This dissertation reports research conducted in two aspects ofsecure network resource management: strengthening security byproposing a defense architecture with stronger security property andincreasing deployability. In the first part of this dissertation, wereveal a new threat called false feedback attack in wirelessnetworks using channel-aware protocols. Our simulations show that anattacker overclaiming its channel condition is able to completelysteal other benign users' service opportunity under ahigh-efficiency scheduler. A fair scheduler can mitigate this attackbut cannot provide high efficiency. We propose a new secure channelestimation scheme to maintain security while achieving highefficiency at the same time. Our analysis and simulations show thatour scheme prohibits any incentive for an attacker performing falsefeedback attack and gives higher throughput than PF scheduler, arepresentative fair scheduler. In the second part, we present CRAFT,a collusion-resistant DoS (denial of service) defense. CRAFT defendsagainst a colluding receiver who intentionally allows a colludingsender to send excessive traffic. Our basic idea is that a CRAFTrouter securely emulates TCP operation. Our simulations show thatCRAFT guarantees service availability even with colluding attackers.Our prototype system shows the feasibility of CRAFT. In the thirdpart, we present Mirage, a deployable DoS defense. Prior defensesrequire other network operators to deploy the same defensemechanism. Mirage does not impose this requirement. Our analysis andprototype system show that Mirage does not require other networkoperators' deployment and is feasible with commodity PCs.
PDF
download
878987797
028-85220240
