An On-Demand Secure Byzantine Routing Protocol

1
An On-Demand Secure Byzantine Routing Protocol

• David Holmer
• Department of Computer Science

2
Presentation Outline

• Introduction
• Attacks Byzantine Behavior
• ODSBR
• Results

Feel Free to Ask Questions Throughout the
Presentation
3
Mobile Ad Hoc Wireless Networks

• Non-centralized architecture - All nodes pass
  traffic
• Advantages
• Increased Coverage (overall range less gaps)
• Reduced Deployment Cost (less wired connectivity)
• Rapid Deployment (self configuring self
  healing)
• Security Challenges
• Collaborative nature
• All nodes participate in routing - can we trust
  them?
• Lack of physical security
• Wireless broadcast medium - anyone can eavesdrop
• Mobile devices highly susceptible to theft and
  tampering

Security is a Vital Component!
4
Publications

• WiSE 2002 An On-Demand Secure Routing Protocol
  Resilient to Byzantine Failures
• MILCOM 2004 The Pulse Protocol Sensor Network
  Routing and Power Saving
• INFOCOM 2004 The Pulse Protocol Energy
  Efficient Infrastructure Access
• WONS 2004 High Throughput Route Selection in
  Multi-rate Wireless Networks
• IZS 2004 Swarm Intelligence Routing Resilient
  to Byzantine Adversaries
• WONS 2005 The Pulse Protocol Mobile Ad hoc
  Network Performance Evaluation

• SECURECOM 2005 On the Survivability of Routing
  Protocols in Ad Hoc Wireless Networks
• NDSS 2005 Secure Multi-hop Infrastructure
  Access
• INFOCOM 2005 Provably Competitive Adaptive
  Routing
• MONET Journal 2006 The Medium Time Metric
  High Throughput Route Selection in Multi-rate
  Wireless Networks
• ESAS 2006 Dynamics of Learning Algorithms for
  the On-Demand Secure Byzantine Routing Protocol

Most relevant to this talk
Other work
5
Basic Problem
Source
Destination
Shortest Path
Fault Free Path
6
Presentation Outline

• Introduction
• Attacks Byzantine Behavior
• ODSBR
• Results

Feel Free to Ask Questions Throughout the
Presentation
7
Strong Attacks

• Adversarial Properties
• Single Majority
• External Byzantine / Insider
• Individual Colluding

• Attacks
• Insertion/Modification
• Black hole
• Wormhole
• Flood Rushing
• Denial of service

Black hole
Wormhole
8
Byzantine Behavior

• Significant research to protect against external
  adversaries (traditional secret based exclusion)
• However, authenticity and integrity do not
  provide any guarantee about the legitimacy of
  actions taken by authenticated / insider nodes
• Attacks where the adversary has full control of
  an authenticated device and can perform arbitrary
  actions to disrupt the network
• Byzantine Generals problem Lamport 82

9
Related Work

• Byzantine robustness for Wired Link State
  routing Perlman 88
• Authentication and integrity Zhou, Haas 99
• Hubaux, Buttyan, Capkun 01
• Dahill, Levine, Shields, Royer 02
• Hu, Perrig, Johnson 02, 01
• Blackhole Marti, Giuli, Lai, Baker - 00
• Papadimitratos, Haas - 03
• Wormhole Hu, Perrig, Johnson 03
• Hu, Evans 04
• Flood rushing Hu, Perrig, Johnson 03
• Majority do not address the Byzantine adversarial
  model
• Focus on individual attacks - no comprehensive
  solutions!

10
Presentation Outline

• Introduction
• Attacks Byzantine Behavior
• ODSBR
• Results

Feel Free to Ask Questions Throughout the
Presentation
11
On-Demand Secure Byzantine Routing

• Provides Survivable routing in a Byzantine
  environment
• Original version published in WiSe 2002 (gt25
  cites)
• Trust model
• Source and Destination are trusted
• Intermediate nodes are authenticated (PKI
  Symmetric keys)but not fully trusted
• Adversarial model
• Majority of colluding byzantine adversaries
• All routing attacks except - eavesdropping,
  resource consumption, wormhole creation, other
  layers
• Our solution
• An on-demand routing protocol
• Link based reliability metric
• Bounded losses as long as there exists a
  fault-free path
• Avoids the need for Byzantine Agreement (costly
  less capable)

12
ODSBR Protocol Overview
Route Discovery with Fault Avoidance
Byzantine Fault Detection
Discovered Path
Link Weight Management
Weight List
Faulty Link
13
ODSBR Protocol Overview
Route Discovery with Fault Avoidance
Byzantine Fault Detection
Discovered Path
Link Weight Management
Weight List
Faulty Link
14
Route Discovery

• On-demand protocol
• Finds a least weight path
• Request flood
• Request includes weight list and signature
• Signature verified at every hop
• Prevents un-authorized route requests

15
Route Discovery (cont.)

• Response flood
• Prevents response block attack
• Path and weight accumulated hop by hop
• Appends signature to response
• Lower cost updates are re-broadcast
• Every hops verifies the entire path
• Prevents flood rushing/blocking attack
• A min-weight path is always established
• Path is not guaranteed to be fault free

16
Fault Detection Phase
Route Discovery with Fault Avoidance
Byzantine Fault Detection
Discovered Path
Link Weight Management
Weight List
Faulty Link
17
Fault Detection Strategy

• Probing technique using authenticated
  acknowledgements
• Naïve probing technique
• Too much overhead per data packet!

18
Secure Adaptive Probing
Source
Destination
Success
Fault 1
Fault 2
Fault 3
Fault 4
Binary search identified in log n faults
Trusted Node
Successful Probe
Successful Interval
Intermediate Node
Failed Probe
Faulty Interval
19
Probe Ack Properties

• Probes
• Inseparable from data - listed on all packets
• Integrity checked at each probe - HMAC
• Enforces path order - reverse ordered HMAC list
• Acks
• Authenticated - HMAC
• Single combined ack packet - individual HMAC of
  entire ack packet so far added at each probe
• Adversary cant selectively drop some of the acks
• Staggered timeouts - restarts ack packet
• A node cant incriminate any link but its own

20
Fault Identification

• Fault Definition
• Packet loss rate violates a fixed threshold
• Excessive delay also causes packet loss
• Identifies faulty links regardless of reason
• Malicious behavior
• Non-malicious malfunction
• Adverse network behavior
• Congestion
• Intermittent connectivity

21
Link Weight Management Phase
Route Discovery with Fault Avoidance
Byzantine Fault Detection
Discovered Path
Link Weight Management
Weight List
Faulty Link
22
Link Weight Management

• Maintains a weight list of identified links
• Faulty links have their weight doubled
• Resets link weights
• Timed by successful transmissions
• Bounds average loss rate
• Weight scheme provides soft avoidance
• Minimal penalty for false positives
• Network is never partitioned
• Allows use of aggressive fault thresholds

23
Presentation Outline

• Introduction
• Attacks Byzantine Behavior
• ODSBR
• Results

Feel Free to Ask Questions Throughout the
Presentation
24
ODSBR Attack Mitigation

• Injecting, modifying packets HMAC
• Replay attack use of nonces
• Flood rushing protocol relies on the metric,
  and not on timing information
• Black hole unreliable links are avoided using
  metric
• Wormhole creation is not prevented, but it is
  avoided using metric

25
Loss Bound Analysis

• Network of n nodes of which k are adversaries
• Assume a fault free path exists
• Protocol bounds the number of packets lost
  communicating with the destination

26
Byzantine Attack Simulation

• Simulated attacks
• Black Hole
• Wormhole
• Super-Wormhole
• Flood Rushing

Random StrategicAdversary Placements
27
AODV Simulation Summery
28
ODSBR Simulation Summery
29
Conclusion

• On-demand routing protocol resilient to a wide
  range of colluding byzantine attacks
• Adaptive probing scheme identifies faulty link
  location without Byzantine Agreement
• Bounded long term loss rate guaranteed
  correctness in any network
• Excellent performance in a myriad of practical
  scenarios

30
(No Transcript)
31
Experimental Lessons Learned

• Most important factors
• Flood rushing
• Strategic positioning
• Quantify the relative strength of different
  attacks
• ODSBR
• able to mitigate wide range of Byzantine attacks
• not significantly affected by flood rushing
• performance decreased when a large number of
  adversarial links exists

32
ODSBR - simulation
ACHR - SecureComm05

• Implementation simulation
• NS2 network simulator
• 50 nodes randomly placed within a 1000 x 1000
  meter square area
• In addition, 0 to 10 adversarial nodes were added
• Random way-point mobility model
• A traffic load of 10 CBR flows
• ODSBR vs. AODV

33
Black Hole

• Attack
• An attacker lies along the selected path
• The attacker passes routing control traffic
  correctly (route request, response, acks, etc.)
• However it drops or corrupts data traffic
• Strong variants may do this adaptively to avoid
  detection

Source
Destination
34
Black Hole

• ODSBR Defense
• Secured acks detect ANY damage of data flow
• Adaptive probing localizes the damage to one of
  the adversaries links
• Weight of adversarial link is increased allowing
  correct path to be found

Source
Destination
35
Black hole attack Flood Rushing
36
Worm Hole

• Attack
• Two attackers establish a path and tunnel packets
  from one to the other
• The worm hole turns many hops into one virtual
  hop creating shortcuts in the network
• This allows a group of adversaries to easily draw
  in packets and drop them

Source
Destination
37
Worm Hole

• ODSBR Defense
• Worm hole creation is not prevented
• Impossible without assumptions about links and/or
  additional non-standard hardware/information
• Worm holes are benign unless they disrupt data
  flow
• Worm hole link can be identified and avoided

Source
Destination
38
Wormhole attack random placement
39
Central wormhole simulation
40
Complete Coverage simulation
41
Flood Rushing Attack

• exploits flood duplicate suppression
• authentication doesnt help
• can result in many adversarial controlled paths
• ODSBR Defense
• hop-by-hop authentication
• process all duplicate flood packets and
  rebroadcast lower metric valid flood packets

42
Byzantine Wormhole attack
Adversary
Adversary
wormhole
Destination
Source

• ODSBR Defense
• wormhole formation is not prevented
• wormhole will be detected and avoided

43
Super-Wormhole

• a more general (and stronger) variant of the
  wormhole attack
• several adversaries collude and form an overlay
  of Byzantine wormholes
• for n adversaries, it is equivalent to n2
  wormholes

44
ODSBR - continued

• Fault any disruption that causes significant
  loss or delay in the network
• End-to-end ACKs
• Reliability metric based on past history
• Faulty links are identified using an adaptive
  probing technique, and avoided during the secure
  route discovery
• Maximum damage that can be caused by adversaries
  is bounded
• q- - ? ? q ? b ? kn ? log2n

45
(No Transcript)
46
(No Transcript)
47
(No Transcript)
48
(No Transcript)
49
Black Hole Flood Rushing

• Black Hole Adversary selectively drops only
  data packets, but still participates in the
  routing protocol correctly
• Flood Rushing takes advantage of the flood
  suppression mechanism
• Simulation
• Black hole drop all data packets
• Flood rushing ignore broadcast delays

50
Overhead non-adversarial scenario
51
Overhead attack scenario
52
Analysis

• for a good path
• Losses ( Gains ) X LossRate lt 0
• We get
• Losses ( Gains ) X LossRate lt delta
• Delta nodes X adv X log 2 nodes

53
Link Weight Management

• Maintains a weight list of identified links
• Faulty links have their weight doubled
• Resets link weights
• Timed by successful transmissions
• Bounds average loss rate
• Network is never partitioned

1
1
1
1
1
1
54
On-Demand vs. Proactive Routing Security Concerns

• On-Demand
• Source Authentication
• Caching presents adversarial opportunity
• Pro-active
• Harder to secure since pieces of information can
  not be traced back to a single source.

55
Black Hole Attack

• Problem Adversary may delete a packet
• How do we detect and avoid black holes ?
• Reliable node may be blamed
• Detecting failing node Consensus costs ()

X
a
b
c
X
a
b
c
56
Worm Holes

• Two attackers establish a path and tunnel packets
  from one to the other
• The worm hole turns many adversarial hops into
  one virtual hop creating shortcuts in the network
• This allows a group of adversaries to easily draw
  packets into a black hole

Source
Destination
57
Flood Blocking

• Flood Blocking Attack
• Adversary propagates a false short path
• Intermediate nodes do not forward inferior
  valid path information
• Source ignores the false path
• No path is established
• Path must be verified at intermediate nodes

58
Fault Detection Strategy

• Probing technique using authenticated
  acknowledgements
• Naïve technique
• Receiving an ack from every node overly costly!

D
59
OLD Route Discovery

• On-demand protocol
• Bi-directional flood
• Request flood
• Source includes weight list and a signature
• Request verified at each hop

Request
Response
60
OLD Probe Ack Specification

• Probes
• List of probes attached to every packet
• Each probe is specified by an HMAC
• Probes listed in path order
• Remainder of probe list is onion encrypted
• Ack
• Authentication via HMAC
• Collected and onion encrypted at each probe point

61
Thank You! Questions??
Authors
Baruch Awerbuch, Reza Curtmola, David
Holmer,Herbert Rubens
Cristina Nita-Rotaru
Johns Hopkins University Department of Computer
Science
Purdue University Department of Computer Science
crisn_at_cs.purdue.edu
baruch, crix, dholmer, herb _at_cs.jhu.edu
http//www.cnds.jhu.edu/archipelago