1 / 18

Secure Routing Protocol for Ad Hoc Networks

Secure Routing Protocol for Ad Hoc Networks. Li Xiaoqi. Outline. Introduction to Ad Hoc Networks Overview of Ad hoc On-demand Distance Vector (AODV) Routing Protocol Attacks to AODV Ad Hoc Networks Securing AODV Routing Protocol Flaws of SAODV Future Works. Ad Hoc Networks.

emery
Download Presentation

Secure Routing Protocol for Ad Hoc Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Routing Protocolfor Ad Hoc Networks Li Xiaoqi

  2. Outline • Introduction to Ad Hoc Networks • Overview of Ad hoc On-demand Distance Vector (AODV) Routing Protocol • Attacks to AODV Ad Hoc Networks • Securing AODV Routing Protocol • Flaws of SAODV • Future Works

  3. Ad Hoc Networks • “Infrastructureless” Networks without fixed infrastructure such as base stations or access points • Multi-hop routing when nodes are not in each other’s radio range • Nodes are mobile • Underlying communication medium is wireless • Each node acts as a router • Useful in: personal area networking, meeting rooms, disaster relief, battlefield operations, etc.

  4. Motivation • Applications such as military exercises, disaster relief, and mine site operation need more secure and reliable communication • Prior routing protocols generally assume a trusted environment with non-adversarial settings • Securing routing protocols for ad hoc networks are needed

  5. AODV Routing Protocol (Ad Hoc On-Demand Distance Vector) • Establish or maintain routes only when nodes need to communicate • Each node maintains a monotonically increasing sequence number to ensure loop free routing • Only one mutable field “Hop Count” in routing messages which implies the distance from the originator. Hop Count is increased by one at each hop. • Four types of routing messages: • RREQ: Route Request • RREP: Route Reply • RERR: Route Error • RREP-ACK: Route Reply Acknowledgement

  6. Routing Discovery in ADOV RREQ BroadCast S D RREP RREP

  7. Attacks on Mobile Networks • Eavesdropping  Confidentiality • Disclosure  Confidentiality • Masquerading  Authenticity • Modification  Integrity • Man-In-Middle Attack • Drop / Replay / Delay  Integrity • Flooding  Availability • Denial of Service Attack

  8. RREQ D S M RREP D S M Actual Attacks on AODV(one malicious node) • Forge a RREQ with its address as the originator address. • Forge a RREP with its address as the destination address • Does not increase the hop count, even reduce it when forwarding a RREQ • Increase destination sequence number “fresher” enough in order to update the intermediate nodes’ route table • Does not forward certain RREQ, RREP and certain data messages

  9. Actual Attacks on AODV(more malicious nodes) • Tunneling Attacks • Two malicious nodes simulate that they have a link between them • By tunneling messages between them • Achieve having certain traffic through them • Do any type of attacks one malicious node can do • Hard to detect and prevent so far, even in SAODV mentioned below

  10. SAODV Routing Protocol(WiSe’02 by SigMobile) • Focus on • Protecting only Routing messages • Mainly Concerning Authentication & Integrity • Situation of One malicious node • More routing protocol than key management • Two Main Ideas • Hash chains to secure the Hop Count information, the only mutable information in the messages  Integrity • Digital signatures to authenticate the non-mutable fields of the messages  Authenticity

  11. SAODV Hash Chains • Attackers often decrease Hop Count of a RREQ to increase the life of this message, thus gain more time to analyze the communication • Hash chains are used to protect this Hop Count field • A hash chain is formed by applying a one-way hash function (h) repeatedly to a seed. • When a node originates a RREQ or a RREP message, it performs the following operations:

  12. SAODV Hash Chains Algorithm • Generates a random number (seed) • Sets field Max_Hop_Count = TTL • Sets field Hash = seed • Sets field Hash_Function = h, - h is the hash function which is going be used • Calculates field Top_Hash by hashing seedMax_Hop_Count times. Top_Hash = h Max_Hop_Count (seed) - hi(x)is the result of applying the function h to xi times. • When a node receives a RREQ or a RREP message, it will verify if Top_Hash == h Max_Hop_Count – Hop_Count (Hash) - Hop_Count is the number of hops this message has passed. • Before rebroadcasting a RREQ of forwarding a RREP, a node do Hash = h(Hash)

  13. SAODV Digital Signatures • Digital Signatures are used to protect the integrity of the non-mutable data in RREQ and RREP messages • Sign every field of the message except the Hop Count and hash chain fields • Extend original AODV routing protocol’s headers • Secure AODV protocol has six types of messages • RREQ (Single) Signature Message • RREQ Double Signature Message • RREP (Single) Signature Message • RREP Double Signature Message • RERR Signature Message • RREP-ACK Signature Message

  14. SAODV Digital Signatures RREQDouble Signature Message RREQ Double Signature Message RREP Single Signature Message • An originator sends a RREQ double signature message including the RREP flags every time • An intermediate node, if it hasn’t the destination’s route entry, rebroadcasts RREQ with double signatures, one of which is needed for RREP • An intermediate node, if it has the destination’s route entry, sends a RREP with double signatures, one of which is get from the RREP flags it reserved • A destination node sends a RREP single signature message when replying a RREQ D S B A RREP Double Signature Message

  15. Key Management of Securing Ad Hoc Routing protocol • Symmetric VS Asymmetric Cryptography • Symmetric: everybody that wants to participate in this network has to know the secret key. Maybe not suitable • Asymmetric: everybody can participate freely. The originator of the route messages signs the messages when using an asymmetric cryptosystem. Maybe feasible. • SAODV assumes that each ad hoc node has a signature key pair from a suitable asymmetric cryptosystem.

  16. Flaws of SAODV • Does not consider how to protect data messages • Can not solve attacks performed by more coordinated malicious nodes • More emphasis on secure routing protocol and has not its own key management mechanism

  17. Future Work On This Topic • To realize security in Ad Hoc Networks • Intrusion Prevention • Design a secure routing protocol • Design a efficient and effective key management mechanism • Intrusion Detection • Study more attacks to AODV and SAODV routing protocol

  18. Q & A

More Related