Docstoc

A Secure On-Demand Routing Protocol for Ad Hoc Networks

Document Sample
A Secure On-Demand Routing Protocol for Ad Hoc Networks Powered By Docstoc
					A Secure On-Demand Routing
Protocol for Ad Hoc Networks




           Allan HUNT
       Wandao PUNYAPORN
          Yong CHENG
        Tingting OUYANG


    GZ06 : Mobile and Adaptive Systems
                                              Agenda



Introduction

   Design

    Evaluation & Analysis

   Related work

Critical Appraisal of the work



                                 GZ06 : Mobile and Adaptive Systems
                              Motivation


On demand Ad hoc routing protocol

Security in Ad hoc protocols.
 Attack models

General protocol

Mobility

                             GZ06 : Mobile and Adaptive Systems
                      Motivation (cont.)

Resource constrained devices (palm)




                            GZ06 : Mobile and Adaptive Systems
                                         Ariadne

Ariadne Protocol
 They have based there protocol on the basic
   operators of DSRs, on demand source routing
   protocol.

Basic operations of DSR are:

  Route discovery

  Route maintenance


                                GZ06 : Mobile and Adaptive Systems
                              Overview of TESLA

Basic Operation of Tesla:
Uses a MAC
   Picks an initial key at random Kn.
   Generates a set of keys Ko – Kn using a one way
    Hash chain.

Delayed key discloser
   For each K there is a release time.

Time synchronization
   You have to pick delta to be the maximum delay error
    between any 2 nodes. All nodes must know this.

                                          GZ06 : Mobile and Adaptive Systems
                Network Assumptions

They ignore the physical layer
Networks are bidirectional
Attacks on medium access control are
 disregarded.
Normal network (drop, corrupt, re-order)
Ariadne inherits all assumptions of the
 broadcast authentication protocol used
 such as (TESLA).


                              GZ06 : Mobile and Adaptive Systems
                    Node Assumptions


Resource constrained Nodes.

No asymmetric cryptography.

Loosely synchronized clocks.

No trusted hardware used such as
 tamperproof modules.


                                GZ06 : Mobile and Adaptive Systems
                  Security Assumptions

 Ariadne relies on the following keys to be
  set up, depending on which
  authentication mechanism is used:
  1. Pairwise shared secret key.
  2. Digital signatures.
  3. If TESLA is used, we assume a mechanism
     to set up shared secret keys between
     communicating nodes, and to distribute one
     authentic public TESLA key for each node.



                                GZ06 : Mobile and Adaptive Systems
                                              Agenda



Introduction

   Design

    Evaluation & Analysis

   Related work

Critical Appraisal of the work



                                 GZ06 : Mobile and Adaptive Systems
                               Attack Model

Passive
Active
  An attacker injects packets into the network
  An attack which has compromised nodes is
   called an Active-VC attacker if it owns all
   nodes on a vertex cut through the network
   that partitions the good nodes into multiple
   sets.
  Active-n-m
    • Active-0-1
    • Active-1-x
    • Active-y-x


                                 GZ06 : Mobile and Adaptive Systems
     General Attacks on Ad Hoc Network
                      Routing Protocols
Routing disruption attacks
  Routing loop
  Black hole
  Wormhole
  Rushing Attack

Resource consumption attacks
  Inject extra data packets
  Inject extra control packets

                          GZ06 : Mobile and Adaptive Systems
             Basic Ariadne Route Discovery

 Stage 1 – Target verifies Route Requests

 Stage 2 - Target authenticates the data in Route
  Requests and the sender can authenticate the
  Route Replies

 Stage 3 - Provides a way to verify that no node
  is missing from the node list.

 Assume initiator S performs a Route Discovery
  for target D.

 S and D share the secret keys KSD and KDS for
  message authentication in each direction

                                  GZ06 : Mobile and Adaptive Systems
                           Ariadne Route Discovery
                                      Using TESLA
 A ROUTE REQUEST packet contains eight fields
(ROUTE REQUEST, initiator, target, id, time interval, hash
  chain,node list, MAC list)


 The initiator of the REQUEST then initializes the
  hash chain to
MACKSD(initiator, target id, time interval)


 The hash chain for the target node
H[n,H[n-1 ,H[1,MACKSD(initiator, target id, time interval)]..]]]


 A ROUTE REPLY packet also contains eight fields
(ROUTE REPLY, target, initiator, time interval, node list,
MAC list, target MAC, key list)
                                                GZ06 : Mobile and Adaptive Systems
                 Ariadne Route Maintenance
                               Using TESLA
To prevent unauthorized Route Error
 Messages, we authenticate a sender.

A ROUTE ERROR packet in Ariadne
 contains six fields
(ROUTE ERROR,sending address, receiving address, time
  interval, error MAC,recent TESLA key)


It should handle the possible memory
 consumption attack.


                                    GZ06 : Mobile and Adaptive Systems
                                              Agenda



Introduction

   Design

    Evaluation & Analysis

   Related work

Critical Appraisal of the work



                                 GZ06 : Mobile and Adaptive Systems
                                   Evaluation

Modified Simulation Model
  Increased packet size to reflect the additional
   fields necessary for authenticating
  Modified Route Discovery and Maintenance
  Adjusted re-transmission timeouts for Route
   Requests to compensate for the delay
  Disallowed the use of prefixes of routes in the
   Route Cache




                                  GZ06 : Mobile and Adaptive Systems
      Evaluation - Packet Delivery Ratio




4.66% less PDR than DSR-NoOpt in maximum
Ariadne outperforms DSR-NoOpt at lower level of mobility
                                      GZ06 : Mobile and Adaptive Systems
      Evaluation - Packet Overhead




Ariadne has 41.7% lower packet overhead than DSR-NoOpt
                                       GZ06 : Mobile and Adaptive Systems
         Evaluation - Byte Overhead




Ariadne has 26.19% higher byte overhead than DSR-NoOpt
                                     GZ06 : Mobile and Adaptive Systems
  Evaluation – Path Optimality




DSR-NoOpt performs slightly better than Ariadne
                                  GZ06 : Mobile and Adaptive Systems
        Evaluation – Average Latency




Ariadne always has consistently lower latency than DSR-NoOpt

                                         GZ06 : Mobile and Adaptive Systems
                                Security Analysis

 Active-0-x
   Bogus messages
   Wormhole and rushing attacks
 Active-1-x
   Prevent two nodes from communicating
   Replace MAC or keys in the Route Request
 Active-y-x
   Attempt to force the initiator to repeatedly initiate
    Route Discoveries
 Resist Active-VC?
   No solution provided

                                           GZ06 : Mobile and Adaptive Systems
                                              Agenda



Introduction

   Design

    Evaluation & Analysis

   Related work

Critical Appraisal of the work



                                 GZ06 : Mobile and Adaptive Systems
                              Related Work

Periodic protocols
  Much overhead introduced (storage,
   bandwidth, control and delay)
Protocols that use asymmetric crypto.
  Computationally expensive to sign and verify
     • Possible DoS attacks
   High network bandwidth usage
Protocols that use network-wide
 symmetric keys
   Single-node compromise

                                GZ06 : Mobile and Adaptive Systems
                                              Agenda



Introduction

   Design

    Evaluation & Analysis

   Related work

Critical Appraisal of the work



                                 GZ06 : Mobile and Adaptive Systems
                                    Conclusions

Achievements
  Security against various types of attacks
  Efficient symmetric cryptography
  General
     • trusted hardware, powerful processors not needed


Overall Performance
  Compared to optimized DSR: less efficient
  Compared to unoptimized DSR: better in
   some metrics (e.g. packet overhead)

                                     GZ06 : Mobile and Adaptive Systems
                       Critical Appraisal

Key Setup
  Methods: Pre-deployed, KDC, CA
  Fixed nodes. Circular dependency.
   Centralized.

Clock synchronization.
  Circular dependency
  Resource constrained. Insecure

Maximum end-to-end delay
  How to choose adaptively
                               GZ06 : Mobile and Adaptive Systems
           Critical Appraisal (cont.)

Delay and Buffer Size
   Slow responsiveness
   Resource constrained
Intermediate nodes authentication
   Authentication on demand
Remaining Security Issues
   Passive eavesdropper
   Inserting data packets attack
   Non-participating attacker
   Single layer security scheme
                         GZ06 : Mobile and Adaptive Systems
Thanks for your attention!
          Any questions?




    GZ06 : Mobile and Adaptive Systems

				
DOCUMENT INFO