network layer misbehavior in mobile ad hoc...
TRANSCRIPT
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
References
Network Layer Misbehavior inMobile Ad Hoc Networks
Matt Liss
EE4723: Computer and Network Security
March 22, 2011
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
References
Outline
1 Introduction
2 Routing in MANETProactive Table Driven ApproachReactive On-Demand Approach
3 MANET Routing Attacks
4 Routing Attack Prevention/DetectionCryptographic Based SolutionsProtocol ExtensionsTrust Based Solutions
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
References
Network Layer Misbehavior
Network Layer
Recall that the network layer is responsiblefor establishing end-to-end connectivity
The primary concern of the network layer isrouting—finding a path from source todestination
Network Layer Misbehavior
Any action that disrupts the usual operation ofthe routing protocol in use
TCP/IP Model
Application Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
References
Network Layer Misbehavior
Network Layer
Recall that the network layer is responsiblefor establishing end-to-end connectivity
The primary concern of the network layer isrouting—finding a path from source todestination
Network Layer Misbehavior
Any action that disrupts the usual operation ofthe routing protocol in use
TCP/IP Model
Application Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
References
Network Layer Misbehavior
Network Layer
Recall that the network layer is responsiblefor establishing end-to-end connectivity
The primary concern of the network layer isrouting—finding a path from source todestination
Network Layer Misbehavior
Any action that disrupts the usual operation ofthe routing protocol in use
TCP/IP Model
Application Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Routing in MANET
Two basic approaches to routing in MANETs
Table Driven Approach (Proactive)
Each node stores a routing table with precalculated routes to allother nodes
Updates for topology changes are accomplished through periodicbroadcast messages
On-Demand Approach (Reactive)
Source initiated route discovery
A route to a destination is created only when data is ready to besent to that destination
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Routing in MANET
Two basic approaches to routing in MANETs
Table Driven Approach (Proactive)
Each node stores a routing table with precalculated routes to allother nodes
Updates for topology changes are accomplished through periodicbroadcast messages
On-Demand Approach (Reactive)
Source initiated route discovery
A route to a destination is created only when data is ready to besent to that destination
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Routing in MANET
Two basic approaches to routing in MANETs
Table Driven Approach (Proactive)
Each node stores a routing table with precalculated routes to allother nodes
Updates for topology changes are accomplished through periodicbroadcast messages
On-Demand Approach (Reactive)
Source initiated route discovery
A route to a destination is created only when data is ready to besent to that destination
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Proactive Table Driven Approach
Advantage
Routes are ready to use when data becomes available (assumingtopology hasn’t changed)
Disadvantages
Don’t react as quickly to changes in topology—better for lessmobile networks
Constant amount of communication overhead due to flooding oflink information
Optimized Link State Routing (OLSR) is one table driven protocol
Based on Open Shortest Path First (OSPF)
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Proactive Table Driven Approach
Advantage
Routes are ready to use when data becomes available (assumingtopology hasn’t changed)
Disadvantages
Don’t react as quickly to changes in topology—better for lessmobile networks
Constant amount of communication overhead due to flooding oflink information
Optimized Link State Routing (OLSR) is one table driven protocol
Based on Open Shortest Path First (OSPF)
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Proactive Table Driven Approach
Advantage
Routes are ready to use when data becomes available (assumingtopology hasn’t changed)
Disadvantages
Don’t react as quickly to changes in topology—better for lessmobile networks
Constant amount of communication overhead due to flooding oflink information
Optimized Link State Routing (OLSR) is one table driven protocol
Based on Open Shortest Path First (OSPF)
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Review of OSPF (Open Shortest Path First)
Each node determines cost to its directly connected neighborsThis information is reliably flooded through the network
Reliable Flooding
Each node receives link-state information from each other node
Each node has most recent copy of link-state information
Accomplished through sequence number and time-to-live
Figure: Reliable Flooding Example
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Review of OSPF (Open Shortest Path First)
Each node determines cost to its directly connected neighborsThis information is reliably flooded through the network
Reliable Flooding
Each node receives link-state information from each other node
Each node has most recent copy of link-state information
Accomplished through sequence number and time-to-live
Figure: Reliable Flooding Example
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Review of OSPF (Open Shortest Path First)
Each node determines cost to its directly connected neighborsThis information is reliably flooded through the network
Reliable Flooding
Each node receives link-state information from each other node
Each node has most recent copy of link-state information
Accomplished through sequence number and time-to-live
Figure: Reliable Flooding Example
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Optimized Link State Routing (OLSR)
Based on OSPF with modifications due to wireless environment
Neighbor Sensing
All neighbors are reached through the same interface
Sends hello messages to sense its neighbors
Flooding
Each node forwards a flooded message only if it has notpreviously forwarded the same message
Topology Control messages are flooded through the network todistribute neighbor information
Not reliable—no guarantee that every other node gets message
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Optimized Link State Routing (OLSR)
Based on OSPF with modifications due to wireless environment
Neighbor Sensing
All neighbors are reached through the same interface
Sends hello messages to sense its neighbors
Flooding
Each node forwards a flooded message only if it has notpreviously forwarded the same message
Topology Control messages are flooded through the network todistribute neighbor information
Not reliable—no guarantee that every other node gets message
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Optimized Link State Routing (OLSR)
Based on OSPF with modifications due to wireless environment
Neighbor Sensing
All neighbors are reached through the same interface
Sends hello messages to sense its neighbors
Flooding
Each node forwards a flooded message only if it has notpreviously forwarded the same message
Topology Control messages are flooded through the network todistribute neighbor information
Not reliable—no guarantee that every other node gets message
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Reactive On-Demand Approach
Advantages
React quickly to topology changes
No communication overhead in the absence of topology changes
Disadvantage
A route may not exist to a destination when data is ready to besent ⇒ delayed transmission
Ad-hoc On-demand Distance Vector Routing (AODV)
Dynamic Source Routing (DSR)
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Reactive On-Demand Approach
Advantages
React quickly to topology changes
No communication overhead in the absence of topology changes
Disadvantage
A route may not exist to a destination when data is ready to besent ⇒ delayed transmission
Ad-hoc On-demand Distance Vector Routing (AODV)
Dynamic Source Routing (DSR)
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Reactive On-Demand Approach
Advantages
React quickly to topology changes
No communication overhead in the absence of topology changes
Disadvantage
A route may not exist to a destination when data is ready to besent ⇒ delayed transmission
Ad-hoc On-demand Distance Vector Routing (AODV)
Dynamic Source Routing (DSR)
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Ad-hoc On-demand Distance Vector Routing(AODV)
Nodes store a routing table with next hop information
Routing table is filled based on route discovery process
Route Discovery
Route Request (RREQ) packet is broadcast through network
Either the destination of the RREQ or a node with a route tothe destination replies with a Route Reply (RREP) packet
RREPs are unicast back to the originator of the RREQ
Route Maintenance
When a node detects a link failure it broadcasts a Route Error(RERR) packet
Upon reception of a RERR, the route discovery process isinitiated by nodes that needed the failed route
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Ad-hoc On-demand Distance Vector Routing(AODV)
Nodes store a routing table with next hop information
Routing table is filled based on route discovery process
Route Discovery
Route Request (RREQ) packet is broadcast through network
Either the destination of the RREQ or a node with a route tothe destination replies with a Route Reply (RREP) packet
RREPs are unicast back to the originator of the RREQ
Route Maintenance
When a node detects a link failure it broadcasts a Route Error(RERR) packet
Upon reception of a RERR, the route discovery process isinitiated by nodes that needed the failed route
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Ad-hoc On-demand Distance Vector Routing(AODV)
Nodes store a routing table with next hop information
Routing table is filled based on route discovery process
Route Discovery
Route Request (RREQ) packet is broadcast through network
Either the destination of the RREQ or a node with a route tothe destination replies with a Route Reply (RREP) packet
RREPs are unicast back to the originator of the RREQ
Route Maintenance
When a node detects a link failure it broadcasts a Route Error(RERR) packet
Upon reception of a RERR, the route discovery process isinitiated by nodes that needed the failed route
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Dynamic Source Routing (DSR)
Source Routing
Routing tables contain entire routes rather than next hops
Each data packet contains the address of each node along thepath from source to destination
Route Discovery
Same process used by AODV, except:
Each node that forwards a RREQ adds its address to the header
Addresses from header of RREQ are reversed to create a RREP
Same Route Maintenance process used by AODV
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Dynamic Source Routing (DSR)
Source Routing
Routing tables contain entire routes rather than next hops
Each data packet contains the address of each node along thepath from source to destination
Route Discovery
Same process used by AODV, except:
Each node that forwards a RREQ adds its address to the header
Addresses from header of RREQ are reversed to create a RREP
Same Route Maintenance process used by AODV
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Table Driven
OLSR
On-Demand
AODV
DSR
Routing Attacks
Prevention /Detection
References
Dynamic Source Routing (DSR)
Source Routing
Routing tables contain entire routes rather than next hops
Each data packet contains the address of each node along thepath from source to destination
Route Discovery
Same process used by AODV, except:
Each node that forwards a RREQ adds its address to the header
Addresses from header of RREQ are reversed to create a RREP
Same Route Maintenance process used by AODV
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
MANET Routing Weaknesses
Assumption
Nodes participating in above protocols are non-malicious
This doesn’t hold true in real networks, particularly in a wirelessenvironment
Attacks
Many attacks are possible in a wireless network, spanningmultiple network layers
We are only concerned with network layer attacks that disruptthe routing protocol in place
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
MANET Routing Weaknesses
Assumption
Nodes participating in above protocols are non-malicious
This doesn’t hold true in real networks, particularly in a wirelessenvironment
Attacks
Many attacks are possible in a wireless network, spanningmultiple network layers
We are only concerned with network layer attacks that disruptthe routing protocol in place
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Typical Routing Attacks
Attacks We Will Study
Replay Attack
Denial of Service Attack
Blackhole Attack
Wormhole Attack
Blackmail Attack
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Replay Attack
Goal
Various, disrupt normal route formation
Methods
Replay stale routing packets
Deploy against poorly designed cryptographic routing solutions
Typically easy to prevent
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Replay Attack
Goal
Various, disrupt normal route formation
Methods
Replay stale routing packets
Deploy against poorly designed cryptographic routing solutions
Typically easy to prevent
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Replay Attack
Goal
Various, disrupt normal route formation
Methods
Replay stale routing packets
Deploy against poorly designed cryptographic routing solutions
Typically easy to prevent
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Denial of Service Attack
Broad category of attacks that can be implemented in many ways
Goal
Disrupt normal routing operation in network
Methods
Flood network with bogus route creation packets to preventlegitimate route establishment
Modify routing messages to direct traffic away from destination,or down a non-existent path
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Denial of Service Attack
Broad category of attacks that can be implemented in many ways
Goal
Disrupt normal routing operation in network
Methods
Flood network with bogus route creation packets to preventlegitimate route establishment
Modify routing messages to direct traffic away from destination,or down a non-existent path
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Denial of Service Attack
Broad category of attacks that can be implemented in many ways
Goal
Disrupt normal routing operation in network
Methods
Flood network with bogus route creation packets to preventlegitimate route establishment
Modify routing messages to direct traffic away from destination,or down a non-existent path
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Blackhole Attack
Goal
Disrupt service and possibly eavesdrop on other nodes
Method
A malicious node falsely advertises itself as the shortest route toa destination
All traffic to this destination will get routed to the maliciousnode who will do one of the following:
Drop all traffic (Denial of Service)Statistically or selectively drop traffic (Greyhole Attack)Eavesdrop on traffic it otherwise couldn’t overhear
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Blackhole Attack
Goal
Disrupt service and possibly eavesdrop on other nodes
Method
A malicious node falsely advertises itself as the shortest route toa destination
All traffic to this destination will get routed to the maliciousnode who will do one of the following:
Drop all traffic (Denial of Service)Statistically or selectively drop traffic (Greyhole Attack)Eavesdrop on traffic it otherwise couldn’t overhear
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Wormhole Attack
Goal
Various, Disrupt service, eavesdrop, data modification . . .
Method
Two colluding nodes share a private communication link
Traffic received from one node is tunneled to the other to beretransmitted
Figure: Wormhole between colluding nodes A and B
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Wormhole Attack
Goal
Various, Disrupt service, eavesdrop, data modification . . .
Method
Two colluding nodes share a private communication link
Traffic received from one node is tunneled to the other to beretransmitted
Figure: Wormhole between colluding nodes A and B
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Wormhole Attack
Goal
Various, Disrupt service, eavesdrop, data modification . . .
Method
Two colluding nodes share a private communication link
Traffic received from one node is tunneled to the other to beretransmitted
Figure: Wormhole between colluding nodes A and B
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Blackmail Attack
Applies to protocols which attempt to isolate malicious nodes
Goal
Isolate a legitimate node from the network
Method
Fabricate a misbehavior report targeted at a legitimate node
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Replay Attack
Dos
Blackhole
Wormhole
Blackmail
Prevention /Detection
References
Blackmail Attack
Applies to protocols which attempt to isolate malicious nodes
Goal
Isolate a legitimate node from the network
Method
Fabricate a misbehavior report targeted at a legitimate node
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Prevention/Detection of Routing Attacks
Many proposed solutions to secure routing from the above attacks
Categories of Solutions
Cryptographic Based Solutions: use symmetric cryptography,asymmetric cryptography, hashes to secure protocols
Protocol Extensions: mechanisms for preventing/detecting aset of attacks that are not bound to a specific protocol
Reputation Based Solutions: focus on identification andisolation of malicious nodes by some form of monitoring
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Prevention/Detection of Routing Attacks
Many proposed solutions to secure routing from the above attacks
Categories of Solutions
Cryptographic Based Solutions: use symmetric cryptography,asymmetric cryptography, hashes to secure protocols
Protocol Extensions: mechanisms for preventing/detecting aset of attacks that are not bound to a specific protocol
Reputation Based Solutions: focus on identification andisolation of malicious nodes by some form of monitoring
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Prevention/Detection of Routing Attacks
Many proposed solutions to secure routing from the above attacks
Categories of Solutions
Cryptographic Based Solutions: use symmetric cryptography,asymmetric cryptography, hashes to secure protocols
Protocol Extensions: mechanisms for preventing/detecting aset of attacks that are not bound to a specific protocol
Reputation Based Solutions: focus on identification andisolation of malicious nodes by some form of monitoring
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Cryptographic Based Solutions
Assumptions
Asymmetric Cryptographic Solutions
Typically rely on trusted Certification Authority (CA)
Symmetric Cryptographic Solutions
Require secret key establishment either through a KeyDistribution Center (KDC) or pre-configuring
Attacks Typically Prevented or Detected
Replay Attack
Some forms of Denial of Service
Blackhole
Blackmail
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Cryptographic Based Solutions
Assumptions
Asymmetric Cryptographic Solutions
Typically rely on trusted Certification Authority (CA)
Symmetric Cryptographic Solutions
Require secret key establishment either through a KeyDistribution Center (KDC) or pre-configuring
Attacks Typically Prevented or Detected
Replay Attack
Some forms of Denial of Service
Blackhole
Blackmail
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Cryptographic Based Solutions
Assumptions
Asymmetric Cryptographic Solutions
Typically rely on trusted Certification Authority (CA)
Symmetric Cryptographic Solutions
Require secret key establishment either through a KeyDistribution Center (KDC) or pre-configuring
Attacks Typically Prevented or Detected
Replay Attack
Some forms of Denial of Service
Blackhole
Blackmail
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Ariadne
Key Features
Based on the DSR protocol
Requires time synchronization between network nodes
Configurable to use either symmetric or asymmetriccryptography for authentication
Uses Message Authentication Codes (MACs) to ensure validityof routing information
Basic Operation
MACs are computed over RREQs and RREPs at each hop andadded to header with path information
This enables detection of modifications and deletions to theroute
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Ariadne
Key Features
Based on the DSR protocol
Requires time synchronization between network nodes
Configurable to use either symmetric or asymmetriccryptography for authentication
Uses Message Authentication Codes (MACs) to ensure validityof routing information
Basic Operation
MACs are computed over RREQs and RREPs at each hop andadded to header with path information
This enables detection of modifications and deletions to theroute
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Ariadne
Key Features
Based on the DSR protocol
Requires time synchronization between network nodes
Configurable to use either symmetric or asymmetriccryptography for authentication
Uses Message Authentication Codes (MACs) to ensure validityof routing information
Basic Operation
MACs are computed over RREQs and RREPs at each hop andadded to header with path information
This enables detection of modifications and deletions to theroute
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Ariadne
Key Features
Based on the DSR protocol
Requires time synchronization between network nodes
Configurable to use either symmetric or asymmetriccryptography for authentication
Uses Message Authentication Codes (MACs) to ensure validityof routing information
Basic Operation
MACs are computed over RREQs and RREPs at each hop andadded to header with path information
This enables detection of modifications and deletions to theroute
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Protocol Extensions
This category contains mechanisms to detect specific types ofmisbehavior not addressed by cryptographic security solutions
Can be incorporated into existing routing protocols
Watchdog and Pathrater
Most security solutions can authenticate validity of routinginformation, but not detect packet forwarding compliance
Provides a means of monitoring neighboring nodes’ compliancewith protocol
Packet Leashes
First available defense against the wormhole attack
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Protocol Extensions
This category contains mechanisms to detect specific types ofmisbehavior not addressed by cryptographic security solutions
Can be incorporated into existing routing protocols
Watchdog and Pathrater
Most security solutions can authenticate validity of routinginformation, but not detect packet forwarding compliance
Provides a means of monitoring neighboring nodes’ compliancewith protocol
Packet Leashes
First available defense against the wormhole attack
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Protocol Extensions
This category contains mechanisms to detect specific types ofmisbehavior not addressed by cryptographic security solutions
Can be incorporated into existing routing protocols
Watchdog and Pathrater
Most security solutions can authenticate validity of routinginformation, but not detect packet forwarding compliance
Provides a means of monitoring neighboring nodes’ compliancewith protocol
Packet Leashes
First available defense against the wormhole attack
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Watchdog and Pathrater
Originally specified as an extension to DSR, but basic idea can beapplied to other protocols
Requirements/Assumptions
All nodes have wireless hardware that supports listening inpromiscuous mode
No collusion between malicious nodes
Components
The Watchdog
Responsible for monitoring neighboring nodes’ transmissions toensure forwarding compliance
The Pathrater
Selects the best path to use based on results of the watchdog
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Watchdog and Pathrater
Originally specified as an extension to DSR, but basic idea can beapplied to other protocols
Requirements/Assumptions
All nodes have wireless hardware that supports listening inpromiscuous mode
No collusion between malicious nodes
Components
The Watchdog
Responsible for monitoring neighboring nodes’ transmissions toensure forwarding compliance
The Pathrater
Selects the best path to use based on results of the watchdog
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
The Watchdog
Each node in the network performs the following:
Neighbor Monitoring
Every time a packet is forwarded, it is buffered
Neighbors’ transmissions are monitored in promiscuous mode
If a neighbor fails to forward the buffered packet within atimeout, failure rating is incremented
If no encryption is used the packet’s content can also be verified
Failure Ratings
Failure ratings are kept for each neighbor
When failure rating surpasses a threshold, that node is flaggedfor misbehavior and the source is notified
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
The Watchdog
Each node in the network performs the following:
Neighbor Monitoring
Every time a packet is forwarded, it is buffered
Neighbors’ transmissions are monitored in promiscuous mode
If a neighbor fails to forward the buffered packet within atimeout, failure rating is incremented
If no encryption is used the packet’s content can also be verified
Failure Ratings
Failure ratings are kept for each neighbor
When failure rating surpasses a threshold, that node is flaggedfor misbehavior and the source is notified
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
The Watchdog
Each node in the network performs the following:
Neighbor Monitoring
Every time a packet is forwarded, it is buffered
Neighbors’ transmissions are monitored in promiscuous mode
If a neighbor fails to forward the buffered packet within atimeout, failure rating is incremented
If no encryption is used the packet’s content can also be verified
Failure Ratings
Failure ratings are kept for each neighbor
When failure rating surpasses a threshold, that node is flaggedfor misbehavior and the source is notified
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
The Watchdog
Each node in the network performs the following:
Neighbor Monitoring
Every time a packet is forwarded, it is buffered
Neighbors’ transmissions are monitored in promiscuous mode
If a neighbor fails to forward the buffered packet within atimeout, failure rating is incremented
If no encryption is used the packet’s content can also be verified
Failure Ratings
Failure ratings are kept for each neighbor
When failure rating surpasses a threshold, that node is flaggedfor misbehavior and the source is notified
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
The Watchdog
Each node in the network performs the following:
Neighbor Monitoring
Every time a packet is forwarded, it is buffered
Neighbors’ transmissions are monitored in promiscuous mode
If a neighbor fails to forward the buffered packet within atimeout, failure rating is incremented
If no encryption is used the packet’s content can also be verified
Failure Ratings
Failure ratings are kept for each neighbor
When failure rating surpasses a threshold, that node is flaggedfor misbehavior and the source is notified
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
The Pathrater
Function
Calculate the best route to a destination
Route ratings are calculated by averaging the ratings of eachnode in the route
Node Ratings
Ratings are assigned to every node on every path in the routingcache (Source Routing)
Initial rating of 1.0 for self and 0.5 for everyone else
Rating of nodes on active paths are incremented by 0.01periodically (max: 0.8)
Ratings are decremented by 0.05 when link failure detectedthrough RERR (min: 0.0)
If a node is flagged for misbehavior, −100 is assigned
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
The Pathrater
Function
Calculate the best route to a destination
Route ratings are calculated by averaging the ratings of eachnode in the route
Node Ratings
Ratings are assigned to every node on every path in the routingcache (Source Routing)
Initial rating of 1.0 for self and 0.5 for everyone else
Rating of nodes on active paths are incremented by 0.01periodically (max: 0.8)
Ratings are decremented by 0.05 when link failure detectedthrough RERR (min: 0.0)
If a node is flagged for misbehavior, −100 is assigned
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
The Pathrater
Function
Calculate the best route to a destination
Route ratings are calculated by averaging the ratings of eachnode in the route
Node Ratings
Ratings are assigned to every node on every path in the routingcache (Source Routing)
Initial rating of 1.0 for self and 0.5 for everyone else
Rating of nodes on active paths are incremented by 0.01periodically (max: 0.8)
Ratings are decremented by 0.05 when link failure detectedthrough RERR (min: 0.0)
If a node is flagged for misbehavior, −100 is assigned
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
The Pathrater
Function
Calculate the best route to a destination
Route ratings are calculated by averaging the ratings of eachnode in the route
Node Ratings
Ratings are assigned to every node on every path in the routingcache (Source Routing)
Initial rating of 1.0 for self and 0.5 for everyone else
Rating of nodes on active paths are incremented by 0.01periodically (max: 0.8)
Ratings are decremented by 0.05 when link failure detectedthrough RERR (min: 0.0)
If a node is flagged for misbehavior, −100 is assigned
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
The Pathrater
Function
Calculate the best route to a destination
Route ratings are calculated by averaging the ratings of eachnode in the route
Node Ratings
Ratings are assigned to every node on every path in the routingcache (Source Routing)
Initial rating of 1.0 for self and 0.5 for everyone else
Rating of nodes on active paths are incremented by 0.01periodically (max: 0.8)
Ratings are decremented by 0.05 when link failure detectedthrough RERR (min: 0.0)
If a node is flagged for misbehavior, −100 is assigned
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Watchdog and Pathrater Utility
Advantages
Detects presence of malicious nodes and routes traffic aroundthem resulting in
Increased network goodput
Disadvantages
Vulnerable to the Blackmail attack
Actually awards the attacker!
Avoids routing traffic through attackerContinues to route packets for the attacker
Clearly some improvement is needed to punish the attacker
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Watchdog and Pathrater Utility
Advantages
Detects presence of malicious nodes and routes traffic aroundthem resulting in
Increased network goodput
Disadvantages
Vulnerable to the Blackmail attack
Actually awards the attacker!
Avoids routing traffic through attackerContinues to route packets for the attacker
Clearly some improvement is needed to punish the attacker
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Watchdog and Pathrater Utility
Advantages
Detects presence of malicious nodes and routes traffic aroundthem resulting in
Increased network goodput
Disadvantages
Vulnerable to the Blackmail attack
Actually awards the attacker!
Avoids routing traffic through attackerContinues to route packets for the attacker
Clearly some improvement is needed to punish the attacker
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Watchdog and Pathrater Utility
Advantages
Detects presence of malicious nodes and routes traffic aroundthem resulting in
Increased network goodput
Disadvantages
Vulnerable to the Blackmail attack
Actually awards the attacker!
Avoids routing traffic through attackerContinues to route packets for the attacker
Clearly some improvement is needed to punish the attacker
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Packet Leashes
Not a standalone protocol, but can be added to any existing one
Purpose
Detection of wormholes in the network
Two Types of Leashes
Geographical Leash: places an upper bound on the distancetraveled by a packet
Temporal Leash: places an upper bound on packet lifetime
Requirements
Nodes knowledge of location, e.g. through GPS, or
Extremely precise time synchronization between nodes
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Packet Leashes
Not a standalone protocol, but can be added to any existing one
Purpose
Detection of wormholes in the network
Two Types of Leashes
Geographical Leash: places an upper bound on the distancetraveled by a packet
Temporal Leash: places an upper bound on packet lifetime
Requirements
Nodes knowledge of location, e.g. through GPS, or
Extremely precise time synchronization between nodes
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Packet Leashes
Not a standalone protocol, but can be added to any existing one
Purpose
Detection of wormholes in the network
Two Types of Leashes
Geographical Leash: places an upper bound on the distancetraveled by a packet
Temporal Leash: places an upper bound on packet lifetime
Requirements
Nodes knowledge of location, e.g. through GPS, or
Extremely precise time synchronization between nodes
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Geographical Leashes
Nodes must know location and have loosely synchronized clocks
When sending a packet nodes will add their location (ps) andthe time sent (ts) to the header
When receiving a packet nodes record their location (pr ) andtime received (tr )
Upper bounds are placed on:
maximum clock skew (∆)maximum node velocity (v)maximum error in position (δ)
Distance between sender and receiver (dsr ) is calculated as:
dsr ≤ ‖ ps − pr ‖ +2v · (tr − ts + ∆) + δ
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Geographical Leashes
Nodes must know location and have loosely synchronized clocks
When sending a packet nodes will add their location (ps) andthe time sent (ts) to the header
When receiving a packet nodes record their location (pr ) andtime received (tr )
Upper bounds are placed on:
maximum clock skew (∆)maximum node velocity (v)maximum error in position (δ)
Distance between sender and receiver (dsr ) is calculated as:
dsr ≤ ‖ ps − pr ‖ +2v · (tr − ts + ∆) + δ
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Geographical Leashes
Nodes must know location and have loosely synchronized clocks
When sending a packet nodes will add their location (ps) andthe time sent (ts) to the header
When receiving a packet nodes record their location (pr ) andtime received (tr )
Upper bounds are placed on:
maximum clock skew (∆)maximum node velocity (v)maximum error in position (δ)
Distance between sender and receiver (dsr ) is calculated as:
dsr ≤ ‖ ps − pr ‖ +2v · (tr − ts + ∆) + δ
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Geographical Leashes
Nodes must know location and have loosely synchronized clocks
When sending a packet nodes will add their location (ps) andthe time sent (ts) to the header
When receiving a packet nodes record their location (pr ) andtime received (tr )
Upper bounds are placed on:
maximum clock skew (∆)maximum node velocity (v)maximum error in position (δ)
Distance between sender and receiver (dsr ) is calculated as:
dsr ≤ ‖ ps − pr ‖ +2v · (tr − ts + ∆) + δ
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Temporal Leashes
Nodes must have tightly synchronized clocks (few microsecondsto fractions of a nanosecond)
Nodes add time sent (ts) to the header of transmitted packets
Nodes record time received (tr ) for incoming packets
Upper bound is placed on the clock skew (∆)
Distance between sender and receiver (dsr ) is calculated as:
dsr ≤ c · (tr − ts + ∆)
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Temporal Leashes
Nodes must have tightly synchronized clocks (few microsecondsto fractions of a nanosecond)
Nodes add time sent (ts) to the header of transmitted packets
Nodes record time received (tr ) for incoming packets
Upper bound is placed on the clock skew (∆)
Distance between sender and receiver (dsr ) is calculated as:
dsr ≤ c · (tr − ts + ∆)
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Temporal Leashes
Nodes must have tightly synchronized clocks (few microsecondsto fractions of a nanosecond)
Nodes add time sent (ts) to the header of transmitted packets
Nodes record time received (tr ) for incoming packets
Upper bound is placed on the clock skew (∆)
Distance between sender and receiver (dsr ) is calculated as:
dsr ≤ c · (tr − ts + ∆)
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Packet Leash Utility
Advantage
Can detect wormholes in network under most circumstances
Disadvantages
Special hardware requirements of nodes
Authentication mechanism needed to prevent modification ofheader fields
Can fail to detect wormhole in certain situations (When?)
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Packet Leash Utility
Advantage
Can detect wormholes in network under most circumstances
Disadvantages
Special hardware requirements of nodes
Authentication mechanism needed to prevent modification ofheader fields
Can fail to detect wormhole in certain situations (When?)
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Trusted AODV (TAODV)
Overview
Adds a trust model to AODV protocol
Includes cryptographic security extensions to AODV to be usedduring trust establishment phase
Features
Nodes use trust model to determine routing behavior
Malicious nodes will be detected and isolated
Performance improvement compared to strictly cryptographicsecurity solutions
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
Trusted AODV (TAODV)
Overview
Adds a trust model to AODV protocol
Includes cryptographic security extensions to AODV to be usedduring trust establishment phase
Features
Nodes use trust model to determine routing behavior
Malicious nodes will be detected and isolated
Performance improvement compared to strictly cryptographicsecurity solutions
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Framework
Three Main Components
Trust Model
A node’s opinion of another node changes based on experienceDetermines which routing protocol to use
Base AODV routing protocol with security extensions
Uses cryptographic primitives like Ariadne to secure routingUsed when opinions are uncertain
Trusted AODV routing protocol
Uses trust model to determine routing decisionsUsed once opinions have been established
Opinions are constantly being updated by routing protocols
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Framework
Three Main Components
Trust Model
A node’s opinion of another node changes based on experienceDetermines which routing protocol to use
Base AODV routing protocol with security extensions
Uses cryptographic primitives like Ariadne to secure routingUsed when opinions are uncertain
Trusted AODV routing protocol
Uses trust model to determine routing decisionsUsed once opinions have been established
Opinions are constantly being updated by routing protocols
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Framework
Three Main Components
Trust Model
A node’s opinion of another node changes based on experienceDetermines which routing protocol to use
Base AODV routing protocol with security extensions
Uses cryptographic primitives like Ariadne to secure routingUsed when opinions are uncertain
Trusted AODV routing protocol
Uses trust model to determine routing decisionsUsed once opinions have been established
Opinions are constantly being updated by routing protocols
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Framework
Three Main Components
Trust Model
A node’s opinion of another node changes based on experienceDetermines which routing protocol to use
Base AODV routing protocol with security extensions
Uses cryptographic primitives like Ariadne to secure routingUsed when opinions are uncertain
Trusted AODV routing protocol
Uses trust model to determine routing decisionsUsed once opinions have been established
Opinions are constantly being updated by routing protocols
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Framework
Three Main Components
Trust Model
A node’s opinion of another node changes based on experienceDetermines which routing protocol to use
Base AODV routing protocol with security extensions
Uses cryptographic primitives like Ariadne to secure routingUsed when opinions are uncertain
Trusted AODV routing protocol
Uses trust model to determine routing decisionsUsed once opinions have been established
Opinions are constantly being updated by routing protocols
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Trust Model
Trust Representation
Nodes store an opinion about each other node in routing table
Opinion value is derived from positive (p) and negative (n)experiences with that node
Opinion Definition
opinion is a triple consisting of (belief, disbelief, uncertainty)
Let ωAB = (bA
B , dAB , u
AB) represent node A’s opinion toward B
ωAB must satisfy bA
B + dAB + uA
B = 1
Node A will initialize ωAB = (0, 0, 1) upon first encounter of B
Experiences
p initialized to 0, incremented with every positive interaction
n initialized to 0, incremented with every negative interaction
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Trust Model
Trust Representation
Nodes store an opinion about each other node in routing table
Opinion value is derived from positive (p) and negative (n)experiences with that node
Opinion Definition
opinion is a triple consisting of (belief, disbelief, uncertainty)
Let ωAB = (bA
B , dAB , u
AB) represent node A’s opinion toward B
ωAB must satisfy bA
B + dAB + uA
B = 1
Node A will initialize ωAB = (0, 0, 1) upon first encounter of B
Experiences
p initialized to 0, incremented with every positive interaction
n initialized to 0, incremented with every negative interaction
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Trust Model
Trust Representation
Nodes store an opinion about each other node in routing table
Opinion value is derived from positive (p) and negative (n)experiences with that node
Opinion Definition
opinion is a triple consisting of (belief, disbelief, uncertainty)
Let ωAB = (bA
B , dAB , u
AB) represent node A’s opinion toward B
ωAB must satisfy bA
B + dAB + uA
B = 1
Node A will initialize ωAB = (0, 0, 1) upon first encounter of B
Experiences
p initialized to 0, incremented with every positive interaction
n initialized to 0, incremented with every negative interaction
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Trust Model
Trust Representation
Nodes store an opinion about each other node in routing table
Opinion value is derived from positive (p) and negative (n)experiences with that node
Opinion Definition
opinion is a triple consisting of (belief, disbelief, uncertainty)
Let ωAB = (bA
B , dAB , u
AB) represent node A’s opinion toward B
ωAB must satisfy bA
B + dAB + uA
B = 1
Node A will initialize ωAB = (0, 0, 1) upon first encounter of B
Experiences
p initialized to 0, incremented with every positive interaction
n initialized to 0, incremented with every negative interaction
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Trust Model
Trust Representation
Nodes store an opinion about each other node in routing table
Opinion value is derived from positive (p) and negative (n)experiences with that node
Opinion Definition
opinion is a triple consisting of (belief, disbelief, uncertainty)
Let ωAB = (bA
B , dAB , u
AB) represent node A’s opinion toward B
ωAB must satisfy bA
B + dAB + uA
B = 1
Node A will initialize ωAB = (0, 0, 1) upon first encounter of B
Experiences
p initialized to 0, incremented with every positive interaction
n initialized to 0, incremented with every negative interaction
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Trust Model
Trust Representation
Nodes store an opinion about each other node in routing table
Opinion value is derived from positive (p) and negative (n)experiences with that node
Opinion Definition
opinion is a triple consisting of (belief, disbelief, uncertainty)
Let ωAB = (bA
B , dAB , u
AB) represent node A’s opinion toward B
ωAB must satisfy bA
B + dAB + uA
B = 1
Node A will initialize ωAB = (0, 0, 1) upon first encounter of B
Experiences
p initialized to 0, incremented with every positive interaction
n initialized to 0, incremented with every negative interaction
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Opinion Calculations
Calculating Opinion From Experience
ωAB(p, n) =
bA
B = p(p+n+2)
dAB = n
(p+n+2)
uAB = 2
(p+n+2)
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Routing Operations
Routing Table Additions
Positive Interactions
Negative Interactions
Opinion Triple
Re-calculated any time interaction quantities change
Trust Judging Rules
if bAB > 0.5 then A trusts and will route for B
if dAB > 0.5 then A does not trust and refuses route for B
if uAB > 0.5 then A uses secure AODV routing with B
if bAB , d
AB , u
AB < 0.5 then A uses secure AODV routing with B
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Routing Operations
Routing Table Additions
Positive Interactions
Negative Interactions
Opinion Triple
Re-calculated any time interaction quantities change
Trust Judging Rules
if bAB > 0.5 then A trusts and will route for B
if dAB > 0.5 then A does not trust and refuses route for B
if uAB > 0.5 then A uses secure AODV routing with B
if bAB , d
AB , u
AB < 0.5 then A uses secure AODV routing with B
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Routing Operations
Routing Table Additions
Positive Interactions
Negative Interactions
Opinion Triple
Re-calculated any time interaction quantities change
Trust Judging Rules
if bAB > 0.5 then A trusts and will route for B
if dAB > 0.5 then A does not trust and refuses route for B
if uAB > 0.5 then A uses secure AODV routing with B
if bAB , d
AB , u
AB < 0.5 then A uses secure AODV routing with B
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Routing Operations
Routing Table Additions
Positive Interactions
Negative Interactions
Opinion Triple
Re-calculated any time interaction quantities change
Trust Judging Rules
if bAB > 0.5 then A trusts and will route for B
if dAB > 0.5 then A does not trust and refuses route for B
if uAB > 0.5 then A uses secure AODV routing with B
if bAB , d
AB , u
AB < 0.5 then A uses secure AODV routing with B
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Routing Operations
Routing Table Additions
Positive Interactions
Negative Interactions
Opinion Triple
Re-calculated any time interaction quantities change
Trust Judging Rules
if bAB > 0.5 then A trusts and will route for B
if dAB > 0.5 then A does not trust and refuses route for B
if uAB > 0.5 then A uses secure AODV routing with B
if bAB , d
AB , u
AB < 0.5 then A uses secure AODV routing with B
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Trust Recommendation
Exchanging Opinions
Nodes can send a Trust Request Message (TREQ) to neighborsto get their opinions of a node
Neighbors send opinions back in Trust Reply Messages (TREP)
When a node believes another node to be malicious, itbroadcasts a Trust Warning Message (TWARN)
In all cases multiple opinions are combined with the formulas onthe following slide
Useful For . . .
Checking neighbors opinions before banishing a node fromnetwork
Node mobility, neighbors might gain experience with a node first
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Trust Recommendation
Exchanging Opinions
Nodes can send a Trust Request Message (TREQ) to neighborsto get their opinions of a node
Neighbors send opinions back in Trust Reply Messages (TREP)
When a node believes another node to be malicious, itbroadcasts a Trust Warning Message (TWARN)
In all cases multiple opinions are combined with the formulas onthe following slide
Useful For . . .
Checking neighbors opinions before banishing a node fromnetwork
Node mobility, neighbors might gain experience with a node first
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Trust Recommendation
Exchanging Opinions
Nodes can send a Trust Request Message (TREQ) to neighborsto get their opinions of a node
Neighbors send opinions back in Trust Reply Messages (TREP)
When a node believes another node to be malicious, itbroadcasts a Trust Warning Message (TWARN)
In all cases multiple opinions are combined with the formulas onthe following slide
Useful For . . .
Checking neighbors opinions before banishing a node fromnetwork
Node mobility, neighbors might gain experience with a node first
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Trust Recommendation
Exchanging Opinions
Nodes can send a Trust Request Message (TREQ) to neighborsto get their opinions of a node
Neighbors send opinions back in Trust Reply Messages (TREP)
When a node believes another node to be malicious, itbroadcasts a Trust Warning Message (TWARN)
In all cases multiple opinions are combined with the formulas onthe following slide
Useful For . . .
Checking neighbors opinions before banishing a node fromnetwork
Node mobility, neighbors might gain experience with a node first
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Opinion Combinations
Discounting Combination
ωAB ⊗ ωB
C ⇒ ωABC
ωABC =
bABC = bA
B ·bBC
dABC = bA
B ·dBC
uABC = dA
B + uAB + bA
B ·uBC
Consensus Combination
ωAC ⊕ ωB
C ⇒ ωA,BC
ωA,BC =
bA,B
C = (bAC ·uB
C + bBC ·uA
C )/k
dA,BC = (dA
C ·uBC + dB
C ·uAC )/k
uA,BC = (uA
C ·uBC )/k
where k = uAC + uB
C − 2·uAC ·uB
C
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Opinion Combinations
Discounting Combination
ωAB ⊗ ωB
C ⇒ ωABC
ωABC =
bABC = bA
B ·bBC
dABC = bA
B ·dBC
uABC = dA
B + uAB + bA
B ·uBC
Consensus Combination
ωAC ⊕ ωB
C ⇒ ωA,BC
ωA,BC =
bA,B
C = (bAC ·uB
C + bBC ·uA
C )/k
dA,BC = (dA
C ·uBC + dB
C ·uAC )/k
uA,BC = (uA
C ·uBC )/k
where k = uAC + uB
C − 2·uAC ·uB
C
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Utility
Advantages
Less overhead than purely cryptographic solutions without lossof security
Enables nodes to collaborate on opinions (prevents blackmail)
Increases flexibility in routing decisions
Isolates malicious nodes from network
A malicious node turned good will eventually be allowed back into start over
Disadvantages
Unable to detect a wormhole attack
Slightly more memory overhead
Others?
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
Cryptographic
Ariadne
Extensions
W and P
Packet Leashes
Trust Based
TAODV
References
TAODV Utility
Advantages
Less overhead than purely cryptographic solutions without lossof security
Enables nodes to collaborate on opinions (prevents blackmail)
Increases flexibility in routing decisions
Isolates malicious nodes from network
A malicious node turned good will eventually be allowed back into start over
Disadvantages
Unable to detect a wormhole attack
Slightly more memory overhead
Others?
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
References
References
Yih-Chun Hu David B. Johnson Adrian Perrig, Ariadne: A secureon-demand routing protocol for ad-hoc networks, MobiCom(2002).
Yih-Chun Hu David B. Johnson Adrian Perrig, Packet leashes: Adefense against wormhole attacks in wireless networks,INFOCOM 3 (2003), 1976–1986.
Xiaoqi Li Jiangchuan Liu Michael R. Lyu, A trust model basedrouting protocol for secure ad hoc networks, IEEE AerospaceConference Proceedings (2004), 1286–1295.
Donal O’Mahony Patroklos G. Argyroudis, Secure routing formobile ad hoc networks, IEEE Communications Surveys 7(2005).
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
References
References
Manimegalai. D Vasantha. V, Mitigating routing misbehaviorsusing subjective trust model in mobile ad hoc networks,International Conference on Computational Intelligence andMultimedia Applications (2007), 417–422.
Gergely Acs Levente Buttyan Istvan Vajda, Provably secureon-demand source routing in mobile ad hoc networks, IEEETransactions on Mobile Computing 5 (2006), 1533–1546.
Charles E. Perkins Elizabeth M. Royer, Ad-hoc on-demanddistance vector routing, IEEE Workshop on Mobile ComputingSystems and Applications Proceedings (1999), 90–101.
David B. Johnson David A. Maltz, Dynamic source routing in adhoc wireless networks, (1996).
Network LayerMisbehavior
Matt Liss
Outline
Introduction
MANET Routing
Routing Attacks
Prevention /Detection
References
Questions, Comments