Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Slides:



Advertisements
Similar presentations
Multicasting in Mobile Ad hoc Networks By XIE Jiawei.
Advertisements

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Survey of Secure Wireless Ad Hoc Routing
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Ranveer Chandra , Kenneth P. Birman Department of Computer Science
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Ad-Hoc Networking Course Instructor: Carlos Pomalaza-Ráez D. D. Perkins, H. D. Hughes, and C. B. Owen: ”Factors Affecting the Performance of Ad Hoc Networks”,
Multicast-Enabled Landmark (M-LANMAR) : Implementation and scalability YunJung Yi, Mario Gerla, JS Park, Yeng Lee, SW Lee Computer Science Dept University.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Routing Security in Ad Hoc Networks
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.
Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.
1 A Novel Mechanism for Flooding Based Route Discovery in Ad hoc Networks Jian Li and Prasant Mohapatra Networks Lab, UC Davis.
Component-Based Routing for Mobile Ad Hoc Networks Chunyue Liu, Tarek Saadawi & Myung Lee CUNY, City College.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #5 Mobile Ad-Hoc Networks TBRPF.
1 Internet Networking Spring 2006 Tutorial 3 Ad-hoc networks TBRPF (based on IETF tutorials on TBRPF)
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks By: Sencun Zhu, Sanjeev Setia, and Sushil Jajodia Presented By: Daryl Lonnon.
Jadavpur University Centre for Mobile Computing & Communication Implementation of Ad-Hoc Mesh Network Presentation by: Sudipto Das Rajesh Roy.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
Host Identity Protocol
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.
Itrat Rasool Quadri ST ID COE-543 Wireless and Mobile Networks
Routing Security in Wireless Ad Hoc Networks Chris Zingraf, Charisse Scott, Eileen Hindmon.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #3 Mobile Ad-Hoc Networks AODV Routing.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.
IDRM: Inter-Domain Routing Protocol for Mobile Ad Hoc Networks C.-K. Chau, J. Crowcroft, K.-W. Lee, S. H.Y. Wong.
1 AutoconfBOF2.PPT / Aug / Singh,Perkins,Clausen IETF Not Confidential Ad hoc network autoconfiguration: definition and problem statement (draft-singh-autoconf-adp-00.txt)
1 Mobile ad hoc networking with a view of 4G wireless: Imperatives and challenges Myungchul Kim Tel:
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Security in Ad Hoc Networks. What is an Ad hoc network? “…a collection of wireless mobile hosts forming a temporary network without the aid of any established.
Multicast ad hoc networks Multicast in ad hoc nets Multicast in ad hoc nets Review of Multicasting in wired networks Review of Multicasting in wired networks.
A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.
WIRELESS AD-HOC NETWORKS Dr. Razi Iqbal Lecture 6.
Energy-Efficient Shortest Path Self-Stabilizing Multicast Protocol for Mobile Ad Hoc Networks Ganesh Sridharan
S Master’s thesis seminar 8th August 2006 QUALITY OF SERVICE AWARE ROUTING PROTOCOLS IN MOBILE AD HOC NETWORKS Thesis Author: Shan Gong Supervisor:Sven-Gustav.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.
Multiuser Receiver Aware Multicast in CDMA-based Multihop Wireless Ad-hoc Networks Parmesh Ramanathan Department of ECE University of Wisconsin-Madison.
Ad Hoc Network.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Spring 2004 Mobile IP School of Electronics and Information Kyung Hee University Choong Seon HONG
Routing Security in Wireless Ad Hoc Networks Chris Zingraf, Charisse Scott, Eileen Hindmon.
Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)
A Mechanism for Communication- Efficient Broadcast Encryption over Wireless Ad Hoc Networks Johns Hopkins University Department of Computer Science Reza.
Ad Hoc On-Demand Distance Vector Routing (AODV) ietf
RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France.
-1/16- Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks C.-K. Toh, Georgia Institute of Technology IEEE.
Mobile Ad Hoc Networks. What is a MANET (Mobile Ad Hoc Networks)? Formed by wireless hosts which may be mobile No pre-existing infrastructure Routes between.
GeoTORA: A Protocol for Geocasting in Mobile Ad Hoc Networks
Author:Zarei.M.;Faez.K. ;Nya.J.M.
Introduction Wireless devices offering IP connectivity
Delay-Tolerant Networks (DTNs)
任課教授:陳朝鈞 教授 學生:王志嘉、馬敏修
Mobile ad hoc networking: imperatives and challenges
Other Routing Protocols
Presentation transcript:

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University

2 Outline Background Problem statement Related work Proposed scheme –Key Synchronization –Packet Retransmission Analysis, simulation and field test Summary

3 Background Mobile Ad Hoc Network (MANET) –A MANET consists of mobile platforms (e.g., a router with multiple hosts and wireless communications devices), which are free to move about arbitrarily. -- IETF RFC2501 –Characteristics of MANET No pre-determined infrastructure Ease of deployment Dynamic topologies (e.g., mobility, network partition ) Constrained resources (e.g., bandwidth, energy )

4 Background (Cont) Network access control –Not media access control –Who has the right to access the network Physical* Technical * Administrative * –Firewalls Conventional network Using network topology and service information * H. F. Tipton, Handbook of information security management

5 Problem Statement An attacker may inject “bogus” packets to consume the network resources, or insert itself into critical routes No mature access control scheme for MANET –more complicated due to open media and dynamic topology

6 Related Work DHCP Access Control Gateway Kerberos Distributed firewall Pebblenets Distributed access control scheme for consumer operated MANET LHAP

7 Related Work --Cont LHAP: a lightweight hop-by-hop authentication protocol for ad-hoc networks –Based on one-way key chain and TESLA –Hop-by-hop authentication –Each transmitted packet associated with a traffic key, –Receiver (or intermediate node) verifies to decide whether forward (accept) the packet C A B D S Cert &Commit S M, K F (i) S M, K F (I+1)

8 Proposed Scheme – cryptographic tools Group key agreement Group key distribution –Controller chooses key –Stateful vs. Stateless Stateless key distribution –Each user is assigned an unique set of personal keys –New key is encrypted with the personal keys only known to the legitimate users –Nice stateless property k1 k2 K 1- 2 K 3- 4 k3k3 k4 K 1- 4 M1M2M3M4

9 Proposed Scheme – underlying models Network model –All nodes come from one domain –A node’s access to the network is controlled by a domain manager (i.e., key manager) –Each node has a unique ID and a set of personal secret keys Attack model –Attackers inject packets to deplete the resources of node relaying the packets

10 Proposed Scheme - outline Basic idea –Cryptography-oriented (using group key) –Authenticate all the packets with a network- wide access control (group session) key. –Any “bogus” packet that has incorrect authentication information will be filtered out immediately. –As a result, illegitimate nodes will be excluded from communication (routes). pan wang:

11 Research challenges Two critical challenges –Synchronization of network access control key –Interaction between data transmission and key distribution If these two challenges can be solved, the proposed group key based network access control scheme will be done.

12 Key Synchronization Problem statement –A key update message may fail to propagate across MANET. Thus, two legitimate user may simultaneously hold different session key (lack of key synchronization)

13 Key Synchronization (Cont-1) An example of lack of key synchronization

14 Key Synchronization (Cont-2) Solution –Exploit the stateless feature of the proposed stateless group key distribution scheme –Each user buffers the key update message most recently received –Transmit the buffered message to the other users that are using old session keys

15 Key Synchronization (Cont-3) Scheme details –Proactive part Broadcast the buffered key update message every t time unites –Reactive part Send a key synchronization request, if a received packet has higher session ID Send the buffered key update message, if a received packet has a lower session ID

16 Key Synchronization (Cont-4) Illustration of the proposed key synchronization scheme B A S E F H J D C G I K M N L B A S E F H J D C G I K Broadcast M N L B A S E F H J D C G I K M N L B A S E F H J D C G I K M N L B A S E F H J D C G I K M N L B A S E F H J D C G I K M L N Represents a node that has the most recent key

17 Key Synchronization (Cont-5) Security analysis (possible attacks) –Resource consumption via forged key update message Solution: lightweight authentication methods (One- way key chain & Merkle hash tree) –Resource consumption via forged data packet Constrained to one-hop –Logically partition MANET via refusing forwarding key update message Multiple paths, watchdog

18 Key Synchronization (Cont-6)  One-way key chain

19 Key Synchronization (Cont-7)  Merkle hash tree

20 Key Synchronization (Cont-8) Performance analysis –Rely on the adopted stateless group key distribution scheme –Storage One message –Computation –Communication Depends on t and number of users using an old key

21 Packet Retransmission Problem statement –The interaction between data transmission and key distribution. That is, in the case of a lack of key synchronization, a user may receives some (unverified) packets authenticated with a different session key.

22 Packet Retransmission (Cont-1) Possible options –Simply drop –Buffer and then verify –Synchronize the keys before sending every data packet All of them have serious drawbacks

23 Packet Retransmission (Cont-2) Proposed solution –Drop, synchronize keys, and then retransmit. –ACK mechanism –Unicast & broadcast

24 Algorithm of the proposed scheme

25 Packet Retransmission (Cont-3) Security analysis (possible attacks) –Resource consumption attack –Forged ACK message –Packet modification

26 Packet Retransmission (Cont-4) Performance analysis –Computation Authentication & verification Pentium GHz processor * MD MB/s SHA MB/s –Communication Retransmission rate

27 Simulation Evaluation The simulation modal –40/80 nodes randomly placed in a fixed area (a square of size 1km x 1km) –Random walk with a maximum speed 20m/s –Communication range 200m –2000 simulations, using different random number seeds

28 Simulation Evaluation (Cont-2) Average percentage of nodes which got the latest session key

29 Simulation Evaluation (Cont-3) Average percentage of nodes which got the latest session key

30 Simulation Evaluation (Cont-4)

31 Implementation Based on Netfilter Two daemons –Adopt the stateless scheme proposed by Liu & Ning

32 Field Test Test bed –One Dell P4 laptop with Linux 9.0 (kernel ) –Two Compaq iPAQ 3970 PDAs with Familiar v0.7.2 (kernel rmk-pxal-hh30) –Lucent Orinoco wireless cards Tests –Key distribution –User revocation –Packet authentication and verification –Key synchronization

33 Summary Network access control is an important issue for MANET Cryptography-oriented solution exploiting the stateless feature of stateless group key distribution scheme Simulation as well as functioning prototype indicates it practical and effective

34 Question

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.