcast to all the neighbors.

Trust level of the of a node is the combination of its local

observation and the broadcasted information.

Trust level is inserted to the RREQ .Route is selected insimilar way to AODV.


9/50

DETECTING MISBEHAVIOR

This paper is focused on multi hop wireless networks inwhich data packets are transmitted from source todestination through multiple relay nodes.

Assumption: Relay nodes do not perform any coding andthe data packets are forwarded as they are received at therelay nodes.

Focus is on single node adversary model . i.e. the adversarycan compromise at most one node in the network.


10/50

Continued..

In such a network , a node W can be assigned as awatchdog for a relay node R if W can overhear bothincoming/outgoing transmissions to/from R.

More specifically , a node W that can overhear the datapackets from being transmitted by R and by Rs upstreamneighbor can compare the two copies of the packet and

report an attack to the source or destination if there is amismatch.


11/50

WHO CAN MISBEHAVE ?

There are two possibilities here.

The relay node can misbehave which is detected by thewatchdog node W.

The watchdog node may misbehave by accusing a relaynode of forwarding corrupted data even though the relaynode is well-behaving.


12/50

OMNISCIENT ADVERSARY MODEL

Omniscient adversary model is considered , where theadversary is computationally unbounded and has completeknowledge of the misbehavior detection scheme being

employed in the network.

Since the watchdog node may only be able to overhear afraction of transmissions to/from the node it is monitoring,

an adversary may be able to avoid being detected by thewatchdog with high probability by keeping the fraction ofpackets it tampers lower than a certain threshold u.


13/50

HOW TO OVERCOME THIS DRAWBACK ? In order to overcome this drawback of watchdog

mechanisms , source error detection coding is integratedwith watchdogs.

By applying error detecting codes , the destination candetect an attack during the decoding process with highprobability if the fraction of packets tampered by theadversary is lower than a certain threshold c.

If w


14/50

A. DETECTION IN SINGLE FLOW CASE :


15/50

DETECTION MECHANISM IN SINGLE FLOW CASE :

Here , the source node S encodes every K data packets intoa block of ncoded packets with an ( n ,k ) MaximumDistance Separable (MDS) code.

An attack will always be detected at the decoder ar long asno more than n-k packets are altered.

As a result , R has to alter at least n-k+1 packets in a blockin order to avoid being detected by the decoder.


16/50

DETECTION MECHANISM (continued) However , the more packets R tampers , the more likely it

will be caught by W.

Hence , in order to remain undetected by both thewatchdog W and the destinations decoder , it is of Rsinterest to just attack the minimum number of packets perblock : n-k+1.

Assumption : All transmissions along the path S-R-D arereliable while W can only overhear both transmission of apacket with probability q , called observe probability.


17/50

Probability of relay node R not being caught :


18/50

We can then choose the function f ( n ,q )appropriately so that we can make P miss arbitrarilyclose to optimal.

For example , by making f (n , q ) = ln n for anypositive constant , the probability of relay node R

not being caught is ,


19/50


20/50


21/50

By making n large , the coding/decoding complexityincreases .

The source node can scramble coded packets of multiple (n , k ) encoded blocks and transmit these packets inrandom order .

By doing so , the attacker will have to corrupt more packetsin order to destroy a particular block , which makes it easierto be detected by the watchdog.


22/50

B . DETECTION MECHANISM IN TWO FLOWS CASE : Here , multiple data flows are there in the network and

distributed random access MAC protocol is assumed.

Lets consider the network in Fig. with two flows : S1-R1-D1and S2-R2-D2 .

The flows are far enough and there is no inter-flowinterference , but the watchdog W is between the two flowsand can overhear transmissions on all the four links.


23/50

A TWO FLOW NETWORK :


24/50

So , even though a transmission is successful along its path,

it may collide with packets from the other f low received atW.

A slotted aloha access protocol is assumed with accessprobability .


25/50


26/50


27/50

IDENTIFYING THE MISBEHAVIOR NODE When misbehavior detection is essential , its important to

identify the misbehaving node to avoid that node in futuretransmissions.

A simple protocol is proposed that identifies themisbehaving node with just a single extra watchdog ,including the cases when the watchdog is misbehaving.

If watchdog misbehaves , the protocol locates themisbehaving node deterministically. If relay nodemisbehaves, the protocol is guaranteed to locate the node

with a probability that approaches to unity.


28/50

SINGLE FLOW NETWORK WITH TWO WATCHDOGS


29/50

A. THE PROTOCOL Here , the relay node R is observed by two watchdogs W1

and W2 and relays the information from a source node S tothe destination node D.

Each packet contains a unique generation number thatidentifies the generation to which a particular packetbelongs to.

Each watchdog in the network decides whether or not therelay node is misbehaving based on all the overheardpackets that belong to the current generation.


30/50

The watchdog transmits a decision bit 1 to the judge node(source node or destination node or both ) .else ittransmits a decision bit 0 to the judge node.

It is assumed that if the watchdog is misbehaving , it maytransmit a 0 or 1 for any particular relay node (same

watchdog may transmit different decisions for different

relay nodes )

Let the bits received from W1 and W2 be w1 and w2.


31/50


32/50

HOW THE PROTOCOL DECIDES MISBEHAVING NODE : Case 1 : w1w2 = 11 .then , the relay node is misbehaving.

Case 2 : w1w2 =00 . Then none of the nodes is under attack

Case 3 : w1 w2=01 or 10 . Then assuming that each node canbe misbehaving with equal probability and the miss detection probability for W1 and W2 are both P miss.probability of a particular node misbehaving can becalculated , given w1w2 = 01 as :


33/50


34/50

The protocol decides that the watchdog sending a decisionbit 1 is misbehaving , which is precisely the maximumlikelihood decision since P W2|01 > P R|01

Let P L|N denote the probability of correctly locating themisbehaving node in the network.

P F|N denote the probability that the node other than N is

accused to be misbehaving P U|N denote the probability when the adversary at node N

operates undetected.


35/50

B . PERFORMANCE

SINGLE FLOW CASE For a single flow case , only one extra watchdog is required

to locate the adversary in the network .

The protocol discussed above is employed at thedestination node D.

The following lemmas characterize the protocol :

Lemma 1: In single flow case , if any of the watchdogs ismisbehaving , it will be located.


36/50


37/50


38/50

Lemma 2: In single flow network , if R is misbehaving ,then R goes undetected if and only if w1w2=00. i.e. whenboth the watchdogs miss all the packets corrupted by the

attacker.

On the other hand , R will be detected if and only if noneof the watchdogs miss any of the packets corrupted by R.i.e. w1w2 = 11

Assumption: Both the watchdogs have the sameprobability P miss.


39/50


40/50

C . PERFORMANCE

TWO FLOWS CASE Here , the destination node may collaborate among

themselves to locate the misbehaving node .

If D1 and D2 both receive 1 from W2 they willcollaboratively decide that W2 is the misbehaving node.

On the other hand , if R1(R2) is misbehaving , W2 sends a 1to D1(D2) , which will certainly imply that thecorresponding relay node is under attack.


41/50


42/50


43/50

If the destination nodes do not collaborate , then thedecision made by any of the destination nodes say D1 ,isdependent only on the decision bits of the watchdogs

observing the relay node.

Lemma 3: In the two flow case , the protocoldeterministically locates the attacker if it attacks at any of

the watchdogs . collaboration of destination nodes doesnot play a role here.


44/50


45/50


46/50

MULTIHOP ROUTING


47/50

LOCATING MISBEHAVIOR IN MULTIHOP ROUTING : Without any loss of generality , lets assume that R2 is

compromised by the adversary and assume that there is noother watchdog other than R1 and R2. There are 3 ways the

adversary can attack the data communication :

1. R2 corrupts the packet and claims that R3 is misbehaving.

2. R2 only corrupts the packets.

3. R2 claims that R3 is misbehaving.


48/50

Since at most one node can be misbehaving , whenevertwo nodes claim their next hop is misbehaving , the judgecan always correctly identify the misbehaving node to theone with a larger index.

However , if only one node declares an attack , there is noway for the judge to differentiate last two cases.

Hence , the strategy adopted by the misbehaving node inmulti hop flows is either to corrupt the packets or claimthat the node its watching is misbehaving.


49/50

FINAL REMARKS Studied the problem of misbehavior detection in wireless

networks.

Lightweight misbehavior detection scheme is proposed ,which integrates the idea of watchdogs and error detectioncoding.

A simple protocol , by using just one extra watchdog perrelay node , locates the misbehaving node with probabilityapproaching to unity.


50/50

Reference Guanfeng Liang , Rachit Agarwal and Nitin Vaidya When

Watchdog Meets Coding .IEEE INFOCOM 2010proceedings.

watchdog.ppt

Documents