Ariadne A Secure On-Demand Routing Protocol for Ad Hoc Networks

Slides:



Advertisements
Similar presentations
1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Advertisements

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Survey of Secure Wireless Ad Hoc Routing
DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Security Issues In Sensor Networks By Priya Palanivelu.
Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.
Centre for Wireless Communications University of Oulu, Finland
1 Ad Hoc Networks Security Instructor: Carlos Pomalaza-Ráez Fall 2003 University of Oulu, Finland.
Routing Security in Ad Hoc Networks
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.
Milano, 4-5 Ottobre 2004 IS-MANET The Virtual Routing Protocol for Ad Hoc Networks ISTI – CNR S. Chessa.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
ITIS 6010/8010: Wireless Network Security Weichao Wang.
Ad Hoc Wireless Routing COS 461: Computer Networks
Itrat Rasool Quadri ST ID COE-543 Wireless and Mobile Networks
1 Trust Mechanisms in Ad Hoc Networks Azar Rahimi Dehaghani Lei Hu Trust and Security Case Study 2.
1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #3 Mobile Ad-Hoc Networks AODV Routing.
Mobile Routing protocols MANET
Securing AODV Routing Protocol in Mobile Ad-hoc Networks Phung Huu Phu, Myeongjae Yi, and Myung-Kyun Kim Network-based Automation Research Center and School.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
Mobile Adhoc Network: Routing Protocol:AODV
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Security in Mobile Ad Hoc Networks (MANETs) Group : ►NS. Farid Zafar Sheikh ►NS. Muhammad Zulkifl Khalid ►NS. Muhammad Ali Akbar ►NS. Wasif Mehmood Awan.
Shambhu Upadhyaya 1 Ad Hoc Networks Routing Security Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 19)
Routing Protocols of On- Demand Dynamic Source Routing (DSR) Ad-Hoc On-Demand Distance Vector (AODV)
Dynamic Source Routing in ad hoc wireless networks Alexander Stojanovic IST Lisabon 1.
Dynamic Source Routing (DSR) Sandeep Gupta M.Tech - WCC.
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Security in Ad Hoc Networks. What is an Ad hoc network? “…a collection of wireless mobile hosts forming a temporary network without the aid of any established.
DSR: Introduction Reference: D. B. Johnson, D. A. Maltz, Y.-C. Hu, and J. G. Jetcheva, “The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks,”
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Security and Cooperation in Wireless Networks Georg-August University Göttingen Secure routing in multi-hop wireless networks (I) Secure routing in multi-hop.
Security for Broadcast Network
Ad Hoc On-Demand Distance Vector Routing (AODV) ietf
Improving Fault Tolerance in AODV Matthew J. Miller Jungmin So.
S E A D Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks Yih-Chun Hu,David B.Johnson, Adrian Perrig.
Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.
Author:Zarei.M.;Faez.K. ;Nya.J.M.
TAODV: A Trusted AODV Routing Protocol for MANET
Introduction Wireless devices offering IP connectivity
IMPROVEMENT OF NETWORK LIFETIME BY IMPROVING ROUTE DISCOVERY PHASE IN MULTI-PATH DSR USING HYBRID ANT COLONY OPTIMIZATION.
Packet Leashes: Defense Against Wormhole Attacks
Mobicom ‘99 Per Johansson, Tony Larsson, Nicklas Hedman
Internet Networking recitation #4
A comparison of Ad-Hoc Routing Protocols
Sensor Network Routing
Mobile Ad hoc Network: Secure Issues In Multi-Hop Routing Protocols
The TESLA Broadcast Authentication Protocol CS 218 Fall 2017
任課教授:陳朝鈞 教授 學生:王志嘉、馬敏修
Mobile and Wireless Networking
SPINS: Security Protocols for Sensor Networks
ITIS 6010/8010 Wireless Network Security
SPINS: Security Protocols for Sensor Networks
A Survey of Secure Wireless Ad Hoc Routing
SPINS: Security Protocols for Sensor Networks
Vinay Singh Graduate school of Software Dongseo University
A Distributed Clustering Scheme For Underwater Sensor Networks
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
Routing in Mobile Wireless Networks Neil Tang 11/14/2008
Presentation transcript:

Ariadne A Secure On-Demand Routing Protocol for Ad Hoc Networks Speaker: Christof Hammer Course: High Performance Computer Networks, Fall 2o1o CSE-Department York University, Toronto

Duration & Questions This presentation will last about 30 minutes Please keep all your questions until the end of the presentation

Content Ad hoc networks On-Demand Routing What Ariadne does Short review of DSR TESLA Assumptions Security & Keys Attacker and Attacking-Models Route Discovery Route Maintenance Performance of Ariadne Conclusions Q & A

Ad hoc networks Ad hoc networks Ad hoc routing Protocols are groups of wireless mobile devices (nodes) nodes cooperate by forwarding packets have no need for central management setup and deployment is easy and quick nodes are not homogeneous Ad hoc routing Protocols can handle the requested (high) mobility don‘t send periodic routing messages have not as much overhead as wired routing protocols but do not concern the aspect of security

On-Demand Routing On-Demand routing is also refered to as reactive routing A route request is only issued if there‘s need A node starts a discovery iff it has to send data to the destination and doesn‘t know a valid route to the target This method has (much) less overhead than proactive protocols (e.g. Boder Gateway Protocol) Routing overhead is almost completly eliminated in network areas which do not change often

What Ariadne does Ariadne authenticates routing messages using one of three possibilities : Shared secrets between node pairs Shared secrets between communication nodes in combination with broadcast authentication (TESLA) (focus of the presentation) Digital signature method Ariadne builds upon the DSR-protocol Prevents malicious injection or altering of routing data Routing loop Black Hole Detours

Short review of DSR DSR belongs to the on demand protocols Route discovery Is triggered iff a node need to send data to a destination for which no route exists A special ROUTE-REQUEST packet is sent. This packet builds the actual path Route maintenance Detects borken links on a route Generates ROUTE-ERROR messages Removes the defect links from the path cache

TESLA TESLA = Time Efficient Stream Loss-tolerant Authentication TESLA is a broadcast authentication protocol Ariadne uses TESLA to authenticate the DSR routing packets Efficient: It adds only a single message authentication code (MAC) to a message An asymmetric primitive is required to prevent others from forging Message Authentication Codes TESLA archives asymmetry through clock synchronization (not strict) and delayed key disclosure (keys are sent after the message) rather than complex mathematical computations (e.g. RSA) TESLA generates a one-way key chain by repeatedly computing a one way hash function H

TESLA

TESLA Each sender splits time into slots (t) (e.g. 200 ms) After that it chooses a random initial key Now a one-way key chain is generated The keys are used in reverse order of their generation The sender discloses the key (i) based on the time interval (t), and the disclosure time of the first key (T0) The sender attaches MAC to each packet Computed over the packet‘s contents Sender determines time interval and uses corresponding key With each packet the sender also sends the most recent discloseable one-way-key

TESLA

TESLA All Receivers know the key disclosing schedule Checks that the key used to compute the MAC is still secret by determining that the sender could not have made it public yet As long as key is secret, the receiver buffers the packet When the key is made public, receiver checks it‘s correctness and authenticates the buffered packets

Assumptions Each node must be able to estimate the end-to-end transmission time to any other node in the Network Physical attacks or attacks on the medium (e.g. jamming) are disregarded All nodes have loosely synchronized clock Resources of network nodes are very different, so Ariadne assumes always constrained recourses. Each node has a TESLA one way key chain and each node know an authentic key of the TESLA one-way key chain of each other node

Security & Keys Three authentication mechanism possibilities: Pair wise secret keys TESLA (shared keys between all source-destination pairs) Digital signatures Shared secret keys Key distribution center Bootstrapping from a Public Key Infrastructure Pre-loading at initialization Initial TESLA keys Embed at initialization Assume PKI and embed Certifications Authority’s public key at each node Pair wise secret keys (requires n(n+1)/2 keys) Digital signatures (requires powerful nodes)

Attacker and Attacking-Models Active attacker Injects packets and eavesdrops Characterized based on the number of controlled nodes in the network Passive attacker is not considered in the presentation Routing disruption attacks Causes legitimate data packets to be routed dysfunctional (e.g., routing loop, black hole, detour) Resource consumption attacks Consumes valuable network resources or node resources (e.g., injecting data packets, injecting control packets)

Route Discovery Assume sender and receiver share secret (non-TESLA) keys for message authentication Target authenticates ROUTE REQUESTS Initiator includes a MAC computed with end-to-end key (e.g. KAB) Target verifies authenticity and freshness using shared key Data authentication using TESLA keys Each hop authenticates new information in the REQUEST Target buffers REPLY until intermediate nodes release TESLA keys TESLA security condition is verified at the target Target includes a MAC in the REPLY Attacker can remove a node from node list in a REQUEST but the One-way hash functions verify that no hop was omitted

Route Discovery (cont.) Upon receiving ROUTE REQUEST, a node: Processes the request only if it is new Processes the request only if the time interval is valid (not too far in the future, but not for an already disclosed TESLA key) Modifies the request and rebroadcasts it Appends its address to the node list, replaces the hash chain with H[its nodeid, prev. hash chain] Appends MAC of entire REQUEST to MAC list using KAi where i is the index for the time interval specified in the REQUEST

Route Discovery (cont.)

Route Discovery (cont.) Assume all nodes know an authentic key of the TESLA one-way key chain of every other node Securing ROUTE REQUEST Target can authenticate the sender (using their shared key) Initiator can authenticate each entry using intermediate TESLA keys No node can remove any other node in the REQUEST or REPLY

Route Reply When the target receives the route request: Checks the validity of the REQUEST (determining that the keys from the time interval have not been disclosed yet and that hash chain is correct) Returns ROUTE REPLY containing eight fields ROUTE REPLY, target, initiator, time interval, node list, MAC list target MAC: MAC computed over above fields with key shared between target and initiator (e.g. KBA) Key list: disclosable MAC keys of nodes along the path

Route Reply (cont.)

Route Reply (cont.) Node forwarding ROUTE REPLY Waits until it can disclose TESLA key from specified interval Appends that key to the key list This waiting does delay the return of the ROUTE REPLY but does not consume extra computational power When initiator receives ROUTE REPLY Verifies each key in the key list is valid Verifies that the target MAC is valid Verifies that each MAC in the MAC list is valid using the TESLA keys

Route Maintenance Node forwarding a packet to the next hop returns a ROUTE ERROR to the original sender ROUTE ERROR contains six fields ROUTE ERROR: label sending address: node encountering error receiving address: intended next hop time interval: pessimistic arrival time of error at destination error MAC: MAC of the preceding fields of the error (computed using sender’s TESLA key) recent TESLA key: most recent disclosable TESLA key

Route Maintenance Prevent unauthorized nodes from sending errors, we require errors to be authenticated by the sender Errors are propagated as regular data packets Intermediate nodes remove routes that use the bad link Sending node continues to send data packets along the route until error is validated Generates additional errors, which are all cleaned up when the error is finally validated

Performance

Performance (cont.)

Conclusions Ariadne is a secure ad hoc routing protocol Operates on-demand Efficient and general security mechanisms The authors of the paper restricted the scenarios very much Ariadne was implemented on a non optimized version of DSR About 26% more overhead than non optimized DSR Slower route discovery with TESLA Delays due to delayed key disclosure Ariadne has less throughput Due to slower route discovery Key exchange is complicated In the ad hoc environment especially, this is most likely not feasible

Thank you for listening. Are there any Questions?