Security within Ad hoc Networks - PowerPoint PPT Presentation

1 / 96
About This Presentation
Title:

Security within Ad hoc Networks

Description:

Introduction to Ad Hoc Networking, Yu-Chee Tseng ... manet working group is able to promulgate a widely deployed ad hoc networking ... – PowerPoint PPT presentation

Number of Views:331
Avg rating:3.0/5.0
Slides: 97
Provided by: ssrnet
Category:

less

Transcript and Presenter's Notes

Title: Security within Ad hoc Networks


1
Security within Ad hoc Networks
2
References
  • Security within Ad hoc Networks Position Paper,
    PAMPAS Workshop, Sept. 16/17 2002, London,Author
    Preetida Vinayakray-Janipreetida.vinayakray-jani_at_n
    okia.com,Nokia Research Center, Helsinki, Finland
  • Securing Ad Hoc Routing Protocols, Isameldin
    Suliman, isam_at_ee.oulu.fi, Centre for Wireless
    Communications, University of Oulu, Finland
  • Routing Mechanisms in Ad-Hoc Networks, Giwon
    Park, TeNet
  • Introduction to Ad Hoc Networking, Yu-Chee Tseng
  • Jean-Pierre Hubaux, Levente Buttyan and Srdan
    Capkun, The Quest for Security in Mobile Ad hoc
    Networks, Proceedings of the ACM Symposium on
    Mobile Ad hoc Networking and Computing, MobiHOC
    2001
  • L. Zhou and Z.J. Haas, Securing Ad hoc
    Networks, IEEE Networks, 13(6) 24-30, Nov/Dec
    1999
  • 3GPP, 3G Security Security Architecture, 3GPP
    TS 33.102, V3.6.0, Oct. 2000
  • Scalable Routing Protocols for Mobile Ad Hoc
    Networks, Xiaoyan Hong, Kaixin Xu, and Mario
    Gerla at UCLA

3
Network Architecture
  • No Infrastructure (ad hoc networks)
  • no base stations no fixed network infrastructure

4
Model of Operations
5
MANET
  • MANET Mobile Ad Hoc Networks
  • multi-hop communication
  • needs support of dynamic routing protocols

6
Ad Hoc Network
  • Every node must be self-organized and autonomous
  • Autonomously establish a route to different
    destination node and dynamically maintain the
    route by itself
  • Every node may act as both a host and a router
  • A multi-hop network
  • Nodes communicate with each other within radio
    range through direct wireless links or multi-hop
    routing

7
Application
  • Military battlefield
  • Ad hoc Conference
  • Home networking
  • Emergency services
  • Personal Area Network (PAN)

8
Application
  • Intelligent Transportation System
  • may be integrated with cars, positioning devices,
    etc.
  • Sensor Dust
  • a large collection of tiny sensor devices
  • once situated, the sensors remain stationary
  • largely homogeneous
  • power is likely to be a scarce resource, which
    determines the lifetime of the network
  • can offer detailed information about terrain or
    environmental dangerous conditions.

9
Ad Hoc Network - Characteristics
  • Dynamic topologies
  • Bandwidth constrained, variable capacity links
  • Energy constrained operation
  • Limited physical security
  • Scalability

10
Ad Hoc Network - Characteristics
  • Protocol deployment and incompatible standards
  • Unless a miracle happens (e.g., the IETF manet
    working group is able to promulgate a widely
    deployed ad hoc networking protocol), ad hoc
    networks will gain momentum only gradually
    because users will have to load software or take
    additional steps to ensure interoperability.
  • Wireless data rate
  • e.g., TCP over multi-hop wireless links
  • Security issues

11
IETF MANET Working Group
  • Goal
  • Standardize IP routing Protocol functionality
    suitable for wireless routing application within
    both static and dynamic topologies with increased
    dynamics due to node motion or other factors.
  • A dozen candidate routing protocols have been
    proposed.

12
Examples of Ad Hoc Network
13
(No Transcript)
14
Nokia Rooftop Product
15
Nokia RoofTop
  • RoofTop solution (Nokia, Finland)
  • Wireless router
  • a radio frequency (RF) modem
  • a digital Internet protocol (IP) router

16
FHP
  • FHP Wireless, USA
  • ad hoc network in a campus

17
FHP Wireless
18
FHP Wireless
19
MeshNetworks
  • MeshNetworks, USA

20
System MeshNetworks
  • Architecture

21
Networking Scenario To Internet
22
SkyPilot NeighborNet
  • SkyPilot Network, USA

23
Security Goals
  • Availability Ensures the survivability of
    network services despite denial-of-service
    attacks
  • Confidentiality
  • Integrity
  • Authentication Enables a node to ensure the
    identity of the peer node with which it is
    communicating
  • Non-repudiation

24
SECURITY Challenge
  • Dynamic Topologies and Membership
  • solutions should be dynamic
  • Vulnerable wireless link
  • Passive/Active link attacks like eavesdropping,
    spoofing, denial of service, masquerading,
    impersonation are possible
  • Roaming in dangerous environment
  • Any malicious node or misbehaving node can create
    hostile attack or deprive all other nodes from
    providing any service

25
KEY ISSUES AND CHALLENGES
  • Link Level Security
  • An eavesdropper can easily spoof the on going
    communication.
  • Any node can become vulnerable to attacks coming
    from any direction or from any node.
  • The results of such attacks include
  • spoofing of the nodes identity,
  • tampering with nodes credentials,
  • leaking of confidential information
  • impersonating node.
  • These types of attacks can easily compromise the
    confidentiality, integrity, and availability and
    privacy of the node.

26
KEY ISSUES AND CHALLENGES
  • Privacy
  • To establish a secure communication link a node
    needs to provide his/her identity as well as
    associated credentials to another node.
  • Spoofing of identity or any confidential
    information leads to privacy threat.
  • This can be engineered to create DoS attacks.
  • Identification problem simultaneously leads to
    privacy problem
  • Thus privacy is one of the key issues within ad
    hoc networking.
  • Current mobile standards do not provide any
    location privacy.
  • In many cases revealing identity is inevitable to
    generate communication link.

27
KEY ISSUES AND CHALLENGES
  • Key Management
  • In centralized key management scheme, the trusted
    Certificate Authority (CA) provides public key
    certificate to mobile nodes.
  • Any tampering with CA can easily compromise the
    security of the entire network.
  • The proposed mechanisms used for identification
    such as shared secret, public key cryptography,
    third party authentication provide partial
    solution, as they are vulnerable or unable to
    scale.
  • All proposed solutions require that the mobile
    users make proper usage of cryptographic keys.
  • However goal of proper management and safekeeping
    of small number of cryptographic keys is
    difficult due to random mobility of nodes.

28
KEY ISSUES AND CHALLENGES
  • Secure Routing
  • The routing protocols are more vulnerable to
    attacks as each device acts as a relay5.
  • Any tampering with routing information can
    compromise whole network.
  • An attacker can insert rogue information within
    routing information or
  • Introduce denial of service type attack by
    replaying old logged or stored information.
  • Also compromised node can route malicious
    information to other nodes, which can cause
    serious damage.
  • The proposed routing solutions are capable to
    operate with dynamic topology but in terms of
    security measure they provide partial or no
    solution 6.
  • Thus implementation of secure routing protocol is
    one of the challenges within ad hoc network.

29
Key Management Frameworks
  • Importance
  • Cryptography is powerful tool for security
    service
  • Authentication, confidentiality, integrity,
    non-repudiation,
  • Goal
  • Support the use of public key cryptography.
  • Task
  • Key generation, distribution, updating.
  • Digital certificate issuing, storing, revocation.

30
Key Management Frameworks
  • Challenges
  • Vulnerable mobile nodes
  • More exposed to physical attacks.
  • Implication must be resilient to node
    compromise.
  • Mobility-induced unstable network topology
  • Rapid change in connectivity.
  • Potential network partition.
  • Implication Must be robust to unstable network
    topology.
  • Popular Approaches
  • (Distributed) PKI.
  • Certificate chaining.

31
Public Key Infrastructure
  • Basic Operation
  • Centralized key management.
  • Certificate authority (CA) acts as the Trusted
    Third Party.
  • Strength
  • High assurance because of the existence of trust
    anchor(s).
  • Weakness
  • CA is a security bottleneck.
  • CA is a single point of failure.
  • Cost of maintaining the CA infrastructure.

32
Certificate Chaining
  • Basic Operation
  • Peer-to-peer trust model.
  • Each node voluntarily issues certificates for
    others.
  • Each node collects sufficient certificates and
    maintains a fresh certificate repository.
  • Strength
  • Fully distributed design, easy to deploy.
  • Weakness
  • Low security assurance due to lack of trust
    anchors.
  • Probabilistic authentication depending on the
    contents of repository.

33
Distributed PKI
  • Basic Operation
  • A distributed quorum/voting system
  • Based on threshold cryptography
  • CAs private key is split and distributed to m (m
    ? n) nodes.
  • Any k (k ? mltn) system key holders can function
    as a virtual CA.
  • Strength
  • High assurance due to availability of trust
    anchor.
  • No single failure point or security bottleneck.
  • Challenge
  • k Balance of security assurance and success
    ratio.
  • Efficient Communications among shareholders.

34
Summary Certificate Graph of PKI, Certificate
Chaining and Distributed PKI.
Dan
Fay
CA view
CA2
CA1
CA3
David
Bill
Vin
  • All certificates are issued by CA
  • Authentication is determined by 1-hop chain.
  • No CA in the graph
  • May be partition to subgraph
  • Authenticate by chain of certificate
  • Threshold CAs create CA view
  • .Authentication is the same as PKI

35
Routing Protocols
  • Overview
  • Proactive Ad Hoc Routing Protocol
  • Reactive Ad Hoc Routing Protocol
  • Conclusion

36
Routing Protocols Security Requirements
  • Import autohrization Only authorize route
    information if it concerns the node that is
    sending the information
  • Source authentication Verify that the node is
    the one it claims to be
  • Integrity routing information that is being sent
    has arrived unaltered
  • The source authentication and integrity combined
    build data authentication

37
Securing Ad Hoc Routing Protocols
  • There are two kinds of messages in ad hoc
    networks
  • Routing Messages Used for protocol signaling and
    sent to immediate neighbors, processed, possibly
    modified, and resent.
  • Data Messages Point-to-point and can be
    protected with any point-to-point security
    mechanism (like IPSec).
  • Intermediate nodes need to be able to
    authenticate routing messages.
  • Routing messages can be distinguished in two
    types
  • Mutable
  • Non-mutable

38
Overview of Ad Hoc Network Routing Protocol
Ad Hoc routing protocols
Table-driven(Proactive)
DSDV
TBRPF
OLSR
CGSR
Figure 1. Ad Hoc routing protocol
39
Proactive vs. Reactive Routing
  • Proactive Routing Protocol
  • continuously evaluate the routes
  • attempt to maintain consistent, up-to-date
    routing information
  • when a route is needed, one may be ready
    immediately
  • when the network topology changes
  • the protocol responds by propagating updates
    throughout the network to maintain a consistent
    view
  • Reactive Routing Protocol
  • on-demand
  • Ex DSR, AODV

40
Proactive vs. Reactive Routing
? 1. Proactive versus Reactive
41
Proactive Routing Protocol - DSDV
  • Destination Sequenced Distance Vector
  • Based on the distributed Bellman-Ford routing
    algorithm
  • Each node maintains a routing table
  • Periodical update
  • Routing hops to each destination
  • Sequence number originated by the destination
    node
  • To avoid loops

42
DSDV Operation 1/3
MH4 advertised table
43
DSDV routing updates
  • Each node periodically transmits updates
  • Includes its own sequences number, routing table
    updates
  • Nodes also send routing table updates for
    important link changes
  • When two routes to a destination received from
    two different neighbors
  • Choose the one with greatest destination sequence
    number
  • If equal, choose the smaller metric (hop count)

44
DSDV Operation - 2/3
  • MH1? ?? update? ???? MH7? MH8? ??????
  • Broken link? ??? ??
  • MH2? ?? ?? seq num? ??? metric? ?? incremental
    update ??
  • Update ? network? propagate

45
DSDV --- link additions
  • When A joins network
  • Node A transmits routing table ltA, 101, 0gt
  • Node B receives transmission, inserts ltA, 101, A,
    1gt
  • Node B propagates new route to neighbors ltA, 101,
    1gt
  • Neighbors update their routing tables ltA, 101,
    B, 2gt and continue propagation of information

46
DSDV --- link breaks
  • Link between B and D breaks
  • Node B notices break
  • Update hop count for D and E to be infinity
  • Increments sequence number for D and E
  • Node B sends updates with new route information
  • ltD, 203, infinitegt
  • ltE, 156, infinitegt

47
DSDV Operation - 3/3
MH3
MH4
MH5
MH2
MH8
MH6
MH7
MH1
MH4 advertised table (updated)
48
DSDV --- too much traffic
  • Problem
  • A lot of control traffic in the network
  • Solution
  • two types of route update packets
  • Full Dumps
  • Carry all routing table information
  • Transmitted relatively infrequently
  • Incremental updates
  • Carry only information changed since last full
    dump
  • Fits within one network protocol data unit
  • If cant, send full dump

49
DSDV --- Summary
  • Routes maintained through periodic and event
    triggered routing table exchanges
  • Incremental dumps and settling time used to
    reduce control overhead
  • Lower route request latency, but higher overhead
  • Perform best in network with low to moderate
    mobility, few nodes and many data sessions
  • Problems
  • Not efficient for large ad-hoc networks
  • Nodes need to maintain a complete list of routes.

50
Proactive Routing Protocol - OLSR
  • Use the MPRs (Multipoint relays)
  • To reduce the number of broadcast packet
  • Sources build routes proactively by MPR link
    advertisements
  • OLSR differs from pure LS protocols
  • Only the MPR nodes of A need to forward the
    link state updates issued by A

51
Proactive Routing Protocol - OLSR
4 retransmission to diffuse a message up to 2 hops
Figure 2. Diffusion of a broadcast message
using multipoint relays
52
Proactive Routing Protocol - OLSR
  • OLSR computes the shortest path to a destination
    using the topology table
  • Topology table
  • Neighbor table

Two-hop neighbors
One-hop neighbors
  • Routing Tables are calculated based on the
    information contained in the neighbor table and
    Topology tables
  • Routing table entry (Destination address, Next
    hop address, distance to destination)

53
OLSR Routing Protocol Details
  • Node N broadcasts HELLO messages every HELLO
    interval to its one hop neighbors for neighbor
    sensing
  • Determine the link status (symmetric, asymmetric,
    or MPR) of each of its one hop neighbors
  • HELLO message contains list of known one-hop
    neighbors
  • Node N builds neighbor table that includes all
    its 1-hop and 2-hop neighbors
  • Node N selects its multipoint relay (MPR) nodes
    among its one hop neighbors such that it can
    reach all the nodes that are 2 hops away.
  • MPR selection requires symmetric link to node N
  • MPR node broadcasts Topology Control (TC)
    messages every TC interval to advertise link
    states
  • TC message contains list of one hop neighbors who
    have selected this MPR
  • Only MPR nodes can forward TC messages -gt more
    efficient flooding
  • TC messages are used for routing table
    calculation
  • Node with non-MANET interfaces broadcasts HNA
    messages every HNA interval ( TC interval)

54
DSDV vs. OLSR
? 2. Comparison between DSDV and OLSR
55
Clustering Protocol
  • Cluster Gateway Switch Routing (CGSR)
  • Table-driven for inter-cluster routing
  • Uses DSDV for intra-cluster routing
  • Partition the whole network into clusters
  • A clusterhead is elected in each cluster
  • A node belonging to two clusters is a called a
    gateway

56
CGSR
57
CGSR
  • It uses the distance vector routing algorithm
  • At each node two tables are maintained a cluster
    member table and a DV routing table
  • The cluster member table records the clusterhead
    for each node and is broadcast periodically
  • The routing table only maintains one entry for
    each cluster recording the path to its cluster
    head.
  • CGSR can significantly reduce the routing table
    size compared to DV protocols

58
Reactive Routing Protocol - DSR
  • On-demand driven
  • ??? ??? ??? ?? Route discovery ???? ??
  • Dynamic Source Routing
  • ?? ??? ?? ????? ??? ???? ??
  • ??? ?? ??? ?? ??? ??? ?? ??? ??
  • Should maintain route caches

59
Reactive Routing Protocol - DSR
  • Two major phases
  • Route Discovery
  • Route Request (RREQ)
  • Route Reply (RREP)
  • Use cache
  • Route Maintenance
  • Route Error (RERR)

60
DSR - Route Discovery (1/3)
N1-N2
N1-N2-N5
N1
N1-N3-N4
N1-N3-N4
N1-N3-N4-N7
N1-N3
N1
N1-N3-N4
N1-N3-N4-N6
Figure 4. Propagation of the RREQ
61
DSR - Route Discovery (2/3)
  • N8? N1? ?? path? ??? route cache? ??? ?? ????.
  • Cache? path? ?? ??
  • Symmetric link? ?? -gt reverse route?? (route
    record)
  • Not symmetric link? ?? -gt N8? N1??? route? ?? ??
    Route Request? Route Reply? ?? ???.
    (Piggybacking)

Figure 5. Propagation of the route reply with the
route record
62
DSR - Route Discovery (3/3)
Figure 6. N1 Send the data to N8
63
Reactive Routing Protocol - AODV
  • Ad hoc On-demand Distance Vector
  • AODV Hop-by-hop Reactive
  • AODV design purpose
  • Low network utilization (less broadcast)
  • Loop-free property (using destination sequence )
  • Scalable to large network
  • Assumptions
  • Uses symmetric links

64
Reactive Routing Protocol - AODV
  • On-demand driven
  • Nodes that are not on the selected path do not
    maintain routing information

65
AODV Route Discovery
  • A source node S wishes to communicate with
    destination node D broadcast a Route Request
    (RREQ) to its neighbors
  • Intermediate nodes forward the
  • RREQ to their neighbors
  • The destination node sends a Route Reply
  • Message (RREP) back to the source node
  • An intermediate node may send a RREP provided
  • that it knows a fresh enough route to the
    destination
  • Nodes maintain routing table entries only for
    active routes, unused routes are removed from the
    routing table after active_route_timeout interval

66
Route Discovery - 1/5
B
RREQ
S
A
D
C
  • Node A receives RREQ
  • Makes reverse route entry for Sdest S, next
    hop S, hop cnt 1
  • It has no route to D, so it rebroadcasts RREQ
  • Node C receives RREQ
  • Makes reverse route entry for Sdest S, next
    hop A, hop cnt 2
  • It has a route to D, and the seq for route for
    D is gtDs seq in RREQ

67
Route Discovery - 2/5
B
S
A
RREP
D
C
  • Node C sends RREP
  • C creates a Route Reply (RREP)Enters Ds IP
    addr, seq Ss IP addr, hop count to D
    (1)Lifetime
  • Unicasts RREP towards A

68
Route Discovery - 3/5
B
S
A
RREP
D
C
  • Node A receives RREP
  • Makes forward route entry to Ddest D, next hop
    C, hop count 2, Lifetime
  • Unicasts RREP to S

69
Route Discovery - 4/5
B
RREP
S
A
D
C
  • Node S receives RREP
  • Makes forward route entry to Ddest D, next hop
    C, hop count 3, Lifetime

70
Route Discovery - 5/5
B
S
A
D
C
  • Node S sends data packets on route to D

71
Reactive Routing Protocol AODV DSR
Intermediate node i-1
Destination node D
Intermediate node i
Intermediate node i1
Source node s
Route Request
Route Request
Route Request
Route Request
Route discovery 1
Route Reply
Route Reply
Route Reply
Route Reply
Data forwarding
Data forwarding
Route maintenance
Route Error
Route Error
Route Request
Route Request
Route discovery 2
Route Reply
Route Reply
72
AODV vs. DSR
? 3. Comparison between AODV and DSR
73
Comparison of flat routing protocols
? 4. Characteristics of flat routing protocols
74
Reactive Routing Protocol - AODV
  • Problem
  • When a node along the route moves
  • Solution
  • Upstream neighbor notices the move
  • Propagates a link failure notification message to
    each of its active upstream neighbors
  • The source node receives the message and
    re-initiate route discovery

75
Security Flaws of AODV
  • Vulnerable to the following attacks by a
    malicious node M
  • Impersonate a node S by forging a RREQ with its
    address as the originator address
  • Reduce the hop count field when forwarding RREQ
    generated by S
  • Impersonate a node D by forging a RREP with its
    address as a destination address
  • Selectively, not forward certain RREQs and RREPs,
    not reply certain RREPs, and not forward certain
    data messages
  • Forge a RERR messages pretending it is the node S
    and send it to its neighbor D
  • Set the sequence number of a node to a much
    bigger number.

76
Securing AODV Protocol (SAODV)
  • It is assumed that there is a key management
    sub-system that makes it possible for each ad hoc
    node to obtain public keys from the other nodes
    of the network.
  • Two mechanisms are used to secure the AODV
    routing messages
  • Digital signatures To authenticate non-mutable
    fields of the messages (Solves attacks 1 3)
  • Hash chain To secure the hop count field in
    mutable messages
  • The information related to the hash chains and
    the signature is transmitted as Signature
    Extension with the AODV messages.

77
SAODV Hash Chains
  • SAODV uses hash chains to authenticate the hop
    count field of RREQ and RREP messages
  • This solves the attack 2
  • A hash chain is formed by applying an one-way
    hash function (e.g. MD5) repeatedly to a seed
  • Every time a node wants to send a RREQ or a RREP
    it generates a random number (seed). Sets
    Max_Hop_Count to the TimeToLive value in the IP
    header, and Hash to the seed value.
  • Then, it calculates Top_Hash by hashing seed
    Max_Hop_Count times.
  • Hash seed
  • Top_Hash hMax_Hop_Count(seed)

78
SAODV Hash Chains
  • Every time a node receives a RREQ or a RREP it
    verifies the hop count of the message by
    verifying the Top Hash value.
  • Before rebroadcasting a RREQ or forwarding a
    RREP, a node hashes one time the Hash value in
    the Signature Extension.
  • Top_Hash hMax_Hop_Count Hop_Count(seed)
    Hash h(Hash)

79
SAODV Digital Signature (1)
  • Digital signatures (DS) are used to protect the
    integrity of non-mutable data in RREQ and RREP
    messages
  • They sign every thing but the hop count of the
    AODV message and the hash from SAODV extension
  • The main problem in applying DS is that AODV
    allows intermediate nodes to reply RREQ messages
    if they have a route to the destination (i.e.
    intermediate nodes should be able to sign the
    RREP on behalf of the final destination)

80
SAODV Digital Signature (2)
  • To solve this problem, the paper offers two
    alternatives
  • The first solution is that if an intermediate
    node cannot reply to a RREQ (because it cannot
    properly signs its RREP), it just behave as if it
    didnt have the route and forwards the RREQ
    message
  • The second one is that, a node generating a RREQ
    message, includes the RREP flags, the prefix
    size, and the signature that can be used to
    create RREP
  • When an intermediate node generates a RREP, the
    route life time will change from the original one
  • The intermediate node should include both life
    times and sign the new lifetime

81
SAODV Digital Signature (3)
  • Original information of the route is signed by
    the final destination and the lifetime is signed
    by the intermediate node
  • This leads to two different
  • SAODV extensions single and
  • double signature extensions
  • When a node receives a RREP/
  • RREQ, it first verify the signature
  • before creating or updating a
  • route/ reverse route to the host

82
SAODV Error Messages
  • Route Error (RERR) messages are generated by a
    neighbor node to other nodes informing that it is
    not able to route messages to certain destination
    anymore
  • Every node (generating or forwarding a RERR
    message) uses digital signature to sign the whole
    message
  • Any neighbors that receives the RERR verifies the
    signature
  • Verify that the sender of the RERR message is
    really the one that it claims to be

83
Other Routing Protocols
  • In principle SAODV could be used to create
    secure version of other routing protocols
  • If the routing protocol has some other mutable
    information, intermediate nodes that mutate part
    of the messages also have to sign it.
  • Dynamic Source Routing (DSR) has been used as an
    example for other routing protocols
  • DSR includes in its routing message the IP
    addresses of all intermediate nodes
  • Signing the message by each intermediate nodes
    reduces the routing pereformance (due to
    additional cryptographic computations)

84
Key Management
  • It is assumed that each node has a trustworthy
    means of checking the association between the
    addresses and signatures of other nodes
  • This association (binding) is typically achieved
    by using public key certificates issued by a
    certification authority (CA)
  • This can work if ad hoc nodes could have
    permanent addresses
  • One secure and potentially expensive solution
    would be to pick a key pair, and map the public
    key to a tentative address . If there is a
    collision, pick a new key pair and try again

85
Discussion (1)
  • The paper relies on public key management. It is
    not realistic to assume that nodes in ad hoc
    networks will have access to public key
    infrastructure
  • Distribution of certificates by CA implies huge
    overhead, and it is not effective in the presence
    of partitions and high mobility
  • An effective mechanism is needed to address the
    problem of key certificates distribution
  • The hash chain algorithm only addresses single
    mutable information (hop count), it would be more
    complex if more mutable information is to be
    addressed

86
Discussion (2)
  • The use of asymmetric cryptography adds more
    overhead to the processing power requirements of
    the SAODV
  • The proposed algorithms do not require
    modification to the AODV protocol, they are added
    as an extension to the existing AODV message
    formats
  • The algorithms provide a general mechanism that
    could be applied to different routing protocols.
  • However, it would be more effectient to extend
    the algorimths and define separate meachanisms
    for different ad hoc routing protocols

87
Discussion (3)
  • The authors reported that SAODV cannot detect
    tunneling attacks
  • Hop count authentication by using hash chains is
    not perfect A malign node might forward a
    message without increase the hop count.
  • More secure approaches are too expensive, and
    they don't solve tunneling attacks.

88
ZRP
  • Zone Routing Protocol
  • Hybrid protocol
  • On-demand
  • Proactive
  • ZRP has three sub-protocols
  • Intrazone Routing Protocol (IARP)
  • Interzone Routing Protocol (IERP)
  • Bordercast Resolution Protocol (BRP)

89
(No Transcript)
90
LAR
  • Location-Aided Routing
  • Location information via GPS
  • Shortcoming
  • GPS availability is not yet worldwide
  • Position information come with deviation

91
LAR
92
DREAM
  • Distance Routing effect Algorithm for mobility
  • Position-based
  • Each node
  • maintains a position database
  • Regularly floods packets to update the position
  • Temporal resolution
  • Spatial resolution

93
Power-Aware Routing criteria
  • Examples
  • Minimize energy consumed per packet
  • Minimize time to network partition due to energy
    depletion
  • Maximize duration before a node fails due to
    energy depletion

94
Power-Aware Routing approach
  • Assign a weight to each link
  • Weight of a link may be a function of
  • energy consumed when transmitting a packet on
    that link
  • residual energy level
  • Prefer a route with the smallest aggregate weight

95
Power-Aware Routing
96
Conclusions
  • These protocols are continuously modified and
    improved to keep their advantage and weaken their
    drawbacks
  • Security is big challenges or key problems in ad
    hoc network
Write a Comment
User Comments (0)
About PowerShow.com