Ecommerce by xiaohuicaicai


									     Security in Ad Hoc Networks

Presented by Group 3
   Chayanont Tovikkai
   Pinalkumar Dave
   Sapon Tanachaiwiwat
   Rohan Bhindwale
           Presentation Outline
   Introduction to Ad hoc security
   Cryptography and PKI
   Current available solutions
    - Security-Aware ad hoc routing (SAR)
    - S-AODV
    - Ariadne
   Our proposed solutions:
    - Trust Routing in Ad hoc NetworkS (TRANS)
    Current Ad Hoc routing protocol

   Several routing protocols for Ad Hoc
    networks have been proposed such as
    AODV, DSR, DSDV, TORA, ZRP, etc.
            Ad Hoc On-demand
          Distance Vector (AODV)

   Conventional distance vector
   Nodes exchange their distance tables with
    their neighbors periodically
   Routing table selects shortest path
   Broadcast Route Query, unicast Route
            Ad Hoc On-demand
          Distance Vector (AODV)
   Route request (RREQ) is flooded through
    the network
   Route discovery creates (temporary)
    reverse routes
   Route reply (RREP) activates forward route
   Link failure generates route error (RERR)
   Destination manages sequence number to
    ensure loop-free
   Route Discovery in AODV


Establish Broadcast
          path to                  Establish path to
                              Unicast reply
the sourcerequest                  the destination
                 S1                     S3
          path to
Establish Broadcast                Establish path to
the sourcerequest             Unicast reply
                                   the destination
Establish path to
        Broadcast              Establish path to
                          Unicast reply
the source
        request                the destination

      Security Requirements

   Availability
   Confidentiality
   Integrity
   Authentication
            Security requirements for
            Ad Hoc routing protocols

   Certain discovery
   Isolation of Malicious nodes
   Location privacy
   Self-stabilization
   Robustness
    Attacks in Ad Hoc routing protocols

   Attacks in ad hoc routing protocols
    can be
    - Passive attack
    - Active attack
            Who does attack?
   Malicious node, a script or node that
    performs an action that purposely
    damages a system or data, that performs
    another unauthorized purpose or that
    provides unauthorized access to the
         Why Ad Hoc routing protocol
               need security?

   Dropping packet
   Altering the packet content
   False Destination Sequence Attack
   Impersonation
    Dropping Packet


          M    D
Altering the packet content


             M    D
False Destination Sequence Attack

                                                    RREP(D, 5)

                                   RREQ(D, 3)
                                  RREP(D, 5)
                            S3                       D

 RREQ(D, 3)
              RREQ(D, 3)
              RREP(D, 20)
  S                 S1           RREQ(D, 3)
                                 RREP(D, 20)       RREP(D, 20)

                            S2                 M

S           RREQ
                   M   D
          Current solutions

   Security-Aware ad hoc routing (SAR)
   Secured AODV (S-AODV)
   Ariadne
Security Techniques

   Pinalkumar Dave
   Cryptography Overview
   Public Key Infrastructure (PKI) Overview
          Cryptography Overview
   Keys, Encryption and
    – Symmetric and
    – Public and Private
   Digital Signatures
    – Secure hashes
   A key is simply a
    collection of bits
   The more bits, the
    stronger the key
    – E.g. 128 bits is stronger
      then 64 bits
   Keys are tied to specific
    encryption algorithms
   Length and Strengths
    vary depending on the           0101001110
    encryption algorithm
    – e.g. 128 bits is long for
      some algorithms, but
      short for others
   Encryption is the process
    of taking data and a key
    and feeding it into a
    function and producing
    data out which is not
    accessible by
                                Encryption Function
    unauthorized person.
   Encrypted data is not
    accessible unless
   Decryption is the
    process of taking
    encrypted data and a
    key and feeding it
    into a function and
                           Decryption Function
    producing the
    original data
     Symmetric/Shared Encryption
   Encryption and
    decryption functions
    that use the same
    key are called
   The key is shared
    between all the
    authorized user
   E.g. DES               Decrypt
               Asymmetric Key
   Encryption and
    decryption functions
    that use a different
    but mathematically
    linked key pair are
    called asymmetric
   E.g. RAS
         Asymmetric Encryption
   When data is
    encrypted with one
    key, the other key
    must be used to
    decrypt the data

        Public and Private Keys
   With asymmetric encryption each user
    can be assigned a key pair: a private
    and public key
   Private key is known only to owner
   Public key is known to the world
   Anything encrypted with the private
    key can only be decrypted with the
    public key and vice versa
             Digital Signatures
   Digital signatures
    allow the world to
    verify the owner of
    the document/data
             Digital Signatures
   Digital signatures
    are created by
    encrypting a hash of
    the data with my        Hashfunc()

    private key               [###]
   The resulting
    encrypted data is the    Encrypt
   This hash can then
    only be decrypted by
    my public key
              Digital Signature
   Given some data
    with my signature, if
    you decrypt a
    signature with my       Hashfunc()       Decrypt
    public key and get
    the hash of the data,
                              [###]      =   [###]

    you know it was
    encrypted with my
    private key
   If my private key is unique, I signed the hash
    and the data associated with it. How will you
    make sure that you have my correct public
   Public Key Infrastructure
   Cryptography Overview
   Public Key Infrastructure (PKI)
    Public Key Infrastructure (PKI)
   PKI allows you to know that a given public key
    belongs to a given user
   PKI builds off of asymmetric encryption
   The public key is given to the world
    encapsulated in a X.509 certificate
   A X.509 certificate binds a public key to a name
X.509 Certificates

               Name ( Pinal)
               Issuer (USC)
      Public Key (
Signature of trusted party (USC Symbol)
   By checking the
    signature, one can
    determine that a
    public key belongs to   Hashfunc()             Decrypt
    a given user.
                               [###]       =       [###]

                                   Public Key
                            Signature of trusted party
      Certificate Authorities (CAs)
   A Certificate
    Authority is an entity
    that exists only to
    sign user certificates   Name: CA
   The CA signs it‟s own    Issuer: CA
                             CA’s Public Key
    certificate which is     CA’s Signature
    distributed in a
    trusted manner
      Certificate Authorities (CAs)
   The public key
    from the CA
    certificate can
    then be used to         Hashfunc()           Decrypt
    verify other
    certificates               [###]     =       [###]

                         Issuer              Name: CA
                       Public Key            Issuer: CA
                      Signature of           CA’s Public Key
                      trusted party          CA’s Signature
          Certificate Policy (CP)
   Each CA has a Certificate Policy (CP) which
    states when and how a CA issues
   A CA for a ad hoc network typically only
    issues certificates for nodes that are
    already approved to use resources on the
    ad hoc network
   Each CA constrains itself to signing
    certificates that are in a namespace that
    are a portion of the overall space
            Certificate Request

   To request a
    certificate a user
    starts by generating
    a key pair
   The user then signs
    their own public key
    to form what is
    called a Certificate    Request
                           Public Key
                Certificate Issuance
   The user then takes the                         Certificate
    certificate to a Registration                    Request
    Authority (RA)
   A RA‟s responsibility is to
    verify the user‟s name                          Public Key
   Often the RA coexists with
    the CA and is not apparent      Name
    to the user
   The CA then takes the
    identity from the RA and
    the public key from the
    certificate request
   It then creates, signs and
    issues a certificate for the
    user                                   Name
                                           Public Key
   How this certificates are integrated in the
    data packets?
   Does this encryption have large overhead?
   What are other method or extension of this
   Who can apply for this security?
   How secure (efficient) is this techniques?
   What is main difference between
    symmetric and asymmetric keys?
Ariadne and SAR Routing
    Sapon Tanachaiwiwat
   Secure on-demand
   Prevent from tampering with routes &
   Symmetrical cryptographic primitives
   Integrated with DSR
   Time Efficient Stream Loss-tolerant
   Use only symmetric cryptography
   Asymmetry via time
    – Delayed key disclosure
    – Require loose time synchronization
             Security Condition
   Receiver knows key disclosure schedule
   Security condition (for packet P):
    – On arrival of P, receiver is certain that
      sender did not yet disclose K
   If security condition not satisfied, drop
             TESLA Summary
   Low overhead
    – Communication (~20 bytes)
    – Computation (~ 1 MAC computation per
   Perfect robustness to packet loss
   Delayed authentication
   Drawback: not secure if time travel
       Ariadne Prevent Hop Drop
   Source and destination share KSD
   Source add h0 = MACKSD (request, S, D)
   Every hop computes hi = H(Node id | hi-1)
    (H is one way cryptographic hash function)
   Destination computes h0 reconstruct each
   Attacker cannot drop nodes from the
    address list in Route Request
                              Route Request

h0 = MACKSD (request, S, D)   h1= H(A, h0 )          h2= H(B, h1)

           S                      A                       B                           D


                                                 D knows KSD then calc h0
                                         If D find the match h2, it will reply to S
                                                otherwise drop the request
     Ariadne Route Authentication
   Use TESLA to authenticate each hop
   Every hop adds a MAC to Route Request
   Destination verifies security condition
   Every hop discloses key in the Route Reply
   Source can authenticate all hops
                      Route Reply
S uses KA,KB and KSD
   to authenticate                     MD=MACKSD(REPLY, D, S, (A,B), (MA,MB))
    the message

S                       A                        B                     D

                                                (Reply, D,S, (A,B),(MA,MB),MD,())
                            (Reply, D,S, (A,B),(MA,MB),MD,(KB))

    (Reply, D,S, (A,B),(MA,MB),MD,(KB,KA))
   Ariadne prevent wide range of attacks
   Low overhead
    – Uses only efficient hash function (e.g.MD5)
    – MAC can be derived from hash function
    – ~ 1 micro sec per MD5 evaluation
    Security Aware Ad-hoc Routing (SAR)
   Add Security Level with Tradition Routing
   Make Routing Decision based on Trust
    Values and Trust Relationships
   In High Risk Env, need specific security
    attributes more than just shortest route
   Node declares security attributes of ad hoc
   Ex. A “general” node avoids lower rank
    “privates” in route discovery
             Protocol Main Idea
   DSR or AODV can be used
   Security metric is embedded in the RREQ
   Intermediate nodes receive a RREQ packet
    with a particular security metric or trust level
   Node will forward or process if only its security
    level meet sender requirement
   End-to-end path will be setup if all
    intermediates have the required security
                   SAODV (1)

   When a node receives a RREQ packet, the protocol
    first checks to see if the node can satisfy the
    security requirement indicated
   When a node receives RREQ, check security req.
   If it satisfies requirement, behaves as AODV
                  SAODV (2)

   If agree to forward a request, update
    RQ_SEC_GUARANTEE in RREQ for specify
    afforded max. security
   Useful for application to know quality of
    security in the path
                 SAODV (3)
   To guarantee cooperation of nodes, the
    RREQ headers are encrypted
    – Assumed that a group key distribution
      already in place
    – Same level in trust hierarchy can
      decrypt/encrypt headers
                    SAODV (4)
   If RREQ arrives at the dest. , the path satisfies
    senders req.
   The destination node sends a RREP (as in AODV)+
   The RREP is also encrypted so particular trust level
    can process the packet
   When the RREP arrives at an intermediate node on
    the reverse path, it will update their routing tables
    (as in AODV) and also record the
                               Update Table

             RREQ                    RREQ+RQ_SEC_GUARANTEE
                         Private              General

Trust Routing in Ad hoc

    Rohan Bhindwale
   Problems with current secure routing protocols
    – Ex Ariadne
       > Requires loose time synchronization
       > Delaying packet forwarding can run havoc
       > Does not handle packet dropping well

   Problems with using only Cryptography
    – Ex SAR
       > Requires explicit trust hierarchy. Reduces chances of finding a
       > No dynamic change of trust levels considered.
       > Packets can be dropped.
       > Huge power requirement
   A new routing protocol.
   General idea
    – Importance of trust
    – Route using nodes that the source can trust
    – Chain of trust
    – Dynamically change trust value
   Security from
    – Packet dropping
    – Packet analysis and modification
    – False routing information / Impersonation
    i.e. ensure safe and unaltered delivery of data
   Efficiency
    – Reduce protocol overhead
    – Reduce computation at each node
   No guaranteed path discovery if there is no trusted
    path from Source to Destination
   Digital Certificate and verification keys are
    available to each node.
   Trust is transitive. A node can rely on a
    trusted neighbor and the nodes its
    neighbor has faith in.
                   Main ideas
   Each node maintains trust value for his
   Use following trust parameters
    –   Cryptography
    –   Packet Forwarding
    –   Availability
    –   Maybe more … ??
   Hop by hop cryptography
   Identifying and isolating malicious nodes
           Initial trust parameter values

                   Possible values        Type             Equation         Measure

Cryptography             0,1             Integer         No = 0, Yes =1     Certificate
     (C)                                                                    Exchange

    Packet              0-1               Ratio          Successful pkt     Acks of the
Forwarding (P)                                           Fwd/ Total pkt     destination
Availability (A)        0-1               Ratio          Ping message     Ping after some
                                                         replied / Ping       interval
                                                         message sent
Trust Value (T)      (0,0)-(1,1)         (binary,           (C, A*P)         (C, A*P)
                                     multiplication of
   Neighbors exchange „hello‟ packets
    – Digital Certificates specifying public keys
    – Node Identifier
   Fill auxiliary table containing trust value for neighbors.
   Each node maintains a neighbor shared key (NSK)
   Distribute shared key to trusted neighbors
   Only trusted neighbors can decrypt shared key
    encrypted message
   Change shared key when a trusted neighbor becomes
   Assign initial trust value to new neighbor
   If new neighbor is found trustworthy exchange NSK
                Routing Protocol
   Route Request
    – Create an RREQ message
    – Include Digital Certificate for destination
    – Send neighbor shared key encrypted RREQ broadcast
      to neighbors
    – Next hop neighbor decrypts RREQ using src‟s NSK
    – Any neighbor not knowing shared key discards
    – Node forwards to its trusted neighbors after
      encrypting with his NSK and adding its IP address
    – Rest same as AoDV
                  Routing Protocol
   Route Reply
    – Destination creates RREP with complete path information
    – Adds its public key information and shared key for
    – Digitally signs the header (using private key) for
    – Encrypts packet using source public key and sends on
      reverse path
    – Increases trust value of neighbor that transmitted packet
   RREP sent by intermediate node
    – Intermediate node required to digitally sign RREP and
      enclose his digital certificate and path to dest
    – Src verifies path by sending a control packet to dest
    – If correct continue as normal
    – Else send control packet to reduce trust value for that
                         Routing Example
                                             Only trusted RREQ with histo
                                             T1 encrypts neighbor able
                                              RREQ reaches dest.Dest
                                            Source encrypts RREQ with
                                                NSK Id rest path sends
                                               Src gets return discard
                                            NSK,add public broadcasts
                                                 decrypt, broadcasts
                                            notes src andandkey. Creates
                                                control packet along path
                                             RREP with own public and
                                              telling nodes to update trust
                                               session shared key and
                                                    value for respective
                                            encrypts using src public key
                      U3                                 neighbors

          S                                  T3             D

                       T1            T2

                              RREQ Path                  RREP Path

                  Untrusted       Trusted
              U               T
                  neighbor         nodes
           Levels of data security
We consider three levels of data security
 Low

    – Use no cryptography
    – Regular AoDV
   Medium
    – Symmetric cryptography
    – Use shared key between src and dest
   High
    – Asymmetric cryptography
    – Encrypt using other node‟s public key
                    Routing Protocol
   Data Transfer
     – Use shared/public key information of destination to encrypt data
     – Sign the data packet using your private key to provide
     – Source sends to neighbor who forwards further

   Adjusting trust parameters
     – Source on receipt of an RREP increases trust value for that
     – Sends a control packet along path to inform all nodes to increase
       trust value for their neighbors
     – For each n data packets transferred increase trust value of
     – If excessive retransmissions then reduce trust value of neighbor
     – All data packets are used to adjust trust parameters irrespective
       of data security level
    Routing Example – Avoids packet

                    M     D2

S                                      D1

        RREQ Path          RREP Path
    Routing Example – Saves data

                       U1 does not know NSK from S
                        U2 is taken care of by shared
                         so it has to discard RREQ
                         key between communicating

S                                           D1


      RREQ Path                 RREP Path
           Routing Example –
    Avoids false routing information /


S                                   M

        RREQ Path       RREP Path        Control Path
             Evaluation Metrics
   Packet delivery ratio
    – Data packets received / Data packets sent
   Packet overhead ratio
    – Control packets / data packet
   Noteworthy issues
    – How to reduce trust for malicious neighbors
    – Detecting Malicious nodes
    – Final equation for trust parameters
   Wait for the simulation results
 Thank You

Questions ??

To top