490 likes | 770 Views
CSE 6007 Mobile Ad Hoc Wireless Networks. Unit III Topic 20-22 Transport Layer Protocol for Ad Hoc Wireless Networks Department of Computer Science and Engineering Kalasalingam University. Outline. Introduction Topic 23 : Security in Ad Hoc Wireless Networks
E N D
CSE 6007 Mobile Ad Hoc Wireless Networks Unit III Topic 20-22 Transport Layer Protocol for Ad Hoc Wireless Networks Department of Computer Science and Engineering Kalasalingam University
Outline • Introduction • Topic 23 : Security in Ad Hoc Wireless Networks • Network Security Requirements, Issues and Challenges in Security Provisioning, Network Security Attacks, Key Management • Topic 24 : Secure Routing in Ad Hoc Wireless Networks • Requirements of a secure routing protocol for ad hoc wireless networks – Security Aware Ad Hoc Routing Protocol, Secure Efficient Ad Hoc Distance Vector Routing Protocol, Authenticated Routing for Ad Hoc Networks, Security-Aware AODV Protocol
Security in Ad Hoc Wireless Networks A security protocol should meet following requirements • Data confidentiality/secrecy is concerned with ensuring that data is not exposed to unauthorized users. • Data integrity means that unauthorized users should not be able to modify any data without the owner's permission. • System availability means that nobody can disturb the system to have it unusable. • Authentication is concerned with verifying the identity of a user. • Non-repudiation means that the sender cannot deny having sent a message and the recipient cannot deny have received the message.
Security in Ad Hoc Wireless Networks Issues and challenges in security provisioning • Shared broadcast radio channel: The radio channel in ad hoc wireless networks is broadcast and is shared by all nodes in the network. • Insecure operational environment: The operating environments where ad hoc wireless networks are used may not always be secure. For example, battlefields. • Lack of central authority: There is no central monitor in ad hoc wireless networks. • Lack of association: A node can join and leave the network at any point. • Limited resource availability: Resources such as bandwidth, battery power, and computational power are scarce. • Physical vulnerability: Nodes in these networks are usually compact and hand-held in nature.
Network Security Attacks • Attacks on ad hoc wireless networks can be classified into two broad categories, namely, passive and active attacks. • A passive attack does not disrupt the operation of the network; the adversary snoops the data exchanged in the network without altering it. Here, the requirement of confidentiality can be violated if an adversary is also able to interpret the data gathered through snooping. Detection of passive attacks is very difficult since the operation of the network itself does not get affected. One way of overcoming such problems is to use powerful encryption mechanisms to encrypt the data being transmitted, thereby making it impossible for eavesdroppers to obtain any useful information from the data overheard.
Network Security Attacks • An active attack attempts to alter or destroy the data being exchanged in the network, thereby disrupting the normal functioning of the network. Active attacks can be classified further into two categories, namely, external and internal attacks. • External attacks are carried out by nodes that do not belong to the network. These attacks can be prevented by using standard security mechanisms such as encryption techniques and firewalls. • Internal attacks are from compromised nodes that are actually part of the network. Since the adversaries are already part of the network as authorized nodes, internal attacks are more severe and difficult to detect when compared to external attacks.
Network Security Attacks Security Attacks Active Attacks Passive Attacks Snooping MAC Layer Attacks Network Layer Attacks Other attacks Transport Layer Attacks Application Layer Attacks Wormhole attack Session hijacking Jamming Repudiation DoS Impersonation Blackhole attack Manipulation of network traffic Byzantine attack Information disclosure Device tampering Resource consumption attack Routing attacks
Network Security Attacks Network Layer Attacks • Wormhole attack: an attacker receives packets at one location in the network and tunnels them to another location in the network. • Blackhole attack: A malicious node could divert the packets. • Byzantine attack: A compromised intermediate node could create routing loops. • Information disclosure: A compromised node may leak confidential infomration to unauthorized nodes in the network. • Resource consumption attack: A malicious node tries to consume/waste away resources of other nodes present in the network. • Routing attacks • Routing table overflow: An adversary node advertises routes to non-existent nodes. • Routing table poisoning: The compromised nodes send fictitious routing updates. • Packet replication: An adversary node replicates stale packets. • Route cache poisoning: Each node maintains a route cache that can be poisoned by a adversary node. • Rushing attack: On-demand routing protocols that use duplicate suppression during the route discovery process are vulnerable to this attack.
Wormhole Attack • Tunnel packets received in one place of the network and replay them in another place • The attacker can have no key material. All it requires is two transceivers and one high quality out-of-band channel
Disrupted Routing • Most packets will be routed to the wormhole • The wormhole can drop packets or more subtly, selectively forward packets to avoid detection
Byzantine Attack - Once upon a time... Some of them may be traitors who will try to confuse the others • Communicating only by messenger • Generals must agree upon a common battle plan The pictures are taken from: R. Goscinny and A. Uderzo, Asterix and Latraviata.
Byzantine Generals Problem & Impossible Results • Find an algorithm • To ensure that the loyal generals will reach agreement • A small number of traitors cannot cause the loyal generals to adopt a bad plan • Remodeled as a commanding general sending an order to his lieutenants • IC1: All loyal generals get same result • IC2: If commander is loyal, all loyal generals follow his choice • No solution will work unless there are more than 2/3 loyal ones
Commander Attack Attack He said retreat Lieutenant 2 (Traitor) Lieutenant 1 Example: Poor Lieutenant 1’s Dilemma Commander (Traitor) Retreat Attack • IC1 violated ! The two situations are identical to me! He said retreat Lieutenant 2 Lieutenant 1 • Attack • Retreat
Solutions • Solution 1: Using Oral Messages • Solution 2: Using Signed Messages
Attacks on routing protocols (1/2) • general objectives of attacks • increase adversarial control over the communications between some nodes; • degrade the quality of the service provided by the network; • increase the resource consumption of some nodes (e.g., CPU, memory, or energy). • adversary model • insider adversary • can corrupt legitimate nodes • the attacker is not all-powerful • it is not physically present everywhere • it launches attacks from regular devices 2. Attacks on ad hoc network routing protocols
Attacks on routing protocols (2/2) • attack mechanisms • eavesdropping, replaying, modifying, and deleting control packets • fabricating control packets containing fake routing information (forgery) • fabricating control packets under a fake identity (spoofing) • dropping data packets (attack against the forwarding function) • wormholes and tunneling • rushing • types of attacks • route disruption • route diversion • creation of incorrect routing state • generation of extra control traffic • creation of a gray hole 2. Attacks on ad hoc network routing protocols
Route disruption • the adversary prevents a route from being discovered between two nodes that are otherwise connected • the primary objective of this attack is to degrade the quality of service provided by the network • the two victims cannot communicate, and • other nodes can also suffer and be coerced to use suboptimal routes • attack mechanisms that can be used to mount this attack: • dropping route request or route reply messages on a vertex cut • forging route error messages • combining wormhole/tunneling and control packet dropping • rushing 2. Attacks on ad hoc network routing protocols
Route diversion • due to the presence of the adversary, the protocol establishes routes that are different from those that it would establish, if the adversary did not interfere with the execution of the protocol • the objective of route diversion can be • to increase adversarial control over the communications between some victim nodes • the adversary tries to achieve that the diverted routes contain one of the nodes that it controls or a link that it can observe • the adversary can eavesdrop or modify data sent between the victim nodes easier • to increase the resource consumption of some nodes • many routes are diverted towards a victim that becomes overloaded • degrade quality of service • by increasing the length of the discovered routes, and thereby, increasing the end-to-end delay between some nodes • route diversion can be achieved by • forging or manipulating routing control messages • dropping routing control messages • setting up a wormhole/tunnel 2. Attacks on ad hoc network routing protocols
Creation of incorrect routing state • this attack aims at jeopardizing the routing state in some nodes so that the state appears to be correct but, in fact, it is not • data packets routed using that state will never reach their destinations • the objective of creating incorrect routing state is • to increase the resource consumption of some nodes • the victims will use their incorrect state to forward data packets, until they learn that something goes wrong • to degrade the quality of service • can be achieved by • spoofing, forging, modifying, or dropping control packets 2. Attacks on ad hoc network routing protocols
Generation of extra control traffic • injecting spoofed control packets into the network • aiming at increasing resource consumption due to the fact that such control packets are often flooded in the entire network 2. Attacks on ad hoc network routing protocols
Setting up a gray hole • an adversarial node selectively drops data packets that it should forward • the objective is • to degrade the quality of service • packet delivery ratio between some nodes can decrease considerably • to increase resource consumption • wasting the resources of those nodes that forward the data packets that are finally dropped by the adversary • implementation is trivial • adversarial node participates in the route establishment • when it receives data packets for forwarding, it drops them • even better if combined with wormhole/tunneling 2. Attacks on ad hoc network routing protocols
The Rushing Attack • On-demand routing protocols use duplicate suppression at each node: first ROUTE REQUEST that reaches a node is considered legitimate, next are discarded (all have the same identifier, higher identifiers denote new requests) • Attacker scatters RREQ quickly throughout the network suppressing any later legitimate RREQ • Initiator will be unable to discover any usable routes containing at least two hops • An effective denial-of-service attack
Why is the Attack Possible? • An attacker can send faster, by avoiding the delays that are part of the design of both routing and MAC (802.11b) protocols. • Why Delay in ROUTE REQUEST forwarding ? • In a MAC protocols using time division • On-demand protocols generally specify a delay • Remove these delays at both the MAC and routing layers? - more collisions • Attacker can send at a higher wireless transmission level • An attacker can take advantage of a wormhole, to create flood rushing attacks, use the wormhole to rush the packets ahead of the normal flow
Rushing Attack D S
RREQ RREP Rushing Attack [Hu,Perrig,Johnson 2003] • RREQ forwarding • Rushing attackers disobey delay (MAC/routing/queuing) requirements& w/ higher prob., are placed on RREP / DATA path • Low-cost: feasible as long as capable of intercepting & forwarding dest source
Rushing Attack Example • A sends a ROUTE REQUEST
Rushing Attack Example • A sends a ROUTE REQUEST • B forwards the REQUEST without checking the signature, or otherwise rushes the REQUEST
Rushing Attack Example • A sends a ROUTE REQUEST • B forwards the REQUEST without checking the signature, or otherwise rushes the REQUEST • C correctly processes the REQUEST, and forwards it later as a result
Rushing Attack Example • A sends a ROUTE REQUEST • B forwards the REQUEST without checking the signature, or otherwise rushes the REQUEST • C correctly processes the REQUEST, and forwards it later as a result • Since D has already heard a REQUEST from this discovery, D discards the REQUEST
Rushing Attack Example • B rushes the REQUEST • C forwards it later • Since D has already heard a REQUEST from this discovery, D discards the REQUEST • A discovers a path through B because B rushed the REQUEST
Rushing Attack Example Route discovery process under no attack B C Route Query A E Route Query Route Query Route Reply D
Rushing Attack Example Route discovery process under attack Attacker Attacker B C Route Query Route Reply A E Route Query Route Query D
Network Security Attacks Transport Layer Attacks • Session hijacking: An adversary takes control over a session between two nodes. Application Layer Attacks • Repudiation: Repudiation refers to the denial or attempted denial by a node involved in a communication. Other Attacks • Multi-layer attacks could occur in any layer of the network protocol stack. • Denial of service: An adversary attempts to prevent authorized users from accessing the service. • Jamming: Transmitting signals on the frequency of senders and receivers to hinder the communication. • SYN flooding: An adversary send a large number of SYN packets to a victim node. • Distributed DoS attack: Several adversaries attack a service at the same time. • Impersonation: An adversary pretends to be other node. • Device tampering: Mobile devices get damaged or stolen easily.
Key Management • Cryptography is one of the most common and reliable means to ensure security. • The purpose of cryptography is to take a message or a file, called the plaintext (P), and encrypt it into the ciphertext (C) in such a way that only authorized people know how to convert it back to the plaintext. • The secrecy depends on parameters to the algorithms called keys. • The four main goals of cryptography are confidentiality, integrity, authentication, and non-repudiation. • Usually, the encryption method E is made public, but let the encryption as a whole be parameterized by means of a key k (same for decryption). • Three types of intruders: • Passive intruder only listens to messages. • Active intruder can alter messages. • Active intruder can insert messages.
Key Management Approaches • Key predistribution: Keys are distributed to all participants before the communication. • Key transport: Keys are generated in one communication entity and transported to all participants. • Key arbitration: Keys are created and distributed by a central arbitrator to all participants. • Key agreement: Participants agree on a secret key for the further communications. • While keys are encrypted by key encryption keys (KEKs), data traffic is encrypted by traffic encryption keys (TEKs).
Key Management in Ad Hoc Wireless Networks • Password-based Group Systems • A long string is given as the password for users for one session. • A strong key is derived from the weak passwords given by the participants. • It could be for two-party or for the whole group with a leader. • Threshold Cryptography • Public key infrastructure (PKI) enables the easy distribution of keys and is a scalable method. Each node has a public/private key pair, and a certifying authority (CA) can be bind the keys to the particular node. • A scheme based on threshold cryptography by which n servers exist out of which any (t + 1) servers can jointly perform any arbitration or authorization successfully, but t server cannot perform the same. So up to t compromised severs can be tolerated. • Self-Organized Public Key Management for Mobile Ad Hoc Networks • The users issue certificates to each other based on personal acquaintance. • A certificate is a binding between a node and its public key and issued for a specific period of time.
Secure Routing in Ad Hoc Wireless Networks • Requirements of a secure routing protocol for ad hoc wireless networks • Detection of malicious nodes • Guarantee of correct route discovery • Confidentiality of network topology • Stability against attacks • Secure routing protocols: • Security-aware ad hoc routing protocol (SAR) uses security as one of the key metrics in path finding. SAR defines level of trust as a measure for routing establishment. • Secure efficient ad hoc distance vector routing protocol (DSDV) uses a one-way function hash function and is designed to overcome DoS. • Authenticated routing for ad hoc networks (ARAN) is based on cryptographic certificates.