Security Improvement for Ad Hoc Wireless Network, by Visal Kieth

Download Report

Transcript Security Improvement for Ad Hoc Wireless Network, by Visal Kieth

Security Improvement for
Ad Hoc Wireless Network
Visal Kith
ECE 695
05/05/2006
Security Goal
To improve security in ad hoc routing
protocol, especially focus on AODV and
DSR.
 To secure data communication over
wireless network.

Why Need Security?

To ensure:
Integrity – no unauthorized modification of
resources.
 Non-repudiation – to ensure that a message
was originally sent by the sender and it was
verified that the message was received by the
recipient.
 Confidentiality – information is never released
to unauthorized users.

Type of Attacks

Passive Attacks


An attacker stay quietly and listening to the
route traffic. The purpose of passive attack is
to discover routing information, relationship
between nodes, and the network topology.
Active Attacks

An attacker performs actions which to cause
interruption and congestion to the network
traffic by modifying the content of routing
packet, broadcasting wrong information or old
information.
Type of Attacks

Denial of Service Attacks


Impersonation Attacks


An attack on the network that causes a loss of service to other
nodes, either by consuming the bandwidth or overloading the
system.
An attacker broadcast wrong routing information to other nodes
and terminate the traffic for the desired destination node.
Military Attacks


An attempt to destruct enemy networks in preparation for battle
including intelligence gathering.
An attacker use passive attack to gathering information about
network topology. To disable some part of the network
temporarily by using denial of service attacks.
Security Requirement

To improve security we need:
An efficient key generation
 An efficient key management
 Public key cryptography

 Digital
signature such as DSA, and RSA.
 Encryption algorithm such as RSA.
Key Generation



Most public key cryptography require a large
size key (prime number), usually 1024 – 2048
bits.
For government and military application key size
is up to 15,000.
How to generate a large prime number?


Hash function is played an important role to generate
a large number.
Some popular hash functions are SHA-1, SHA-256,
and SHA-512.
Key Generation Performance
Key Management

Threshold Cryptography
A dealer shares a secret key between n
parties.
 At least k out of n node need to combine
knowledge to perform cryptography operation.
 However, combining the shares would not
reveal the actual private key.

Digital Signature

Generally, digital signature scheme consists of:




A key generation algorithm
A signing algorithm
A verification algorithm
Two popular digital signature are:


RSA Signature: developed by Rivest, Shamir and
Adleman. The strength of RSA is depend on factoring
problem.
DSA: Digital Signature Algorithm was developed by
National Institute of Standards and Technology
(NIST).
Security Improvement of AODV

AODV Routing Operation
RREQ – Route request message is broadcast
when a node needs to discover a new route to
a new destination.
 RREP – Route reply message is broadcast by
a destination node to the origination of the
RREQ.
 RERR – Route error message is broadcast to
notify other nodes that the loss of a link has
occurred.

Security Improvement of AODV

AODV Signature Routing Protocol



To provide confident that the message was sent and
forwarded by a trusted node, signatures are required
from the originator node, as well as an intermediate
node.
Originator Signature = [ h(m) ] KAHop Count Signature = [ hCount (Hop Count) ] KN-
Security Improvement of AODV
Signature Routing for RREQ
Security Improvement of AODV
Signature Routing for RREP
Security Improvement of AODV
Signature Routing for RERR
Security Improvement of DSR

DSR Signature Routing Protocol
Similar to AODV, I also use signature routing
to secure DSR routing protocol.
 Originator Signature = [ h(m) ] KA Address Signature = [ h(Address[1], …
Address[i]) ] KiWhere 1 <= i <= n

Security Improvement of DSR
Signature Routing for RREQ
Security Improvement of DSR
Signature Routing for RREP
Security Improvement of DSR
Signature Routing for RERR
Communication Security Over Ad
Hoc Wireless Network
Communication such as sending
document files, media file, voice
communication .etc. over wireless network
may be in risk of getting attack.
 This paper introduce to use RSA
encryption to encrypt the data before
sending to the receiver.
 Requirement: key size >= 2048 depend on
how secret the information is.

A Better Security



To have a better security, I introduce to use
nonce, timestamp, and digital signature while
encrypting a data.
Nonce – is a number that randomly generate
and use only once to ensure that an old
communication cannot be reused in replay
attacks.
Timestamp - can refer as a time code which
uses to verify the existence of the signed
document at the time given.
How does it work?

Ex: if node A wants to send message m to
node B:

Node A needs to sign on message m
SMA = [m]KA-

Then A encrypt CP = {m, NA, t}KA+
SCA = [CP]KA-

Then A  B the following:
{m, NA, t}KA+ , SMA , SCA
How does it work?

When B receive the message from A, B need to verify
the following:


SCA – is valid or not?
Decrypt the message




Check if nonce is valid?
Check if timestamp is valid?
SMA – is valid or not?
If all the conditions above passed, then B assume that
the message m is valid and it was sent by a trusted
node. Otherwise, reject the message and send attemp
hack notification.
Ex: “Attempt Hack Notification – From IP = 79.134.1.210”
Future Work
Improve network topology
 Need faster key generation
 Improve key management system
 Create a better and secure cryptographic
system???

Refferences
[1] S. Čapkun, J. Hubaux, and L. Buttyán. Mobility Helps Security in Ad Hoc Networks.
[2] S. Chakrakbarti, and A. Mishra. Quality of Service in Mobile Ad Hoc Networks.
[3] J. Choi. Security Problems for Ad Hoc Routing Protocols.
[4] Y. Hu, A. Perrig, and D. Johnson. Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols.
[5] Y. Huang and W. Lee. Attack Analysis and Detection for Ad Hoc Routing Protocols.
[6] D. Johnson, and Y. Hu. The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks (DSR). IETF
MANET
Working Group. July 19, 2004.
http://www.ietf.org/internet-drafts/draft-ietf-manet-dsr-10.txt
[7] A. Mishra and K. Nadkarni. Security in Wireless Ad Hoc Networks.
[8] P. Papadimitratos and Z. Haas. Securing Mobile Ad Hoc Networks.
[9] C. Perkins, and E. Belding-Royer. RFC 3561 – Ad Hoc On-Demand Distance Vector (AODV) Routing. Networking
Group, RFC 3561. July, 2003.
http://www.faqs.org/ftp/rfc/pdf/rfc3561.txt.pdf
[10] E. Rescorla. Diffie-Hellman Key Agreement Method. Network Working Group, RFC 2631. June 1999.
http://www.faqs.org/rfcs/rfc2631.html
[11] K. Sanzgiri, B. Dahill, B. Levine, C. Shields, and E. Belding-Royer. A Secure Routing Protocol for Ad Hoc Networks.
[12] J. Seberry, J. Pieprzyk, and T. Hardjono. Fundamentals of Computer Security. Pages 171- 216, 256 – 280, and 283
– 350. 2003
[13] US Department of Commerce and National Institute of Standards and Technology, (2000). Digital Signature
Standard. Federal Information, Processing Standards Publication 186-2.
http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
[14] S. Yi, P. Naldurg, and R. Kravets. A Security-Aware Routing Protocol for Wireless Ad Hoc Networks.
[15] D. Zhou. Security Issues in Ad Hoc Networks.
[16] L. Zhou, and Z. Haas. Securing Ad Hoc Networks.
Questions???
You can download this paper at:
http://www.vkith.com/secure_ad_hoc.pdf