IISc Logo    Title

etd AT Indian Institute of Science >
Division of Electrical Sciences >
Computer Science and Automation (csa) >

Please use this identifier to cite or link to this item: http://hdl.handle.net/2005/791

Title: Recovery From DoS Attacks In MIPv6 : Modelling And Validation
Authors: Kumar, Manish C
Advisors: Gopinath, K
Keywords: Mobile Internet Protocol
Computer Access Control
Computer Security
FRAMOGR
Denial-of-Service (DoS) Attacks
MIPv6 (Mobile Internet Protocol version 6)
Submitted Date: Mar-2008
Series/Report no.: G22342
Abstract: Denial-of-Service (DoS) attacks form a very important category of security threats that are possible in MIPv6 (Mobile Internet Protocol version 6). This thesis proposes a scheme for participants (Mobile Node, Home Agent, and Correspondent Node) in MIPv6 to recover from DoS attacks in the event of any of them being subjected to a DoS attack. We propose a threshold based scheme for participants in MIPv6 to detect presence of DoS attacks and to recover from DoS attacks in the event of any of them being subjected to a DoS attack. This is achieved using an infrastructure for MIPv6 that makes such a solution practical even in the absence of IPsec infrastructure. We propose a protocol that uses concepts like Cryptographically Generated Addresses (CGA), short-term IP addresses using a Lamport hash like mechanism and a hierarchy based trust management infrastructure for key distribution. However, reasoning about correctness of such protocols is not trivial. In addition, new solutions to mitigate attacks may need to be deployed in the network on a frequent basis as and when attacks are detected, as it is practically impossible to anticipate all attacks and provide solutions in advance. This makes it necessary to validate solutions in a timely manner before deployment in real network. However, threshold schemes needed in group protocols make analysis complex. Model checking threshold-based group protocols that employ cryptography have been not successful so far. The testing in a real network or a test bed also will not be feasible if faster and frequent deployment of DoS mitigation solutions is needed. Hence, there is a need for an approach that lies between automated/manual verification and an actual implementation. It is evident from existing literature that not many simulations for doing security analysis of MIP/MIPv6 have been done. This research is a step in that direction. We propose a simulation based approach for validation using a tool called FRAMOGR [40] that supports executable specification of group protocols that use cryptography. FRAMOGR allows one to specify attackers and track probability distributions of values or paths. This work deals with simulation of DoS attacks and their mitigation solutions for MIP in FRAMOGR. This makes validation of solutions possible without mandating a complete deployment of the protocol to detect vulnerabilities in a solution. This does away with the need for a formal theoretical verification of a DoS mitigation solution. In the course of this work, some DoS attacks and recovery mechanisms are simulated and validated using FRAMOGR. We obtained encouraging results for the performance of the detection scheme. We believe that infrastructure such as FRAMOGR would be required in future for validating new group based threshold protocols that are needed for making MIPv6 more robust.
URI: http://hdl.handle.net/2005/791
Appears in Collections:Computer Science and Automation (csa)

Files in This Item:

File Description SizeFormat
G22342.pdf741.89 kBAdobe PDFView/Open

Items in etd@IISc are protected by copyright, with all rights reserved, unless otherwise indicated.

 

etd@IISc is a joint service of NCSI & IISc Library ||
Feedback
|| Powered by DSpace || Compliant to OAI-PMH V 2.0 and ETD-MS V 1.01