1 / 28

A Survey of Secure Wireless Ad Hoc Routing

This paper surveys secure ad hoc routing protocols and the challenges faced in ad hoc networks. It discusses attacks, secure routing, and key setup in ad hoc networks.

jblanche
Download Presentation

A Survey of Secure Wireless Ad Hoc Routing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Survey of Secure WirelessAd Hoc Routing Authors: Yih-Chun Hu and Adrian Perrig Publish: IEEE Security and Privacy special issue on Making Wireless Work, 2(3):28-39, 2004 Presenter: Danzhou Liu

  2. Contents • Introduction • Attacks on Ad Hoc Network • Secure Routing in Ad Hoc Network • Discussions CDA6938

  3. Introduction • This paper is a survey of research in secure ad hoc routing protocols and the challenges faced. • Ad hoc network • Collection of mobile nodes forming a network • Do not have a pre-established network infrastructure such as base access points • Each node moves dynamically and arbitrarily • All nodes typically operate on a common frequency band • Routing protocols are needed if network span exceeds radio range (multi-hop) • Applications • Search and Rescue • Disaster Recovery • Automated Battlefields CDA6938

  4. Introduction • Challenges in ad hoc networks • Limited physical security • Lack of infrastructure and authorization facilities • Security protocols for wired networks cannot work for ad hoc networks • Volatile network topology makes it hard to detect malicious nodes • Intrinsic mutual trust vulnerable to attacks CDA6938

  5. MANET Routing Protocols Classification CDA6938

  6. DSR • The Dynamic Source Routing (DSR) is a reactive topology-based routing protocol. • Route discovery • When the source node S wants to send a packet to the destination node D, it first consults its route cache. If an unexpired route is found, use this route. Otherwise, S initiates route discovery by broadcasting a route request (RREQ) packet (SID, DID, seq_no). • Each node appends its own identifier when forwarding RREQ • Limited flooding: the node only forwards the RREQ to its neighbors if the RREQ has not yet been seen by the node and if the node’s address does not already appear in the route record. • After receiving RREQ, node D or an intermediate node containing unexpired route to node D generates a route reply (RREP) to node S. • Route maintenance • Route error packets and acknowledgments CDA6938

  7. DSR: Route Discovery N2 N1-N2 Destination N1-N2-N5 N5 N8 N1 Source N1 N1-N3-N4-N7 N1-N2-N5 N1-N3-N4 N4 N7 N1 N1-N3-N4 N1-N3 N1-N3-N4-N6 N3 N6 N1-N3-N4 CDA6938

  8. DSR: Route Reply N2 N1-N2-N5-N8 Destination N1-N2-N5-N8 N5 N8 N1-N2-N5-N8 Source N1 N4 N7 N3 N6 CDA6938

  9. DSDV • The Destination-Sequenced Distance-Vector (DSDV) is a proactive topology-based routing protocol. • Each node maintains a routing table which stores • next hop towards each destination • a cost metric for the path to each destination • a destination sequence number that is created by the destination itself • Sequence numbers used to avoid formation of loops • Each nodeperiodically and triggeredly forwards the routing table to its neighbors • Route Selection • Select route with higher destination sequence number (This ensure to use always newest information from destination) • Select the route with better metric when sequence numbers are equal. CDA6938

  10. DSDV: Route Update • B increases Seq. No from 100 => 102 • B sends routing update to A and C (A, 1, A-500) (B, 0, B-102) (C, 1, C-588) (A, 1, A-500) (B, 0, B-102) (C, 1, C-588) A B C B-102 B-102 B-102 2 1 1 C-588 CDA6938

  11. Contents • Introduction • Attacks on Ad Hoc Network • Secure Routing in Ad Hoc Network • Discussions CDA6938

  12. Two Attack Categories (DoS) • Routing-disruption attacks: drive packets onto dysfunctional routes • Routing loop: send forged routing packets to create a routing loop • Black hole: drop all packets • Gray hole: drop some packets, e.g., just forward routing packets but not data packets • Gratuitous detour: claim falsely longer route by adding virtual nodes • Wormhole: use a pair of attacker nodes linked via a private network connection, prevent other nodes to discover routes. • Rushing: fire ROUTE REQUESTS in advance to suppress any later legitimate ROUTE REQUESTS against on-demand routing protocols • Resource-consumption attacks: inject packets into the network • Consume network resources such as bandwidth, nodes’ memory and computation power CDA6938

  13. Attacker Model • Passive Attacker: not inject packets, just eavesdrop • Just threat against communication privacy or anonymity • Not against the network’s function or routing protocol • Not be discussed further • Active Attacker: eavesdrop and inject packets • Assume that the attacker owns all the cryptographic key information of compromised nodes and distributes it among all its nodes. • Active-n-m, where n is the number of nodes it has compromised and m is the number of nodes it owns: • Active-0-1 • Active-0-x • Active-1-x • Active-y-x • ActiveVC: controls all traffic between nodes Increasing strength CDA6938

  14. Contents • Introduction • Attacks on Ad Hoc Network • Secure Routing in Ad Hoc Network • Discussions CDA6938

  15. Key Setup in Ad Hoc Network • How to spread key for authentication. • Secrete Key: a shared key to encode and decode (DEC). • Public Key: a shared public key to encode and a private key to decode (RSA). • Common set of authorities • Protect private key distribution from eavesdrop • Protect legal nodes list distribution from active attack by side channel CDA6938

  16. Protect Key Distribution • SUCV Addresses • Each node generates a public- and private-key pair • Choose its address based on a cryptographic hash function of the public key • Certificate Authority (CA). • Node has a certificate containing its address, public key and a signature from CA. • CA is vulnerable to compromise. This is overcome by requiring a node to have certificates from several CAs. • Transitive Trust and PGP Trust Graph • Each node signs certificates for other nodes • If A trusts B, and B trusts C, then A trusts C • Public Key Revocation • Revoke the certificate for a compromised node’s public key • Sign Negative certificates • Blacklisting or flooding other revocation information CDA6938

  17. Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Network • Ariadne is a secure on-demand routing protocol • Based on Dynamic Source Routing (DSR) Protocol • Withstand node compromise, avoid routing misbehavior by monitoring nodes’ prior performance • Rely only on highly efficient symmetric cryptography • Use one way hashing to overcome node removal from the node list • Route request authenticity & Route reply authentication • Ariadne can authenticate routing messages using one of three schemes: • Shared secrets between each pair of nodes • Shared secrets between communicating nodes combined with broadcast authentication • Digital Signatures CDA6938

  18. Route Discovery • Route Request • <Route Request, initiator, target, id, time interval, hash chain, node list, MAC list> (Note: MAC: Message Authentication Code) • Initiator initializes hash chain to MACKSD(initiator, target, id, time interval) • Non-target node A which receives the request checks <initiator, id> and checks time interval • Time interval : must not be too far in the future and key corresponding to it must not be disclosed yet • If any condition fails, discard the request • If all conditions hold, A appends its address to node list, replaces hash chain with H[A, hash chain], appends MAC of entire Request with TESLA key KAi to MAC list CDA6938

  19. Route Discovery • Target checks validity of Request • By determining that the keys are not disclosed yet and that the hash chain is equal to • If Request is valid, target returns a Route Reply • Route Reply • <Route Reply, target, initiator, time interval, node list, MAC list, target MAC, key list> • Sent to initiator along the route in node list • Forwarding node waits and appends its key • Initiator verifies each key in key list, target MAC, each MAC in MAC list H[nn, H[nn-1, H[…,H[n1, MACKSD(initiator, target, id, interval)]…] CDA6938

  20. S RA* RS* RE* RA* RB* RA* B G E A D F C RB* RC* RF* RB* RC* RC* RG* Route Discovery RS* = <M, h0, (), ()> RA* = <M, h1, (A), (MA)> RB* = <M, h2, (A, B), (MA, MB)> RE* = <M, h’2, (A, E), (MA, ME)> Route Request Route to be found:S A B C D M = Request, S, D, id, ti S : h0 = MACKSD(M) S   : M, h0, (), () A : h1 = H (A, h0) MA = MACKAtiM, h1, (A), () A   : M, h1, (A), (MA) B : h2 = H (B, h1) MB = MACKBtiM, h1, (A, B), (MA) B   : M, h2, (A, B), (MA, MB) C : h3 = H (C, h2) MC = MACKCtiM, h3, (A, B, C), (MA, MB) C   : M, h3, (A, B, C), (MA, MB, MC) Finally, D checks validity of request by checking whether keys are disclosed, and hash chain consistent RC* = <M, h3, (A, B, C), (MA, MB, MC)> RF* = <M, h’3, (A, B, F), (MA, MB, MF)> RG* = <M, h’4, (A, B, C, G), (MA, MB, MC, MG)> CDA6938

  21. F S A B C D G E Route Discovery Route Reply M = Reply, D, S, ti , (A, B, C), (MA, MB, MC) D : MD = MACKDS(M) D  C : M, MD, () C  B : M, MD, (KCti) B  A : M, MD, (KCti, KBti) A  S : M, MD, (KCti, KBti, KAti) RDC = <M, MD, ()> RCB = <M, MD, (KCti)> RBA = <M, MD, (KCti, KBti)> RAS = <M, MD,(KCti, KBti, KAti)> RAS RBA RCB Finally, S verifies each key in key list, target MAC, each MAC in MAC list RDC CDA6938

  22. SEAD: Secure Efficient Ad Hoc Distance Vector • Based on DSDV (Destination-Sequenced Distance-Vector) ad hoc routing protocol • Overcomes attackers creating incorrect routing state • Using one-way hashing chain and sequence number • Authenticating Routing Updates CDA6938

  23. Secure AODV (Ad Hoc On-demand Distance Vector) Routing Protocol • ARAN: Authenticated Routing for Ad Hoc Networks • Each node has a certificate signed by a trusted authority • On-Demand Routing with route discovery and maintenance • Record next hop and when unavailable it initiate route maintenance CDA6938

  24. Secure AODV • SAODV • Add signature extensions to AODV • Use hash chain to confirm each hop • Allow a route reply double signature extension (RREP-DSE) from intermediate node. CDA6938

  25. Secure Link-State Routing • Digital signatures and one way hash chains • Updates through the Neighbor Lookup Protocol (NLP) • Hash chains used to authenticate hop count • Limited hops when LS update • Lightweight flooding prevention CDA6938

  26. Reputation Based Systems • Require underlying secure routing protocol • Four components of Confidant: monitor, trust monitor, reputation system, and path manager. • Using Weight list • List of links with cost metric associated with each link • Protect route from existing attacker CDA6938

  27. Discussions • Strengths of the paper • Discuss possible attacks • Presents an attacker model • Presents state-of-art secure wireless ad hoc routing techniques • Weaknesses of the paper • A more complete model of possible attacks would let the protocol designers evaluate the security of their routing protocols. • Not discuss how to improve performance efficiency • Future work • Model secure routing problems • Design routing protocols that have strong security as well as good performance CDA6938

  28. Thank You Q&A CDA6938

More Related