UMass DOME 

Abstract---

Disruption-Tolerant Networks (DTNs) deliver data in network environments composed of intermittently connected nodes. Just as in traditional networks, malicious nodes within a DTN may attempt to delay or destroy data in transit to its destination.  Such attacks include dropping data, flooding the network with extra messages, corrupting routing tables, and counterfeiting network acknowledgments.  Many existing methods for securing routing protocols require authentication  supported by mechanisms such as a  public key infrastructure (PKI), which is difficult to deploy and operate in a DTN, where connectivity is sporadic.  Furthermore, the complexity of such mechanisms may dissuade node participation so strongly that potential attacker impacts are dwarfed by the loss of contributing  participants. In this paper, we use two connectivity traces, from the UMass DieselNet and Haggle projects, to quantify attack effectiveness on an unsecure DTN.  We show that the same epidemic routing used to provide robustness in the face of unpredictable mobility allows the network to gracefully survive attacks.   In the case of the most effective attack, acknowledgment counterfeiting, we show a straightforward defense that uses cryptographic hashes but not a central authority.  We conclude that disruption-tolerant networks are extremely robust to attack; in our trace-driven evaluations, an attacker that has compromised 30% of all nodes reduces throughput by only 15% and up to 50% with knowledge of future events.