Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim."— Presentation transcript:

1

2 Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim Parker Anupam Joshi Michaela Iorga Tom Karygiannis National Institute for Standards and Technology National Institute for Standards and Technology March 10, 2005 Kauai Island, Hawaii March 10, 2005 Kauai Island, Hawaii

3 Challenges Wireless communication Short range (802.11, Bluetooth etc.) Open medium Identification and Authentication PKI based solutions infeasible No prior trust relationships Routing Based on dynamic cooperative peer relations Key to survival of MANET Device constraints Power Conservation Finite Storage Computation power

4 AODV Ad hoc On-demand Distance Vector routing protocol All up to date routes are not maintained at every node Minimizes number of broadcasts by creating routes on- demand Routes are created as and when required Route remains valid until destination is unreachable or the route is no longer needed Adaptation to dynamic link conditions Low processing and Memory Overhead Low Network Utilization

5 AODV Messaging Source Node – node originating routing request Destination Node – sends route reply Sequence Numbers – used to avoid loops/replay Route Request – route discovery message Route Reply – destination to source message Route Error – destination node unreachable Intermediate Node Path List – list of nodes traversed along message path

6 Attacks Attacks can be broadly classified into Routing disruption attacks Resource consumption attacks Attacks on data traffic Objective: Isolate and deny resources to intrusive and/or chronically faulty nodes

7 Routing disruptions Malicious nodes may: convince nodes that it is routing packets to the correct destination when it is not, fabricate route-maintenance messages, refuse to forward or simply drop packets, spoof routing addresses, and/or modify messages.

8 Secure Routing in MANETs Each node is a Router Identification and Authentication Statistically Unique and Cryptographically Verifiable (SUCV) identifiers No prior trust relationships required Large address space of IPv6 suitable for SUCVs Secure binding between IPv6 address and Public key

9 Secure Routing in MANETs Routing state Additional fields in control messages to protect data SUCV: IPv6 address and Public Key Secure binding, computationally infeasible to compute private key in order to spoof Routing messages protected against mangling and masquerading

10 Binding IP Address and RSA Public Key 2003:13:0:0:16ba:ae7f:8aea:dab3 2003:33:0:0:31ba:af0f:82ea:a0b IP: 64-bit Network Specific ID64-bit Hash of Public Key 64-bit Network Specific ID RSA Public Key RSA Public Key Signature MESSAGE: Securing the IPv6 AODV

11 Wired Networks –Traffic monitoring at routers, gateways, firewalls –Static routes –Physical security MANETs –Mobile nodes –Other radio interference –Reliance on cooperative mechanisms for routing –Intrusion detection limited to devices within radio-range Intrusion Detection

12 Identity –Use SUCVs Mobility –False positives Scalability –Large radio-ranges or dense networks Aggregation of data –Communicate intrusions data to warn others Intrusion Detection Challenges

13 Packet Forwarding A C B Datagram dgram_in has: Source IPv6 address, x  U – {B,C} Destination IPv6 address, y  U – {B,C} MAC source, mac(u), u  U – {B,C} MAC destination, mac(B) Corresponding dgram_out must have: Source IPv6 address, x Destination IPv6 address, y MAC source, mac(B) MAC destination, mac(u), u ε U – {B,C} dgram_in dgram_out

14 Stateful Packet Monitoring AODVTCP IPv6 Ethernet Frame { RREQ, RREP, RERR } { TCP Sequence no., TCP checksum } Update in-memory Hash table Build and Maintain Neighbor table (mac, ipv6) pairs And route status From the packet capture library (pcap) Packets that should be forwarded

15 Example Scenario

16 Active Response Nodes send out accusations on events that they directly observe Accusations are signed so accuser is accountable No Hearsay is propagated All nodes have same information on which to base decisions Combine cross layer evidence to evaluate trust between MANET nodes Design and develop a secure trust routing protocol Future Work

17 Additional Information UMBC http://ebiquity.umbc.edu NIST http://csrc.nist.gov/manet

Download ppt "Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim."

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
1 A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks By Lei Chen.

1 A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks By Lei Chen.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Secure Routing in Ad Hoc Wireless Networks 11.03.2005.

Secure Routing in Ad Hoc Wireless Networks
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec. 2006.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
ITIS 6010/8010: Wireless Network Security Weichao Wang.

ITIS 6010/8010: Wireless Network Security Weichao Wang.
Ad Hoc Wireless Routing COS 461: Computer Networks

Ad Hoc Wireless Routing COS 461: Computer Networks
Mobile IP Performance Issues in Practice. Introduction What is Mobile IP? –Mobile IP is a technology that allows a mobile node (MN) to change its point.

Mobile IP Performance Issues in Practice. Introduction What is Mobile IP? –Mobile IP is a technology that allows a "mobile node" (MN) to change its point.

Similar presentations

Ads by Google