ABSTRACT
This research presents thedevelopment of an improved Intrusion Detection based Secured RObust Header Compression (IDSROHC)techniquefor handling brute force attack. The secured RObust Header Compression (secured ROHC) was developed to secure Internet Protocol version six (IPv6) packets against false initial refresh attack by encrypting the cyclic redundancy check field. However, the secured ROHC exposes the network to brute force attack due to the short field length of the cyclic redundancy check .An improved IDSROHC technique was developed using a modified selective watchdog intrusion detection algorithm. Weighted network graph and random way point model with pause time greater than simulation time was used to model the distribution of total of forty nodes. The nodes were randomly distributed within an area of 100 by 100 meters. Bellman-Ford algorithm was used to determine the shortest path of packets transmission. Poisson traffic model was used to model the payload size and processing time of packets. The interpretation interval, packet loss and average compression length of packets were calculated using the header compression model. Cyclic redundancy check field of packets was modelled and encrypted using symmetric block cipher. Brute force attack was modeled using a pseudorandom generator. A MATLAB graphical user interface was designed to aid presentation. An intrusion detection system based on selective watchdog technique was used to inspect trial packet with the aim of identifying malicious link. IDSROHC was validated via comparison with the Secured ROHC using throughput and packet delivery success. The results of this work showed that IDSROHC produced 4.97% improvement in throughput and 29% improvement in packet delivery success over secured ROHC.
vii
TABLE OF CONTENTS
DECLARATIONI
CERTIFICATIONII
DEDICATIONIII
ACKNOWLEDGEMENTIIV
ABSTRACTVI
LIST OF FIGURESXII
LIST OF TABLESXIV
LIST OF ABBREVIATIONSXV
CHAPTER ONE:INTRODUCTION
1.1 BACKGROUND1
1.2 SIGNIFICANCE OF RESEARCH3
1.3 STATEMENT OF PROBLEM3
1.4 AIM AND OBJECTIVES4
1.5 METHODOLOGY4
1.6 DISSERTATION ORGANIZATION5
CHAPTER TWO:LITERATURE REVIEW
2.1 INTRODUCTION6
2.2 REVIEW OF FUNDAMENTAL CONCEPTS6
2.2.1 Internet Protocol (IP) header compression6
2.2.2 Shared-State internet protocol header compression8
viii
2.2.3 Stateful internet protocol header compression8
2.2.4 Packet types13
2.2.5 Random waypoint mobility model14
2.2.6 ROHC model15
2.2.7 Average compression length model16
2.2.8 Packet loss and transmitted byte model17
2.2.9 Bellman-ford algorithm19
2.2.10 Packet delay model20
2.2.11 Poisson traffic model21
2.2.12 ROHC attack22
2.2.13 Intrusion Detection System (IDS)26
2.2.14 Categories of IntrusionDetection Systems27
2.2.15 Selective watchdog and watchdog intrusion detection system28
2.2.17 Internet protocol routing31
2.2.18 CRC33
2.2.19 Block cipher cryptographic system33
2.2.21 Performance metrics35
2.3 REVIEW OF SIMILAR WORKS36
CHAPTER THREE:MATERIALS AND METHOD
`3.1 INTRODUCTION42
3.2 ORIGINAL SECURE ROBUST HEADER COMPRESSION TECHNIQUE43
3.2.1 Node distribution using weighted network graph and random waypoint model45
3.2.2 Obtaining shortest-path for packet routing47
ix
3.2.3 Calculating the required interpretation interval49
3.2.4 Obtaining the average compression length49
3.2.5 Generating the Cyclic Redundancy Check (CRC)50
3.3.6 Encrypting the Cyclic Redundancy Check (CRC)50
3.2.7 Key expansion model51
3.2.8 Calculating packet delay53
3.2.9 Calculating the payload size53
3.2.10 Brute force attack model53
3.2.11 Calculating burst loss and total transmitted byte54
3.3 DEVELOPMENT OF AN IMPROVED INTRUSION DETECTION BASED SECURED ROBUST HEADER COMPRESSION TECHNIQUE.54
3.3.1 Development of MATLAB GUI for improved intrusion detection based secured robust header compression.57
3.4 PERFORMANCE EVALUATION AND SIMULATION PARAMETERS58
CHAPTER FOUR: RESULTS AND DISCUSSIONS
4.1 INTRODUCTION60
4.2 SIMULATION60
4.3 RESULTS OF THE EFFECT OF OUT OF SYNCHRONIZATION PROBABILITY ON REQUIRED INTERPRETATION INTERVAL60
4.4 RESULTS OF THE EFFECT OF AVERAGE ERROR PROBABILITY ON INTERPRETATION INTERVAL62
4.5 RESULT OF RELATIONSHIP BETWEEN OUT OF SYNCHRONIZATION PROBABILITY AND THE INITIAL REFRESH TIMEOUT63
x
4.6 RESULTS OF THROUGHPUT FOR ROHC AND UNCOMPRESSED TRAFFIC64
4.7 RESULTS OF IMPROVED INTRUSION DETECTION BASED SECURED ROBUST HEADER COMPRESSION (IDSROHC)65
4.8 COMPARISON OF IDSROHC AND SECURED ROHC PERFORMANCES USING PACKET DELIVERY SUCCESS AND THROUGHPUT.68
CHAPTER FIVE:CONCLUSION AND RECOMMENDATION
5.1 SUMMARY72
5.2 CONCLUSION72
5.3 SIGNIFICANT CONTRIBUTIONS73
5.4 LIMITATIONS73
5.5 RECOMMENDATIONS FOR FURTHER WORK73
REFERENCES74
CHAPTER ONE
INTRODUCTION
1.1 Background
The desire for industries to move towards an Internet Protocol Version six (IPv6) network architecture have pushed research in the direction of maximizing bandwidth. This is due to increased header size of IPv6 header as compared to the payload. Therefore, reducing the internet protocol header overload sent over the air becomes inevitable (Cheng & Moore, 2013).The relative compression gain for specific flows (or applications) depends on the size of the payload used in each packet. For applications such as Voice Over Internet Protocol (VOIP), the size of the payload containing coded speech can be as small as 15-20 octets while the transport header will have 20 octets Hence,this gives atotal size of 60 octets for IPv6 header (Sandlund et al., 2010).Therefore, header compression leads to quite significant compression gain. One method of providing increased bandwidth efficiency is the use of IP header compression techniques.Header compression provides more efficient use of bandwidth in a packet switched network by taking advantage of header field redundancies in packets belonging to the same packet flow(Majanen et al., 2015).It involves a compressor and a decompressor operating according to a well-defined protocol. The compressor compresses the headers with respect to a reference state that it shares in common with the decompressor, while the decompressor uncompresses them to their original state on reception at the destination (Chishti & Mir, 2015).
Header compression techniques fall into two major categories: stateful header compression and stateless header compression technique.The stateful header compression technique builds hop-by-hop compression per flow. These include Van Jacobson Header Compression (VJHC), RObust Header Compression (ROHC) scheme and Internet Protocol Header Compression
2
(IPHC) .Stateless header compressions such as Mobile adhoc network Internet Protocol HeaderCompression (MIPHC)do not require state management. For a mobile adhoc network, a stateless header compression such as MIPHC is used to compress the layer three header while stateful header compression such as ROHC is use to compress the layer four header(Bow-Nan et al., 2013). The ROHC protocols provide an efficient and robust header compression. It is designed to operate efficiently and robustly over various link technologies with different characteristics(Sandlund et al., 2010).While this exchange leads to efficient bandwidth utilization, there are several potential attack such as False Initialization/Refresh (False IR), False ACKnowledgment (False ACK) and False Negative ACKnowledgment (False NACK) attack that can lead to denial of service (the inability to decompress) (Cheng & Moore, 2013). In other to solve this problem, research has focused on cryptographic method such as Internet Protocol security ( IPsec) packet encryption after compression and secured Robust Header Compression (secured ROHC) by encrypting the Cyclic Redundancy Check (CRC) encryption(Cheng & Moore, 2013).Although the IPsec packet encryption after compression makes ROHC invisible to potential attackers, it is not a practical method to secure the ROHC due to the significant overhead in IPsec tunnelling. The CRC is only 3-8 bits long, which implies that there are no more than 256 possible combinations. Thus, a malicious node could still attempt a brute force approach, where it sends fake packets with all possible CRC combinations(Cheng & Moore, 2013).The traditional way of protecting wired/wireless networks encryption software is therefore no longer sufficient(Esfandi, 2010).Therefore there is a need for other non-cryptographic technique such as intrusion detection system.
There are two main approaches for security management, which are prevention-based and detection-based(Can & Sahingoz, 2015).Prevention-based security management (defense against
3
attack) aims to prevent any attack before it happens. Any proposed technique has to defend against the targeted attack(Butun et al., 2014).Indetection-based (being aware of the attack that is present) security management, if an attacker manages to pass the measures taken by the prevention step, it means that there is a failure to defend against the attack. At this time, the security solution would immediately switch into the detection phase of the attack in progress and specifically identify the nodes that are being compromised(Butun et al., 2014). In any security plan, if intrusion prevention (encryption, authorization, and authentication) named as the first line of security is defeated by attackers, then a second line of defence, intrusion detection comes into prominence(Can & Sahingoz, 2015). Intrusion detection provides deterrence for an intruder and serves as an alarm mechanism for a computer system or a network to manage security plan successfully. An intrusion-detection system (IDS) can be defined as a software or hardware monitoring tool that detects internal or external cyber-attacks. An ID can observe and investigate system and user activities, recognize patterns of known attacks and identify abnormal network activity. An IDSROHC technique developed using a modified selective watchdog technique was therefore employed in this research to detect and mitigate brute force attack.
1.2 Significance of Research
The significance of this research is the development of a graphical user interface (GUI) based IDSROHC technique using a selective watchdog intrusion detection system, which has added capabilities to the standard secured ROHC through detecting and mitigating brute force attack. This has not been considered by the previous researchers.
1.3 Statement of Problem ROHC is a standardized method to compress the IP, UDP, UDP-Lite, RTP, and TCP headers of Internet packets.While this compression technique leads to an improve utilization of network
4
bandwidth and reduction of end-to-end delay, there are several potential attack vectors such as False IR, False Ack, and False Nack that can lead to denial of service (inability to decompress) and man-in-the middle attack.In other to solve this problem previous researchers focused on encryption of CRC. However, the CRC is only 3-8 bits long, which implies that there are not more than 256 possible combinations. This means that a malicious node could still attempt a brute force approach where it sends fake packets with all possible CRC combinations. Hence, the developed improved intrusion detection secure robust header compression technique based on modifying selective watchdog technique is implemented to address this limitation.
1.4Aim and Objectives
The aim of this research work is to develop an improved intrusion detection based secured robust header compression technique. The objectives of the research are as follows:
1. Replication and implementation of the secured robust header compression technique.
2. Develop animproved Intrusion Detection based SecureRObust Header Compressiontechnique (IDSROHC) using modified selective watchdog intrusion detection algorithm .
3. Compare the performance of the IDSROHC and secured ROHC using throughput and packet delivery success as performance metric.
1.5Methodology
The methodologies adopted for this research towards development of an improved intrusion detection based secured robust header compression technique are as follows:
1. Replication and implementation of the secured ROHCtechnique. To replicate and implement the existing secured ROHC the following steps were carried out:
i. Node distribution using weighted network graph and Random Waypoint Model.
5
ii. Obtain shortest path from source to destination using the Bellman-ford Algorithm.
iii. Determine interpretation interval ROHC Model.
iv. Calculate average compression length using average compression length model
v. Encrypt packet using symmetric block cipher
vi. Calculate remainder polynomial using Cyclic Redundancy Check (CRC) Model
vii. Determine packet size and processing time using Poisson Traffic Model
viii. Apply Brute force attack Model
ix. Calculate Burst loss and total transmitted byte
2. Development of an improved graphical user interface IDSROHC technique.
i. Step (i-vi) above will be repeated.
ii. Apply Watchdog intrusiondetection system
iii. Apply Brute force attack Model
iv. Calculate Burst loss and total transmitted byte
v. Develop MATLAB Graphical User Interface (GUI) .
3. Comparison of the performance of the IDSROHC and secured ROHC using throughput and packet delivery success.
1.6 Dissertation Organization
Chapter one presents the general introduction of this work. The rest of the chapters are structured as follows: Chapter two details reviews of related literature and relevant fundamental concepts about ROHC, Brute force attack, cryptography and intrusion detection system .Chapter three present mathematical model and algorithms relevant to the development of a secured ROHC and IDSROHC technique. Chapter four focuses on the analysis, performance and discussion of results. Finally, conclusion and recommendations for further work were discussed in chapter
6
five. The list of cited references and MATLAB codes in the appendices are provided at the end of this report.
IF YOU CAN'T FIND YOUR TOPIC, CLICK HERE TO HIRE A WRITER»