1 / 60

Security in Mobile Ad Hoc Networks: Challenges and Solutions

2. Outline. IntroductionAttacks and ChallengesA Multifence Security SolutionNetwork-layer SecuritySecure Ad Hoc RoutingSecure Packet ForwardingLink-layer SecurityOpen Challenges. 3. Introduction. In order to provide protected communication between nodes in a potentially hostile environment,

earnest
Download Presentation

Security in Mobile Ad Hoc Networks: Challenges and Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. Security in Mobile Ad Hoc Networks: Challenges and Solutions H. Yang, H. Luo, F. Ye, S. Lu, and L. Zhang

    2. 2 Outline Introduction Attacks and Challenges A Multifence Security Solution Network-layer Security Secure Ad Hoc Routing Secure Packet Forwarding Link-layer Security Open Challenges

    3. 3 Introduction In order to provide protected communication between nodes in a potentially hostile environment, security has become a primary concern The challenges of MANETs Open network architecture Shared wireless medium Stringent resource constraints Highly dynamic network topology

    4. 4 Introduction (cont.) The goal of the security solutions for MANETs Authentication Confidentiality Integrity Anonymity Availability

    5. 5 Introduction (cont.) The security issues in each layer

    6. 6 A fundamental security problem in MANET: the protection of its basic functionality to deliver data bits from one node to another. ensuring one-hop connectivity through link-layer protocols (e.g., wireless medium access control, MAC) Extending connectivity to multiple hops through network layer routing and data forwarding protocols (e.g., ad hoc routing) Introduction (cont.)

    7. 7 Security never comes for free. Security strength and network performance are equally important Achieving a good trade-off between two extremes is one fundamental challenge in security design for MANETs. Introduction (cont.)

    8. 8 Attacks The network-layer operations in MANETs are ad hoc routing and data packet forwarding The ad hoc routing protocols Exchange routing messages between nodes Maintain routing states at each node accordingly Two attack categories Routing attacks Packet forwarding attacks

    9. 9 Attacks (cont.) Routing attacks Any action of advertising routing updates that does not follow the specifications of the routing protocol Packet forwarding attacks Cause the data packets to be delivered in a way that is intentionally inconsistent with the routing states

    10. 10 A Multifence Security Solution The approaches to securing MANETs Proactive Thwart security threats in the first place Adopted by secure routing protocols Reactive Seek to detect threats a posteriori and react accordingly Adopted by packet forwarding operations

    11. 11 A Multifence Security Solution (Cont.)

    12. 12 Network-layer Security Protecting the network functionality to deliver packets between mobile nodes through multi-hop ad hoc forwarding Message Authentication Primitives HMAC Digital signature One-way HMAC key chain

    13. 13 Network-layer Security (cont.) HMAC Two nodes share a secret symmetric key k (the total number of the pairwise shared key is n(n-1)/2) They can efficiently generate and verify a message authenticator hk(·)

    14. 14 Digital signature Based on asymmetric key cryptography (signing/decrypting and verifying/encrypting) Each node needs to keep a CRL of revoked certificates

    15. 15 Privacy using asymmetric-key encryption

    16. 16 Signing the whole document

    17. 17 Signing the Digest. Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/ decryption must be applied.

    18. 18 Signing the Digest (Sender site)

    19. 19 Signing the Digest (Receiver site)

    20. 20 Network-layer Security (cont.) One-way HMAC key chain Given the output f(x), it is computationally infeasible to find the input x By applying f(·) repeatedly on an initial input x, one can obtain a chain of outputs fi(x). a message with an HMAC using fi(x) as the key is proven to be authentic when the sender reveals f(i–1)(x). Very tight clock synchronization and large storage are necessary The release of the key involves a second round of communication

    21. 21 Secure Ad Hoc Routing Source Routing Ensure that each intermediate node cannot remove existing nodes from or add extra nodes to the route A secure extension of DSR is Ariadne, which uses a one-way HMAC key chain

    22. 22 Secure Ad Hoc Routing (cont.) Take the following example for an illustration -The source node S uses source routing to connect to the destination D through nodes A, B, and C

    23. 23 Secure Ad Hoc Routing (cont.)

    24. 24 Secure Ad Hoc Routing (cont.) Distance Vector Routing The main challenge is that each intermediate node has to advertise the routing metric correctly For example, when hop count is used as the routing metric, each node has to increase the hop count by one exactly A hop count hash chain is devised so that an intermediate node cannot decrease the hop count in a routing update

    25. 25 Secure Ad Hoc Routing (cont.) Distance Vector Routing Assume the maximum hop count of a valid route is n, a node generates a hash chain of length n every time it initiates an RREQ message, , where The node then adds and into the routing message, with Hop_count set to 0 When a node receives a RREQ or RREP packet, it first checks whether Then the node sets

    26. 26 Secure Ad Hoc Routing (cont.) Link State Routing Secure Link State Routing (SLSP) Each node seeks to learn and update its neighborhood by Neighbor Lookup Protocol (NLP) Periodically flood Link State Update (LSU) packets to propagate link state information SLSP adopts a digital signature approach in authentication NLP’s hello messages and LSU packets are signed with the sender’s private key

    27. 27 Secure Packet Forwarding Detection Each node can perform localized detection by overhearing ongoing transmissions and evaluating the behavior of its neighbors Localized detection Watchdog Add a next_hop field in AODV packets ACK-based detection The source can initiate a fault detection process on a suspicious path that has recently dropped more packets than an acceptable threshold

    28. 28 Watchdog Assume bidirectional communication symmetry on every link between nodes If a node B is capable of receiving a message from a node A at time t, then node A could instead have received a message from node B at time t Implement the watchdog Maintain a buffer of recently sent packets Compare each overheard packet with the packet in the buffer

    29. 29 Watchdog (cont.) When B forwards a packet from S toward D through C, A can overhear B’s transmission and can verify that B has attempted to pass the packet to C

    30. 30 Watchdog (cont.) The weaknesses Ambiguous collisions Receiver collisions Limited transmission power False misbehavior Collusion Partial dropping

    31. 31 ACK-based detection Byzantine failures Drop packets Modify packets Miss-route packets

    32. 32 ACK-based detection (cont.) The fault detection Based on using acks of the data packets The source keeps track of the number of recent losses When the number of recent losses violates the acceptable threshold Register a fault between the source and the destination Start a binary search on the path The adaptive probing techniques identifies a faulty link after logn faults have occurred, where n is the length of the path

    33. 33 Secure Packet Forwarding (cont.) Reaction Once a malicious node is detected, certain actions are triggered to protect the network from future attacks launched by this node Global reaction The malicious node is excluded from the network End-host reaction Each node may make its own decision on how to react to a malicious node (e.g., putting this node in its own blacklist)

    34. 34 End-host reaction- Pathrater Each node maintains a rating for every other node and calculates a path metric by averaging the node ratings in the path It gives a comparison of the overall reliability of different paths It differs from standard DSR, which chooses the shortest path in the route cache

    35. 35 Link-layer Security IEEE 802.11 MAC The vulnerability of the IEEE 802.11 MAC to DoS attacks was identified The attacker may exploit its binary exponential backoff scheme to launch DoS attacks The solution is that the sender can set the backoff timer on its own

    36. 36 Link-layer Security (cont.) IEEE 802.11 WEP Message privacy and message integrity attacks Short IV CRC-32 checksum Key stream recovery by known plaintext attacks Probabilistic cipher key recovery attacks

    37. 37 Wormhole attacks happen when one wormhole node eavesdrops and records packets at one location And then tunnels the eavesdropped packets to a certain faraway collusive wormhole node After receiving the tunneled packets, the faraway collusive wormhole node replays these packets Wormhole attacks (I)

    38. 38 Wormhole attacks (II)

    39. 39 Wormhole attacks affect a network most significantly during route discovery or route establishment phase Wormhole attacks (III)

    40. 40 Wormhole attacks (IV)

    41. 41 Most existed cryptography-based protocol CANNOT deal with wormhole attacks! Wormhole attacks (V)

    42. 42 In fact, if wormholes are setup by the administrator or conduct no mal-behaviors, it can be a very pleasing feature Wormholes provide alternate routes, reduce the use of wireless bandwidth, even save the power of mobile nodes Wormhole attacks (VI)

    43. 43 But if wormhole attack is conducted by malicious adversaries, it is a serious problem The adversaries can easily setup wormholes, without breaking the cryptographic system and intruding any mobile nodes The adversaries can eavesdrop or disrupt the network by only few nodes Wormhole attacks (VII)

    44. 44 Distance or Time Limiting Detection Approaches Geometry or Topology Detection Approaches Neighbor Nodes Monitoring Approaches Related Works – Detection mechanisms

    45. 45 Apply an intuitive idea: limit the distance a packet can traverse between nodes Since (time = distance/speed), it is also possible to limit traverse distance by limiting traverse time Advantages: simple, low overhead (if the method is well designed) Disadvantages: usually require time synchronization, specialized hardware or location information on each node Distance or Time Limiting Approaches

    46. 46 These kind of mechanisms are to construct a “good” network graph, or to find out the illogical conditions of network topology Advantage: require no time synchronization Disadvantage: more complicated and higher overhead than distance or time limiting approaches Geometry or Topology Approaches

    47. 47 Monitor neighbor nodes’ false behaviors to detect wormholes Advantage: require no time synchronization Disadvantage: more complicated than distance or time limiting approaches, and need specialized hardware to help these method work Neighbor Nodes Monitoring Approaches

    48. 48 DSR is an on-demand, source routing protocol Route request (RREQ) packet: Review on DSR (I)

    49. 49 Our observation Review on DSR (III)

    50. 50 A DSR Wormhole Detection Protocol (I)

    51. 51 A DSR Wormhole Detection Protocol (II)

    52. 52 A DSR Wormhole Detection Protocol (III)

    53. 53 A DSR Wormhole Detection Protocol (IV)

    54. 54 A DSR Wormhole Detection Protocol (V)

    55. 55 A DSR Wormhole Detection Protocol (VI)

    56. 56 A DSR Wormhole Detection Protocol (VII)

    57. 57 A DSR Wormhole Detection Protocol (VIII)

    58. 58 A DSR Wormhole Detection Protocol (IX)

    59. 59 Node A checks if all the values of Duration XY along the route path are less than a reasonable threshold. If yes, this route is a good route which does not pass through wormholes. But if any single value is larger than the threshold, this route is said to be contaminated by wormhole attacks and should not to be used.

    60. 60 Open Challenges The new design perspective is called resiliency-oriented security design The design possesses several features Seek to attack a bigger problem space Intrusion tolerance Use other noncrypto-based schemes to ensure resiliency Handle unexpected faults to some extent The solution may also take a collaborative security approach The solution relies on multiple fences

More Related