Download presentation
Presentation is loading. Please wait.
Published byVerity Hopkins Modified over 9 years ago
1
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee
2
2 Contents Introduction Attacks A Multi-fence Security Solution –Network-layer security Message authentication primitives Secure ad hoc routing Secure packet forwarding –Link-layer security Open Challenges Conclusions
3
3 Introduction Mobile Ad Hoc Networks (MANETs) –Self-configuration –Self-maintenance Security Challenges –Shared medium –Resource constraints –Dynamic topology
4
4 Introduction The Goal of Security for MANETs –Protection of the network connectivity between mobile nodes over potentially multi-hop wireless channels One-hop connectivity through link-layer protocols Multi-hop connectivity through network-layer routing and data forwarding protocols Two Approaches –Proactive –Reactive Network Performance V.S. Security –Scalability, service availability, and robustness
5
5 Attacks Network-layer –Routing attacks Not to follow the specifications of the routing protocol Example: modification of the source route listed in the RREQ or RREP (DSR), advertising a route with a smaller distance metric than its actual distance to destination (AODV) Goal: attraction of traffic toward certain destinations, generation of routing loops, or introduction of sever network congestion and channel contention –Packet forwarding attacks Not to forward packets properly Example: drop the packets, modify the contents, duplicate the packets, denial-of-service (DoS)
6
6 Attacks Link-layer –WEP (Wired Equivalent Privacy) Cryptography attacks –DoS attacks Control of backoff value Data corruption using NAV and interfering victim’s link- layer frame
7
7 Multi-fence Security Solution Multi-fence Security Solution should … –Spread across many individual components –Span different layers –Thwart threats from both outsiders and insiders –Encompass prevention, detection, and reaction –Be practical and affordable Network-layer security solutions Link-layer security solutions Secure ad hoc routing Proactive protection through message authentication primitives Secure packet forwarding Reactive protection through detection and reaction Sour ce routin g Link state routing Distance vector routing Misbehavio r detection Misbehavio r reaction Secure wireless MAC Reactive protection through detection and reaction Next-generation WEP Modification to existing protocol to fix the cryptographic loopholes
8
8 A Multi-fence Security Solution - Network Layer Security Message Authentication Primitives –HMAC –Digital signature –One-way HMAC key chain Secure Ad Hoc Routing –Source routing –Distance vector routing –Link state routing –Other routing protocols Secure Packet Forwarding –Detection –Reaction
9
9 A Multi-fence Security Solution - Network Layer Security Message Authentication Primitives –HMAC (Message authentication codes) Symmetric key Cryptographic one-way hash function Verified only by the intended receiver Efficient computation n (n-1) / 2 keys should be maintained
10
10 A Multi-fence Security Solution - Network Layer Security Message Authentication Primitives –Digital Signature Asymmetric key More computation overhead in signing/decrypting and verifying/encrypting operations Less resilient to DoS attacks Verified by any node given the public key n public/private key pairs should be maintained
11
11 A Multi-fence Security Solution - Network Layer Security Message Authentication Primitives –One-way HMAC key chain Generated by repeated application of the one-way function Proven to be authentic in reverse order Lightweight computation One authenticator can be verified by large numbers of receivers Shortcomings –Buffer messages –To require additional communication
12
12 A Multi-fence Security Solution - Network Layer Security Secure Ad Hoc Routing Proactive approach –Source Routing Goal: to prevent intermediate nodes from modifying nodes to the route Solution: to attach a per-hop authenticator Example: Ariadne (extension of DSR) uses a one-way HMAC key chain
13
13 A Multi-fence Security Solution - Network Layer Security Secure Ad Hoc Routing –Source Routing (Ariadne) S: p S = (RREQ, S, D), m S = HMAC K SD (p S ) S-> *: (p S, m S ) A: h A = H(A, m S ), p A = (RREQ, S, D, [A], h A, []), m A = HMAC K A (p A ) A-> *: (p A, m A ) B: h B = H(B, h A ), p B = (RREQ, S, D, [A,B], h B, [m A ]), m B = HMAC K B (p B ) B -> *: (p B, m B ) C: h C = H(C, h B ), p C = (RREQ, S, D, [A, B, C], h C, [m A, m B ]), m C = HMAC K C (p C ) C -> *: (p C, m C ) D: p D = (RREP, D, S, [A, B, C], [m A, m B, m C ]), m D = HMAC K DS (p D ) D -> C: (p D, m D, []) C -> B: (p D, m D, [K C ]) B -> A: (p D, m D, [K C, K B ]) A -> S: (p D, m D, [K C, K B, K A ]) S A B C D
14
14 A Multi-fence Security Solution - Network Layer Security Secure Ad Hoc Routing –Distance Vector Routing Goal: correct advertisement of the routing metric Solution: to authenticate aggregation of metric –Link State Routing Goal: to authenticate both neighbor discovery and neighbor broadcast Solution: links only added only if two valid LSUs (Link State Update) from both nodes of the link are received Example: SLSP (Secure Link State Routing) uses digital signatures
15
15 A Multi-fence Security Solution - Network Layer Security Secure Ad Hoc Routing –Other Routing Protocols ARAN (Authenticated Routing for Ad hoc Networks) To authenticate link to link by public key cryptography Information only about the next hop SAB C
16
16 A Multi-fence Security Solution - Network Layer Security Secure Ad Hoc Routing –Other Routing Protocols [17] To broadcast both ways to provide redundancy To improve path length More communication and less computation
17
17 A Multi-fence Security Solution - Network Layer Security Secure Packet Forwarding –Detection Localized detection ACK-based detection –Reaction Global reaction End-host reaction
18
18 A Multi-fence Security Solution - Link Layer Security IEEE 802.11 MAC –Intentionally small backoff value Checking deviation and penalizing –Data corruption using NAV and interfering victim’s link- layer frame So far, no clear solution IEEE 802.11 WEP –Attacks Message privacy and message integrity attacks Probabilistic cipher key recovery attacks –Enhanced in 802.11i/WPA
19
19 Open Challenges Resiliency-oriented Security Solution - Feature –Bigger Problem Space Not only to thwart malicious attacks, but also to cope with other network faults –Intrusion Tolerance Robust against the breakdown of any individual fence –Bigger Solution Space To use other non-crypto-based schemes to ensure resiliency –Unexpected Faults Tolerance To enhance redundancy
20
20 Open Challenges –To build efficient fence considering each device’s resource constraint –To identify system principles of how to build a new generation of network protocols –To evaluate the security design
21
21 Conclusions Summary of security issues in MANETs –Resiliency-oriented multi-layered solution design –Focus on network-layer security Many open problems related to security in MANETs
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.