Presentation is loading. Please wait.

Presentation is loading. Please wait.

GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.

Similar presentations


Presentation on theme: "GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG."— Presentation transcript:

1 GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG

2 GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

3 GZ06 : Mobile and Adaptive Systems Motivation  On demand Ad hoc routing protocol  Security in Ad hoc protocols.  Attack models  General protocol  Mobility

4 GZ06 : Mobile and Adaptive Systems Motivation (cont.)  Resource constrained devices (palm)

5 GZ06 : Mobile and Adaptive Systems Ariadne  Ariadne Protocol  They have based there protocol on the basic operators of DSRs, on demand source routing protocol.  Basic operations of DSR are:  Route discovery  Route maintenance

6 GZ06 : Mobile and Adaptive Systems Overview of TESLA Basic Operation of Tesla:  Uses a MAC  Picks an initial key at random Kn.  Generates a set of keys Ko – Kn using a one way Hash chain.  Delayed key discloser  For each K there is a release time.  Time synchronization  You have to pick delta to be the maximum delay error between any 2 nodes. All nodes must know this.

7 GZ06 : Mobile and Adaptive Systems Network Assumptions  They ignore the physical layer  Networks are bidirectional  Attacks on medium access control are disregarded.  Normal network (drop, corrupt, re-order)  Ariadne inherits all assumptions of the broadcast authentication protocol used such as (TESLA).

8 GZ06 : Mobile and Adaptive Systems Node Assumptions  Resource constrained Nodes.  No asymmetric cryptography.  Loosely synchronized clocks.  No trusted hardware used such as tamperproof modules.

9 GZ06 : Mobile and Adaptive Systems Security Assumptions  Ariadne relies on the following keys to be set up, depending on which authentication mechanism is used : 1.Pairwise shared secret key. 2.Digital signatures. 3.If TESLA is used, we assume a mechanism to set up shared secret keys between communicating nodes, and to distribute one authentic public TESLA key for each node.

10 GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

11 GZ06 : Mobile and Adaptive Systems Attack Model  Passive  Active  An attacker injects packets into the network  An attack which has compromised nodes is called an Active-VC attacker if it owns all nodes on a vertex cut through the network that partitions the good nodes into multiple sets.  Active-n-m Active-0-1 Active-1-x Active-y-x

12 GZ06 : Mobile and Adaptive Systems General Attacks on Ad Hoc Network Routing Protocols  Routing disruption attacks  Routing loop  Black hole  Wormhole  Rushing Attack  Resource consumption attacks  Inject extra data packets  Inject extra control packets

13 GZ06 : Mobile and Adaptive Systems Basic Ariadne Route Discovery  Stage 1 – Target verifies Route Requests  Stage 2 - Target authenticates the data in Route Requests and the sender can authenticate the Route Replies  Stage 3 - Provides a way to verify that no node is missing from the node list.  Assume initiator S performs a Route Discovery for target D.  S and D share the secret keys K SD and K DS for message authentication in each direction

14 GZ06 : Mobile and Adaptive Systems Ariadne Route Discovery Using TESLA  A ROUTE REQUEST packet contains eight fields (ROUTE REQUEST, initiator, target, id, time interval, hash chain,node list, MAC list)  The initiator of the REQUEST then initializes the hash chain to MAC KSD (initiator, target id, time interval)  The hash chain for the target node H[ n,H[ n-1,H[ 1,MAC KSD (initiator, target id, time interval)]..]]]  A ROUTE REPLY packet also contains eight fields (ROUTE REPLY, target, initiator, time interval, node list, MAC list, target MAC, key list)

15 GZ06 : Mobile and Adaptive Systems Ariadne Route Maintenance Using TESLA  To prevent unauthorized Route Error Messages, we authenticate a sender.  A ROUTE ERROR packet in Ariadne contains six fields (ROUTE ERROR,sending address, receiving address, time interval, error MAC,recent TESLA key)  It should handle the possible memory consumption attack.

16 GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

17 GZ06 : Mobile and Adaptive Systems Evaluation  Modified Simulation Model  Increased packet size to reflect the additional fields necessary for authenticating  Modified Route Discovery and Maintenance  Adjusted re-transmission timeouts for Route Requests to compensate for the delay  Disallowed the use of prefixes of routes in the Route Cache

18 GZ06 : Mobile and Adaptive Systems Evaluation - Packet Delivery Ratio 4.66% less PDR than DSR-NoOpt in maximum Ariadne outperforms DSR-NoOpt at lower level of mobility

19 GZ06 : Mobile and Adaptive Systems Evaluation - Packet Overhead Ariadne has 41.7% lower packet overhead than DSR-NoOpt

20 GZ06 : Mobile and Adaptive Systems Evaluation - Byte Overhead Ariadne has 26.19% higher byte overhead than DSR-NoOpt

21 GZ06 : Mobile and Adaptive Systems Evaluation – Path Optimality DSR-NoOpt performs slightly better than Ariadne

22 GZ06 : Mobile and Adaptive Systems Evaluation – Average Latency Ariadne always has consistently lower latency than DSR-NoOpt

23 GZ06 : Mobile and Adaptive Systems Security Analysis  Active-0-x  Bogus messages  Wormhole and rushing attacks  Active-1-x  Prevent two nodes from communicating  Replace MAC or keys in the Route Request  Active-y-x  Attempt to force the initiator to repeatedly initiate Route Discoveries  Resist Active-VC?  No solution provided

24 GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

25 GZ06 : Mobile and Adaptive Systems Related Work  Periodic protocols  Much overhead introduced (storage, bandwidth, control and delay)  Protocols that use asymmetric crypto.  Computationally expensive to sign and verify Possible DoS attacks  High network bandwidth usage  Protocols that use network-wide symmetric keys  Single-node compromise

26 GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

27 GZ06 : Mobile and Adaptive Systems Conclusions  Achievements  Security against various types of attacks  Efficient symmetric cryptography  General trusted hardware, powerful processors not needed  Overall Performance  Compared to optimized DSR: less efficient  Compared to unoptimized DSR: better in some metrics (e.g. packet overhead)

28 GZ06 : Mobile and Adaptive Systems Critical Appraisal  Key Setup  Methods: Pre-deployed, KDC, CA  Fixed nodes. Circular dependency. Centralized.  Clock synchronization.  Circular dependency  Resource constrained. Insecure  Maximum end-to-end delay  How to choose adaptively

29 GZ06 : Mobile and Adaptive Systems Critical Appraisal (cont.)  Delay and Buffer Size  Slow responsiveness  Resource constrained  Intermediate nodes authentication  Authentication on demand  Remaining Security Issues  Passive eavesdropper  Inserting data packets attack  Non-participating attacker  Single layer security scheme

30 GZ06 : Mobile and Adaptive Systems Thanks for your attention! Any questions?


Download ppt "GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG."

Similar presentations


Ads by Google