Secure Routing with AODV Protocol for Mobile Ad Hoc Networks

1
Secure Routing with AODV Protocol for Mobile Ad
Hoc Networks

• Anitha Prahladachar
• Tahira Farid
• Course 60-564
• Instructor Dr. Aggarwal

2
Papers Reviewed

• Perkins, C.E. Royer, E.M,Ad-hoc On-Demand
  Distance Vector Routing, Proceedings of the
  Second IEEE Workshop on Mobile Computing Systems
  and Applications, WMCSA 99
• Pirzada, A.A. McDonald, C,Secure Routing with
  the AODV Protocol, Proceedings of the
  Asia-Pacific Conference on Communications, Oct
  3-5, 2005
• Bhargava, S. Agrawal, D.P.,Security
  Enhancements in AODV protocol for Wireless Ad Hoc
  Networks, Vehicular Technology Conference Oct
  7-11, 2004, IEEE VTS 54th Vol. 4
• Yuxia Lin, A. Hamed Mohsenian Rad, Vincent W. S.
  Wong, Joo-Han Song,Experimental Comparisons
  between SAODV and AODV Routing Protocols,
  Proceedings of the 1st ACM workshop on Wireless
  Multimedia Networking and Performance modeling,
  WMuNeP Oct 2005

3
Outline

• Mobile Ad Hoc Networks (MANET)
• Applications
• Security Design Issues in MANET
• Motivation
• Traditional AODV
• Secured AODV
• Experimental Comparisons
• Closing Remarks

4
Mobile Ad Hoc Networks

• A collection of wireless mobile hosts forming a
  temporary network without the aid of any
  established infrastructure.
• Significant Features
• Dynamic topology of interconnections
• No administrator
• Short transmission range- routes between nodes
  has one or more hops
• Nodes act as routers or depend on others for
  routing
• movement of nodes invalidates topology
  information

5
Mobile Ad Hoc Networks (cont.)

• The network topology can change any time because
  of node mobility and nodes may become
  disconnected very frequently.

6
Mobile Ad Hoc Networks (cont.)
Routing Source -gt Destination

• Host A and C are out of range from each others
  wireless transmitter.
• While exchanging packets, they use routing
  services of host B.
• B is within the transmission range of both of
  them.

7
Applications of MANET

• Useful where geographical or terrestrial
  constrains demand totally distributed network
  without fixed base station.
• Military Battlefields
• Disaster and Rescue Operations
• Conferences
• Peer to Peer Networks

8
Security Design Issues in MANET

• Do not have any centrally administered secure
  routers.
• Attackers from inside or outside can easily
  exploit the network.
• Passive eavesdropping, data tampering, active
  interfering, leakage of secret information, DoS
  etc.
• Open peer-to-peer architecture.
• Shared Wireless Medium.
• Dynamic Topology.

9
Motivation

• Ad Hoc networks are challenged due to
• Nodes are constantly mobile
• Protocols implemented are co-operative in nature
• Lack of fixed infrastructure and central
  concentration point where IDS can collect audit
  data
• One node can be compromised in a way that the
  incorrect and malicious behaviour cannot be
  directly noted at all.
• Well-established traditional security approaches
  to routing are inadequate in MANET.

10
Traditional AODV

• Ad Hoc On Demand Distance Vector Routing Protocol
• Reactive Protocol discovers a route on demand.
• Nodes do not have to maintain routing
  information.
• Route Discovery
• Route Maintenance
• Hello messages
• used to determine local connectivity.
• can reduce response time to routing requests.
• can trigger updates when necessary.

11
Traditional AODV Route Discovery

• If a source needs a route to a destination for
  which it does not already have a route in its
  cache
• Source broadcasts Route Request (RREQ) message
  for specified destination
• Intermediate node
• Returns a route reply packet (RREP) (if route
  information about destination in its cache), or
• forwards the RREQ to its neighbors (if route
  information about destination not in its cache).
• If cannot respond to RREQ, increments hop count,
  saves info to implement a reverse path set up, to
  use when sending reply (assumes bidirectional
  link)

12
Traditional AODV RREQ

• RREQ packet contains destination and source IP
  address, broadcast ID, source nodes sequence
  number and destination nodes sequence number.
• Node 1 wants to send data packet to node 7. Node
  6 knows a current route to node 7. Node 1 sends a
  RREQ packet to its neighbors.
• Source_addr 1
• dest_addr 7
• broadcast_id broadcast_id 1
• source_sequence_ source_sequence_ 1
• dest_sequence_ last dest_sequence_ for node 7
  

Type Flag Resvd hopcnt
Broadcast_id Broadcast_id Broadcast_id Broadcast_id
Dest_addr Dest_addr Dest_addr Dest_addr
Dest_sequence_ Dest_sequence_ Dest_sequence_ Dest_sequence_
Source_addr Source_addr Source_addr Source_addr
Source_Sequence_ Source_Sequence_ Source_Sequence_ Source_Sequence_
13
Traditional AODV (RREQ)

• Nodes 2 and 4 verify that this is a new RREQ
  (source_sequence_ is not stale) with respect to
  the reverse route to node 1.
• Forward the RREQ, and increment hop_cnt in the
  RREQ packet.
• RREQ reaches node 6 from node 4, which knows a
  route to 7.
• Node 6 verify that the destination sequence
  number is less than or equal to the destination
  sequence number it has recorded for node 7.
• Nodes 3 and 5 will forward the RREQ packet to
  node 6, but it recognizes the packets as
  duplicates.

14
Traditional AODV (RREP)

• Node 6 has a route to destination. It sends a
  route reply RREP to the neighbor that sent the
  RREQ packet.
• Intermediate nodes propagate RREP towards the
  source using cached reverse route entries.
• Other RREP packets discarded unless, dest_seq_
  is higher than the pervious, or same but hop_cnt
  is smaller.
• Cached reverse routes timeout in nodes that do
  not see RREP packet.

Type Flag prsz hopcnt
Dest_addr Dest_addr Dest_addr Dest_addr
Dest_sequence_ Dest_sequence_ Dest_sequence_ Dest_sequence_
Source_addr Source_addr Source_addr Source_addr
lifetime lifetime lifetime lifetime
15
Traditional AODV (RREP)

• Node 6 sends RREP to node 4
• Source_addr1, dest_addr7, dest_sequence_
  maximum (sequence no. stored for node 7,
  dest_sequence_ in RREQ), hop_cnt 1.
• Node 4 finds out it is a new route reply and
  propagates the RREP packet to Node 1.

16
Approach 1 Secure AODV

• Vulnerability issues of AODV (due to intermediate
  nodes)
• Deceptive incrementing of sequence number
• Deceptive decrementing of hop count
• To secure AODV, approach 1 divided security
  issues into 3 categories
• Key Exchange
• Secure Routing
• Data Protection

17
Approach 1 Secure AODV (cont.)

• Key Exchange
• All nodes before entering the network procure a
  one-time public and private key pair from CA and
  CAs public key.
• After that, nodes can generate a Group Session
  Key between immediate neighbors using a suitable
  Group keying protocol.
• These session keys are used for securing the
  routing process and data flow.
• Thus authentication, confidentiality and
  integrity is assured.

18
Approach 1 Secure AODV (cont.)

• Secure Routing (RREQ)
• Node x desiring to establish communication with
  y, establishes a group session key Kx between
  its immediate neighbors.
• Creates RREQ packet, encrypts using Kx and
  broadcasts.
• Intermediate recipients that share Kx decrypt
  RREQ and modify.
• Intermediate nodes that do not share Kx initiate
  group session key exchange protocol with the
  immediate neighbors.
• Intermediate nodes encrypt RREQ packet using the
  new session key and rebroadcast.

19
Approach 1 Secure AODV (cont.)

• Secure Routing (RREP)
• In response to RREQ, y creates RREP.
• RREP is encrypted using the last Group session
  key that was used to decrypt RREQ and is unicast
  back to the original sender.
• If any of the intermediate nodes has moved out of
  wireless range, a new group session key is
  established.
• Recipient nodes that share the forward group
  session key decrypt RREP and modify.
• RREP is then encrypted using backward group
  session key and unicast to x.

20
Approach 1 Secure AODV (cont.)

• Data Protection
• Node x desiring to establish end-to-end secure
  data channel, first establishes a session key Kxy
  with y.
• x symmetrically encrypts the data packet using
  Kxy and transmits it over the secure route.
• Intermediate nodes forward the packet in the
  intended direction.
• Node y decrypts the encrypted data packet using
  Kxy.

21
Security Analysis for Approach 1

• Authorized nodes to perform route computation and
  discovery.
• Routing control packets authenticated and
  encrypted by each forwarding node.
• Minimal exposure of network topology.
• Routing information is encrypted, an adversary
  will gain no information on the network topology.
• Detection of spoofed routing messages.
• Initial authentication links a number of
  identities to each nodes private key.
• Detection of fabricated routing messages.
• To fabricate a routing message session key needs
  to be compromised.
• Prevent redirection of routes from shortest
  paths.
• Routing packets accepted only from authenticated
  nodes, adversary cannot inject anything unless an
  authorized node first authenticates it.

22
Approach 2 Secure AODV (cont.)

• Defines two types of attacks
• Internal external
• Compromised Selfish nodes
• Malicious nodes
• To handle the attacks, this approach suggests two
  models
• Intrusion Detection Model (IDM)
• Intrusion Response Model (IRM)

23
Approach 2 Secure AODV (cont.)

• Vulnerability issues of AODV (due to internal
  attacks)
• Distributed false route request
• Denial of service
• Destination is compromised
• Impersonation

24
Approach 2 Secure AODV (cont.)

• IDM
• Each node employs IDM that utilizes the
  neighborhood information to detect misbehaviors
  of its neighbors.
• When Misbehavior count gt threshold for a node,
  information is sent to other nodes about
  misbehaving node.
• They in turn check their local MalCount, and add
  the result to the initiators response.
• IDM is present on all the nodes and monitors and
  analyzes behavior of its neighbors to detect if
  any node is compromised.

25
Approach 2 Secure AODV (cont.)

• IDM
• Distributed False Route Request
• Malicious node may generate frequent unnecessary
  route requests i.e. false route message.
• If done from different radio range it is
  difficult to identify the malicious node (RREQ
  are broadcasts).
• When a node receives RREQ gt threshold count by a
  specific source for a destination in a particular
  time interval- tinterval, the node is declared
  malicious.

26
Approach 2 Secure AODV (cont.)

• IDM
• Denial of Service
• A malicious node may launch DoS attack by
  transmitting false control packets and using the
  entire network resources.
• Other nodes are deprived of these resources.
• It can be identified if a node is generating the
  control packets that is more than threshold count
  in a particular time interval tfrequency.

27
Approach 2 Secure AODV (cont.)

• IDM - Destination is Compromised
• A destination might not reply if it is
• Not in the network
• Overloaded
• Did not receive route request
• Malicious
• It is identified when a source does not receive
  reply from destination in a particular time
  interval twait.
• Neighbors generate Hello packets to determine
  connectivity.
• If a node is in network and does not respond to
  RREQ destined for it, it is identified as
  malicious.

28
Approach 2 Secure AODV (cont.)

• IDM
• Impersonation
• If Sender encrypts the packet with its private
  key and other nodes decrypt with public key of
  sender , this attack can be avoided.
• If Receiver is not able to decrypt the packet,
  the sender might not be the real source and
  packet will be dropped.

29
Approach 2 Secure AODV (cont.)

• Intrusion Response Model ( IRM )
• A node x identifies that another node m is
  compromised when malcount for that node m
  increases beyond threshold value.
• x propagates to entire network by transmitting
  Mal packet.
• If another node y suspects node m, it reports
  its suspicion to the network and transmits
  ReMal packet.
• If two or more nodes report about a particular
  node , Purge packet is transmitted to isolate
  malicious node from the network.
• All nodes having a route through the compromised
  node look for newer routes.
• All packets received from the compromised node
  are dropped.

30
Approach 3 Secure AODV

• SAODV
• Vulnerability issues of AODV
• Message Tampering Attack compromised node
• E.g. Hop count made 0 by attacker node
• E.g. Hop count made infinite by selfish node.
• Message Dropping Attack selfish node
• Message Replay (wormhole) Attack malicious
  node
• Security Requirements for AODV
• Source Authentication
• Neighbor Authentication
• Message Integrity
• Access Control

31
Approach 3 Secure AODV (cont.)

• Source Authentication
• Receiver should be able to confirm the identity
  of the source.
• Neighbor Authentication
• Receiver should be able to confirm the identify
  of the sender (one-hop previous node)
• Message Integrity
• Receiver should be able to verify that content of
  a message has not be altered either maliciously
  or accidentally in transit.
• Access Control
• It is necessary to ensure that mobile nodes
  seeking to gain access to the network have the
  appropriate access rights.

32
Approach 3 Secure AODV (cont.)

• Route Discovery
• Source node selects a random seed number sets
  Maximum hop-count (MHC) value.
• Using hash function h, source computes hash value
  as h(seed) and Top_Hash as hMHC(seed).
• Intermediate node checks if Top_Hash
  hMHC-Hop_Count(Hash).
• Before rebroadcasting RREQ, increments hop-count
  field by 1 in RREQ header.
• Computes new Hash value by hashing the old value,
  h(Hash).

33
Approach 3 Secure AODV (cont.)

• Route Discovery
• Except for hop-count field and
  hhop-count(seed), all other fields of RREQ are
  non-mutable.
• Hence can be authenticated by verifying the
  signature in RREQ.
• Destination generates RREP on receiving RREQ.

34
Experimental Comparisons

• Between AODV and SAODV
• Indoor Experiments
• 10 laptops are placed in the same room
• Facilitates the comparison of ns-2 simulation and
  indoor emulation results.
• Outdoor Experiments
• Conducted in a rugby field (250m 100m approx.).
• Participants with laptop walked randomly at
  1m/sec.
• Each test run took 6 mins.

35
Experimental Comparisons (Results and Discussions)

• Indoor Emulation and Simulation Results
• UDP Traffic UDP Packet Delivery Ratio

36
Experimental Comparisons (Results and Discussions)

• Indoor Emulation and Simulation Results
• UDP Traffic Routing Control Overhead (in
  packets)

37
Experimental Comparisons (Results and Discussions)

• Indoor Emulation and Simulation Results
• UDP Traffic Routing Control Overhead (in bytes)

38
Experimental Comparisons (Results and Discussions)

• Outdoor Results
• UDP Packet Delivery Ratio
• Routing Control overhead for UDP
• Amount of Routing Packets
• Aggregate Routing Overhead

39
Closing Remarks

• Approach 1
• Authors proposed Approach 1 for both secure
  routing and data protection
• No Experiments have been discussed.
• Approach 2
• No Data Security Provided
• Routing load of a network increases as malicious
  nodes generate False Control Messages.
• After implementing, decreases routing load by
  identifying malicious node and isolating them
  from the network.
• Approach 3
• Ensure both integrity of data and control packets
  by using hash functions.
• Source, Neighbor authentication and access
  control are ensured by digital signatures.
• Many indoor and outdoor experiments have been
  performed.
• More efficient.

40
Thank you!!!

• Questions???