Projects in DNA Lab - Resilience and Security

Return to Main Projects Page

• Active Projects:

  • Secure Routing: Current routing schemes are resilient to simple failures, such as a node going down. Routes can be recomputed once the failed node is identified. However, in more catastrophic or adversarial settings, traditional routing approaches can perform poorly. Our work both evaluates previous approaches and also explores novel solutions.

    • Strong Detection: Distributed routing protocols generally assume that the distributed components that implement the protocol perform their tasks correctly. Malicious users or simply oversights in design or coding can significantly impede routing performance. Can the presence of a misbehaving node be detected by correctly behaving nodes? Previous work has shown that a node can look at its state for inconsistencies in specific properties (e.g., triangle inequality) to reveal potential problems. However, how does one know if they are checking the right property?

      We derived the notion of strong detection methods. A method implements strong detection if, given an inconsistency, the method identifies it, or there is no method that can identify it without changing/enhancing the routing protocol and state information collected. We also derived low-complexity strong detection methods for distance-vector, path-vector, and link-state routing protocols, and used them to explore the likelihood of detecting inconsistencies in these various classes of protocols.

      Publications:

      • Raj Kumar Rajendran, Vishal Misra and Dan Rubenstein, Theoretical Bounds on Control-Plane Self-Monitoring in Routing Protocols, To appear in Proceedings of ACM Sigmetrics, San Diego, CA, June, 2007.
      • Raj Kumar Rajendran, Vishal Misra and Dan Rubenstein, Control Plane Resilience: The Method of Strong Detection, Control Plane Resilience: The Method of Strong Detection, Allerton 2006, September, 2006.
      • Raj Kumar Rajendran, Vishal Misra, and Dan Rubenstein. Brief announcement::strong detection of misconfigurations. In Principles of Distributed Computing (PODC), Las Vegas, NV, July 2005.

    • Multipath routing: In conventional single-path routing, intruders can easily compromise a data session by shutting down any intermediate node or link on the routing path that is being used by the data session. To address this problem, we consider distributed solutions that route a fixed throughput or the maximum possible throughput along the best set of multiple paths, such that the worst-case throughput loss due to a single-link attack is minimized. We also demonstrate that our distributed solutions are robust in response to various models of multi-link attacks.

      In addition, to diagnose and correct failures in routing, we propose an efficient end-to-end inference algorithm that explores the behaviors of multiple paths and seeks to minimize the cost of recovering all network faults.

      Publications:

      • Patrick P.C. Lee, Vishal Misra, and Dan Rubenstein. Distributed Algorithms for Secure Multipath Routing in Attack-Resistant Networks. Accepted for publication in IEEE/ACM Transactions on Networking.
      • Patrick P.C. Lee, Vishal Misra, and Dan Rubenstein. Toward Optimal Network Fault Correction via End-to-End Inference. Proceedings of IEEE INFOCOM, Anchorage, Alaska, May 2007.
      • Patrick P.C. Lee, Vishal Misra, and Dan Rubenstein. Distributed Algorithms for Secure Multipath Routing. Proceedings of IEEE INFOCOM, Miami, Florida, March 2005.

    • Incentives: Nodes in mobile ad-hoc networks are often composed using nodes to forward traffic on behalf of one another. Without an appropriate incentive mechanism in place, situations can arise in which selfish nodes may refuse to forward traffic, since it provides them no direct benefit. We propose a credit exchange protocol for packet forwarding. A novel aspect of our proposed exchange is the decoupling of the notion of fairness from incentive. Using an algorithm that is distributed and adapts easily to changing network conditions, each node determines its own price of how much to charge for forwarding a packet, where price is a function of the various nodes' traffic demands and the routes that these demands take through the network. For any feasible allocation, each node's price is computed so that when each node achieves its throughput demand, the system is budget balanced. We show the conditions under which a unique pricing solution converges and all nodes are able to maintainsustainable and stable credit levels.

      • Richard T.B. Ma, Vishal Misra and Dan Rubenstein. Modeling and Analysis of Generalized Slotted-Aloha MAC Protocols in Cooperative, Competetive and Adversarial Environments. The 26th International Conference on Distributed Computing Systems (ICDCS 06), Lisboa, Portugal, July, 2006.

    • Data Persistence in Disaster Settings: Sensor networks deployed in disaster scenarios such as floods, fires, terrorist attacks or earthquakes pose an interesting design challenge since the sensor nodes used to collect and communicate data may themselves fail suddenly and unpredictably, resulting in the loss of valuable data. Furthermore, because these networks are often expected to be deployed in response to a disaster, or because of sudden configuration changes due to failure, these networks are often expected to operate in a "zero configuration" paradigm, where data collection and transmission must be initiated immediately, before the nodes have a chance to assess the current network topology. We design and analyze techniques to increase "persistence" of sensed data, so that data is more likely to reach a data sink, even as network nodes fail. We propose "Growth Codes", a novel data encoding technique which improves data persistence in a sensor network and accelerates delivery of distributed sensor data to the sink(s).

      Publications:

      • Abhinav Kamra, Jon Feldman, Vishal Misra and Dan Rubenstein, Growth Codes: Maximizing Sensor Network Data Persistence, ACM Sigcomm, Sep 2006.
      • Abhinav Kamra, Jon Feldman, Vishal Misra and Dan Rubenstein, Encoding for Persistent Sensor Networks, Allerton Conference on Communication, Control and Computing, September, 2005.
      • Abhinav Kamra, Jon Feldman, Vishal Misra and Dan Rubenstein, Data Persistence in Sensor Networks: Towards Optimal Encoding for Data Recovery in Partial Network Failures, Workshop on MAthematical performance Modeling and Analysis, June, 2005.

  • Enabling Robot Navigation Through Sensor Nets: Recent approaches to robotic search and rescue have generally assumed the availabilty of hardware services such as GPS or magnetic compass. Our work examines how an ad-hoc sensor network can be used to guide robotic searchers towards beacon targets in absence of GPS and similiar services. We leverage a simple distributed algorithm to propogate a network-wide gradient towards beacon targets. Demo

    • Contact Joshua Reich for details.

  • Worm detection: It is a commonly held belief that IPv6 provides greater security against random-scanning worms by virtue of a very sparse address space. We show that an intelligent worm can exploit the directory and naming services necessary for the functioning of any network, and we model the behavior of such a worm. We explore via analysis and simulation the spread of such worms in an IPv6 Internet. Our results indicate that such a worm can exhibit propagation speeds comparable to an IPv4 random-scanning worm. We develop a detailed analytical model that reveals the relationship between network parameters and the spreading rate of the worm in an IPv6 world as well as develop a simulator based on our analytical model. Simulation results using parameters from real measurements indicate that an intelligent worm can spread surprisingly fast in an IPv6 world by using simple yet intelligent scanning strategies.

    Publications:

    • Abhinav Kamra, Hanhua Feng, Vishal Misra and Angelos Keromytis, The Effect of DNS Delays on Worm Propagation in an IPv6 Internet, Proceedings of IEEE Infocom, Miami, FL, USA, 2005.

  • P2P Pollution: P2P Systems are highly vulnerable to pollution attacks. We use fluid modeling to explore various strategies by both the polluters and the clients trying to get the valid copy.

    Publications:

    • Rakesh Kumar, David Yao, Amitabha Bagchi, Keith Ross and Dan Rubenstein, Fluid Modeling of Pollution Proliferation in P2P Networks, Proceedings of ACM Sigmetrics, St. Malo, France, June, 2006.

• Old Projects:

  • SOS: Distributed Denial of Service (DDoS) Attacks are mounted by a malicious user or set of users who seek to block access to a particular target site by sending packets from multiple compromised network locations at the target. Our Secure Overlay Services (SOS) work investigated how to use overlay networks to proactively protect target sites, such as web servers, from direct attack.

    Publications:

    • Angelos Keromytis, Vishal Misra and Dan Rubenstein, SOS: Secure Overlay Services, Proceedings of ACM Sigcomm, Pittsburgh, PA, August, 2002.
    • William G. Morein, Angelos Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Misra and Dan Rubenstein, Using Graphic Turing Tests to Counter Automated DDoS Attacks Against Web Servers, Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS), Washington D.C., Oct, 2003.
    • Angelos Keromytis, Vishal Misra and Dan Rubenstein, SOS: An Architecture for Mitigating DDoS Attacks, IEEE Journal on Selected Areas in Communications (JSAC), special issue on Service Overlay Networks, Volume 22, Number 1, January, 2004.
    • Angelos Stavrou, John Ioannidis, Angelos D. Keromytis, Vishal Misra and Dan Rubenstein, A Pay-per-Use DoS Protection Mechanism For The Web, In Proceedings of the 2nd Applied Cryptography and Network Security (ACNS) Conference, Yellow Mountain, China, June, 2004.
    • Angelos Stavrou, Angelos D. Keromytis, Jason Nieh, Vishal Misra and Dan Rubenstein, MOVE: An End-to-End Solution To Network Denial of Service, Proceedings of the Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS), San Diego, CA, February, 2005.
    • Angelos Stavrou, Debra L. Cook, William G. Morein, Angelos D. Keromytis, Vishal Misra and Dan Rubenstein, WebSOS: An Overlay-based System For Protecting Web Servers From Denial of Service Attacks, Journal of Communication Networks, Volume 48, Number 5, August, 2005.

  The project is also described by our colleagues and collaborators in the NSL Lab on their pages.