Transcript View File - University of Engineering and Technology, Taxila

Mobile and Ad hoc Networks
Background of Ad hoc
Wireless Networks
Wireless Communication
Technology and Research
Ad hoc Routing and
Mobile IP and Mobility
Wireless Sensor and Mesh
Networks
Student Presentations
Security in Ad hoc Networks
http://web.uettaxila.edu.pk/CMS/SP2012/teAWNms/
Outline
 Introduction
 Attacks and Challenges
 A Multifence Security Solution
Network-layer Security
Secure Ad Hoc Routing
Secure Packet Forwarding
Link-layer Security
 Open Challenges
2
Introduction
 In order to provide protected communication
between nodes in a potentially hostile environment,
security has become a primary concern
 The challenges of MANETs
 Open network architecture
 Shared wireless medium
 Stringent resource constraints
 Highly dynamic network topology
3
Security Pragmatism
 Q: How do we keep our embedded device from being
messed with?
 A: Turn it off.
 Sometimes the best we can hope for is to detect
intrusions.
4
Introduction (cont.)
 The goal of the security solutions for MANETs
Integrity
Anonymity
Confidentiality
Availability
Authenticity
5
Security Criteria
 Three main security concerns:
 Confidentiality
 Data privacy
 Availability
 Resistance to DOS attacks
 Authenticity
 Keeping “foreign objects” out, data integrity
6
Encryption
 A basic building block of security
 Public vs. Symmetric key cryptography
 Embedded devices have power constraints
 Asymmetric keys are 103-104 times slower
 Use symmetric keys (AES, IDEA)
 Can use public key cryptography to setup secret
key
 Key exchange – more on that later
 Use efficient hardware implementations
http://en.wikipedia.org/wiki/AES
http://en.wikipedia.org/wiki/Rsa
http://en.wikipedia.org/wiki/IDEA_(cipher)
7
Advanced Encryption Standard (AES)
 The Rijndael block cipher was selected by NIST in
2000 to be the AES
 Replacement
for DES
 Key length of
128, 192, or
256 bits, block
is 128 bits
http://www.iaik.tu-graz.ac.at/research/krypto/AES/
http://www.quadibloc.com/crypto/co040401.htm
8
http://www.iaik.tugraz.at/research/publications/2005/IEEIFSTINA2005.htm
Small Hardware AES-128
Implementations
 5.4 kgates implementation (Satoh et al., 2001)
 AES Implementation on a Grain of Sand (Feldhofer
et al., 2005)




3.4 kgates equivalent
0.25mm²
9 Mbps
“draws only a current of 3.0 µm when operated at
100 KHz and 1.5 V”
http://www.iaik.tugraz.at/research/publications/2005/IEEIFSTINA2005.htm
9
Fast Software Implementations
 AES-128
 226 cycles/block on a P-III (Aoki & Lipmaa, 2002)
 14464 P-III cycles for 1kb
 FastIDEA (4-way IDEA) (Lipmaa)
 440 cycles for a 4x64 block using MMX
 Poly1035-AES message authentication (Bernstein)
 3.1n + 780 Athlon cycles for an n-byte message
 5361 P-III cycles for 1kb
http://www.cs.ut.ee/~lipmaa/aes/rijndael.html
http://cr.yp.to/mac/poly1305-20050329.pdf
10
Embedded Encryption
 Put the encryption in the network device
 Wired (100Base-TX) and wireless (802.11b) versions
 Supports WPA, WEP
 Does 256 bit AES
 Not hardware
encryption
 820-1280mW
http://www.lantronix.com/device-networking/embedded-device-servers/wiport.html
11
http://www.lantronix.com/device-networking/embedded-device-servers/xport.html
Embedded Encryption (2)
 Put the encryption in the CPU
 VIA chips now offer a built-in security engine
 256 bit AES
 Quantum-based random number generator
 Montgomery Multiplier for accelerating Public
Key Cryptography
 Example: Eden-N Processor (smallest)
 Thermal Design Power: 2.5W @ 533MHz
 Size: 15x15mm
http://www.via.com.tw/en/initiatives/padlock/hardware.jsp
http://www.via.com.tw/en/products/processors/eden-n/
http://en.wikipedia.org/wiki/Thermal_Design_Point, http://en.wikipedia.org/wiki/Montgomery_reduction
12
http://citeseer.ist.psu.edu/ravi02system.html
Authentication Woes
 Central Authentication Mechanisms?
 Ad-hoc wireless networks aren’t permanent
 Not always reachable
 Congestion around central authorities
 DOS
 Expensive to make rapid changes
 Nodes may only connect periodically
 How do we know we’re talking to who we think
we’re talking to?
13
Introduction (cont.)
 The security issues in each layer
Layer
Security issues
Application layer
Detecting and preventing viruses, worms, malicious
codes, and application abuses
Transport layer
Authenticating and securing end-to-end
communications through data encryption
Network layer
Protecting the ad hoc routing and forwarding
protocols
Link layer
Protecting the wireless MAC protocol and providing
link-layer security support
Physical layer
Preventing signal jamming denial-of-service attacks
14
Introduction (cont.)
 A fundamental security problem in MANET: the
protection of its basic functionality to deliver data
bits from one node to another.
 ensuring one-hop connectivity through link-layer
protocols (e.g., wireless medium access control,
MAC)
 Extending connectivity to multiple hops through
network layer routing and data forwarding
protocols (e.g., ad hoc routing)
15
Introduction (cont.)
 Security never comes for free.
 Security strength and network performance are
equally important
 Achieving a good trade-off between the two
extremes is one fundamental challenge in security
design for MANETs.
16
Attacks
 The network-layer operations in MANETs are ad hoc
routing and data packet forwarding
 The ad hoc routing protocols
 Exchange routing messages between nodes
 Maintain routing states at each node accordingly
 Two attack categories
 Routing attacks
 Packet forwarding attacks
17
Attacks (cont.)
 Routing attacks
 Any action of advertising routing updates that does not
follow the specifications of the routing protocol
 Packet forwarding attacks
 Cause the data packets to be delivered in a way that is
intentionally inconsistent with the routing states
18
A Multifence Security Solution
 The approaches to securing MANETs
Proactive
Prevent security threats in the first place
Adopted by secure routing protocols
Reactive
Seek to detect threats a posteriori and react
accordingly
Adopted by packet forwarding operations
19
A Multifence Security Solution (Cont.)
Secure ad hoc routing
Proactive protection through message
authentication primitives
Proactive
Source
routing
Link state Distance vector
routing
routing
Secure packet forwarding
Reactive protection through
detection and reaction
Reactive
Misbehavior
detection
Misbehavior
reaction
Network-layer security solutions
Secure wireless MAC
Reactive protection through
detection and reaction
Next-generation WEP
Modification to existing protocol
to fix the cryptographic loopholes
Link-layer security solutions
20
Network-layer Security
 Protecting the network functionality to deliver
packets between mobile nodes through multi-hop ad
hoc forwarding
 Message Authentication Primitives
 HMAC
 Digital signature
 One-way HMAC key chain
21
Network-layer Security (cont.)
 HMAC
 Two nodes share a secret symmetric key k (the total number
of the pairwise shared key is n(n-1)/2
 They can efficiently generate and verify a message
authenticator hk(·)
+Secret key k
22
 Digital signature
Based on asymmetric key cryptography
(signing/encrypting and verifying/decrypting)
Each node needs to keep a CRL of revoked
certificates
23
Privacy using asymmetric-key encryption
24
Signing the whole document
25
 Signing the Digest. Digital signature does not
provide privacy. If there is a need for privacy,
another layer of encryption/ decryption must be
applied.
26
Signing the Digest (Sender side)
27
Signing the Digest (Receiver side)
28
Network-layer Security (cont.)
 One-way HMAC (Hash-based Message
Authentication Code) key chain
 Given the output f(x), it is computationally infeasible to
find the input x
 By applying f(⋅) repeatedly on an initial input x, one can
obtain a chain of outputs fi(x).
 a message with an HMAC using fi(x) as the key is proven
to be authentic when the sender reveals
f(i–1)(x).
 Very tight clock synchronization and large storage are
necessary
 The release of the key involves a second round of
communication
29
Secure Ad Hoc Routing
 Source Routing
 Ensure that each intermediate node cannot remove existing
nodes from or add extra nodes to the route
 A secure extension of DSR is Ariadne, which uses a oneway HMAC key chain
30
Secure Ad Hoc Routing (cont.)
 Distance Vector Routing
 The main challenge is that each intermediate node has to
advertise the routing metric correctly
 For example, when hop count is used as the routing metric,
each node has to increase the hop count by one exactly
 A hop count hash chain is devised so that an intermediate
node cannot decrease the hop count in a routing update
31
Secure Ad Hoc Routing (cont.)
 Link State Routing
 Secure Link State Routing (SLSP)
 Each node seeks to learn and update its neighborhood by
Neighbor Lookup Protocol (NLP)
 Periodically flood Link State Update (LSU) packets to
propagate link state information
 SLSP adopts a digital signature approach in authentication
 NLP’s hello messages and LSU packets are signed with the
sender’s private key
32
Secure Packet Forwarding
 Detection
 Each node can perform localized detection by overhearing
ongoing transmissions and evaluating the behavior of its
neighbors
 Localized detection
 Watchdog
 Add a next_hop field in AODV packets
 ACK-based detection
 The source can initiate a fault detection process on a suspicious path
that has recently dropped more packets than an acceptable threshold
33
Mitigating Routing Misbehavior in Mobile Ad Hoc Networks,
ACM MOBICOM 2000
Watchdog
 Assume bidirectional communication symmetry on
every link between nodes
 If a node B is capable of receiving a message from a node
A at time t, then node A could instead have received a
message from node B at time t
 Implement the watchdog
 Maintain a buffer of recently sent packets
 Compare each overheard packet with the packet in the
buffer
34
Watchdog (cont.)
 When B forwards a packet from S toward D through
C, A can overhear B’s transmission and can verify
that B has attempted to pass the packet to C
S
A
B
C
D
35
An On-Demand Secure Routing Protocol Resilient to Byzantine Failures
ACM WiSe 2002
ACK-based detection
Weight List
Route
Discovery
Path
Byzantine
Fault
Detection
Path
Link
Weight
Management
 Byzantine failures
 Drop packets
 Modify packets
 Miss-route packets
36
ACK-based detection (cont.)
 The fault detection
 Based on using ACKs of the data packets
 The source keeps track of the number of recent losses
 When the number of recent losses violates the acceptable
threshold
Register a fault between the source and the destination
Start a binary search on the path
 The adaptive probing techniques identifies a faulty link
after log n faults have occurred, where n is the length of the
path
37
Secure Packet Forwarding (cont.)
 Reaction
 Once a malicious node is detected, certain actions are
triggered to protect the network from future attacks
launched by this node
 Global reaction
 The malicious node is excluded from the network
 End-host reaction
 Each node may make its own decision on how to react to a malicious
node (e.g., putting this node in its own blacklist)
38
End-host reaction- Pathrater
 Each node maintains a rating for every other node
and calculates a path metric by averaging the node
ratings in the path
 It gives a comparison of the overall reliability of
different paths
 It differs from standard DSR, which chooses the
shortest path in the route cache
39
Link-layer Security
 IEEE 802.11 MAC
The vulnerability of the IEEE 802.11 MAC to DoS
attacks was identified
The attacker may exploit its binary exponential
backoff scheme to launch DoS attacks
The solution is that the sender can set the backoff
timer on its own
40
Link-layer Security (cont.)
 IEEE 802.11 WEP
Message privacy and message integrity attacks
Short IV
CRC-32 checksum
 Key stream recovery by known plaintext attacks
Probabilistic cipher key recovery attacks
41
Open Challenges
 The new design perspective is called resiliencyoriented security design
 The design possesses several features
 Seek to attack a bigger problem space
 Intrusion tolerance
 Use other noncrypto-based schemes to ensure resiliency
 Handle unexpected faults to some extent
 The solution may also take a collaborative security
approach
 The solution relies on multiple fences
42
Conclusion
 The research on MANET security is still in its early stage. The
existing proposals are typically attack-oriented in that they
first identify several security threats and then enhance the
existing protocol or propose a new protocol to thwart such
threats. Because the solutions are designed explicitly with
certain attack models in mind, they work well in the presence
of designated attacks but may collapse under anticipated
attacks. Therefore, a more ambitious goal for ad hoc network
security is to develop a multi-fence security solution that is
embedded into possibly every component in the network,
resulting in in-depth protection that offers multiple lines of
defense against many both known and unknown security
threats.
Sources
 [1] Cavin et al., "On the accuracy of MANET simulators," Proc. ACM





Workshop on Princ. Mobile Computing
[2] K.-W. Chin, et al., "Implementation Experience with MANET Routing
Protocols," ACM SIGCOMM Computer Communications Review, Nov.
2002, pp. 49-59. Available online.
[3] Frodigh, et al, "Wireless Ad Hoc Networking: The Art of Networking
without a Network," Ericsson Review, No. 4, 2000. online. [4] M. S.
Corson et al., "Internet-Based Mobile Ad Hoc Networking," IEEE Internet
Computing, July-August 1999
[5] C. Elliott and B. Heile, "Self-Organizing, Self-Healing Wireless
Networks," Proc. 2000 IEEE
[6] K. Kim, "A New Mobile Environment: Mobile Ad Hoc Networks
(MANET)," IEEE
[7] C. Perkins and E Royer, “Ad Hoc On-Demand Distance Vector
Routing,” 2nd IEEE Wksp. Mobile Comp. Sys.and Apps., 1999
Assignment #12
 Write note on the topics highlighted in Yellow.
Q&A
 ?