Chapter 1: Introduction

Download Report

Transcript Chapter 1: Introduction

Network-layer Security of Mobile Ad
hoc Networks
Jiangyi Hu
Advisor: Dr. Mike Burmester
Outline
Introduction
Secure routing
Existing routing protocols
Routing attacks
Secure routing protocols
Cooperation enforcement
Solutions to enforce cooperation
Network layer security of Manets
2
02/24/2004
Introduction
Example of Mobile Ad hoc networks
C
F
B
A
D
E
Network layer security of Manets
3
02/24/2004
Introduction
Characteristics of Manet:
Wireless connection, broadcasting
Dynamic topology
Unfriendly environment
Limited resource
Network layer security of Manets
4
02/24/2004
Introduction
Advantage
Ease of deployment
Fast to deploy
Decreased dependence on infrastructure
Application of Manet
emergency deployments
search and rescue missions
military operations
commercial applications
Network layer security of Manets
5
02/24/2004
Introduction
Vulnerabilities
The basic mechanism
The security mechanism
Security goals
Availability
Confidentiality
Integrity
Authentication
Non-repudiation
Network layer security of Manets
6
02/24/2004
Secure routing
Existing routing protocols
Security threats for routing
Secure routing protocols
Network layer security of Manets
7
02/24/2004
Existing routing protocols
Table driven routing
DSDV (destination sequenced distance vector)
CGSR (Clusterhead Gateway Switch Routing)
WRP (Wireless Routing Protocol)
On demand routing
DSR (dynamic source routing)
AODV (ad-hoc on-demand distance vector)
TORA (Temporally Ordered Routing Algorithm)
Network layer security of Manets
8
02/24/2004
DSR
Dynamic source routing
Route discovery/Route maintenance
Every packet have the entire route
Network layer security of Manets
9
02/24/2004
DSR
A
S-A-B-D
S-A-B-D
B
S-A-B-D
S-A
S
S
D
S-A-B
S-C-E-H
S-A-B
S-C-E
H
E
S
S-C-E
S-C
C
Network layer security of Manets
S-C-E
S-C-E-H
S-C-E-F
F
10
02/24/2004
AODV
Ad-hoc on-demand distance vector routing
No maintenance of routing table as in DSDV
Each node remembers only the next hop for
the route, not the whole route
Network layer security of Manets
11
02/24/2004
AODV
D
C
B
F
A
E
S
Network layer security of Manets
: Reverse path
: Forward path
12
02/24/2004
Routing attacks
Classification:
External attack vs. Internal attack
Passive attack vs. Active attack
Network layer security of Manets
13
02/24/2004
Routing attacks
Attacks for routing:
Modification
Fabrication
Wormhole attack (tunneling)
Denial of service attack
Invisible node attack
The Sybil attack
Rushing attack
Non-cooperation
Network layer security of Manets
14
02/24/2004
Modification
Modify the protocol fields of control messages
Compromise the integrity of routing
computation
Cause network traffic to be dropped,
redirected to a different destination or take a
longer route
Network layer security of Manets
15
02/24/2004
Fabrication
Generating false routing messages, e.g.
routing error messages
Can cause denial-of-service
S
B
M
C
D
: Connected
: Connected through multi-hops
: Forward false error message
Network layer security of Manets
16
02/24/2004
Wormhole attack
Colluding attackers uses “tunnels” between
them to forward packets
Place the attacker in a very powerful
position
The attackers take control of the route by
claiming a shorter path
Network layer security of Manets
17
02/24/2004
Wormhole attack
Example of wormhole attack
tunnel
N
M
D
C
S
B
A
Network layer security of Manets
18
02/24/2004
Denial of service attack
Adversary floods irrelevant data
Consume network bandwidth
Consume resource of a particular node
Network layer security of Manets
19
02/24/2004
Invisible node attack
Attack on DSR
Malicious does not append its IP address
M becomes “invisible” on the path
S
Network layer security of Manets
B
M
20
C
D
02/24/2004
The Sybil attack
Represents multiple identities
Disrupt geographic and multi-path routing
B
M1
M5
M2
M3
Network layer security of Manets
M4
21
02/24/2004
Rushing attack
Directed against on-demand routing protocols
The attacker hurries route request packet to
the next node to increase the probability of
being included in a route
Network layer security of Manets
22
02/24/2004
Non-cooperation
Node lack of cooperation, not participate in
routing or packet forwarding
Node selfishness, save energy for itself
Network layer security of Manets
23
02/24/2004
Secure routing protocols
SRP (Secure Routing Protocol)
ARAN (Authenticated Routing for Ad hoc
Networks)
Ariadne
SEAD (Secure Efficient Ad hoc Distance
vector routing )
Cope with wormhole attack
Network layer security of Manets
24
02/24/2004
SRP
Assume a shared secret key between the
source node and the destination node
Verification of the route request/reply packet
using MAC (Message Authentication Code)
Identities of intermediate nodes accumulated
in the route request packet
Network layer security of Manets
25
02/24/2004
ARAN
Requires a trusted certification authority
Every node forwards a route request or a
route reply must verify it and sign it
Asymmetric cryptography is costly in terms of
CPU and energy usage
Network layer security of Manets
26
02/24/2004
ARAN
Example of ARAN:
S
[RDP,IPD, CertS, NS, t]KS- , CertS
[[REP,IPS , CertD , NS , t]KD-, CertD ]KB- , CertB
B
[[RDP,IPD, CertS, NS, t]KS- , CertS ] KB- , CertB
C
[[REP,IPS , CertD , NS , t]KD-, CertD ]KC- , CertC
[[RDP,IPD, CertS, NS, t]KS- , CertS ] KC- , CertC
[REP,IPS , CertD , NS , t]KD-, CertD
: broadcast
: unicast
D
Network layer security of Manets
27
02/24/2004
Ariadne
Each node generates a one-way key chain
(K0,K1,…Ki,…Kn) and publishes the keys in reverse
order from generation
The sender picks Ki which will still be secret at the time
the receiver receives the packet
When a receiver receives a packet, it first verifies Ki is
still secret, then it buffers the packet and waits for the
sender to publish key Ki
Need time synchronization
Network layer security of Manets
28
02/24/2004
SEAD
Based on Destination-Sequence Distance
Vector Protocol (DSDV)
Uses one-way hash chain (h0 ,h1,…hi,…hn )
Use a hash value corresponding to the
sequence number and metric in a routing
update
Attacker can never forge better sequence
number or better metric
Network layer security of Manets
29
02/24/2004
Cope with wormhole attack
Geographic leash
Ensures that the recipient of the packet is within a
certain distance from the sender
Temporal leash
Ensures that the packet has an upper bound on its
lifetime
Network layer security of Manets
30
02/24/2004
Cooperation enforcement
Introduction
Solutions
Currency based
Local monitoring
Network layer security of Manets
31
02/24/2004
Cooperation enforcement
Currency based
Nuglets
Sprite
Local monitoring
Watchdog and path rater
Confidant
CORE
Token-based
Network layer security of Manets
32
02/24/2004
Nuglets
Nuglets ---- a virtual currency
Packet purse model
Sender pay nuglets in advance
Intermediate node takes nuglets for forwarding
service
Packet trade mode
Intermediate nodes “buys” the packet from the
previous one and “sells” it to the next one
Network layer security of Manets
33
02/24/2004
Nuglets
Advantage
Packet
purse
model
deters nodes from
difficult to estimate the
sending useless data and number of nuglets that
overloading the network
are required
source does not have to
Packet
trade mode know in advance the
number of nuglets
required
Network layer security of Manets
Disadvantage
34
can not prevent nodes
from overloading the
network
02/24/2004
Sprite
Uses credit to provide incentive to selfish
nodes
Nodes keep receipt to get payments from the
Credit Clearance Service (CCS)
Credit that a node receives depends on
whether its forwarding is successful or not
Network layer security of Manets
35
02/24/2004
Watchdog and path rater
A node's watchdog Listens promiscuously to the
next node's transmissions
If a node does not forward, it is misbehaving
The path rater choose the best path from watchdog
ratings
S
A
B
C
D
: Connected
: Connected through multi-hops
: Forwarding
: Listening
Network layer security of Manets
36
02/24/2004
Confidant
Consists of:
Monitor
Reputation System
Path Manager
Trust Manager
Network layer security of Manets
37
02/24/2004
Confidant
Detects malicious nodes
by means of observation or reports about several
types of attacks
Allows nodes
to route around misbehaved nodes
to isolate misbehaved nodes from the network
Network layer security of Manets
38
02/24/2004
CORE
Basic components:
Reputation table
stored in each node
the reputation value of each node
Watchdog mechanism
detect misbehavior nodes
Network layer security of Manets
39
02/24/2004
Token-based
Each node has to have a token
Local neighbors monitor
The token is renewed via multiple neighbors
The period of validity of a node’s token is
dependent on how long it has stayed and how
well it has behaved
Network layer security of Manets
40
02/24/2004
Token-based
Composed of:
Neighbor verification
Neighbor monitoring
Intrusion reaction
Security enhanced routing protocol
Network layer security of Manets
41
02/24/2004
Summary
Introduction
Secure routing
Existing routing protocols
Security attacks
Defenses
Node cooperation
Currency based
Local monitoring
Network layer security of Manets
42
02/24/2004
Thank you!