Secure Integration of Internet and Ad Hoc Networks

1
Secure Integration of Internet and Ad Hoc
Networks

• BIN XIE, Ph.D Student
• Anup Kumar, Professor Director of
• Mobile Information Network and Distributed
  Systems (MINDS) Lab
• CECS Department
• University of Louisville
• Louisville, KY 40292

2
Road Map

• Introduction to Ad hoc Networks
• Routing in Ad hoc Networks
• Internet and Ad hoc Networks
• Improved DSDV for Integrated Network
• Security Issues in Integrated Network
• Secure Integrated Network
• Conclusions

3
Introduction to Ad hoc Networks

• MANET Mobile Ad Hoc Networks
• A set of mobile hosts capable of communication
  with each other without the help of base station

4
Wireless Cellular Internet

• Wireless implies changing the point of attachment
  as the host roams between cell.

Internet
R0
R1
R3
R4
BS1
BS2
5
MH is Home
6
MH is away visiting network B
7
Integrated Ad hoc Internet

• Each mobile host is independent and may require
  help form the other hosts

Internet
FA
8
Ad hoc Routing Protocols
To find a route from the source to destination
with certain metric.
lt1,2gt
2
2
lt1gt
5
lt1,3,5gt
5
lt1,3gt
lt1gt
lt1gt
lt1gt
lt1gt
lt1gt
1
1
6
6
3
3
(RREP)
lt1gt
lt1,4gt
lt1,4gt
4
4
lt1,4gt
lt1gt
lt1gt
lt1gt
b Path of Route Reply with
a Route Record During Route
Discovery
Route Record
9
Ad hoc Routing Protocols

• Topology based routing
• Proactive approach
• Reactive approach
• Hybrid approach,
• Position based routing
• Location Services
• Forwarding Strategy

10
Mobile IP and Data Flow

• Mobile IP Providing Mobility for Wired Network.

Correspondent Node
CN
1
4
FA
HA
2
Home Agent
Foreign Agent
Internet
3
Mobile Host
11
An example of ad hoc network with global
connectivity

CN Correspond Note
CN
2
HA
FA
1
HA Home Agent
FA Foreign Agent
4
3
5
Wired Internet
6
8
7
Ad hoc DSDV network
12
Intra-MANET Communication

• If the destination is inside the same ad hoc
  network, a routing entry leading to the
  destination will be found in the routing table.

13
Inter-MANET Communication From Wired Network to
Ad hoc Hosts
14
Internet and Integrated Network

• Foreign agent that may provide the capability to
  connect to a Internet from ad hoc network.
• Reactive approaches (AODV) does not provide
  bi-directional connections
• Proactive approaches (DSDV) can provide
  bi-directional communication
• Communications to wired network may be
  established by multi-hop links
• Ad hoc routing for Intra-MANET communication
• Mobile-IP for Inter-MANET Communications
• Security must be implemented
• from ad hoc host to CN and visa versa.
• secure routing must be provided between ad hoc to
  ad hoc node communication.

15
Solution A Extending mobile IP to DSDV

• Each ad hoc DSDV host maintains a routing table
  to store all destinations.
• Foreign Agent advertises its presence to the DSDV
  network.
• Each ad hoc DSDV host keeps its Mobile IP
  registration by using registration request and
  registration reply.

16
Solution B Hybrid Approach of Extending mobile
IP to AODV

• Proposed by Prashant Ratanchandani and Robin
  Kravets.
• Extending Mobile IP to AODV.
• TTL scoping of agent advertisement.
• Eavesdropping and caching agent advertisement.

17
Solution C Foreign Agent acts as the proxy for
DSDV host registrations.

• Each ad hoc DSDV host maintains a routing table
  to store all destinations.
• Foreign Agent is one of the node of ad hoc DSDV
  network, and keeps a routing table for each ad
  hoc DSDV nodes.
• Foreign Agent acts as the proxy for DSDV host
  registrations.
• Enhanced DSDV Protocol by using neighbor routing.

18
Performances and Comparisons

• The experiments are implemented under NS-2
  simulator.
• Different Simulation Area (330m x 330m, 670m x
  670m, and 1000m x 1000m)
• Different Mobile hosts(10, 20 and 50 nodes) and
  mobility

19
Throughput Comparison
Solution B
Solution A
Solution C FA acts as Mobile IP proxy and
Improved DSDV.
20
Mobile IP Overhead Comparison
Solution A Has higher than B when registrations
are same. Solution C Has almost no Mobile IP
overhead.
Solution C FA acts as Mobile IP proxy and
Improved DSDV.
Solution B
21
Ad hoc protocol Overhead
Solution A and Solution C Has almost same Ad
hoc Protocol overhead, and the overhead is keep
same at different movement. Solution C Has
varied Ad hoc overhead according to the number
of registrations.
22
Delay of Packets
Solution A
Solution C
Solution A and C are better than Solution B
23
Comparisons of three solutions

• The packet delivery fraction of solution A is
  much worse than Solution B, and C.
• To keep registrations for each nodes, solution B
  has higher mobile IP overhead and AODV overhead.
• Solution B provides one way communication.
• The total overhead in Solution B is higher than
  solution C.
• Solution C keep full bi-direction connectivity
  for all nodes with constant overhead.

24
Security Issues for Integrated Internet and Ad
hoc Networks

• No a priori trust relationship between ad hoc
  hosts
• No consistently identify a host with a unique
  identifier
• It is difficult to prevent selfish behavior
• All ad hoc routing protocols are based on the
  benign environment

25
Basic idea of securing policy Exclude malicious
nodes
FA
CN
1
5
M1
S
3
6
M3
M2
D
7
2
4
M malicious node, FA foreign agent, S source
node,
D destination Node
26
Types of Attacks

• Passive and Active Attacks on Internet
  Connectivity
• Passive and Active Attacks on Ad hoc networks
• anti-integrity,
• impersonation,
• anti-confidentiality,
• anti-cooperation.

27
Principles of Security

• HA acts as the authentication server
• Only after being registered with FA and
  certificated by FA, a MN can be trusted by other
  ad hoc MNs
• Binding
• MNs home IP address
• its ad hoc address
• its certificate
• The trustable relationship between ad hoc nodes
  is enhanced by binding process

28
Operations for Security

• (Step 1) FA advertisement and discovery FA
  advertises and MN finds a route to FA.
• (Step 2) MN registration with FA and HA MN
  follows Minimal public based authentication
  protocol to register with FA and HA.

FA
PC say I am coming!
step(1)
FA said Give me your Id.
PC
Can you pass the
verification at your home
agent? (step 2 3)
FA say You pass! Here
is you certificate with you
ID. (step 4)
PC say Oh, I can
communicate now! (step
5)
29
Operations for Security

• (Step 3) Binds MN mobile IP home address and its
  ad hoc ID.
• (Step 4)FA issues the certificate to the
  registered MN from ad hoc network.
• (Step 5) MN creates a local data structure of
  certificates.

FA
PC
30
Operations for Security
31
Analysis for Security

• The process of FA discovery establishes a path
  between FA and MN by using authenticated nodesIt
  avoids those unregistered malicious nodes to
  mislead route or drop registration related
  messages with the intention of hindering MN
  registration.
• Registration with FA plays two main roles
• MNs registration with FA for mobility binding at
  HA to determine whether the MN obtains its
  mobility from HA
• Access control in ad hoc network to determine
  whether the MN can participate in ad hoc routing
  protocol, which enhances the trust relationships
  in the ad hoc network.

32
Analysis for Security

• HA authenticates MN, and FA.
• FA issues certificates to each MN that is used
  for authentications of other ad hoc hosts.
• Authentication, and access control
• Identification
• Non-duplication,
• Integrity
• Cooperation

33
Conclusion for security

• The proposed extension to DSDV (solution c)
  provides better results
• Based on this access control mechanism, malicious
  nodes can be effectively excluded from ad hoc
  network trustworthiness is enhanced.
• Ad hoc Hosts maintains a fresh certificate to
  enforce authentication and integrity to prevent
  the attacks by using unauthenticated, modified,
  fabricated or duplicated message.

34

Thanks and Questions