Denial-of-service resistant quality-of-service provisioning for mobile ad hoc networks

Mobile ad hoc networks (MANETs) are especially susceptible to a large class of denial-of-service (DoS) attacks due to the limitations of mobile devices and the wireless medium. As a result, quality-of-service (QoS) signaling protocols for MANETs are highly vulnerable to these attacks. In particular, a class of Denial-of-Service (DoS) attacks can severely cripple network performance with relatively little effort expended by the attacker. We analyze a class of DoS attacks on QoS based signaling protocols for MANETs. We then propose a new distributed QoS signaling scheme that is resilient to this class of attacks. The signaling protocol provides QoS for realtime traffic and employs mechanisms at the medium access control layer which serve to avoid potential attacks on network resource usage. The key MAC layer mechanisms that provide support for the QoS signaling scheme include sensing of available bandwidth, traffic policing, rate monitoring and rate adjustment, all of which are performed in a distributed manner by the mobile nodes. These mechanisms mitigate DoS flooding and over-reservation attacks. The proposed scheme provides QoS differentiation for best effort and real-time traffic, and achieves a compromise between signaling protocols that require the maintenance of per-flow state and those that are completely stateless. The signaling scheme scales gracefully in terms of the number of nodes and/or traffic flows in the MANET. We analyze the security properties of the protocol and present simulation results to demonstrate its resistance to DoS attacks. We also consider the problem of allocating bandwidth to a set of traffic flows at a statistical multiplexer to provide both QoS and resistance to a class of DoS attacks. In particular, in a MANET environment, the channel bandwidth is variable and the mobile device handles bandwidth requests arriving from multi-hop flows. We analyze the behavior of a rate adjustment scheme based on a Markov Modulated Poisson Process (MMPP) model, which captures the flow-level and burst-level characteristics of variable bit rate traffic. We propose a scheme for adjusting the reserved rate using traffic measurements and an MMPP parameter estimation applied to a reduced MMPP model. Finally, we develop a scheme to estimate parameters for a heuristic rate adjustment scheme that can be executed in real-time. (Abstract shortened by UMI.)