Recently we have seen increasing adoption of wireless ad-hoc and sensor networks (WAHAS) for security critical applications in military and civilian domains, such as battlefield surveillance and emergency rescue and relief. However, they are often exposed to a wide-range of control and data traffic attacks. Control attacks are directed to control traffic in the network, such as routing and localization. Examples are wormhole, Sybil, and rushing attacks. Control attacks are often easy to launch even without the need for any cryptographic key and can be used to subvert the functionality of the network by disrupting data flow. Data traffic attacks include selective forwarding and misrouting attacks. We have pursued two lines of defense to secure WAHAS networks. The first is attack prevention using low-cost key management for encryption and authentication. Our protocol Secos provides the guarantee that communication between any two nodes remains secure despite compromise of any number of other nodes. The second line of defense is control and data traffic attack detection, diagnosis, and isolation through local monitoring and response. Each node oversees the traffic in its one-hop neighborhood and maintains state for the behavior of each neighbor. We develop a suite of three protocols for respectively static networks, mobile networks, and energy efficient sleep-awake aware local monitoring. To evaluate the protocols, we perform analysis, simulations in ns-2, testbed, and practical deployments. The metrics for evaluation include fraction of data received at the destination, coverage and delay of isolation, likelihood of false positives, and overhead in terms of resource consumption.
After giving a brief introduction and presenting the local monitoring and response techniques, I’ll elaborate on a particularly devastating control attack called wormhole attack. In the wormhole attack, a malicious node records control and data traffic at one location and tunnels it to a colluding node far away, which replays it locally. This is either to attract traffic through the tunnel or to disrupt route establishment. Finally, I’ll present possible extension of the current research work and provide future research directions.
Dr. Issa Khalil received the B.Sc. degree in Computer Engineering from Jordan University of Science and Technology (JUST), Jordan, in 1994, the MS degree in Computer Engineering from JUST in 1996, and the PhD degree from Purdue University in 2006 working with Professors Saurabh Bagchi and Ness Shroff. Currently he is a postdoctoral research associate at the Cyber Center (CC) at Purdue University. Dr. Khalil’s research interest includes key-management, secure routing protocols, and intrusion detection in Wireless Mesh networks (WMN), Ad Hoc and Sensor networks. He has worked as the director of computer and communication center of Alquds Open University, West Bank, for more than 6 years.