METRIC TO ANALYSE

NETWORK TRAFFIC
INTRODUCTION
Joint security and routing analysis reveals the
vulnerabilities of secure network traffic.
Properties that assure secure applications and services in
wireless networks are:
1.Confidentiality
2.Integrity
Confidentiality: Ability to keep data secret from
unauthorized entities.
Integrity: Ability to verify that data has not been
maliciously or accidentally altered.
These properties can be compromised by network node
capture and extracting cryptographic keys from their
memories.
Using the cryptographic keys recovered in a node capture
attack, an adversary can compromise the confidentiality
and integrity of any messages secured using the
compromised keys.
The overall security of routed messages is dependent on
the routing protocol and network topology.
SECURING NETWORK ASSETS
Network Security

Network is Network Performs Network Provides Network Protects

Available Efficiently Service Data

Denial of Service Resource Depletion Performance

Crypto Attacks
Attacks Attacks Degradation Attacks
How do we understand the
impact of these attacks?
Data routed over multiple hops may traverse links that are
vulnerable to attack.
The two important questions that we want to address:

How to evaluate confidentiality and/or integrity (C/I)

of data traversing numerous links with differing
security properties?

What vulnerabilities are introduced?

Goals of this Work
Investigate the impact of routing on data security .

Characterize & quantify the strength (weakness) of data

security in multi-hop networks

Provide a basis for joint evaluation of security and routing

protocols with respect to network vulnerabilities
PROBLEM DEFINITION
The vulnerabilities of secure network traffic remain
undetected when security and routing protocols are
analyzed independently.
Confidentiality and Integrity are compromised by
physically capturing network nodes and extracting
cryptographic keys from their memories.
These node capture attacks are possible in most wireless
networks due to the unattended operation of wireless
nodes
 Example 1: Fixed single-path routing
Impact of Routing on Security

s
Compromise of a single
link leads to recovery of
all data.
 Example 2: Fixed multi-path routing

c tion (1-f )
Fra
d
s
Fractio
n f

Compromise of a
single link leads to
recovery of a fraction
of data.
EXISTING SYSTEM
Focused on the ability of an adversary to compromise the
security of single-hop wireless links.
Messages in a wireless network traverse multiple links
and paths between a source and destination node, and a
message may be compromised by traversing a single
insecure link.
The impact of node capture attacks on the confidentiality
and integrity of network traffic is investigated.
Mapped the compromise of network traffic to the flow of
current through an electric circuit.
Proposed a metric for quantifying the vulnerability of the
traffic using the circuit mapping.
 The vulnerability metric as a function of the routing and
the cryptographic protocols used to secure the network
traffic is computed.
PROPOSED SYSTEM
Two complementary vulnerability definitions using set
theoretic and circuit theoretic interpretations of the
security of network traffic is to be developed.
This allows a network analyst or an adversary to
determine weaknesses in the secure network.
A Greedy Node capture Approximation using
Vulnerability Evaluation(GNAVE)algorithm is
proposed.
Unknown security parameters can be estimated using
probabilistic analysis.
We define a class of route vulnerability metrics (RVMs)
to quantify the effective security of traffic traversing a
given route .
The minimum cost node capture attack problem as a
nonlinear integer programming minimization problem
need to be formulated.

 
 ADVANTAGES
Here we maintain the overall integrity and confidentiality
among nodes path.

DISADVANTAGES
A message may be compromised by traversing a single
insecure link as the messages in a wireless network traverse
multiple links and paths between a source and destination
node. 
CONCLUSION
Confidentiality and integrity (C/I) of data traversing
numerous links with differing security properties are
evaluated.
The node capture attacks using the vulnerability metric has
been formalized as a nonlinear integer programming
minimization problem and propose the GNAVE algorithm.
The availability of security parameters to the adversary is
discussed and the unknown parameters can be estimated
using probabilistic analysis.
The vulnerability evaluation using the proposed metrics and
node capture attacks are demonstrated using the GNAVE
algorithm through detailed examples and simulation. 
REFERENCES
 P. Tague, D. Slater, J. Rogers, and R. Poovendran,
“Vulnerabilityof Network Traffic Under Node Capture
Attacks Using Circuit Theoretic Analysis,”
Proc. IEEE INFOCOM ’08,pp. 664-672, Apr. 2008.
 A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone,
Handbook of Applied Cryptography. CRC, 1996.
L. Eschenauer and V.D. Gligor,
“A Key-Management Scheme for Distributed Sensor
Networks,”
Proc. Ninth ACM Conf. Computer and Comm. Security
(CCS ’02), pp. 41-47, Nov. 2002.
P. Tague and R. Poovendran,
“Modeling Adaptive Node Capture Attacks in Multi-
Hop Wireless Networks,” Ad Hoc Networks,vol. 5, no. 6,
pp. 801-814, Aug. 2007.
H. Chan, A. Perrig, and D. Song,
“Random Key Predistribution Schemes for Sensor
Networks,”
Proc. IEEE Symp. Security andPrivacy (SP ’03), pp.
197-213, May 2003.
QUESTIONS???
Thank you for your time &
attention!