anonymous communications in mobile ad hoc networks

41
Anonymous Communications in Mobile Ad Hoc Networks Yanchao Zhang, Wei Liu, Wenjing Lou Presenter: Bo Wu

Upload: cleo

Post on 22-Jan-2016

36 views

Category:

Documents


0 download

DESCRIPTION

Anonymous Communications in Mobile Ad Hoc Networks. Yanchao Zhang, Wei Liu, Wenjing Lou Presenter: Bo Wu. Outline. Introduction Threat Model MASK Model Performance Evaluation Conclusion. MANETs. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Anonymous Communications in Mobile Ad Hoc Networks

Anonymous Communications in Mobile Ad HocNetworks

Yanchao Zhang, Wei Liu, Wenjing Lou

Presenter: Bo Wu

Page 2: Anonymous Communications in Mobile Ad Hoc Networks

Outline

Introduction Threat Model MASK Model Performance Evaluation Conclusion

Page 3: Anonymous Communications in Mobile Ad Hoc Networks

MANETs

A mobile ad hoc network (MANET) is a type of wireless network, and is a self-configuring network of mobile devices connected by any number of wireless links.

Page 4: Anonymous Communications in Mobile Ad Hoc Networks

MANETs

Every node in a MANET is also a router because it is required to forward traffic unrelated to its own use.

Each MANET device is free to move independently.

Wireless links are particularly vulnerable to eavesdropping and other attacks

Page 5: Anonymous Communications in Mobile Ad Hoc Networks

MANETs: Ad hoc?

A short lived network just for the communication needs of the moment

Self Organizing Infrastructure-less network Energy conservation Scalability

Page 6: Anonymous Communications in Mobile Ad Hoc Networks

MANETs: Challenges

Lack of a centralized entity Network topology changes frequently and

unpredictably Channel access/Bandwidth availability Hidden/Exposed station problem Lack of symmetrical links Power limitation

Page 7: Anonymous Communications in Mobile Ad Hoc Networks

MANETs: AODV

Source node initiates path discovery by broadcasting a route request (RREQ) packet to its neighbors

Every node maintains two separate counters Sequence number Broadcast-id

B

S

E

C G

F

A

H

D

Y

I

K

P

L

J

TZ

RREQ

AODV part adapted from slides of Sirisha R. Medidi

Page 8: Anonymous Communications in Mobile Ad Hoc Networks

MANETs: AODV

A neighbor either broadcasts the RREQ to its neighbors or satisfies the RREQ by sending a RREP back to the source

Later copies of the same RREQ request are discarded

B

S

E

C G

F

A

H

D

Y

I

K

P

L

J

TZ

Reverse Path Setup

Page 9: Anonymous Communications in Mobile Ad Hoc Networks

MANETs: AODV

B

S

E

C G

F

A

H

D

Y

I

K

P

L

J

TZ

Reverse path are automatically set-up

Node records the address of the sender of RREQ

Entries are discarded after a time-out period

Page 10: Anonymous Communications in Mobile Ad Hoc Networks

MANETs: AODV

B

S

E

C G

F

A

H

D

Y

I

K

P

L

J

TZ

Page 11: Anonymous Communications in Mobile Ad Hoc Networks

MANETs: AODV

B

S

E

C G

F

A

H

D

Y

I

K

P

L

J

TZ

Page 12: Anonymous Communications in Mobile Ad Hoc Networks

MANETs: AODV

B

S

E

C G

F

A

H

D

Y

I

K

P

L

J

TZ

Forward Path Setup

Page 13: Anonymous Communications in Mobile Ad Hoc Networks

MANETs: AODV

B

S

E

C G

F

A

H

D

Y

I

K

P

L

J

TZ

Page 14: Anonymous Communications in Mobile Ad Hoc Networks

MANETs: AODV

B

S

E

C G

F

A

H

D

Y

I

K

P

L

J

TZ

Page 15: Anonymous Communications in Mobile Ad Hoc Networks

MANETs: AODV

B

S

E

C G

F

A

H

D

Y

I

K

P

L

J

TZ

Page 16: Anonymous Communications in Mobile Ad Hoc Networks

MANETs: AODV

Advantages:• efficient algorithm for ad-hoc networks• Highly Scalable • Need for broadcast is minimized• Quick response to link breakage in active

routes• Loop free routes

Page 17: Anonymous Communications in Mobile Ad Hoc Networks

Traffic Analysis

Frequent communications — can denote planning Rapid, short, communications — can denote negotiations A lack of communication — can indicate a lack of activity, or completion of a

finalized plan Frequent communication to specific stations from a central station — can highlight

the chain of command Who talks to whom — can indicate which stations are 'in charge' or the 'control

station' of a particular network. This further implies something about the personnel associated with each station

Who talks when — can indicate which stations are active in connection with events, which implies something about the information being passed and perhaps something about the personnel/access of those associated with some stations

Who changes from station to station, or medium to medium — can indicate movement, fear of interception

Page 18: Anonymous Communications in Mobile Ad Hoc Networks

General Defending Methods

Prevent detection Spread spectrum modulation Effective power control Directional antennas

Traffic Padding End to End Encryption and/or Link Encryption

on Data Traffic

Page 19: Anonymous Communications in Mobile Ad Hoc Networks

Threat Model

Passive Totally quiet, or just inject a small amount of traffic

Monitor every transmission of each node Many adversaries can communicate with each other

very fast May compromise a small number of nodes Limited computational capability

Page 20: Anonymous Communications in Mobile Ad Hoc Networks

Basic Math

Let G1,G2 be two groups of the same prime order q. Pairing is a computable bilinear map f : G1 × G1 → G2 satisfying the following properties:

1. Bilinearity: ∀ P, Q, R, S G1, we have∈ f (P + Q, R + S) = f (P, R)f (P, S)f (Q, R)f (Q, S)

2. Non-degeneracy: If f (P, Q) = 1 for all Q G∈ 1, then P must be the identity element in G1.

3. Computability: There is an efficient algorithm to compute f(P, Q) for all P, Q G∈ 1.

Page 21: Anonymous Communications in Mobile Ad Hoc Networks

MASK

MASK stands for ? A novel anonymous on-demand routing

protocol for MANETs anonymous neighborhood authentication anonymous route discovery and data

forwarding

Page 22: Anonymous Communications in Mobile Ad Hoc Networks

MASK System Model

A number of non-malicious nodes No selfish behavior Moderate movement Trusted Authority bootstrap security parameters

g the master key H1 : {0, 1} → G∗ 1 mapping arbitrary strings to points in G1 H2 : {0, 1} →{0, 1}∗ β mapping arbitrary strings to β-bit fixed-length

output Every node is blind to g TA furnishes each node IDi with a sufficiently large set PSi of collision

resistant pseudonyms and a corresponding secret point set as Si = gH1(PSi) = {Si,j} = {gH1(P Si,j) G∈ 1} (1 ≤ j ≤ |PSi|).

Page 23: Anonymous Communications in Mobile Ad Hoc Networks

MASK: Anonymous Neighbor Authentication Definition:

two neighboring nodes can ensure that they belong to the same party or have trustable relationship with each other without revealing their either real identifiers or party membership information.

Existing methods: Network-wide key Pairwise key Public-key certification

Page 24: Anonymous Communications in Mobile Ad Hoc Networks

MASK: Anonymous Neighbor Authentication

Alice and Bob are using pseudonyms randomly selected from their set Alice starts the authentication by sending her pseudonym and a challenge Bob can calculate the corresponding master session key and send the

authentication message back Alice authenticated Bob and replied authentication message Both Bob and Alice generate link IDs and session keys based on the master

session key

Page 25: Anonymous Communications in Mobile Ad Hoc Networks

MASK: Anonymous Neighbor Authentication After the authentication both sides have:

If a packet is identified by , then it should be decrypted using

Whenever these pairs are used up, Alice and Bob are required to automatically increase both n1 and n2 by one and generate new pairs.

Every node follows this procedure and establishes a neighbor table

Page 26: Anonymous Communications in Mobile Ad Hoc Networks

MASK: Anonymous Neighbor Authentication Only TA can infer real ID based on

pseudonyms To adversary, Link IDs are random bits Adversary can not infer session key based on

Link IDs

Page 27: Anonymous Communications in Mobile Ad Hoc Networks

MASK: Anonymous Route Discovery

Besides neighbor table, each node has:Forwarding route table

<dest_id, destSeq, pre-link, next-link>

Reverse route table <dest_id, destSeq, pre-hop-pseudonym>

Target link table The current node is the final destination for the packets

bearing the linkIDs which are in its target link table.

Page 28: Anonymous Communications in Mobile Ad Hoc Networks

MASK: Anonymous Route Discovery

Anonymous route request<ARREQ, ARREQ_id, dest_id, destSeq, PSx>

ARREQ_id uniquely identifies the requestDest_id is the real id of the destinationdestSeq is the last known sequence number for the

destinationPSx is the active pseudonym of the source

Page 29: Anonymous Communications in Mobile Ad Hoc Networks

MASK: Anonymous Route Discovery

For each node in the network:Receives ARREQ for the first time

inserts an entry into its reverse route table where this ARREQ comes from

rebroadcasts the ARREQ after changing the embedded pseudonym field to its own.

Discards any ARREQ already seen All nodes broadcast only once

Page 30: Anonymous Communications in Mobile Ad Hoc Networks

MASK: Anonymous Route Discovery

Anonymous route replies <LinkID, {ARREP, dest_id, destSeq}SKey>

LinkID is the to be used shared packet identifier between the sender and the corresponding receiver

{ARREP, dest_id, destSeq} is encrypted by the paired session key such that only the intended receiver can decrypt it

Page 31: Anonymous Communications in Mobile Ad Hoc Networks

MASK: Anonymous Route Discovery

Intermediate nodes will discard replies with smaller destSeq than its own record

intermediate node can also generate a route reply if it has one forward route entry for the dest id with destSeq equal to or larger than that contained in the received ARREQ.

Multiple paths are established during this process

Page 32: Anonymous Communications in Mobile Ad Hoc Networks

MASK: Anonymous Route Discovery

Anonymous Data Forwarding <next-LinkID, MASK payload> next-LinkID is randomly selected from the

next-link-list field MASK payload may be end-to-end encrypted

message Do not necessarily select the best path

Page 33: Anonymous Communications in Mobile Ad Hoc Networks

Security analysis

Message Coding AttackAdversary can easily link and trace some packets

that do not change their content or length MASK countermeasures

Hop-by-hop encryptionRandom padding

Page 34: Anonymous Communications in Mobile Ad Hoc Networks

Security analysis

Flow Recognition and Message Replay AttacksRecognize the packets belonging to some

communication flow MASK countermeasures

Hop-by-hop encryptionLinkID update

Page 35: Anonymous Communications in Mobile Ad Hoc Networks

Security analysis

Timing Analysis AttackTell the difference between nodes by transmission

timing, e.g. transmission rate MASK Countermeasures

When the traffic is light, this attack is quite dangerous

Page 36: Anonymous Communications in Mobile Ad Hoc Networks

Performance Evaluation

Tate paring for bilinear map f Most expensive part indispensable

SHA-1 to implement the collision resistant hash functions

efficient symmetric algorithm RC6 as hop-by-hop encryption and decryption

Page 37: Anonymous Communications in Mobile Ad Hoc Networks

Performance Evaluation

For normal traffic, AODV is a little bit better

MASK outperforms AODV for heavy traffic due to available multiple paths

Page 38: Anonymous Communications in Mobile Ad Hoc Networks

Performance Evaluation

MASK outperforms AODV in terms of overheadIt conducts costly route

discovery less frequently

Page 39: Anonymous Communications in Mobile Ad Hoc Networks

Performance Evaluation

AODV has much less latency

MASK tries to balance tradeoff between anonymity and latency

Page 40: Anonymous Communications in Mobile Ad Hoc Networks

Conclusion

Very good resistance to passive attackers Timing attack is still unresolved in this model Very good routing performance But AODV also has a multi-path version ---

AOMDV

Page 41: Anonymous Communications in Mobile Ad Hoc Networks

Questions?