1. Secure Routing for Mobile Ad Hoc Networks (MANETs)
Presented by
Karthik Sadasivam
Date: 9/14/2004
9/16/2018

2. Overview Introduction MANETs Routing Protocols for MANETs DSR AODV
DSDV
Exploits allowed by existing protocols
9/16/2018

3. Overview (contd.) Conclusion References Secure Routing Protocols ARAN
SRP
TESLA
ARIADNE
SEAD
Conclusion
References
9/16/2018

4. Introduction
Prior research in ad hoc networking has generally studied the routing problem in a non-adversarial setting, assuming a trusted environment
The current routing protocols have been developed only for trusted environments
Ad hoc networks are vulnerable to several types of attacks due to the distributed nature of the nodes.
Several new routing protocols have been devised to overcome the
9/16/2018

5. Mobile Ad hoc Networks (MANETs)
A group of wireless mobile computers (nodes)
Nodes cooperate by forwarding packets for each other
Need no fixed network infrastructure
Can be quickly and inexpensively setup
Applications: military exercises, disaster relief, mine site operations, etc
9/16/2018

6. Routing Protocols for MANETs
Table driven (proactive)
DSDV
On-demand (reactive)
DSR
AODV
Hybrid
ZRP (Zone Routing Protocol)
9/16/2018

7. DSDV Design goals: Keep the simplicity of Bellman-Ford
Avoid the looping problem
Remain compatible in cases where a base station is available
Idea:
modify the conventional Bellman-Ford routing algorithm
Approach:
Model each host as a router
Tag each routing table entry with a sequence number
Destination
Next Hop
Metric
Seq. No
Install Time
Stable Data
9/16/2018

8. DSR Dynamic Source Routing
An on-demand ad hoc network routing protocol composed of two phases:
Route discovery
Initiator transmits ROUTE REQUEST (RREQ) packet as local broadcast specifying target and a unique identifier from the initiator
Each node receiving the RREQ discards the request if it has seen the request identifier from the originator
Otherwise it appends its node address to a list in RREQ and rebroadcasts the RREQ
When RREQ reaches target, target sends ROUTE REPLY (RREP) back to initiator of RREQ with a copy of the accumulated address list from RREQ
9/16/2018

9. DSR (Contd.) Route Maintenance DSR is a source routing protocol
Path to be followed included in the packet header
If a node on path does not get an ack after a limited number of local retransmissions it returns ROUTE ERROR (RERR) back to originator identifying the broken link
Originator then removes path containing broken link from cache
May use an alternate route to destination if one exists in cache
Else it initiates a new route discovery
9/16/2018

10. Example of DSR
Intermediate nodes broadcast it to their neighbors if identifier is “fresh”
S broadcasts RREQs to its neighbours
S- Source D- destination
9/16/2018
D unicasts a reply to S

11. AODV Ad Hoc On Demand Distance Vector Routing
AODV builds routes using a route request / route reply query cycle
In addition to the source node's IP address, current sequence number, and broadcast ID, the RREQ also contains the most recent sequence number for the destination of which the source node is aware.
A node receiving the RREQ may send a route reply (RREP) if it is either the destination or if it has a route to the destination with corresponding sequence number greater than or equal to that contained in the RREQ
9/16/2018

12. AODV (contd.) if yes it unicasts RREP back to source
else it rebroadcasts RREQ
If the source later receives a RREP containing a greater sequence number or contains the same sequence number with a smaller hop count, it updates its routing information for that destination.
9/16/2018

13. Exploits allowed by existing protocols
Attacks using modification (Data Integrity, Availability))
Redirection by modified route sequence numbers
Redirection with modified hop counts
DoS with modified source routes
Tunneling
Attacks using impersonation (Source Integrity, Authenticity)
Forming loops by spoofing
Attacks using fabrication (Data integrity)
Falsifying route errors in AODV and DSR
Route cache poisoning in DSR
Wormhole Attack
9/16/2018

14. Redirection by modified route sequence numbers
9/16/2018

15. DoS with modified source routes
9/16/2018

16. Tunneling
9/16/2018

17. Forming loops by spoofing
M- malicious node
9/16/2018

18. Falsifying Route Errors in AODV and DSR
9/16/2018

19. Route Cache Poisoning in DSR
In addition to learning routes from headers of packets that a node processes along a path routes may be learned from promiscuously received packets
A node overhearing any packet may add routing information contained in that packets header to its own route cache even if it is not on the path from source to destination
This type of attack may lead to added overhead in terms of memory since falsified routes are added to the routing table
9/16/2018

20. Wormhole attack S M1 N2 M2 N3 N4 D
Tunnel
Two colluding malicious nodes attempt to tunnel packets between them
Disrupts the communication by preventing routes from being discovered
Solution : Packet leashes – Authentication based on timestamps and location information
9/16/2018

21. Secure Routing Protocols
Route signaling cannot be spoofed (Source integrity)
Fabricated routing messages cannot be injected into the network (Data integrity)
Routing messages cannot be altered in transit except according to the normal functionality of the routing protocol (Data integrity)
Routing loops cannot be formed through malicious actions (Availability)
Routes cannot be redirected from shortest path through malicious actions (Availability)
Unauthorized nodes should be excluded from route computation and discovery (Authenticity)
9/16/2018

22. ARAN Authenticated Routing for Ad hoc Networks Components
Certification
Authenticated route discovery
Authenticated route setup
Route maintenance
Key revocation
9/16/2018

23. Certification
Requires use of trusted certificate server T (Potential bottleneck?)
Before entering network each node needs to request a certificate from T
Node A receives certificate as:
T->A :certA=[IPA ,KA+ ,t ,e] KT-
9/16/2018

24. Authenticated route discovery
Source A begins route instantiation to destination X by broadcasting a route discovery packet (RDP):
A->brdcst:[RDP, IPX, certA, NA, t] KA-
Let B be the neighbor that receives the RDP which it subsequently rebroadcasts
B->brdcst:[[RDP, IPX, certA, NA, t] KA-] KB-, certB
Let C be the neighbor that receives Bs broadcast. C subsequently broadcasts
C->brdcst:[[RDP, IPX, certA, NA, t] KA-] KC-,certC
Each node along the path repeats these steps of validating previous node’s signature, removing the previous node’s certificate and signature, recording the previous node’s IP address, signing the original contents of the message, appending its own certificate and forward broadcasting the message
9/16/2018

25. Authenticated Route Setup
After receiving RDP destination unicasts a reply REP packet back along reverse path to source. Let D be the first node that receives the REP sent by X
X->D:[REP,IPa,certX,Na,t] Kx-
Let D’s next hop to source be C
D->C:[[REP,IPa,certX,Na,t]Kx-]Kd,certD
C->B:[[REP,Ipa,certX,Na,t]Kx-]Kc-,certC
When source receives REP it verifies destination’s signature and nonce returned by the destination.
9/16/2018

26. Route Maintenance
When no traffic occurs on an existing route for sometime that route is deactivated in routing table
Data received on an inactive route causes nodes to generate Error (ERR) messages that travel the reverse path towards the source
Nodes also use ERR to report links in active routes that break due to node movement.
All ERR messages must be signed
B->C:[ERR,IPa,IPx,certB,Nb,t]Kb-
Nonce and timestamp ensure ERR message is fresh.
9/16/2018

27. Key revocation
In the event that a certificate needs to be revoked the trusted certificate server T sends a broadcast message to the ad hoc group announcing the revocation
T-> brdcst : [revoke,certR] Kt-
Nodes receiving this message re-broadcasts it to its neighbors
Neighbors of nodes with revoked certificates need to reform routing as necessary to avoid transmission through the now untrusted node.
9/16/2018

28. Summary of ARAN
9/16/2018

29. SRP Secure Routing Protocol Assumptions
Security association between S and T assumed KS,T (bidirectional)
Bidirectional links
Promiscuous mode operation
9/16/2018

30. Overview of SRP
S initiates route discovery by constructing route request packet identified by query sequence number and random query identifier
Source, destination and query ID used as input for MAC calculation with KS,T
Identities of traversed nodes accumulated in route request packet.
Intermediate nodes discard previously seen route requests
Destination T constructs route reply; calculates MAC covering route reply contents and returns packet to S
Multiple replies may reach S
S validates replies and updates its topology view
9/16/2018

31. Possible attack against SRP
Nodes collude during the two phases of single route discovery
E.g. M1 receives request tunnels it to M2, M2 broadcasts request with path between M1 and M2 falsified e.g. {Qs,t:S,M1,Z,M2}. T constructs reply and routes over {T,M2,Z,M1,S}. M2 tunnels reply to M1 thus completing attack
9/16/2018

32. SRP Packet Format SRP extension of a reactive routing protocol
9/16/2018

33. TESLA Broadcast authentication protocol
Timed Efficient Stream Loss-tolerant Authentication
sender chooses a random initial key Kn and generates a one-way hash function H on this value:
K n-1=H(Kn); Kn-2=H(Kn-1)...
sender predetermines a schedule at which it discloses each key of its one-way key chain in the reverse order from generation i.e. K0,K1,K2,...
9/16/2018

34. TESLA Loose time synchronization between sender and receiver
when receiver receives a packet it verifies security condition i.e key Ki used to authenticate packet cannot yet have been disclosed
if yes receiver buffers packet and waits for sender to disclose Ki while using disclosed key to authenticate buffered packets (potential performance bottleneck)
if no it drops packet
9/16/2018

35. ARIADNE
An on demand secure routing protocol based on TESLA broadcast authentication protocol
Further based on DSR
Assumptions
Nodes may vary greatly in terms of resources hence it is assumed that nodes have few resources and hence asymmetric cryptography may be unsuitable for such resource constrained nodes
Network links are bi-directional
Network may drop, corrupt, reorder or duplicate packets in transmission
Each node must be able to estimate end-to-end transmission time to any other node in the network
9/16/2018

36. Notation A, B are principals such as communicating nodes
KAB and KBA denote secret MAC keys shared between A and B
MAC KAB(M) denotes computation of message authentication code of M with MAC key KAB
9/16/2018

37. Ariadne Route Discovery
Route discovery has two stages: initiator floods the network with ROUTE REQUEST and the target returns a ROUTE REPLY.
Route Request packet has the following format-
<ROUTE REQUEST, initiator, target, id, time interval, hash chain, node list, MAC list>
To secure the Route Request packet Ariadne provides the following properties:
Target node can authenticate initiator
Initiator can authenticate each entry of the path in ROUTE REPLY
No intermediate node can remove a previous node in the node list in Requestor REPLY
9/16/2018

38. Ariadne Route Discovery
If RREQ valid RREP returned as
<RREP,target,initiator,time interval,node list,MAC list,target MAC,key list>
RREP returned to initiator of RREQ along source route obtained by reversing node list of the RREQ
Node forwarding RREP waits till it can disclose its key from specified time interval; it then appends that key to key list and forwards packet
Initiator verifies each key in key list is valid and target MAC is valid and that each MAC in MAC list is valid
9/16/2018

39. Ariadne Route Maintenance
Node forwarding packet to next hop along source route returns Route ERROR to original sender of packet if it is unable to deliver packet after a limited number of retransmissions
ERROR needs to be authenticated by sender
Each node on return path to source forwards the ERROR
9/16/2018

40. SEAD
Based on DSDV
Using one-way hash chains rather than asymmetric cryptographic operations
One-way hash chains
Built on a one-way hash function.
H:{0,1}*→{0,1}p
Simple to compute but infeasible to invert
Message Authentication
The source node randomly pick up a value x in the beginning, and then it generates a hash chain: x=h0,h1,h2,…,hn
Suppose m is the network diameter, and n is divisible by m
It then releases hn to everybody
9/16/2018

41. SEAD (contd..)
For authenticating a routing update with sequence number i and metric j, it sends hn-i*m+j
The attacker can never forge better metrics or sequence numbers
Attacker can only generate worse metrics or sequence numbers
However, other information such as node name or next hop can be forged
To prevent this, stream authentication schemes such as TESLA, HORS can be used
Their recent paper Ariadne has this feature!
9/16/2018

42. Conclusions Examined the need for secure routing protocols
Classification of attacks
Current research aimed at symmetric cryptography in MANETs
Study of secure routing protocols for MANETs
Directions for further research
Authentication and PKI
Performance analysis
9/16/2018

43. Bibiliography
Yih-Chun Hu, Adrian Perrig, David B. Johnson. "Ariadne: A secure On-Demand Routing Protocol for Ad hoc Networks" MobiCom 2002, September 23-28, 2002, Atlanta, Georgia, USA
P. Papadimitratos and Z. Haas. "Secure routing for mobile ad hoc networks" (SRP) SCS Communication Networks and Distributed Systems Modeling and Simulation Conference, pp , January
Kimaya Sanzgiri, Bridget Dahill, Brian Neil Levine, Clay Shields and Elizabeth M. Belding royer. "A Secure Routing Protocol for Ad Hoc Networks" (ARAN) In International Conference on Network Protocols (ICNP), Paris, France, November
Yih-Chun Hu, David B. Johnson, Adrian Perrig. "SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks" Fourth IEEE Workshop on Mobile Computing Systems and Applications (WMCSA '02), pp:3-13, Jun
9/16/2018

44. Bibiliography (contd..)
Mobile Ad Hoc Networking  Stefano Basagni (Editor), Marco Conti (Editor), Silvia Giordano (Editor), Ivan Stojmenovic, (Editor) ISBN:   Wiley-IEEE Press : Chapter 12: Ad hoc networks Security Pietro Michiardi, Refik Molva
C. Perkins and P. Bhagwat. Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for Mobile Computers. In Proc. of the ACM SIGCOMM, October
C. E. Perkins and E. M. Royer, "Ad hoc on demand distance vector (AODV) routing (Internet-Draft)," Aug
D. B. Johnson and D. A. Maltz, "Dynamic source routing in ad hoc wireless networks." draft-ietf-manet-dsr-04.txt,
9/16/2018

45. Thank you!
Any Questions?
9/16/2018