Routing amid Colluding Attackers
We propose the first practical solution to the longstanding problem of secure wireless routing in the presence of colluding attackers. Our secure routing protocol, Sprout, continuously tries new routes to the destination. Routes are probabilistically generated, with complete disregard for performance metrics. This makes Sprout uniquely resilient to attack: it cannot be tempted by shortcuts. In order to avoid compromised routes, and to ensure good overall performance, the quality of each active route is monitored by means of signed end-to-end acknowledgments. The amount of traffic sent on each route is adjusted accordingly. Sprout effectively mitigates the vast majority of known routing layer attacks, even when under assault from a large number of colluding attackers. Experiments on our 31-node test bed demonstrates the real-world performance of Sprout in terms of packet delivery ratio, round-trip times and TCP throughput. Our security analysis and simulation results show that Sprout is able to quickly find working paths in networks of hundreds of nodes and dozens or more attackers. For example, in a network of 200 nodes and an astounding 64 attackers, Sprout, on average, found a successful route within less than 10 attempts. Yet, in benign settings, Sprout provides TCP throughput within 15% of the shortest path throughput. Overall, Sprout consistently delivers high, reliable performance in benign as well as hostile environments.
Jakob Eriksson Michalis Faloutsos Srikanth V. Krishnamurthy
MIT CSAIL University of California, Riverside
国际会议
The 15th IEEE International Conference on Network Protocols(ICNP 2007)(第15届IEEE国际网络协议大会)
北京
英文
184-193
2007-10-16(万方平台首次上网日期,不代表论文的发表时间)