Routing Attacks For Ad hoc Networks

1
Routing Attacks For Ad hoc Networks

• CS 6262 Fall 02
• (Wednesday, 10/23/2002)

2
Security Efforts

• Perlman Digital Signatures against Byzantine
  failures
• Murphy Signatures in advertisement
• Kent BGP path verification
• Smith Signatures in BGP
• Smith Predecessor in DV protocols
• Hauser Efficient Link-state updates
• Zhang one-time signature on message chains
• Goodrich leap-frog signature using secret key
  cryptography
• Detection Cheung, Bradley, Wu

3
Outline

• Revisit wired routing security
• Mobile Ad hoc Networks
• Classical MANET routing protocols
• Attack examples
• Security countermeasures

4
Link State Hash Chain (Hauser)

• Partly remove the burden to use signature for
  every LSU (Link State Update)
• Lamport hash chain
• Generate a random R
• Generate h(R), h2(R),hn-1(R),hn(R)
• Present hash chain values one by one, reversely

5
Link State Hash Chain (cont.)

• All routers agree on hash functions f, h
• ALSU (anchored) Use signature, every other n
  LSUs or when link state changes
• LSA, f(LSA)P, timestamp, hn(R), n
• LSA, timestamp, hn(R), n, f(ALSU)P
• CLSUi (chained)
• LSA, hn-i(R)
• ALSU Verification check signature
• CLSU Verification h(hn-i(R))hn-i1(R)

6
Cellular Networks

• Infrastructure dependent
• High setup costs
• Large setup time
• Reliable

7
Some Wireless Applications

• Cellular networks are not preferred if
• Casual conferencing
• low set-up time, cost preferred
• Battlefield operations/disaster relief
• infrastructure unavailable
• Personal area networking
• devices around the home/office

8
Mobile Ad hoc Networks

• In Latin, ad hoc means for this, further
  meaning for this purpose only
• Mobile hosts
• No fixed infrastructure
• Multi-hop routing

B
A
C
E
D
9
(No Transcript)
10
Sensor Networks

• Networks of sensors
• Randomly scattered in unreachable regions
• Huge number and density
• Limited lifetime and capacity
• Ad hoc?
• Mobile?

11
Route Change due to Mobility
12
Problems of Traditional Routing Algorithms

• Dynamic of topology
• frequent changes of connections, connection
  quality, participants
• Limited performance of mobile systems
• periodic updates of routing tables need energy
  without contributing to the transmission of user
  data, sleep modes difficult to realize
• limited bandwidth of the system is reduced even
  more due to the exchange of routing information
• Problem protocols have been designed for fixed
  networks with infrequent changes and typically
  assume symmetric links

13
Solutions

• Clustered and hierarchical
• On demand
• Randomized and probabilistic
• Directional or adaptive antenna
• Location aided

14
Ad hoc Networks Vulnerabilities

• Volatile network topologies
• Power constrained operations
• Limited physical security
• Intrinsic mutual trust
• Where to deploy firewall?

15
Security Elements

• Confidentiality
• Integrity
• Authenticity
• Availability
• Order in the wired world?
• Order in an ad hoc world?

16
Routing Protocols

• Proactive (table driven) approaches
• DSDV (destination sequenced distance vector),
  OLSR (optimized link state routing), CGSR
• Reactive (on demand) approaches
• DSR (dynamic source routing), AODV (ad-hoc
  on-demand distance vector), TORA
• Hybrid approaches
• ZRP (zone routing protocol)

17
Dynamic Source Routing (DSR)

• On-demand
• Utilize source routing
• Discover a path
• flooding RREQ till a node replies with RREP
• only if a path for sending packets to a certain
  destination is needed and no path is currently
  available
• Maintaining a path
• explicit link breakage notification, RRER
• only while the path is in use one has to make
  sure that it can be used continuously
• No periodic updates needed!
• Mobility of a node can break routes passing
  through it.

18
DSR Attacks

• Incorrect forwarding or dropping
• Use and/or advertise bogus source routes
• Restrict from sending error messages

19
Attack Taxonomy

• Internal vs. external
• Active vs. passive
• Routing disruption vs. resource consumption
• Attack (m, n)
• Single point
• Colluded
• Majority?

20
Typical attacks

• Availability
• Denial of Service
• Black hole
• Radio Jamming
• Sleep deprivation torture
• Battery Exhaustion

21
Typical attacks (cont.)

• Wormhole
• Private tunnel between a pair of attackers
• Packets received in one end are played back in
  the other
• Location exposure
• Exact path to some destination or at least some
  clues (distance, direction, etc.)
• Why especially harmful in ad hoc environment?

22
Security Countermeasures

• Cryptographic approaches
• Key management
• Threshold cryptography
• (Adaptive) Trust model
• Regional trust
• K-threshold trust
• Role/level based trust
• Peer to Peer ( Resurrecting duckling)
• Re-keying issue
• Efficient authentication and validation
• Design new secure routing protocols or revise
  existing protocols

23
Non-Disclosure Method (NDM)

• Try to solve location exposure problem
• When a sender A wants to send a message M to the
  receiver B, the message is forwarded to the
  destination by using a route (A, SA1, ..., SAn,
  B)
• M' E_SA1 (SA2, E_SA2(SA3, ...(SAn, E_SAn(B,
  M))))

24
Security Countermeasures (cont.)

• It is impossible to build a perfect network
• Unexpected events, bugs, etc.
• Internal attacks
• Tamper proof devices
• Intrusion detection
• Misuse pattern detection
• Anomaly detection
• Response
• avoids routing packets through these nodes

25
Watchdog and Pathrater

• Each node watches its neighbors
• Increases counters on received packets, decreases
  them on sent packets
• Also detects violation of integrity
• Pathrater choose best paths from watchdog
  ratings
• Only works for DSR

26
Bearing Grudges

• Gene Selection for birds
• Suckers
• Cheats
• Grudgers
• What if only suckers and cheats?
• What if all three groups coexist?
• Assume cheats are the majority

27
IDS Architecture

• Six conceptual parts
• Data collection module
• Gather local activity logs
• Local detection engine
• Uses local activity logs to ascertain if anomaly
  exists
• Local response model
• Triggers local actions such as alerting local
  users

28
IDS Architecture

• Six conceptual parts (cont.)
• Cooperative detection engine
• Compiles broader data sets and initiates
  collaboration
• Global response module
• Coordinates intrusion response between
  neighboring nodes
• Secure communication module
• Establishes high-confidence communication channel
  between IDS agents

29
Cooperative IDS Architecture
30
Local IDS Agent (LIDS)

• Data source
• Local
• Neighborhood
• External
• Methodology
• Misuse Detection
• Anomaly Detection
• Problem
• Incomplete information
• Dynamic environment
• Power consumption

31
Global IDS

• Key idea deploy different level of LIDS on
  different nodes
• Power efficiency
• Quick convergence
• Layered approach
• Transient cluster based schemes
• Select clusterhead and run LIDS on them
• Hierarchy of clusters

32
Response

• Alert
• Local
• Global
• Automatic protective actions
• Re-keying
• Isolating malicious nodes
• Re-authentication
• Issues
• Global investigation
• Alert correlation