Mobile Ad hoc Network: Secure Issues In Multi-Hop Routing Protocols

Slides:



Advertisements
Similar presentations
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Advertisements

1 A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks By Lei Chen.
A Survey of Secure Wireless Ad Hoc Routing
NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Multicasting in Mobile Ad-Hoc Networks (MANET)
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
© Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 7: Secure routing in multi-hop.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Routing Security in Ad Hoc Networks
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
ITIS 6010/8010: Wireless Network Security Weichao Wang.
Ad Hoc Wireless Routing COS 461: Computer Networks
ENHANCING AND EVALUATION OF AD-HOC ROUTING PROTOCOLS IN VANET.
Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester.
Secure routing in multi-hop wireless networks (II)
Itrat Rasool Quadri ST ID COE-543 Wireless and Mobile Networks
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #3 Mobile Ad-Hoc Networks AODV Routing.
Mobile Routing protocols MANET
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Mobile Adhoc Network: Routing Protocol:AODV
Routing in Ad Hoc Networks Audun Søberg Henriksen Truls Becken.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Security in Mobile Ad Hoc Networks (MANETs) Group : ►NS. Farid Zafar Sheikh ►NS. Muhammad Zulkifl Khalid ►NS. Muhammad Ali Akbar ►NS. Wasif Mehmood Awan.
Ad-hoc On-Demand Distance Vector Routing (AODV) and simulation in network simulator.
Shambhu Upadhyaya 1 Ad Hoc Networks Routing Security Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 19)
A survey of Routing Attacks in Mobile Ad Hoc Networks Bounpadith Kannhavong, Hidehisa Nakayama, Yoshiaki Nemoto, Nei Kato, and Abbas Jamalipour Presented.
Routing Protocols of On- Demand Dynamic Source Routing (DSR) Ad-Hoc On-Demand Distance Vector (AODV)
Ad Hoc Routing: The AODV and DSR Protocols Speaker : Wilson Lai “Performance Comparison of Two On-Demand Routing Protocols for Ad Hoc Networks”, C. Perkins.
Security in Ad Hoc Networks. What is an Ad hoc network? “…a collection of wireless mobile hosts forming a temporary network without the aid of any established.
Traditional Routing A routing protocol sets up a routing table in routers A node makes a local choice depending on global topology.
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.
© 2007 Levente Buttyán Security and Privacy in Upcoming Wireless Networks Secure routing in ad hoc and sensor networks routing in ad hoc networks; attacks.
Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign.
Intro DSR AODV OLSR TRBPF Comp Concl 4/12/03 Jon KolstadAndreas Lundin CS Ad-Hoc Routing in Wireless Mobile Networks DSR AODV OLSR TBRPF.
Security and Cooperation in Wireless Networks Georg-August University Göttingen Secure routing in multi-hop wireless networks (I) Secure routing in multi-hop.
Ad Hoc On-Demand Distance Vector Routing (AODV) ietf
DETECTION AND IGNORING BLACK HOLE ATTACK IN VANET NETWORKS BASED LATENCY TIME CH. BENSAID S.BOUKLI HACENE M.K.FAROUAN 1.
Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.
Mobile Ad Hoc Networks. What is a MANET (Mobile Ad Hoc Networks)? Formed by wireless hosts which may be mobile No pre-existing infrastructure Routes between.
Routing Metrics for Wireless Mesh Networks
Author:Zarei.M.;Faez.K. ;Nya.J.M.
IMPROVEMENT OF NETWORK LIFETIME BY IMPROVING ROUTE DISCOVERY PHASE IN MULTI-PATH DSR USING HYBRID ANT COLONY OPTIMIZATION.
Routing Metrics for Wireless Mesh Networks
Classification of various Attacks.
Routing design goals, challenges,
Internet Networking recitation #4
A comparison of Ad-Hoc Routing Protocols
Sensor Network Routing
任課教授:陳朝鈞 教授 學生:王志嘉、馬敏修
Ariadne A Secure On-Demand Routing Protocol for Ad Hoc Networks
Mobile and Wireless Networking
Ad hoc Routing Protocols
Mobile Computing CSE 40814/60814 Spring 2018.
by Saltanat Mashirova & Afshin Mahini
Routing Metrics for Wireless Mesh Networks
Subject Name: Computer Networks - II Subject Code: 10CS64
Proactive vs. Reactive Routing
ITIS 6010/8010 Wireless Network Security
A Survey of Secure Wireless Ad Hoc Routing
Routing.
Routing in Mobile Ad-hoc Networks
Vinay Singh Graduate school of Software Dongseo University
A Routing Protocol for WLAN Mesh
Routing protocols in Mobile Ad Hoc Network
Routing in Mobile Wireless Networks Neil Tang 11/14/2008
Presentation transcript:

Mobile Ad hoc Network: Secure Issues In Multi-Hop Routing Protocols Presented By PHILIP HUYNH CS591-F2009

Mobile Ad hoc Network: Architecture An autonomous, self-configuring system of mobile devices (laptops, smart phones, sensors, etc.) connected by wireless links Each node operates as both an end-system and a router MANET characteristics: Mobility and dynamic topology Bandwidth-constrained Energy-constrained Prone to security threats 9/17/2018 PHILIP HUYNH CS591F2009

Mobile Ad hoc Network: Applications Mobile ad hoc networks were initially designed for military applications, but with the increase of portable devices as well as progress in wireless communication, MANET is gaining importance with increasing number of applications. It can be used for emergency and rescue operation, conferences and campus settings, airport and car networks and other more. 9/17/2018 PHILIP HUYNH CS591F2009

Multi hop Routing Protocols Topology-based protocols Proactive distance vector based (e.g., DSDV) link-state (e.g., OLSR) Reactive (on-demand) distance vector based (e.g., AODV) source routing (e.g., DSR) Position-based protocols Greedy forwarding (e.g., GPSR, GOAFR) Restricted directional flooding (e.g., DREAM, LAR) Hybrid approaches Classification of ad hoc network routing protocols. Topology-based protocols are based on traditional routing concepts, such as maintaining routing tables or distributing link-state information, but they are adapted to the special requirements of mobile ad hoc networks. Position-based protocols use information about the physical locations of the nodes to route data packets to their destinations. Topology-based protocols can be proactive or reactive. Proactive protocols try to maintain consistent, up-to-date routing information within the system. In contrast to this, reactive protocols establish a route between a source and a destination only when it is needed. For this reason, reactive protocols are also called on-demand protocols. 9/17/2018 PHILIP HUYNH CS591F2009

Dynamic Source Routing (DSR) Example: Dynamic Source Routing (DSR) On-demand source routing protocol Two components: Route discovery Use only when source S attempts to send a packet to destination D Based on flooding of Route Request (RREQ) and returning Route Replies (RREP) Route maintenance Makes S able to detect route errors (e.g., if a link along that route no longer works) 9/17/2018 PHILIP HUYNH CS591F2009

Attack Mechanisms Eavesdropping, Replaying, Modifying, and Deleting Control Packets Fabricating control packets containing fake routing information (forgery) Fabricating control packets under a fake identity (spoofing) Dropping data packets (attack against the forwarding function) Wormholes and tunneling Rushing 9/17/2018 PHILIP HUYNH CS591F2009

Attack Mechanisms(2) Eavesdropping, Replaying, Modifying, and Deleting Control Packets Fabricating control packets containing fake routing information (forgery) Fabricating control packets under a fake identity (spoofing) Dropping data packets (attack against the forwarding function) Wormholes and tunneling Rushing 9/17/2018 PHILIP HUYNH CS591F2009

Route Disruption wormhole source destination The adversary prevents a route from being discovered between two nodes that are otherwise connected The primary objective of this attack is to degrade the quality of service provided by the network The two victims cannot communicate, and Other nodes can also suffer and be coerced to use suboptimal routes Attack mechanisms that can be used to mount this attack: Dropping route request or route reply messages on a vertex cut Forging route error messages Combining wormhole/tunneling and control packet dropping Rushing ROUTE DISRPUTION IN DSR WITH RUSHING; THE ADVERSARY DROPS ALL ROUTE REPLIES (RREP) CONTROL PACKETS. 9/17/2018 PHILIP HUYNH CS591F2009

Route Diversion wormhole source destination Due to the presence of the adversary, the protocol establishes routes that are different from those that it would establish, if the adversary did not interfere with the execution of the protocol The objective of route diversion can be To increase adversarial control over the communications between some victim nodes The adversary tries to achieve that the diverted routes contain one of the nodes that it controls or a link that it can observe The adversary can eavesdrop or modify data sent between the victim nodes easier To increase the resource consumption of some nodes Many routes are diverted towards a victim that becomes overloaded Degrade quality of service By increasing the length of the discovered routes, and thereby, increasing the end-to-end delay between some nodes Route diversion can be achieved by Forging or manipulating routing control messages Dropping routing control messages Setting up a wormhole/tunnel ROUTE DIVERSION IN DSR WITH RUSHING; THE ADVERSARY CAN EAVESDROP OR MODIFY DATA PACKETS. 9/17/2018 PHILIP HUYNH CS591F2009

Creation of Incorrect Routing State This attack aims at jeopardizing the routing state in some nodes so that the state appears to be correct but, in fact, it is not Data packets routed using that state will never reach their destinations The objective of creating incorrect routing state is To increase the resource consumption of some nodes The victims will use their incorrect state to forward data packets, until they learn that something goes wrong To degrade the quality of service Can be achieved by Spoofing, forging, modifying, or dropping control packets CREATION OF INCORRECT ROUTING STATE IN DSR; THE ADVERSARY SENDS THE FAKE ROUTE REPLIES (RREP). 9/17/2018 PHILIP HUYNH CS591F2009

Generation of Extra Control Traffic Injecting spoofed control packets into the network Aiming at increasing resource consumption due to the fact that such control packets are often flooded in the entire network 9/17/2018 PHILIP HUYNH CS591F2009

Setting Up a Gray Hole wormhole source destination An adversarial node selectively drops data packets that it should forward The objective is To degrade the quality of service Packet delivery ratio between some nodes can decrease considerably To increase resource consumption Wasting the resources of those nodes that forward the data packets that are finally dropped by the adversary Implementation is trivial Adversarial node participates in the route establishment When it receives data packets for forwarding, it drops them Even better if combined with wormhole/tunneling ROUTE DIVERSION IN DSR WITH RUSHING; THE ADVERSARY SELECTIVELY DROPS DATA PACKETS. 9/17/2018 PHILIP HUYNH CS591F2009

Countermeasures Authentication of control packets Using MACs or digital signatures Protection of mutable information in control packets Often complemented with the use of one-way hash functions Detecting wormholes and tunnels Combating gray holes Using multi-path routing Using a “detect and react” approach 9/17/2018 PHILIP HUYNH CS591F2009

Secure Routing Protocol (SRP) A  * : [RREQ, A, H, id, sn, macAH, ()] B  * : [RREQ, A, H, id, sn, macAH, (B)] C  * : [RREQ, A, H, id, sn, macAH, (C)] D  * : [RREQ, A, H, id, sn, macAH, (D)] E  * : [RREQ, A, H, id, sn, macAH, (E)] F  * : [RREQ, A, H, id, sn, macAH, (E, F)] G  * : [RREQ, A, H, id, sn, macAH, (D, G)] H  A : [RREP, A, H, id, sn, (E, F), macHA] A B C E F G H macAH: Message Authentication Code covering RREQ, A, H, id, and sn SRP is a secure variant of DSR Uses symmetric-key authentication (MACs) Due to mobility, it would be impractical to require that the source and the destination share keys with all intermediate nodes Hence there’s only a shared key between the source and the destination Only end-to-end authentication is possible No optimizations SRP is simple but it does not prevent the manipulation of mutable information added by intermediate nodes This opens the door for some attacks Some of those attacks can be thwarted by secure neighbor discovery protocols 9/17/2018 PHILIP HUYNH CS591F2009

Some Secure Ad hoc Network Routing Protocols SRP (on-demand source routing) Ariadne (on-demand source routing) endairA (on-demand source routing) S-AODV (on-demand distance vector routing) ARAN (on-demand, routing metric is the propagation delay) SEAD (proactive distance vector routing) SMT (multi-path routing combined error correcting) Watchdog and Pathrater (implementation of the “detect and react” approach to defend against gray holes) ODSBR (source routing with gray hole detection) 9/17/2018 PHILIP HUYNH CS591F2009

Simulation Multi hop routing attack – Gray hole Using TinyOS, TOSSIM, TinyViz 9/17/2018 PHILIP HUYNH CS591F2009

Simulation 9/17/2018 PHILIP HUYNH CS591F2009