1 / 22

Security in Mobile Ad Hoc Networks: Challenges and Solutions

Security in Mobile Ad Hoc Networks: Challenges and Solutions. Yang et. al UCLA Computer Science Dept. IEEE Wireless 2004. Outline. Motivation and background Attacks Network layer security Secure routing Secure forwarding Link layer security Conclusion. Motivation.

buckminster-allen
Download Presentation

Security in Mobile Ad Hoc Networks: Challenges and Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Mobile Ad Hoc Networks: Challenges and Solutions Yang et. al UCLA Computer Science Dept. IEEE Wireless 2004

  2. Outline • Motivation and background • Attacks • Network layer security • Secure routing • Secure forwarding • Link layer security • Conclusion

  3. Motivation • MANETS recent popularity • Self-configuration • Self-maintenance • Challenges to security • Open network architecture • Shared medium • Resource constraints • Dynamic topology

  4. Goals of MANET Security • Protect network connectivity over multi-hop wireless channels • Link level solutions + network level solutions • Approaches • Proactive • Reactive • Considerations • Overhead versus performance

  5. Attacks (Network Layer) • Routing attacks • Attempt to “screw up” the others’ routing tables (remote effect) • Forwarding attacks • Leave routing tables alone, but change delivery of packets (local effect) • Attack dependent on underlying protocol • Effects

  6. Attacks (Link Layer) • Key attacks • WEP • DoS attacks • Manipulation of backoff interval • Easy corruption of other’s data • Effects are compounded at higher layers

  7. Solution Outline – A Multi-fence Security Solution • Challenges • Distribution • Involve multiple layers • Attack awareness • Completeness

  8. Network Layer Security Overview • Message authentication primitives • Secure routing • Secure forwarding

  9. Message Authentication Primitives • Message authentication code • One-way hash function based on shared key • Send data + MAC • Verified only by intended receiver • Low computational overhead • Storage requirement • O(n2) keys

  10. Message Authentication Primitives • Digital signature • Public key infrastructure w/ certificates • Encrypt w/ private and decrypt w/ public • Verified by all receivers • High computational overhead • Storage requirement • O(n) keys • Certificate revocation lists • Less resilient to DoS attacks

  11. Message Authentication Primitives • One-way Hash-based Key Chain • Key chain generated by repeated application of MAC • Keys used in reverse order • Verified by nodes w/ commitments • Lower computational overhead • Storage requirement • Buffer messages, key chains • Delayed, lost keys • Extra communication and time synchronization • Key revelation

  12. Secure Routing • Usually proactive approach • Authenticate source and routing information • Based on routing protocols • Source-based routing • Distance vector routing • Link state routing • Others

  13. Secure Source-based Routing • Append node ids to dynamically create routing path • Goal: Prevent intermediate nodes from altering routing list • End-to-end verification of nodes in paths • Example protocol (Adriadne) uses hash chaining technique

  14. Secure Source-based Routing (2) • e.g. Ariadne (on DSR)

  15. Secure Distance Vector Routing • Advertise global shortest paths to neighbor • Based on a distance metric • Goal: ensure correct advertisement of distance metric and authentic sender • Authenticate aggregation of metric • Unclear example in the paper that used hash chain on hop count

  16. Secure Link State Routing • Discover neighbors and broadcast that info to everyone • Links only added if bidirectional • Nodes can collude • Goal: authenticate both neighbor discovery and neighbor broadcast • Example protocol (SLSP) uses digital signatures

  17. Other Secure Routing Protocols • Broadcast and reply like SBR • Difference route is constructed on the reply • Goal: Authenticate link to link • One reply is sent back • Possible sub-optimal path or failure

  18. Other Secure Routing Protocols • Broadcast both ways to provide redundancy • Improved path length • Use of path metric • More communication and less computation

  19. Secure Packet Forwarding • Prevention impossible • Detection • Monitor neighbors • Probe path (for failures) • Reaction • Related to prevention mechanism • Global • End-host

  20. Open Challenges • Larger problem space • Thwart attacks but include failures, misconfigurations, and network overload • Intrusion toleration • Make system robust in the presence of attacks • Larger solution space • Supplement encryption with other mechanisms (connectivity or route redundancy) • Use redundancy on system and protocol levels

  21. Open Challenges • Collaborative approach • Trust groups of nodes • Multi-fence • Devices, layers, protocol stacks, solutions • Better analysis tools • Performance tradeoffs • Security tradeoffs • Interaction of both

  22. Conclusions • High level description of security issues in MANETS • Focused on network layer • Especially routing • Proposed “resiliency-oriented” multi-layered solution design – increased fault tolerance in security systems • Called for better analysis models

More Related