Security in Ad Hoc Networks Presented by Group 3 Chayanont Tovikkai Pinalkumar Dave Sapon Tanachaiwiwat Rohan Bhindwale Presentation Outline Introduction to Ad hoc security Cryptography and PKI Current available solutions - Security-Aware ad hoc routing (SAR) - S-AODV - Ariadne Our proposed solutions: - Trust Routing in Ad hoc NetworkS (TRANS) Current Ad Hoc routing protocol Several routing protocols for Ad Hoc networks have been proposed such as AODV, DSR, DSDV, TORA, ZRP, etc. Ad Hoc On-demand Distance Vector (AODV) Conventional distance vector Nodes exchange their distance tables with their neighbors periodically Routing table selects shortest path Broadcast Route Query, unicast Route Reply Ad Hoc On-demand Distance Vector (AODV) Route request (RREQ) is flooded through the network Route discovery creates (temporary) reverse routes Route reply (RREP) activates forward route Link failure generates route error (RERR) Destination manages sequence number to ensure loop-free Route Discovery in AODV D Establish Broadcast path to Establish path to Unicast reply the sourcerequest the destination S1 S3 path to Establish Broadcast Establish path to the sourcerequest Unicast reply the destination S2 S4 Establish path to Broadcast Establish path to Unicast reply the source request the destination S Security Requirements Availability Confidentiality Integrity Authentication Security requirements for Ad Hoc routing protocols Certain discovery Isolation of Malicious nodes Location privacy Self-stabilization Robustness Attacks in Ad Hoc routing protocols Attacks in ad hoc routing protocols can be - Passive attack - Active attack Who does attack? Malicious node, a script or node that performs an action that purposely damages a system or data, that performs another unauthorized purpose or that provides unauthorized access to the system. Why Ad Hoc routing protocol need security? Dropping packet Altering the packet content False Destination Sequence Attack Impersonation Dropping Packet S M D Altering the packet content S M D False Destination Sequence Attack RREP(D, 5) RREQ(D, 3) RREP(D, 5) S3 D RREQ(D, 3) RREQ(D, 3) RREP(D, 20) S S1 RREQ(D, 3) RREP(D, 20) RREP(D, 20) S2 M Impersonation RREQ S RREQ RREP RREP M D Current solutions Security-Aware ad hoc routing (SAR) Secured AODV (S-AODV) Ariadne Security Techniques By Pinalkumar Dave Contents Cryptography Overview Public Key Infrastructure (PKI) Overview Cryptography Overview Keys, Encryption and Decryption – Symmetric and Asymmetric – Public and Private keys Digital Signatures – Secure hashes Keys A key is simply a collection of bits The more bits, the stronger the key – E.g. 128 bits is stronger then 64 bits Keys are tied to specific encryption algorithms Length and Strengths vary depending on the 0101001110 encryption algorithm 1011110111 – e.g. 128 bits is long for some algorithms, but short for others Encryption Encryption is the process of taking data and a key and feeding it into a function and producing data out which is not accessible by Encryption Function unauthorized person. Encrypted data is not accessible unless decrypted Decryption Decryption is the process of taking encrypted data and a key and feeding it into a function and Decryption Function producing the original data Symmetric/Shared Encryption Encryption and decryption functions that use the same Encrypt key are called symmetric The key is shared between all the authorized user E.g. DES Decrypt Asymmetric Key Encryption and decryption functions that use a different but mathematically linked key pair are called asymmetric E.g. RAS Asymmetric Encryption When data is encrypted with one key, the other key Encrypt must be used to decrypt the data Decrypt Public and Private Keys With asymmetric encryption each user can be assigned a key pair: a private and public key Private key is known only to owner Public key is known to the world Anything encrypted with the private key can only be decrypted with the public key and vice versa Digital Signatures Digital signatures allow the world to verify the owner of the document/data Digital Signatures Digital signatures are created by encrypting a hash of the data with my Hashfunc() private key [###] The resulting encrypted data is the Encrypt signature This hash can then only be decrypted by my public key Digital Signature Given some data with my signature, if you decrypt a signature with my Hashfunc() Decrypt public key and get the hash of the data, [###] = [###] you know it was encrypted with my private key Question If my private key is unique, I signed the hash and the data associated with it. How will you make sure that you have my correct public key? Public Key Infrastructure Contents Cryptography Overview Public Key Infrastructure (PKI) Overview Public Key Infrastructure (PKI) PKI allows you to know that a given public key belongs to a given user PKI builds off of asymmetric encryption The public key is given to the world encapsulated in a X.509 certificate A X.509 certificate binds a public key to a name X.509 Certificates Name ( Pinal) Issuer (USC) Public Key (email@example.com) Signature of trusted party (USC Symbol) Certificates By checking the signature, one can determine that a public key belongs to Hashfunc() Decrypt a given user. [###] = [###] Name Issuer Public Key Signature of trusted party Certificate Authorities (CAs) A Certificate Authority is an entity that exists only to sign user certificates Name: CA The CA signs it‟s own Issuer: CA CA’s Public Key certificate which is CA’s Signature distributed in a trusted manner Certificate Authorities (CAs) The public key from the CA certificate can then be used to Hashfunc() Decrypt verify other certificates [###] = [###] Name Issuer Name: CA Public Key Issuer: CA Signature of CA’s Public Key trusted party CA’s Signature Certificate Policy (CP) Each CA has a Certificate Policy (CP) which states when and how a CA issues certificates A CA for a ad hoc network typically only issues certificates for nodes that are already approved to use resources on the ad hoc network Each CA constrains itself to signing certificates that are in a namespace that are a portion of the overall space Certificate Request To request a certificate a user starts by generating a key pair Sign The user then signs their own public key to form what is Certificate called a Certificate Request Request Public Key Certificate Issuance The user then takes the Certificate certificate to a Registration Request Authority (RA) A RA‟s responsibility is to verify the user‟s name Public Key Often the RA coexists with the CA and is not apparent Name to the user The CA then takes the identity from the RA and the public key from the certificate request It then creates, signs and issues a certificate for the user Name Issuer Public Key Signature Questions? How this certificates are integrated in the data packets? Does this encryption have large overhead? What are other method or extension of this cryptography? Who can apply for this security? How secure (efficient) is this techniques? What is main difference between symmetric and asymmetric keys? Ariadne and SAR Routing Protocol By Sapon Tanachaiwiwat Ariadne Secure on-demand Prevent from tampering with routes & nodes Symmetrical cryptographic primitives Integrated with DSR TESLA Time Efficient Stream Loss-tolerant Authentication Use only symmetric cryptography Asymmetry via time – Delayed key disclosure – Require loose time synchronization Security Condition Receiver knows key disclosure schedule Security condition (for packet P): – On arrival of P, receiver is certain that sender did not yet disclose K If security condition not satisfied, drop packet TESLA Summary Low overhead – Communication (~20 bytes) – Computation (~ 1 MAC computation per packet) Perfect robustness to packet loss Delayed authentication Drawback: not secure if time travel practical Ariadne Prevent Hop Drop Source and destination share KSD Source add h0 = MACKSD (request, S, D) Every hop computes hi = H(Node id | hi-1) (H is one way cryptographic hash function) Destination computes h0 reconstruct each hi Attacker cannot drop nodes from the address list in Route Request Route Request h0 = MACKSD (request, S, D) h1= H(A, h0 ) h2= H(B, h1) S A B D KSD KSD D knows KSD then calc h0 If D find the match h2, it will reply to S otherwise drop the request Ariadne Route Authentication Use TESLA to authenticate each hop Every hop adds a MAC to Route Request Destination verifies security condition Every hop discloses key in the Route Reply Source can authenticate all hops Route Reply S uses KA,KB and KSD to authenticate MD=MACKSD(REPLY, D, S, (A,B), (MA,MB)) the message S A B D (Reply, D,S, (A,B),(MA,MB),MD,()) (Reply, D,S, (A,B),(MA,MB),MD,(KB)) (Reply, D,S, (A,B),(MA,MB),MD,(KB,KA)) Conclusion Ariadne prevent wide range of attacks Low overhead – Uses only efficient hash function (e.g.MD5) – MAC can be derived from hash function – ~ 1 micro sec per MD5 evaluation Security Aware Ad-hoc Routing (SAR) Add Security Level with Tradition Routing Metrics Make Routing Decision based on Trust Values and Trust Relationships Motivation In High Risk Env, need specific security attributes more than just shortest route Node declares security attributes of ad hoc route Ex. A “general” node avoids lower rank “privates” in route discovery Protocol Main Idea DSR or AODV can be used Security metric is embedded in the RREQ Intermediate nodes receive a RREQ packet with a particular security metric or trust level Node will forward or process if only its security level meet sender requirement End-to-end path will be setup if all intermediates have the required security attributes SAODV (1) RREQ+ RQ_SEC_REQUIREMENT When a node receives a RREQ packet, the protocol first checks to see if the node can satisfy the security requirement indicated When a node receives RREQ, check security req. If it satisfies requirement, behaves as AODV SAODV (2) If agree to forward a request, update RQ_SEC_GUARANTEE in RREQ for specify afforded max. security Useful for application to know quality of security in the path SAODV (3) To guarantee cooperation of nodes, the RREQ headers are encrypted – Assumed that a group key distribution already in place – Same level in trust hierarchy can decrypt/encrypt headers SAODV (4) If RREQ arrives at the dest. , the path satisfies senders req. The destination node sends a RREP (as in AODV)+ RQ_SEC_GUARANTEE The RREP is also encrypted so particular trust level can process the packet When the RREP arrives at an intermediate node on the reverse path, it will update their routing tables (as in AODV) and also record the RQ_SEC_GUARANTEE SAODV Update Table General RREQ RREQ+RQ_SEC_GUARANTEE RREP+RQ_SEC_GUARANTEE RREP+RQ_SEC_GUARANTEE RREQ Private General General RREQ Private TRANS Trust Routing in Ad hoc NetworkS By Rohan Bhindwale Introduction Problems with current secure routing protocols – Ex Ariadne > Requires loose time synchronization > Delaying packet forwarding can run havoc > Does not handle packet dropping well Problems with using only Cryptography – Ex SAR > Requires explicit trust hierarchy. Reduces chances of finding a path. > No dynamic change of trust levels considered. > Packets can be dropped. > Huge power requirement Solution A new routing protocol. General idea – Importance of trust – Route using nodes that the source can trust – Chain of trust – Dynamically change trust value Objectives Security from – Packet dropping – Packet analysis and modification – False routing information / Impersonation i.e. ensure safe and unaltered delivery of data Efficiency – Reduce protocol overhead – Reduce computation at each node No guaranteed path discovery if there is no trusted path from Source to Destination Assumptions Digital Certificate and verification keys are available to each node. Trust is transitive. A node can rely on a trusted neighbor and the nodes its neighbor has faith in. Main ideas Each node maintains trust value for his neighbors Use following trust parameters – Cryptography – Packet Forwarding – Availability – Maybe more … ?? Hop by hop cryptography Identifying and isolating malicious nodes Initial trust parameter values Possible values Type Equation Measure Method Cryptography 0,1 Integer No = 0, Yes =1 Certificate (C) Exchange Packet 0-1 Ratio Successful pkt Acks of the Forwarding (P) Fwd/ Total pkt destination Fwd Availability (A) 0-1 Ratio Ping message Ping after some replied / Ping interval message sent Trust Value (T) (0,0)-(1,1) (binary, (C, A*P) (C, A*P) multiplication of ration) Initialization Neighbors exchange „hello‟ packets – Digital Certificates specifying public keys – Node Identifier Fill auxiliary table containing trust value for neighbors. Each node maintains a neighbor shared key (NSK) Distribute shared key to trusted neighbors Only trusted neighbors can decrypt shared key encrypted message Change shared key when a trusted neighbor becomes untrustworthy Assign initial trust value to new neighbor If new neighbor is found trustworthy exchange NSK Routing Protocol Route Request – Create an RREQ message – Include Digital Certificate for destination – Send neighbor shared key encrypted RREQ broadcast to neighbors – Next hop neighbor decrypts RREQ using src‟s NSK – Any neighbor not knowing shared key discards packet – Node forwards to its trusted neighbors after encrypting with his NSK and adding its IP address – Rest same as AoDV Routing Protocol Route Reply – Destination creates RREP with complete path information – Adds its public key information and shared key for transaction – Digitally signs the header (using private key) for authentication – Encrypts packet using source public key and sends on reverse path – Increases trust value of neighbor that transmitted packet RREP sent by intermediate node – Intermediate node required to digitally sign RREP and enclose his digital certificate and path to dest – Src verifies path by sending a control packet to dest – If correct continue as normal – Else send control packet to reduce trust value for that Routing Example Only trusted RREQ with histo T1 encrypts neighbor able RREQ reaches dest.Dest Source encrypts RREQ with NSK Id rest path sends Src gets return discard NSK,add public broadcasts decrypt, broadcasts notes src andandkey. Creates control packet along path RREP with own public and U1 telling nodes to update trust session shared key and value for respective encrypts using src public key U3 neighbors S T3 D T1 T2 U2 RREQ Path RREP Path Untrusted Trusted U T neighbor nodes Levels of data security We consider three levels of data security Low – Use no cryptography – Regular AoDV Medium – Symmetric cryptography – Use shared key between src and dest High – Asymmetric cryptography – Encrypt using other node‟s public key Routing Protocol Data Transfer – Use shared/public key information of destination to encrypt data – Sign the data packet using your private key to provide authentication – Source sends to neighbor who forwards further Adjusting trust parameters – Source on receipt of an RREP increases trust value for that neighbor – Sends a control packet along path to inform all nodes to increase trust value for their neighbors – For each n data packets transferred increase trust value of neighbor – If excessive retransmissions then reduce trust value of neighbor – All data packets are used to adjust trust parameters irrespective of data security level Routing Example – Avoids packet dropping M D2 S D1 RREQ Path RREP Path Routing Example – Saves data integrity U1 does not know NSK from S U2 is taken care of by shared so it has to discard RREQ key between communicating nodes U1 S D1 U2 RREQ Path RREP Path Routing Example – Avoids false routing information / Impersonation D S M RREQ Path RREP Path Control Path Evaluation Metrics Packet delivery ratio – Data packets received / Data packets sent Packet overhead ratio – Control packets / data packet Conclusion Noteworthy issues – How to reduce trust for malicious neighbors – Detecting Malicious nodes – Final equation for trust parameters Wait for the simulation results Thank You Questions ??
Pages to are hidden for
"Ecommerce"Please download to view full document