Transcript The SADSR Protocol

Survey Presentation
Course: 60-564
Fall 2004
Ataul Bari
Instructor: Dr. A. K. Aggarwal
1
Agenda

Introduction

The DSR Protocol

The SADSR Protocol

The SERAN for Security Equipment

Closing Remarks
2
Papers Reviewed
 Ghazizadeh, S.; Ilghami, O.; Sirin, E.; Yaman, F.;
“Security-aware adaptive dynamic source routing
protocol”, Local Computer Networks, 2002.
Proceedings. LCN 2002. 27th Annual IEEE
Conference on 6-8 Nov. 2002 Pages:751 – 760
 Ben-Othman, J.; Xiaoyun Xue; “SERAN: a new
protocol to hide an equipment in ad hoc networks”,
Computers and Communication, 2003. (ISCC 2003).
Proceedings. Eighth IEEE International Symposium
on 30 June-3 July 2003 Pages:356 - 361 vol.1
3
Introduction
 Wireless Networks
 Infrastructured Network
 Consists of fixed and wired gateways
 Fixed base station (Access Point)
 Nodes can move geographically
 Ad Hoc (or Infrastructureless) Network
 All nodes are mobile
 Nodes communicate with each other
 No centralized entity (base station, Access point)
 Nodes are routers
4
Infrastructured Network
5
Ad Hoc Networks
6
Characteristics
 Contain a large number of nodes
 No pre-existing fixed network infrastructure
 Can be deployed rapidly
 Nodes can freely move around
 Creation and deletion of network links
 Dynamically variable topologies
 Bandwidth constrained links
 Energy constrained operation
7
The MANET Model
 Nodes have fixed IDs (e.g. IP addresses)
 Wireless communication devices
 Nodes are powered with lightweight batteries
that have limited life
 Nodes have equal capability
 Identical communication devices.
 Nodes connectivity is not transitive
8
Routing in MANET
 Challenging
 Unpredictable node mobility
 Dynamic topology variation
 Nature of wireless media
 Types
 Flat
 Hierarchical
 Geo-assisted
 Proactive and Reactive Protocols
9
Routing Protocols
10
Security in Ad Hoc Networks
 Always a weak Point
 Inherent quality of wireless media
 Mobility of the nodes
 Lack of centralized entity
 Security Requirements
 Availability, Confidentiality, Integrity,
Authentication and Non-Repudiation
 Threats
 DoS, Impersonation, Byzantine Failure,
Disclosure and Poor Physical Protection
11
The SADSR Protocol
 Security-Aware Adaptive Dynamic Source
Routing Protocol
 Basic Idea
 Non-malicious node detects malicious nodes
 Non-malicious node Isolates malicious nodes
 Goal is to Secure DSR Protocol
12
The DSR Protocol
 Dynamic Source Routing Protocol
 Reactive (on-demand)
 Source-Routed
 Each node maintains route caches containing the
source routes
 Updates it whenever it learns about new routes
 two major phases
 Route discovery
 Route maintenance
13
Route Discovery Contd..
 On-Demand
 Check Route Cache
 Initiates route discovery process
 Broadcast a RREQ packet
 Includes Source & Destination Address
 Includes an unique ID
 May be replied by intermediate nodes
 May be replied by destination nodes
14
Route Discovery in DSR
Ref: Padmini Misra; “Routing Protocols for Ad Hoc Mobile Wireless Networks “
http://www.cse.ohio-state.edu/~jain/cis788-99/ftp/adhoc_routing/, 1999
15
Route Maintenance
 Route Error Packet
 Fatal transmission problem at its data link layer
 Removes that hop from its route cache
 All routes included that particular hop are truncated
 Acknowledgment packets
 Verify the correct operation of the route links
16
The SADSR
 Secure DSR protocol by enhancing it
 Non-malicious nodes
 Detect malicious node
 Isolate malicious node
 Uses digital signatures to authenticate
 Asymmetric cryptography
 Keeps
 Multiple routes for each destination
 A local trust value for each node in the network
 Each path is assigned with a trust value
17
The Attackers
 External attackers
 Inject erroneous routing information
 Replay previous routing messages
 Modify the valid routing information
 Internal attackers






Trusted at some point of time
Not committed to their promises anymore
Compromised by external attackers
More difficult to detect
Isolate affected nodes
Pass traffic through special routes
18
Assumptions
 Both External and Internal attackers exists
 Malicious nodes are relatively small
 All the connections are bidirectional
 public key crypto is used
 A secure CA in place
 All nodes know the public key of CA, Au
 Certificate issued on off line basis
 Certificate bounds a nodes IP with its
public key
 The certificate obtained from CA never
expires
19
The SADSR Protocol
 Three different stages
 Certificate Acquisition
 Multi-path Route Discovery
 Routing
20
Certificate Acquisition
 Nodes obtain a certificate from CA
 Issued in an off-line process
 Certificates remain valid for entire lifetime
 Security problem ?
 Networks is set up for a certain time only
 Certificate of node v
Cv  E Ar
 A , IP , v 
u
v
u
 Nodes get public key of CA, Au
21
Multi-path Route Discovery
 Initiation of Route discovery process
 Generate RREQ message M  RREQ, IPd , T 
 Sign M
 Appends, at the end of M,
 Encrypted hash value of M,
 Its certificate, Cv
Evr  H  M  
 Broadcast M
22
Multi-path Route Discovery Contd..
 Intermediate node
 Checks if RREQ not too old
 Verifies each signature with a probability p
 Ensures its own signature is not in the sequence
 Count is less then [(Max. No. of route, m)/2]
 First RREQ msg. from a neighbor for same route
 Signs it message
 Re broadcast the message
 Entries are discarded after a predefined time, Texp
23
Multi-path Route Discovery Contd..
 Destination node




Sets up a timer for the source node, S
Begin to reply
Replies all RREQ messages up to the number m
Non node-disjoint paths
 Use 50% probability to reply
 To ensure enough route in case of very few neighbor




Generate RREP message, M  RREP, IPd ,..., IPs , T 
Signs M, Unicast back to S, using same path of RREQ
Intermediate nodes checks signature, signs, forwards
Rest of RREQs are dropped after Texp time
24
Routing – Basic Idea
 Nodes locally calculate and keep trust value (TV)
of the other nodes
 Based on the observations it has made so far
 The trust values of the nodes in a path
 Increase every time v successfully sends a message
through that path,
 Decrease if a message is lost or tampered with
 Possible as ACK sent through the same path
 TV of a path is the product of TVs of its nodes
 For routing, paths with higher TV are preferred
25
Assignment of Trust Value
 Each source node keeps track of
 The paths through which it has sent packets
 If it has received the acknowledgement through that path
for the corresponding message
 Uses two counters for each v in a path, xv
 The trustworthiness of v, T
 Trustworthiness of a path
v
and yv
 xv 


x


y
v 
 v
s, v1, v2 ,....., vn , d =  i 1Tv 
n
2/ n
i
26
Sending Data Packets
 For sending a data packet, source node
 Chose a path randomly from available paths
 s are likely to know m paths for d
 Chance of a path to be chosen is proportional to its trust
value




Appends a sequence number with the data packet
Appends the chosen path with the data packet
Signs the packet
Sends through the chosen path
27
Sending Data Packets Cont’d…
 Intermediate nodes
 Verify the signature of s with a probability p
 Then forward the packet
 Destination node
 If data packet received through path, P  s, v1, v2 ,...., d
 Generate an acknowledgement M  ACK , IPvn ,....., IPv1 , IPs , qs
 Signs M
 Sends M to s through the same path, P


 Intermediate nodes verify signature, forward
28
Updating Trust Values
 The source node s maintains a table
 of sequence numbers of packets sent
 the path used and
 a time stamp for tacktime units
 Receives a valid ACK
 Awards each node on that path
 Updates entries for each node on that path
 Not -Receives a valid ACK after tack time
 Assumes that the packet is lost
 Punish each node on that path
 Updates entries for each node on that path
29
Intermediate Link Failure
 vk fails to communicate with vk 1

 Generate a R.E.M. M  RERR, IPvk ,....., IPv1 , IPs , qs
 Signs it
 Sends it to s

 The source node s, after receiving the M
 Locate and eliminate all path containing the link
 IP , IP 
vk
vk 1
30
Security Analysis
 The possible attacks on DSR protocol
 Attacks on Route Discovery
 Attacks on Routing
 Fabrication of Route Error Messages
 Denial of Service Attacks
31
Attacks on Route Discovery
 Modification of source routes
 content is changed?
 Detected by signature verification
 Some or all node info dropped?
 No ACK can be reached to S
 RREP modified?
 Not reached S or discarded there
 Route cache poisoning
 Only the destination send back RREP
 No snooping for intermediate nodes
 Not participating in route discovery
 Passive maliciousness, nothing can do
32
Attacks on Routing
 In a Data Packet, may Modify
 Data
 Signature verification fails, No ACK
 Routes
 Not reach destination, No ACK
 Dropping the Packets
 Dropped packet, no ACK
 Gradual isolation
33
False Route Error Msg. And DoS
 Fabrication of Route Error Messages
 Node may lie that a link is broken
 Intermediate node do not snoop and update
 Denial of Service Attacks
 Sending RREQs with Fake IDs
 Node broadcast may RREQ after spoofing IP
 intermediate nodes will caught and get rid of some
 Rest will be caught at the destination, no RREP
 Still a successful attack can be made
 Sending RREQs to a Fake Destination
 All intermediate nodes will sign and rebroadcast
 Currently nothing, but may be extended to keep TV for each
S
34
Experimental Results
35
Experimental Results
36
The SERAN
 Security Equipment protocol in Routing in Ad
hoc Networks
 A node is given ability
 Use the ad hoc network but not provide resources
 Hide itself from the network
 Possible application
 Conserving energy for critical node
 Isolate congested node
37
Basic Idea
 Neighbouring nodes know each others at the
MAC layer
 The protected node, Nse communicate with a
neighbor Nc
 A new layer, SERAN, between the IP and the
transport layer
38
Basic Idea Cont’d…
 Node needs an IP address to communicate with others
 Dynamic IP address
 Fixed IP addresses -> Normal node
 No IP addresses -> Invisible node
 Use of “Smart Cards”
 Implementing DHCP in Smart Cards
 Every time there is a communication
 The smart card assigns a IP address to
 Discards it after that session ended
 Next time, assigns a different IP address
39
The Smart Card
Ref:
http://www.acs.com.hk/smartcardoverview.asp
40
The Communication in SEARAN
 Whenever there is an outgoing packet
 Gets an IP address from the smart cards, pass the packet
 After passing through the network layer, the address is discarded
 the packet is uni-cast to N c including only the destination address in the
SERAN header
 The SERAN layer is capable of recognizing and sending the message to
the destination.
 The SERAN header includes the source MAC address to distinguish the
real source.
41
The Communication in SEARAN
 Incoming packet in the MAC layer, the card checks
 The header of the packet to see if the packet’s destination MAC
address is its own
 If the packet contains the broadcast address (255.255.255.255).
 If any of these is true, then get a temporary IP address
from the card and pass the packet to the IP layer.
 The smart card is capable of decoding the header of the
packets.
42
Evaluation of Nc
43
Improvement
44
Advantages and Disadvantages
 Advantages
 Can keep a node secret
 Protected node saves its energy
 Protected node can send and receive rapidly
 avoid “overflow routing table”, “sleep deprivation”
 Disadvantages
 Bad influence for the global routing
 May reduce the number of multi-routes
 Selection of Nc still remains as an issue
45
Conclusions
 Security is a weak point in ad hoc networks
 The SADSR protocol is proposed to secure
an existing protocol called DSR
 Tests show that SADSR copes well in
presence of malicious nodes
 SERAN may be used to hide security
equipment in ad hoc network
 First known approach using smart card
 Looking forward to a secure ad hoc network
46