anitha tahira

7/29/2019 Anitha Tahira

http://slidepdf.com/reader/full/anitha-tahira 1/40

Secure Routing with AODV

Protocol for Mobile Ad HocNetworks

Anitha Prahladachar

Tahira Farid

Course: 60-564Instructor: Dr. Aggarwal



Papers Reviewed

Perkins, C.E.; Royer, E.M,”Ad-hoc On-Demand DistanceVector Routing,” Proceedings of the Second IEEE Workshopon Mobile Computing Systems and Applications, WMCSA ’99

Pirzada, A.A.; McDonald, C,”Secure Routing with the AODVProtocol,” Proceedings of the Asia-Pacific Conference on

Communications, Oct 3-5, 2005 Bhargava, S.; Agrawal, D.P.,”Security Enhancements in

AODV protocol for Wireless Ad Hoc Networks,” VehicularTechnology Conference Oct 7-11, 2004, IEEE VTS 54th Vol.4

Yuxia Lin, A. Hamed Mohsenian Rad, Vincent W. S. Wong,Joo-Han Song,”Experimental Comparisons between SAODVand AODV Routing Protocols,” Proceedings of the 1st ACMworkshop on Wireless Multimedia Networking andPerformance modeling, WMuNeP Oct 2005



Outline

Mobile Ad Hoc Networks (MANET)

Applications

Security Design Issues in MANET

Motivation

Traditional AODV

Secured AODV

Experimental Comparisons

Closing Remarks



Mobile Ad Hoc Networks

A collection of wireless mobile hosts forming atemporary network without the aid of anyestablished infrastructure.

Significant Features: Dynamic topology of interconnections

No administrator

Short transmission range- routes between nodes has oneor more hops

Nodes act as routers or depend on others for routing

movement of nodes invalidates topology information



Mobile Ad Hoc Networks (cont.)

The network topology can change any timebecause of node mobility and nodes may becomedisconnected very frequently.



Mobile Ad Hoc Networks (cont.)

Host A and C are out of range from each other’s wirelesstransmitter.

While exchanging packets, they use routing services of host B.

B is within the transmission range of both of them.

Routing: Source -> Destination



Applications of MANET

Useful where geographical or terrestrialconstrains demand totally distributednetwork without fixed base station.

Military Battlefields Disaster and Rescue Operations

Conferences

Peer to Peer Networks



Security Design Issues in MANET

Do not have any centrally administeredsecure routers.

Attackers from inside or outside can easily

exploit the network. Passive eavesdropping, data tampering, active

interfering, leakage of secret information, DoSetc.

Open peer-to-peer architecture. Shared Wireless Medium.

Dynamic Topology.



Motivation

Ad Hoc networks are challenged due to

Nodes are constantly mobile

Protocols implemented are co-operative in nature

Lack of fixed infrastructure and central concentration

point where IDS can collect audit data

One node can be compromised in a way that theincorrect and malicious behaviour cannot be directlynoted at all.

Well-established traditional security approachesto routing are inadequate in MANET.



Traditional AODV

Ad Hoc On Demand Distance Vector RoutingProtocol

Reactive Protocol: discovers a route on demand.

Nodes do not have to maintain routinginformation.

Route Discovery

Route Maintenance

Hello messages: used to determine local connectivity.

can reduce response time to routing requests.

can trigger updates when necessary.



Traditional AODV – Route Discovery

If a source needs a route to a destination for which it doesnot already have a route in its cache:

Source broadcasts Route Request (RREQ)message for specified destination

Intermediate node: Returns a route reply packet (RREP) (if route

information about destination in its cache), or

forwards the RREQ to its neighbors (if route

information about destination not in its cache). If cannot respond to RREQ, increments hop count,

saves info to implement a reverse path set up, to usewhen sending reply (assumes bidirectional link…)



Traditional AODV – RREQ RREQ packet contains:

destination and source IPaddress, broadcast ID, sourcenode’s sequence number anddestination node’s sequencenumber.

Node 1 wants to send datapacket to node 7. Node 6 knowsa current route to node 7. Node1 sends a RREQ packet to itsneighbors.

Source_addr =1

dest_addr =7broadcast_id = broadcast_id +1source_sequence_# =

source_sequence_# + 1dest_sequence_# = last

dest_sequence_# for node 7

Type Flag Resvd hopcnt Broadcast_id Dest_addr Dest_sequence_# Source_addr Source_Sequence_#



Traditional AODV (RREQ)

Nodes 2 and 4 verify that this is a new RREQ (source_sequence_#is not stale) with respect to the reverse route to node 1.

Forward the RREQ, and increment hop_cnt in the RREQ packet. RREQ reaches node 6 from node 4, which knows a route to 7. Node 6 verify that the destination sequence number is less than

or equal to the destination sequence number it has recorded fornode 7.

Nodes 3 and 5 will forward the RREQ packet to node 6, but itrecognizes the packets as duplicates.



Traditional AODV (RREP)

Node 6 has a route to destination. It sends a route replyRREP to the neighbor that sent the RREQ packet.

Intermediate nodes propagate RREP towards the sourceusing cached reverse route entries.

Other RREP packets discarded unless, dest_seq_# is higher

than the pervious, or same but hop_cnt is smaller. Cached reverse routes timeout in nodes that do not see

RREP packet.

Type Flag prsz hopcnt Dest_addr Dest_sequence_# Source_addr lifetime



Traditional AODV (RREP)

Node 6 sends RREP to node 4 Source_addr=1, dest_addr=7, dest_sequence_# = maximum

(sequence no. stored for node 7, dest_sequence_# in RREQ),hop_cnt =1.

Node 4 finds out it is a new route reply and propagates the

RREP packet to Node 1.



Approach 1 : Secure AODV

Vulnerability issues of AODV (due tointermediate nodes):

Deceptive incrementing of sequence number

Deceptive decrementing of hop count To secure AODV, approach 1 divided

security issues into 3 categories:

Key Exchange

Secure Routing

Data Protection



Approach 1 : Secure AODV (cont.)

Key Exchange:

All nodes before entering the network procure a one-timepublic and private key pair from CA and CA’s public key.

After that, nodes can generate a Group Session Key betweenimmediate neighbors using a suitable ‘Group keying protocol’.

These session keys are used for securing the routing processand data flow.

Thus authentication, confidentiality and integrity is assured.



Approach 1 : Secure AODV (cont.) Secure Routing (RREQ):

Node ‘x’ desiring to establish communication with ‘y’, establishes agroup session key Kx between its immediate neighbors.

Creates RREQ packet, encrypts using Kx and broadcasts.

Intermediate recipients that share Kx decrypt RREQ and modify.

Intermediate nodes that do not share Kx initiate ‘group session key

exchange protocol’ with the immediate neighbors. Intermediate nodes encrypt RREQ packet using the new session key

and rebroadcast.




Secure Routing (RREP) In response to RREQ, ‘y’ creates RREP.

RREP is encrypted using the last Group sessionkey that was used to decrypt RREQ and is

unicast back to the original sender. If any of the intermediate nodes has moved

out of wireless range, a new group session keyis established.

Recipient nodes that share the forward groupsession key decrypt RREP and modify.

RREP is then encrypted using backward groupsession key and unicast to ‘x’.




Data Protection

Node ‘x’ desiring to establish end-to-end secure data channel,first establishes a session key Kxy with ‘y’.

‘x’ symmetrically encrypts the data packet using Kxy andtransmits it over the secure route.

Intermediate nodes forward the packet in the intendeddirection.

Node ‘y’ decrypts the encrypted data packet using Kxy.



Security Analysis for Approach 1 Authorized nodes to perform route computation and discovery.

Routing control packets authenticated and encrypted by eachforwarding node.

Minimal exposure of network topology.

Routing information is encrypted, an adversary will gain no

information on the network topology. Detection of spoofed routing messages.

Initial authentication links a number of identities to eachnode’s private key.

Detection of fabricated routing messages.

To fabricate a routing message session key needs to be

compromised. Prevent redirection of routes from shortest paths.

Routing packets accepted only from authenticated nodes,adversary cannot inject anything unless an authorized nodefirst authenticates it.



Approach 2: Secure AODV (cont.)

Defines two types of attacks:

Internal & external

Compromised & Selfish nodes

Malicious nodes

To handle the attacks, this approachsuggests two models:

Intrusion Detection Model (IDM)

Intrusion Response Model (IRM)




Vulnerability issues of AODV (due tointernal attacks):

Distributed false route request

Denial of service Destination is compromised

Impersonation



Approach 2: Secure AODV (cont.) IDM

Each node employs IDM thatutilizes the neighborhoodinformation to detectmisbehaviors of its neighbors.

When Misbehavior count >

threshold for a node,information is sent to othernodes about misbehavingnode.

They in turn check their localMalCount, and add the resultto the initiator’s response.

IDM is present on all thenodes and monitors andanalyzes behavior of itsneighbors to detect if anynode is compromised.

Secure Communication

Global Response

Intrusion Response Model

(IRM)

Mal

Count

>

Threshol

d

Intrusion Detection Model

(IDM)

Data Collection




IDM

Distributed False Route Request

Malicious node may generate frequent unnecessaryroute requests i.e. false route message.

If done from different radio range it is difficult toidentify the malicious node (RREQ are broadcasts).

When a node receives RREQ > threshold count by aspecific source for a destination in a particular timeinterval- tinterval, the node is declared malicious.




IDM

Denial of Service

A malicious node may launch DoS attack bytransmitting false control packets and using the

entire network resources.

Other nodes are deprived of these resources.

It can be identified if a node is generating the controlpackets that is more than threshold count in aparticular time interval – tfrequency.




IDM - Destination is Compromised A destination might not reply if it is:

Not in the network Overloaded Did not receive route request Malicious

It is identified when a source does not receivereply from destination in a particular time interval– twait.

Neighbors generate ‘Hello’ packets to determineconnectivity.

If a node is in network and does not respond toRREQ destined for it, it is identified as malicious.




IDM

Impersonation

If Sender encrypts the packet with its private key andother nodes decrypt with public key of sender , this

attack can be avoided.

If Receiver is not able to decrypt the packet, thesender might not be the real source and packet willbe dropped.




Intrusion Response Model ( IRM ) A node ‘x’ identifies that another node ‘m’ is

compromised when malcount for that node ‘m’ increases beyond threshold value.

‘x’ propagates to entire network by transmitting ‘Mal’

packet. If another node ‘y’ suspects node ‘m’, it reports its

suspicion to the network and transmits ‘ReMal’ packet. If two or more nodes report about a particular node ,

‘Purge’ packet is transmitted to isolate malicious nodefrom the network.

All nodes having a route through the compromised nodelook for newer routes. All packets received from the compromised node are

dropped.



Approach 3: Secure AODV

SAODV

Vulnerability issues of AODV: Message Tampering Attack [compromised node]

E.g. Hop count made 0 by attacker node

E.g. Hop count made infinite by selfish node. Message Dropping Attack [selfish node]

Message Replay (wormhole) Attack [malicious node]

Security Requirements for AODV: Source Authentication

Neighbor Authentication Message Integrity

Access Control




Source Authentication

Receiver should be able to confirm the identity of thesource.

Neighbor Authentication

Receiver should be able to confirm the identify of thesender (one-hop previous node)

Message Integrity

Receiver should be able to verify that content of a

message has not be altered either maliciously oraccidentally in transit.

Access Control It is necessary to ensure that mobile nodes seeking to

gain access to the network have the appropriate access

rights.




Route Discovery Source node selects a random seed number &

sets Maximum hop-count (MHC) value.

Using hash function h, source computes hash

value as h(seed) and Top_Hash ashMHC(seed).

Intermediate node checks if Top_Hash = hMHC-

Hop_Count(Hash).

Before rebroadcasting RREQ, increments hop-countfield by 1 in RREQ header.

Computes new Hash value by hashing the old value,h(Hash).




Route Discovery

Except for hop-count field andhhop-count(seed), all other fields of RREQ arenon-mutable.

Hence can be authenticated by verifying thesignature in RREQ.

Destination generates RREP on receivingRREQ.



Experimental Comparisons

Between AODV andSAODV

Indoor Experiments 10 laptops are placed in

the same room Facilitates the comparison

of ns-2 simulation andindoor emulation results.

Outdoor Experiments

Conducted in a rugby field(250m – 100m approx.).

Participants with laptopwalked randomly at1m/sec.

Each test run took 6 mins.



Experimental Comparisons (Results and

Discussions)

Indoor Emulation and Simulation Results

UDP Traffic – UDP Packet Delivery Ratio

d




Discussions)


UDP Traffic – Routing Control Overhead (in packets)

i l C i ( l d




Discussions)


UDP Traffic – Routing Control Overhead (in bytes)

E i l C i (R l d




Discussions)

Outdoor Results UDP Packet Delivery Ratio Routing Control overhead for

UDP Amount of Routing Packets Aggregate Routing Overhead



Closing Remarks Approach 1

Authors proposed Approach 1 for both secure routing and dataprotection

No Experiments have been discussed.

Approach 2 No Data Security Provided Routing load of a network increases as malicious nodes

generate False Control Messages. After implementing, decreases routing load by identifying

malicious node and isolating them from the network.

Approach 3 Ensure both integrity of data and control packets by using

hash functions. Source, Neighbor authentication and access control are

ensured by digital signatures. Many indoor and outdoor experiments have been performed. More efficient.



Thank you!!!

Questions???

anitha tahira

Documents