Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Survey of Secure Wireless Ad Hoc Routing

Published byHendra Sutedja Modified over 6 years ago

Similar presentations

Presentation on theme: "A Survey of Secure Wireless Ad Hoc Routing"— Presentation transcript:

1 A Survey of Secure Wireless Ad Hoc Routing
2/24/2019 A Survey of Secure Wireless Ad Hoc Routing Authors: Yih-Chun Hu and Adrian Perrig Publish: IEEE Security and Privacy special issue on Making Wireless Work, 2(3):28-39, 2004 Presenter: Danzhou Liu Dr. Wei CSE, UNSW

2 Contents Introduction Attacks on Ad Hoc Network
Secure Routing in Ad Hoc Network Discussions 2/24/2019 CDA6938

3 Introduction This paper is a survey of research in secure ad hoc routing protocols and the challenges faced. Ad hoc network Collection of mobile nodes forming a network Do not have a pre-established network infrastructure such as base access points Each node moves dynamically and arbitrarily All nodes typically operate on a common frequency band Routing protocols are needed if network span exceeds radio range (multi-hop) Applications Search and Rescue Disaster Recovery Automated Battlefields 2/24/2019 CDA6938

4 Introduction Challenges in ad hoc networks Limited physical security
Lack of infrastructure and authorization facilities Security protocols for wired networks cannot work for ad hoc networks Volatile network topology makes it hard to detect malicious nodes Intrinsic mutual trust vulnerable to attacks 2/24/2019 CDA6938

5 MANET Routing Protocols Classification
2/24/2019 CDA6938

6 DSR The Dynamic Source Routing (DSR) is a reactive topology-based routing protocol. Route discovery When the source node S wants to send a packet to the destination node D, it first consults its route cache. If an unexpired route is found, use this route. Otherwise, S initiates route discovery by broadcasting a route request (RREQ) packet (SID, DID, seq_no). Each node appends its own identifier when forwarding RREQ Limited flooding: the node only forwards the RREQ to its neighbors if the RREQ has not yet been seen by the node and if the node’s address does not already appear in the route record. After receiving RREQ, node D or an intermediate node containing unexpired route to node D generates a route reply (RREP) to node S. Route maintenance Route error packets and acknowledgments 2/24/2019 CDA6938

7 DSR: Route Discovery N2 N5 N8 N1 N4 N7 N3 N6 2/24/2019 CDA6938
Destination N1 N5 N8 Source N1 N1-N2-N5 N1-N3-N4-N7 N1-N3-N4 N4 N7 N1 N1-N3-N4 N1-N3 N1-N3-N4-N6 N3 N1-N3-N4 N6 2/24/2019 CDA6938

8 DSR: Route Reply N2 N5 N8 N1 N4 N7 N3 N6 Destination Source 2/24/2019
CDA6938

9 DSDV The Destination-Sequenced Distance-Vector (DSDV) is a proactive topology-based routing protocol. Each node maintains a routing table which stores next hop towards each destination a cost metric for the path to each destination a destination sequence number that is created by the destination itself Sequence numbers used to avoid formation of loops Each node periodically and triggeredly forwards the routing table to its neighbors Route Selection Select route with higher destination sequence number (This ensure to use always newest information from destination) Select the route with better metric when sequence numbers are equal. 2/24/2019 CDA6938

10 DSDV: Route Update A B C B increases Seq. No from 100 => 102
2/24/2019 B increases Seq. No from 100 => 102 B sends routing update to A and C (A, 1, A-500) (B, 0, B-102) (C, 1, C-588) (A, 1, A-500) (B, 0, B-102) (C, 1, C-588) A B C Dest. Next Metric Seq. A A-550 B 1 B-100 C 2 C-586 Dest. Next Metric Seq. A 1 A-550 B B-100 C 2 C-588 Dest. Next Metric Seq. A B 1 A-550 2 B-100 C C-588 B-102 B-102 B-102 2 1 1 C-588 2/24/2019 CDA6938 Dr. Wei CSE, UNSW

11 Contents Introduction Attacks on Ad Hoc Network
Secure Routing in Ad Hoc Network Discussions 2/24/2019 CDA6938

12 Two Attack Categories (DoS)
Routing-disruption attacks: drive packets onto dysfunctional routes Routing loop: send forged routing packets to create a routing loop Black hole: drop all packets Gray hole: drop some packets, e.g., just forward routing packets but not data packets Gratuitous detour: claim falsely longer route by adding virtual nodes Wormhole: use a pair of attacker nodes linked via a private network connection, prevent other nodes to discover routes. Rushing: fire ROUTE REQUESTS in advance to suppress any later legitimate ROUTE REQUESTS against on-demand routing protocols Resource-consumption attacks: inject packets into the network Consume network resources such as bandwidth, nodes’ memory and computation power 2/24/2019 CDA6938

13 Attacker Model Passive Attacker: not inject packets, just eavesdrop
Just threat against communication privacy or anonymity Not against the network’s function or routing protocol Not be discussed further Active Attacker: eavesdrop and inject packets Assume that the attacker owns all the cryptographic key information of compromised nodes and distributes it among all its nodes. Active-n-m, where n is the number of nodes it has compromised and m is the number of nodes it owns: Active-0-1 Active-0-x Active-1-x Active-y-x ActiveVC: controls all traffic between nodes Increasing strength 2/24/2019 CDA6938

14 Contents Introduction Attacks on Ad Hoc Network
Secure Routing in Ad Hoc Network Discussions 2/24/2019 CDA6938

15 Key Setup in Ad Hoc Network
How to spread key for authentication. Secrete Key: a shared key to encode and decode (DEC). Public Key: a shared public key to encode and a private key to decode (RSA). Common set of authorities Protect private key distribution from eavesdrop Protect legal nodes list distribution from active attack by side channel 2/24/2019 CDA6938

16 Protect Key Distribution
SUCV Addresses Each node generates a public- and private-key pair Choose its address based on a cryptographic hash function of the public key Certificate Authority (CA). Node has a certificate containing its address, public key and a signature from CA. CA is vulnerable to compromise. This is overcome by requiring a node to have certificates from several CAs. Transitive Trust and PGP Trust Graph Each node signs certificates for other nodes If A trusts B, and B trusts C, then A trusts C Public Key Revocation Revoke the certificate for a compromised node’s public key Sign Negative certificates Blacklisting or flooding other revocation information 2/24/2019 CDA6938

17 Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Network
Ariadne is a secure on-demand routing protocol Based on Dynamic Source Routing (DSR) Protocol Withstand node compromise, avoid routing misbehavior by monitoring nodes’ prior performance Rely only on highly efficient symmetric cryptography Use one way hashing to overcome node removal from the node list Route request authenticity & Route reply authentication Ariadne can authenticate routing messages using one of three schemes: Shared secrets between each pair of nodes Shared secrets between communicating nodes combined with broadcast authentication Digital Signatures 2/24/2019 CDA6938

18 Route Discovery Route Request
<Route Request, initiator, target, id, time interval, hash chain, node list, MAC list> (Note: MAC: Message Authentication Code) Initiator initializes hash chain to MACKSD(initiator, target, id, time interval) Non-target node A which receives the request checks <initiator, id> and checks time interval Time interval : must not be too far in the future and key corresponding to it must not be disclosed yet If any condition fails, discard the request If all conditions hold, A appends its address to node list, replaces hash chain with H[A, hash chain], appends MAC of entire Request with TESLA key KAi to MAC list 2/24/2019 CDA6938

19 Route Discovery Route Reply Target checks validity of Request
By determining that the keys are not disclosed yet and that the hash chain is equal to If Request is valid, target returns a Route Reply Route Reply <Route Reply, target, initiator, time interval, node list, MAC list, target MAC, key list> Sent to initiator along the route in node list Forwarding node waits and appends its key Initiator verifies each key in key list, target MAC, each MAC in MAC list H[nn, H[nn-1, H[…,H[n1, MACKSD(initiator, target, id, interval)]…] 2/24/2019 CDA6938

20 Route Discovery Route Request
RS* = <M, h0, (), ()> RA* = <M, h1, (A), (MA)> RB* = <M, h2, (A, B), (MA, MB)> RE* = <M, h’2, (A, E), (MA, ME)> Route Request Route to be found: S  A  B  C  D M = Request, S, D, id, ti S : h0 = MACKSD(M) S   : M, h0, (), () A : h1 = H (A, h0) MA = MACKAti M, h1, (A), () A   : M, h1, (A), (MA) B : h2 = H (B, h1) MB = MACKBti M, h1, (A, B), (MA) B   : M, h2, (A, B), (MA, MB) C : h3 = H (C, h2) MC = MACKCti M, h3, (A, B, C), (MA, MB) C   : M, h3, (A, B, C), (MA, MB, MC) S RA* RS* RE* E A RB* B RC* RF* F C RG* G D Finally, D checks validity of request by checking whether keys are disclosed, and hash chain consistent RC* = <M, h3, (A, B, C), (MA, MB, MC)> RF* = <M, h’3, (A, B, F), (MA, MB, MF)> RG* = <M, h’4, (A, B, C, G), (MA, MB, MC, MG)> 2/24/2019 CDA6938

21 Route Discovery Route Reply
M = Reply, D, S, ti , (A, B, C), (MA, MB, MC)  D : MD = MACKDS (M) D  C : M, MD, () C  B : M, MD, (KCti) B  A : M, MD, (KCti, KBti) A  S : M, MD, (KCti, KBti, KAti) RDC = <M, MD, ()> RCB = <M, MD, (KCti)> RBA = <M, MD, (KCti, KBti)> RAS = <M, MD, (KCti, KBti, KAti)> S RAS E A RBA B RCB F Finally, S verifies each key in key list, target MAC, each MAC in MAC list C RDC G D 2/24/2019 CDA6938

22 SEAD: Secure Efficient Ad Hoc Distance Vector
Based on DSDV (Destination-Sequenced Distance-Vector) ad hoc routing protocol Overcomes attackers creating incorrect routing state Using one-way hashing chain and sequence number Authenticating Routing Updates 2/24/2019 CDA6938

23 Secure AODV (Ad Hoc On-demand Distance Vector) Routing Protocol
ARAN: Authenticated Routing for Ad Hoc Networks Each node has a certificate signed by a trusted authority On-Demand Routing with route discovery and maintenance Record next hop and when unavailable it initiate route maintenance 2/24/2019 CDA6938

24 Secure AODV SAODV Add signature extensions to AODV
Use hash chain to confirm each hop Allow a route reply double signature extension (RREP-DSE) from intermediate node. 2/24/2019 CDA6938

25 Secure Link-State Routing
Digital signatures and one way hash chains Updates through the Neighbor Lookup Protocol (NLP) Hash chains used to authenticate hop count Limited hops when LS update Lightweight flooding prevention 2/24/2019 CDA6938

26 Reputation Based Systems
Require underlying secure routing protocol Four components of Confidant: monitor, trust monitor, reputation system, and path manager. Using Weight list List of links with cost metric associated with each link Protect route from existing attacker 2/24/2019 CDA6938

27 Discussions Strengths of the paper Weaknesses of the paper Future work
Discuss possible attacks Presents an attacker model Presents state-of-art secure wireless ad hoc routing techniques Weaknesses of the paper A more complete model of possible attacks would let the protocol designers evaluate the security of their routing protocols. Not discuss how to improve performance efficiency Future work Model secure routing problems Design routing protocols that have strong security as well as good performance 2/24/2019 CDA6938

28 Thank You Q&A 2/24/2019 CDA6938

Download ppt "A Survey of Secure Wireless Ad Hoc Routing"

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
1 A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks By Lei Chen.

1 A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks By Lei Chen.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Yih-Chun Hu Carnegie Mellon University

Yih-Chun Hu Carnegie Mellon University
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec. 2006.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
Mobile Ad-hoc Networks -- Overview and a case study Yinzhe Yu Oct. 8, 2003.

Mobile Ad-hoc Networks -- Overview and a case study Yinzhe Yu Oct. 8, 2003.

Similar presentations

Ads by Google