network-layer security of mobile ad hoc networks jiangyi hu advisor: dr. mike burmester

Network-layer Security of Mobile Ad Network-layer Security of Mobile Ad hoc Networkshoc Networks

Jiangyi Hu

Advisor: Dr. Mike Burmester

02/24/20042Network layer security of Manets

OutlineOutline

Introduction

Secure routing

Existing routing protocols

Routing attacks

Secure routing protocols

Cooperation enforcement

Solutions to enforce cooperation


IntroductionIntroduction

Example of Mobile Ad hoc networks

A B

D

C

E

F



Characteristics of Manet:

Wireless connection, broadcasting

Dynamic topology

Unfriendly environment

Limited resource



AdvantageEase of deployment

Fast to deploy

Decreased dependence on infrastructure

Application of Manetemergency deployments

search and rescue missions

military operations

commercial applications



VulnerabilitiesThe basic mechanism

The security mechanism

Security goalsAvailability

Confidentiality

Integrity

Authentication

Non-repudiation


Secure routingSecure routing

Existing routing protocols

Security threats for routing

Secure routing protocols


Existing routing protocolsExisting routing protocols

Table driven routingDSDV (destination sequenced distance vector)

CGSR (Clusterhead Gateway Switch Routing)

WRP (Wireless Routing Protocol)

On demand routingDSR (dynamic source routing)

AODV (ad-hoc on-demand distance vector)

TORA (Temporally Ordered Routing Algorithm)


DSRDSR

Dynamic source routing

Route discovery/Route maintenance

Every packet have the entire route


DSRDSR

S

S

S-A

S-C

S-C-E

S-C-E

S-C-E

S-A-B

S-A-B-DS-A-B-D

S-A-B-D

S-C-E-F

S-C-E-H

D

H

F

E

B

A

S

C

S-A-B

S-C-E-H


AODVAODV

Ad-hoc on-demand distance vector routing

No maintenance of routing table as in DSDV

Each node remembers only the next hop for the route, not the whole route


AODVAODV

D

S

A

E

F

B

C

: Reverse path

: Forward path


Routing attacksRouting attacks

Classification:

External attack vs. Internal attack

Passive attack vs. Active attack


Routing attacksRouting attacks

Attacks for routing:Modification

Fabrication

Wormhole attack (tunneling)

Denial of service attack

Invisible node attack

The Sybil attack

Rushing attack

Non-cooperation


ModificationModification

Modify the protocol fields of control messages

Compromise the integrity of routing computation

Cause network traffic to be dropped, redirected to a different destination or take a longer route


FabricationFabrication

Generating false routing messages, e.g. routing error messages

Can cause denial-of-service

CMBS D

: Connected

: Connected through multi-hops

: Forward false error message


Wormhole attackWormhole attack

Colluding attackers uses “tunnels” between them to forward packets

Place the attacker in a very powerful position

The attackers take control of the route by claiming a shorter path


Wormhole attackWormhole attack

A

M

B

C

N

D

S

tunnel

Example of wormhole attack

……..….


Denial of service attackDenial of service attack

Adversary floods irrelevant data

Consume network bandwidth

Consume resource of a particular node


Invisible node attackInvisible node attack

Attack on DSR

Malicious does not append its IP address

M becomes “invisible” on the path

CMBS D


The Sybil attackThe Sybil attack

Represents multiple identities

Disrupt geographic and multi-path routing

M1

B

M4

M5M2

M3


Rushing attackRushing attack

Directed against on-demand routing protocols

The attacker hurries route request packet to the next node to increase the probability of being included in a route


Non-cooperation Non-cooperation

Node lack of cooperation, not participate in routing or packet forwarding

Node selfishness, save energy for itself


Secure routing protocolsSecure routing protocols

SRP (Secure Routing Protocol)

ARAN (Authenticated Routing for Ad hoc Networks)

Ariadne

SEAD (Secure Efficient Ad hoc Distance vector routing )

Cope with wormhole attack


SRPSRP

Assume a shared secret key between the source node and the destination node

Verification of the route request/reply packet using MAC (Message Authentication Code)

Identities of intermediate nodes accumulated in the route request packet


ARANARAN

Requires a trusted certification authority

Every node forwards a route request or a route reply must verify it and sign it

Asymmetric cryptography is costly in terms of CPU and energy usage


ARANARAN

Example of ARAN:

D

S B C[[RDP,IPD, CertS, NS, t]KS- , CertS ] KB- , CertB

[[RDP,IPD, CertS, NS, t]KS- , CertS ] KC- , CertC

[REP,IPS , CertD , NS , t]KD-, CertD

[[REP,IPS , CertD , NS , t]KD-, CertD ]KC- , CertC[[REP,IPS , CertD , NS , t]KD-, CertD ]KB- , CertB

[RDP,IPD, CertS, NS, t]KS- , CertS

: broadcast

: unicast


AriadneAriadne

Each node generates a one-way key chain (K0,K1,…Ki,…Kn) and publishes the keys in reverse order from generation

The sender picks Ki which will still be secret at the time the receiver receives the packet

When a receiver receives a packet, it first verifies Ki is still secret, then it buffers the packet and waits for the sender to publish key Ki

Need time synchronization


SEADSEAD

Based on Destination-Sequence Distance Vector Protocol (DSDV)

Uses one-way hash chain (h0 ,h1,…hi,…hn )

Use a hash value corresponding to the sequence number and metric in a routing update

Attacker can never forge better sequence number or better metric


Cope with wormhole attackCope with wormhole attack

Geographic leash

Ensures that the recipient of the packet is within a certain distance from the sender

Temporal leash

Ensures that the packet has an upper bound on its lifetime


Cooperation enforcementCooperation enforcement

Introduction

Solutions

Currency based

Local monitoring


Cooperation enforcementCooperation enforcement

Currency based Nuglets

Sprite

Local monitoringWatchdog and path rater

Confidant

CORE

Token-based


NugletsNuglets

Nuglets ---- a virtual currency

Packet purse model Sender pay nuglets in advance

Intermediate node takes nuglets for forwarding service

Packet trade mode Intermediate nodes “buys” the packet from the previous one and “sells” it to the next one


NugletsNuglets

Advantage Disadvantage

Packet purse model

deters nodes from sending useless data and overloading the network

difficult to estimate the number of nuglets that are required

Packet trade mode

source does not have to know in advance the number of nuglets required

can not prevent nodes from overloading the network


SpriteSprite

Uses credit to provide incentive to selfish nodes

Nodes keep receipt to get payments from the Credit Clearance Service (CCS)

Credit that a node receives depends on whether its forwarding is successful or not


Watchdog and path raterWatchdog and path rater

A node's watchdog Listens promiscuously to the next node's transmissions

If a node does not forward, it is misbehaving

The path rater choose the best path from watchdog ratings

S A B C D

: Connected

: Connected through multi-hops

: Forwarding

: Listening


ConfidantConfidant

Consists of:

Monitor

Reputation System

Path Manager

Trust Manager


ConfidantConfidant

Detects malicious nodes

by means of observation or reports about several types of attacks

Allows nodes

to route around misbehaved nodes

to isolate misbehaved nodes from the network


CORECORE

Basic components:

Reputation table

stored in each node

the reputation value of each node

Watchdog mechanism

detect misbehavior nodes


Token-basedToken-based

Each node has to have a token

Local neighbors monitor

The token is renewed via multiple neighbors

The period of validity of a node’s token is dependent on how long it has stayed and how well it has behaved


Token-basedToken-based

Composed of:

Neighbor verification

Neighbor monitoring

Intrusion reaction

Security enhanced routing protocol


SummarySummary

Introduction

Secure routingExisting routing protocols

Security attacks

Defenses

Node cooperationCurrency based

Local monitoring

Thank you!Thank you!

network-layer security of mobile ad hoc networks jiangyi hu advisor: dr. mike burmester

Documents

routing algorithm slide

sc sc

false routing messages

routing error messages

maintenance of routing

active attack slide

attack noncooperation

eh slide