GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.

Slides:

Advertisements

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

Advertisements

Chris Karlof and David Wagner

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

A Survey of Secure Wireless Ad Hoc Routing

DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Multicasting in Mobile Ad-Hoc Networks (MANET)

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Security Issues In Sensor Networks By Priya Palanivelu.

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)

1 Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols Yih-Chun Hu, Adrian Perrig, and David B. Johnson Presenter: Sandeep Mapakshi.

Centre for Wireless Communications University of Oulu, Finland

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Routing Security in Ad Hoc Networks

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

Component-Based Routing for Mobile Ad Hoc Networks Chunyue Liu, Tarek Saadawi & Myung Lee CUNY, City College.

SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.

ITIS 6010/8010: Wireless Network Security Weichao Wang.

1 Timed Efficient Stream Loss-tolerant Authentication.

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

Secure routing in multi-hop wireless networks (II)

Itrat Rasool Quadri ST ID COE-543 Wireless and Mobile Networks

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

SECURITY-AWARE AD-HOC ROUTING FOR WIRELESS NETWORKS Seung Yi, Prasad Naldurg, Robin Kravets Department of Computer Science University of Illinois at Urbana-Champaign.

Shambhu Upadhyaya 1 Ad Hoc Networks Routing Security Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 19)

Improving QoS Support in Mobile Ad Hoc Networks Agenda Motivations Proposed Framework Packet-level FEC Multipath Routing Simulation Results Conclusions.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

Dynamic Source Routing in ad hoc wireless networks Alexander Stojanovic IST Lisabon 1.

Dynamic Source Routing (DSR) Sandeep Gupta M.Tech - WCC.

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

1 Detecting and Evading Wormholes in Mobile Ad-hoc Wireless Networks Asad Amir Pirzada and Chris McDonald.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

DSR: Introduction Reference: D. B. Johnson, D. A. Maltz, Y.-C. Hu, and J. G. Jetcheva, “The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks,”

1 Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols Yih-Chun Hu, Adrian Perrig, and David B. Johnson Presented By: Nitin Subramanian.

Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.

Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.

Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.

Group-based Source Authentication in VANETs You Lu, Biao Zhou, Fei Jia, Mario Gerla UCLA {youlu, zhb, feijia,

“Challenges of Secure Routing in MANETs: A Simulative Approach using AODV-SEC” Analysis of a technical report from Stephan Eichler and Christian Roman,

Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.

Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)

KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.

Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.

SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Network Raymond Chang March 30, 2005 EECS 600 Advanced Network Research, Spring.

Security for Broadcast Network

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

Peter Pham and Sylvie Perreau, IEEE 2002 Mobile and Wireless Communications Network Multi-Path Routing Protocol with Load Balancing Policy in Mobile Ad.

Efficient Geographic Routing in Multihop Wireless Networks Seungjoon Lee*, Bobby Bhattacharjee*, and Suman Banerjee** *Department of Computer Science University.

S E A D Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks Yih-Chun Hu,David B.Johnson, Adrian Perrig.

Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.

Packet Leashes: Defense Against Wormhole Attacks

Mobile Ad hoc Network: Secure Issues In Multi-Hop Routing Protocols

Ariadne A Secure On-Demand Routing Protocol for Ad Hoc Networks

SPINS: Security Protocols for Sensor Networks

SPINS: Security Protocols for Sensor Networks

Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.

Presentation transcript:

GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG

GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

GZ06 : Mobile and Adaptive Systems Motivation  On demand Ad hoc routing protocol  Security in Ad hoc protocols.  Attack models  General protocol  Mobility

GZ06 : Mobile and Adaptive Systems Motivation (cont.)  Resource constrained devices (palm)

GZ06 : Mobile and Adaptive Systems Ariadne  Ariadne Protocol  They have based there protocol on the basic operators of DSRs, on demand source routing protocol.  Basic operations of DSR are:  Route discovery  Route maintenance

GZ06 : Mobile and Adaptive Systems Overview of TESLA Basic Operation of Tesla:  Uses a MAC  Picks an initial key at random Kn.  Generates a set of keys Ko – Kn using a one way Hash chain.  Delayed key discloser  For each K there is a release time.  Time synchronization  You have to pick delta to be the maximum delay error between any 2 nodes. All nodes must know this.

GZ06 : Mobile and Adaptive Systems Network Assumptions  They ignore the physical layer  Networks are bidirectional  Attacks on medium access control are disregarded.  Normal network (drop, corrupt, re-order)  Ariadne inherits all assumptions of the broadcast authentication protocol used such as (TESLA).

GZ06 : Mobile and Adaptive Systems Node Assumptions  Resource constrained Nodes.  No asymmetric cryptography.  Loosely synchronized clocks.  No trusted hardware used such as tamperproof modules.

GZ06 : Mobile and Adaptive Systems Security Assumptions  Ariadne relies on the following keys to be set up, depending on which authentication mechanism is used : 1.Pairwise shared secret key. 2.Digital signatures. 3.If TESLA is used, we assume a mechanism to set up shared secret keys between communicating nodes, and to distribute one authentic public TESLA key for each node.

GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

GZ06 : Mobile and Adaptive Systems Attack Model  Passive  Active  An attacker injects packets into the network  An attack which has compromised nodes is called an Active-VC attacker if it owns all nodes on a vertex cut through the network that partitions the good nodes into multiple sets.  Active-n-m Active-0-1 Active-1-x Active-y-x

GZ06 : Mobile and Adaptive Systems General Attacks on Ad Hoc Network Routing Protocols  Routing disruption attacks  Routing loop  Black hole  Wormhole  Rushing Attack  Resource consumption attacks  Inject extra data packets  Inject extra control packets

GZ06 : Mobile and Adaptive Systems Basic Ariadne Route Discovery  Stage 1 – Target verifies Route Requests  Stage 2 - Target authenticates the data in Route Requests and the sender can authenticate the Route Replies  Stage 3 - Provides a way to verify that no node is missing from the node list.  Assume initiator S performs a Route Discovery for target D.  S and D share the secret keys K SD and K DS for message authentication in each direction

GZ06 : Mobile and Adaptive Systems Ariadne Route Discovery Using TESLA  A ROUTE REQUEST packet contains eight fields (ROUTE REQUEST, initiator, target, id, time interval, hash chain,node list, MAC list)  The initiator of the REQUEST then initializes the hash chain to MAC KSD (initiator, target id, time interval)  The hash chain for the target node H[ n,H[ n-1,H[ 1,MAC KSD (initiator, target id, time interval)]..]]]  A ROUTE REPLY packet also contains eight fields (ROUTE REPLY, target, initiator, time interval, node list, MAC list, target MAC, key list)

GZ06 : Mobile and Adaptive Systems Ariadne Route Maintenance Using TESLA  To prevent unauthorized Route Error Messages, we authenticate a sender.  A ROUTE ERROR packet in Ariadne contains six fields (ROUTE ERROR,sending address, receiving address, time interval, error MAC,recent TESLA key)  It should handle the possible memory consumption attack.

GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

GZ06 : Mobile and Adaptive Systems Evaluation  Modified Simulation Model  Increased packet size to reflect the additional fields necessary for authenticating  Modified Route Discovery and Maintenance  Adjusted re-transmission timeouts for Route Requests to compensate for the delay  Disallowed the use of prefixes of routes in the Route Cache

GZ06 : Mobile and Adaptive Systems Evaluation - Packet Delivery Ratio 4.66% less PDR than DSR-NoOpt in maximum Ariadne outperforms DSR-NoOpt at lower level of mobility

GZ06 : Mobile and Adaptive Systems Evaluation - Packet Overhead Ariadne has 41.7% lower packet overhead than DSR-NoOpt

GZ06 : Mobile and Adaptive Systems Evaluation - Byte Overhead Ariadne has 26.19% higher byte overhead than DSR-NoOpt

GZ06 : Mobile and Adaptive Systems Evaluation – Path Optimality DSR-NoOpt performs slightly better than Ariadne

GZ06 : Mobile and Adaptive Systems Evaluation – Average Latency Ariadne always has consistently lower latency than DSR-NoOpt

GZ06 : Mobile and Adaptive Systems Security Analysis  Active-0-x  Bogus messages  Wormhole and rushing attacks  Active-1-x  Prevent two nodes from communicating  Replace MAC or keys in the Route Request  Active-y-x  Attempt to force the initiator to repeatedly initiate Route Discoveries  Resist Active-VC?  No solution provided

GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

GZ06 : Mobile and Adaptive Systems Related Work  Periodic protocols  Much overhead introduced (storage, bandwidth, control and delay)  Protocols that use asymmetric crypto.  Computationally expensive to sign and verify Possible DoS attacks  High network bandwidth usage  Protocols that use network-wide symmetric keys  Single-node compromise

GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

GZ06 : Mobile and Adaptive Systems Conclusions  Achievements  Security against various types of attacks  Efficient symmetric cryptography  General trusted hardware, powerful processors not needed  Overall Performance  Compared to optimized DSR: less efficient  Compared to unoptimized DSR: better in some metrics (e.g. packet overhead)

GZ06 : Mobile and Adaptive Systems Critical Appraisal  Key Setup  Methods: Pre-deployed, KDC, CA  Fixed nodes. Circular dependency. Centralized.  Clock synchronization.  Circular dependency  Resource constrained. Insecure  Maximum end-to-end delay  How to choose adaptively

GZ06 : Mobile and Adaptive Systems Critical Appraisal (cont.)  Delay and Buffer Size  Slow responsiveness  Resource constrained  Intermediate nodes authentication  Authentication on demand  Remaining Security Issues  Passive eavesdropper  Inserting data packets attack  Non-participating attacker  Single layer security scheme

GZ06 : Mobile and Adaptive Systems Thanks for your attention! Any questions?