Performance and Security in Mobile Ad Hoc Networks

1
Performance and Security in Mobile Ad Hoc Networks

• Masters Thesis Defense
• Karthik Sadasivam
• M.S. in Computer Science
• University of Houston - Clear Lake
• April 11th, 2005

Committee Dr. T. Andrew Yang (chair) Dr. Alfredo
Perez-Davila Ms. Wei Ding
2
Outline

• Introduction
• Background
• Routing in MANETs
• Secure Routing in MANETs
• Simulation Study of Performance in MANETs
• Mobility models
• Contributions
• Scenario-based Performance Evaluation of Secure
  Routing in MANETs
• Evaluation of Certificate-based Authentication in
  MANETs
• Conclusion
• Future Work
• Bibiliography

3
Introduction

• A Mobile Ad-hoc NETwork (MANET) is an autonomous
  collection of mobile users that communicate over
  wireless links
• Require no fixed infrastructure or base stations
  for communication
• Easily deployed in places where it is difficult
  to setup any wired infrastructure. For e.g.
  battlefield, rescue operations, etc.
• Every node in a MANET acts as a router and
  forwards packets to other nodes in the network

4
Introduction

• Advantages
• Easy to set up
• Easy re-configuration
• Low cost of deployment
• Some Applications
• Battlefield communications
• Rescue disaster recovery Operations
• Event Coverage
• Data sharing in Classrooms

5
Introduction

• General Issues and Characteristics
• of MANETs
• Distributed Network
• Dynamic Topology
• Power-Aware nodes
• Addressing scheme
• Scalability
• Error Prone Broadcast Channel
• Security

The Exposed Terminal Problem
The Hidden Terminal Problem
6
Background Routing in MANETs
Classification of Routing Protocols
7
Background Routing

• Table-driven/Proactive Routing Protocols
• Nodes maintain an active list of routes to every
  other node in the network in a routing table
• Periodic updates sent to every neighbors to
  maintain the routes updated
• DSDV Destination Sequenced Distance Vector
  Routing Protocol
• Based upon the distributed Bellman-Ford algorithm
• Avoids the looping problem using sequence numbers
• Compatible in cases where a base station is
  available (e.g. Wireless LANs)
• Optimizations Average settling delay and
  triggered updates

Destination Next Hop Metric Seq. No Install Time Stable Data
DSDV Routing Table
8
Background Routing

• On-Demand/Reactive Routing Protocols
• Nodes find route to destination only when needed
• No periodic routing table broadcasts
• Two phases in routing route discovery and route
  maintenance
• DSR (Dynamic Source Routing)
• Based on Source Routing
• Route cache is maintained at every node
• Route discovery RREQ packets are broadcast,
  RREP is unicast
• Route Maintenance RERR packets
• Optimizations - non- propagating route requests,
  gratuitous route replies
• Advantages of DSR

9
Background DSR
DSR Route discovery and maintenance
Route Discovery
Route Maintenance
10
Background Security in MANETs

• Issues in Designing a Secure Protocol
• Hostile environment
• Decentralized architecture
• Shared broadcast radio channel
• Dynamic Topology
• Power limitations

11
Background Attacks

• Attacks on MANET Routing Protocols
• Attacks using modification
• Attacks using impersonation
• Attacks using fabrication
• Special attacks
• Black hole attack
• Worm hole attack

Wormhole Attack
12
Background Secure Routing

• Secure Routing in MANETs
• Design goals
• No spoofed routes
• No fabricated routing messages injected into the
  network
• No alteration of routing messages in transit
  except according to the normal functionality of
  the routing protocol
• No routing loops
• No redirections of routing packets
• Several Secure Routing Protocols
• SEAD
• ARAN
• ARIADNE
• ARAN

13
Background SEAD

• Secure Efficient Ad hoc Distance vector (SEAD)
  protocol
• Based on DSDV. Two modifications
• No average settling delay
• sequence numbers not incremented for broken
  links
• Uses one-way hash chains to authenticate route
  updates
• One-way hash chains
• Built on a one-way hash function.
• H0,1?0,1p
• Simple to compute but infeasible to invert
• Message Authentication
• The source node randomly pick up a value x in the
  beginning, and then it generates a hash chain
  xh0,h1,h2,,hn
• Suppose m is the network diameter, and n is
  divisible by m
• It then releases hn to everybody

14
Background SEAD

• SEAD (contd.)
• For authenticating a routing update with sequence
  number i and metric j, it sends hn-imj
• The attacker can never forge better metrics or
  sequence numbers
• Attacker can only generate worse metrics or
  sequence numbers
• However, other information such as node name or
  next hop can be forged
• To prevent this, stream authentication schemes
  such as TESLA can be used
• Prevents against multiple co-ordinated attacks
  and routing loops
• Fails to prevent against the wormhole attack

15
Background Simulation Study

• Simulation Study of Performance in MANETs
• Lack of necessary infrastructure for MANETs to be
  deployed in a realistic scenario
• Current research mainly focuses on
  simulation-based evaluation
• Several network simulators available for MANET
  research
• Simulator chosen ns-2
• Ns-2 is available as a open source distribution
  Its free!
• Models the IEEE 802.11 physical and MAC layers
  more accurately
• Supported by a large community of researchers

16
Background Ns-2

• Introduction to Ns-2
• Open source discrete event simulator developed at
  UC, Berkeley
• focused on modeling network protocols
• Platforms basically all Unix and Windows
• Software structure C OTcl
• Components of Ns-2
• ns, the simulator itself
• nam, the Network AniMator
• pre-processing tools/utilities
• post-processing tools/utilities

Screenshot of the Network animator
17
Background Mobility Models

• Mobility models
• Used to simulate the movement of nodes in a MANET
• Two Categories
• Entity Mobility models
• Random Waypoint Model
• Gauss Markov Mobility Model
• City Section Mobility Model
• Group Mobility models
• Reference Point Group Mobility (RPGM) Model

18
Scenario-Based Evaluation of Secure Routing in
MANETs

• Problem Definition
• Earlier performance evaluation of secure routing
  protocols have used the Random Waypoint model
• Need for more sophisticated mobility models and
  scenarios
• Performance evaluation in these scenarios will
  give an insight of the applicability of the
  protocol
• Helps to understand the tradeoffs between
  performance and security

19
Experimental Setup

• Experimental setup
• Simulation Environment
• Ns-2 version 2.27 over a Cygwin platform running
  on Windows XP
• Physical and MAC layer model in ns-2
• Protocol Distributed Co-ordinated function
  (DCF) mode of IEEE 802.11 for WLANs
• Radio model Lucents WaveLAN bit rate of 2Mb/s
  and nominal radio range of 250 meters
• Signal propagation model free space propagation
  model and a two-ray ground reflection model

Ns-2 environment
20
Traffic pattern

• Traffic pattern
• The cbrgen.tcl script was utilized
• Constant Bit Rate (CBR) traffic

Traffic pattern Traffic pattern
Maximum number of connections 20
Application data payload size 512 bytes
Packet rate 4 packets / sec
21
Scenarios

• Scenarios
• The mobility scenario generation tool BonnMotion
  was used for generating the scenarios.
• The Battlefield Scenario
• Control parameter Pause time

Parameters Values
Mobility model RPGM
Distribution of nodes 10 in each group 5 groups
Simulation Area 2000 2000 m
Probability of group change 0.25
Node speed Max speed 5 m/s Min speed 1 m/s
Maximum distance to group center 50 m
22
Scenarios

• The Rescue Operation Scenario
• Control parameter Pause time

Parameters Values
Mobility model RPGM
Distribution of nodes 5 in each group 10 groups
Simulation Area 1000 1000 m
Probability of group change 0.05
Maximum distance to group center 100 m
Node speed Max speed 2 m/s Min.speed 1 m/s
23
Scenarios

• The Event Coverage Scenario

Parameters Values
Mobility model Gauss Markov Model
No. of nodes 50
Simulation Area 500 500 m
Maximum speed of nodes 5 m/s
Angle SD 0.5
Speed SD 0.5
24
Metrics

• Packet Delivery Fraction (PDF)
• Normalized Routing Load (NRL)
• Average end to end delay (AED)

25
Results Impact on PDF

• PDF higher at lower pause times
• SEAD has fresher routes at a given time than DSDV
• PDF converges to almost 100 at higher pause
  times

26
Results Impact on the PDF (contd.)

• DSR adapts better to varying node densities and
  link changes
• SEAD has higher PDF than DSDV at higher pause
  times

27
Results Impact on the NRL

• DSR has lower NRL (reactive approach)

28
Results Impact on the NRL (contd.)

• NRL higher for SEAD more routing updates
• NRL varies with node density

29
Results Impact on the AED

• AED important for event coverage multimedia
  traffic
• Higher delay for SEAD and DSDV (more congestion)

30
Results Impact on the AED (contd.)
31
Summary

• Performed a scenario-based performance evaluation
  of three routing protocols DSDV, DSR and SEAD
• Seemingly contradicting constraints
• SEAD unsuitable for battlefield scenario
• High value of NRL ,AED
• Proactive more routing advertisements
• DSR would be an ideal protocol if security were
  not an issue
• Rescue operation scenario
• More demanding in terms of throughput
• DSDV more ideal routing tables more up-to-date.
• Event coverage scenario
• multi-media traffic
• SEAD unsuitable high AED
• Coverage area is least ? DSR would be ideal due
  to low NRL

32
Evaluation of Certificate-based Authentication in
MANETs

• Problem Definition
• Domain Key management and Authentication
• The certificate-based authentication is well
  studied in wired networks
• Adapting them to MANETs is challenging task
• Centralized CA not feasible

Centralized authentication scheme in WLANs
33
Evaluation of Certificate-based Authentication in
MANETs

• Requirements for a Secure and Effective CBA in
  MANETs
• Distributed authentication
• Resource awareness
• Efficient certificate management mechanism
• Heterogeneous certification
• Robust pre-authentication mechanism

34
Evaluation of Certificate-based Authentication in
MANETs

• Self organized public key management
• Approach is similar to PGP certificates but with
  no central certificate server
• Uses Certificate graphs
• Assumption public keys have been exchanged over
  a side channel
• Certificate mechanism
• Pros and Cons
• fully self-organized
• expensive tables
• Re-negotiation on moving to a new locality

Certificate graph
35
Evaluation of Certificate-based Authentication in
MANETs

• Providing Robust and Ubiquitous Security Support
  for MANETs
• Distributed certification based on threshold
  cryptography and shared secrets
• Basic goal share a secret key k among an
  arbitrarily large community using a secret
  polynomial f(x) of degree (k-1)
• Certificate Management
• Pros and Cons
• No centralized certificate authority
• at least k one-hop neighbors for authentication
• certificates cannot be issued to nodes which are
  more than a hop away
• requires a bootstrapping phase

36
Evaluation of Certificate-based Authentication in
MANETs

• Self Managed Heterogeneous Certification
• Uses trust graphs for heterogenous CAs
• Node A is said to trust node B when node B can
  be verified as authentic based on Bs digital
  certificate signed by a CA that A currently
  trusts
• Certificate Management
• Pros and Cons
• support for cross-certification between CAs in
  different domains
• the certificate discovery mechanism occurs over
  multiple-hops

37
Evaluation of Certificate-based Authentication in
MANETs

• Trust and Clustering-based Authentication
• Use two models
• Trust model based on PGP
• Network model based on clustering
• Defines Trust quantitatively a value between 0
  and 1
• Certificate Management
• Pros and Cons
• Able to discover and isolate a high percentage of
  malicious nodes
• Storage of trust tables is costly
• Mobility of nodes leads to change of membership
  and re-authentication

38
Evaluation of Certificate-based Authentication in
MANETs

• Metrics for Performance Evaluation
• Successful Certification Ratio (µ)
• Settling time (st)
• Frequency of Certification (fcert)
• Average Certification Delay (acd)

39
Conclusions

• This thesis focused on the two most important
  issues in mobile ad hoc networks performance
  and security
• Study of performance in realistic scenarios is
  vital to gain an insight of the applicability of
  a routing protocol when deployed practically
• This thesis studied the Secure Routing Protocol
  (SEAD) and compared it with an on-demand (DSR)
  and table-driven routing protocol (DSDV) using
  realistic mobility models
• A performance analysis gave an insight of the
  applicability of the three protocols and the
  tradeoffs involved between performance and
  security

40
Conclusions

• Authentication and key management is another
  important issue in Ad hoc networks
• This thesis focused on the certificate-based
  authentication mechanisms
• A survey of these mechanisms was done
• The requirements of an efficient and secure
  certificate based mechanism were identified
• A qualitative evaluation of these mechanisms was
  done
• Performance metrics for quantitative evaluation
  were identified

41
Future Work

• Performance of other secure routing protocols
  such as ARAN, ARIADNE, etc.
• Performance evaluation of routing protocols in a
  malicious environment is another interesting
  research area
• Scenario based performance analysis of the
  certificate based authentication mechanisms

42
Bibiliography

• 1 Karthik Sadasivam and T. Andrew Yang.
  Evaluation of Certificate-Based Authentication
  in Mobile Ad Hoc Networks. Accepted for The
  IASTED International Conference on Networks and
  Communication Systems (NCS 2005), Krabi,
  Thailand, April 2005
• 2 Karthik Sadasivam, Vishal Changrani, T.
  Andrew Yang, Scenario-based Performance
  Evaluation of Secure Routing in MANETs,
  Submitted to the Second International Workshop on
  Mobile Ad Hoc Networks and Interoperability
  Issues (MANETII'05), Las Vegas, Nevada, June 2005
• 3 Thesis webpage http//sce.cl.uh.edu/sadasiva
  mk

43
(No Transcript)