Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis
©2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Joint analysis of security and routing protocols in wireless networks reveals vulnerabilities of secure network traffic that remain undetected when security and routing protocols are analyzed independently. We formulate a class of continuous metrics to evaluate the vulnerability of network traffic as a function of security and routing protocols used in wireless networks. We develop two complementary vulnerability definitions using set theoretic and circuit theoretic interpretations of the security of network traffic, allowing a network analyst or an adversary to determine weaknesses in the secure network. We formalize node capture attacks using the vulnerability metric as a nonlinear integer programming minimization problem and propose the GNAVE algorithm, a Greedy Node capture Approximation using Vulnerability Evaluation. We discuss the availability of security parameters to the adversary and show that unknown parameters can be estimated using probabilistic analysis. We demonstrate vulnerability evaluation using the proposed metrics and node capture attacks using the GNAVE algorithm through detailed examples and simulation.
Patrick Tague, David Slater, Jason Rogers, and Radha Poovendran. "Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis" IEEE Transactions on Dependable and Secure Computing 6.2 (2009): 111-123.
Available at: http://works.bepress.com/patrick_tague/3