Integrating Quality of Protection into Ad Hoc Routing Protocols

1
Integrating Quality of Protection into Ad Hoc
Routing Protocols

• Seung Yi, Prasad Naldurg, Robin Kravets
• University of Illinois at Urbana-Champaign

2
Traditional ad hoc routing protocols

• Cooperative by nature
• Rely on implicit trust-your-neighbor
  relationships
• Focus on convergence time and routing
  performance, rather than security

3
Motivation
4
Security-Aware ad hoc Routing (SAR)

• SAR is an approach to routing that incorporates
  security levels of nodes into traditional routing
  metrics
• SAR is typically added on top of existing routing
  algorithms

5
Goals

• Applications can specify the quality of
  protection on their ad hoc route with respect to
  security attributes relevant to them
• SAR aims to protect routing control messages
• For example, disclose routing information to
  trusted nodes only

6
Routing Protocol

• Assume the base protocol is on-demand, such as
  DSR
• Source broadcasts a Route Request (RREQ) with
  desired quality of protection
• Neighbors propagate RREQ only if they could
  support the specified quality of protection
• RREQ sets up reverse path as it propagates
• Destination sends Route Reply (RREP) once it
  receives RREQ

7
Path Establishment
RREQ
S
D
RREP
8
Security Attributes (1)
Attributes Techniques Attacks
Timeliness Time stamps Replay
Ordering Sequence numbers Replay
Authenticity Passwords, certificates Impersonation
Authorization Credentials
9
Security Attributes (2)
Attributes Techniques Attacks
Integrity Digests, digital signatures Modification, fabrication
Non-repudiation Chaining of digital signatures Repudiation
Confidentiality Encryption Eavedropping
10
Quality of Protection

• We have seen how quality of protection is used in
  path establishment
• How to specify quality of protection?
• Trust hierarchy
• Bit vector
• One bit for each security attribute

11
Trust Hierarchy

• Each level has predefined quality of protection
• These levels represent the security capability of
  the mobile nodes and also of the paths
• Associate a number with each level
• Trust level or protection should be immutable
• Keys of each level are distributed to nodes on
  that level.
• Encrypt the portion of the RREQ and RREP headers
  that contain the trust level

12
Simulation Set-up

• ns2 network simulator
• 50 mobile nodes and 3 trust levels
• 15 (H), 15 (M), 20 (L)
• 2 different traffic patterns with 20 flows
• 10 (H), 20 (M), 70 (L)
• 33 (H), 33 (M), 34 (L)
• SAR is implemented on top of AODV

13
Path Discovery
Traffic 1
Traffic 2

• SAR discovered fewer paths
• Paths guaranteed to obey the security requirement

14
Routing Traffic
Traffic 1
Traffic 2

• SAR has lower routing traffic overhead
• nodes drop routing messages if they can not
  satisfy the security requirement

15
Simulation Time
Traffic 1
Traffic 2

• SAR takes more time to finish
• Data packets may follow longer but more secure
  paths
• Control packets experience processing overhead

16
Strong Points

• Exposes security levels to applications so that
  applications can adapt its behavior
• Concept is simple and effective

17
Weak Points

• Overhead Encryption, hashes,
• If the ad hoc network does not have a path with
  nodes that meet RREQs security requirements, SAR
  may fail to find a route even if the network is
  connected

18
Open Questions

• How does SAR perform in real-world experiments?
• Which base protocols are most suitable for SAR?

19
Any Questions?