Assessing the Sensitivity of WiMAX Parameters to MAC-level DoS Attacks

Juan Deng and Richard Brooks*Clemson University

Abstract

The research community has established that WiMAX networks suffer Denial of Service (DoS) attacks. We consider a new type of DoS attacks on WiMAX networks exploiting WiMAX system parameter. The behavior of the WiMAX MAC level protocol is sensitive to the settings of core system parameters. DoS attacks resulting from parameter misconfiguration are difficult for network operators to detect. We focus on Bandwidth Contention Resolution (BCR) aspects of the WiMAX MAC protocol. Experiments are simulated using the ns-2 simulator. Analysis of Variance (ANOVA) techniques on the resulting simulation data identify which BCR parameter combinations are crucial for configuring WiMAX to be less vulnerable to DoS attacks. We migrate the experiments to GENI WiMAX testbed to verify the results using a hardware-in-the-loop test environment.

Research Objectives

There are many parameters DoS attackers can exploit. Our goal is to:•compare the effect of setting different values for a single parameter, •learn which parameter(s) are dominant,•compare the effect of important parameter interactions, and, •parameter interactions are dominant.

Fig. 1: Network Topology

The Research efforts have resulted in the following publications:

J. Deng, R. R. Brooks, J. Martin (under review), Assessing the Sensitivity of WiMAX Parameters to MAC-level DoS Attacks, International Journal of Performability Engineering.

Use of Glab/GENI InfrastructureWe plan to use GENI WiMAX testbed:•Experiment Setup•Experiment Run•Measurement Collection•Data Analysis•Results Comparisons

Future Work• Verify simulation results using GENI WiMAX testbed;• Verify the ns-2 WiMAX modules;• Verify the performance of radio model in ns-2 is

consistent with commercial settings.

Experiments Design

We simulate DoS attacks where attackers attempt to exploit the BCR mechanism using the ns-2 network simulator. Our simulations analyze the influence of six parameters (Table 1) on DoS attacks. Fig. 1 shows the network topology we use in the simulation, where DoS attackers are represented by ■ and SS are represented by .

We use the factorial experiment design to collect data. There are in total 36=729 parameter combinations. For each combination, we run 7 replicates, which gives a total of 729x7=5103 simulations. For each replicate, we measure the average traffic throughput and average traffic loss rate of all SSs.

1st DFG/GENI Doctoral Consortium,

San Juan, PRMarch 13th-15th, 2011

Parameters Values

low medium high

Frame_duration (X1) 0.004 0.01 0.02

Number_of_attackers/SSs (X2)

20/80 50/50 80/20

Dos_backoff_start (X3) 1 3 5

Dos_request_retry (X4) 2 4 6

Bw_backoff_start (X5) 1 3 5

Bw_request_retry (X6) 2 4 6

Table 1: Parameter Values

Experiment Results

We apply ANOVA on the throughput data. Table 2 shows the results, which suggest: X1 explains about 21% of the variability, while X6 accounts

for another 31%. The most significant 2nd order effect is the interaction

between X1 and X6, which accounts for an additional 18%. All 3rd order interactions are not significant.

X1 and X6 together explain over 70% of the total variability. Therefore, the average throughput of all SSs is determined mainly by these two parameters.

Table 2: ANOVA Results

Fig. 5: 3D Plot of (X1, X6, throughput)Fig. 3: Box Plot of Throughput corresponding to X1

Fig. 4: Box Plot of Throughput corresponding to X6

Fig. 2: PDF of Throughput