Secure resource management in networks

Kim, Dongho

Permalink

https://hdl.handle.net/2142/34416 Copy

Description

Title

Secure resource management in networks

Author(s)

Kim, Dongho

Issue Date

2012-09-18T21:15:49Z

Director of Research (if dissertation) or Advisor (if thesis)

Hu, Yih-Chun

Doctoral Committee Chair(s)

Hu, Yih-Chun

Committee Member(s)

• Caesar, Matthew C.
• Kumar, P.R.
• Vaidya, Nitin H.

Department of Study

Electrical & Computer Eng

Discipline

Electrical & Computer Engr

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• Security
• Internet
• Wireless Network
• Denial of service (DoS) defense

Abstract

This dissertation reports research conducted in two aspects of secure network resource management: strengthening security by proposing a defense architecture with stronger security property and increasing deployability. In the first part of this dissertation, we reveal a new threat called false feedback attack in wireless networks using channel-aware protocols. Our simulations show that an attacker overclaiming its channel condition is able to completely steal other benign users' service opportunity under a high-efficiency scheduler. A fair scheduler can mitigate this attack but cannot provide high efficiency. We propose a new secure channel estimation scheme to maintain security while achieving high efficiency at the same time. Our analysis and simulations show that our scheme prohibits any incentive for an attacker performing false feedback attack and gives higher throughput than PF scheduler, a representative fair scheduler. In the second part, we present CRAFT, a collusion-resistant DoS (denial of service) defense. CRAFT defends against a colluding receiver who intentionally allows a colluding sender to send excessive traffic. Our basic idea is that a CRAFT router securely emulates TCP operation. Our simulations show that CRAFT guarantees service availability even with colluding attackers. Our prototype system shows the feasibility of CRAFT. In the third part, we present Mirage, a deployable DoS defense. Prior defenses require other network operators to deploy the same defense mechanism. Mirage does not impose this requirement. Our analysis and prototype system show that Mirage does not require other network operators' deployment and is feasible with commodity PCs.

Graduation Semester

2012-08

Permalink

http://hdl.handle.net/2142/34416

Copyright and License Information

Copyright 2012 Dongho Kim

Owning Collections