Title: Security within Ad hoc Networks
1Security within Ad hoc Networks
2References
- Security within Ad hoc Networks Position Paper,
PAMPAS Workshop, Sept. 16/17 2002, London,Author
Preetida Vinayakray-Janipreetida.vinayakray-jani_at_n
okia.com,Nokia Research Center, Helsinki, Finland - Securing Ad Hoc Routing Protocols, Isameldin
Suliman, isam_at_ee.oulu.fi, Centre for Wireless
Communications, University of Oulu, Finland - Routing Mechanisms in Ad-Hoc Networks, Giwon
Park, TeNet - Introduction to Ad Hoc Networking, Yu-Chee Tseng
- Jean-Pierre Hubaux, Levente Buttyan and Srdan
Capkun, The Quest for Security in Mobile Ad hoc
Networks, Proceedings of the ACM Symposium on
Mobile Ad hoc Networking and Computing, MobiHOC
2001 - L. Zhou and Z.J. Haas, Securing Ad hoc
Networks, IEEE Networks, 13(6) 24-30, Nov/Dec
1999 - 3GPP, 3G Security Security Architecture, 3GPP
TS 33.102, V3.6.0, Oct. 2000 - Scalable Routing Protocols for Mobile Ad Hoc
Networks, Xiaoyan Hong, Kaixin Xu, and Mario
Gerla at UCLA
3Network Architecture
- No Infrastructure (ad hoc networks)
- no base stations no fixed network infrastructure
4Model of Operations
5MANET
- MANET Mobile Ad Hoc Networks
- multi-hop communication
- needs support of dynamic routing protocols
6Ad Hoc Network
- Every node must be self-organized and autonomous
- Autonomously establish a route to different
destination node and dynamically maintain the
route by itself - Every node may act as both a host and a router
- A multi-hop network
- Nodes communicate with each other within radio
range through direct wireless links or multi-hop
routing
7 Application
- Military battlefield
- Ad hoc Conference
- Home networking
- Emergency services
- Personal Area Network (PAN)
8 Application
- Intelligent Transportation System
- may be integrated with cars, positioning devices,
etc. - Sensor Dust
- a large collection of tiny sensor devices
- once situated, the sensors remain stationary
- largely homogeneous
- power is likely to be a scarce resource, which
determines the lifetime of the network - can offer detailed information about terrain or
environmental dangerous conditions.
9Ad Hoc Network - Characteristics
- Dynamic topologies
- Bandwidth constrained, variable capacity links
- Energy constrained operation
- Limited physical security
- Scalability
10Ad Hoc Network - Characteristics
- Protocol deployment and incompatible standards
- Unless a miracle happens (e.g., the IETF manet
working group is able to promulgate a widely
deployed ad hoc networking protocol), ad hoc
networks will gain momentum only gradually
because users will have to load software or take
additional steps to ensure interoperability. - Wireless data rate
- e.g., TCP over multi-hop wireless links
- Security issues
11IETF MANET Working Group
- Goal
- Standardize IP routing Protocol functionality
suitable for wireless routing application within
both static and dynamic topologies with increased
dynamics due to node motion or other factors. - A dozen candidate routing protocols have been
proposed.
12Examples of Ad Hoc Network
13(No Transcript)
14Nokia Rooftop Product
15Nokia RoofTop
- RoofTop solution (Nokia, Finland)
- Wireless router
- a radio frequency (RF) modem
- a digital Internet protocol (IP) router
16FHP
- FHP Wireless, USA
- ad hoc network in a campus
17FHP Wireless
18FHP Wireless
19MeshNetworks
20System MeshNetworks
21Networking Scenario To Internet
22SkyPilot NeighborNet
23Security Goals
- Availability Ensures the survivability of
network services despite denial-of-service
attacks - Confidentiality
- Integrity
- Authentication Enables a node to ensure the
identity of the peer node with which it is
communicating - Non-repudiation
24SECURITY Challenge
- Dynamic Topologies and Membership
- solutions should be dynamic
- Vulnerable wireless link
- Passive/Active link attacks like eavesdropping,
spoofing, denial of service, masquerading,
impersonation are possible - Roaming in dangerous environment
- Any malicious node or misbehaving node can create
hostile attack or deprive all other nodes from
providing any service
25KEY ISSUES AND CHALLENGES
- Link Level Security
- An eavesdropper can easily spoof the on going
communication. - Any node can become vulnerable to attacks coming
from any direction or from any node. - The results of such attacks include
- spoofing of the nodes identity,
- tampering with nodes credentials,
- leaking of confidential information
- impersonating node.
- These types of attacks can easily compromise the
confidentiality, integrity, and availability and
privacy of the node.
26KEY ISSUES AND CHALLENGES
- Privacy
- To establish a secure communication link a node
needs to provide his/her identity as well as
associated credentials to another node. - Spoofing of identity or any confidential
information leads to privacy threat. - This can be engineered to create DoS attacks.
- Identification problem simultaneously leads to
privacy problem - Thus privacy is one of the key issues within ad
hoc networking. - Current mobile standards do not provide any
location privacy. - In many cases revealing identity is inevitable to
generate communication link.
27KEY ISSUES AND CHALLENGES
- Key Management
- In centralized key management scheme, the trusted
Certificate Authority (CA) provides public key
certificate to mobile nodes. - Any tampering with CA can easily compromise the
security of the entire network. - The proposed mechanisms used for identification
such as shared secret, public key cryptography,
third party authentication provide partial
solution, as they are vulnerable or unable to
scale. - All proposed solutions require that the mobile
users make proper usage of cryptographic keys. - However goal of proper management and safekeeping
of small number of cryptographic keys is
difficult due to random mobility of nodes.
28KEY ISSUES AND CHALLENGES
- Secure Routing
- The routing protocols are more vulnerable to
attacks as each device acts as a relay5. - Any tampering with routing information can
compromise whole network. - An attacker can insert rogue information within
routing information or - Introduce denial of service type attack by
replaying old logged or stored information. - Also compromised node can route malicious
information to other nodes, which can cause
serious damage. - The proposed routing solutions are capable to
operate with dynamic topology but in terms of
security measure they provide partial or no
solution 6. - Thus implementation of secure routing protocol is
one of the challenges within ad hoc network.
29Key Management Frameworks
- Importance
- Cryptography is powerful tool for security
service - Authentication, confidentiality, integrity,
non-repudiation, - Goal
- Support the use of public key cryptography.
- Task
- Key generation, distribution, updating.
- Digital certificate issuing, storing, revocation.
30Key Management Frameworks
- Challenges
- Vulnerable mobile nodes
- More exposed to physical attacks.
- Implication must be resilient to node
compromise. - Mobility-induced unstable network topology
- Rapid change in connectivity.
- Potential network partition.
- Implication Must be robust to unstable network
topology. - Popular Approaches
- (Distributed) PKI.
- Certificate chaining.
31Public Key Infrastructure
- Basic Operation
- Centralized key management.
- Certificate authority (CA) acts as the Trusted
Third Party. - Strength
- High assurance because of the existence of trust
anchor(s). - Weakness
- CA is a security bottleneck.
- CA is a single point of failure.
- Cost of maintaining the CA infrastructure.
32Certificate Chaining
- Basic Operation
- Peer-to-peer trust model.
- Each node voluntarily issues certificates for
others. - Each node collects sufficient certificates and
maintains a fresh certificate repository. - Strength
- Fully distributed design, easy to deploy.
- Weakness
- Low security assurance due to lack of trust
anchors. - Probabilistic authentication depending on the
contents of repository.
33Distributed PKI
- Basic Operation
- A distributed quorum/voting system
- Based on threshold cryptography
- CAs private key is split and distributed to m (m
? n) nodes. - Any k (k ? mltn) system key holders can function
as a virtual CA. - Strength
- High assurance due to availability of trust
anchor. - No single failure point or security bottleneck.
- Challenge
- k Balance of security assurance and success
ratio. - Efficient Communications among shareholders.
34Summary Certificate Graph of PKI, Certificate
Chaining and Distributed PKI.
Dan
Fay
CA view
CA2
CA1
CA3
David
Bill
Vin
- All certificates are issued by CA
- Authentication is determined by 1-hop chain.
- No CA in the graph
- May be partition to subgraph
- Authenticate by chain of certificate
- Threshold CAs create CA view
- .Authentication is the same as PKI
35Routing Protocols
- Overview
- Proactive Ad Hoc Routing Protocol
- Reactive Ad Hoc Routing Protocol
- Conclusion
36Routing Protocols Security Requirements
- Import autohrization Only authorize route
information if it concerns the node that is
sending the information - Source authentication Verify that the node is
the one it claims to be - Integrity routing information that is being sent
has arrived unaltered - The source authentication and integrity combined
build data authentication
37Securing Ad Hoc Routing Protocols
- There are two kinds of messages in ad hoc
networks - Routing Messages Used for protocol signaling and
sent to immediate neighbors, processed, possibly
modified, and resent. - Data Messages Point-to-point and can be
protected with any point-to-point security
mechanism (like IPSec). - Intermediate nodes need to be able to
authenticate routing messages. - Routing messages can be distinguished in two
types - Mutable
- Non-mutable
38Overview of Ad Hoc Network Routing Protocol
Ad Hoc routing protocols
Table-driven(Proactive)
DSDV
TBRPF
OLSR
CGSR
Figure 1. Ad Hoc routing protocol
39Proactive vs. Reactive Routing
- Proactive Routing Protocol
- continuously evaluate the routes
- attempt to maintain consistent, up-to-date
routing information - when a route is needed, one may be ready
immediately - when the network topology changes
- the protocol responds by propagating updates
throughout the network to maintain a consistent
view - Reactive Routing Protocol
- on-demand
- Ex DSR, AODV
40Proactive vs. Reactive Routing
? 1. Proactive versus Reactive
41Proactive Routing Protocol - DSDV
- Destination Sequenced Distance Vector
- Based on the distributed Bellman-Ford routing
algorithm - Each node maintains a routing table
- Periodical update
- Routing hops to each destination
- Sequence number originated by the destination
node - To avoid loops
42DSDV Operation 1/3
MH4 advertised table
43DSDV routing updates
- Each node periodically transmits updates
- Includes its own sequences number, routing table
updates - Nodes also send routing table updates for
important link changes - When two routes to a destination received from
two different neighbors - Choose the one with greatest destination sequence
number - If equal, choose the smaller metric (hop count)
44DSDV Operation - 2/3
- MH1? ?? update? ???? MH7? MH8? ??????
- Broken link? ??? ??
- MH2? ?? ?? seq num? ??? metric? ?? incremental
update ?? - Update ? network? propagate
45DSDV --- link additions
- When A joins network
- Node A transmits routing table ltA, 101, 0gt
- Node B receives transmission, inserts ltA, 101, A,
1gt - Node B propagates new route to neighbors ltA, 101,
1gt - Neighbors update their routing tables ltA, 101,
B, 2gt and continue propagation of information
46DSDV --- link breaks
- Link between B and D breaks
- Node B notices break
- Update hop count for D and E to be infinity
- Increments sequence number for D and E
- Node B sends updates with new route information
- ltD, 203, infinitegt
- ltE, 156, infinitegt
47DSDV Operation - 3/3
MH3
MH4
MH5
MH2
MH8
MH6
MH7
MH1
MH4 advertised table (updated)
48DSDV --- too much traffic
- Problem
- A lot of control traffic in the network
- Solution
- two types of route update packets
- Full Dumps
- Carry all routing table information
- Transmitted relatively infrequently
- Incremental updates
- Carry only information changed since last full
dump - Fits within one network protocol data unit
- If cant, send full dump
49DSDV --- Summary
- Routes maintained through periodic and event
triggered routing table exchanges - Incremental dumps and settling time used to
reduce control overhead - Lower route request latency, but higher overhead
- Perform best in network with low to moderate
mobility, few nodes and many data sessions - Problems
- Not efficient for large ad-hoc networks
- Nodes need to maintain a complete list of routes.
50Proactive Routing Protocol - OLSR
- Use the MPRs (Multipoint relays)
- To reduce the number of broadcast packet
- Sources build routes proactively by MPR link
advertisements - OLSR differs from pure LS protocols
- Only the MPR nodes of A need to forward the
link state updates issued by A
51Proactive Routing Protocol - OLSR
4 retransmission to diffuse a message up to 2 hops
Figure 2. Diffusion of a broadcast message
using multipoint relays
52Proactive Routing Protocol - OLSR
- OLSR computes the shortest path to a destination
using the topology table
Two-hop neighbors
One-hop neighbors
- Routing Tables are calculated based on the
information contained in the neighbor table and
Topology tables - Routing table entry (Destination address, Next
hop address, distance to destination)
53OLSR Routing Protocol Details
- Node N broadcasts HELLO messages every HELLO
interval to its one hop neighbors for neighbor
sensing - Determine the link status (symmetric, asymmetric,
or MPR) of each of its one hop neighbors - HELLO message contains list of known one-hop
neighbors - Node N builds neighbor table that includes all
its 1-hop and 2-hop neighbors - Node N selects its multipoint relay (MPR) nodes
among its one hop neighbors such that it can
reach all the nodes that are 2 hops away. - MPR selection requires symmetric link to node N
- MPR node broadcasts Topology Control (TC)
messages every TC interval to advertise link
states - TC message contains list of one hop neighbors who
have selected this MPR - Only MPR nodes can forward TC messages -gt more
efficient flooding - TC messages are used for routing table
calculation - Node with non-MANET interfaces broadcasts HNA
messages every HNA interval ( TC interval)
54DSDV vs. OLSR
? 2. Comparison between DSDV and OLSR
55Clustering Protocol
- Cluster Gateway Switch Routing (CGSR)
- Table-driven for inter-cluster routing
- Uses DSDV for intra-cluster routing
- Partition the whole network into clusters
- A clusterhead is elected in each cluster
- A node belonging to two clusters is a called a
gateway
56CGSR
57CGSR
- It uses the distance vector routing algorithm
- At each node two tables are maintained a cluster
member table and a DV routing table - The cluster member table records the clusterhead
for each node and is broadcast periodically - The routing table only maintains one entry for
each cluster recording the path to its cluster
head. - CGSR can significantly reduce the routing table
size compared to DV protocols
58Reactive Routing Protocol - DSR
- On-demand driven
- ??? ??? ??? ?? Route discovery ???? ??
- Dynamic Source Routing
- ?? ??? ?? ????? ??? ???? ??
- ??? ?? ??? ?? ??? ??? ?? ??? ??
- Should maintain route caches
59Reactive Routing Protocol - DSR
- Two major phases
- Route Discovery
- Route Request (RREQ)
- Route Reply (RREP)
- Use cache
- Route Maintenance
- Route Error (RERR)
60DSR - Route Discovery (1/3)
N1-N2
N1-N2-N5
N1
N1-N3-N4
N1-N3-N4
N1-N3-N4-N7
N1-N3
N1
N1-N3-N4
N1-N3-N4-N6
Figure 4. Propagation of the RREQ
61DSR - Route Discovery (2/3)
- N8? N1? ?? path? ??? route cache? ??? ?? ????.
- Cache? path? ?? ??
- Symmetric link? ?? -gt reverse route?? (route
record) - Not symmetric link? ?? -gt N8? N1??? route? ?? ??
Route Request? Route Reply? ?? ???.
(Piggybacking) -
Figure 5. Propagation of the route reply with the
route record
62DSR - Route Discovery (3/3)
Figure 6. N1 Send the data to N8
63Reactive Routing Protocol - AODV
- Ad hoc On-demand Distance Vector
- AODV Hop-by-hop Reactive
- AODV design purpose
- Low network utilization (less broadcast)
- Loop-free property (using destination sequence )
- Scalable to large network
- Assumptions
- Uses symmetric links
64Reactive Routing Protocol - AODV
- On-demand driven
- Nodes that are not on the selected path do not
maintain routing information
65AODV Route Discovery
- A source node S wishes to communicate with
destination node D broadcast a Route Request
(RREQ) to its neighbors - Intermediate nodes forward the
- RREQ to their neighbors
- The destination node sends a Route Reply
- Message (RREP) back to the source node
- An intermediate node may send a RREP provided
- that it knows a fresh enough route to the
destination - Nodes maintain routing table entries only for
active routes, unused routes are removed from the
routing table after active_route_timeout interval
66Route Discovery - 1/5
B
RREQ
S
A
D
C
- Node A receives RREQ
- Makes reverse route entry for Sdest S, next
hop S, hop cnt 1 - It has no route to D, so it rebroadcasts RREQ
- Node C receives RREQ
- Makes reverse route entry for Sdest S, next
hop A, hop cnt 2 - It has a route to D, and the seq for route for
D is gtDs seq in RREQ
67Route Discovery - 2/5
B
S
A
RREP
D
C
- Node C sends RREP
- C creates a Route Reply (RREP)Enters Ds IP
addr, seq Ss IP addr, hop count to D
(1)Lifetime - Unicasts RREP towards A
68Route Discovery - 3/5
B
S
A
RREP
D
C
- Node A receives RREP
- Makes forward route entry to Ddest D, next hop
C, hop count 2, Lifetime - Unicasts RREP to S
69Route Discovery - 4/5
B
RREP
S
A
D
C
- Node S receives RREP
- Makes forward route entry to Ddest D, next hop
C, hop count 3, Lifetime
70Route Discovery - 5/5
B
S
A
D
C
- Node S sends data packets on route to D
71Reactive Routing Protocol AODV DSR
Intermediate node i-1
Destination node D
Intermediate node i
Intermediate node i1
Source node s
Route Request
Route Request
Route Request
Route Request
Route discovery 1
Route Reply
Route Reply
Route Reply
Route Reply
Data forwarding
Data forwarding
Route maintenance
Route Error
Route Error
Route Request
Route Request
Route discovery 2
Route Reply
Route Reply
72AODV vs. DSR
? 3. Comparison between AODV and DSR
73Comparison of flat routing protocols
? 4. Characteristics of flat routing protocols
74Reactive Routing Protocol - AODV
- Problem
- When a node along the route moves
- Solution
- Upstream neighbor notices the move
- Propagates a link failure notification message to
each of its active upstream neighbors - The source node receives the message and
re-initiate route discovery
75Security Flaws of AODV
- Vulnerable to the following attacks by a
malicious node M - Impersonate a node S by forging a RREQ with its
address as the originator address - Reduce the hop count field when forwarding RREQ
generated by S - Impersonate a node D by forging a RREP with its
address as a destination address - Selectively, not forward certain RREQs and RREPs,
not reply certain RREPs, and not forward certain
data messages - Forge a RERR messages pretending it is the node S
and send it to its neighbor D - Set the sequence number of a node to a much
bigger number.
76Securing AODV Protocol (SAODV)
- It is assumed that there is a key management
sub-system that makes it possible for each ad hoc
node to obtain public keys from the other nodes
of the network. - Two mechanisms are used to secure the AODV
routing messages - Digital signatures To authenticate non-mutable
fields of the messages (Solves attacks 1 3) - Hash chain To secure the hop count field in
mutable messages - The information related to the hash chains and
the signature is transmitted as Signature
Extension with the AODV messages.
77SAODV Hash Chains
- SAODV uses hash chains to authenticate the hop
count field of RREQ and RREP messages - This solves the attack 2
- A hash chain is formed by applying an one-way
hash function (e.g. MD5) repeatedly to a seed - Every time a node wants to send a RREQ or a RREP
it generates a random number (seed). Sets
Max_Hop_Count to the TimeToLive value in the IP
header, and Hash to the seed value. - Then, it calculates Top_Hash by hashing seed
Max_Hop_Count times. - Hash seed
- Top_Hash hMax_Hop_Count(seed)
78SAODV Hash Chains
- Every time a node receives a RREQ or a RREP it
verifies the hop count of the message by
verifying the Top Hash value. - Before rebroadcasting a RREQ or forwarding a
RREP, a node hashes one time the Hash value in
the Signature Extension. - Top_Hash hMax_Hop_Count Hop_Count(seed)
Hash h(Hash)
79SAODV Digital Signature (1)
- Digital signatures (DS) are used to protect the
integrity of non-mutable data in RREQ and RREP
messages - They sign every thing but the hop count of the
AODV message and the hash from SAODV extension - The main problem in applying DS is that AODV
allows intermediate nodes to reply RREQ messages
if they have a route to the destination (i.e.
intermediate nodes should be able to sign the
RREP on behalf of the final destination)
80SAODV Digital Signature (2)
- To solve this problem, the paper offers two
alternatives - The first solution is that if an intermediate
node cannot reply to a RREQ (because it cannot
properly signs its RREP), it just behave as if it
didnt have the route and forwards the RREQ
message - The second one is that, a node generating a RREQ
message, includes the RREP flags, the prefix
size, and the signature that can be used to
create RREP - When an intermediate node generates a RREP, the
route life time will change from the original one - The intermediate node should include both life
times and sign the new lifetime
81SAODV Digital Signature (3)
- Original information of the route is signed by
the final destination and the lifetime is signed
by the intermediate node - This leads to two different
- SAODV extensions single and
- double signature extensions
- When a node receives a RREP/
- RREQ, it first verify the signature
- before creating or updating a
- route/ reverse route to the host
82SAODV Error Messages
- Route Error (RERR) messages are generated by a
neighbor node to other nodes informing that it is
not able to route messages to certain destination
anymore - Every node (generating or forwarding a RERR
message) uses digital signature to sign the whole
message - Any neighbors that receives the RERR verifies the
signature - Verify that the sender of the RERR message is
really the one that it claims to be
83Other Routing Protocols
- In principle SAODV could be used to create
secure version of other routing protocols - If the routing protocol has some other mutable
information, intermediate nodes that mutate part
of the messages also have to sign it. - Dynamic Source Routing (DSR) has been used as an
example for other routing protocols - DSR includes in its routing message the IP
addresses of all intermediate nodes - Signing the message by each intermediate nodes
reduces the routing pereformance (due to
additional cryptographic computations)
84Key Management
- It is assumed that each node has a trustworthy
means of checking the association between the
addresses and signatures of other nodes - This association (binding) is typically achieved
by using public key certificates issued by a
certification authority (CA) - This can work if ad hoc nodes could have
permanent addresses - One secure and potentially expensive solution
would be to pick a key pair, and map the public
key to a tentative address . If there is a
collision, pick a new key pair and try again
85Discussion (1)
- The paper relies on public key management. It is
not realistic to assume that nodes in ad hoc
networks will have access to public key
infrastructure - Distribution of certificates by CA implies huge
overhead, and it is not effective in the presence
of partitions and high mobility - An effective mechanism is needed to address the
problem of key certificates distribution - The hash chain algorithm only addresses single
mutable information (hop count), it would be more
complex if more mutable information is to be
addressed
86Discussion (2)
- The use of asymmetric cryptography adds more
overhead to the processing power requirements of
the SAODV - The proposed algorithms do not require
modification to the AODV protocol, they are added
as an extension to the existing AODV message
formats - The algorithms provide a general mechanism that
could be applied to different routing protocols. - However, it would be more effectient to extend
the algorimths and define separate meachanisms
for different ad hoc routing protocols
87Discussion (3)
- The authors reported that SAODV cannot detect
tunneling attacks - Hop count authentication by using hash chains is
not perfect A malign node might forward a
message without increase the hop count. - More secure approaches are too expensive, and
they don't solve tunneling attacks.
88ZRP
- Zone Routing Protocol
- Hybrid protocol
- On-demand
- Proactive
- ZRP has three sub-protocols
- Intrazone Routing Protocol (IARP)
- Interzone Routing Protocol (IERP)
- Bordercast Resolution Protocol (BRP)
89(No Transcript)
90LAR
- Location-Aided Routing
- Location information via GPS
- Shortcoming
- GPS availability is not yet worldwide
- Position information come with deviation
91LAR
92DREAM
- Distance Routing effect Algorithm for mobility
- Position-based
- Each node
- maintains a position database
- Regularly floods packets to update the position
- Temporal resolution
- Spatial resolution
93Power-Aware Routing criteria
- Examples
- Minimize energy consumed per packet
- Minimize time to network partition due to energy
depletion - Maximize duration before a node fails due to
energy depletion
94Power-Aware Routing approach
- Assign a weight to each link
- Weight of a link may be a function of
- energy consumed when transmitting a packet on
that link - residual energy level
- Prefer a route with the smallest aggregate weight
95Power-Aware Routing
96Conclusions
- These protocols are continuously modified and
improved to keep their advantage and weaken their
drawbacks - Security is big challenges or key problems in ad
hoc network