1 / 23

Ariadne: A Secure On-Demand Routing Protocol for Ad hoc Network

Ariadne: A Secure On-Demand Routing Protocol for Ad hoc Network. Y. Hu, A. Perrig, D. B. Johnson Presenter: Attaphongse Taparugssanagorn Instructor: Pomalaza-R á ez Carlos. Contents. Attacker models Brief introduction of DSR Time Efficient Stream Loss – Tolerant Authentication (TESLA)

johnnelson
Download Presentation

Ariadne: A Secure On-Demand Routing Protocol for Ad hoc Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ariadne: A Secure On-Demand Routing Protocol for Ad hoc Network Y. Hu, A. Perrig, D. B. Johnson Presenter: Attaphongse Taparugssanagorn Instructor: Pomalaza-Ráez Carlos

  2. Contents • Attacker models • Brief introduction of DSR • Time Efficient Stream Loss –Tolerant Authentication (TESLA) • Route Discovery and Maintenance in Ariadne • Ariadne evaluation by simulation • Conclusions

  3. Attacker Model • Passive VS. Active • Passive : only eavesdrops on the network • Threats against privacy/anonymity • Active : injects packets as well as eavesdrops • Active-n-m attacker • Compromises n good nodes and owns m nodes in the network • Attacker have all keys of compromised nodes and distributes it among all its nodes

  4. Attacks on Ad Hoc Network Routing Protocols • Routing disruption attacks • cause legitimate packet to be routed in dysfunctional ways, e.g. forge routing packets to create routing loop, black hole or blackmail a good node • Resource consumption attacks • injects extra packets to consume resources such as bandwidth or computational resources

  5. Basic Operations in Dynamic Source Routing (DSR) • Route Discovery • Initiator transmits Route Request as a local broadcast • Intermediate node either discards it or appends its own address and rebroadcasts the request • Target sends Route Reply back to initiator • Route Maintenance • Based on source routing • If no confirmation after limited number of retransmissions, the node returns Route Error • Sender removes broken link, either uses other route or initiate Route Discovery

  6. Overview of TESLA • Broadcast authentication protocol to authenticate routing messages • only one MAC (Message Authentication Code) • asymmetric primitive by clock synchronization and delayed key disclosure • each sender chooses random initial key KN, generates one-way key chain as Ki = H (Ki+1) =H N-i (KN) • Schedule for disclosing keys • each sender pre-determines the schedule (picks Ki which will not be disclosed until Ti = T0 + i t passes and add MAC using Ki to the packet) • Receiver can determine which key is disclosed and discard the packet if the key has been published Key publication interval

  7. F F Ki-1 Ki Ki+1 F’ F’ F’ K’i K’i-1 K’i+1 Pi-1 Pi Pi+1 Mi-1 Ki-2 Di-1 Mi Ki-1 Di Mi+1 Ki Di+1 MAC(K’i+1, Di+1) MAC(K’i, Di) MAC(K’i-1, Di-1) Can be authenticated after reception of Pi+2 Authenticated Authenticated disclose and allows the receiver to verify is correct, then compute and check the authenticity of by verifying the MAC of Time Overview of TESLA

  8. Ariadne • Notations • A, B : communicating nodes • KAB, KBA : secret MAC keys between A and B • MACKAB (M) : MAC of message M using MAC key KAB • Data Authentication - Initiator authenticates nodes in Route Reply - Target authenticates nodes in Route Request and return only legitimate paths - TESLA, digital signatures, standard MACs

  9. Ariadne Route Discovery (TESLA) • Assumptions • Every pair A, B share MAC key KAB, KBA • Every node has a TESLA one-way key chain • All nodes know authentic key of every node • 2 stages of Route Discovery • Initiator floods Route Request • Target returns Route Reply

  10. Ariadne Route Discovery (TESLA) • Route Request Packet • <Route Request, initiator, target, id, time interval, hash chain, node list, MAC list> • Initiator initializes hash chain to MACKSD(initiator, target, id, time interval) • Non-target node A checks <initiator, id> and checks time interval • Time interval : must not be too far in the future and key corresponding to it must not be disclosed yet • If all conditions hold, A appends its address to node list, replaces hash chain with H[A, hash chain], appends MAC of entire Request with TESLA key KAi to MAC list • Otherwise the request will be discarded

  11. Ariadne Route Discovery (TESLA) • Target checks validity of Request ( determining that the keys from time interval have not been disclosed yet and that hash chain is correct) • If request is valid, target returns a Route Reply • Route Reply Packet • <Route Reply, target, initiator, time interval, node list, MAC list, target MAC, key list> • Sent to initiator along the route in node list • Forwarding node waits and append its key • Initiator verifies each key in key list, target MAC, each MAC in MAC list

  12. Ariadne Route Discovery (TESLA) Route Request Route to be found: S A B C D M = Request, S, D, id, ti S : h0 = MACKSD(M) S   : M, h0, (), () A : h1 = H (A, h0) MA = MACKAtiM, h1, (A), () A   : M, h1, (A), (MA) B : h2 = H (B, h1) MB = MACKBtiM, h1, (A, B), (MA) B   : M, h2, (A, B), (MA, MB) C : h3 = H (C, h2) MC = MACKCtiM, h3, (A, B, C), (MA, MB) C   : M, h3, (A, B, C), (MA, MB, MC) Route Reply M = Reply, D, S, ti , (A, B, C), (MA, MB, MC) D : MD = MACKDS(M) D  C : M, MD, () C  B : M, MD, (KCti) B  A : M, MD, (KCti, KBti) A  S : M, MD, (KCti, KBti, KAti)

  13. Ariadne Route Maintenance • issue Route Error when delivery to next hop fails after a limited number of attempts • to prevent unauthorized node from sending Errors, sender authenticates Errors • Route Error Packet • <Route Error, sending address, receiving address, time interval, error MAC, recent TESLA key>

  14. Ariadne Route Maintenance • Intermediate node • Forwards the packet and searches its route cache for all routes that use <sending address, receiving address> • If such routes exist, checks validity of time interval • If valid, checks authentication of the Error • Until authentication, saves Error info in memory until a key is disclosed and uses routes in route cache • If authenticated, removes all such routes

  15. Security Analysis Active-0-x attacker • Shared secret key limits the attackers to replaying messages since they can only do the normal functions, they cannot have these mutually shared keys to the other nodes -> It will be detected, if they try to send a fake message Active-1-x attacker • If it tries to replace the MAC and the keys, it will be detected as a result of the target MAC in the Route Reply Active-y-x attacker • If it alters the data in the Route Request, the destination will detect the alteration by using the shared key and a MAC on the data and reject that route

  16. Ariadne Evaluation (simulation) • ns-2 simulator for evaluation w/o attackers • Two-ray ground reflection radio propagation model • Compared Ariadne + TESLA and DSR-NoOpt (disabled all optimizations not in Ariadne) • Each node moves according toRandom waypoint movement model

  17. Ariadne Evaluation (simulation)

  18. Ariadne Evaluation (simulation) • Since Route Discovery operates more slowly, packet are more likely time out waiting for a Route Reply • With half-second delay between receiving Request and sending Reply, Ariadne can test link twice for short-lived route, this confirms that Ariadne can fine more stable routes than DSR-Noopt PDR: the fraction of data packets sent that are received at the destination node

  19. Ariadne Evaluation (simulation) • Consistently lower routing packet overhead because Ariadne tends to find more stable routes than DSR-NoOpt, reducing number of Route Errors sent

  20. Ariadne Evaluation (simulation) • Due to authentication overhead, byte overhead is worse than DSR or DSR-NoOpt

  21. Ariadne Evaluation (simulation) • Due to reduced no of broken links used in Ariadne, Ariadne has better latency than DSR-NoOpt Latency: the time when a packet is sent to when it is received at its destination

  22. Conclusions • Secure against attackers • Efficient symmetric cryptography • Discover routes only as needed -> on demand • Generally better than DSR without optimization • Source routing fits secure ad hoc network routing better than other routings • Sender can circumvent potentially malicious nodes • Sender can authenticate every node in Route Reply

  23. Thanks and Questions ?

More Related