130 likes | 242 Views
Securing OLSR Using Node Locations Daniele Raffo Cédric Adjih Thomas Clausen Paul Mühlethaler 11 th European Wireless Conference 2005 (EW 2005) April 10-13 2005 Nicosia, Cyprus. Index. The OLSR protocol Attacks against OLSR
E N D
Securing OLSR Using Node Locations Daniele Raffo Cédric Adjih Thomas Clausen Paul Mühlethaler 11th European Wireless Conference 2005 (EW 2005) April 10-13 2005 Nicosia, Cyprus
Index • The OLSR protocol • Attacks against OLSR • Overview of the GPS-based security extension to OLSR • The SIGLOC control message • Evaluating a node’s distance • Evaluating a node’s movement • Evaluating a node’s position • Possible improvements to standard OLSR Securing OLSR Using Node Locations Daniele Raffo EW 2005 1 / 12
The OLSR protocol OLSR is a proactive link state routing protocol for ad hoc networks. Control messages containing topology information are sent periodically: HELLOs links with neighbors (link state), MPR selection 1 hop only, not forwarded TCs bi-directional links with nodes flooded via MPRs in the entire network Securing OLSR Using Node Locations Daniele Raffo EW 2005 2 / 12
The OLSR protocol Flooding is optimized via Multipoint Relays (MPRs). Each node selects MPRs from among its neighbors, such that a message emitted by that node and relayed by its MPRs will be received by all nodes 2 hops away. standard flooding MPR broadcast Securing OLSR Using Node Locations Daniele Raffo EW 2005 3 / 12
Attacks against OLSR Incorrect control traffic generation Identity spoofing (spoofed originator of a HELLO or TC) Wrong topology Link spoofing (false HELLO or TC) Connectivity loss / Wrong MPR selection Incorrect control traffic relaying Failure to forward traffic Connectivity loss Packet tampering Wrong topology / Denial of Service Replay attack / Wormhole attack Wrong topology Securing OLSR Using Node Locations Daniele Raffo EW 2005 4 / 12
Overview The network is secured with a PKI, but a node X may have been compromised. Problem: How to evaluate the correctness of X ’s control messages? (from the point of view of link state, topological information, etc) Solution: Add redundant information to control messages. Information about node location (obtained by an embedded GPS device) is included in control messages to bound the node’s area of effect. The position information is cross-checked with link state information to spot any inconsistency. Securing OLSR Using Node Locations Daniele Raffo EW 2005 5 / 12
SIGLOC control message 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sign. Method | Reserved | MSN Referrer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Node location | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timestamp | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Signature | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ This is done via a new OLSR control message (SIGLOC), which contains GPS information as well as a timestamped signature. Each node also maintains a Position Table storing a set of tuples < node IP address, position, timestamp > containing the most recent geographical positions of all other nodes. Securing OLSR Using Node Locations Daniele Raffo EW 2005 6 / 12
Evaluating a node’s distance pA position of node A receiving B ’s message at time tA (A ’s clock) pB position of sending node B at time tB (B ’s clock) t max error of synchronization between nodes d max error in position information v max velocity of nodes r max transmission range Securing OLSR Using Node Locations Daniele Raffo EW 2005 7 / 12
Evaluating a node’s distance When this formula is false, the distance AB is too great for the message to be heard. Therefore, the message is probably a fake. Protection against wormholing: A receives a control message from B. A checks if B is truly a neighbor by evaluating the distance AB. Securing OLSR Using Node Locations Daniele Raffo EW 2005 8 / 12
Evaluating a node’s distance Protection against link spoofing: A advertises a link with B. C receives A ’s control message and checks the likelihood of the AB link by evaluating the distance AB. Securing OLSR Using Node Locations Daniele Raffo EW 2005 9 / 12
Evaluating a node’s movement Protection against false position information: Let pA and pB be the position of the same node at instants tA and tB respectively. For r=0, this formula can be used to check if the node is lying about its geographical location. The values of pA , pB , tA , tB are retrieved from the Position Table. If the formula is false, the node is lying about where it pretends to be (or about where it pretended to be in the past). Securing OLSR Using Node Locations Daniele Raffo EW 2005 10 / 12
Evaluating a node’s position Additional security comes from the use of a directional antenna. This allows a node to evaluate the direction from which the signal is coming. In this case, the node can use this formula to derive the sector in which the sender should be. Securing OLSR Using Node Locations Daniele Raffo EW 2005 11 / 12
Improvements to standard OLSR • Geographical information could also be used to improve the standard OLSR protocol: • improved MPR selection • improved MPR flooding • forecast of link breaks Securing OLSR Using Node Locations Daniele Raffo EW 2005 12 / 12