Professional Documents
Culture Documents
19
CHANTS Session 1 CHANTS’18, October 29, 2018, New Delhi, India.
20
CHANTS Session 1 CHANTS’18, October 29, 2018, New Delhi, India.
underlying design can be used as a blueprint for mobile appli- 4.2 Topology plan and Contact prediction
cations that allow the detection of blackhole attacks. Figure 2 The topological information is built from so called connec-
shows the overall system architecture as well as the assumed tion proofs. Every node establishing a connection with any
message and information processing flow.1 The architecture other node generates essential information about this connec-
is built upon five coarse-grained components: tion and broadcasts this information into the network. These
(1) GUI : Provides means to the user for creating and send- connection proof messages contain essentially: the MAC ad-
ing messages. dresses of the connected nodes, current timestamps from both
(2) Connection management: Discovers further nodes and nodes, the duration of former identical connections and the
exchanges contact information for deriving an up-to- amount of exchanged messages and acknowledgments, infor-
date overall topology plan. mation inconsistencies (such as different amount of transmit-
(3) Message processing: Routes and temporarily stores mes- ted messages) detected for former connections. Besides this,
sages sent or forwarded by the node. Provides methods a specific value counting security incidents assumed during
to track transmitted messages within the network. former connections between both nodes is exchanged. If both
(4) Security management: Handles management of public connecting peers agree on the same values during connection
and private keys and verifies messages and connections. establishment, they both sign the data and broadcast it to the
(5) Statistics: Tracks statistics about contact probabilities network. The other network nodes only add the propagated
and calculates a reliability value for each known node. connection to their topology plan if they receive the double-
To explain the interactions within this architecture, message signed connection proof from both nodes and only keep it in
transmission and reception is discussed in the following. the plan as long as both connected nodes broadcast the corre-
For the purpose of message and control data transmission, sponding connection proof in regular intervals. This prevents
each node owns a public/private key pair. The public key is attackers from claiming to have connections that do not exist.
made available to every further node, e.g. via broadcast. It is as- Besides the plain topological information, a scoring value
sumed that attacks on this key distribution approach can be de- sv is derived for each link to a known node that is currently not
tected due to inconsistencies in the provided public keys. The connected. This value is later on used to rank paths to or via not
overall communication in the network is specified as follows. connected nodes in an appropriate manner. As basis for calcu-
After the user has entered a message and selected a receiv- lating this value, connection proof data is analyzed. The node
ing node from the list of known nodes, the message is handed with the longest connection duration is selected and the link
over to the routing subsystem. Routing is done based on both between this node and the disconnected one is provided with
the known network topology plan and the calculated reliabil- sv =s M AX where s M AX is the maximal scoring value specified
ity values for the other network nodes. After selecting the best by configuration. Based on the determined longest connection
available route, which has the highest overall reliability and time, a linearly scaled value derived from the respective con-
contains only nodes with a reliability value above a specific nection duration is assigned to the links of the further nodes
threshold, the message is passed on to the security subsystem. that had been connected to the currently disconnected node.
Using the node’s private key, the message is signed and
transmitted via the contact management to the next node on 4.3 Message tracing
the calculated path. After receiving, the neighboring node If a message has not been acknowledged before a timeout
passes the message to its security subsystem, which checks is reached, a message tracing message is transmitted by the
the validity of the signatures from all the nodes that previ- node waiting for the acknowledgement to the neighbor it
ously forwarded and signed the message. Furthermore, the has previously passed the lost message to. Each node on the
statistics subsystem is informed about the new message. path to the message’s destination will answer this tracing
Before a node routes the incoming message to the next node, message with a confirmation if it has forwarded the message
it sends an acknowledgement to the neighbor that passed the successfully. Afterwards, it forwards the tracing message to
message over. All the nodes that forward the message sign the node to which it has previously passed the lost message.
it (including all existing signatures) and route it as described. The tracing message is thereby routed independently and can
The final recipient of the message not only sends an acknowl- be delivered on a different path than the original message. In
edgement to the transmitting neighbor, but also to the sender order to prove reception by the next node n+1 on the path, the
of the message, if that’s not the same node. This acknowledge- former acknowledgement of this node n+1 is embedded into
ment is routed through the network like a normal message. the confirmation message of node n. Due to this approach, ma-
Using the signatures and acknowledgements, message drop- licious behavior can be narrowed down within the network.
ping can be localized and verified all over the network. Thus, each node that can prove that it has passed the message
1 A more detailed description of our system architecture can be found in [17]. successfully to a neighbor is not assumed to be an attacker.
21
CHANTS Session 1 CHANTS’18, October 29, 2018, New Delhi, India.
22
CHANTS Session 1 CHANTS’18, October 29, 2018, New Delhi, India.
23
CHANTS Session 1 CHANTS’18, October 29, 2018, New Delhi, India.
24