Title: Security of Routing Protocols in Ad Hoc Wireless Networks
1Security of Routing Protocols in Ad Hoc Wireless
Networks
presented by Reza Curtmola600.647 Advanced
Topics in Wireless Networks
2Our focus MANETs
- Multi-hop routing
- unicast
- multicast
- infrastructure access
3Our focus MANETs
- Multi-hop routing
- unicast
- multicast
- infrastructure access
4Our focus MANETs
- Multi-hop routing
- unicast
- multicast
- infrastructure access
5Security of Ad Hoc Wireless Networks
- Security is essential because
- Lack of physical security makes devices
susceptible to theft - All nodes participate in routing, must rely on
untrusted nodes - Lack of security leads to degradation of service
because medium is shared - Difficult to provide because
- Collaborative nature
- Less-robust and shared medium
- Requires solution for internal adversaries
6More Basics
- Transmission range is usually smaller than
network span - Need for multi-hop routing
- All nodes can potentially participate in the
routing protocol
7Security concerns
- Must define adversarial model
- Effect on network operation
- Passive attacks
- Active attacks
- Attackers are authorized to participate in the
network operation - Outside attacks
- Inside attacks
8Outside Attacks
- Attackers do not posses credentials
- Include
- packet injection
- packet modification
- impersonation
- In general preventable using standard
cryptographic mechanisms that ensure
authentication and data integrity
9Inside (Byzantine) Attacks
- Byzantine behavior
- Arbitrary action by an authenticated node
resulting in disruption of the routing service - All nodes participate in routing
- Authentication and data integrity mechanisms do
not provide any guarantees - Different than the selfish node problem
Trivia Byzantine devious The History of the
Decline and Fall of the Roman Empire, by Edward
Gibbon
10Attacks against routing
- Black Hole Attack
- Flood Rushing Attack
- Wormhole Attack
- Overlay Network Attack
- (super-wormhole)
Traditional Byzantine
- Adversaries can act individually or can collude
11Other Attacks
- Traffic analysis
- Sybil attacks
- A malicious node illegitimately claims multiple
identities - Node replication
- Adversary captures, replicates and inserts
duplicated nodes - Difficult to detect without centralized
monitoring
12Routing protocols
- Routing act of moving information from source
to destination - Types of routing protocols
- Pro-active continuously learn network topology
- ? routes are available immediately
- ? high updating cost for dynamic topology
- examples RIP, OSPF, DSDV, OLSR
- Reactive establish routes when needed
- ? less control traffic
- ? additional delay, involve flooding
- examples AODV, DSR
13On-Demand Routing Protocols
- Route Discovery phase
- Based on flooding
- RouteRequest usually flooded
- RouteReply flooded or unicast
- Route Maintenance Phase
Ad Hoc Network
S
14Black Hole Attack
- Adversary selectively drops only data packets,
but still participates in the routing protocol
correctly - The damage is directly related to the likelihood
of an adversary being selected as part of the
route
15Black Hole Attack Mitigation
- Watchdog and Pathrater
- (S. Marti, T. Giuli, K. Lai, M. Baker,
Mitigating routing misbehavior in mobile ad hoc
networks, MobiCom 2000) - A node can overhear its neighboring nodes
forwarding packets to other destinations - Watchdog and Pathrater
- Local monitoring can detect
- Packet forge An outgoing packet that has no
corresponding incoming packet - Packet modification Difference between the
incoming and outgoing packet fields - Intentional packet delay A packet was forwarded
after a threshold time instead of immediately - Packet drop Packets were not forwarded within a
maximum acceptable timeout threshold
16Black Hole Attack Mitigation
- Watchdog and Pathrater
- What can go wrong?
- Missed detection A malicious event goes
undetected at guard G because - A collision occurs at G when the malicious node S
transmits - False detection A normal event is classified by
a guard G as a malicious event because - A collision occurs at G when the sender S
transmits a packet - A collision occurs at G when the monitored node D
forwards the packet - Does not work when power control and multi-rate
are used - Also vulnerable to attacks from two consecutive
colluding adversaries
17Black Hole Attack Mitigation
- Secure Data Transmission (SDT)
- (P. Papadimitratos, Z. Haas, Secure data
transmission in mobile ad hoc networks, WiSe
2003) - Uses end-to-end acknowledgements from DST
- Disseminates a packet across several
node-disjoint paths - Good for well connected networks
- Bad for sparsely connected networks
- Protection of node-disjoint path discovery is not
fully achieved against colluding adversaries - Also vulnerable to flood rushing attacks
18Flood Rushing Attack
- Majority of on-demand routing protocols use
flooding for route discovery - Attack takes advantage of the
- flood suppression mechanism
- Adversary rushes packets through the network,
propagating its flood faster than the legitimate
flood
19Flood Rushing Attack
- Attacker disseminates RREQ, RREP quickly
throughout the network suppressing any later
legitimate RREQ, RREP - By avoiding the delays that are part of the
design of both routing and MAC (802.11b)
protocols - By sending at a higher wireless transmission
level - By using a wormhole to rush the packets ahead of
the normal flow - Result an attacker gets selected on many paths,
or no path is established - Why is the attack possible flood suppressing
mechanism
20Flood Rushing Attack Mitigation
- Rushing Attack Prevention (RAP)
- (Y.-C. Hu, A. Perrig, D.B. Johnson, Rushing
Attacks and defense in wireless ad hoc network
routing protocols, - WiSe 2003)
- Wait to receive up to k requests (flood
re-broadcasts) - Randomly selects one to forward
- Random selection reduces advantage gained by
reaching a node first - Disadvantages
- Secure neighbor discovery and secure route
delegation gt multiple rounds of communication gt
a lot of overhead - Is ineffective if the adversary has compromised k
or more nodes
21Byzantine Wormhole Attack
Adv2
Adv1
wormhole
Destination
Source
- Attacker (or colluding attackers) records a
packet at one location in the network, tunnels
the packet to another location, and replays it
there. - End-points of the virtual link can not be trusted
- Result Allows an adversary to get selected on
many paths
22Two types of wormhole
Adv2
Adv1
wormhole
Destination
Source
- Traditional wormhole adversaries are outside
attackers (non-authenticated) - honest nodes believe there is a direct link
between them - Byzantine wormhole adversaries are inside
attackers (authenticated) - wormhole link exists between compromised nodes
23Wormhole Attack Mitigation
- Packet Leashes (Y.-C. Hu, A. Perrig, D.B.
Johnson, Packet Leashes A defense against
wormhole attacks in wireless ad hoc networks,
Infocom 2003) - Prevents wormhole creation by limiting the
transmission distance of a link - A temporal leash (extremely tight time
synchronization) - A geographical leash (location information)
- May require additional hardware (very accurate
clocks or GPS receivers), but is effective
against traditional wormholes - Ineffective against Byzantine wormholes
24Wormhole Attack Mitigation
- Directional Antenna
- (L. Hu, D. Evans, Using directional antennas to
prevent wormhole attacks, NDSS 2004) - Uses the angle of arrival information available
when using directional antennas - Takes advantage of topology distortion that
occurs when nodes communicate through a wormhole - To verify a link between two nodes, a third node
is required - Disadvantage in low density networks, the number
of available links is reduced - Ineffective against Byzantine wormholes
25Super-Wormhole
- a more general (and stronger) variant of the
wormhole attack - several adversaries collude and form an overlay
of Byzantine wormholes - for n adversaries, it is equivalent to n2
wormholes
26Related Work
- Perlman 88 Byzantine robustness for Link
State routing protocol in wired networks) - Blackhole Marti, Giuli, Lai, Baker - 00
- Papadimitratos, Haas - 03
- Authentication and integrity Zhou, Haas 99
- Hubaux, Buttyan, Capkun 01
- Dahill, Levine, Shields, Royer 02
- Hu, Perrig, Johnson 01, 02
- Flood rushing Hu, Perrig, Johnson 03
- Wormhole Hu, Perrig, Johnson 03
- Hu, Evans 04
- NO PROTOCOL THAT CAN WITHSTAND ALL OF THE
CONSIDERED BYZANTINE ATTACKS - ODSBR fills this gap! (software-only solution))
- Awerbuch, Holmer, Nita-Rotaru, Rubens Wise
02 - Awerbuch, Curtmola, Holmer, Nita-Rotaru, Rubens
SecureComm 05