security in mobile ad hoc networks: challenges and solutions (ieee wireless communications 2004) hao...
TRANSCRIPT
![Page 1: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/1.jpg)
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004)Hao Yang, et al.
October 10th, 2006Jinkyu Lee
![Page 2: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/2.jpg)
2
Contents
• Introduction• Attacks• A Multi-fence Security Solution
– Network-layer security• Message authentication primitives• Secure ad hoc routing• Secure packet forwarding
– Link-layer security
• Open Challenges• Conclusions
![Page 3: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/3.jpg)
3
Introduction
• Mobile Ad Hoc Networks (MANETs)– Self-configuration– Self-maintenance
• Security Challenges– Shared medium– Resource constraints– Dynamic topology
![Page 4: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/4.jpg)
4
Introduction
• The Goal of Security for MANETs– Protection of the network connectivity between mobile nodes over
potentially multi-hop wireless channels• One-hop connectivity through link-layer protocols• Multi-hop connectivity through network-layer routing and data forward
ing protocols
• Two Approaches– Proactive– Reactive
• Network Performance V.S. Security– Scalability, service availability, and robustness
![Page 5: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/5.jpg)
5
Attacks
• Network-layer– Routing attacks
• Not to follow the specifications of the routing protocol• Example: modification of the source route listed in the RREQ or RRE
P (DSR), advertising a route with a smaller distance metric than its actual distance to destination (AODV)
• Goal: attraction of traffic toward certain destinations, generation of routing loops, or introduction of sever network congestion and channel contention
– Packet forwarding attacks• Not to forward packets properly• Example: drop the packets, modify the contents, duplicate the packe
ts, denial-of-service (DoS)
![Page 6: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/6.jpg)
6
Attacks
• Link-layer– WEP (Wired Equivalent Privacy)
• Cryptography attacks– DoS attacks
• Control of backoff value • Data corruption using NAV and interfering victim’s link-layer frame
![Page 7: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/7.jpg)
7
Multi-fence Security Solution
• Multi-fence Security Solution should …– Spread across many individual components– Span different layers– Thwart threats from both outsiders and insiders– Encompass prevention, detection, and reaction– Be practical and affordable
Network-layer security solutions
Link-layer security solutions
Secure ad hoc routing
Proactive protection through message authentication primitives
Secure packet forwarding
Reactive protection through detection and reaction
Source routing
Link state routing
Distance vector routing
Misbehavior detection
Misbehavior reaction
Secure wireless MAC
Reactive protection through detection and reaction
Next-generation WEP
Modification to existing protocol to fix the cryptographic loopholes
![Page 8: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/8.jpg)
8
A Multi-fence Security Solution - Network Layer Security
• Message Authentication Primitives– HMAC – Digital signature– One-way HMAC key chain
• Secure Ad Hoc Routing– Source routing– Distance vector routing– Link state routing– Other routing protocols
• Secure Packet Forwarding– Detection– Reaction
![Page 9: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/9.jpg)
9
A Multi-fence Security Solution - Network Layer Security
• Message Authentication Primitives– HMAC (Message authentication codes)
• Symmetric key• Cryptographic one-way hash function• Verified only by the intended receiver• Efficient computation• n (n-1) / 2 keys should be maintained
![Page 10: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/10.jpg)
10
A Multi-fence Security Solution - Network Layer Security
• Message Authentication Primitives– Digital Signature
• Asymmetric key• More computation overhead in signing/decrypting and verifying/encrypting op
erations• Less resilient to DoS attacks• Verified by any node given the public key• n public/private key pairs should be maintained
![Page 11: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/11.jpg)
11
A Multi-fence Security Solution - Network Layer Security
• Message Authentication Primitives– One-way HMAC key chain
• Generated by repeated application of the one-way function• Proven to be authentic in reverse order• Lightweight computation• One authenticator can be verified by large numbers of receivers• Shortcomings
– Buffer messages– To require additional communication
![Page 12: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/12.jpg)
12
A Multi-fence Security Solution - Network Layer Security
• Secure Ad Hoc Routing• Proactive approach
– Source Routing• Goal: to prevent intermediate nodes from modifying nodes to the route• Solution: to attach a per-hop authenticator• Example: Ariadne (extension of DSR) uses a one-way HMAC key chain
![Page 13: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/13.jpg)
13
A Multi-fence Security Solution - Network Layer Security
• Secure Ad Hoc Routing– Source Routing (Ariadne)
S : pS = (RREQ, S, D), mS = HMACKSD(pS)
S-> * : (pS, mS)
A : hA = H(A, mS), pA = (RREQ, S, D, [A], hA, []), mA = HMACKA(pA)
A-> * : (pA, mA)
B : hB = H(B, hA), pB = (RREQ, S, D, [A,B], hB, [mA]), mB = HMACKB(pB)
B -> * : (pB, mB)
C : hC = H(C, hB), pC = (RREQ, S, D, [A, B, C], hC, [mA, mB]), mC = HMACKC (pC)
C -> * : (pC, mC)
D : pD = (RREP, D, S, [A, B, C], [mA, mB, mC]), mD = HMACKDS(pD)
D -> C : (pD, mD, [])
C -> B : (pD, mD, [KC])
B -> A : (pD, mD, [KC, KB])
A -> S : (pD, mD, [KC, KB, KA])
S A B C D
![Page 14: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/14.jpg)
14
A Multi-fence Security Solution - Network Layer Security
• Secure Ad Hoc Routing
– Distance Vector Routing• Goal: correct advertisement of the routing metric• Solution: to authenticate aggregation of metric
– Link State Routing• Goal: to authenticate both neighbor discovery and neighbor broadcast• Solution: links only added only if two valid LSUs (Link State Update) from bot
h nodes of the link are received• Example: SLSP (Secure Link State Routing) uses digital signatures
![Page 15: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/15.jpg)
15
A Multi-fence Security Solution - Network Layer Security
• Secure Ad Hoc Routing– Other Routing Protocols
• ARAN (Authenticated Routing for Ad hoc Networks)• To authenticate link to link by public key cryptography• Information only about the next hop
S A B C
![Page 16: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/16.jpg)
16
A Multi-fence Security Solution - Network Layer Security
• Secure Ad Hoc Routing– Other Routing Protocols
• [17]• To broadcast both ways to provide redundancy• To improve path length• More communication and less computation
![Page 17: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/17.jpg)
17
A Multi-fence Security Solution - Network Layer Security
• Secure Packet Forwarding
– Detection• Localized detection• ACK-based detection
– Reaction• Global reaction• End-host reaction
![Page 18: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/18.jpg)
18
A Multi-fence Security Solution - Link Layer Security
• IEEE 802.11 MAC– Intentionally small backoff value
• Checking deviation and penalizing
– Data corruption using NAV and interfering victim’s link-layer frame• So far, no clear solution
• IEEE 802.11 WEP– Attacks
• Message privacy and message integrity attacks• Probabilistic cipher key recovery attacks
– Enhanced in 802.11i/WPA
![Page 19: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/19.jpg)
19
Open Challenges
• Resiliency-oriented Security Solution - Feature– Bigger Problem Space
• Not only to thwart malicious attacks, but also to cope with other network faults
– Intrusion Tolerance• Robust against the breakdown of any individual fence
– Bigger Solution Space• To use other non-crypto-based schemes to ensure resiliency
– Unexpected Faults Tolerance• To enhance redundancy
![Page 20: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/20.jpg)
20
Open Challenges
• Open Challenges– To build efficient fence considering each device’s
resource constraint– To identify system principles of how to build a new
generation of network protocols– To evaluate the security design
![Page 21: Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee](https://reader033.vdocuments.mx/reader033/viewer/2022051516/56649f515503460f94c745ef/html5/thumbnails/21.jpg)
21
Conclusions
• Summary of security issues in MANETs– Resiliency-oriented multi-layered solution design– Focus on network-layer security
• Many open problems related to security in MANETs