1 Survey Presentation Course: Fall 2004 Ataul Bari Instructor: Dr. A. K. Aggarwal

2 Agenda  Introduction  The DSR Protocol  The SADSR Protocol  The SERAN for Security Equipment  Closing Remarks

3 Papers Reviewed  Ghazizadeh, S.; Ilghami, O.; Sirin, E.; Yaman, F.; “ Security-aware adaptive dynamic source routing protocol ”, Local Computer Networks, Proceedings. LCN th Annual IEEE Conference on 6-8 Nov Pages:751 – 760  Ben-Othman, J.; Xiaoyun Xue; “ SERAN: a new protocol to hide an equipment in ad hoc networks ”, Computers and Communication, (ISCC 2003). Proceedings. Eighth IEEE International Symposium on 30 June-3 July 2003 Pages: vol.1

4 Introduction  Wireless Networks  Infrastructured Network  Consists of fixed and wired gateways  Fixed base station (Access Point)  Nodes can move geographically  Ad Hoc (or Infrastructureless) Network  All nodes are mobile  Nodes communicate with each other  No centralized entity (base station, Access point)  Nodes are routers

5 Infrastructured Network

6 Ad Hoc Networks

7 Characteristics  Contain a large number of nodes  No pre-existing fixed network infrastructure  Can be deployed rapidly  Nodes can freely move around  Creation and deletion of network links  Dynamically variable topologies  Bandwidth constrained links  Energy constrained operation

8 The MANET Model  Nodes have fixed IDs (e.g. IP addresses)  Wireless communication devices  Nodes are powered with lightweight batteries that have limited life  Nodes have equal capability  Identical communication devices.  Nodes connectivity is not transitive

9 Routing in MANET  Challenging  Unpredictable node mobility  Dynamic topology variation  Nature of wireless media  Types  Flat  Hierarchical  Geo-assisted  Proactive and Reactive Protocols

10 Routing Protocols

11 Security in Ad Hoc Networks  Always a weak Point  Inherent quality of wireless media  Mobility of the nodes  Lack of centralized entity  Security Requirements  Availability, Confidentiality, Integrity, Authentication and Non-Repudiation  Threats  DoS, Impersonation, Byzantine Failure, Disclosure and Poor Physical Protection

12 The SADSR Protocol  Security-Aware Adaptive Dynamic Source Routing Protocol  Basic Idea  Non-malicious node detects malicious nodes  Non-malicious node Isolates malicious nodes  Goal is to Secure DSR Protocol

13 The DSR Protocol  Dynamic Source Routing Protocol  Reactive (on-demand)  Source-Routed  Each node maintains route caches containing the source routes  Updates it whenever it learns about new routes  two major phases  Route discovery  Route maintenance

14 Route Discovery Contd..  On-Demand  Check Route Cache  Initiates route discovery process  Broadcast a RREQ packet  Includes Source & Destination Address  Includes an unique ID  May be replied by intermediate nodes  May be replied by destination nodes

15 Route Discovery in DSR Ref: Padmini Misra ; “ Routing Protocols for Ad Hoc Mobile Wireless Networks “

16 Route Maintenance  Route Error Packet  Fatal transmission problem at its data link layer  Removes that hop from its route cache  All routes included that particular hop are truncated  Acknowledgment packets  Verify the correct operation of the route links

17 The SADSR  Secure DSR protocol by enhancing it  Non-malicious nodes  Detect malicious node  Isolate malicious node  Uses digital signatures to authenticate  Asymmetric cryptography  Keeps  Multiple routes for each destination  A local trust value for each node in the network  Each path is assigned with a trust value

18 The Attackers  External attackers  Inject erroneous routing information  Replay previous routing messages  Modify the valid routing information  Internal attackers  Trusted at some point of time  Not committed to their promises anymore  Compromised by external attackers  More difficult to detect  Isolate affected nodes  Pass traffic through special routes

19 Assumptions  Both External and Internal attackers exists  Malicious nodes are relatively small  All the connections are bidirectional  public key crypto is used  A secure CA in place  All nodes know the public key of CA,  Certificate issued on off line basis  Certificate bounds a nodes IP with its public key  The certificate obtained from CA never expires

20 The SADSR Protocol  Three different stages  Certificate Acquisition  Multi-path Route Discovery  Routing

21 Certificate Acquisition  Nodes obtain a certificate from CA  Issued in an off-line process  Certificates remain valid for entire lifetime  Security problem ?  Networks is set up for a certain time only  Certificate of node v  Nodes get public key of CA,

22 Multi-path Route Discovery  Initiation of Route discovery process  Generate RREQ message  Sign M  Appends, at the end of M,  Encrypted hash value of M,  Its certificate,  Broadcast M

23 Multi-path Route Discovery Contd..  Intermediate node  Checks if RREQ not too old  Verifies each signature with a probability p  Ensures its own signature is not in the sequence  Count is less then [(Max. No. of route, m)/2]  First RREQ msg. from a neighbor for same route  Signs it message  Re broadcast the message  Entries are discarded after a predefined time,

24 Multi-path Route Discovery Contd..  Destination node  Sets up a timer for the source node, S  Begin to reply  Replies all RREQ messages up to the number m  Non node-disjoint paths  Use 50% probability to reply  To ensure enough route in case of very few neighbor  Generate RREP message,  Signs M, Unicast back to S, using same path of RREQ  Intermediate nodes checks signature, signs, forwards  Rest of RREQs are dropped after time

25 Routing – Basic Idea  Nodes locally calculate and keep trust value (TV) of the other nodes  Based on the observations it has made so far  The trust values of the nodes in a path  Increase every time v successfully sends a message through that path,  Decrease if a message is lost or tampered with  Possible as ACK sent through the same path  TV of a path is the product of TVs of its nodes  For routing, paths with higher TV are preferred

26 Assignment of Trust Value  Each source node keeps track of  The paths through which it has sent packets  If it has received the acknowledgement through that path for the corresponding message  Uses two counters for each v in a path, and  The trustworthiness of v,  Trustworthiness of a path =

27 Sending Data Packets  For sending a data packet, source node  Chose a path randomly from available paths  s are likely to know m paths for d  Chance of a path to be chosen is proportional to its trust value  Appends a sequence number with the data packet  Appends the chosen path with the data packet  Signs the packet  Sends through the chosen path

28 Sending Data Packets Cont’d…  Intermediate nodes  Verify the signature of s with a probability p  Then forward the packet  Destination node  If data packet received through path,  Generate an acknowledgement  Signs M  Sends M to s through the same path, P  Intermediate nodes verify signature, forward

29 Updating Trust Values  The source node s maintains a table  of sequence numbers of packets sent  the path used and  a time stamp for time units  Receives a valid ACK  Awards each node on that path  Updates entries for each node on that path  Not -Receives a valid ACK after time  Assumes that the packet is lost  Punish each node on that path  Updates entries for each node on that path

30 Intermediate Link Failure  fails to communicate with  Generate a R.E.M.  Signs it  Sends it to s  The source node s, after receiving the M  Locate and eliminate all path containing the link

31 Security Analysis  The possible attacks on DSR protocol  Attacks on Route Discovery  Attacks on Routing  Fabrication of Route Error Messages  Denial of Service Attacks

32 Attacks on Route Discovery  Modification of source routes  content is changed?  Detected by signature verification  Some or all node info dropped?  No ACK can be reached to S  RREP modified?  Not reached S or discarded there  Route cache poisoning  Only the destination send back RREP  No snooping for intermediate nodes  Not participating in route discovery  Passive maliciousness, nothing can do

33 Attacks on Routing  In a Data Packet, may Modify  Data  Signature verification fails, No ACK  Routes  Not reach destination, No ACK  Dropping the Packets  Dropped packet, no ACK  Gradual isolation

34 False Route Error Msg. And DoS  Fabrication of Route Error Messages  Node may lie that a link is broken  Intermediate node do not snoop and update  Denial of Service Attacks  Sending RREQs with Fake IDs  Node broadcast may RREQ after spoofing IP  intermediate nodes will caught and get rid of some  Rest will be caught at the destination, no RREP  Still a successful attack can be made  Sending RREQs to a Fake Destination  All intermediate nodes will sign and rebroadcast  Currently nothing, but may be extended to keep TV for each S

35 Experimental Results

36 Experimental Results

37 The SERAN  Security Equipment protocol in Routing in Ad hoc Networks  A node is given ability  Use the ad hoc network but not provide resources  Hide itself from the network  Possible application  Conserving energy for critical node  Isolate congested node

38 Basic Idea  Neighbouring nodes know each others at the MAC layer  The protected node, communicate with a neighbor  A new layer, SERAN, between the IP and the transport layer

39 Basic Idea Cont’d…  Node needs an IP address to communicate with others  Dynamic IP address  Fixed IP addresses -> Normal node  No IP addresses -> Invisible node  Use of “Smart Cards”  Implementing DHCP in Smart Cards  Every time there is a communication  The smart card assigns a IP address to  Discards it after that session ended  Next time, assigns a different IP address

Ref: 40 The Smart Card

41 The Communication in SEARAN  Whenever there is an outgoing packet  Gets an IP address from the smart cards, pass the packet  After passing through the network layer, the address is discarded  the packet is uni-cast to including only the destination address in the SERAN header  The SERAN layer is capable of recognizing and sending the message to the destination.  The SERAN header includes the source MAC address to distinguish the real source.

42 The Communication in SEARAN  Incoming packet in the MAC layer, the card checks  The header of the packet to see if the packet’s destination MAC address is its own  If the packet contains the broadcast address ( ).  If any of these is true, then get a temporary IP address from the card and pass the packet to the IP layer.  The smart card is capable of decoding the header of the packets.

43 Evaluation of

44 Improvement

45 Advantages and Disadvantages  Advantages  Can keep a node secret  Protected node saves its energy  Protected node can send and receive rapidly  avoid “overflow routing table”, “sleep deprivation”  Disadvantages  Bad influence for the global routing  May reduce the number of multi-routes  Selection of still remains as an issue

46 Conclusions  Security is a weak point in ad hoc networks  The SADSR protocol is proposed to secure an existing protocol called DSR  Tests show that SADSR copes well in presence of malicious nodes  SERAN may be used to hide security equipment in ad hoc network  First known approach using smart card  Looking forward to a secure ad hoc network