1. Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks Sonja Buchegger Jean-Yves Le Boudec

2. Security Issues Cooperation and fairness –Traffic forwarding –Resource saving Confidentiality of location –Military –Privacy No traffic diversion –Routing –Forwarding

3. Motivation Resource conservation (selfish) Better service Monetary gains Competition Stealing

4. Detection and Reaction Want to punish malicious and non- cooperative behavior Isolate the problem node Implement re-integration into network if possible

5. Secrets and Lies. Digital Security in a Networked World by Bruce Schneier …a prevention-only strategy only works if the prevention mechanisms are perfect; otherwise, someone will find out how to get around them. “In theory there is no difference between theory and practice. In practice there is …”

6. The Selfish Gene Suckers Cheats Grudgers

7. The Grudger Protocol Observe node behavior Share information Components –Monitor (Neighborhood Watch) –Trust Manager –Reputation System (Node Rating) –Path Manager

8. Observation Ad hoc network Node A sends packet destined for E, through B. B keeps packet copy. B snoops D. A B C D E

9. The Monitor No forwarding Unusual traffic attraction Route salvaging No error messages during errors Unusually frequent route updates Silent route changes

10. The Trust Manager Trust function Trust level administration Forwarding of ALARM messages Filtering of incoming ALARM messages

11. The Reputation System Own experience: greatest weight Observations: lesser weight Reported experience: PGP trust weight

12. The Path Manager Path re-ranking based on security metric Deletion of paths containing malicious nodes Route request from malicious node Request for route containing malicious node

13. Within the Node Monitor checks behavior of neighbors Events are forwarded to Reputation system If an event threshold is broken, rating for offending node is updated If rating of offending node drops below acceptable threshold, the Path Manager removes routes containing offending node ALARM message is sent by the Trust Manager

14. ALARM Sent by the Trust Manager Type of protocol violation Number of occurrences observed Whether the message was self-originated by the sender Address of the reporting node Address of the observed node Destination address

15. Between nodes Monitor receives ALARM Trust Manager checks rating of source Reputation System updates number of occurrences and accumulated rating* Note –*Either the source is fully trusted, or several partially trusted nodes have added to one completely trusted note –Authentication is a prerequisite

16. Dynamic Source Routing (DSR) ABCDE Route Request {E (A)} Route Request {E (A,C)} Route Request {E (A,B)} Cache E

17. Dynamic Source Routing (DSR) ABCDE Route Reply {A (E,B,A)} Route Reply {A (E,D,C,A)} Route Reply {A (E,B,A)}

18. Attacking DSR Incorrect forwarding Traffic attraction Route salvage for unbroken link Short reply time Set good metrics for bogus routes Manipulate flow metrics No Route Errors sent Use bogus routes Promiscuous mode to spy on traffic DoS route updates at short intervals

19. Grudging Nodes ABCDE Data {(A,C,D,E)} X ALARM (D, no forwarding, N) Data {(A,C,D,E)}

20. Grudging Nodes ABCDE Data {(A,B,E)}

21. Testing “Performance Analysis of the CONFIDANT Protocol (Cooperation Of Nodes: Fairness In Dynamic Ad-hoc NeTworks)” GLOMOSIM Malicious nodes (Incorrect forwarding) DSR modifications Fortified vs. Defenseless networks

22. Fixed Parameters Area: 1000m x 1000m Speed: uniformly distributed between 0 and 20 m/s Radio Range: 250m Placement: uniform Movement: Random Waypoint MAC: 802.11 Sending Capacity: 2 Mbps Application: CBR Packet Size: 64 B Simulation Time: 900s

23. Varied Parameters Percent of malicious nodes: 0 – 100% Pause time: 0 – 900s Number of nodes: 10 – 50 Metrics Dropped packets (mean, %) Goodput: –Packets Received / Packets Originated

24. Results Every non malicious node was a “friend” Defenseless network: 70% packet loss Fortified network: >3% packet loss Overhead is small (ALARM messages) Performance is good even with up to 60% malicious nodes Pause time had the least performance influence

25. Research Pieces Event detection –Dropped packets –Mis-routed packets –TCP Syn flood Distributed Trust –Friends –No guarantee of connection to authority –Transitive relations

26. Follow-on Distributing reputations Authentication Immune Networking Based on the body’s immune system Goals –Learns through observations –Adapts to environment

27. “Algorithm” Ad hoc network Node A sends packet destined for E, through B. B and C make snoop entry (A,E,Ck,B,D,E). B and C check for snoop entry. Perform Misroute A B C D E