Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Security-Aware Routing Protocol for Wireless Ad Hoc Networks

Published byTobias Richard Modified over 9 years ago

Similar presentations

Presentation on theme: "A Security-Aware Routing Protocol for Wireless Ad Hoc Networks"— Presentation transcript:

1 A Security-Aware Routing Protocol for Wireless Ad Hoc Networks
Xia Wu Xingxiao Yuan

2 Introduction Ad hoc network ---- no wired infrastructure exists, cooperative by nature. Rely on implicit trust-your-neighbor relationships.  allows malicious nodes to paralyze an ad hoc network by inserting erroneous routing updates, replaying old routing information, changing routing updates, or advertising incorrect routing information.  allows malicious nodes to paralyze an ad hoc network by inserting erroneous routing updates, replaying old routing information, changing routing updates, or advertising incorrect routing information.

3 Introduction SAR: Security-Aware ad-hoc Routing. An approach to routing that incorporates security levels of nodes into traditional routing metrics. Goal: characterize and explicitly represent the trust values and trust relationships associated with ad hoc nodes and use these values to make routing decisions. Secure route Respect to the protection associated with the transmission of routing messages. Identify the attributes of a secure route and define appropriate metrics to quantify the “level of security” associated with protocol messages.

4 Motivation Illustrate the battlefield communication via talking?
Paragraph 2, until the end of “Even if the generals” sentence. Using SAR, the generals can route around the problem nodes and establish an alternate route with greater security guarantees. The sending general’s route discovery protocol embeds the rank of the node as a metric in its negotiation and tries to establish a route that avoids all privates. If the protocol can find the route, a session passing through only the officers is set up. If the protocol fails to find a route with the required security attributes or “quality of protection”, it sends a notification to the sender and allows re-negotiation.

5 SAR The length of the routes is the only metric used in these protocols. Applications must be able to specify the quality of protection or security attributes of their ad hoc route with respect to metrics that are relevant to them. Ad hoc protocols are based on modifications or augmentations to traditional routing protocols for wired networks. These protocols send updates and react to topology changes, using monitoring and other infrastructure support to maintain routing tables.

6 SAR -- Protocol Communicate => send RREQ packet to its neighbors.
Intermediate nodes receive an RREQ packet with a particular security metric, SAR ensures that this node can only process the packet or forward it if the node itself can provide the required security or has the required authorization or trust level. The base protocol is an on demand protocol similar to AODV or DSR. [PICTURE OF RREQ… something like that. Original protocol]

7 SAR -- Behavior The route discovered by SAR between two communicating entities may not be the shortest route in terms of hop-count. SAR is able to find a route with a quantifiable guarantee of security. If one or more routes that satisfy the required security attributes exist, SAR will find the shortest such route.

8 SAR – Protocol Metrics Trust Hierarchy
Internal hierarchy of privileges. Mirror the organizational hierarchy, and associate a number with each privilege level. QoP(Quality of Protection) bit vector. four different types of message protection, use a four bit vector to represent these message types.

9 SAR – Protocol Metrics Trust Hierarchy
The trust level or protection should be immutable. Keys can be distributed a priori  Encrypt the portion of the RREQ that contain the trust level.

10 SAR – Protocol Metrics Secure Routing Metrics

11 SAR – Protocol Metrics SAR uses security information to dynamically influence the choice of routes installed in the routing tables. Applications can choose to implement a subset of these protection guarantees, based on a cost-benefit analysis of various techniques available to SAR in this decision making phase.

12 Protection SAR provides protection against attacks on the trust hierarchy and attacks on the information in transit in the routing protocol messages.

13 Protection – Trust Level
Attacks – outsider attacks and insider attacks. SAR modifies the behavior of route discovery, tying in protocol behavior with the trust level of a user. Binding between the identity of the user with the associated trust level. Cryptographic techniques – encryption, public key certificates, shared secrets.

14 Protection – Trust Level
Outsider attacks prevention with traditional centralized authority is not available in ad hoc networks. SAR has open designs to incorporate many security mechanisms. Threshold cryptography, key sharing, key agreement, etc.

15 Protection – Trust Level
Insider attacks are launched by compromised users within a protection domain or trust level. Insider attacks are hard to prevent at the protocol level. Techniques include secure transient associations, tamper proof or tamper resistant nodes.

16 Protection – Information in Transit
Compromised of enemy nodes can utilize the information carried in the routing protocol packets to launch attacks. Attacks can lead to corruption of information, disclosure of sensitive information, theft of legitimate service from other protocol entities, or DoS to protocol entities.

17 Protection – Information in Transit
Interruption Attackers can selectively filter control messages and updates, and force the routing protocol to behave incorrectly. In SAR, a malicious node that interrupts the flow of packets belonging to a higher or lower trust level cannot cause an attack, because it is supposed to drop these packets in any case. If a node filters packets that belong to the same trust level as itself, the broadcast nature of the communication channel can help in detection of interruption attacks by other listeners within transmission range.

18 Protection – Information in Transit
Interception Routing protocol traffic and control messages can be deflected and rerouted. In SAR, the messages are protected by the key management infrastructure.

19 Protection – Information in Transit
Modification The integrity of the information in routing protocol packets can be compromised by modifying the packets themselves. SAR provides a suit of cryptographic techniques that can be incorporated on a need-to-use basis to prevent modification. Include digital signatures and encryption

20 Protection – Information in Transit
Fabrication False route and metric information can be inserted into legitimate protocol packets by malicious insider nodes. The sender of the RREQ may receive multiple RREPs. SAR picks the first RREP that arrives at the sender. The sender can be modified to verify that the RREP has credentials that guarantee the integrity of the metrics, and repudiate the ownership of attributes by challenging the intermediate nodes.

21 Implementation SAODV is an implementation of SAR.
SAODV is built as an augmentation to the AODV protocol in the NS-2 network simulator. RREQ has two additional fields: RQ-SEC-REQUIREMENT and RQ-SEC-QUARANTEE RQ-SEC-REQUIREMENT indicates that the required security for the route the ender wishes to discover. RQ-SEC-QUARENTEE indicates the maximum level of security afforded by the paths discovered.

22 Implementation RREP has additional information indicates the maximum security available over the path. The value of the RQ-SEC-GUARANTEE field in the RREQ packet is copied to RP-SEC-QURANTEE filed in the RREP packet. Intermediate nodes that are allowed to participate, updates their routing tables as in AODV and record the new RP-SEC-GUARANTEE value.

23 Implementation SAODV also has support for digital signatures.
If the application requested integrity support, a new field to store the computed digital signatures was added to the RREQ.

24 Performance Evaluation
Compared to AODV, SAODV sends fewer routing protocol control messages for the same number of flows and the same amount of application data. As a result, though the overhead per control message is higher in SAODV, the performance impact is sustainable.

25 Conclusion SAR enables the discovery of secure routes in a mobile ad hoc environment. It allows applications to enforce explicit cooperative trust relationships. It provides customizable security to the flow of routing protocol messages themselves. The processing overheads in SAR are offset by restricting the scope of the flooding for more relevant routes.

26 References Seung Yi, Prasad Naldurg, Robin Kravets
“A Security-Aware Routing Protocol for Wireless Ad Hoc Networks ”

Download ppt "A Security-Aware Routing Protocol for Wireless Ad Hoc Networks"

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Security Improvement for Ad Hoc Wireless Network Visal Kith ECE 695 05/05/2006.

Security Improvement for Ad Hoc Wireless Network Visal Kith ECE /05/2006.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Security in Ad Hoc Networks Steluta Gheorghiu Universitat Politecnica de Catalunya Departament d’Arquitectura de Computadors.

Security in Ad Hoc Networks Steluta Gheorghiu Universitat Politecnica de Catalunya Departament d’Arquitectura de Computadors.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland

Similar presentations

Ads by Google