Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Improvement for Ad Hoc Wireless Network Visal Kith ECE 695 05/05/2006.

Published byGertrude Waters Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Improvement for Ad Hoc Wireless Network Visal Kith ECE 695 05/05/2006."— Presentation transcript:

1 Security Improvement for Ad Hoc Wireless Network Visal Kith ECE 695 05/05/2006

2 Security Goal To improve security in ad hoc routing protocol, especially focus on AODV and DSR. To improve security in ad hoc routing protocol, especially focus on AODV and DSR. To secure data communication over wireless network. To secure data communication over wireless network.

3 Why Need Security? To ensure: To ensure: Integrity – no unauthorized modification of resources. Integrity – no unauthorized modification of resources. Non-repudiation – to ensure that a message was originally sent by the sender and it was verified that the message was received by the recipient. Non-repudiation – to ensure that a message was originally sent by the sender and it was verified that the message was received by the recipient. Confidentiality – information is never released to unauthorized users. Confidentiality – information is never released to unauthorized users.

4 Type of Attacks Passive Attacks Passive Attacks An attacker stay quietly and listening to the route traffic. The purpose of passive attack is to discover routing information, relationship between nodes, and the network topology. An attacker stay quietly and listening to the route traffic. The purpose of passive attack is to discover routing information, relationship between nodes, and the network topology. Active Attacks Active Attacks An attacker performs actions which to cause interruption and congestion to the network traffic by modifying the content of routing packet, broadcasting wrong information or old information. An attacker performs actions which to cause interruption and congestion to the network traffic by modifying the content of routing packet, broadcasting wrong information or old information.

5 Type of Attacks Denial of Service Attacks Denial of Service Attacks An attack on the network that causes a loss of service to other nodes, either by consuming the bandwidth or overloading the system. An attack on the network that causes a loss of service to other nodes, either by consuming the bandwidth or overloading the system. Impersonation Attacks Impersonation Attacks An attacker broadcast wrong routing information to other nodes and terminate the traffic for the desired destination node. An attacker broadcast wrong routing information to other nodes and terminate the traffic for the desired destination node. Military Attacks Military Attacks An attempt to destruct enemy networks in preparation for battle including intelligence gathering. An attempt to destruct enemy networks in preparation for battle including intelligence gathering. An attacker use passive attack to gathering information about network topology. To disable some part of the network temporarily by using denial of service attacks. An attacker use passive attack to gathering information about network topology. To disable some part of the network temporarily by using denial of service attacks.

6 Security Requirement To improve security we need: To improve security we need: An efficient key generation An efficient key generation An efficient key management An efficient key management Public key cryptography Public key cryptography Digital signature such as DSA, and RSA. Digital signature such as DSA, and RSA. Encryption algorithm such as RSA. Encryption algorithm such as RSA.

7 Key Generation Most public key cryptography require a large size key (prime number), usually 1024 – 2048 bits. Most public key cryptography require a large size key (prime number), usually 1024 – 2048 bits. For government and military application key size is up to 15,000. For government and military application key size is up to 15,000. How to generate a large prime number? How to generate a large prime number? Hash function is played an important role to generate a large number. Hash function is played an important role to generate a large number. Some popular hash functions are SHA-1, SHA-256, and SHA-512. Some popular hash functions are SHA-1, SHA-256, and SHA-512.

8 Key Generation Performance

9 Key Management Threshold Cryptography Threshold Cryptography A dealer shares a secret key between n parties. A dealer shares a secret key between n parties. At least k out of n node need to combine knowledge to perform cryptography operation. At least k out of n node need to combine knowledge to perform cryptography operation. However, combining the shares would not reveal the actual private key. However, combining the shares would not reveal the actual private key.

10 Digital Signature Generally, digital signature scheme consists of: Generally, digital signature scheme consists of: A key generation algorithm A key generation algorithm A signing algorithm A signing algorithm A verification algorithm A verification algorithm Two popular digital signature are: Two popular digital signature are: RSA Signature: developed by Rivest, Shamir and Adleman. The strength of RSA is depend on factoring problem. RSA Signature: developed by Rivest, Shamir and Adleman. The strength of RSA is depend on factoring problem. DSA: Digital Signature Algorithm was developed by National Institute of Standards and Technology (NIST). DSA: Digital Signature Algorithm was developed by National Institute of Standards and Technology (NIST).

11 Security Improvement of AODV AODV Routing Operation AODV Routing Operation RREQ – Route request message is broadcast when a node needs to discover a new route to a new destination. RREQ – Route request message is broadcast when a node needs to discover a new route to a new destination. RREP – Route reply message is broadcast by a destination node to the origination of the RREQ. RREP – Route reply message is broadcast by a destination node to the origination of the RREQ. RERR – Route error message is broadcast to notify other nodes that the loss of a link has occurred. RERR – Route error message is broadcast to notify other nodes that the loss of a link has occurred.

12 Security Improvement of AODV AODV Signature Routing Protocol AODV Signature Routing Protocol To provide confident that the message was sent and forwarded by a trusted node, signatures are required from the originator node, as well as an intermediate node. To provide confident that the message was sent and forwarded by a trusted node, signatures are required from the originator node, as well as an intermediate node. Originator Signature = [ h(m) ] K A- Originator Signature = [ h(m) ] K A- Hop Count Signature = [ h Count (Hop Count) ] K N- Hop Count Signature = [ h Count (Hop Count) ] K N-

13 Security Improvement of AODV Signature Routing for RREQ

14 Security Improvement of AODV Signature Routing for RREP

15 Security Improvement of AODV Signature Routing for RERR

16 Security Improvement of DSR DSR Signature Routing Protocol DSR Signature Routing Protocol Similar to AODV, I also use signature routing to secure DSR routing protocol. Similar to AODV, I also use signature routing to secure DSR routing protocol. Originator Signature = [ h(m) ] K A- Originator Signature = [ h(m) ] K A- Address Signature = [ h(Address[1], … Address[i]) ] K i- Address Signature = [ h(Address[1], … Address[i]) ] K i- Where 1 <= i <= n Where 1 <= i <= n

17 Security Improvement of DSR Signature Routing for RREQ

18 Security Improvement of DSR Signature Routing for RREP

19 Security Improvement of DSR Signature Routing for RERR

20 Communication Security Over Ad Hoc Wireless Network Communication such as sending document files, media file, voice communication.etc. over wireless network may be in risk of getting attack. Communication such as sending document files, media file, voice communication.etc. over wireless network may be in risk of getting attack. This paper introduce to use RSA encryption to encrypt the data before sending to the receiver. This paper introduce to use RSA encryption to encrypt the data before sending to the receiver. Requirement: key size >= 2048 depend on how secret the information is. Requirement: key size >= 2048 depend on how secret the information is.

21 A Better Security To have a better security, I introduce to use nonce, timestamp, and digital signature while encrypting a data. To have a better security, I introduce to use nonce, timestamp, and digital signature while encrypting a data. Nonce – is a number that randomly generate and use only once to ensure that an old communication cannot be reused in replay attacks. Nonce – is a number that randomly generate and use only once to ensure that an old communication cannot be reused in replay attacks. Timestamp - can refer as a time code which uses to verify the existence of the signed document at the time given. Timestamp - can refer as a time code which uses to verify the existence of the signed document at the time given.

22 How does it work? Ex: if node A wants to send message m to node B: Ex: if node A wants to send message m to node B: Node A needs to sign on message m Node A needs to sign on message m SM A = [m]K A- Then A encrypt CP = {m, N A, t}K A+ Then A encrypt CP = {m, N A, t}K A+ SC A = [CP]K A- Then A  B the following: Then A  B the following: {m, N A, t}K A+, SM A, SC A

23 How does it work? When B receive the message from A, B need to verify the following: When B receive the message from A, B need to verify the following: SC A – is valid or not? SC A – is valid or not? Decrypt the message Decrypt the message Check if nonce is valid? Check if nonce is valid? Check if timestamp is valid? Check if timestamp is valid? SM A – is valid or not? SM A – is valid or not? If all the conditions above passed, then B assume that the message m is valid and it was sent by a trusted node. Otherwise, reject the message and send attemp hack notification. If all the conditions above passed, then B assume that the message m is valid and it was sent by a trusted node. Otherwise, reject the message and send attemp hack notification. Ex: “Attempt Hack Notification – From IP = 79.134.1.210” Ex: “Attempt Hack Notification – From IP = 79.134.1.210”

24 Future Work Improve network topology Improve network topology Need faster key generation Need faster key generation Improve key management system Improve key management system Create a better and secure cryptographic system??? Create a better and secure cryptographic system???

25 Refferences [1] S. Čapkun, J. Hubaux, and L. Buttyán. Mobility Helps Security in Ad Hoc Networks. [2] S. Chakrakbarti, and A. Mishra. Quality of Service in Mobile Ad Hoc Networks. [3] J. Choi. Security Problems for Ad Hoc Routing Protocols. [4] Y. Hu, A. Perrig, and D. Johnson. Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols. [5] Y. Huang and W. Lee. Attack Analysis and Detection for Ad Hoc Routing Protocols. [6] D. Johnson, and Y. Hu. The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks (DSR). IETF MANET Working Group. July 19, 2004. http://www.ietf.org/internet-drafts/draft-ietf-manet-dsr-10.txt [7] A. Mishra and K. Nadkarni. Security in Wireless Ad Hoc Networks. [8] P. Papadimitratos and Z. Haas. Securing Mobile Ad Hoc Networks. [9] C. Perkins, and E. Belding-Royer. RFC 3561 – Ad Hoc On-Demand Distance Vector (AODV) Routing. Networking Group, RFC 3561. July, 2003. http://www.faqs.org/ftp/rfc/pdf/rfc3561.txt.pdf [10] E. Rescorla. Diffie-Hellman Key Agreement Method. Network Working Group, RFC 2631. June 1999. http://www.faqs.org/rfcs/rfc2631.html [11] K. Sanzgiri, B. Dahill, B. Levine, C. Shields, and E. Belding-Royer. A Secure Routing Protocol for Ad Hoc Networks. [12] J. Seberry, J. Pieprzyk, and T. Hardjono. Fundamentals of Computer Security. Pages 171- 216, 256 – 280, and 283 – 350. 2003 [13] US Department of Commerce and National Institute of Standards and Technology, (2000). Digital Signature Standard. Federal Information, Processing Standards Publication 186-2. http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf [14] S. Yi, P. Naldurg, and R. Kravets. A Security-Aware Routing Protocol for Wireless Ad Hoc Networks. [15] D. Zhou. Security Issues in Ad Hoc Networks. [16] L. Zhou, and Z. Haas. Securing Ad Hoc Networks.

26 Questions??? You can download this paper at: http://www.vkith.com/secure_ad_hoc.pdf

Download ppt "Security Improvement for Ad Hoc Wireless Network Visal Kith ECE 695 05/05/2006."

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Cryptography Basic (cont)

Cryptography Basic (cont)
Security in Ad Hoc Networks Steluta Gheorghiu Universitat Politecnica de Catalunya Departament d’Arquitectura de Computadors.

Security in Ad Hoc Networks Steluta Gheorghiu Universitat Politecnica de Catalunya Departament d’Arquitectura de Computadors.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks

Similar presentations

Ads by Google