260 likes | 371 Views
Detecting and Evading Wormholes in Mobile Ad-hoc Wireless Networks. Asad Amir Pirzada and Chris McDonald. Outline. Introduction Previous Work Dynamic Source Routing (DSR) Wormhole Creation Trust Model Wormhole Detection and Evasion Conclusion Comment.
E N D
Detecting and Evading Wormholes in Mobile Ad-hoc Wireless Networks Asad Amir Pirzada and Chris McDonald
Outline • Introduction • Previous Work • Dynamic Source Routing (DSR) • Wormhole Creation • Trust Model • Wormhole Detection and Evasion • Conclusion • Comment
Introduction–Mobile ad-hoc wireless networks Malicious nodes • Improvised and insecure environments • Malicious nodes may participate to snoop or sabotage. • Passive attacks: eavesdeop on packet contents • Active attacks: imitate, drop or modify legitimate packets • Wormhole attacks:Two or more malicious colluding nodes create a higher level virtual tunnel in the network to conduct a variety of attacks. • In this paper present a novel trust-based scheme without engaging any cryptographic means.
Introduction—Ad-hoc network • Built by wireless nodes • limited transmission range and battery power • Seek the assistance of its neighbouring nodes in forwarding packets. • Routing protocol • Require persistent cooperative behaviour • Each node acts like a mobile router. • Two kinds of routing protocol • Reactive:try to save battery power by discovering routes when they are essentially required • Proactive:establish and maintain routes to avoid the latency continuously
Introduction—Ad-hoc network • Secure routing protocols • Managed ad-hoc networks Permit configuration of the nodes with encryption keys and certificates • Pure ad-hoc networks No a priori knowledge of their future setup
Previous Work A Defense against Wormhole Attacks in Wireless Networks(2003) Packet Leash, detect and defend against wormhole attacks SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks(2003) SECTOR, the Secure Tracking of Node Encounters in Multi-hop Wireless Networks Visualization of Wormholes in Sensor Networks(2004) MDS-VOW, the Multi-Dimensional Scaling Visualization of Wormhole DSR , the Dynamic Source Routing Protocol for Mobile Ad Hoc Networks Using Directional Antennas to Prevent Wormhole Attacks(2004) Directional Antennas, using directional antennae to detect Wormhole attacks DSR , the Dynamic Source Routing Protocol for Mobile Ad Hoc Networks
Previous Work • Packet Leash • A mechanism to detect and defend against wormhole attacks. • Two types of leashes: • Geographic Leash • Each node knows its precise position and all nodes have a loosely synchronized clock. • Temporal Leash • All nodes are required to maintain a tightly synchronised clock.
Previous Work–Geographic Leash Packets + current position + transmission time • Compute the distance and the received packets time • Check a wormhole by time and distance • Know its precise position • All nodes have a loosely synchronized clock. All nodes can obtain an authenticated symmetric key of every other node.
Previous Work–Temporal Leash Packets + transmission time • Compare the time to local time (assume propagation speed is equal to the speed of light) • Compute the distance to the sender • Able to detect the wormhole • All nodes maintain a tightly synchronized clock. All nodes can obtain an authenticated symmetric key of every other node.
Previous Work–SECTOR(Secure Tracking of Node Encounters in Multi-hop Wireless Networks) • A set of mechanisms to prevent wormhole attacks without requiring any clock synchronization or location information • Use a distance-bounding protocol(Mutual Authentication with Distance-bounding; MAD) to determine the distance between any two communicating parties. • Assume: Each node is equipped with a special hardware transceiver module to perform two bits XOR operation. • Use message authentication codes (MAC) secured using pairwise secret keys • Provide the receiver with the exact distance to a sender
Previous Work–Directoinal Antennas • All nodes share their directional information to prevent wormhole attacks. • Messages from a non-neighbour are discarded.
Previous Work–MDS-VOW • MDS-VOW (Multi-Dimensional Scaling Visualisation of Wormhole) • To detect wormholes in sensor networks • Not require any special hardware such as positioning devices, synchronised clocks or directional antennas • Adopt social science, computer graphics, and scientific visualization (1)Estimate the distance (the received signal strength) immediate neighbours (2)sent the distances Centralized controller
Dynamic Source Routing(DSR) • DSR • A reactive routing protocol • IP source routing • Route discovery: the source node broadcasts a ROUTE REQUEST packet Broadcast a ROUTE REQUEST packet (unique identification number, the target node address) ROUTE REPLY packet (list of nodes) Recipient node target node
Wormhole Creation • A wormhole created by three ways • Tunneling of packets above the network layer • Long range tunnel using high power transmitters • Tunnel creation via external wired infrastructure Tunneling of packets above the network layer • Dispatch to the colluding node modify all received packets( Encapsulate in a higher layer protocol) packets collude node recipient malicious node target node
Wormhole Creation • Long range tunnel using high power transmitters • Tunnel creation via external wired infrastructure • Dispatch through the network nodes modify all received packets( Encapsulate in a higher layer protocol) packets recipient malicious node collude node target node
Wormhole Creation The colluding nodes (M1, M2) are not the immediate neighbors of the source (S) and destination (D) node.
Trust Model–an effort-return based trust model Txy = Pp PA packets packets neighbouring node malicious node x y target node • Integrity checkssuccess: trust counter increase fail: trust counter decrease • Txy = Pp PA: the direct trust in a node y by node x • Pp [0, 1] the existence or absence of a wormhole through node y • PA: preserve a count of the number of packets that have been forwarded by a node • Each node executing the trust model monitor their participation in the packet forwarding mechanism • Integrity checkssuccess: trust counter increase fail: trust counter decrease • Txy = Pp PA: the direct trust in a node y by node x • Pp [0, 1] the existence or absence of a wormhole through node y • PA: preserve a count of the number of packets that have been forwarded by a node Each node executing the trust model monitor their participation in the packet forwarding mechanism
Wormhole Detection packets packets neighboring node malicious node target node • Before transmitting the packet buffers the DSR Source Route header • After transmitting the packet place its wireless interface into the promiscuous mode for the Trust Update Interval (TUI) • Check wormhole:(1) retransmission: compare packet’s DSR Source Route header in buffer if the same packet increase PA for the neighbor(2) integrity check • if Salvage field = 0 (not call for a new route discovery) Pp = false (no wormhole) (3) No retransmission is heard and TUI has exceeded. reduce PA and clear the DSR Source Route buffer
Wormhole Evasion (3) Initiating a new route discovery ROUTE REQUEST packet propagated(unavailability of a route from the cache) destination node target node (1) Scan cache for routing (2) A route in the cache execute the Dijakstra algorithm (return the shortest path in terms of number of hops) (4) LINK CACHE scheme the default cost of each link = 1 (uniform spread of the inter-node trust levels) wormhole the cost of the link = ∞
Conclusions • Wormholes in an ad-hoc network is still a challenging task. • The authors derive trust levels in neighboring nodes based on their sincerity in execution of the routing protocol.
Comments • If the neighboring node is broken down failing to forward the packets, this node will be regarded as malicious node permanently.
A P Ad hoc packets packets neighbouring node malicious node target node • The meaning of ad hoc • In Latin, ad hoc "for this," "for this purpose only," temporary. • A kind of network where stations or devices communicate directly and not via an access point. • Wireless infrastructure does not exist. • A mobile ad-hoc network (MANET) • a self-configuring network of mobile routers (and associated hosts) connected by wireless links—the union of which form an arbitrary topology. • The routers are free to move randomly and organize themselves arbitrarily; thus, the network's wireless topology may change rapidly and unpredictably. • Advantage: rapid deployment and low cost of operation • Applications: military or police network, a natural disaster(flood, earthquake …)
Wormholes Wormhole link (via a wireline, a long-range wireless transmission, or a optical link) • Solutions: • Time-based methods • Cryptography • Exploiting location information
Wormholes • Wormhole threat against network protocol: • Node s2: update and broadcast its routing table entries (s2, s9) • Node s2 Node {s8, s10, s11, s12} only two hops via s9 • Neighbors of s2 adjust their routing tables. {s1, s3, s4, s5, s7} route via s2 to reach nodes {s9, s10, s11, s12}. • Attacker Node s2 can redirect and observe a large amount of traffic. • Attacker Node s2 can trigger a denial-of-service (DoS) attack.
Wormholes • Byzantine attacks: • Black hole, flood rushing, wormhole and overlay network wormhole • Black hole: All packets are dropped.
Integrity check • In the DSR Source Route option: • Salvage field = 0 a new route discovery by the source node • Salvage field <> 0 contain a working route to forward (integrity check pass)