1. Background of Ad hoc Wireless Networks Student Presentations Wireless Communication Technology and Research Ad hoc Routing and Mobile IP and Mobility Wireless Sensor and Mesh Networks Mobile and Ad hoc Networks Security in Ad hoc Networks http://web.uettaxila.edu.pk/CMS/SP2012/teAWNms/

2. 2 Outline  Introduction  Attacks and Challenges  A Multifence Security Solution  Network-layer Security Secure Ad Hoc Routing Secure Packet Forwarding  Link-layer Security  Open Challenges

3. 3 Introduction  In order to provide protected communication between nodes in a potentially hostile environment, security has become a primary concern  The challenges of MANETs  Open network architecture  Shared wireless medium  Stringent resource constraints  Highly dynamic network topology

4. 4 Security Pragmatism  Q: How do we keep our embedded device from being messed with?  A: Turn it off.  Sometimes the best we can hope for is to detect intrusions.

5. 5 Introduction (cont.)  The goal of the security solutions for MANETs  Integrity  Anonymity  Confidentiality  Availability  Authenticity

6. 6 Security Criteria  Three main security concerns:  Confidentiality  Data privacy  Availability  Resistance to DOS attacks  Authenticity  Keeping “foreign objects” out, data integrity

7. 7 Encryption  A basic building block of security  Public vs. Symmetric key cryptography  Embedded devices have power constraints  Asymmetric keys are 10 3 -10 4 times slower  Use symmetric keys (AES, IDEA)  Can use public key cryptography to setup secret key  Key exchange – more on that later  Use efficient hardware implementations http://en.wikipedia.org/wiki/AES http://en.wikipedia.org/wiki/Rsa http://en.wikipedia.org/wiki/IDEA_(cipher)

8. 8 Advanced Encryption Standard (AES)  The Rijndael block cipher was selected by NIST in 2000 to be the AES  Replacement for DES  Key length of 128, 192, or 256 bits, block is 128 bits http://www.iaik.tu-graz.ac.at/research/krypto/AES/ http://www.quadibloc.com/crypto/co040401.htm http://www.iaik.tugraz.at/research/publications/2005/IEEIFSTINA2005.htm

9. 9 Small Hardware AES-128 Implementations  5.4 kgates implementation (Satoh et al., 2001)  AES Implementation on a Grain of Sand (Feldhofer et al., 2005)  3.4 kgates equivalent  0.25mm²  9 Mbps  “draws only a current of 3.0 µm when operated at 100 KHz and 1.5 V” http://www.iaik.tugraz.at/research/publications/2005/IEEIFSTINA2005.htm

10. 10 Fast Software Implementations  AES-128  226 cycles/block on a P-III (Aoki & Lipmaa, 2002)  14464 P-III cycles for 1kb  FastIDEA (4-way IDEA) (Lipmaa)  440 cycles for a 4x64 block using MMX  Poly1035-AES message authentication (Bernstein)  3.1n + 780 Athlon cycles for an n-byte message  5361 P-III cycles for 1kb http://www.cs.ut.ee/~lipmaa/aes/rijndael.html http://cr.yp.to/mac/poly1305-20050329.pdf

11. 11 Embedded Encryption  Put the encryption in the network device  Wired (100Base-TX) and wireless (802.11b) versions  Supports WPA, WEP  Does 256 bit AES  Not hardware encryption  820-1280mW http://www.lantronix.com/device-networking/embedded-device-servers/wiport.html http://www.lantronix.com/device-networking/embedded-device-servers/xport.html

12. 12 Embedded Encryption (2)  Put the encryption in the CPU  VIA chips now offer a built-in security engine  256 bit AES  Quantum-based random number generator  Montgomery Multiplier for accelerating Public Key Cryptography  Example: Eden-N Processor (smallest)  Thermal Design Power: 2.5W @ 533MHz  Size: 15x15mm http://www.via.com.tw/en/initiatives/padlock/hardware.jsp http://www.via.com.tw/en/products/processors/eden-n/ http://en.wikipedia.org/wiki/Thermal_Design_Pointhttp://en.wikipedia.org/wiki/Thermal_Design_Point, http://en.wikipedia.org/wiki/Montgomery_reductionhttp://en.wikipedia.org/wiki/Montgomery_reduction http://citeseer.ist.psu.edu/ravi02system.html

13. 13 Authentication Woes  Central Authentication Mechanisms?  Ad-hoc wireless networks aren’t permanent  Not always reachable  Congestion around central authorities  DOS  Expensive to make rapid changes  Nodes may only connect periodically  How do we know we’re talking to who we think we’re talking to?

14. 14 Introduction (cont.)  The security issues in each layer LayerSecurity issues Application layerDetecting and preventing viruses, worms, malicious codes, and application abuses Transport layerAuthenticating and securing end-to-end communications through data encryption Network layerProtecting the ad hoc routing and forwarding protocols Link layerProtecting the wireless MAC protocol and providing link-layer security support Physical layerPreventing signal jamming denial-of-service attacks

15. 15  A fundamental security problem in MANET: the protection of its basic functionality to deliver data bits from one node to another.  ensuring one-hop connectivity through link-layer protocols (e.g., wireless medium access control, MAC)  Extending connectivity to multiple hops through network layer routing and data forwarding protocols (e.g., ad hoc routing) Introduction (cont.)

16. 16  Security never comes for free.  Security strength and network performance are equally important  Achieving a good trade-off between the two extremes is one fundamental challenge in security design for MANETs. Introduction (cont.)

17. 17 Attacks  The network-layer operations in MANETs are ad hoc routing and data packet forwarding  The ad hoc routing protocols  Exchange routing messages between nodes  Maintain routing states at each node accordingly  Two attack categories  Routing attacks  Packet forwarding attacks

18. 18 Attacks (cont.)  Routing attacks  Any action of advertising routing updates that does not follow the specifications of the routing protocol  Packet forwarding attacks  Cause the data packets to be delivered in a way that is intentionally inconsistent with the routing states

19. 19 A Multifence Security Solution  The approaches to securing MANETs  Proactive Prevent security threats in the first place Adopted by secure routing protocols  Reactive Seek to detect threats a posteriori and react accordingly Adopted by packet forwarding operations

20. 20 A Multifence Security Solution (Cont.) Secure ad hoc routing Proactive protection through message authentication primitives Source routing Link state routing Distance vector routing Secure packet forwarding Reactive protection through detection and reaction Misbehavior detection Misbehavior reaction Next-generation WEP Modification to existing protocol to fix the cryptographic loopholes Secure wireless MAC Reactive protection through detection and reaction Network-layer security solutions Link-layer security solutions ProactiveReactive

21. 21 Network-layer Security  Protecting the network functionality to deliver packets between mobile nodes through multi-hop ad hoc forwarding  Message Authentication Primitives  HMAC  Digital signature  One-way HMAC key chain

22. 22 Network-layer Security (cont.)  HMAC  Two nodes share a secret symmetric key k (the total number of the pairwise shared key is n(n-1)/2  They can efficiently generate and verify a message authenticator h k (·) +Secret key k

23. 23  Digital signature  Based on asymmetric key cryptography (signing/encrypting and verifying/decrypting)  Each node needs to keep a CRL of revoked certificates

24. 24 Privacy using asymmetric-key encryption

25. 25 Signing the whole document

26. 26  Signing the Digest. Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/ decryption must be applied.

27. 27 Signing the Digest (Sender side)

28. 28 Signing the Digest (Receiver side)

29. 29 Network-layer Security (cont.)  One-way HMAC (Hash-based Message Authentication Code) key chain  Given the output f(x), it is computationally infeasible to find the input x  By applying f( ⋅ ) repeatedly on an initial input x, one can obtain a chain of outputs f i (x).  a message with an HMAC using f i (x) as the key is proven to be authentic when the sender reveals f (i–1) (x).  Very tight clock synchronization and large storage are necessary  The release of the key involves a second round of communication

30. 30 Secure Ad Hoc Routing  Source Routing  Ensure that each intermediate node cannot remove existing nodes from or add extra nodes to the route  A secure extension of DSR is Ariadne, which uses a one- way HMAC key chain

31. 31 Secure Ad Hoc Routing (cont.)  Distance Vector Routing  The main challenge is that each intermediate node has to advertise the routing metric correctly  For example, when hop count is used as the routing metric, each node has to increase the hop count by one exactly  A hop count hash chain is devised so that an intermediate node cannot decrease the hop count in a routing update

32. 32 Secure Ad Hoc Routing (cont.)  Link State Routing  Secure Link State Routing (SLSP)  Each node seeks to learn and update its neighborhood by Neighbor Lookup Protocol (NLP)  Periodically flood Link State Update (LSU) packets to propagate link state information  SLSP adopts a digital signature approach in authentication  NLP’s hello messages and LSU packets are signed with the sender’s private key

33. 33 Secure Packet Forwarding  Detection  Each node can perform localized detection by overhearing ongoing transmissions and evaluating the behavior of its neighbors  Localized detection Watchdog Add a next_hop field in AODV packets  ACK-based detection The source can initiate a fault detection process on a suspicious path that has recently dropped more packets than an acceptable threshold

34. 34 Watchdog  Assume bidirectional communication symmetry on every link between nodes  If a node B is capable of receiving a message from a node A at time t, then node A could instead have received a message from node B at time t  Implement the watchdog  Maintain a buffer of recently sent packets  Compare each overheard packet with the packet in the buffer Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, ACM MOBICOM 2000

35. 35 Watchdog (cont.)  When B forwards a packet from S toward D through C, A can overhear B’s transmission and can verify that B has attempted to pass the packet to C SABCD

36. 36 ACK-based detection  Byzantine failures  Drop packets  Modify packets  Miss-route packets Route Discovery Route Discovery Byzantine Fault Detection Byzantine Fault Detection Link Weight Management Link Weight Management Path Weight List An On-Demand Secure Routing Protocol Resilient to Byzantine Failures ACM WiSe 2002

37. 37 ACK-based detection (cont.)  The fault detection  Based on using ACKs of the data packets  The source keeps track of the number of recent losses  When the number of recent losses violates the acceptable threshold Register a fault between the source and the destination Start a binary search on the path  The adaptive probing techniques identifies a faulty link after log n faults have occurred, where n is the length of the path

38. 38 Secure Packet Forwarding (cont.)  Reaction  Once a malicious node is detected, certain actions are triggered to protect the network from future attacks launched by this node  Global reaction The malicious node is excluded from the network  End-host reaction Each node may make its own decision on how to react to a malicious node (e.g., putting this node in its own blacklist)

39. 39 End-host reaction- Pathrater  Each node maintains a rating for every other node and calculates a path metric by averaging the node ratings in the path  It gives a comparison of the overall reliability of different paths  It differs from standard DSR, which chooses the shortest path in the route cache

40. 40 Link-layer Security  IEEE 802.11 MAC  The vulnerability of the IEEE 802.11 MAC to DoS attacks was identified  The attacker may exploit its binary exponential backoff scheme to launch DoS attacks  The solution is that the sender can set the backoff timer on its own

41. 41 Link-layer Security (cont.)  IEEE 802.11 WEP  Message privacy and message integrity attacks Short IV CRC-32 checksum  Key stream recovery by known plaintext attacks Probabilistic cipher key recovery attacks

42. 42 Open Challenges  The new design perspective is called resiliency- oriented security design  The design possesses several features  Seek to attack a bigger problem space  Intrusion tolerance  Use other noncrypto-based schemes to ensure resiliency  Handle unexpected faults to some extent  The solution may also take a collaborative security approach  The solution relies on multiple fences

43. Conclusion  The research on MANET security is still in its early stage. The existing proposals are typically attack-oriented in that they first identify several security threats and then enhance the existing protocol or propose a new protocol to thwart such threats. Because the solutions are designed explicitly with certain attack models in mind, they work well in the presence of designated attacks but may collapse under anticipated attacks. Therefore, a more ambitious goal for ad hoc network security is to develop a multi-fence security solution that is embedded into possibly every component in the network, resulting in in-depth protection that offers multiple lines of defense against many both known and unknown security threats.

44. Sources  [1] Cavin et al., "On the accuracy of MANET simulators," Proc. ACM Workshop on Princ. Mobile Computing  [2] K.-W. Chin, et al., "Implementation Experience with MANET Routing Protocols," ACM SIGCOMM Computer Communications Review, Nov. 2002, pp. 49-59. Available online.  [3] Frodigh, et al, "Wireless Ad Hoc Networking: The Art of Networking without a Network," Ericsson Review, No. 4, 2000. online. [4] M. S. Corson et al., "Internet-Based Mobile Ad Hoc Networking," IEEE Internet Computing, July-August 1999  [5] C. Elliott and B. Heile, "Self-Organizing, Self-Healing Wireless Networks," Proc. 2000 IEEE  [6] K. Kim, "A New Mobile Environment: Mobile Ad Hoc Networks (MANET)," IEEE  [7] C. Perkins and E Royer, “Ad Hoc On-Demand Distance Vector Routing,” 2nd IEEE Wksp. Mobile Comp. Sys.and Apps., 1999

45. Assignment #12  Write note on the topics highlighted in Yellow.

46. Q&A ??