security for the optimized link- state routing protocol for wireless ad hoc networks stephen...

Security for the Optimized Link-State Routing Protocol for Wireless Ad Hoc Networks

Stephen AshersonComputer ScienceMSc StudentDNA Lab

1

Outline Wireless Ad hoc Networks Wireless Ad hoc Routing Protocols

OLSR Routing Protocol Security of Wireless Networks Security of Ad hoc Routing Protocols MSc Project

Security for the OLSR Routing Protocol Implementation and Testing

2

Wireless Ad hoc Networks(1) Conventional wireless networks consist of

wireless clients talking to an Access Point (AP)

Wireless Ad hoc networks are decentralised Dynamic, nodes can join and leave at any time Nodes communicate directly with other nodes in

wireless range Out-of-range nodes are reached via intermediate

nodes in a multi-hop nature

3

Wireless Ad hoc Networks(2)

Regular Wireless Network Wireless Ad hoc Network

4

Wireless Ad hoc Networks(3)

If node A needs to reach node B, how does A know which path leads to B? This is the responsibility

of an Ad hoc Routing Protocol

5

Wireless Ad hoc Routing Protocols(1)

Nodes out of range communicate via intermediate nodes Serve as routers Perform data forwarding

Several routes may exist between any two nodes

A simple data multicast approach would work Highly inefficient Waste of network resources

6

Wireless Ad hoc Routing Protocols(2)

Ad hoc routing protocols attempt to discover optimal routes to all nodes

There is a large classification of wireless ad hoc routing protocols

Classified in two main categories Table-Driven (Proactive) On-Demand (Reactive)

7

Wireless Ad hoc Routing Protocols(3)

Proactive Protocols Rely on constant communications with other

nodes to maintain an overview of networks routes

High overhead; Readily available routes

Reactive Protocols Initiate route discovery only when a route to

a node is required More efficient; Delay in establishing route

8

The OLSR Routing Protocol(1)

The Optimized Link-State Routing (OLSR) protocol is a proactive routing protocol for wireless ad hoc networks

OLSR consists of the following main tasks: Link and Neighbour detection Multi-Point Relay Selection Topology information diffusion

9

The OLSR Routing Protocol(2) Link and neighbour

detection through periodic emission of “Hello” messages

Topology information is diffused using topology control (TC) messages via multi-point relay nodes

10

The OLSR Routing Protocol(3)

Generic Packet Format

11

The OLSR Routing Protocol(4) Messages are processed and transmitted from

source to destination independently of one another

The generic OLSR packet is simply a point-to-point carrier for the messages between two immediate neighbours

12

Security in Wireless Networks(1)

Wireless networks are highly vulnerable due to the open nature of the technology

Authenticity, confidentiality, and integrity mechanisms are essential Eavesdropping Spoofing Data modification

13

Security in Wireless Networks(2)

The IEEE 802.11i standard is a security amendment for the IEEE 802.11 wireless standard

IEEE 802.11i specifies the security mechanisms offered in the Medium Access Control (MAC) layer Point-to-point security association between

two entities

14

Security in Wireless Networks(3)

In a multi-hop environment, MAC layer security is not enough

End to end security may require security mechanisms employed higher up in the stack

15

Security in Wireless Networks(4)

16

Security of Ad hoc Routing Protocols(1)

Ad hoc routing protocols are generally designed with efficiency as a priority Security adds overhead Security is often neglected in the initial

design

There is an implicit assumption that nodes are trustworthy

17

Security in the OLSR Protocol(1)

The project aim Incorporate end to end security mechanisms

for each control message Authentication Integrity Replay protection – timestamps Mutable field protection

Optional encryption/decryption of OLSR packets between neighbouring points

18

Security in the OLSR Protocol(2)

Application level security

19

Security in the OLSR Protocol(3)

Security-aware OLSR control message

20

Signature Schemes

Two signature schemes have been used in the implementation Shamir’s Identity-based scheme One-time Signature scheme known as Hash

to Obtain Random Subset(HORS)

Aim was to perform a comparison of the two schemes when used to sign OLSR messages

21

Shamir’s Identity-based scheme

Based on RSA public key system Like RSA, is computationally expensive A user’s public key is derived from public

knowledge of the user, such as it’s IP address or email address

Prevents the need for public key distribution amongst nodes

22

Hash To Obtain Random Subset(HORS) one-time signature scheme

Based on the use of one-way functions Fast and efficient signature creation and

verification Public/Private key pair limited to a few

signatures Large key and signature sizes Public key distribution complexities

23

Implementation and Testing

Signature schemes and security extension implemented in C OLSRd implementation from www.olsr.org

Test the overhead incurred by the security Traffic, delay, and processing overhead Delay in route establishment

Testing will be done on 10 node indoor wireless testbed

24

The End

Thank you!

25