Download presentation
Presentation is loading. Please wait.
Published byJustin Richard Modified over 9 years ago
1
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG
2
GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work
3
GZ06 : Mobile and Adaptive Systems Motivation On demand Ad hoc routing protocol Security in Ad hoc protocols. Attack models General protocol Mobility
4
GZ06 : Mobile and Adaptive Systems Motivation (cont.) Resource constrained devices (palm)
5
GZ06 : Mobile and Adaptive Systems Ariadne Ariadne Protocol They have based there protocol on the basic operators of DSRs, on demand source routing protocol. Basic operations of DSR are: Route discovery Route maintenance
6
GZ06 : Mobile and Adaptive Systems Overview of TESLA Basic Operation of Tesla: Uses a MAC Picks an initial key at random Kn. Generates a set of keys Ko – Kn using a one way Hash chain. Delayed key discloser For each K there is a release time. Time synchronization You have to pick delta to be the maximum delay error between any 2 nodes. All nodes must know this.
7
GZ06 : Mobile and Adaptive Systems Network Assumptions They ignore the physical layer Networks are bidirectional Attacks on medium access control are disregarded. Normal network (drop, corrupt, re-order) Ariadne inherits all assumptions of the broadcast authentication protocol used such as (TESLA).
8
GZ06 : Mobile and Adaptive Systems Node Assumptions Resource constrained Nodes. No asymmetric cryptography. Loosely synchronized clocks. No trusted hardware used such as tamperproof modules.
9
GZ06 : Mobile and Adaptive Systems Security Assumptions Ariadne relies on the following keys to be set up, depending on which authentication mechanism is used : 1.Pairwise shared secret key. 2.Digital signatures. 3.If TESLA is used, we assume a mechanism to set up shared secret keys between communicating nodes, and to distribute one authentic public TESLA key for each node.
10
GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work
11
GZ06 : Mobile and Adaptive Systems Attack Model Passive Active An attacker injects packets into the network An attack which has compromised nodes is called an Active-VC attacker if it owns all nodes on a vertex cut through the network that partitions the good nodes into multiple sets. Active-n-m Active-0-1 Active-1-x Active-y-x
12
GZ06 : Mobile and Adaptive Systems General Attacks on Ad Hoc Network Routing Protocols Routing disruption attacks Routing loop Black hole Wormhole Rushing Attack Resource consumption attacks Inject extra data packets Inject extra control packets
13
GZ06 : Mobile and Adaptive Systems Basic Ariadne Route Discovery Stage 1 – Target verifies Route Requests Stage 2 - Target authenticates the data in Route Requests and the sender can authenticate the Route Replies Stage 3 - Provides a way to verify that no node is missing from the node list. Assume initiator S performs a Route Discovery for target D. S and D share the secret keys K SD and K DS for message authentication in each direction
14
GZ06 : Mobile and Adaptive Systems Ariadne Route Discovery Using TESLA A ROUTE REQUEST packet contains eight fields (ROUTE REQUEST, initiator, target, id, time interval, hash chain,node list, MAC list) The initiator of the REQUEST then initializes the hash chain to MAC KSD (initiator, target id, time interval) The hash chain for the target node H[ n,H[ n-1,H[ 1,MAC KSD (initiator, target id, time interval)]..]]] A ROUTE REPLY packet also contains eight fields (ROUTE REPLY, target, initiator, time interval, node list, MAC list, target MAC, key list)
15
GZ06 : Mobile and Adaptive Systems Ariadne Route Maintenance Using TESLA To prevent unauthorized Route Error Messages, we authenticate a sender. A ROUTE ERROR packet in Ariadne contains six fields (ROUTE ERROR,sending address, receiving address, time interval, error MAC,recent TESLA key) It should handle the possible memory consumption attack.
16
GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work
17
GZ06 : Mobile and Adaptive Systems Evaluation Modified Simulation Model Increased packet size to reflect the additional fields necessary for authenticating Modified Route Discovery and Maintenance Adjusted re-transmission timeouts for Route Requests to compensate for the delay Disallowed the use of prefixes of routes in the Route Cache
18
GZ06 : Mobile and Adaptive Systems Evaluation - Packet Delivery Ratio 4.66% less PDR than DSR-NoOpt in maximum Ariadne outperforms DSR-NoOpt at lower level of mobility
19
GZ06 : Mobile and Adaptive Systems Evaluation - Packet Overhead Ariadne has 41.7% lower packet overhead than DSR-NoOpt
20
GZ06 : Mobile and Adaptive Systems Evaluation - Byte Overhead Ariadne has 26.19% higher byte overhead than DSR-NoOpt
21
GZ06 : Mobile and Adaptive Systems Evaluation – Path Optimality DSR-NoOpt performs slightly better than Ariadne
22
GZ06 : Mobile and Adaptive Systems Evaluation – Average Latency Ariadne always has consistently lower latency than DSR-NoOpt
23
GZ06 : Mobile and Adaptive Systems Security Analysis Active-0-x Bogus messages Wormhole and rushing attacks Active-1-x Prevent two nodes from communicating Replace MAC or keys in the Route Request Active-y-x Attempt to force the initiator to repeatedly initiate Route Discoveries Resist Active-VC? No solution provided
24
GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work
25
GZ06 : Mobile and Adaptive Systems Related Work Periodic protocols Much overhead introduced (storage, bandwidth, control and delay) Protocols that use asymmetric crypto. Computationally expensive to sign and verify Possible DoS attacks High network bandwidth usage Protocols that use network-wide symmetric keys Single-node compromise
26
GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work
27
GZ06 : Mobile and Adaptive Systems Conclusions Achievements Security against various types of attacks Efficient symmetric cryptography General trusted hardware, powerful processors not needed Overall Performance Compared to optimized DSR: less efficient Compared to unoptimized DSR: better in some metrics (e.g. packet overhead)
28
GZ06 : Mobile and Adaptive Systems Critical Appraisal Key Setup Methods: Pre-deployed, KDC, CA Fixed nodes. Circular dependency. Centralized. Clock synchronization. Circular dependency Resource constrained. Insecure Maximum end-to-end delay How to choose adaptively
29
GZ06 : Mobile and Adaptive Systems Critical Appraisal (cont.) Delay and Buffer Size Slow responsiveness Resource constrained Intermediate nodes authentication Authentication on demand Remaining Security Issues Passive eavesdropper Inserting data packets attack Non-participating attacker Single layer security scheme
30
GZ06 : Mobile and Adaptive Systems Thanks for your attention! Any questions?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.