160 likes | 280 Views
Security & Efficiency in Ad-Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University. Why Adhoc Networking?.
E N D
Security & Efficiency in Ad-Hoc Routing Protocol with emphasis on DistanceVector and Link State.Ayo FakolujoWichita State University
Why Adhoc Networking? • An Adhoc Network is a connection of wireless systems, transferring data between themselves with no pre-existing infrastructure available. • Adhoc networks are now important because of there independence of pre-existing fixed infrastructure and can be quickly deployed when needed and inexpensively too.
Why contd. • Can operate in a standalone or connected to a large network like the internet. • Business environments with collaborating computing needed (out of office meetings with clients). • Used to provide crisis management applications e.g. disaster recovery (take hours instead of weeks to set up as compared to wired infrastructure).
DV and LS • SEAD – Secure Efficient Distance Vector Routing Protocol based on the design of Destination-Sequenced Distance-Vector routing protocol • SLSP – Secure Link State routing Protocol based on the design of Link State Protocol
DV and DSDV • Standard DV looks for the shortest distance between nodes in a network using the Bellman-Ford Algorithm. E.g. RIP • Each node acts as a router and maintains a routing table • Each entry as an address of a destination and the shortest distance to that destination. • Periodic updates or triggered updates
DV and DSDV contd. • DV although simple, it cannot guarantee routing loops between different nodes for some destination • DSDV incorporates sequence number in each routing table to prevent routing loops. • Each routing update has an even sequence number. • Can have full dump or incremental update.
LS • LS Routing Algorithms are based on periodic updates of routing information between routers. • Standard or Classic LS algorithms, the nodes declare all links with there neighbors and then broadcasts to the entire network the routing messages. • Requires lots of bandwidth.
SEAD • Symmetric Cryptographic operation was used i.e. one-way hash functions because 3-4 times faster than asymmetric (digital signature) and good for CPU limited devices. • Computes the hash values to secure the routing updates. • Tries to reduce redundant triggered updates by not using weighted time triggered updates as in standard DSDV
SEAD contd. • If link to neighbor is broken, sets the metric to infinity and flags the sequence number so it would not be used again. • Receiver of SEAD message validates or authenticates the sender. • Uses the sequence number to authenticate each entry in the update • Use hash values that corresponds to the sequence number.
SEAD contd. • Neighbor authentication is also performed (to verify source of the routing message, by using shared secret key and Message Authentication Code. • MAC is included in every routing update for each node.
SLSP • SLSP nodes send Link state updates and maintain information about nodes within their zone (instead of the entire network). • Nodes also make use of one-way hash functions and key cryptosystem (public/private pair). • Nodes periodically broadcasts their LSU and certified keys for validation by receiver nodes.
SLSP contd. • SLSP contains the Neighbor Lookup Protocol (NLP) that maintains MAC and IP mapping for the node’s neighbors. • Each broadcasts its (MAC, IP) pair to its neighbors in form of signed hello messages which prevents DoS attacks and use of multiple IP addresses by the same data link layer interface • NLP also helps in Policing for the SLSP e.g. 2 nodes using the same IP address, notifies the SLSP. The routing protocol on receipt of such packet drops it.
SLSP contd. • Calculates a hash chain to make sure LSU are propagated within the zone of origin. • LSU are identified by sender IP address and a sequence number. • Key broadcasts are done based on network conditions. • Neighbors are also prioritized, with lowest rate generating nodes having high priority and vice versa.
Conclusion and Comparison • Both SLSP and SEAD are robust against individual adversaries and both also prevents DoS. • SLSP and SEAD are vulnerable to colluding attackers (multiple coordinated attackers). • Both makes use of one-way Hash Chains to secure the routing updates.
Conclusion and Comparison • Both makes use of proactive updates. • No need for Key management entity.
Thank You • Any Questions ????