1. Abstract

The importance of cellular network is increasing with passage of time and other than mobile devices; computer devices are also being connected to this network for exchange of information. The trend of exchanging the information is increasing that demands higher data transfer rate. The device to device (D2D) communication will be a good alternate to meet the emergent demand of mobile data transfer for the upcoming production of mobile networks. Efficiency of the spectrum, throughput, speed and network coverage can be enhanced by using D2D communication, at the same time issues related to power consumption can be eliminated while transmission of data. However, there are security issues in D2D communication which makes it less reliable for large transmission of mobile data. In this research, I have explained the issues related to security in D2D communication. I have also explained countermeasures related to these issues with special emphases on denial of service attack in D2D communication. This is an old and easy attack. During this survey, I found many variants of this attack and defense mechanism to counter these attacks and make D2D communication more secure. The objectives of this research were achieved by conducting a survey of literature on denial of service attack to device to device communication available on three high quality research database.

2. Introduction

As the number of smart phones and devices is increasing rapidly, for different purposes like exchange of data, D2D communication is becoming a more popular technique (Ghanem et al., 2015). There are lots of advantages in D2D communication, like better use of available resources, communication at high speed with nearby devices and enhanced network coverage (Fodor et al., 2012). There are great chances that devices in close proximity will operate on a high data rate transfer (Doppler et al., 2009). In addition to this, there will be fewer delays and low power usage in D2D communication. Gain reuse is another advantage of the device to device communication, in which radio resources are used for cellular networks and for D2D link simultaneously (Doppler et al., 2008). Another advantage of D2D communication is of hope gain. Unlike conventional cellular networks where in which both uplink and downlink are used in hope gain, a single link is used instead of two links for uplink and downlink. To give access to local services and internet in the wireless local area network there is a wide use of D2D communication, which is cheap, fast and can be used without any license of a spectrum band unlike conventional cellular networks in which direct interaction of other devices is in licensed bandwidth is not allowed (Tehrani et al., 2014). Moreover, devices act as relays to support each other in D2D communication in transmission of large data which enhance the performance of the link, system capacity, and the spectrum efficiency and transmission range. In device relaying technique mobile devices form up a mesh network. The contents’ distribution is also supported in D2D communication. Moreover, cellular offloading is also supported. There is a strong physical layer of security in D2D communication. It is also sure that D2D communication is suitable for transmission of large data such as sharing of vides and social networking.
However, in this world there is nothing like a free cup of tea. So there are also some disadvantages associated with D2D communication. At the top of which is that D2D communication is less secure. D2D communication is more susceptible to security threats and without resolving the security issues associated with D2D communication, it is of no use. The reason behind this fact is that information over the insecure communication medium is hacked, changed or broken. That is why no one will be ready to take a huge risk by using this type of communication. If the security issues in D2D communication like chop-chop attack, brute force attack, Hole 196 and more like these can be guarded then above described benefits may turn into reality.
This report is intended to explain the issues and threats related to security in D2D communication, especially the mechanism of denial of service attack and its variants. D2D communication is used to exchange data among those devices which are present in close proximity. It is a useful technique as it saves time, power consumption and equipment required in conventional cellular communication. However, there are certain limitations, the cost and risk of information security in D2D communication (Hadiks et al., 2014: Zhang et al., 2015). Without resolving the security issues it is impossible to get full advantages of D2D communication. In this report, major security threats in D2D communication are briefly described and detail information of denial of service attack and their countermeasures are provided.
The aim of this research was to provide the technical as well as non-technical readers, the knowledge of the device to device communication process, its advantages, limitations and threats to the security of information over the D2D communication with special emphasis on denial of service attack. To complete this report, we performed a Survey of Literature on D2d communication and associated security issues according the guidelines of Kitchenham and Charters (2007). Before, conducting this survey, a research protocol was defined in which detail plan of this research was described to keep the research on the track and control the biasness of the researcher. At first, primary studies related to device to device communication and its security issues were identified available at various research databases. Further, identified primary studies were collected and a thorough analysis was carried out collected on primary studies to categorize these studies and produce results. The aim of this research was to resolve the under mentioned research problem.
“Identification of security threats to the process of device to device communication due to denial of service attack and their countermeasures as well”
Denial of service attack is very common and simple and can damage the system significantly. Recently, the security mechanism of D2D communication is not robust and due to this reason it is susceptible to various types of threats and attacks, especially the denial of service attack. Since, this is very old and cheap attack therefore, it is necessary to have adequate knowledge about this attack and strategies of its prevention.
Remaining parts of this report are categorized as follow. In section 1.2, the background of D2D communication presented. Section 2 is about the related work already conducted on the same state of art. In section 3, the research method and plan to conduct this research are described. Common security issues in D2D communication are elaborated in section 4. In section 5, the detail description of denial of service attack to D2D communication and its defense mechanisms are described. Finally, the conclusion is presented in section 6.

3. Background

The mobile users are increasing day by day and mobile operators are working hard to fulfill the communication demand of these users. The use of cellular network is increasing with passage of time. It is not only used for voice calls or text messages, but it is also used by heterogeneous devices such as tablets, palm top and laptops. Due to the increasing use of cellular network for data exchange, its data transfer capacity has been exhausted and there is need of new communication technology that could meet the ever increasing demand for data transfer. In this regard, the device to device communication technology is perceived to meet this increasing data transfer demand. It is expected that in 4G cellular network, this technology will be very helpful to transfer data between two or more devices those are present in the vicinity of each other’s. In this technology, the communicating devices are not dependent upon the cellular network; these devices can use this network when required. Moreover, in D2D communication, there is no need of traversing the base station. The technology of the device to device communication is different than the technology of the conventional cellular network. The concept of the device to device communication was presented by Lin and Hsu in 2000. At that time, this technology was supposed to use the cell phones as a device to perform the function of multi hope relaying. The D2D cellular communication was supposed to improve the performance of cellular network and meet the increasing data transfer demand of users (Asadi et al., 2014).
The device to device cellular communication is simple, fast and efficient, but less secure. Although, this emerging technology provides many advantages, however at the same time, it is susceptible to various attacks and threats such as chop-chop attack, man in the middle attack and denial of service attack (Shen et al., 2014). To make optimal use of this technology, researchers are trying to find out new algorithms and systems to make security of D2D communication more strong than ever. In this regard, many techniques have been proposed by researchers such as security of the hypothetical basics of data, cyber, and the generation of cryptographic keys, signal processing and security of the physical layer. Moreover, due to lack of some local network controller and its openness nature in the environment.

To fulfill the different needs of mobile users, a number of new applications are being developed continuously. Due to which there is a big increase in demand of data transfer. Initially, in 2000 Lin and Hsu introduced the concept of the device to device cellular communication for direct interaction of two or more nearby devices. At first, the aim of the device to device cellular communication was to make use of smart phones for the sake of multi hope relaying in the cellular network. It was intended to meet the increasing demand of data transfer with enhancement in the performance f network. (Asadi et al., 2014). D2D communication is capable of being used as the machine to machine communication so it is expected that it will fulfill the emerging demand of data exchange rate.
In D2D communication, there is no need of cellular network or base station, for two mobile devices to interact with each other. In the conventional mode of cellular network, two devices were unable to directly communicate and it hardly matter the closeness of two devices. However, the conventional cellular networks were good at sending short messages and making voice calls. The various scenarios of D2D communication is shown in figure 1.

Figure 1          Various Scenario for the Device to Device Communication

There are many types of D2D communication such as “inband D2Dand outband D2D” (Asadi et al., 2014). In “inband D2D” communication, the same frequency band is used for D2D communication directly as well as via cellular network. This type of D2D communication provides good control over a cellular spectrum. Efficiency of a cellular band is improved in “Inband D2D communication” because its spectrum resources are reused (Asadi et al., 2014). This type of communication is further divided into two categories. The first category is known as “underlay D2D communication” and the second category is known as “overlay D2D communication”. In the first category, radio resources are shared for D2D communication as well as for cellular network. On the          other hand, in the second category dedicated radio resources are used for D2D communication and cellular network (Asadi et al., 2014). In this category, each type of communication is carried out by different radio resources and nothing is common. Although, “inband D2D communication” is very useful, however, its major drawback is the interference of D2D communication and cellular communication with each other.

In “outband D2D communication”, the issue of interference between D2D communication and cellular network is resolved (Asadi et al., 2014). In this type of D2Dcommunication, the unlicensed spectrum is used for D2D communication. However, in unlicensed spectrum wireless technologies such as Zigbee, wifi direct, Bluetooth are adapted that put constraints of extra interface. Further, there are two types of “outband D2D communication”. The first sub type is known as “controlled D2D communication” and the second sub type is known as “autonomous D2D communication”. The classification of D2D communication is shown in figure 2.

Figure 2          Classification of D2D Communication

Actually, the use of smart phones has increased to a great extent these days. Instead of just making voice calls or doing the text conversation, smart phones are widely used as the personal digital assistance and provide various kinds of support to users. Further, these devices are used to maintain and process the business document, play games, surf internet, watching movies, and etc. Due to these factors, mobile devices have become a multi-function device. Because of extensive use of the smart phones, there is the tremendous increase in demand of high data transfer rate.

This emerging technology, the Device to device communication has many advantages as compared with the advantages provided by the conventional cellular network. By using this emerging communication technology, the delay in the transfer of data has reduced to a great extent and the efficiency of the spectrum has increased. Moreover, the network throughput in this technology has also increased. Additionally, the energy used in a communication process has been conserved and fairness of system use has increased. Other than cellular networks, D2D communication also used in emerging technology known as cloud computing and devices present in the cloud also interact directly; this mechanism presented by Chen and Shao (2013) is shown figure 3.

Figure 3          Device to Device Communications in Cloud

Although, D2D communication has lots of advantages, however, Shen et al., (2014) narrated that this technology has many security issues and other limitations as well. This is due to the fact that security related issues of d2d communication have ignored greatly. However, Zhu et al., (2014) described that in this technology the security of the physical layer more robust than the security of other parts of the system. Because of the less secure communication process, d2d communication is less preferred for data exchange. moreover, many other security issues such as authentication, DoS attack, the attack of man in the middle, authorization, and the attack of the spoofing and global positioning system (GPS) (Wang and Zheng, 2015). To enhance the security  of this emerging communication technology and address security related issues, many types of solutions in the form of algorithms and system such as security of the hypothetical basics of data, signal processing, cyber, security of the physical layer and generation of cryptographic keys are proposed.

4.    Aims Significance and expected outcomes

Device to device cellular communication is the hot research area these days. It is perceived as a mechanism of fulfilling the high data transfer demand of the future. However, this is susceptible to various kinds of threats and attack. Lots of research is conducted to find out the security issues in D2D communication and their solutions as well. Lien et al. (2016) provided an overview of operations of D2D communication. They reported that there are three scenarios in which near devices can communicate with each other as shown in figure 4.

Figure 4          Three Scenarios for the Device to Device Communication

According to them, first scenario is that in which all communicating devices are present in the vicinity of cellular network; this scenario is given the name as “in-coverage D2D communication”. The advantage of this scenario is that devices can communicate with each other directly as well as via cellular network. In the second scenario, one of communicating devices is present in the network coverage and second is out of network coverage. This scenario is named as “partial coverage D2D communication”. In this scenario, the device present in network coverage can act as a relay for the device that is out of coverage of cellular network. As per their third reported the scenario, both communicating devices are out of coverage of cellular network and can only share information with each other directly or one device can act as a relay for other devices. They also provided the system architecture of D2D communication and required radio interfaces. The overview of device discovery procedure, physical channel and signals, resource management and mobility, and physical procedures used in D2D communication is also presented. Tu et al. (2015) critically analyzed the solution provided to the user for voice support over 4G cellular network. They reported that recently two solutions those are “circuit switched fall back” and “voice over LTE” are used to provide voice support over 4G cellular network. They claimed that both solutions are susceptible to attacks and threats. They reported that in “voice over LTE” solution, an attacker can make a silent call to the victim device after getting the state of radio resources of this device. This silent call can drain the battery of victim device 5 to 8 time faster than normal operation. They also reported that “circuit switched fall back” solution may be susceptible to pin-pong attack that can downgrade the performance of the device to 91.5 percent. Moreover, this solution may be susceptible to DoS attack. Further, they also proposed some remedies to detect and counter these attacks.

Zargar et al. (2013) conducted a survey on the latest DoS attack and defense mechanism. They tried to aggregate the state of art on several types of DDoS attacks and categorized the defense mechanism for their countermeasures. Their presented classification is shown figure 5.

Figure 5          Categorization of Defense Mechanisms of the DDoS

Similar type of work was carried by Rajkumar and Manisha (2013). They described the 14 types of defense mechanism devised to protect systems from DoS attack. They evaluated these mechanisms critically and elaborated the advantages and short comings of each defense mechanism. Arockiam and Vani (2010) conducted a survey to aggregate the state of art on DoS attacks to wireless networks and their countermeasures as well. They also carried out some experiments to detect two main attacks those are “disassociation” and “deauthentication” flooding denial of service attacks. Moreover, they also presented the solutions of these attacks and evaluated these solutions as well.

5.    Methodology and Plan

This research was some sort of qualitative research as this research was intended to find out the security issues in the device to device communication in descriptive form and special focus was on “denial of service attack”.

Figure 6          Research Process

There is more need of control over the research context for quantitative research methods as compared with qualitative methods. Due to this reason, quantitative research methods are more preferred for experimental research. Moreover, quantitative research methods are good as for as results are considered because research results produced using these methods are more precise than the results of qualitative methods. Further, there is more robustness and organized as compared with qualitative one. Using these methods, data analysis is carried out on statistical information to produce authenticate results and build a mathematical model. However, there are some limitations of these methods. The First shortcoming of these methods is that these need well control over research context, and sometimes it is very difficult to get full control over all context of research environment. Moreover, participants are not allowed to add new information, rather they are restricted to answer from the predefined list of answers. Due to this reason, the findings of these methods are banal and trivial. In the light of above discussion, it was planned to collect qualitative data and make this research a qualitative on as it is more appropriate to achieve the objectives of this research.

This research was conducted by employing a survey of literature (SL) research method in form of Systematic Literature Review (SLR). This is the relative new research method proposed by (Kitchenham et al., 2011.). Because of its unique design, this research is most suitable to conduct systematic, fast and efficient literature review published on a narrow topic of software engineering. SLR was perceived as the most appropriate research method for this research (Kitchenham et al., 2011). Kitchenham et al. (2011) described the three phases of conducting this type of research. These phases were the planning the review, conducting the actual review and reporting the results and findings of research to its intended users. Before, initiating this research a detail plan of this research known as research protocol was developed (see appendix A). The guidelines provided by Kitchenham and Charters (2007) were followed to develop this protocol. The protocol provides many advantages such defines milestones, schedule of activities to be carried out and methods and material required for research. This research was started form 07 May 2016 and ended on 24 May 2016. Time taken by each major research activity is shown in figure 7.

Figure 7          Time Taken by each Major Research Activity

5.1.        Research Question

The stated research problem in the introduction section was formulated into research question. In this research, following research question was answered by employing the SLR.

RQ1: What are the denial of service attack and threats to the security of the device to device communication and its countermeasures as well?

Research question was carefully designed by analyzing the research problem thoroughly. Research question makes the general thing a specific one and easier the subsequent research activities to be carried out.

5.2.        Search Strategy

Pre-defined search strategy, makes the research process efficient. To identify, collect, analyze and categorize most relevant primary studies and to produce valid and authenticate results following the search strategy was used.

5.2.1.            Selection of Research Databases

Most appropriate primary studies published on security issues and the threat to the device to device communication available at three comprehensive research databases these include IEEE, ACM and Science direct were collected in this research. The main reason of selection of these databases was that the contents available at these databases are of high quality and validated. Moreover, most of high quality computer science related research literature is available at these databases.

5.2.2.            Time Period

Most appropriate primary studies published on security issues and threat to the device to device communication between the period of 2000 to 2016, available at three comprehensive research databases these include IEEE, ACM and Science direct were collected in this research, because the concept of this emerging technology came into existence in 2000.

5.2.3.            Search Strings

We applied the constructed search strings at the advance search interface of selected databases to collect most appropriate primary studies. These search strings were constructed with great care so that most relevant primary studies may be identified. Moreover, before finalization of search strings an initial prototype on these databases was conducted o check the feasibility and suitability of search strings. Followings the search strings were constructed to collect relevant literature on D2D communication and its security issues.

“Threats to device to device communication”, “security issues of device to device communication”, “limitations of device to device communication” and “security measures of device to device communication”, “denial of service attack and device to device communication

 

5.3.        Identification of Primary Studies

To find out the primary studies related to D2D communication and its security issues; constructed search strings were applied at the databases of IEEE, ACM and Science direct and a significant number of primary studies to answer the research question of this research were identified.

5.4.         Process of Primary Studies’ Selection

To find out and include the most relevant primary studies for data extraction, all identified primary studies were passed through inclusion and exclusion criteria as described here. The process of selection of primary studies is shown in figure 8.

5.4.1.            Exclusion of Primary Studies on the basis of Repetition

As research was conducted on three Scopus research database that is why there were chances that one study was available on more than one research databases. Therefore, the repeated primary study was excluded and its latest version was included for data extraction.

5.4.2.             Exclusion of Primary Studies on the basis of short papers

Some journals also publish the short papers of length less than four pages as well as opinion and reviews of some experts. Such papers are hard to be validated and are based on their personal experiences. Therefore, all such papers were excluded.

5.4.3.             Exclusion of Primary Studies on the basis of not English

While defining the research protocol, it was mentioned that the papers published in English will only be considered for data extraction and analysis. Since, it is an international language and easy to understand as compared with other languages those are not in practice. Therefore, all primary studies published in a language other than in English were excluded.

 

Figure 8          Primary Studies Selection Process

5.4.4.             Exclusion of Primary Studies on the basis of Title Reading

Some primary studies were excluded from the data extraction after careful reading of its “title”. If the title of primary study did not show any relevancy with the topic under research then such kind of primary study was excluded from data extraction.

5.4.5.             Exclusion of Primary Studies on the basis of Abstract

The abstract of primary studies whose title seemed to be appropriate was analyzed critically and if no relevancy was found with the topic under research then primary study was excluded.

5.4.6.             Exclusion of Primary Studies on the basis of Full Paper Reading

Finally, if the title and abstract of primary studies was relevant to the topic under research then such primary studies were analyzed completely by reading full paper. If there were no significant relationship between the topic of primary study and the topic under research, then all such primary studies were excluded.

5.5.         Quality Assessment of Selected Primary Studies

It is important to assess the quality of research paper in the perspective of research being conducted. During the survey of literature, the secondary data should be collected from research papers which are of high quality and low quality papers should be excluded from the data collection process. To extract high quality data, the quality of selected primary studies was assessed by designing a five Likert scale questioner. The objective of using the Likert scale was to categorize selected primary studies from strongest to the weakest or from lowest quality primary study for the highest quality primary study. The grade of the Likert scale was from ‘1’ to ‘5’; ‘1’ means the lowest quality and ‘5’ means the highest quality. For data extraction, primary studies having quality “normal” or higher were included. The questioner prepared for assessing the quality of selected primary studies is shown in the table 1.

Table 1           Questioner for Assessing the Quality of Selected Primary Studies

S. NO Question
1 Aim of research was clearly defined?
2 Problem and its solution were described clearly in an abstract?
3 Paper described the device to device communication?
4 Paper described the security issue(s) of device to device communication
5 Paper was published in good journal/conference?
6 Paper was well structured?
7 The Results produced were appropriate?
8 Paper contributed for enhancement of device to device communication?
9 Impacts of DoS attack to D2D communication was elaborated precisely?

5.6.         Data Extraction

After applying inclusion and exclusion criteria on identified primary studies and assessment of quality of finally selected primary studies, the process of data extraction was started. The data was extracted in favor of the defined research question to be answered in this research. To extract complete and accurate data, at least two persons are recommended to perform this task. Moreover, a team of researchers is preferred to perform this task to avoid the biasness and mistakes of a single researcher (Kitchenham et al., 2011). In this research, author performed the data extraction and supervisor verified and validated the extracted data. The data extracted to answer the research question was recorded in a spreadsheet for further analysis. Following data was extracted from high quality primary studies.

  • The name of conferences or journals
  • title
  • author(s),
  • year of publication
  • types of evaluations of the proposed systems
  • aspect of device to device communication presented
  • security issues in the device to device communication
  • counter measures of security issues in the device to device communication
  • types of denial of service attack
  • countermeasures of denial of service attack
  • solutions for security issues in the device to device communication

 

5.7.         Data Analysis

A thorough analysis of extracted data was carried out to produce results. During data analysis, the selected primary studies were divided into four categories. The first category was proposed by Wieringa et al. (2006). They described three types of research those include solution proposal research, evaluation research and validation research. In the first category, primary studies were categorized according to type of research conducted. This category was named as “types of D2D communication research”. Other categories were defined in this research as per context and requirement of this research. The second category was named as “Process of Device to Device Communication”. In this category, all primary studies discussed the process of D2D communication were included. The third category was the “security issues in D2D communication”. In this category, primary studies describing the security issues in D2D communication were included. The fourth category was named as “denial of service attack in D2D communication”. In this category, primary studies describing the process and impact of denial of service attacks to D2D communication were included.

5.8.        Task Plan

The task plan to perform this research is categorized into four major task, which are further categorized into sub categories. The major divisions are planning, Research, Writing and Review which are reflected in the Gantt chart shown in the figure 1.

6.    Security Threats and Attacks to Device to Device Communication

Device to device cellular communication technology is an emerging area for communication and research is being conducted in this area to make is more robust, fast, efficient and secure. Researchers are trying to find out the new solution to address the security issues of device to device communication (Bista, 2015). Although, it is considered a next communication technology, however, its benefits are not cost or risk. Although, D2D communication is considered an attractive, simple, and cost effective, however due to susceptible to security threats; it is not preferred for communication of secure information. There are many security threats to d2d communication such as “brute force attack”, “Hol 196” and “chop chop attack”. Most common and major security threats to D2D communication are described here.

6.1.        Chop-chop Attack to Device to Device Communication

Kore (2004) presented the “chop chop attack” to decrypt the information over a wireless network without knowing the security key. This method is given this name because of its working style. In this attack, cipher text is captured and chopped into pieces and new data packet is derived by guessing some values from the remaining packets. Further, the newly derived packet is sent back to the receiver to the access point for assurance of correct decryption. If the access point gives some response then the packet is decrypted accurately. Sheldon et al. (2012) also described the mechanism of this attack to D2D communication.

6.2.        Brute Force Attack to Device to Device Communication

In the brute force attack to device to device communication, and the intruder tries to decrypt the public security key by using the library of possible keys. In this type of attack, a possible combination of characters is used to break the key. This is very lengthy and time consuming process and digital intelligence devices have capability to detect such type of attacks.

6.3.        Man in the Middle Attack

This type of attack was developed by Ohigashi and Morii (Sheldon et al., 2012). In this type of attack, an attacker places himself between communication devices, and realizes these devices that these are directly communication with each other (Venkatasubramanian, et al. 2010). In this way, an attacker can access the confidential information and can manipulate it as per his/her goals. In this attack, data packets are prevented to be reached at destination. This is very dangerous, because susceptible devices will be acting upon receiving the wrong information and command.

6.4.        Spoofing Attack to Device to Device Communication

In this type of attack, an attacker adopts the role of an active device and tries to simulate its activities (Venkatasubramanian, et al. 2010). They described that “spoofing” is much simpler than “man in the middle attack” because in the spoofing attacker, no need to place himself between communication devices. In this type of attack, the attacker uses the technique of replaying the earlier conversation between two devices and tries to find out the public security key.

6.5.        Miscellaneous Attacks and Threats to Device to Device Communication

Other than the attacks described in earlier paragraphs, there are many more types of attacks and threats to the device to device communication such as “denial of service attack (DoS)”, “Original Beck-Tews Attack”, “Halvorsen-Haugen Attack” and “Hole 196 Attack”. As per focus of this research, the details of “denial of service attack is presented in the next section.

7. Denial of Service Attack to Device to Device Communication and its Defense Mechanism

Abliz (2011) narrated that there are mainly three constructs of systems’ security. These include the constructs of integrity, availability and confidentiality. The security of the device to device communication systems is broken by targeting anyone of its constructs. The denial of service attack is easy and appropriate to lessen the availability of system. In this technique, system is blocked to provide intended services to its users. Now days, with the advancement of cloud computing the requirements of various services is increasing day by day hence, to provide break services to all its user and all the time; it is very necessary to address the attack of DoS, otherwise running system will be useless. Prevention of denial of service is a big challenge because in this technique no running is damaged. Moreover, it is very difficult to differentiate among requests to various types of users either legal user or a hacker and it makes the detection of DoS attack very difficult (Abliz, 2011). The simple mechanism of this type of attack is shown in figure 9.

Figure 9          Simple Denial of Service Attack Mechanism

7.1. Types of Denial of Service Attack to Device to Device Communication

With the advancement of technology and communication protocol, more secure mechanisms of communication are devised to protect the information from intruders. On the other hand, hackers and intruders are trying their best to break this security mechanism and get illegal access to secure information. With the passage of time, different and more powerful denial of services attacks are developed. DoS attacks are launched on the application, operating systems, router, ongoing communication, links, infrastructure, and firewall (Abliz, 2011). DoS attacks may be launched from the fixed single source or multiple sources or locations and due to this factor, these attacks are categorized according to locations used for attacking the victim system. The first is a single source and the second is a multi-source or the distributed source. In single source denial of service (SDoS) attack, all the carefully crafted messages are sent to the victim system by using the single computer. There are many more types of denial of the service attack described in the literature discussed in further sub sections.

7.1.1. Ping to Death Denial of Service Attack

The “ping to death” types of attack, the scarce or limited resources are targeted and exhausted (Abliz, 2011).  This attack is launched by sending large data packets more than defined in the protocol used by communicating devices. Moreover, to launch such attacks, there is no need of knowledge about a target system or device other than its IP address. It’s working mechanism is shown in figure 10.

Figure 10        Mechanism of Launching Ping to Death DoS Attack

7.1.2. Distributed Denial of Service Attack (DDoS)

In distributed denial of service attack, attackers attack the victim system through multiple places at the same time. The mechanism of DDoS attack is shown in figure 11. As shown in the figure, there are two basic components of DDoS attackers. The first component is comprised of agents and second component is the attack controller known as handler. Attack handler controls and direct the agents that how to attack, where to attack and when to attack. After getting information, agents start sending attack messages to the victim system. There are some other terms used for this attacking mechanism such as “handler” is also known as “Master” and “agents” are also known as “botnets”. Due to the powerful attacking mechanism of DDoS attack, this is considered more dangerous than SDoS attack as well as hard to be detected and prevented (Johnson and Bhuvaneswari, 2014).

Figure 11        Distributed Denial of Service Attack

7.1.3. Session Initiation Protocol (SIP) Based Denial of Service Attack

These types of attacks are launched while opening the session with the victim system. There are many types of such attacks such “message payload tempering”, “message flooding” and “message flow tempering”. The architecture of devices to device communication using SIP presented by Ehlert et al. (2010) is shown in figure 12. The SIP is basically a text based protocol to share information in the form of text without using any type of encryption (Ehlert et al., 2010). As the information is in plain text, therefore, it is easy for an attacker to inject wrong or meaningless information into real information. In this attack, the buffer of target system is overflowed by inserting extra and meaningless information as a result the target system crashes due to the shortage of memory (Ehlert et al., 2010).

Figure 12        Devices connected and Communicating using SIP

In other type of SIP based attack, the “message flow tempering”, the flow of messaging is disturbed between communication devices. This flow of messaging or connection is tempered by injecting fake signaling messages (Ehlert et al., 2010). The process of injecting the fake signal is shown in figure 13.

Figure 13        Mechanism of SIP Message Flow Tempering Attack

For success of such type of attack, it is compulsory for an attacker to know the parameters of the ongoing session. There is another type of similar attack, known as “message flooding”. In this type of attack, three resources of a system are targeted these include “memory”, “CPU” and “network bandwidth”. In this attack, all these resources are exhausted by sending the flood of messages to systems using SIP for communications (Ehlert et al., 2010).

Figure 14        Schematic Diagram of Message Flooding Denial of Service Attack

To exhaust the bandwidth, an attacker injected the messages of size greater than the capacity of network, CPU is exhausted by sending more number of messages than a CPU can process and memory is exhausted by sending more request without establishing the connection with the system (Ehlert et al., 2010). The schematic diagram of DoS flood attack is shown in figure 14.

7.2. Defense Approaches to Denial of Service Attack to Device to Device Communication

As described earlier that researchers are trying to find out more robust solutions for d2d communication. In this regard, many types of algorithms and systems are devised to defend the d2d communication from various attacks and threats. The commonly used system to detect the denial of service attack and protect the system from these attacks are known as “single intrusion prevention systems”. Generally, to counter the DoS attack the techniques such as “removal of server of command and control”, “redirecting suspected traffic” and “Cleanliness of infected system”. Streilein et al. (2003) proposed an algorithm to detect flood based denial of service attack. This algorithm requires no extra hardware rather it uses existing systems such as routers, LAN switches and bridges. They have used remote monitoring capable device to detect this attack. This algorithm is suitable for Simple Network Management Protocol (SNMP) and it analyzes the network traffic such as the size of the packet, the number of packets per second and packet error rate to detect this attack. Johnson and Bhuvaneswari (2014) proposed a new “intrusion prevention System” named as “Ring-Based overlay Protection”. To detect the DoS attack, it compares the bandwidth used practically with theoretical bandwidth of the host. Doron and Avishai (2011) proposed a web based DDoS attack attenuator with the intention of attenuating the bandwidth of DDoS attackers. The architecture of this technique is shown in figure 15. This is a kind of asymmetric technique and most suitable for monitoring and protecting uplinks only. The most powerful mechanism of this technique is that it may be used with randomized threshold that support in trapping and penalizing the deterministic traffic by zombies, they struggle to simulate the human user pattern. Luan et al. (2012) DoS attack detection method for wireless mesh network. They developed this method to work with AODC ad hoc network protocol. In this method, end to end authentication of users, pre-assumed two threshold value, the cache memory utilization rate distributed voting is used to detect DoS attackers. This network outperforms for the hierarchical zone based network model as shown in figure 16.

Figure 15        architecture of DDoS Attack Attenuator

Figure 16        Zone based Network Model

Hamdi and Noureddine (2007) proposed a wavelet transform based DoS attack detection method. In this method, security of the network is constantly monitored by using accurate matrices. These matrices are transferred to space of time scale by using wavelet transformation. Lipschitz singularities are used to view the DoS attack. Armbruster et al. (2007) presented an algorithm to detect the spoofed-based DoS attack. In this algorithm, the origin address of the packet is compared with the origin address in the current road map to verify the origin of the packet so that no spoof packet reaches to the destination. Khattab et al. (2006) also presented a “honeypot back-propagation” method to mitigate spoof based DDoS attack. This method is based on hop by hop trace back mechanism. In this method, accurate attack signatures are obtained by employing a roaming honeypot leverage. Another, effective method to detect the denial of service attack its source has been devised by Aljifri (2003) known as “IP trace back”. In this technique, received packets are traced back to their origins. This technique is very useful for restoring the functionality of the network, in a quick and efficient way. Moreover, it prevents recurring of DoS attacks, identify the attackers and hold them accountable (Aljifri, 2003). There are some challenges in designing a robust system against DoS attack. These challenges include the limitations of internet architecture, resource sharing, routing of the packet through multiple paths, decentralized management, accountability and variations in the capacity of link (Abliz, 2011).

8.    Conclusion

The device to device communication is relative new technique and emerging technology to meet the higher data transfer. This emerging technology provides many advantages such reduces power consumption during transmission, enhances the efficiency of the frequency spectrum, increases the data transfer speed as a result reduces the transmission delay and increases the throughput of cellular network. Even though, this emerging communication technology is not used extensively for sharing secret information because of its less secure data transfer mechanism. Rather, it is only suitable for exchanging the high and less secure data between devices present in the vicinity of each other. Because, this communication technology is susceptible to various threats and attacks such message flooding attack, chop chop attack, denial of service attack and its variants. Although, researchers are trying to find out more robust secure data transfer mechanisms for this technology, however, yet there is no significant progress towards this goal.

The availability of system is targeted through many techniques and the most famous and easy to implement is the “Denial of Service” (DoS) technique. In this technique, system is blocked to provide intended services to its users. Now days, with the advancement of cloud computing the requirements of various services is increasing day by day hence, to provide break services to all its user and all the time; it is very necessary to address the attack of DoS, otherwise running system will be useless. Among other types of attacks to D2D communication denial of service is easy to launch and hard to detect and prevent. Because, to launch this attack; rights of normal user are required.

The findings of this research depicted that device to device cellular communication is more appropriate to transfer bulk amount of data that requires least security. Because, this technique of communication is less secure and faster than conventional cellular network. Therefore, it is recommended to the conventional cellular network to transfer secure data. Although, it is slow and will take time to transfer bulky data, however, security of data will be guaranteed.

Denial of service attack is very common and easy to launch and hard to detect and protect. In literature, many types of denial of service of attacks are described and most dangerous is distributed denial of service attack. Hence, a foolproof security mechanism should be devised to strengthen the security of this emerging communication technology.

9.    References

 

  • Kitchenham, B.A., Budgen, D. and Brereton, O.P., 2011. Using mapping studies as the basis for further research–a participant-observer case study. Information and Software Technology, 53(6), pp.638-651.
  • Keele, S., 2007. Guidelines for performing systematic literature reviews in software engineering. In Technical report, Ver. 2.3 EBSE Technical Report. EBSE.
  • Asadi, A., Wang, Q. and Mancuso, V., 2014. A survey on device-to-device communication in cellular networks. Communications Surveys & Tutorials, IEEE, 16(4), pp.1801-1819.
  • Lin, Y.D. and Hsu, Y.C., 2000, March. Multihop cellular: A new architecture for wireless communications. In INFOCOM 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE (Vol. 3, pp. 1273-1282). IEEE.
  • Shen, W., Hong, W., Cao, X., Yin, B., Shila, D.M. and Cheng, Y., 2014, December. Secure key establishment for device-to-device communications. In Global Communications Conference (GLOBECOM), 2014 IEEE (pp. 336-340). IEEE.
  • Zhu, D., Swindlehurst, A.L., Fakoorian, S.A.A., Xu, W. and Zhao, C., 2014, May. Device-to-device communications: The physical layer security advantage. In Acoustics, Speech and Signal Processing (ICASSP), 2014 IEEE International Conference on (pp. 1606-1610). IEEE.
  • Wang, M. and Yan, Z., 2015, August. Security in D2D Communications: A Review. In Trustcom/BigDataSE/ISPA, 2015 IEEE (Vol. 1, pp. 1199-1204). IEEE.
  • Tehrani, M.N., Uysal, M. and Yanikomeroglu, H., 2014. Device-to-device communication in 5G cellular networks: challenges, solutions, and future directions. Communications Magazine, IEEE, 52(5), pp.86-92.
  • Camps-Mur, D., Garcia-Saavedra, A. and Serrano, P., 2013. Device-to-device communications with Wi-Fi Direct: overview and experimentation. Wireless Communications, IEEE, 20(3), pp.96-104.
  • Sheldon, F.T., Weber, J.M., Yoo, S.M. and Pan, W.D., 2012. The insecurity of wireless networks. Security & Privacy, IEEE, 10(4), pp.54-61.
  • Ghanem, S.A. and Ara, M., 2015, February. Secure communications with D2D cooperation. In Communications, Signal Processing, and their Applications (ICCSPA), 2015 International Conference on (pp. 1-6). IEEE.
  • Fodor, G., Parkvall, S., Sorrentino, S., Wallentin, P., Lu, Q. and Brahmi, N., 2014. Device-to-device communications for national security and public safety. Access, IEEE, 2, pp.1510-1520.
  • Hadiks, A., Chen, Y., Li, F. and Liu, B., 2014, January. A study of stealthy denial-of-service attacks in Wi-Fi direct device-to-device networks. In Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th (pp. 507-508). IEEE.
  • Zhang, A., Chen, J., Hu, R.Q. and Qian, Y., 2015. SeDS: Secure Data Sharing Strategy for D2D Communication in LTE-Advanced Networks.
  • Bista, A., 2015. Neighbor and Service Discovery Protocols with Security Enhancement for Device-to-Device Communication in LTE {LTE-A Cellular Networks (Doctoral dissertation, University of Agder).
  • Ramasubramanian, S., Chung, S., Ding, L. and Ryu, S., 2013. Secure and Smart Media Sharing Based on Direct Communications Among Mobile Devices Underlying in LTE-A Cellular Network. University of Washington.
  • Doppler, K., Manssour, J., Osseiran, A. and Xiao, M., 2008. Innovative concepts in peer-to-peer and network coding. changes, 16, p.09.
  • Doppler, K., Rinne, M., Wijting, C., Ribeiro, C.B. and Hugl, K., 2009. Device-to-device communication as an underlay to LTE-advanced networks. Communications Magazine, IEEE, 47(12), pp.42-49.
  • Streilein, W.W., Fried, D.J. and Cunningham, R.K., 2003, September. Detecting flood-based denial-of-service attacks with snmp/rmon. In Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, Fairfax, Virginia, USA.
  • Doron, E. and Wool, A., 2011. Wda: A web farm distributed denial of service attack attenuator. Computer Networks, 55(5), pp.1037-1051.
  • Luan, L., Fu, Y. and Xiao, P., 2012. An effective Denial of Service Attack Detection Method in Wireless Mesh Networks. Physics Procedia, 33, pp.354-360.
  • Hamdi, M. and Boudriga, N., 2007. Detecting Denial-of-Service attacks using the wavelet transform. Computer Communications, 30(16), pp.3203-3213.
  • Armbruster, B., Smith, J.C. and Park, K., 2007. A packet filter placement problem with application to defense against spoofed denial of service attacks. European Journal of Operational Research, 176(2), pp.1283-1292.
  • Khattab, S., Melhem, R., Mossé, D. and Znati, T., 2006, April. Honeypot back-propagation for mitigating spoofing distributed Denial-of-service attacks. In Parallel and Distributed Processing Symposium, 2006. IPDPS 2006. 20th International (pp. 8-pp). IEEE.
  • Zargar, S.T., Joshi, J. and Tipper, D., 2013. A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. Communications Surveys & Tutorials, IEEE, 15(4), pp.2046-2069.
  • Rajkumar, M.N., 2013. A Survey on Latest DoS Attacks: Classification and Defense Mechanisms.
  • Arockiam, L. and Vani, B., 2010. A Survey of Denial of Service Attacks and it’s Countermeasures on Wireless Network.
  • Lien, S.Y., Chien, C.C., Tseng, F.M. and Ho, T.C., 2016. 3GPP Device-to-Device communications for BeyonD 4G cellular networks. IEEE Communications Magazine, 54(3), pp.29-35.
  • Tu, G.H., Li, C.Y., Peng, C. and Lu, S., 2015, September. How voice call technology poses security threats in 4G LTE networks. In Communications and Network Security (CNS), 2015 IEEE Conference on (pp. 442-450). IEEE.