Anonymous Communications in Mobile Ad Hoc Networks

1. Anonymous Communications in Mobile Ad HocNetworks Yanchao Zhang, Wei Liu, Wenjing Lou Presenter: Bo Wu

2. Outline • Introduction • Threat Model • MASK Model • Performance Evaluation • Conclusion

3. MANETs • A mobile ad hoc network (MANET) is a type of wireless network, and is a self-configuring network of mobile devices connected by any number of wireless links.

4. MANETs • Every node in a MANET is also a router because it is required to forward traffic unrelated to its own use. • Each MANET device is free to move independently. • Wireless links are particularly vulnerable to eavesdropping and other attacks

5. MANETs: Ad hoc? • A short lived network just for the communication needs of the moment • Self Organizing • Infrastructure-less network • Energy conservation • Scalability

6. MANETs: Challenges • Lack of a centralized entity • Network topology changes frequently and unpredictably • Channel access/Bandwidth availability • Hidden/Exposed station problem • Lack of symmetrical links • Power limitation

7. MANETs: AODV • Source node initiates path discovery by broadcasting a route request (RREQ) packet to its neighbors • Every node maintains two separate counters • Sequence number • Broadcast-id A L Y F J B K D P G S C E H I T Z RREQ AODV part adapted from slides of Sirisha R. Medidi

8. MANETs: AODV • A neighbor either broadcasts the RREQ to its neighbors or satisfies the RREQ by sending a RREP back to the source • Later copies of the same RREQ request are discarded A L Y F J B K D P G S C E H I T Z Reverse Path Setup

9. MANETs: AODV • Reverse path are automatically set-up • Node records the address of the sender of RREQ • Entries are discarded after a time-out period A L Y F J B K D P G S C E H I T Z

10. MANETs: AODV A L Y F J B K D P G S C E H I T Z

11. MANETs: AODV A L Y F J B K D P G S C E H I T Z

12. MANETs: AODV A L Y F J B K D P G S C E H I T Z Forward Path Setup

13. MANETs: AODV A L Y F J B K D P G S C E H I T Z

14. MANETs: AODV A L Y F J B K D P G S C E H I T Z

15. MANETs: AODV A L Y F J B K D P G S C E H I T Z

16. MANETs: AODV • Advantages: • efficient algorithm for ad-hoc networks • Highly Scalable • Need for broadcast is minimized • Quick response to link breakage in active routes • Loop free routes

17. Traffic Analysis • Frequent communications — can denote planning • Rapid, short, communications — can denote negotiations • A lack of communication — can indicate a lack of activity, or completion of a finalized plan • Frequent communication to specific stations from a central station — can highlight the chain of command • Who talks to whom — can indicate which stations are 'in charge' or the 'control station' of a particular network. This further implies something about the personnel associated with each station • Who talks when — can indicate which stations are active in connection with events, which implies something about the information being passed and perhaps something about the personnel/access of those associated with some stations • Who changes from station to station, or medium to medium — can indicate movement, fear of interception

18. General Defending Methods • Prevent detection • Spread spectrum modulation • Effective power control • Directional antennas • Traffic Padding • End to End Encryption and/or Link Encryption on Data Traffic

19. Threat Model • Passive • Totally quiet, or just inject a small amount of traffic • Monitor every transmission of each node • Many adversaries can communicate with each other very fast • May compromise a small number of nodes • Limited computational capability

20. Basic Math • Let G1,G2 be two groups of the same prime order q. • Pairing is a computable bilinear map f : G1 × G1 → G2 satisfying the following properties: • 1. Bilinearity: • ∀ P, Q, R, S ∈ G1, we have • f (P + Q, R + S) = f (P, R)f (P, S)f (Q, R)f (Q, S) • 2. Non-degeneracy: • If f (P, Q) = 1 for all Q ∈ G1, then P must be the identity element in G1. • 3. Computability: • There is an efficient algorithm to compute • f(P, Q) for all P, Q ∈ G1.

21. MASK • MASK stands for ? • A novel anonymous on-demand routing protocol for MANETs • anonymous neighborhood authentication • anonymous route discovery and data forwarding

22. MASK System Model • A number of non-malicious nodes • No selfish behavior • Moderate movement • Trusted Authority bootstrap security parameters • g the master key • H1 : {0, 1}∗ → G1 mapping arbitrary strings to points in G1 • H2 : {0, 1}∗ →{0, 1}β mapping arbitrary strings to β-bit fixed-length output • Every node is blind to g • TA furnishes each node IDi with a sufficiently large set PSi of collision resistant pseudonyms and a corresponding secret point set as Si = gH1(PSi) = {Si,j} = {gH1(P Si,j) ∈ G1} (1 ≤ j ≤ |PSi|).

23. MASK: Anonymous Neighbor Authentication • Definition: • two neighboring nodes can ensure that they belong to the same party or have trustable relationship with each other without revealing their either real identifiers or party membership information. • Existing methods: • Network-wide key • Pairwise key • Public-key certification

24. MASK: Anonymous Neighbor Authentication • Alice and Bob are using pseudonyms randomly selected from their set • Alice starts the authentication by sending her pseudonym and a challenge • Bob can calculate the corresponding master session key and send the authentication message back • Alice authenticated Bob and replied authentication message • Both Bob and Alice generate link IDs and session keys based on the master session key

25. MASK: Anonymous Neighbor Authentication • After the authentication both sides have: • If a packet is identified by , then it should be decrypted using • Whenever these pairs are used up, Alice and Bob are required to automatically increase both n1 and n2 by one and generate new pairs. • Every node follows this procedure and establishes a neighbor table

26. MASK: Anonymous Neighbor Authentication • Only TA can infer real ID based on pseudonyms • To adversary, Link IDs are random bits • Adversary can not infer session key based on Link IDs

27. MASK: Anonymous Route Discovery • Besides neighbor table, each node has: • Forwarding route table • <dest_id, destSeq, pre-link, next-link> • Reverse route table • <dest_id, destSeq, pre-hop-pseudonym> • Target link table • The current node is the final destination for the packets bearing the linkIDs which are in its target link table.

28. MASK: Anonymous Route Discovery • Anonymous route request • <ARREQ, ARREQ_id, dest_id, destSeq, PSx> • ARREQ_id uniquely identifies the request • Dest_id is the real id of the destination • destSeq is the last known sequence number for the destination • PSx is the active pseudonym of the source

29. MASK: Anonymous Route Discovery • For each node in the network: • Receives ARREQ for the first time • inserts an entry into its reverse route table where this ARREQ comes from • rebroadcasts the ARREQ after changing the embedded pseudonym field to its own. • Discards any ARREQ already seen • All nodes broadcast only once

30. MASK: Anonymous Route Discovery • Anonymous route replies • <LinkID, {ARREP, dest_id, destSeq}SKey> • LinkID is the to be used shared packet identifier between the sender and the corresponding receiver • {ARREP, dest_id, destSeq} is encrypted by the paired session key such that only the intended receiver can decrypt it

31. MASK: Anonymous Route Discovery • Intermediate nodes will discard replies with smaller destSeq than its own record • intermediate node can also generate a route reply if it has one forward route entry for the dest id with destSeq equal to or larger than that contained in the received ARREQ. • Multiple paths are established during this process

32. MASK: Anonymous Route Discovery • Anonymous Data Forwarding • <next-LinkID, MASK payload> • next-LinkID is randomly selected from the next-link-list field • MASK payload may be end-to-end encrypted message • Do not necessarily select the best path

33. Security analysis • Message Coding Attack • Adversary can easily link and trace some packets that do not change their content or length • MASK countermeasures • Hop-by-hop encryption • Random padding

34. Security analysis • Flow Recognition and Message Replay Attacks • Recognize the packets belonging to some communication flow • MASK countermeasures • Hop-by-hop encryption • LinkID update

35. Security analysis • Timing Analysis Attack • Tell the difference between nodes by transmission timing, e.g. transmission rate • MASK Countermeasures • When the traffic is light, this attack is quite dangerous

36. Performance Evaluation • Tate paring for bilinear map f • Most expensive part • indispensable • SHA-1 to implement the collision resistant hash functions • efficient symmetric algorithm RC6 as hop-by-hop encryption and decryption

37. Performance Evaluation • For normal traffic, AODV is a little bit better • MASK outperforms AODV for heavy traffic due to available multiple paths

38. Performance Evaluation • MASK outperforms AODV in terms of overhead • It conducts costly route discovery less frequently

39. Performance Evaluation • AODV has much less latency • MASK tries to balance tradeoff between anonymity and latency

40. Conclusion • Very good resistance to passive attackers • Timing attack is still unresolved in this model • Very good routing performance • But AODV also has a multi-path version --- AOMDV

41. Questions?