1 / 17

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols. Acts as denial of service by disrupting the flow of data between a source and a destination Affects most protocols DSR Route discovery aodv Ariadne SAODV ARAN Protocols designed to be secure. How the attack works.

aferron
Download Presentation

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols • Acts as denial of service by disrupting the flow of data between a source and a destination • Affects most protocols • DSR Route discovery • aodv • Ariadne • SAODV • ARAN • Protocols designed to be secure

  2. How the attack works • The attacker manipulates request forwarding if a request for an initiator and target include a hop through the attacker so that further legitimate request will not reach the destination • Denial of service against inefficient authentication mechanisms by bombarding them with challenges or flood the network interface transmission queues of nearby nodes

  3. Defenses • Secure neighbor detection • Design a protocol that may be used by the nodes to ensure that its responder is within maximum communication range • Use of a hash chain as a form of simple authentication between neighbors • Utilize secure route discovery via loosely synchronized time on each node and implementing a protocol in which communication is only transmitted and “listened” to at uniquely calculated intervals

  4. LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks • Localized Encryption and Authentication Protocol • Different types of messages between sensor nodes have different security requirements • Four types of keys: • Individual key (shares with the base) • Pairwise key (shares w/ another sensor node) • Cluster key (shares w/ multiple neighboring nodes) • Group key (shares w/ all nodes) • Designed to limit the power of a compromised node, then efficiently block it

  5. Assumptions • Sensor network is static (no mobility) • Base station is the controller, but is has little interaction • Sensor nodes similar to current generation technology • Immediate neighbors not known in advance • Wireless insecurities • Compromised node’s information is all compromised • Base station will not be compromised • When a node joins, all keys are deleted by the time it could be compromised • Many nodes may be in unattended environments • Only the base station uses µTESLA

  6. Features • Passive participation – node does not report an event if it overhears a neighbor node reporting that event (type of in-network processing) • One-way key chains for efficient inter-node traffic authentication • Lightweight authentication schemes • Vulnerable to combination sinkhole and wormhole attacks

  7. Authentication Framework for Hierarchical Ad Hoc Sensor Networks • 3 tiers • Simple devices in need of authentication • Forwarding nodes with additional processing power • Access points connected to the internet

  8. Assumptions • Varying levels of computation power within the sensor network • Sensors do not communicate with one another • Forwarding nodes act as radio relays for the sensors to the access points

  9. Authentication mechanism • CA issues a TESLA certificate for forwarding node (B), signed with TESLA key, a MAC is included in the certificate • The simple device (D) asks for access to the network • B authenticates itself to D by sending the certificate and a MAC created using D’s key • D checks B’s certificate, making sure that the CA did not yet broadcast this certificate to everyone • The CA delivers the certificate to all forwarding nodes, if the certificate matches that of B, the device is authenticated

  10. BISS: Building Secure Routing out of an Incomplete Set of Security Associations • Indirect route authentication vs. Direct • Set of security associations are incomplete • Initiator trusts the target to have security associations for a secure route • Increases number of security associations • Performs well in dense networks • 200/km2 – needs 80% security associations • 400/km2 – needs 30% security associations • Time and mobility?

  11. Security with BISS • Assumes that strong encryption will protect contents of packets • Listed possible attacks: • Attacks against privacy • Traffic analysis • Said to effectively prevent most active attacks (as long as a node has not been compromised)

  12. Security Associations Setup • Requires an off-line authority • Assigns each node a unique identity and certificate • Slow • Density of 350/km2 • All security associations - 3 hours • 40% of security associations – 15 minutes

  13. Byzantine Detection and Routing Byzantine node: a node that consistently drops packets, either maliciously or due to unreliability

  14. Message Transfer • Device sends a message with source and destination header. • Each device, when receiving such a message, will see if the message matches a message recently heard, if it does not it will pass the message along and add it to the recent message list. • When the destination receives a message, it sends an acknowledgement packet.

  15. Message Transfer

  16. Byzantine Detection • The network will tolerate a certain threshold of loss, once reached, the network will locate the adversarial node • The algorithm work similar to a binary search, the new destination changes to the node halfway to the true destination. If the new connection is reliable, we reposition closer to the destination until the Byzantine node is found

  17. Byzantine Detection

More Related