290 likes | 680 Views
Security for the Optimized Link-State Routing Protocol for Wireless Ad Hoc Networks. Stephen Asherson Computer Science MSc Student DNA Lab. Outline. Wireless Ad hoc Networks Wireless Ad hoc Routing Protocols OLSR Routing Protocol Security of Wireless Networks
E N D
Security for the Optimized Link-State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab
Outline • Wireless Ad hoc Networks • Wireless Ad hoc Routing Protocols • OLSR Routing Protocol • Security of Wireless Networks • Security of Ad hoc Routing Protocols • MSc Project • Security for the OLSR Routing Protocol • Implementation and Testing
Wireless Ad hoc Networks(1) • Conventional wireless networks consist of wireless clients talking to an Access Point (AP) • Wireless Ad hoc networks are decentralised • Dynamic, nodes can join and leave at any time • Nodes communicate directly with other nodes in wireless range • Out-of-range nodes are reached via intermediate nodes in a multi-hop nature
Wireless Ad hoc Networks(2) Regular Wireless Network Wireless Ad hoc Network
Wireless Ad hoc Networks(3) • If node A needs to reach node B, how does A know which path leads to B? • This is the responsibility of an Ad hoc Routing Protocol
Wireless Ad hoc Routing Protocols(1) • Nodes out of range communicate via intermediate nodes • Serve as routers • Perform data forwarding • Several routes may exist between any two nodes • A simple data multicast approach would work • Highly inefficient • Waste of network resources
Wireless Ad hoc Routing Protocols(2) • Ad hoc routing protocols attempt to discover optimal routes to all nodes • There is a large classification of wireless ad hoc routing protocols • Classified in two main categories • Table-Driven (Proactive) • On-Demand (Reactive)
Wireless Ad hoc Routing Protocols(3) • Proactive Protocols • Rely on constant communications with other nodes to maintain an overview of networks routes • High overhead; Readily available routes • Reactive Protocols • Initiate route discovery only when a route to a node is required • More efficient; Delay in establishing route
The OLSR Routing Protocol(1) • The Optimized Link-State Routing (OLSR) protocol is a proactive routing protocol for wireless ad hoc networks • OLSR consists of the following main tasks: • Link and Neighbour detection • Multi-Point Relay Selection • Topology information diffusion
The OLSR Routing Protocol(2) • Link and neighbour detection through periodic emission of “Hello” messages • Topology information is diffused using topology control (TC) messages via multi-point relay nodes
The OLSR Routing Protocol(3) • Generic Packet Format
The OLSR Routing Protocol(4) • Messages are processed and transmitted from source to destination independently of one another • The generic OLSR packet is simply a point-to-point carrier for the messages between two immediate neighbours
Security in Wireless Networks(1) • Wireless networks are highly vulnerable due to the open nature of the technology • Authenticity, confidentiality, and integrity mechanisms are essential • Eavesdropping • Spoofing • Data modification
Security in Wireless Networks(2) • The IEEE 802.11i standard is a security amendment for the IEEE 802.11 wireless standard • IEEE 802.11i specifies the security mechanisms offered in the Medium Access Control (MAC) layer • Point-to-point security association between two entities
Security in Wireless Networks(3) • In a multi-hop environment, MAC layer security is not enough • End to end security may require security mechanisms employed higher up in the stack
Security of Ad hoc Routing Protocols(1) • Ad hoc routing protocols are generally designed with efficiency as a priority • Security adds overhead • Security is often neglected in the initial design • There is an implicit assumption that nodes are trustworthy
Security in the OLSR Protocol(1) • The project aim • Incorporate end to end security mechanisms for each control message • Authentication • Integrity • Replay protection – timestamps • Mutable field protection • Optional encryption/decryption of OLSR packets between neighbouring points
Security in the OLSR Protocol(2) • Application level security
Security in the OLSR Protocol(3) • Security-aware OLSR control message
Signature Schemes • Two signature schemes have been used in the implementation • Shamir’s Identity-based scheme • One-time Signature scheme known as Hash to Obtain Random Subset(HORS) • Aim was to perform a comparison of the two schemes when used to sign OLSR messages
Shamir’s Identity-based scheme • Based on RSA public key system • Like RSA, is computationally expensive • A user’s public key is derived from public knowledge of the user, such as it’s IP address or email address • Prevents the need for public key distribution amongst nodes
Hash To Obtain Random Subset(HORS) one-time signature scheme • Based on the use of one-way functions • Fast and efficient signature creation and verification • Public/Private key pair limited to a few signatures • Large key and signature sizes • Public key distribution complexities
Implementation and Testing • Signature schemes and security extension implemented in C • OLSRd implementation from www.olsr.org • Test the overhead incurred by the security • Traffic, delay, and processing overhead • Delay in route establishment • Testing will be done on 10 node indoor wireless testbed
The End Thank you!