Diapositive 1 - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Diapositive 1

Description:

2004 ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN 2004) ... Topologia non facit saltus. Main idea: network topology changes step by step. ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 18
Provided by: anon340
Learn more at: https://perso.crans.org
Category:

less

Transcript and Presenter's Notes

Title: Diapositive 1


1
An Advanced Signature System for OLSR
Daniele Raffo Cédric Adjih Thomas
Clausen Paul Mühlethaler 2004 ACM
Workshop on Security of Ad Hoc and Sensor
Networks (SASN 2004) October 25, 2004
Washington DC, USA
2
Index
  • Overview of ADVSIG - Advanced Signature System
  • Overview of the OLSR protocol
  • Attacks against routing
  • Topology changes step by step
  • Link state steps (Required proofs)
  • Link state atomic information
  • ADVSIG control message
  • Example of a HELLO/TC ADVSIG
  • ADVSIG protocol
  • Conclusion

An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
1
3
Overview
Signature of control messages. An attacker
compromises a node X capturing its private key
now what? We can still check (to some degree)
whether the topology information supplied by X is
valid or not. This is because the information
must be consistent with the information supplied
in the past. Hence we have designed a security
scheme in which this past information is embedded
in a signature message called ADVSIG. The ADVSIG
message has to be sent coupled with the standard
HELLO and TC control messages.
An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
2
4
The OLSR protocol overview
OLSR is a proactive link state routing protocol
for ad hoc networks. Periodic exchange of
control messages HELLOs links with neighbors
(link state), MPR selection 1 hop only, no
forwarding TCs bi-directional links with
nodes flooded via MPR in the entire network
An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
3
5
The OLSR protocol overview
Optimized flooding via Multipoint Relays (MPRs)
each node selects MPRs from among its neighbors,
such that a message emitted by that node and
relayed by its MPRs will be received by all nodes
2 hops away. standard flooding
MPR broadcast
An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
4
6
Attacks against routing
We assume that a PKI and message signatures have
already been deployed, so that identity spoofing
is not possible. We make the hypothesis that a
node has been compromised, so it is able to send
false information in nonetheless correctly signed
messages. We call this link spoofing a node
declares non-existant neighbors in its HELLO and
TC messages. Results the other nodes store an
incorrect topology of the network Þ unreachable
nodes and/or conflicting routes.
An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
5
7
Topologia non facit saltus
Main idea network topology changes step by
step. We could therefore reuse topology
information at time ti-1 to prove the validity of
topology information at a later time ti .
t1 (empty)
t2 A ASYM_LINK
B
A
t3 B SYM_LINK
t4 A SYM_NEIGH / MPR_NEIGH
An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
6
8
Link state steps (Required proofs)
When A has the following link state with B
... (HELLO) ASYM_LINK SYM_LINK SYM_NEIGH or
MPR_NEIGH (TC) neighbor ti
... this means that B recently had the following
link state with A (not neighbor)
ASYM_LINK or SYM_LINK SYM_LINK or
SYM_NEIGH SYM_NEIGH or MPR_NEIGH ti-1
An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
7
9
Link state atomic information
  • The minimal quantity of certified link state
    information to be exchanged consists of
  • (information sent by node A concerning neighbor
    B)
  • Bs address
  • Bs link state with respect to A
  • timestamp of creation
  • signature of these three fields by A
  • This atomic information is supplied by A as fresh
    new (Certificate), received and stored in a table
    by B, and reused afterward (Proof) by B to prove
    its actual link state. This actual link state
    information is spread by B in the form of a
    Certificate, and so on ...
  • Note that at bootstrap (ASYM_LINKs) there will be
    no Proof to give!

An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
8
10
ADVSIG control message
We propose an ADVSIG message embedding
Certificates and Proofs timestamps and
signatures (along with a global timestamp and
signature). This ADVSIG message is generated
and sent along with any HELLO or TC. As an
example, the next pages will show a HELLO
ADVSIG that advertises links with three
neighbors, and a TC ADVSIG that reports a
neighbor.
An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
9
11
HELLO ADVSIG
  • 0 1 2
    3
  • 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
    4 5 6 7 8 9 0 1
  • -------------------------
    -------
  • Reserved Htime
    Willingness
  • -------------------------
    -------
  • Link Code Reserved Link
    Message Size
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------
  • Link Code Reserved Link
    Message Size
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------



0 1 2
3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7
8 9 0 1 2 3 4 5 6 7 8 9 0 1 -----------
---------------------
Sign. Method Reserved MSN
Referrer --------------
------------------
Global Timestamp
-----------------------
--------- Global
Signature
------------------------
-------- Signature of
Certificate 1
------------------------
-------- Signature of
Certificate 2
------------------------
-------- Signature of
Certificate 3
------------------------
--------


------------------------
-------- Timestamp
of Proof 1
------------------------
-------- Signature
of Proof 1
------------------------
-------- Timestamp
of Proof 2
------------------------
-------- Signature
of Proof 2
------------------------
-------- Timestamp
of Proof 3
------------------------
-------- Signature
of Proof 3
------------------------
--------


An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
10
12
HELLO ADVSIG
  • 0 1 2
    3
  • 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
    4 5 6 7 8 9 0 1
  • -------------------------
    -------
  • Reserved Htime
    Willingness
  • -------------------------
    -------
  • Link Code Reserved Link
    Message Size
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------
  • Link Code Reserved Link
    Message Size
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------



0 1 2
3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7
8 9 0 1 2 3 4 5 6 7 8 9 0 1 -----------
---------------------
Sign. Method Reserved MSN
Referrer --------------
------------------
Global Timestamp
-----------------------
--------- Global
Signature
------------------------
-------- Signature of
Certificate 1
------------------------
-------- Signature of
Certificate 2
------------------------
-------- Signature of
Certificate 3
------------------------
--------


------------------------
-------- Timestamp
of Proof 1
------------------------
-------- Signature
of Proof 1
------------------------
-------- Timestamp
of Proof 2
------------------------
-------- Signature
of Proof 2
------------------------
-------- Timestamp
of Proof 3
------------------------
-------- Signature
of Proof 3
------------------------
--------


An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
11
13
HELLO ADVSIG
  • 0 1 2
    3
  • 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
    4 5 6 7 8 9 0 1
  • -------------------------
    -------
  • Reserved Htime
    Willingness
  • -------------------------
    -------
  • Link Code Reserved Link
    Message Size
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------
  • Link Code Reserved Link
    Message Size
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------



0 1 2
3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7
8 9 0 1 2 3 4 5 6 7 8 9 0 1 -----------
---------------------
Sign. Method Reserved MSN
Referrer --------------
------------------
Global Timestamp
-----------------------
--------- Global
Signature
------------------------
-------- Signature of
Certificate 1
------------------------
-------- Signature of
Certificate 2
------------------------
-------- Signature of
Certificate 3
------------------------
--------


------------------------
-------- Timestamp
of Proof 1
------------------------
-------- Signature
of Proof 1
------------------------
-------- Timestamp
of Proof 2
------------------------
-------- Signature
of Proof 2
------------------------
-------- Timestamp
of Proof 3
------------------------
-------- Signature
of Proof 3
------------------------
--------


An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
12
14
TC ADVSIG
  • 0 1 2
    3
  • 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
    4 5 6 7 8 9 0 1
  • -------------------------
    -------
  • ANSN
    Reserved
  • -------------------------
    -------
  • Advertised Neighbor Main Address
  • -------------------------
    -------



0 1 2
3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7
8 9 0 1 2 3 4 5 6 7 8 9 0 1 -----------
---------------------
Sign. Method Reserved MSN
Referrer --------------
------------------
Global Timestamp
-----------------------
--------- Global
Signature
------------------------
-------- Timestamp
of Proof 1
------------------------
-------- Signature
of Proof 1
------------------------
--------


An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
13
15
ADVSIG protocol
  • 0 1 2
    3
  • 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
    4 5 6 7 8 9 0 1
  • -------------------------
    -------
  • Reserved Htime
    Willingness
  • -------------------------
    -------
  • Link Code Reserved Link
    Message Size
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------
  • Link Code Reserved Link
    Message Size
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------



0 1 2
3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7
8 9 0 1 2 3 4 5 6 7 8 9 0 1 -----------
---------------------
Sign. Method Reserved MSN
Referrer --------------
------------------
Global Timestamp
-----------------------
--------- Global
Signature
------------------------
-------- Signature of
Certificate 1
------------------------
-------- Signature of
Certificate 2
------------------------
-------- Signature of
Certificate 3
------------------------
--------


------------------------
-------- Timestamp
of Proof 1
------------------------
-------- Signature
of Proof 1
------------------------
-------- Timestamp
of Proof 2
------------------------
-------- Signature
of Proof 2
------------------------
-------- Timestamp
of Proof 3
------------------------
-------- Signature
of Proof 3
------------------------
--------


An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
14
16
ADVSIG protocol
  • 0 1 2
    3
  • 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
    4 5 6 7 8 9 0 1
  • -------------------------
    -------
  • Reserved Htime
    Willingness
  • -------------------------
    -------
  • Link Code Reserved Link
    Message Size
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------
  • Link Code Reserved Link
    Message Size
  • -------------------------
    -------
  • Neighbor Interface Address
  • -------------------------
    -------



0 1 2
3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7
8 9 0 1 2 3 4 5 6 7 8 9 0 1 -----------
---------------------
Sign. Method Reserved MSN
Referrer --------------
------------------
Global Timestamp
-----------------------
--------- Global
Signature
------------------------
-------- Signature of
Certificate 1
------------------------
-------- Signature of
Certificate 2
------------------------
-------- Signature of
Certificate 3
------------------------
--------


------------------------
-------- Timestamp
of Proof 1
------------------------
-------- Signature
of Proof 1
------------------------
-------- Timestamp
of Proof 2
------------------------
-------- Signature
of Proof 2
------------------------
-------- Timestamp
of Proof 3
------------------------
-------- Signature
of Proof 3
------------------------
--------


An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
15
17
Conclusion
  • This system protects the network against false
    routing information issued by
  • a lone attacker
  • multiple attackers that do not communicate
    between each other
  • The network is still vulnerable to connected
    attackers in collusion (wormhole, etc.), or an
    attacker failing to forward messages (DoS).
  • Heavy overhead, but improves robustness against
    isolated attackers.

An Advanced Signature System for OLSR
Daniele Raffo SASN 2004
16
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Diapositive 1" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!