Presentation is loading. Please wait.

Presentation is loading. Please wait.

CWSA Workshop SWAN: Survivable Wireless Ad Hoc Networks Cristina Nita-Rotaru Purdue University J oint work with: Baruch Awerbuch, Reza Curtmola, Dave Holmer.

Published byNorma Washington Modified over 8 years ago

Similar presentations

Presentation on theme: "CWSA Workshop SWAN: Survivable Wireless Ad Hoc Networks Cristina Nita-Rotaru Purdue University J oint work with: Baruch Awerbuch, Reza Curtmola, Dave Holmer."— Presentation transcript:

1 CWSA Workshop SWAN: Survivable Wireless Ad Hoc Networks Cristina Nita-Rotaru Purdue University J oint work with: Baruch Awerbuch, Reza Curtmola, Dave Holmer and Herb Rubens Johns Hopkins University

2 Cristina Nita-RotaruCWSA Workshop3 Wireless Revolution  WiFi ad hoc networks: infrastructure-less, distributed routing, maintenance built within the network, quick and cost-effective deployment.  Cellular networks: 3G cellular networks promise us multimedia contents (already provided in Japan by DoCoMo and in Europe by Vodafone).  Mesh networks: structured (mesh) wireless networks, providing the ‘last mile’ in terms of bandwidth. (cities like NYC and Phily; companies:Tropos, Flarion, Motorola, MeshNetworks, etc.)

3 Cristina Nita-RotaruCWSA Workshop4 Why You Need to Care About Security  Access control: medium is shared, lack of access control can translate into degradation of service.  Confidentiality: medium is open, vulnerable to eavesdropping.  Trust: multi-hop networks, nodes rely on un-trusted nodes to transport data.  Physical security: wireless devices are more likely to be stolen, data get compromised or an attacker can attack the network from the “inside”.  Physical layer: easy to jam.

4 Cristina Nita-RotaruCWSA Workshop5 Survivability Concepts  Fault-tolerance: benign failures (network partitions and merges, process crashes).  Confidentiality: protects from eavesdropping.  Active attacks: impersonation, replay attacks.  Denial of service: resource consumption.  Internal attacks: part of the infrastructure is compromised. Survivable protocols are able to provide correct service in the presence of attacks and failures. Byzantine adversary: an adversary that can do anything

5 Cristina Nita-RotaruCWSA Workshop6 Focus of This Talk Goal: designing routing protocols for multi-hop wireless networks that can provide correct service in the presence of compromised participants, as long as a correct (non-adversarial) path exists between source and destination. Challenges: mobility, decentralized environment, prone to errors, difficult to distinguish between failures and malicious behavior.

6 Cristina Nita-RotaruCWSA Workshop7 Outline  Attacks against routing in ad hoc wireless networks  ODSBR Goals and approach Protocol description Simulations showing attack mitigation  Current and future work

7 Cristina Nita-RotaruCWSA Workshop8 Routing in Ad Hoc Wireless Networks  On-demand protocols Discover a path only when a route is needed Flood to find a path to the destination, then use the reverse path to inform the source about the path Use duplicate suppression technique, only first flood that reaches a node is processed, next are discarded (all have the same identifier, higher identifiers denote new requests) Shortest path is selected based on a metric: AODV uses a hop count, while DSR uses the shortest recorded path Nodes cache discovered routes Route maintenance mechanisms, nodes report broken links

8 Cristina Nita-RotaruCWSA Workshop9 Fabrication and Modification Attacks  Change the path on the request packet and forward it  Generate false request messages to burden the network  Spoof IP address and send request  Send false route replies, modify replies, false topology  Send higher sequence numbers  Result: Nodes can add to a path and make it less probable that the “shortest path” is through them, or can shorten paths to make it more likely they are on paths. Use this to either avoid forwarding traffic, or for traffic analysis. Attacks against routing Attack is possible because of lack on integrity and authentication of the packets and no control of malicious behavior.

9 Cristina Nita-RotaruCWSA Workshop10 Fabrication and Modification Attacks (cont.)  Generate false route error messages  Drop route error messages  Spoof IP address and send error message for a valid route  Result: Attacker can continually tear down routes with false error messages, or by not reporting the error, packets will be lost. Attacks against routing Attack is possible because of lack on integrity and authentication of the packets.

10 Cristina Nita-RotaruCWSA Workshop11 Wormhole Attack  The wormhole turns many adversarial hops into one virtual hop creating shortcuts in the network  Attacker (or colluding attackers) records a packet at one location in the network, tunnels the packet to another location, and replays it there.  PACKETS LOOK LEGITIMATE, authentication and freshness mechanisms not enough.  Result: Allows an adversary to control path selection. Attacks against routing Attack is possible because of lack of a mechanism that controls that packets traveled on shortcuts.

11 Cristina Nita-RotaruCWSA Workshop12 Flood Rushing Attacks  Attacker disseminates request quickly throughout the network suppressing any later legitimate request By avoiding the delays that are part of the design of both routing and MAC (802.11b) protocols By sending at a higher wireless transmission level By using a wormhole to rush the packets ahead of the normal flow  Result: no path is established, or an attacker gets selected on many paths Attacks against routing Attack is possible because of flood request suppressing technique and attacker can rush packets through the network.

12 Cristina Nita-RotaruCWSA Workshop13 Misbehaving Nodes  Ad hoc networks maximize total network throughput by using all available nodes for routing and forwarding.  A node may misbehave by agreeing to forward the packet and then failing to do so because it is selfish, malicious (black holes) or fails (errors).  Result: throughput drops Attacks against routing Challenge: distinguish between the above 3 types of behavior.

13 Cristina Nita-RotaruCWSA Workshop14 ODSBR: Design Principles  Hop-by-hop protection, intermediate nodes are authenticated but not trusted  Instead of preventing wormholes formation, detect them if they cause problems  Limit the amount of damage an attacker can create to the network  Do not partition the network  Use a link reliability metric in which suspect links are avoided regardless of actual reason for detection Malicious behavior Adverse network behavior (bursting traffic) Shelfish or failures

14 Cristina Nita-RotaruCWSA Workshop15 ODSBR Overview Route Discovery with Fault Avoidance Link Weight Management Byzantine Fault Detection Discovered Path Faulty LinksWeight List An On-Demand Secure Routing Protocol Resilient to Byzantine Failures. In ACM Workshop on Wireless Security (WiSe), In conjunction with MOBICOM 2002, Baruch Awerbuch, Dave Holmer, Cristina Nita-Rotaru, and Herbert Rubens.

15 Cristina Nita-RotaruCWSA Workshop16 Fault Detection Strategy  Use authenticated acknowledgements from nodes on the path (requires source routing)  Probing technique: ask every node to send acknowledgements SD ODSBR Description

16 Cristina Nita-RotaruCWSA Workshop17 Trusted End Point Intermediate Router Adaptive Probing SourceDestination Success Fault 1 Fault 2 Fault 3 Fault 4 Successful Probe Failed Probe Fault Location Successful Interval Failed Interval Unknown Interval

17 Cristina Nita-RotaruCWSA Workshop18 Blackhole and Flood Rush Simulations Flood rushing helps the attacker to get selected on more paths, thus he can create more damage.

18 Cristina Nita-RotaruCWSA Workshop19 Wormhole Central Configuration Simulations (700,500)(300,500) (a) Central Wormhole ODSBR not affected by flood rushing, while one wormhole centrally placed creates significant damage.

19 Cristina Nita-RotaruCWSA Workshop20 Wormhole Overlay: Complete Coverage Simulations (500,500) (750,750)(250,750) (250,250)(750,250) (c) Complete Coverage Simulations Delivery ratio of AODV drops to 20%. 5 Adversaries completely control a network of 50 nodes.

20 Cristina Nita-RotaruCWSA Workshop21 ODSBR: Summary  Most important factors for of effective attack: flood rushing and strategic positioning of adversaries.  Two colluding adversaries forming a central wormhole combined with flood rushing can mount an attack that has the highest relative strength, it reduced AODV's delivery ratio to 51%.  ODSBR was able to mitigate a wide range of Byzantine attacks; not significantly affected by flood rushing. Its performance only decreased when it needed to detect and avoid a large number of adversarial links.

21 Cristina Nita-RotaruCWSA Workshop22 Ongoing and Future Work  Extend the model to hybrid networks (see our poster tomorrow!!!)  Investigate denial of service attacks against MAC(see our poster tomorrow!!!).  High-throughput aware routing, focus on interference from other flows.  Apply similar techniques to mesh networks, while taking advantage of their static nature. http://www.cerias.purdue.edu/homes/crisn/lab/swan.html

Download ppt "CWSA Workshop SWAN: Survivable Wireless Ad Hoc Networks Cristina Nita-Rotaru Purdue University J oint work with: Baruch Awerbuch, Reza Curtmola, Dave Holmer."

Similar presentations

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
1 A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks By Lei Chen.

1 A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks By Lei Chen.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Network Layer Routing Issues (I). Infrastructure vs. multi-hop Infrastructure networks: Infrastructure networks: ◦ One or several Access-Points (AP) connected.

Network Layer Routing Issues (I). Infrastructure vs. multi-hop Infrastructure networks: Infrastructure networks: ◦ One or several Access-Points (AP) connected.
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.

NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.

Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.
1 Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols Yih-Chun Hu, Adrian Perrig, and David B. Johnson Presenter: Sandeep Mapakshi.

1 Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols Yih-Chun Hu, Adrian Perrig, and David B. Johnson Presenter: Sandeep Mapakshi.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.
Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec. 2006.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
Mobile Ad-hoc Networks -- Overview and a case study Yinzhe Yu Oct. 8, 2003.

Mobile Ad-hoc Networks -- Overview and a case study Yinzhe Yu Oct. 8, 2003.

Similar presentations

Ads by Google