Security & Efficiency in Ad-Hoc Routing Protocol with emphasis on
Download
Report
Transcript Security & Efficiency in Ad-Hoc Routing Protocol with emphasis on
Security & Efficiency in AdHoc Routing Protocol with
emphasis on Distance
Vector and Link State.
Ayo Fakolujo
Wichita State University
Why Adhoc Networking?
An Adhoc Network is a connection of wireless
systems, transferring data between themselves
with no pre-existing infrastructure available.
Adhoc networks are now important because of
there independence of pre-existing fixed
infrastructure and can be quickly deployed
when needed and inexpensively too.
Why contd.
Can operate in a standalone or connected to a
large network like the internet.
Business environments with collaborating
computing needed (out of office meetings with
clients).
Used to provide crisis management
applications e.g. disaster recovery (take hours
instead of weeks to set up as compared to
wired infrastructure).
DV and LS
SEAD – Secure Efficient Distance Vector
Routing Protocol based on the design of
Destination-Sequenced Distance-Vector
routing protocol
SLSP – Secure Link State routing Protocol
based on the design of Link State Protocol
DV and DSDV
Standard DV looks for the shortest distance
between nodes in a network using the
Bellman-Ford Algorithm. E.g. RIP
Each node acts as a router and maintains a
routing table
Each entry as an address of a destination and
the shortest distance to that destination.
Periodic updates or triggered updates
DV and DSDV contd.
DV although simple, it cannot guarantee
routing loops between different nodes for
some destination
DSDV incorporates sequence number in each
routing table to prevent routing loops.
Each routing update has an even sequence
number.
Can have full dump or incremental update.
LS
LS Routing Algorithms are based on periodic
updates of routing information between
routers.
Standard or Classic LS algorithms, the nodes
declare all links with there neighbors and then
broadcasts to the entire network the routing
messages.
Requires lots of bandwidth.
SEAD
Symmetric Cryptographic operation was used
i.e. one-way hash functions because 3-4 times
faster than asymmetric (digital signature) and
good for CPU limited devices.
Computes the hash values to secure the routing
updates.
Tries to reduce redundant triggered updates by
not using weighted time triggered updates as in
standard DSDV
SEAD contd.
If link to neighbor is broken, sets the metric to
infinity and flags the sequence number so it
would not be used again.
Receiver of SEAD message validates or
authenticates the sender.
Uses the sequence number to authenticate each
entry in the update
Use hash values that corresponds to the
sequence number.
SEAD contd.
Neighbor authentication is also performed (to
verify source of the routing message, by using
shared secret key and Message Authentication
Code.
MAC is included in every routing update for
each node.
SLSP
SLSP nodes send Link state updates and
maintain information about nodes within their
zone (instead of the entire network).
Nodes also make use of one-way hash
functions and key cryptosystem (public/private
pair).
Nodes periodically broadcasts their LSU and
certified keys for validation by receiver nodes.
SLSP contd.
SLSP contains the Neighbor Lookup Protocol (NLP)
that maintains MAC and IP mapping for the node’s
neighbors.
Each broadcasts its (MAC, IP) pair to its neighbors in
form of signed hello messages which prevents DoS
attacks and use of multiple IP addresses by the same
data link layer interface
NLP also helps in Policing for the SLSP e.g. 2 nodes
using the same IP address, notifies the SLSP. The
routing protocol on receipt of such packet drops it.
SLSP contd.
Calculates a hash chain to make sure LSU are
propagated within the zone of origin.
LSU are identified by sender IP address and a
sequence number.
Key broadcasts are done based on network
conditions.
Neighbors are also prioritized, with lowest rate
generating nodes having high priority and vice
versa.
Conclusion and Comparison
Both SLSP and SEAD are robust against
individual adversaries and both also prevents
DoS.
SLSP and SEAD are vulnerable to colluding
attackers (multiple coordinated attackers).
Both makes use of one-way Hash Chains to
secure the routing updates.
Conclusion and Comparison
Both makes use of proactive updates.
No need for Key management entity.
Thank You
Any Questions ????