Files in this item



application/pdfKim_Dongho.pdf (2MB)
(no description provided)PDF


Title:Secure resource management in networks
Author(s):Kim, Dongho
Director of Research:Hu, Yih-Chun
Doctoral Committee Chair(s):Hu, Yih-Chun
Doctoral Committee Member(s):Caesar, Matthew C.; Kumar, P.R.; Vaidya, Nitin H.
Department / Program:Electrical & Computer Eng
Discipline:Electrical & Computer Engr
Degree Granting Institution:University of Illinois at Urbana-Champaign
Wireless Network
Denial of service (DoS) defense
Abstract:This dissertation reports research conducted in two aspects of secure network resource management: strengthening security by proposing a defense architecture with stronger security property and increasing deployability. In the first part of this dissertation, we reveal a new threat called false feedback attack in wireless networks using channel-aware protocols. Our simulations show that an attacker overclaiming its channel condition is able to completely steal other benign users' service opportunity under a high-efficiency scheduler. A fair scheduler can mitigate this attack but cannot provide high efficiency. We propose a new secure channel estimation scheme to maintain security while achieving high efficiency at the same time. Our analysis and simulations show that our scheme prohibits any incentive for an attacker performing false feedback attack and gives higher throughput than PF scheduler, a representative fair scheduler. In the second part, we present CRAFT, a collusion-resistant DoS (denial of service) defense. CRAFT defends against a colluding receiver who intentionally allows a colluding sender to send excessive traffic. Our basic idea is that a CRAFT router securely emulates TCP operation. Our simulations show that CRAFT guarantees service availability even with colluding attackers. Our prototype system shows the feasibility of CRAFT. In the third part, we present Mirage, a deployable DoS defense. Prior defenses require other network operators to deploy the same defense mechanism. Mirage does not impose this requirement. Our analysis and prototype system show that Mirage does not require other network operators' deployment and is feasible with commodity PCs.
Issue Date:2012-09-18
Rights Information:Copyright 2012 Dongho Kim
Date Available in IDEALS:2012-09-18
Date Deposited:2012-08

This item appears in the following Collection(s)

Item Statistics