Security of wireless ad-hoc networks

Outline

• Properties of Ad-Hoc network• Security Challenges• MANET vs. Traditional Routing• Why traditional routing protocols not

suitable for MANET networks?• Routing protocols for MANET• Nodes misbehave• Routing Security Schemes

Properties of Ad-Hoc network (1)

• No fixed topology• Each node is a router• Limited energy• Limited CPU and other resources• Transient connectivity and availability• Shared physical medium• Identity different from address• Physical vulnerability• Lack of central administration

Properties of Ad-Hoc network (2)

• Where Ad hoc network – Installing an infrastructure is not possible– The network is too transient– The infrastructure was destroyed

• Throughput

Security Challenges

• Confidentiality– Encryption and access control with authentication

• Integrity– Also require cryptographic keys

• Availability• Results in two fundamental problem

– Trust establishment, key management and membership control

– Network availability and routing security

MANET vs. Traditional Routing (1)

• Every node is potentially a router in a MANET, while most nodes in traditional wired networks do not route packets

• Topologies are dynamic in MANETs due to mobile nodes, but are relatively static in traditional networks

• MANET topologies tend to have many more redundant links than traditional networks

MANET vs. Traditional Routing (2)

• A MANET router typically has a single interface, while a traditional router has an interface for each network to which it connects

• Power efficiency is an issue in MANETs, while it is normally not an issue in traditional networks

• Low bandwidth links, high bit error rates, frequent changes in network topology, battery-powered devices with limited transmitter power

Why traditional routing protocols not suitable for MANET networks?

• MANETs are usually highly dynamic.

• No pre-existing infrastructure.

• No centralized administration.

• Dynamic topologies.

• Energy-constrained nodes.

• Limited physical security.

Routing protocols for MANET

• IETF MANET working group• Categories

– Proactive=Periodic topology updates– Reactive=On-demand driven protocol– Hierarchial

• Protocols– DSR (draft), FSR, DSDV, TORA, ZRP, AODV

(RFC 3561), OLSR (RFC 3626), TBRPF (RFC 3684)

Nodes misbehave

• Overloaded

• Selfish

• Malicious

• broken

Solutions to misbehaving node

• A priori trust relationship

• Forsake or isolate these nodes form within the actual routing protocol for the network

• Install extra facilities in the network to detect and mitigate routing misbehavior

Routing Security Schemes

• Watchdog and Pathrater

• SEAD

• SRP

Watchdog and pathrater

• Two extensions to the Dynamic Source Routing (DSR) to help mitigate routing failures and attacks in ad-hoc networks

• Watchdog: identifies misbehaving nodes

• Pathrater: avoids routing packets through these nodes

DSR

• Route discovery

Source May receive many ROUTE REPLY

DSR (cont.)

• Route maintenance– Handles link breaks

A BS D

Link break notify

1. Try another path2. Do a route discovery

B moves out of transmission range of A

Link break occurred

Watchdog

Packet in buffer = packet overheard

Packet in the buffer

removed

Remained in the buffer and timeoutWatchdog increases a failure for the node

Match

Not Match

Exceeds a thresholdSends a message to the source notifying it of the misbehaving node

YesNo

Pathrater

• Run be each node in the network

• Rating for every other node

• Path metric• If multiple paths

– Highest metric

A node rates itself 1;assign know nodes a

“ neutral” rating if 0.5.

Rating >=0.8

Link breakRating -=0.05

Rating +=0.01/200ms

Yes

No

Yes

No

Watchdog’s weaknesses

• Ambiguous collisions

• Receiver collisions

• False misbehavior

• Partial dropping

Ambiguous/receiver collisions

• Ambiguous– Prevents A from

overhearing transmissions from B

– If repeatedly fails to detect B forwarding on packets, then A assume B misbehaving

• Receiver– B could be selfish or

malicious (wastes resource)

False misbehavior

• Nodes falsely report other nodes as misbehaving

A BS D

P P P

F

1. S mark B as misbehaving

AA

A

2. S wonder why received replied

1. If A drops Ack Packet

2. B detects this misbehavior and reports it to D

Partial dropping

• A node can circumvent the watchdog by dropping packets at a lower rate than the watchdog's configured minimum misbehavior threshold.

NIST BSAR

pros and cons