CWSA Workshop SWAN: Survivable Wireless Ad Hoc Networks Cristina Nita-Rotaru Purdue University J oint work with: Baruch Awerbuch, Reza Curtmola, Dave Holmer.

Slides:

Advertisements

Similar presentations

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Advertisements

1 A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks By Lei Chen.

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

A Survey of Secure Wireless Ad Hoc Routing

Network Layer Routing Issues (I). Infrastructure vs. multi-hop Infrastructure networks: Infrastructure networks: ◦ One or several Access-Points (AP) connected.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.

1 Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols Yih-Chun Hu, Adrian Perrig, and David B. Johnson Presenter: Sandeep Mapakshi.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

Routing Security in Ad Hoc Networks

CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec

Mobile Ad-hoc Networks -- Overview and a case study Yinzhe Yu Oct. 8, 2003.

Component-Based Routing for Mobile Ad Hoc Networks Chunyue Liu, Tarek Saadawi & Myung Lee CUNY, City College.

High Throughput Route Selection in Multi-Rate Ad Hoc Wireless Networks Dr. Baruch Awerbuch, David Holmer, and Herbert Rubens Johns Hopkins University Department.

Ad Hoc Wireless Routing COS 461: Computer Networks

The Pulse Protocol: Mobile Ad hoc Network Performance Evaluation Baruch Awerbuch, David Holmer, Herbert Rubens {baruch dholmer WONS Jan.

Itrat Rasool Quadri ST ID COE-543 Wireless and Mobile Networks

Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola – Advanced Topics in Wireless Networks.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

VIRTUAL ROUTER Kien A. Hua Data Systems Lab School of EECS University of Central Florida.

Qian Zhang Department of Computer Science HKUST Advanced Topics in Next- Generation Wireless Networks Transport Protocols in Ad hoc Networks.

1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #3 Mobile Ad-Hoc Networks AODV Routing.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

Mobile Adhoc Network: Routing Protocol:AODV

GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.

Security in Mobile Ad Hoc Networks (MANETs) Group : ►NS. Farid Zafar Sheikh ►NS. Muhammad Zulkifl Khalid ►NS. Muhammad Ali Akbar ►NS. Wasif Mehmood Awan.

Ad-hoc On-Demand Distance Vector Routing (AODV) and simulation in network simulator.

Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.

Shambhu Upadhyaya 1 Ad Hoc Networks Routing Security Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 19)

A survey of Routing Attacks in Mobile Ad Hoc Networks Bounpadith Kannhavong, Hidehisa Nakayama, Yoshiaki Nemoto, Nei Kato, and Abbas Jamalipour Presented.

Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) – Advanced.

Routing Protocols for Mobile Ad-Hoc Networks By : Neha Durwas For: Professor U.T. Nguyen COSC 6590.

Cache Management of Dynamic Source Routing for Fault Tolerance in Mobile Ad Hoc Networks.

Dynamic Source Routing (DSR) Sandeep Gupta M.Tech - WCC.

Fault-Tolerant Papers Broadband Network & Mobile Communication Lab Course: Computer Fault-Tolerant Speaker: 邱朝螢 Date: 2004/4/20.

Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Security in Ad Hoc Networks. What is an Ad hoc network? “…a collection of wireless mobile hosts forming a temporary network without the aid of any established.

Attacks in Sensor Networks Team Members: Subramanian Madhanagopal Sivasankaran Rahul Poondy Mukundan.

1 Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols Yih-Chun Hu, Adrian Perrig, and David B. Johnson Presented By: Nitin Subramanian.

KAIS T High-throughput multicast routing metrics in wireless mesh networks Sabyasachi Roy, Dimitrios Koutsonikolas, Saumitra Das, and Y. Charlie Hu ICDCS.

Security and Cooperation in Wireless Networks Georg-August University Göttingen Secure routing in multi-hop wireless networks (I) Secure routing in multi-hop.

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

Ad Hoc On-Demand Distance Vector Routing (AODV) ietf

Improving Fault Tolerance in AODV Matthew J. Miller Jungmin So.

Denial of Service Resilience in Ad Hoc Networks (MobiCom 2004) Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly November 21 th, 2006 Jinkyu Lee.

Advisor: Prof. Han-Chieh Chao Student: Joe Chen Date: 2011/06/07.

Different Types of Attacks on Multicast in Mobile Ad Hoc Networks Reporter : Claudia 12011/12/ /06 $20.00 © 2006 IEEE.

Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.

Author：Zarei.M.；Faez.K. ；Nya.J.M.

Lecture 28 Mobile Ad hoc Network Dr. Ghalib A. Shah

Classification of various Attacks.

Mobicom ‘99 Per Johansson, Tony Larsson, Nicklas Hedman

A comparison of Ad-Hoc Routing Protocols

Mobile Ad hoc Network: Secure Issues In Multi-Hop Routing Protocols

任課教授：陳朝鈞教授學生：王志嘉、馬敏修

Mobile and Wireless Networking

High Throughput Route Selection in Multi-Rate Ad Hoc Wireless Networks

Routing in Mobile Wireless Networks Neil Tang 11/14/2008

Presentation transcript:

CWSA Workshop SWAN: Survivable Wireless Ad Hoc Networks Cristina Nita-Rotaru Purdue University J oint work with: Baruch Awerbuch, Reza Curtmola, Dave Holmer and Herb Rubens Johns Hopkins University

Cristina Nita-RotaruCWSA Workshop3 Wireless Revolution  WiFi ad hoc networks: infrastructure-less, distributed routing, maintenance built within the network, quick and cost-effective deployment.  Cellular networks: 3G cellular networks promise us multimedia contents (already provided in Japan by DoCoMo and in Europe by Vodafone).  Mesh networks: structured (mesh) wireless networks, providing the ‘last mile’ in terms of bandwidth. (cities like NYC and Phily; companies:Tropos, Flarion, Motorola, MeshNetworks, etc.)

Cristina Nita-RotaruCWSA Workshop4 Why You Need to Care About Security  Access control: medium is shared, lack of access control can translate into degradation of service.  Confidentiality: medium is open, vulnerable to eavesdropping.  Trust: multi-hop networks, nodes rely on un-trusted nodes to transport data.  Physical security: wireless devices are more likely to be stolen, data get compromised or an attacker can attack the network from the “inside”.  Physical layer: easy to jam.

Cristina Nita-RotaruCWSA Workshop5 Survivability Concepts  Fault-tolerance: benign failures (network partitions and merges, process crashes).  Confidentiality: protects from eavesdropping.  Active attacks: impersonation, replay attacks.  Denial of service: resource consumption.  Internal attacks: part of the infrastructure is compromised. Survivable protocols are able to provide correct service in the presence of attacks and failures. Byzantine adversary: an adversary that can do anything

Cristina Nita-RotaruCWSA Workshop6 Focus of This Talk Goal: designing routing protocols for multi-hop wireless networks that can provide correct service in the presence of compromised participants, as long as a correct (non-adversarial) path exists between source and destination. Challenges: mobility, decentralized environment, prone to errors, difficult to distinguish between failures and malicious behavior.

Cristina Nita-RotaruCWSA Workshop7 Outline  Attacks against routing in ad hoc wireless networks  ODSBR Goals and approach Protocol description Simulations showing attack mitigation  Current and future work

Cristina Nita-RotaruCWSA Workshop8 Routing in Ad Hoc Wireless Networks  On-demand protocols Discover a path only when a route is needed Flood to find a path to the destination, then use the reverse path to inform the source about the path Use duplicate suppression technique, only first flood that reaches a node is processed, next are discarded (all have the same identifier, higher identifiers denote new requests) Shortest path is selected based on a metric: AODV uses a hop count, while DSR uses the shortest recorded path Nodes cache discovered routes Route maintenance mechanisms, nodes report broken links

Cristina Nita-RotaruCWSA Workshop9 Fabrication and Modification Attacks  Change the path on the request packet and forward it  Generate false request messages to burden the network  Spoof IP address and send request  Send false route replies, modify replies, false topology  Send higher sequence numbers  Result: Nodes can add to a path and make it less probable that the “shortest path” is through them, or can shorten paths to make it more likely they are on paths. Use this to either avoid forwarding traffic, or for traffic analysis. Attacks against routing Attack is possible because of lack on integrity and authentication of the packets and no control of malicious behavior.

Cristina Nita-RotaruCWSA Workshop10 Fabrication and Modification Attacks (cont.)  Generate false route error messages  Drop route error messages  Spoof IP address and send error message for a valid route  Result: Attacker can continually tear down routes with false error messages, or by not reporting the error, packets will be lost. Attacks against routing Attack is possible because of lack on integrity and authentication of the packets.

Cristina Nita-RotaruCWSA Workshop11 Wormhole Attack  The wormhole turns many adversarial hops into one virtual hop creating shortcuts in the network  Attacker (or colluding attackers) records a packet at one location in the network, tunnels the packet to another location, and replays it there.  PACKETS LOOK LEGITIMATE, authentication and freshness mechanisms not enough.  Result: Allows an adversary to control path selection. Attacks against routing Attack is possible because of lack of a mechanism that controls that packets traveled on shortcuts.

Cristina Nita-RotaruCWSA Workshop12 Flood Rushing Attacks  Attacker disseminates request quickly throughout the network suppressing any later legitimate request By avoiding the delays that are part of the design of both routing and MAC (802.11b) protocols By sending at a higher wireless transmission level By using a wormhole to rush the packets ahead of the normal flow  Result: no path is established, or an attacker gets selected on many paths Attacks against routing Attack is possible because of flood request suppressing technique and attacker can rush packets through the network.

Cristina Nita-RotaruCWSA Workshop13 Misbehaving Nodes  Ad hoc networks maximize total network throughput by using all available nodes for routing and forwarding.  A node may misbehave by agreeing to forward the packet and then failing to do so because it is selfish, malicious (black holes) or fails (errors).  Result: throughput drops Attacks against routing Challenge: distinguish between the above 3 types of behavior.

Cristina Nita-RotaruCWSA Workshop14 ODSBR: Design Principles  Hop-by-hop protection, intermediate nodes are authenticated but not trusted  Instead of preventing wormholes formation, detect them if they cause problems  Limit the amount of damage an attacker can create to the network  Do not partition the network  Use a link reliability metric in which suspect links are avoided regardless of actual reason for detection Malicious behavior Adverse network behavior (bursting traffic) Shelfish or failures

Cristina Nita-RotaruCWSA Workshop15 ODSBR Overview Route Discovery with Fault Avoidance Link Weight Management Byzantine Fault Detection Discovered Path Faulty LinksWeight List An On-Demand Secure Routing Protocol Resilient to Byzantine Failures. In ACM Workshop on Wireless Security (WiSe), In conjunction with MOBICOM 2002, Baruch Awerbuch, Dave Holmer, Cristina Nita-Rotaru, and Herbert Rubens.

Cristina Nita-RotaruCWSA Workshop16 Fault Detection Strategy  Use authenticated acknowledgements from nodes on the path (requires source routing)  Probing technique: ask every node to send acknowledgements SD ODSBR Description

Cristina Nita-RotaruCWSA Workshop17 Trusted End Point Intermediate Router Adaptive Probing SourceDestination Success Fault 1 Fault 2 Fault 3 Fault 4 Successful Probe Failed Probe Fault Location Successful Interval Failed Interval Unknown Interval

Cristina Nita-RotaruCWSA Workshop18 Blackhole and Flood Rush Simulations Flood rushing helps the attacker to get selected on more paths, thus he can create more damage.

Cristina Nita-RotaruCWSA Workshop19 Wormhole Central Configuration Simulations (700,500)(300,500) (a) Central Wormhole ODSBR not affected by flood rushing, while one wormhole centrally placed creates significant damage.

Cristina Nita-RotaruCWSA Workshop20 Wormhole Overlay: Complete Coverage Simulations (500,500) (750,750)(250,750) (250,250)(750,250) (c) Complete Coverage Simulations Delivery ratio of AODV drops to 20%. 5 Adversaries completely control a network of 50 nodes.

Cristina Nita-RotaruCWSA Workshop21 ODSBR: Summary  Most important factors for of effective attack: flood rushing and strategic positioning of adversaries.  Two colluding adversaries forming a central wormhole combined with flood rushing can mount an attack that has the highest relative strength, it reduced AODV's delivery ratio to 51%.  ODSBR was able to mitigate a wide range of Byzantine attacks; not significantly affected by flood rushing. Its performance only decreased when it needed to detect and avoid a large number of adversarial links.

Cristina Nita-RotaruCWSA Workshop22 Ongoing and Future Work  Extend the model to hybrid networks (see our poster tomorrow!!!)  Investigate denial of service attacks against MAC(see our poster tomorrow!!!).  High-throughput aware routing, focus on interference from other flows.  Apply similar techniques to mesh networks, while taking advantage of their static nature.