Intrusive-Node Detection and Smart Redundancy in Networks
Akshay Madan - akm88@pitt.edu
Project Overview
Internet of Things is widely accepted technology with multitude of Applications. But, simultaneously the Security of IoT networks is becoming a great concern. Networks are often deployed in isolated regions like forests, disaster sites, etc. which leaves them vulnerable to attacks upto physical tampering. On top of that IoT devices have poor defense due to resource constraints. The nodes at risk from malicious actors who could hack into the nodes to control or disrupt the network.
Data Integrity Attacks
Consider an IoT network with a mesh topology among the nodes that forward data to the Aggregation Node. Now, one or several nodes in the network may get compromised and may manipulate some packets that go through them. Such an attack is called Data Integrity Attack or Packet Manipulation Attack.
Previous Work
Previously, I have tried to solve the problem of figuring out nodes involved in Data Integrity Attack by sending out probing packets into the network. These packets are send and received by special nodes while they are relayed by ordinary nodes. By using the malicious and benign packets received at the Aggregation Node which is a special node, it can be determined which relay nodes are the benign and malicious. In summary, the technique used a path trust value that is empirically observed as the probability of the path carrying a malicious packet, to derive a node trust value (or node metric). Thus, the nodes are classified as benign and malicious on the basis of this node metric. This problem has already been worked on and this project is an extension to it.
This Project
I work on 3 independent problems as an extension to this project:
Problem:
Part 0: A limitation of the previous work is that it only works on mesh topologies due to the constraint on number of paths from a source node to a destination node (there can be only 2). Thus, the first extension is to figure out the malicious nodes in a Ring topology by sending out probing packets across it.
Part 1: The second extension is to figure out by observing at the stream of packets at the destination, whether the nodes altering packets are malicious nodes or if they are just faulty.
Part 2: The third extension is to improve k-disjoint paths source-based-dissemination method mentioned in the paper "Practical Intrusion Tolerant Networks" by Daniel Obenshain, et al. using the insights of malicious nodes from the previous work.
Approach:
Part 0: Relaxing the assumption that the source node has to be a special node, thus making several paths available to disseminate probing packets. This overcomes the constraint on the number of paths and thus this technique can be applied to such topologies as well.
Part 1: Instead of the aggregated path trust values for each path, the packet states for all the packets received are individually collected and stored. Packet states are binary states of 0 meaning corrupted packet and 1 being benign. Thus the same procedure of deriving node trust values from aggregated path trust values is performed with an extra dimension of time. And instead of the node metric values which were also preiously aggregated, we expect to receive a packet by packet state for the ones that went through that particular node.
Part 2: Implementing the improved redundancy technique which maintains reliability while reducing overhead. The above mentioned k disjoint paths technique sends out copies of the same message to k node-disjoint paths to ensure message delivery even when there are k-1 adversarial nodes in the network. Since we have an insight as to which nodes are likely to be malicious, we use that and skip the paths out of k disjoint paths that have even one malicious node. Thus we save on the overhead/redundancy while not losing reliability.
Results:
Part 0: As expected this works as well as it would on mesh topologies. Accuracy observed similar to that in a mesh topology.
Part 1: This did not work and the node packet states were averaged out to an arbitrary value. They did not vary even when the node was actively manipulating packets which is what we were expecting to obeserve. This could be because in the process of conversion of path packet streams to node packet streams the information for individual packet was somehow being lost. :(
Part 2: The Improved Redundancy technique works better than k-disjoint path based dissemination. As expected we were able to reduce the total copies of the message transmitted even when the network scaled up. Also the percentage of correctly received messages were observed to be better than the other technique.
Project Materials