Byeong-hee Roh

Threat of DoS by interest flooding attack in content-centric networking

Content-Centric Networking (CCN) is one of promising architecture based on ICN concept for Future Internet. In contrast to current IP network, CCN can overcome inefficient content distribution caused by the IP architecture in the situation of todays traffic flooding of internet. However, CCN is exposed to Denial of Service (DoS) attack by sending large number of Interest rapidly, called Interest flooding attack since content name in Interest cannot be verified in CCN. In this paper, we prove that Interest flooding attack can be applied for DoS in CCN based on the simulation results which can affect quality of service. We expect that it contributes to give a security issue about potential threats of DoS in CCN.

A reliable and hybrid multi-path routing protocol for multi-interface tactical ad hoc networks

Reliable communication in the tactical area networks is critical because successful exchange of tactical information plays a vital role in achievement of military missions. However, this is an extremely challenging task due to several detrimental factors, such as low signal strength, interference and jamming. To increase communication reliability in tactical ad hoc networks, a robust and adaptive routing protocol can be a benefactor. To support this feature, efficient proactive multi-path discovery is desirable for the design of a routing protocol. We describe the shortcomings of such protocols in multi-interface multi-channel environment and present a solution for its effective utilization. In this paper we propose a Reliable and Hybrid Multi-path Routing protocol for tactical ad hoc networks which proactively discovers multiple routes toward every node in the initial phase, taking the link quality and channel diversity into consideration. In addition, we propose a fast error recovery scheme to cope with the potential route failures caused due to node destruction or jamming by enemy. The performance of the proposed scheme is evaluated with the OPNET simulator and shows good performance in packet delivery ratio and control message overhead.

Detection of SIP Flooding Attacks based on the Upper Bound of the Possible Number of SIP Messages

Since SIP uses a text-based message format and is open to the public Internet, it provides a number of potential opportunities for Denial of Service (DoS) attacks in a similar manner to most Internet applications. In this paper, we propose an effective detection method for SIP flooding attacks in order to deal with the problems of conventional schemes. We derive the upper bound of the possible number of SIP messages, considering not only the network congestion status but also the different properties of individual SIP messages such as INVITE, BYE and CANCEL. The proposed method can be easily extended to detect flooding attacks by other SIP messages.

A whitelist-based countermeasure scheme using a Bloom filter against SIP flooding attacks

Since SIP uses a text-based message format and is open to the public Internet, it is exposed to a number of potential threats of denial of service (DoS) by flooding attacks. Although several approaches have been proposed to detect and counteract SIP flooding attacks, most of these do not provide effective countervailing schemes to protect normal messages from abnormal ones after attacks have been detected. In addition, these approaches have some limitations in large user environments for SIP-based multimedia services. In this paper, a whitelist-based countermeasure scheme is proposed, to protect both normal SIP users and servers from malicious flooding attacks. To construct the whitelist, a Bloom filter approach is used, to reduce memory requirements and computational complexity. We use the non-membership ratio as a measure for the attack detection, instead of using the message rate usually used in conventional schemes. It is shown that the proposed method can provide more robust detection performances.

Tactical network design and simulator with Wireless Mesh Network-based Backbone architecture

For tactical networks, rapid reconfiguration and recovery of network topology is highly required. In this paper, we propose an effective tactical network architecture with WMN(Wireless Mesh Network)-based backbone. To reduce the computational and maintenance complexities of tactical networks, a hierarchical architecture is considered in the proposed architecture. The proposed architecture is called called TMB (Tactical Mesh Backbone). In addition, we develop an OPNET simulator not only to evaluate the performances, but also to develop and improve core algorithms for the TMB architecture such as routing, topology management, mobility support and so on.

Detection And Countermeasure Scheme For Call-Disruption Attacks On SIP-Based Voip Services

Owing to its simplicity and flexibility, the session initiation protocol (SIP) has been widely adopted as a major session-management protocol for Internet telephony or Voice-over IP (VoIP) services. However, SIP has faced various types of security threats. Call-disruption attacks are some of the most severe threats they face, and can greatly inconvenience consumers. In this paper, we analyze such SIP call-disruption attacks, and propose a method for detecting and counteracting them by extending the SIP INFO method with authentication. Using the proposed method, both the target user and the SIP server can detect the existence of a call-disruption attack on a user and counteract the attack. We demonstrate the effectiveness of the proposed method from the viewpoint of computational complexity by configuring a test-bed with an Asterisk SIP proxy server and an SIP performance (SIPp) emulator.

A 3-dimensional triangulation scheme to improve the accuracy of indoor localization for IoT services

Beacon allows Bluetooth [1] devices to broadcast and receive tiny information within short distance, which consists of two parts: a broadcaster (beacon device) and a receiver (smartphone app). So, it is being widely used in URL (Uniform Resource Locator) broadcast, distance measurement, localization etc. However, because of its deviation, measured distance value is not always accuracy. In this paper, we propose a new scheme to improve the distance measurement accuracy. The distance measurement function can be used for localization flexibly, but in some special situation such as a faulted or bad beacon is present, or obstacle is present between the beacon and user, the localization will be incorrect. We also call the beacon is “malicious beaon”. These malicious beacons will significantly impact the accuracy of users localization. In this paper, we provide a new scheme to mitigate the influence of the “malicious beacon” use the improved distance measurement, and identify it. At last, we compare the performance of our scheme with the general scheme. The simulation result shows that the proposed scheme is better than the general scheme.

A push-enabling scheme for live streaming system in content-centric networking

Content-Centric Networking (CCN) is a promising candidate for Future Internet architecture. This pulling-based networking scheme has a weakness about live streaming due to their request method, which means every segment of contents should be requested by Interest, respectively and consequently. We propose an enabling scheme for push mechanism to CCN to overcome the ineffectiveness. Push Interest, which is not removed after delivering the segment, needs to be added to the network design. Main contribution of this paper is suggestion of the signaling process for pushing. We add two types of packet and some rules on the CCN, which are co-operable with original pulling protocol. We expect the number of interest will be dramatically decreased in live streaming.

Autonomous defense against Flooding-based Denial of Service of a SIP system

Session Initiation Protocol (SIP) is a signaling protocol for Internet conferencing, telephony, presence, events notification, and instant messaging. SIP is an application-layer protocol and operates on the TCP/IP stack, which means that it inherits all associated IP vulnerabilities. It has, therefore, possibility that SIP systems can be damaged by Flooding-based Denial of Service (DoS). Previous mechanisms for detecting a denial of service attack generally check the number of incoming packets and notify a system administrator that the system is under attack if too many messages are incoming. Although being relatively accurate and low-cost, they cannot help relying on decision of security experts, which is labor-intensive and human-mediated. Our research is to develop a defense mechanism which analyzes a flooding attack and takes countermeasures automatically, without being human-involved. It can minimize the amount of damage by reducing the time of analysis and countermeasure by automation.

A Novel Low-Power Bus Design for Bus-Invert Coding

This letter presents a novel implementation for Bus-Invert Coding called No Invert-Line Bus-Invert Coding (NIL-BIC) architecture. It not only removes the invert-lines used in previous BIC implementations, but sends the coding information without additional bus-transitions. NIL-BIC can save about 50% more bus-power than the implementations using invert-line.