Docstoc

Motorola

Document Sample
Motorola Powered By Docstoc
					Secure communication in cellular
    and ad hoc environments

               Bharat Bhargava
              bb@cs.purdue.edu
      Department of Computer Sciences,
              Purdue University
This is supported by Motorola Communication
Research Lab & National Science Foundation
Team at Motorola:
      Jeff Bonta
      George Calcev
      Benetido Fouseca
      Trefor Delve

Team at Purdue University:
      X. Wu         Research scientist (receives his
                    PhD from UC-Davis)
      Y. Lu         PhD student
      G. Ding       PhD student
      W. Wang       PhD student
       Problem statement

How to provide secure, continuous,
and efficient connectivity for a
mobile unit in a structured (cellular
based) or unstructured (ad hoc)
network environment?

                                    3
                Challenges
• Dynamic topology
  – Movement, node failure, etc.
• Heterogeneous and decentralized control
• Limited resources
  – Bandwidth, processing ability, energy
• Unfriendly environment
  – Selfish nodes, malicious attackers


                                            4
          Research contributions
• Combining advantages of cellular systems and ad
  hoc networks to enable a more secure network
  structure and better performance
• Designing routing protocols for ad hoc networks
  that adapt to both network topology and traffic
  congestion
• Designing intruder identification protocols in ad
  hoc networks
• Conducting experimental studies in heterogeneous
  wireless environments and evaluating our protocols
                                                   5
         Research directions
• Cellular-aided Mobile Ad Hoc Network
  (CAMA)
• Adaptive and Heterogeneous Mobile
  Wireless Networks
• Intruder Identification in Ad Hoc Networks




                                               6
Cellular-aided Mobile Ad
 Hoc Network (CAMA)
         CAMA: Problem Statement
  How to realize commercial peer-to-peer
  applications over mobile wireless ad hoc
  networks?

Papers:
  “Integrating Heterogeneous Wireless
  Technologies: Cellular-Aided Mobile Wireless Ad
  hoc Networks (CAMA)”, submitted to ACM Special
  Issues of the Journal on Special Topics in Mobile
  Networking and Applicaitons (MONET).
                                                  8
               Challenges
• Authentication and accounting
  – No fixed membership
• Security concern
  – Open medium without any centralized control
• Real time services
  – Dynamic topology and slow routing
    information distribution


                                                  9
        Current Environment
Cellular network provides:
• Wide coverage
• Multiple services with single cellular ID
• Small packet service in 3G network
• Wireless terminals with different protocols



                                                10
         CAMA Description
• Integration of cellular network and ad hoc
  network
• CAMA agent works as centralized server
  attached to the cellular network
• CAMA agent provides ad hoc nodes
  information such as authentication, routing
  support, keys through cellular channel
• Data transmission uses ad hoc channel
                                                11
CAMA Environment




                   12
               Major Ideas
• Use signals via cellular network for ad hoc
  routing and security managements
• Centralized CAMA agent provides control
  over distributed ad hoc network




                                                13
    CAMA vs. ad hoc network
CAMA has advantages over pure ad hoc
networks in:
• Simple network authentication and
  accounting
• Routing server for more accurate routing
  decisions
• Certification authority for key distribution
• Central security check point for intrusion
  detection
                                                 14
    CAMA vs. cellular/WLAN
CAMA has advantages over cellular/WLAN
integrated network in:
• No extra fixed infrastructure
  – No access point needed
• No ad hoc channel radio coverage limit
  – Multi-hop ad hoc link
• No transmission bottleneck
  – Not all traffic need going through a single node
                                                   15
                  Impact
• Cellular service combined with low-cost,
  high-data-rate wireless service




                                             16
           Research Questions
• Feasibilities in commercial applications
  requires:
  – Development of routing algorithm and
    protocols for multimedia service
  – Investigation of CAMA vulnerabilities
  – Development of security protocols for key
    distribution and intrusion detection
  – Evaluation of gain in ad hoc network
  – Evaluation of overhead in cellular network
                                                 17
      Methodology of Research
• Building algorithms and protocols
• Developing bench marks and performance metrics
  on multi-media service
• Conducting experimental studies
   – Using ns-2
   – Using common platform simulator from Motorola Inc.
• Comparing with ad hoc routing protocols
   – Ad hoc on-demand distance vector routing (AODV)
   – Destination source routing (DSR)

                                                          18
 Research of Interest to Motorola
• Evaluating CAMA routing in realistic simulation
  environment:
   – Radio environment
      • Adaptive data rate determined by signal-noise-ratio (SNR)
   – Node mobility
      • Exponentially distributed speed
   – Node density
      • 400 users/sq.km to 14800 users/sq.km
   – Traffic pattern
      • VoIP, TCP, Video
   – Inaccurate position information
      • Error of 5m to 100m


                                                                    19
 Research of Interest to Motorola (ctn.)

• Authentication
  – By CAMA agent
  – By mobile nodes
• Accounting
  – Charging rate
  – Award to intermediate nodes


                                           20
 Research of Interest to Motorola (ctn.)

• Key assignment
  – Group key assignment
    • For entire ad hoc network
    • For nodes along an active route
  – Session key assignment
    • For peer-to-peer communication




                                           21
 Research of Interest to Motorola (ctn.)

• Intrusion detection
  – Information collection
     • Information for different intrusions
  – Malicious judging rule
     • Quick malicious node elimination vs. probability of
       wrong judgment
     • Detection cost vs. gain



                                                         22
Adaptive and Heterogeneous
 Mobile Wireless Networks
                   Problem statement
   How to provide continuous connectivity for
   a mobile unit to a network in which every
   node is moving?
Papers:
  “Secure Wireless Network with Movable Base Stations”, being
  revised for IEICE/IEEE Joint Special Issue on Assurance
  Systems and Networks.
  “Study of Distance Vector Routing Protocols for Mobile Ad
  Hoc Networks”, in Proceedings of IEEE International
  Conference on Pervasive Computing and Communications
  (PerCom), 2003.
                                                          24
                Challenges
• Dynamic topology
  – Movement, node failure, energy problem, etc.

• Decentralized control

• Limited bandwidth
  – Congestion is typically the norm rather than the
    exception. [RFC 2501]


                                                   25
       Research contributions
• Routing protocols for mobile ad hoc
  networks that adapt to not only network
  topology, but also traffic and congestion.

• Architecture, design of protocols, and
  experimental evaluation in heterogeneous
  wireless environments


                                               26
            Broad impacts
• Sensor networks

• Military networks




                            27
    Two network environments
           considered
• Mobile ad hoc networks
  – No centralized control
• Large scale heterogeneous wireless
  networks with control in base stations
  – Wireless networks with movable base stations
    (WNMBS)


                                                   28
  Research questions in mobile ad
           hoc networks
• Development of ad hoc routing protocols that adapt
  to traffic load and network congestion.
   – Identify the network parameters that impact the
     performance of routing protocols.
   – Determine the appropriateness of on-demand and
     proactive approaches (given specific routing requirements
     and network parameters).
   – Identify features of ad hoc networks that can be used to
     improve routing.

                                                           29
        Related work (routing protocol)
•   Destination-Sequenced Distance Vector (DSDV) [Perkins/Bhagwat,
    SigComm’94] (Nokia)
•   Ad-hoc On-demand Distance Vector (AODV) [Perkins/Royer/Das,
    WMCSA’99, IETF draft 98-03] (Nokia, UCSB, SUNY-Stony Brook)
•   Dynamic Source Routing (DSR) [Johnson/Maltz, Mobile Computing’96,
    IETF draft 03] (Rice Univ., CMU)
•   Zone Routing Protocol (ZRP) [Haas/Pearlman/Samar, ICUPC’97, IETF draft
    99-02] (Cornell)
•   Adaptive Distance Vector (ADV) [Boppana/Konduru, InfoCom’01] (UT-
    San Antonio)
•   Source-Tree Adaptive Routing (STAR) [Garcia-Luna-Aceves/Spohn,
    MONET’01] (UCSC, Nokia)
•   Associativity-Based Routing (ABR) [Toh, Wireless Personal
    Communications Journal’97] (Cambridge Univ.)
•   Ad-hoc On-demand Multipath Distance Vector (AOMDV) [Marina/Das,
    ICNP’01] (Univ. of Cincinnati)
                                                                     30
           Related work (cont’d)
Protocol   Approach    Routing information   Additional
                       uses                  information
DSDV       Proactive   Distance Vector

DSR        On-demand   Source routing

AODV       On-demand   Distance Vector

ZRP        Hybrid      Distance Vector

ADV        Hybrid      Distance Vector

STAR       Proactive   Link State

ABR        On-demand   Distance Vector       Associativity

AOMDV      On-demand   Distance Vector       Multipath
                                                             31
     Related work (performance
            comparison)
• Comparison of DSDV, TORA, AODV and DSR
  [Broch/Maltz/Johnson/Hu/Jetcheva,
  MobiCom’98] (CMU)
• Scenario-based performance analysis of DSDV,
  AODV, and DSR
  [Johansson/Larsson/Hedman/Mielczarek/Degerma
  rk, MobiCom’99] (Ericsson)
• Performance comparison of AODV and DSR
  [Perkins/Royer/Das/Marine, IEEE Personal
  Communications’01]
                                             32
     Methodology of research
• Developing benchmarks and performance
  metrics for routing protocols
• Conducting experimental studies
  – Determine guidelines for design
  – Evaluate protocols
• Building algorithms and protocols


                                          33
          Ongoing research
• Study of proactive and on-demand
  approaches
• Congestion-aware distance vector routing
  protocol
• Packet loss study



                                             34
            Research study
• Investigate the proactive and on-demand approaches
   – Generalize the results obtained from protocols to the
     proactive and on-demand approaches
   – Introduce power consumption as a performance metric
   – Inject heavy traffic load
   – Identify the major causes for packet drop
   – Comprehensively study in various network environments
• Propose a congestion-aware routing protocol



                                                       35
       Simulation experiments
• DSDV and AODV are studied by varying
  network environment parameters
  – Node mobility (maximum moving speed)
  – Traffic load (number of connections)
  – Network size (number of mobile nodes)
• Performance metrics
  –   Packet delivery ratio
  –   Average end-to-end delay
  –   Normalized protocol overhead
  –   Normalized power consumption
                                            36
               Simulation setup for
                  experiments
Simulator                          ns-2
Examined protocols           DSDV and AODV
Simulation duration           1000 seconds
Simulation area              1000 m x 1000 m
Transmission range                250 m
Movement model               Random waypoint
Maximum speed                   4 – 24 m/s
Traffic type                   CBR (UDP)
Data payload                 512 bytes/packet
Packet rate                    4 packets/sec
Node pause time                 10 seconds
Bandwidth                         1 Mb/s

                                                37
  Motivation for a new proactive protocol

• The proactive protocols provide better support
  for:
  – Applications requiring QoS
     • Timely propagate network conditions
  – Intrusion and anomaly detection
     • Constantly exchange the network topology information
• The proactive approach exhibits better
  scalability with respect to the number of
  mobile nodes and traffic load.
                                                        38
   Proposed protocol: Congestion Aware
        Distance Vector (CADV)
• Problem with the proactive approach
   – Congestion
• Objective:
   – Dynamically detect congestion and route packets through less-
     crowded paths
• Method:
   – Characterize congestion and traffic load by using expected delay.
   – Consider expected delay at the next hop as the secondary metric
     to make routing decisions.
   – Allow a one-hop longer route to be chosen.
   – Use destination sequence number to avoid loop.

                                                                         39
                          Design issues

• Use MAC layer callback to detect broken link
   – Quick detection
   – More triggered updates
   – Whether re-queue a packet
• Allowing a one-hop longer route
   – A one-hop shorter route may not replace the current one if it
     introduces significantly more delay.
   – To avoid short-lived loop, do not replace the current route with a
     longer one if they have the same sequence number.
• Deal with fluctuation
   – Use randomness in routing decisions to reduce fluctuation


                                                                          40
                              CADV
• Components:
   – Real time traffic monitor
   – Traffic control
   – Route maintenance module
• Route update:
   – When broadcasts an update, every node advertises the expected
     delay of sending a packet as:




• Route maintenance
   – Apply a function f(E[D], distance) to evaluate the value of a route


                                                                           41
        Observations of CADV
• CADV outperforms AODV and DSDV in terms
  of delivery ratio
• The end-to-end delay becomes longer because
  longer routers may be chosen to forward packets
• The protocol overhead of CADV is doubled
  compared with that of DSDV. It is still less than
  that of AODV when the network is loaded
• CADV consumes less power per delivered packet
  than DSDV and AODV do


                                                      42
Characteristics of wireless networks with
         movable base stations
•   Large scale
•   Heterogeneity
•   Autonomous sub-nets
•   Base stations have more resources
•   Base stations take more responsibilities



                                               43
             Research questions
• How to organize the network?
   – Minimize the effect of motion
   – Minimize the involvement of mobile host
• How to build routing protocol?
   – IP-compliant
   – Cooperate with various intra-subnet routing protocols
• How to secure communications?
   – Authenticate
   – Maintain authentication when a host is roaming



                                                             44
                       Related work
• Integrating ad hoc and cellular
   – Mobile-Assisted Connection-Admission (MACA)
     [Wu/Mukherjee/Chan, GlobeCom’00] (UC-Davis)
   – Integrated Cellular and Ad-hoc Relaying (iCAR)
     [Wu/Qiao/De/Tonguz, JSAC’01] (SUNY-Buffalo)
   – Multihop Cellular Networks (MCN) [Lin/Hsu, InfoCom’00] (Taiwan)
• Mobile base station
   – Distributed, dynamic channel allocation [Nesargi/Prakash, IEEE
     Transactions on Vehicular Technology’02] (UT-Dallas)
• Hierarchical structure
   – Multimedia support for Mobile Wireless Networks (MMWN)
     [Ramanathan/Steenstrup, MONET’98] (BBN Technologies)
   – Clustering scheme for hierarchical control in multi-hop wireless
     networks [Banerjee/Khuller, InfoCom’01] (UMD)

                                                                        45
     Methodology of research
• Building architecture, developing
  algorithms and protocols
  – Membership management
  – Inter-subnet routing
  – Intra- and inter-subnet authentication
• Evaluation through experiments


                                             46
           Research results
• Hierarchical mobile wireless network
  (HMWN)
  – Hierarchical membership management scheme
  – Segmented membership-based group routing
    protocol
  – Protection of network infrastructure
  – Secure roaming and fault-tolerant
    authentication

                                                47
         Future research plan
• Develop congestion avoidance routing
  protocol for ad hoc networks.
• Conduct experiments to study the effect of
  implementing congestion avoidance at
  different layers.
• Conduct a series of experiments to evaluate
  HMWN.

                                            48
Intruder Identification in Ad
       Hoc Networks
                  Problem Statement
 • Intruder identification in ad hoc networks is the
   procedure of identifying the user or host that conducts
   the inappropriate, incorrect, or anomalous activities
   that threaten the connectivity or reliability of the
   networks and the authenticity of the data traffic in the
   networks.
Papers:
  “On Security Study of Two Distance Vector Routing Protocols
  for Mobile Ad Hoc Networks”, in Proceedings of IEEE
  International Conference on Pervasive Computing and
  Communications (PerCom), 2003.
  “On Vulnerability and Protection of Ad Hoc On-demand
  Distance Vector Protocol”, in Proceedings of 10th IEEE
  International Conference on Telecommunication (ICT), 2003.
                                                          50
            Research Motivation
• More than ten routing protocols for Ad Hoc
  networks have been proposed (AODV, DSR,
  DSDV, TORA, ZRP, etc.)
• Research focus has been on performance
  comparison and optimizations such as multicast
  and multiple path detection
• Research is needed on the security of Ad Hoc
  networks.
• Applications: Battlefields, Disaster recovery.


                                                   51
            Research Motivation
• Two types of attacks target Ad Hoc network
  • External attacks:
     • MAC layer jamming
     • Traffic analysis
  • Internal attacks:
     • Compromised host sending false routing
       information
     • Fake authentication and authorization
     • Traffic flooding


                                                52
            Research Motivation
• Protection of Ad Hoc networks
  • Intrusion Prevention
     • Traffic encryption
     • Sending data through multiple paths
     • Authentication and authorization
  • Intrusion Detection
     • Anomaly pattern examination
     • Protocol analytical study



                                             53
            Research Motivation
• Deficiencies of intrusion prevention
  • Increases the overhead during normal
    operations of Ad Hoc networks
  • Restriction on power consumption and
    computation capability prevent the usage of
    complex encryption algorithms
  • Flat infrastructure increases the difficulty for
    the key management and distribution
  • Cannot guard against internal attacks

                                                       54
            Research Motivation
• Why intrusion detection itself is not enough
  • Detecting intrusion without removing the
    malicious host leaves the protection in a passive
    mode
  • Identifying the source of the attack may
    accelerate the detection of other attacks




                                                   55
           Research Motivation
• Research problem: Intruder Identification
• Research challenges:
  • How to locate the source of an attack ?
  • How to safely combine the information from
    multiple hosts and enable individual host to
    make decision by itself ?
  • How to achieve consistency among the
    conclusions of a group of hosts ?


                                                   56
        Related Work in wired Networks
• Secure routing / intrusion detection in wired
  networks
  • Routers have more bandwidth and CPU power
  • Steady network topology enables the use of
    static routing and default routers
  • Large storage and history of operations enable
    the system to collect enough information to
    extract traffic patterns
  • Easier to establish trust relation in the
    hierarchical infrastructure

                                                     57
           Related Work in wired networks
• Attack on RIP (Distance Vector)
   • False distance vector
• Solution (Bellovin 89)
   •   Static routing
   •   Listen to specific IP address
   •   Default router
   •   Cannot apply in Ad Hoc networks




                                            58
         Related Work in wired networks

• Attack on OSPF (Link State)
  • False connectivity
  • Attack on Sequence Number
  • Attack on lifetime
• Solution
  • JiNAO:NCSU and MCNC
  • Encryption and digital signature



                                          59
       Related Work in Ad Hoc Networks
• Lee at GaTech summarizes the difficulties in
  building IDS in Ad Hoc networks and raises
  questions:
   • what is a good architecture and response system?
   • what are the appropriated audit data sources?
   • what is the good model to separate normal and
     anomaly patterns?
• Haas at Cornell lists the 2 challenges in
  securing Ad Hoc networks:
   • secure routing
   • key management service
                                                        60
        Related Work in Ad Hoc Networks
• Agrawal at University of Cincinnati presents the
  general security schemes for the secure routing in
  Ad Hoc networks
• Nikander at Helsinki discusses the authentication,
  authorization, and accounting in Ad Hoc networks
• Bhargavan at UIUC presents the method to
  enhance security by dynamic virtual infrastructure
• Vaidya at UIUC presents the idea of securing Ad
  Hoc networks with directional antennas


                                                   61
          Related Work ongoing projects
• TIARA: Techniques for Intrusion Resistant Ad-Hoc
  Routing Algorithm (DARPA)
   • develop general design techniques
   • focus on DoS attack
   • sustain continued network operations
• Secure Communication for Ad Hoc Networking (NSF)
   • Two main principles:
      • redundancy in networking topology, route discovery and
        maintenance
      • distribution of trust, quorum for trust



                                                                 62
          Related Work ongoing projects
• On Robust and Secure Mobile Ad Hoc and Sensor
  Network (NSF)
   • local route repair
   • performance analysis
   • malicious traffic profile extraction
   • distributed IDs
   • proposed a scalable routing protocol
• Adaptive Intrusion Detection System (NSF)
   • enable data mining approach
   • proactive intrusion detection
   • establish algorithms for auditing data

                                                  63
             Problem Statement

• Intruder identification in ad hoc networks is
  the procedure of identifying the user or host
  that conducts the inappropriate, incorrect, or
  anomalous activities that threaten the
  connectivity or reliability of the networks
  and the authenticity of the data traffic in the
  networks.


                                                64
              Evaluation Criteria
• Accuracy
  • False coverage: Number of normal hosts that are
    incorrectly marked as suspected.
  • False exclusion: Number of malicious hosts that are not
    identified as such.
• Overhead
  • Overhead measures the increases in control packets and
    computation costs for identifying the attackers (e.g.
    verifying signed packets, updating blacklists).
  • Workload of identifying the malicious hosts in multiple
    rounds

                                                          65
                Evaluation Criteria
• Effectiveness
   – Effectiveness: Increase in the performance of ad hoc
     networks after the malicious hosts are identified and
     isolated. Metrics include the increase of the packet
     delivery ratio, the decrease of average delay, or the
     decrease of normalized protocol overhead (control
     packets/delivered packets).
• Robustness
   – Robustness of the algorithm: Its ability to resist
     different kinds of attacks.


                                                             66
                           Assumptions
A1. Every host can be uniquely identified and its ID cannot be changed
     throughout the lifetime of the ad hoc network. The ID is used in the
     identification procedure.
A2. A malicious host has total control on the time, the target and the
     mechanism of an attack. The malicious hosts continue attacking the
     network.
A3. Digital signature and verification keys of the hosts have been
     distributed to every host. The key distribution in ad hoc networks is a
     tough problem and deserves further research. Several solutions have
     been proposed. We assume that the distribution procedure is finished,
     so that all hosts can examine the genuineness of the signed packets.
A4. Every host has a local blacklist to record the hosts it suspects. The host
     has total control on adding and deleting elements from its list. For the
     clarity of the remainder of this paper, we call the real attacker as
     “malicious host”, while the hosts in blacklists are called “suspected
     hosts”.

                                                                           67
  Applying Reverse Labeling Restriction to
             Protect AODV

• Introduction to AODV
• Attacks on AODV and their impacts
• Detecting False Destination Sequence
  Attack
• Reverse Labeling Restriction Protocol
• Simulation results

                                             68
             Introduction to AODV
• Introduced in 97 by Perkins at NOKIA, Royer at
  UCSB
• 12 versions of IETF draft in 3 years, 4 academic
  implementations, 2 simulations
• Combines on-demand and distance vector
• Broadcast Route Query, Unicast Route Reply
• Quick adaptation to dynamic link condition and
  scalability to large scale network
• Support Multicast
                                                     69
    Security Considerations for AODV

“AODV does not specify any special security measures.
  Route protocols, however, are prime targets for
  impersonation attacks. If there is danger of such
  attacks, AODV control messages must be protected
  by use of authentication techniques, such as those
  involving generation of unforgeable and
  cryptographically strong message digests or digital
  signatures.   ”
      - http://www.ietf.org/internet-drafts/draft-ietf-manet-aodv-11.txt
                                                                      70
          Message Types in AODV

• RREQ: route request
• RREP: route reply
• RERR: route error




                                  71
     Route Discovery in AODV
                          D


Establish Broadcast
          path to                  Establish path to
                              Unicast reply
the sourcerequest                  the destination
                 S1                     S3
          path to
Establish Broadcast                Establish path to
the sourcerequest             Unicast reply
                                   the destination
                 S2
                                   S4
Establish path to
        Broadcast              Establish path to
                          Unicast reply
the source
        request                the destination

                      S




                                                       72
        Introduction to AODV (con’d)
• Security Features of AODV
  • Combination of Broadcast and Unicast
     • Route reply is sent out along a single path, prevent
       the disclosure of routing information
  • Fast Expiration of Reverse Route Entry
     • Route entry created by un-replied route request will
       expire in a short time
  • Freshness of Routing Information
     • Unique, monotonic destination sequence for every
       host, could only be updated by destination/request
       initiator

                                                              73
                     Attacks on AODV
• Malicious route request
   – query non-existing host (RREQ will flood throughout the
     network)
• False route error
   – route broken message sent back to source (route discovery is re-
     initiated)
• False distance vector
   – reply “one hop to destination” to every request and select a large
     enough sequence number
• False destination sequence
   – select a large number (even beat the reply from real destination)


                                                                          74
          Impacts of Attacks on AODV

                    Packet Delivery   Protocol Overhead
                    Ratio
No Attacks                 96%               38%

Silent Discard             91%               41%

False Distance             75%               38%

False Destination          53%               66%
Sequence
Vicious Flooding           91%              293%

                                                     75
False Destination Sequence Attack


                                            RREP(D, 5)
                               RREQ(D, 3)
                            S3 RREP(D, 5)     D


 RREQ(D, 3)   RREQ(D, 3)
              RREP(D, 20)
  S                S1        RREQ(D, 3)
                             RREP(D, 20) RREP(D, 20)

                            S2         M




                                                         76
  Attacks on AODV and Simulation Results

• Simulation of Attacks
  • A module called “AODV Attack” added into
    ns2
  • Four attacks have been implemented
     •   malicious route request
     •   silently discard
     •   false distance vector
     •   false destination sequence

                                               77
  Attacks to AODV and Simulation Results
• Simulation parameters
  Simulator                               ns2
  Simulation duration                1000 seconds
  Simulation area                   1000 * 1000 m
  Number of mobile hosts                   30
  Transmission range         250 m (Lucent WaveLAN Card
                                     Specification)
  Maximum speed                       5 -- 20 m/s
  Number of CBR connection                 25
  Packet rate                          2 pkt / sec
  Simulated attacks          False distance vector and false
                                  destination sequence
                                                               78
Attacks to AODV and Simulation Results




X-axis is max moving speed, which evaluates the mobility of host. Y-
axis is delivery ratio. Two attacks: false distance vector and false
destination sequence, are considered. They lead to about 30% and 50%
of packets to be dropped.                                              79
     Detecting false destination sequence attack
     by destination host during route rediscovery

(1). S broadcasts a
request that carries the                   D    (2) D receives the RREQ.
old sequence + 1 = 21           S3              Local sequence is 5, but the
                                                sequence in RREQ is 21. D
                                                detects the false desti-
           RREQ(D, 21)
                                                nation sequence attack.
            S              S1


                                S2        M
            S4

                                     Propagation of RREQ




                                                                     80
       Reverse Labeling Restriction (RLR)
• Basic Ideas
   • Every host maintains a blacklist to record suspicious
     hosts. Suspicious hosts can be released from the blacklist
     or put there permanently.
   • The destination host will broadcast an INVALID packet
     with its signature when it finds that the system is under
     attack on sequence. The packet carries the host’s
     identification, current sequence, new sequence, and its
     own blacklist.
   • Every host receiving this packet will examine its route
     entry to the destination host. If the sequence number is
     larger than the current sequence in INVALID packet, the
     presence of an attack is noted. The next hop to the
     destination will be added into this host’s blacklist.

                                                             81
       Reverse Labeling Restriction (RLR)

• All routing information or intruder identification packets
  from hosts in blacklist will be ignored, unless the
  information is about themselves.
• After a host is released from the blacklist, the routing
  information or identification results from it will be
  processed.




                                                               82
                   Example to illustrate RLR
                                           BL {}
                                      S3                 D   INVALID ( D, 5, 21,
                                                             {}, SIGN )


           S                  S1 BL {S2}
    BL {S1}

                                     S2            M BL {}
                                   BL {M}
           S4
           BL {}

D sends INVALID packet with current sequence = 5, new sequence = 21. S3
examines its route table, the entry to D is not false. S3 forward packet to S1. S1
finds that its route entry to D has sequence 20, which is > 5. It knows that the
route is false. The hop which provides this false route to S1 was S2. S2 will be put
into S1’s blacklist. S1 forward packet to S2 and S. S2 adds M into its blacklist. S
adds S1 into its blacklist. S forward packet to S4. S4 does not change its blacklist
since it is not involved in this route.
                                                                                   83
     Reverse Labeling Restriction (con’d)
• Update Blacklist by INVALID Packet
   • Next hop on the invalid route will be put into local
     blacklist, a timer starts, a counter ++
   • Labeling process will be done in the reverse direction
     of route
   • When timer expires, the suspicious host will be
     released from the blacklist and routing information
     from it will be accepted
   • If counter > threshold, the suspicious host will be
     permanently put into blacklist


                                                          84
RLR creates suspicion trees. If a host is the root of a
quorum of suspicion trees, it is labeled as the attacker.


                                                            85
     Reverse Labeling Restriction (con’d)
• Update local blacklist by other hosts’ blacklist
  • Attach local blacklist to INVALID packet with
    digital signature to prevent impersonation
  • Every host will count the hosts involved in
    different routes that say a specific host is
    suspicious. If the number > threshold, it will be
    permanently added into local blacklist and
    identified as an attacker.
  • Threshold can be dynamically changed or can
    be different on various hosts
                                                    86
     Reverse Labeling Restriction (con’d)
• Two other effects of INVALID packets
   • Establish routes to the destination host: when
     the host sends out INVALID packet with digital
     signature, every host receiving this packet can
     update its route to the destination host through
     the path it gets the INVALID packet.
   • Enable new sequence: When the destination
     sequence reaches its max number (0x7fffffff)
     and needs to round back to 0, the host sends an
     INVALID packet with current sequence =
     0x7fffffff, new sequence = 0.

                                                   87
     Reverse Labeling Restriction (con’d)
• Packets from suspicious hosts
   • Route request: If the request is from suspicious hosts,
     ignore it.
   • Route reply: If the previous hop is suspicious and the
     query destination is not the previous hop, the reply will
     be ignored.
   • Route error: will be processed as usual. RERR will
     activate re-discovery, which will help to detect attacks
     on destination sequence.
   • INVALID: if the sender is suspicious, the packet will
     be processed but the blacklist will be ignored.

                                                             88
                  Simulation parameter
Simulation duration                   1000 seconds
Simulation area                       1000 * 1000 m
Number of mobile hosts                      30
Transmission range                        250 m
Pause time between the host reaches   0 – 60 seconds
current target and moves to next
target
Maximum speed                             5 m/s
Number of CBR connection                  25/50
Packet rate                             2 pkt / sec


                                                       89
     Reverse Labeling Restriction (con’d)
              Simulation results
The following metrics are chosen:
   • Delivery ratio (evaluate effectiveness of RLR)
   • Number of normal hosts that identify the attacker
     (evaluate accuracy of RLR)
   • Number of normal hosts that are marked as attacker by
     mistake (evaluate accuracy of RLR)
   • Normalized overhead (evaluate communication
     overhead of RLR)
   • Number of packets to be signed (evaluate computation
     overhead of RLR)

                                                         90
         Reverse Labeling Restriction (con’d)




X-axis is host pause time, which evaluates the mobility of host. Y-axis is
delivery ratio. 25 connections and 50 connections are considered. RLR
brings a 30% increase in delivery ratio. 100% delivery is difficult to
achieve due to network partition, route discovery delay and buffer.          91
      Reverse Labeling Restriction (con’d)




X-axis is number of attackers. Y-axis is delivery ratio. 25 connections
and 50 connections are considered. RLR brings a 20% to 30% increase
in delivery ratio.
                                                                          92
             Reverse Labeling Restriction (con’d)

                       30 hosts, 25 connections            30 hosts, 50 connections
Host Pause time   # of normal       # of normal       # of normal       # of normal
(sec)             hosts identify    hosts marked as   hosts identify    hosts marked as
                  the attacker      malicious         the attacker      malicious
0                        24               0.22               29               2.2
10                       25                0                 29               1.4
20                       24                0                 25               1.1
30                       28                0                 29               1.1
40                       24                0                 29               0.6
50                       24               0.07               29               1.1
60                       24               0.07               24               1.0

           The accuracy of RLR when there is only one attacker in
                               the system
                                                                                      93
                 Reverse Labeling Restriction (con’d)

                        30 hosts, 25 connections             30 hosts, 50 connections

# of attackers     # of normal        # of normal       # of normal        # of normal
                   hosts identify all hosts marked as   hosts identify all hosts marked as
                   attackers          malicious         attackers          malicious

1                        28                  0                29                 1.1
2                        28                0.65               28                 2.6
3                        25                  1                27                 1.4
4                        21                0.62               25                 2.2
5                        15                0.67               19                 4.1


             The accuracy of RLR when there are multiple attackers

                                                                                        94
       Reverse Labeling Restriction (con’d)




X-axis is host pause time, which evaluates the mobility of host. Y-
axis is normalized overhead (# of control packet / # of delivered
data packet). 25 connections and 50 connections are considered.
RLR increases the overhead slightly.                                  95
     Reverse Labeling Restriction (con’d)




X-axis is host pause time, which evaluates the mobility of host. Y
-axis is the number of signed packets processed by every host. 25
connections and 50 connections are considered. RLR does not
severely increase the computation overhead to mobile host.
                                                                     96
    Reverse Labeling Restriction (con’d)




X-axis is number of attackers. Y-axis is number of signed packets
processed by every host. 25 connections and 50 connections are
considered. RLR does not severely increase the computation
overhead of mobile host.
                                                                    97
               Robustness of RLR

• If the malicious host sends false INVALID
  packet
   • Because the INVALID packets are signed, it
     cannot send the packets in other hosts’ name
   • If it sends INVALID in its own name, the reverse
     labeling procedure will converge on the malicious
     host and identify the attacker. The normal hosts
     will put it into their blacklists.




                                                         98
                 Robustness of RLR

• If the malicious host frames other innocent hosts
  by sending false Blacklist
   • If the malicious host has been identified, the blacklist
     will be ignored
   • If the malicious host has not been identified, this
     operation can only lower the threshold by one. If the
     threshold is selected properly, it will not impact the
     identification results.




                                                                99
               Robustness of RLR

• If the malicious host only sends false
  destination sequence about some special host
   • The special host will detect the attack and send
     INVALID packets.
   • Other hosts can establish new routes to the
     destination by receiving the INVALID packets.




                                                        100
    Securing Ad Hoc networks -- Establish trust
             relationship in open area

• Evaluate known knowledge
   § Known knowledge:
      • Interpretations of observations
      • Recommendations
   § An algorithm that evaluates trust among hosts is being
     developed
   § A host’s trustworthiness affects the trust toward the
     hosts on the route
• Predict of trustworthiness of a host
   § Current approach uses the result of evaluation as
     prediction.

                                                          101
    Securing Ad Hoc networks -- Establish trust
             relationship in open area
• What trust information is needed when adding/
  removing suspicious host from blacklist?
   § The trust opinion of S1 towards an entity S2 in
     a certain context R
• What characteristics of trust need to be included in
  the model?
   § Dependability: combination of competence,
     benevolence, and integrity
   § Predictability

                                                    102
    Securing Ad Hoc networks -- Establish trust
             relationship in open area

What is the suitable representation of trust?
  • A random variable is used to represent trust so
    that the inherent uncertainty of deriving trust
    from behaviors can be accommodated.
How to represent the interpretation of an observation?
  • A trust distribution function




                                                   103
                  Further Work
• Design a set of formalized criteria to evaluate
  identification algorithms
• Study more features of Ad Hoc networks and
  exploit their vulnerability
• Simulate attacks on RLR, examine its robustness
• Integrate with research on trust
• Methods to identify the non-attackers and release
  them from blacklist
• Mechanisms to release hosts from the permanent
  blacklist


                                                  104
• More information may be found at
  http://raidlab.cs.purdue.edu
• Our papers and tech reports
  W. Wang, Y. Lu, B. Bhargava, On vulnerability and protection of
     AODV, CERIAS Tech Report TR-02-18.
  B. Bhargava, Y. Zhong, Authorization based on Evidence and Trust,
     in Proceedings of Data Warehouse and Knowledge Management
     Conference (DaWak), 2002
  Y. Lu, B. Bhargava and M. Hefeeda, An Architecture for Secure
     Wireless Networking, IEEE Workshop on Reliable and Secure
     Application in Mobile Environment, 2001
  W. Wang, Y. Lu, B. Bharagav, “On vulnerability and protection of
     AODV”, in proceedings of ICT 2003.
  W. Wang, Y. Lu, B. Bhargava, “On security study of two distance
     vector routing protocols for two mobile ad hoc networks”, in
     proceedings of PerCOm 2003.


                                                                  105
                         Selected References
•   [1] C. Perkins and E. Royer, “Ad-hoc on-demand distance vector routing,” in
    Proceedings of the 2nd IEEE Workshop on Mobile Computing Systems and
    Applications, 1999.
•   [2] C. Perkins, “Highly dynamic destination-sequenced distancevector routing
    (DSDV) for mobile computers,” in Proceedings of SIGCOMM, 1994.
•   [3] Z. Haas and M. Pearlman, “The zone routing protocol (ZRP) for ad hoc
    networks,” IETF Internet Draft, Version 4, July, 2002.
•   [4] T. Camp, J. Boleng, B. Williams, L. Wilcox, and W. Navidi, “Performance
    comparison of two location based routing protocols for ad hoc networks,” in
    Proceedings of the IEEE INFOCOM, 2002.
•   [5] Z. Haas, J. Halpern, and L. Li, “Gossip-based ad hoc routing,” in
    Proceedings of the IEEE INFOCOM, 2002.
•   [6] C. Perkins, E. Royer, and S. Das, “Performance comparison of two on-
    demand routing protocols for ad hoc networks,” in Proceedings of IEEE
    INFOCOM, 2000.
•   [7] S. Das and R. Sengupta, “Comparative performance evaluation of routing
    protocol for mobile, ad hoc networks,” in Proceedings of IEEE the Seventh
    International Conference on Computer Communications and Networks, 1998.
•   [8] L. Venkatraman and D. Agrawal, “Authentication in ad hoc networks,” in
    Proceedings of the 2nd IEEE Wireless Communications and Networking
    Conference, 2000.

                                                                             106
                         Selected References
•   [9] Y. Zhang and W. Lee, “Intrusion detection in wireless ad-hoc networks,” in
    Proceedings of ACM MobiCom, 2000.
•   [10] Z. Zhou and Z. Haas, “Secure ad hoc networks,” IEEE Networks, vol. 13,
    no. 6, pp. 24–30, 1999.
•   [11] V. Bharghavan, “Secure wireless LANs,” in Proceedings of the ACM
    Conference on Computers and Communications Security, 1994.
•   [12] P. Sinha, R. Sivakumar, and V. Bharghavan, “Enhancing ad-hoc routing
    with dynamic virtual infrastructures.,” in Proceedings of IEEE INFOCOM,
    2001.
•   [13] S. Bhargava and D. Agrawal, “Security enhancements in AODV protocol
    for wireless ad hoc networks,” in Proceedings of Vehicular Technology
    Conference, 2001.
•   [14] P. Papadimitratos and Z. Haas, “Secure routing for mobile ad hoc
    networks,” in Proceedings of SCS Communication Networks and Distributed
    Systems Modeling and Simulation Conference (CNDS), 2002.
•   [15] P. Albers and O. Camp, “Security in ad hoc network: A general id
    architecture enhancing trust based approaches,” in Proceedings of
    International Conference on Enterprise Information Systems (ICEIS), 2002.



                                                                               107

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:9/29/2013
language:English
pages:107