Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymous Communications in Mobile Ad Hoc Networks Yanchao Zhang, Wei Liu, Wenjing Lou Presenter: Bo Wu.

Published byJunior Bridges Modified over 9 years ago

Similar presentations

Presentation on theme: "Anonymous Communications in Mobile Ad Hoc Networks Yanchao Zhang, Wei Liu, Wenjing Lou Presenter: Bo Wu."— Presentation transcript:

1 Anonymous Communications in Mobile Ad Hoc Networks Yanchao Zhang, Wei Liu, Wenjing Lou Presenter: Bo Wu

2 Outline Introduction Threat Model MASK Model Performance Evaluation Conclusion

3 MANETs A mobile ad hoc network (MANET) is a type of wireless network, and is a self-configuring network of mobile devices connected by any number of wireless links.

4 MANETs Every node in a MANET is also a router because it is required to forward traffic unrelated to its own use. Each MANET device is free to move independently. Wireless links are particularly vulnerable to eavesdropping and other attacks

5 MANETs: Ad hoc? A short lived network just for the communication needs of the moment Self Organizing Infrastructure-less network Energy conservation Scalability

6 MANETs: Challenges Lack of a centralized entity Network topology changes frequently and unpredictably Channel access/Bandwidth availability Hidden/Exposed station problem Lack of symmetrical links Power limitation

7 MANETs: AODV Source node initiates path discovery by broadcasting a route request (RREQ) packet to its neighbors Every node maintains two separate counters  Sequence number  Broadcast-id B S E C G F A H D Y I K P L J T Z RREQ AODV part adapted from slides of Sirisha R. Medidi

8 MANETs: AODV A neighbor either broadcasts the RREQ to its neighbors or satisfies the RREQ by sending a RREP back to the source Later copies of the same RREQ request are discarded B S E C G F A H D Y I K P L J T Z Reverse Path Setup

9 MANETs: AODV B S E C G F A H D Y I K P L J T Z Reverse path are automatically set-up Node records the address of the sender of RREQ Entries are discarded after a time-out period

10 MANETs: AODV B S E C G F A H D Y I K P L J T Z

11 B S E C G F A H D Y I K P L J T Z

12 B S E C G F A H D Y I K P L J T Z Forward Path Setup

13 MANETs: AODV B S E C G F A H D Y I K P L J T Z

14 B S E C G F A H D Y I K P L J T Z

15 B S E C G F A H D Y I K P L J T Z

16 Advantages: efficient algorithm for ad-hoc networks Highly Scalable Need for broadcast is minimized Quick response to link breakage in active routes Loop free routes

17 Traffic Analysis Frequent communications — can denote planning Rapid, short, communications — can denote negotiations A lack of communication — can indicate a lack of activity, or completion of a finalized plan Frequent communication to specific stations from a central station — can highlight the chain of command Who talks to whom — can indicate which stations are 'in charge' or the 'control station' of a particular network. This further implies something about the personnel associated with each station Who talks when — can indicate which stations are active in connection with events, which implies something about the information being passed and perhaps something about the personnel/access of those associated with some stations Who changes from station to station, or medium to medium — can indicate movement, fear of interception

18 General Defending Methods  Prevent detection  Spread spectrum modulation  Effective power control  Directional antennas  Traffic Padding  End to End Encryption and/or Link Encryption on Data Traffic

19 Threat Model Passive  Totally quiet, or just inject a small amount of traffic Monitor every transmission of each node Many adversaries can communicate with each other very fast May compromise a small number of nodes Limited computational capability

20 Basic Math Let G 1,G 2 be two groups of the same prime order q. Pairing is a computable bilinear map f : G1 × G1 → G2 satisfying the following properties:  1. Bilinearity: ∀ P, Q, R, S ∈ G1, we have f (P + Q, R + S) = f (P, R)f (P, S)f (Q, R)f (Q, S)  2. Non-degeneracy: If f (P, Q) = 1 for all Q ∈ G 1, then P must be the identity element in G 1.  3. Computability: There is an efficient algorithm to compute f(P, Q) for all P, Q ∈ G 1.

21 MASK MASK stands for ? A novel anonymous on-demand routing protocol for MANETs anonymous neighborhood authentication anonymous route discovery and data forwarding

22 MASK System Model A number of non-malicious nodes No selfish behavior Moderate movement Trusted Authority bootstrap security parameters  g the master key  H 1 : {0, 1} ∗ → G 1 mapping arbitrary strings to points in G 1  H 2 : {0, 1} ∗ →{0, 1} β mapping arbitrary strings to β-bit fixed-length output  Every node is blind to g  TA furnishes each node ID i with a sufficiently large set PS i of collision resistant pseudonyms and a corresponding secret point set as S i = gH 1 (PS i ) = {S i,j } = {gH 1 (P S i,j ) ∈ G 1 } (1 ≤ j ≤ |PS i |).

23 MASK: Anonymous Neighbor Authentication Definition:  two neighboring nodes can ensure that they belong to the same party or have trustable relationship with each other without revealing their either real identifiers or party membership information. Existing methods:  Network-wide key  Pairwise key  Public-key certification

24 MASK: Anonymous Neighbor Authentication Alice and Bob are using pseudonyms randomly selected from their set Alice starts the authentication by sending her pseudonym and a challenge Bob can calculate the corresponding master session key and send the authentication message back Alice authenticated Bob and replied authentication message Both Bob and Alice generate link IDs and session keys based on the master session key

25 MASK: Anonymous Neighbor Authentication After the authentication both sides have: If a packet is identified by, then it should be decrypted using Whenever these pairs are used up, Alice and Bob are required to automatically increase both n 1 and n 2 by one and generate new pairs. Every node follows this procedure and establishes a neighbor table

26 MASK: Anonymous Neighbor Authentication Only TA can infer real ID based on pseudonyms To adversary, Link IDs are random bits Adversary can not infer session key based on Link IDs

27 MASK: Anonymous Route Discovery Besides neighbor table, each node has:  Forwarding route table  Reverse route table  Target link table The current node is the final destination for the packets bearing the linkIDs which are in its target link table.

28 MASK: Anonymous Route Discovery Anonymous route request   ARREQ_id uniquely identifies the request  Dest_id is the real id of the destination  destSeq is the last known sequence number for the destination  PS x is the active pseudonym of the source

29 MASK: Anonymous Route Discovery For each node in the network:  Receives ARREQ for the first time inserts an entry into its reverse route table where this ARREQ comes from rebroadcasts the ARREQ after changing the embedded pseudonym field to its own.  Discards any ARREQ already seen All nodes broadcast only once

30 MASK: Anonymous Route Discovery Anonymous route replies LinkID is the to be used shared packet identifier between the sender and the corresponding receiver {ARREP, dest_id, destSeq} is encrypted by the paired session key such that only the intended receiver can decrypt it

31 MASK: Anonymous Route Discovery Intermediate nodes will discard replies with smaller destSeq than its own record intermediate node can also generate a route reply if it has one forward route entry for the dest id with destSeq equal to or larger than that contained in the received ARREQ. Multiple paths are established during this process

32 MASK: Anonymous Route Discovery Anonymous Data Forwarding next-LinkID is randomly selected from the next-link-list field MASK payload may be end-to-end encrypted message Do not necessarily select the best path

33 Security analysis Message Coding Attack  Adversary can easily link and trace some packets that do not change their content or length MASK countermeasures  Hop-by-hop encryption  Random padding

34 Security analysis Flow Recognition and Message Replay Attacks  Recognize the packets belonging to some communication flow MASK countermeasures  Hop-by-hop encryption  LinkID update

35 Security analysis Timing Analysis Attack  Tell the difference between nodes by transmission timing, e.g. transmission rate MASK Countermeasures  When the traffic is light, this attack is quite dangerous

36 Performance Evaluation Tate paring for bilinear map f  Most expensive part  indispensable SHA-1 to implement the collision resistant hash functions efficient symmetric algorithm RC6 as hop-by-hop encryption and decryption

37 Performance Evaluation For normal traffic, AODV is a little bit better MASK outperforms AODV for heavy traffic due to available multiple paths

38 Performance Evaluation MASK outperforms AODV in terms of overhead  It conducts costly route discovery less frequently

39 Performance Evaluation AODV has much less latency MASK tries to balance tradeoff between anonymity and latency

40 Conclusion Very good resistance to passive attackers Timing attack is still unresolved in this model Very good routing performance But AODV also has a multi-path version --- AOMDV

41 Questions?

Download ppt "Anonymous Communications in Mobile Ad Hoc Networks Yanchao Zhang, Wei Liu, Wenjing Lou Presenter: Bo Wu."

Similar presentations

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Ranveer Chandra , Kenneth P. Birman Department of Computer Science

Ranveer Chandra , Kenneth P. Birman Department of Computer Science
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
CSE 802.11 University of Washington Multipath Routing Protocols in AdHoc Networks.

CSE University of Washington Multipath Routing Protocols in AdHoc Networks.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.

Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Research Trends in MANETs at CIIT, Islamabad Mohammad Mahboob Yasin, PhD COMSATS Institute of Information Technology.

Research Trends in MANETs at CIIT, Islamabad Mohammad Mahboob Yasin, PhD COMSATS Institute of Information Technology.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec. 2006.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Similar presentations

Ads by Google