Docstoc

CSCE Mask

Document Sample
CSCE Mask Powered By Docstoc
					      CSCE 715


     Anonymous
Communication in Mobile
   Ad Hoc Networks


               Vishal Patel
           Introduction
• What is Mobile Ad-hoc Network?

• Also called as MANET

• They became popular for research in mid – late
  1990’s

• Vehicular ad – hoc networks (VANETs)
Introduction

• This paper proposes…….

• Security

• Traffic Analysis
             Introduction
• Military uses of MANETs

• Civilian uses of MANETS

• Personal Uses of MANETS
Security Issues/Countermeasures

• MANETS ARE EASILY HACKABLE!!!!

• Countermeasures
• -LPI/LPD
• -Traffic Padding
• -End to End Encryption
       MASK-Routing Protocol

• An on-demand anonymous routing
  protocol for MANETS
• Fulfills the routing task without disclosing
  real identity
• --Anonymous neighborhood
• --Anonymous route discovery
MASK is designed to meet
• Sender, receiver anonymity
• Untraceability and Unlocatability

• Anonymous secure authentication
• Low cryptographic overhead

• Resistance to a wide range attacks
        Preliminaries and Models
• Let G1 and G2 be two groups of the same prime order q
• G1 – additive group and G2 – multiplicative group

• Paring is a computable bilinear map where f : G1XG1  G2
          Adversarial Model

• Active attacks

• -Visible attack (radio jamming, DoS)

• Countermeasures to active attacks

• -IDS, frequency hopping
             Adversarial Model
• Passive Attacks

• - Invisible attack (Eavesdropping, inject
  packets)

• Countermeasures

• - LPI/LPD, spread spectrum
              Network Model
• Limited transmission

• Non-neighboring nodes must communicate via
  multi-hop

• Wireless links are unreliable

• MAC interface in promiscuous mode
      MASK System Design

• Nodes changes vigorously.
• H1 z;{0,1}*  G1
• H2 : {0,1}*  {0,1}β
• PSi = collision resistant pseudonyms
• Si = secret point set
• Given one pseudonym and secret pair
 cannot deduce the master key
 Anonymous Neighborhood Authentication

• Ensure two neighboring nodes have trust
 relationship

• The nodes create there own key
     Example (Alice & Bob)




• Alice wants to send a message to Bob
• A random pseudonym is picked from their set
• A session key from bob and secret point set
  is calculated to send the message
            Example continued
• The message is send to Alice
• After Alice’s receives a reply, she then calculates
    her session key and authenticates Bob based on
    his authenticator
•   She then send the message same way bob
    replied
•   And now we have anonymous authentication
Example continued
• After authentication, they can compute how
    many pairs of session key can be used
•   With the same process, Alice knows all her
    neighbors and will create a table which will have
    session key and link identifier
•   The link ID will be used to identify the packets
    transmitted between Alice and Bob
•   When all pairs have been used, they need to
    generate another set of pairs
Example Continued

• Only Trusted Authority and give
  pseudonym to a node, the hacker does
  not learn anything
• The hacker (Trudy) cannot compute the
  link identifier or the shared key
  Anonymous Route Discovery

• Neighbors authenticate and establish
  session key and link ID pairs
• Each node has
• Forwarding routing table        <dest_id, destSeq, pre-link, next-link>




• Reverse route table   <dest_id, destSeq, pre-hop-pseudonym>




• Target link table
     Anonymous Route Request

• ARREQ
• Packet format of <ARREQ, ARREQ_id, dest_id, destSeq, PS >
                                                         x


• Intermediate node C received ARREQ
• Rebroadcasts ARREQ
• Previously seen ARREQ_ids are discarded
• Continues until all nodes have broadcast
Anonymous Data Forwarding



 • Random routes
 • MASK doesn’t use best path, which
     could delay the packet
 •   Anonymous route are used so the
     nodes inform the network to remove
     the path that was taken
       Attacks against MASK

• Message Coding Attack
• -- attack happens when contents are not
 changed during transmissions

• Countermeasures
• Random padding
• Per-hop link encryption
  Flow Recognition and Message Replay Attacks


• Recognize packets that belong to same
 ongoing communication

• Countermeasures

• Multipath packet forwarding
• LinkIDs should be change periodically
      Timing Analysis Attack

• Attacker learns what time packets come
 in/out

• Countermeasures

• Forge a packet with fake LINKID
• Wait random amount of time
      Performance Evaluation

• Cryptographic Operations
• -Anonymous Neighborhood Authentication
• -Hop-by-Hop link encryption/decryption
Performance

• Routing performance
• -MASK v/s AODV

• Three metrics used
• -Packet Delivery Ratio
• -Average end-to-end delay of data packets
• -Normalized routing load
             PDR v/s MASK
• Normal load – 20
  sources
• -No difference

• Large load – 40
  sources
• -MASK is
  advantageous
        PDR v/s MASK Cont.

• Same as Packet
  delivery ratio
• Finds long path
  less frequently
        PDR v/s MASK Cont.

• Normal traffic
• -AODV is better

• Heavy traffic
• -MASK is better

• MAC layer collisions
              Conclusion

• Anonymity
• Unlocatability
• Untraceability
• Can immune to wide range of attacks
• Comparable routing performance

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:7/26/2011
language:English
pages:29