ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang

Attacks on routing protocols for ad hoc networks Passive attacks Ignoring the protocol operations: data forwarding and route processing Limited impacts Active attacks Introduce false routing information False distance vector False destination sequence numbers False RERR Malicious flooding

Comparison b/w security features of reactive and proactive protocols Preparation time for attack Flexibility of attacks: time, target, method Trace back and attacker identification Overhead to conduct attacks Propagation of false routes Detection of false routes

Misuse of AODV Goals Atomic misuse Compound misuse Route disruption Route invasion Node isolation Resource consumption Atomic misuse Drop Modify and forward Forge reply Active forge Compound misuse

Different combinations of AODV packet and atomic misuse Compound misuse

Mitigating Routing Misbehaviors Extensions to DSR Watchdog Monitor whether neighbors forward the packets Maintain a counter for each neighbor Determine whether neighbors are misbehaving by comparing the counter to a threshold

Attacks to watchdog Collision at the watchdog (A does not hear B) Collision at the remote receiver (A hear B, but C does not get the packet) Frame good nodes Cheat the watchdog by controlling transmission power or directional antenna Collusive attacks

Pathrater Each node maintains a rating for other nodes Increase rating of nodes on active path periodically A misbehaved node is rated as a large negative value Calculate a path rating based on node rating (suit the source routing method)

Simulation results When 40% nodes are selfish, the delivery ratio will increase 17% Overhead of the routing protocol and Power consumption overhead Eavesdropping Longer path More route request

SAODV Proposed by researchers in NOKIA Handle import authorization: does a router accept an incoming routing update? Handle export authorization: does a router reply to a request Every node can only generate routing information about itself Dealing with both the unchanged part and changed part in the routing packets

Difference b/w data packet and routing packets Provided features A node can generate routing information only about itself Source authentication: the node is the one that it claims to be Integrity Difference b/w data packet and routing packets Intermediate nodes do not need to know the contents of a data packet Not for the routing packets: the nodes need to update their routing tables The contents of the routing packets may be changed (e.g. hop count)

Therefore, protecting the mutable and non-mutable parts in routing packets is different Assumption Every node has a public/private key pair and a certificate for the public key Use digital signature to authenticate non-mutable part, and hash chain to protect the hop-count

SAODV uses hash chains to authenticate the hop count in RREQ and RREP The source will set x=seed, top-hash = h^(max) (seed). Both x and top-hash will be sent in RREQ Every intermediate node verifies whether top-hash = h^(max-hop count) (x) The Intermediate node will change x = h (x) All fields but x and the hop count are protected by the digital signature

Process the RREQ and RREP Verify the signature before updating the routing table When an intermediate node sends a RREP, it contains two signatures: the destination’s and the intermediate node’s Process the RERR Every node will sign the RERR before forwarding it Every node will verify the signature before changing the routing table The node should not update the destination sequence number

The malicious node cannot reverse the hash function