Link Layer Attacks Research Articles

ProvLink-IoT: A novel provenance model for Link-Layer Forensics in IoT networks

Provenance has been instrumental in networked systems to solve issues related to data trustworthiness, network diagnostics, security, and forensic analysis. Existing provenance based solutions for the Internet of Things (IoT) are either device-centric or platform-centric, which address only application layer attacks. Whereas any stealthy attacks performed at MAC, network, and other sub-layers which alter the behavior of IoT devices often go undetected. Provenance based forensic solutions offer effective mechanisms for investigating link and network layer attacks in IoT networks. Realizing this potential, we propose ProvLink-IoT, a novel provenance model for link-layer forensic analysis in IoT networks. ProvLink-IoT employs PROV-DM and PROV-TEMPLATE standards to model the provenance of the network. Provenance graphs are generated under both benign and attack scenarios based on the provenance logs and network traffic collected from the network. ProvLink-IoT is implemented in a simulated environment with a case study on the 6TiSCH protocol stack. We implemented three link-layer attacks on TSCH and the 6top layers of the 6TiSCH network to study their impact and perform forensic analysis. Link-IoT, a comprehensive link-layer dataset, is generated from the network provenance, which can be used in the further incident and forensic analysis. The performance impact of ProvLink-IoT on IoT network is analyzed in terms of provenance growth rate and storage overhead. Experimental results showed the efficacy of the proposed solution in correlating evidence during incident analysis and its relevance to real-time scenarios.

DIFFERENT INTRUSION AND ITS DETECTION OF WIRELESS SENSOR NETWORK: A REVIEW

Wireless Sensor Network (WSN) has become an emerging technology of wireless communication and computing. Wireless Sensor Network is a self-configured, infrastructure-less wireless network which comprises of a few to large number of spatially distributed autonomous sensor nodes and a base station. The function of the base station is to interface user and network. A sensor node combines hardware and software. The main deployment of sensor network is sensing, data processing and transmitting data. WSN has different application in enemy intrusion detection in the battlefield in the military application, medical field, atmospheric disaster, agricultural and industrial applications. In Wireless sensor network each node is a battery-operated low power device and operated in ad-hoc principle, which indicates network power is mainly dependent on rate of energy consumption. Ad-hoc networking nature of WSN allows the attacker for different types of attacks from passive eavesdropping to active attacks. As WSN requires hop by hop routing to transport the packets to the destination, any intermediate node acting maliciously can drop, modify or misguide the traffic traversing through it. Confidentiality, authenticity, integrity, data freshness and quality of service (QoS) are the most important issues for wireless sensor nodes. An attacker may collect and destroy sensitive information if the transmission is not properly encrypted. However, avoiding collision and providing cooperation among the nodes during the transmission are done by using medium access control protocols. This paper focuses on the security threats on the resource restricted design and deployment characteristics along with the requirements to design a secured WSN system. In this paper wormhole attacks, black hole attacks, Sybil attacks, hello flood attack, denial of service attacks and private attacks are investigated. In this paper different link layer attacks are also discussed. Not only does this document about the popular attacks in different layers of WSN, but also provides some remedies against these attacks

Securing ARP and DHCP for mitigating link layer attacks

Network security has become a concern with the rapid growth and expansion of the Internet. While there are several ways to provide security for communications at the application, transport, or network layers, the data link layer security has not yet been adequately addressed. Dynamic Host Configuration Protocol (DHCP) and Address Resolution Protocol (ARP) are link layer protocols that are essential for network operation. They were designed without any security features. Therefore, they are vulnerable to a number of attacks such as the rogue DHCP server, DHCP starvation, host impersonation, man-in-the-middle, and denial of service attacks. Vulnerabilities in ARP and DHCP threaten the operation of any network. The existing solutions to secure ARP and DHCP could not mitigate DHCP starvation and host impersonation attacks. This work introduces a new solution to secure ARP and DHCP for preventing and mitigating these LAN attacks. The proposed solution provides integrity and authenticity for ARP and DHCP messages. Security properties and performance of the proposed schemes are investigated and compared to other related schemes.

Survey on Link Layer Attacks in Cognitive Radio Networks

Cognitive Radio Network (CRNs) is a novel technology for improving the future bandwidth utilization . CRNs have many security threats due its opportunistic exploitation of the bandwidth. Each layer of the CRNs consisting of several attacks starting from the physical layer and moving up to the transport layer. This paper concentrates on theLink layer attacks. The future work uses Signature based Authentication Coded Intrusion Detection Scheme to detect the Byzantine attack. It worksin asynchronous system like Internet and incorporates optimization to improve detection response time.

Wireless Network Security: The Mobile Agent Approach

The broadcast nature of wireless network makes traditional link-layer attacks readily available to anyone within the range of the network. User authentication is best safeguard against the risk of unauthorized access to the wireless networks. The present 802.1× authentication scheme has some flaws, making mutual authentication impossible and open to man-in-the-middle attacks. These characteristics make traditional cryptographic mechanism provide weak security for the wireless environment. We have proposed the use of mobile agents to provide dependable Internet services delivery to users, this will guarantee secure authentication in wireless networks and we examine the feasibility of our solution and propose a model for wireless network security.

A Comparison of Link Layer Attacks on Wireless Sensor Networks

Wireless sensor networks (WSNs) have many potential applications [1, 5] and unique challenges. They usually consist of hundreds or thousands small sensor nodes such as MICA2, which operate autonomously; conditions such as cost, invisible deployment and many application domains, lead to small size and limited resources sensors [2]. WSNs are susceptible to many types of link layer attacks [1] and most of traditional networks security techniques are unusable on WSNs [2]; due to wireless and shared nature of communication channel, untrusted transmissions, deployment in open environments, unattended nature and limited resources [1]. So, security is a vital requirement for these networks; but we have to design a proper security mechanism that attends to WSN's constraints and requirements. In this paper, we focus on security of WSNs, divide it (the WSNs security) into four categories and will consider them, include: an overview of WSNs, security in WSNs, the threat model on WSNs, a wide variety of WSNs' link layer attacks and a comparison of them. This work enables us to identify the purpose and capabilities of the attackers; also, the goal and effects of the link layer attacks on WSNs are introduced. Also, this paper discusses known approaches of security detection and defensive mechanisms against the link layer attacks; this would enable it security managers to manage the link layer attacks of WSNs more effectively.

A Comparison of Link Layer Attacks on Wireless Sensor Networks

Wireless sensor networks (WSNs) have many potential applications [1,2] and unique challenges. They usually consist of hundreds or thousands of small sensor nodes such as MICA2, which operate autonomously; conditions such as cost, invisible deployment and many application domains, lead to small size and resource limited sensors [3]. WSNs are susceptible to many types of link layer attacks [1] and most of traditional network security techniques are unusable on WSNs [3]; This is due to wireless and shared nature of communication channel, untrusted transmissions, deployment in open environments, unattended nature and limited resources [1]. Therefore security is a vital requirement for these networks; but we have to design a proper security mechanism that attends to WSN’s constraints and requirements. In this paper, we focus on security of WSNs, divide it (the WSNs security) into four categories and will consider them, include: an overview of WSNs, security in WSNs, the threat model on WSNs, a wide variety of WSNs’ link layer attacks and a comparison of them. This work enables us to identify the purpose and capabilities of the attackers; furthermore, the goal and effects of the link layer attacks on WSNs are introduced. Also, this paper discusses known approaches of security detection and defensive mechanisms against the link layer attacks; this would enable IT security managers to manage the link layer attacks of WSNs more effectively.

Bringing law and order to IEEE 802.11 networks—A case for DiscoSec

To improve the tarnished reputation of WLAN security, the new IEEE 802.11i standard provides means for mutual user authentication and assures confidentiality of user data. However, the IEEE 802.11 link-layer is still highly vulnerable to a plethora of simple, yet effective attacks which further jeopardize the already fragile security of wireless communications. Some of these vulnerabilities are related to limited hardware capabilities of access points and their abuse may result in serious degradation of control over the wireless connection, which, especially in the case of broadcast communication, allows for client hijacking attacks. Although these issues are known and their impact is expected to be less prevalent on modern equipment, this work demonstrates the opposite. In our experimental analysis, we tested frequently used access points, and by forcing them to operate on their performance limits, we identified significant operational anomalies and demonstrated their impact on security by implementing a novel version of the Man-In-The-Middle attack, to which we refer as the Muzzle attack. Secondly, this work describes DiscoSec, a solution for “patching” WLANs against a variety of such link-layer attacks. DiscoSec provides DoS-resilient key exchange, an efficient frame authentication, and a performance-oriented implementation. By means of extensive real-world measurements DiscoSec is evaluated, showing that even on very resource-limited devices the network throughput is decreased by only 22% compared to the throughput without any authentication, and by 6% on more performance-capable hardware. To demonstrate its effectiveness, DiscoSec is available as an open-source IEEE 802.11 device driver utilizing well-established cryptographic primitives provided by the Linux Crypto API and OpenSSL library.