wiki:FirstGenBrooks

Version 3 (modified by kccamer@clemson.edu, 12 years ago) (diff)

--

Network Security and Traffic Analysis

The GENI network infrastructure enables security research that has not been possible before due to potential disruption to production networks. This project includes a number of security and privacy experiments that include:

-WiMAX DDoS analysis with analysis of variance finding vulnerable control parameter settings; -Privacy/Anonymity side-channel Hidden Markov Models (HMMs) will be inferred to break anonymity systems; -DDoS traffic measurement to map attack severity vs. network topology; -Side-channel vulnerability removal protocol tested at scale; and -DDoS countermeasure testing to neutralize DDoS attacks

Institution(s)

Clemson University

Team Members

Project Team

No image "ResearhGroup.jpg" attached to FirstGenBrooks

Experiments

WiMAX Bandwidth Contention Process and DDoS

Our WiMAX research involves analyzing the cross-layer affects of the system parameters used for the Bandwidth Contention Process. We are specifically looking at how these parameters affect a subscriber station's (SS) throughput, packet loss rates, and vulnerability to Distributed Denial of Service (DDoS) attacks. Software simulations using the NS-2 simulator manipulated three system parameters for a set of SS that included client and attacker SS's. The parameters, request retires, backoff start, and frame duration, were set to a low, medium, and high value within their respective range. All attacker SS's parameters were set to the same value and all client SS's parameters were set to same value, but the attacker and clients stations could differ. Seven replications of each combination of parameter settings were conducted and ANOVA analysis indicates that frame duration and request retries plays a significant role in SS's throughput. For software simulation results please see: [link]

We are now using ORBIT, hosted by Rutgers University's WINLAB and part of the GENI network, to conduct hardware experiments using real WiMAX equipment. We are replicating the above software experiments to verify software simulation results, analyze the validity of the NS-2 WiMAX simulator, and gain further information about the cross layer affects of the system parameters used in the Bandwidth Contention Process. Currently our hardware experiments are configured with eight SS nodes, a sink node, and 1 base station (BS). In the future we hope to extend the number of SS used in our experiments. We are using the resource of sandbox 4 and the outdoor sandbox. The indoor sandbox creates a controlled environment for wireless experiments and outdoor consists of an outdoor BS and nodes that vary in geographical location. Are hardware experiments manipulate two system parameters, backoff start and backoff end. Frame duration is not considered, because all WiMAX equipment currently manufactured supports only 5ms frame duration. Data will be collected for two replications of each combination of parameter settings. When the data collection is complete, analysis will be carried out to determine the affect of system parameters on real Wihttp://groups.geni.net/geni/wikiMAX hardware.

Publications

Previous Students and Degrees

  • Deng, Juan, Ph. D., 2011, Thesis: Connected Vehicle Information Assurance

Acknowledgements

We would like to express gratitude to the National Science Foundation (NSF) for supporting this research. The research is supported by NSF under Grant No. 1049765. Any opinions, findings, and conclusions or recommendations expressed by this research or related material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

Attachments (9)

Download all attachments as: .zip