Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec. 2006

Agenda Overview of ad hoc networks (MANET) Characteristics Risks and threats : (Kinds of attacks) Criteria for securing ad hoc network Some possible solutions Suggestion (Securing – ZRP protocol) Corrections & Discussion

Overview of ad hoc networks (MANET) Mobile nodes equipped with wireless Interfaces No established Infrastructure Self Organized No Centralized Control Network topology changes dynamically

Characteristics May be out of wireless transmitter range of others Need to use other nodes as routers for forwarding Find new routes after movement or change Xteristic It’s characteristics makes it most vulnerable

Ad Hoc networks Ad hoc networks depend on honest cooperation: -You forward packets correctly and honestly for me, and: -I’ll forward packets correctly and honestly for you Two general areas of security lapses: -Lack of cooperation -Forging routes and maliciously breaking routes

Risks and threats Two sources of threats External attackers -Inserting erroneous routing updates -Replaying old routing information -Changing routing updates Internal Attackers (node) -Malicious node advertises incorrect routing information

Two kinds of Attacks Passive attacks - Attempt to discover valuable information by listening to the routing traffic (Eavesdropping of data) Active attacks - Modification and deletion of exchanged data - Spoofing -Routing table overflow

Criteria for securing ad hoc network Isolation – Identify misbehaving nodes and make them unable to interfere with routing Lightweight computations. – Confine heavy computing task to the least possible number of nodes (battery power protection) Location privacy – Protect information about the location of nodes in a network and the network structure (location disclosure) Self-stabilization – Automatically recover from any problem in a finite amount of time without human intervention. Certain discovery – Always possible to find the available route (routing table overflow, rushing attack)

Some possible solutions Encrypt all Data (confidentiality) - Ensure that all data are encrypted before sending Trusted Route Discovery – Send packets via trusted routes to avoid internal attacks Redundant paths – Increase route robustness by providing more route choices Hierarchical structure or zone-based routing – Provide foundation for authentication and local link state routing

Possible Solutions... Attack traffic pattern detection – Validate destination sequence Intrusion detection – Monitor behavior of suspected hosts for intrusion detection Authentication among hosts – Prevent impersonation (spoofing) Encrypt and authenticate all packets with a key

Suggestion and Contribution: Protocols Drawback Handling of compromised nodes still a problem Protocols Discussed Proactive (Table Driven): DSDV Reactive (on-demand): DSR, AODV, ARAN Hybrid: ZRP

Suggestion and Contribution: Securing – ZRP protocol Diffie-Hellman Key Agreement Alice generates a random private value a and Bob generates a random private value b. Both a and b are drawn from the set of integers. Alice Bob Alice and Bob derive their public values using parameters p and g and their private values Alice's public value is g a mod p Bob's public value is g b mod p Alice and Bob exchange their public values Alice computes g ab = (g b ) a mod p Bob computes g ba = (g a ) b mod p Since g ab = g ba = k, Alice and Bob now have a shared secret key k

Secure Diffie-Hellman Key Agreement Obtain a public/private key pair and a certificate for the public key prior to execution The immunity is achieved by allowing Alice and Bob to authenticate themselves to each other by the use of digital signatures and public-key certificates Alice Bob Suggestion and Contribution: Secured – ZRP protocol During the protocol, Alice computes a signature on certain messages, covering the public value g a mod p. Bob proceeds in a similar way covering the public value g b mod p. Man-in-the-middle could still intercept message between the parties BUT cannot forge signatures without Alice's private key and Bob's private key. This enhances the defeats of the man-in-the-middle attack.

Conclusion Problems may still persist due to: Dynamic network environment: -Nodes may move at any time (and often) - Nodes may join and leave the network Standard security services such as : Integrity, Authentication, Non-Repudiation None of these satisfy ad hoc network security needs: Reasons... - Can’t force nodes to cooperate or detect all cases when they do not -Can’t protect against a compromised node sending malicious routing packets

Difference between AODV and DSR protocols The main difference between both protocols is that in DSR a source routing option is used; i.e. when a node wants to send something to a destination it sets the whole route for that packet, indicating the addresses of the terminals it has to pass through. In this sense all packets have a DSR header included, and it is needed that all nodes within the ad hoc network know the whole network topology. On the other hand, AODV does not perform source routing at all; when a terminal wants to send something to a destination, it checks its routing table, looking for the next hop towards that destination, and sends the packet to it, and so on. In this sense, data packets "travel" through the ad hoc network without any AODV specific information.