network-layer security of mobile ad hoc networks jiangyi hu advisor: dr. mike burmester
TRANSCRIPT
![Page 1: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/1.jpg)
Network-layer Security of Mobile Ad Network-layer Security of Mobile Ad hoc Networkshoc Networks
Jiangyi Hu
Advisor: Dr. Mike Burmester
![Page 2: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/2.jpg)
02/24/20042Network layer security of Manets
OutlineOutline
Introduction
Secure routing
Existing routing protocols
Routing attacks
Secure routing protocols
Cooperation enforcement
Solutions to enforce cooperation
![Page 3: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/3.jpg)
02/24/20043Network layer security of Manets
IntroductionIntroduction
Example of Mobile Ad hoc networks
A B
D
C
E
F
![Page 4: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/4.jpg)
02/24/20044Network layer security of Manets
IntroductionIntroduction
Characteristics of Manet:
Wireless connection, broadcasting
Dynamic topology
Unfriendly environment
Limited resource
![Page 5: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/5.jpg)
02/24/20045Network layer security of Manets
IntroductionIntroduction
AdvantageEase of deployment
Fast to deploy
Decreased dependence on infrastructure
Application of Manetemergency deployments
search and rescue missions
military operations
commercial applications
![Page 6: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/6.jpg)
02/24/20046Network layer security of Manets
IntroductionIntroduction
VulnerabilitiesThe basic mechanism
The security mechanism
Security goalsAvailability
Confidentiality
Integrity
Authentication
Non-repudiation
![Page 7: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/7.jpg)
02/24/20047Network layer security of Manets
Secure routingSecure routing
Existing routing protocols
Security threats for routing
Secure routing protocols
![Page 8: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/8.jpg)
02/24/20048Network layer security of Manets
Existing routing protocolsExisting routing protocols
Table driven routingDSDV (destination sequenced distance vector)
CGSR (Clusterhead Gateway Switch Routing)
WRP (Wireless Routing Protocol)
On demand routingDSR (dynamic source routing)
AODV (ad-hoc on-demand distance vector)
TORA (Temporally Ordered Routing Algorithm)
![Page 9: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/9.jpg)
02/24/20049Network layer security of Manets
DSRDSR
Dynamic source routing
Route discovery/Route maintenance
Every packet have the entire route
![Page 10: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/10.jpg)
02/24/200410Network layer security of Manets
DSRDSR
S
S
S-A
S-C
S-C-E
S-C-E
S-C-E
S-A-B
S-A-B-DS-A-B-D
S-A-B-D
S-C-E-F
S-C-E-H
D
H
F
E
B
A
S
C
S-A-B
S-C-E-H
![Page 11: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/11.jpg)
02/24/200411Network layer security of Manets
AODVAODV
Ad-hoc on-demand distance vector routing
No maintenance of routing table as in DSDV
Each node remembers only the next hop for the route, not the whole route
![Page 12: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/12.jpg)
02/24/200412Network layer security of Manets
AODVAODV
D
S
A
E
F
B
C
: Reverse path
: Forward path
![Page 13: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/13.jpg)
02/24/200413Network layer security of Manets
Routing attacksRouting attacks
Classification:
External attack vs. Internal attack
Passive attack vs. Active attack
![Page 14: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/14.jpg)
02/24/200414Network layer security of Manets
Routing attacksRouting attacks
Attacks for routing:Modification
Fabrication
Wormhole attack (tunneling)
Denial of service attack
Invisible node attack
The Sybil attack
Rushing attack
Non-cooperation
![Page 15: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/15.jpg)
02/24/200415Network layer security of Manets
ModificationModification
Modify the protocol fields of control messages
Compromise the integrity of routing computation
Cause network traffic to be dropped, redirected to a different destination or take a longer route
![Page 16: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/16.jpg)
02/24/200416Network layer security of Manets
FabricationFabrication
Generating false routing messages, e.g. routing error messages
Can cause denial-of-service
CMBS D
: Connected
: Connected through multi-hops
: Forward false error message
![Page 17: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/17.jpg)
02/24/200417Network layer security of Manets
Wormhole attackWormhole attack
Colluding attackers uses “tunnels” between them to forward packets
Place the attacker in a very powerful position
The attackers take control of the route by claiming a shorter path
![Page 18: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/18.jpg)
02/24/200418Network layer security of Manets
Wormhole attackWormhole attack
A
M
B
C
N
D
S
tunnel
Example of wormhole attack
……..….
![Page 19: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/19.jpg)
02/24/200419Network layer security of Manets
Denial of service attackDenial of service attack
Adversary floods irrelevant data
Consume network bandwidth
Consume resource of a particular node
![Page 20: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/20.jpg)
02/24/200420Network layer security of Manets
Invisible node attackInvisible node attack
Attack on DSR
Malicious does not append its IP address
M becomes “invisible” on the path
CMBS D
![Page 21: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/21.jpg)
02/24/200421Network layer security of Manets
The Sybil attackThe Sybil attack
Represents multiple identities
Disrupt geographic and multi-path routing
M1
B
M4
M5M2
M3
![Page 22: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/22.jpg)
02/24/200422Network layer security of Manets
Rushing attackRushing attack
Directed against on-demand routing protocols
The attacker hurries route request packet to the next node to increase the probability of being included in a route
![Page 23: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/23.jpg)
02/24/200423Network layer security of Manets
Non-cooperation Non-cooperation
Node lack of cooperation, not participate in routing or packet forwarding
Node selfishness, save energy for itself
![Page 24: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/24.jpg)
02/24/200424Network layer security of Manets
Secure routing protocolsSecure routing protocols
SRP (Secure Routing Protocol)
ARAN (Authenticated Routing for Ad hoc Networks)
Ariadne
SEAD (Secure Efficient Ad hoc Distance vector routing )
Cope with wormhole attack
![Page 25: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/25.jpg)
02/24/200425Network layer security of Manets
SRPSRP
Assume a shared secret key between the source node and the destination node
Verification of the route request/reply packet using MAC (Message Authentication Code)
Identities of intermediate nodes accumulated in the route request packet
![Page 26: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/26.jpg)
02/24/200426Network layer security of Manets
ARANARAN
Requires a trusted certification authority
Every node forwards a route request or a route reply must verify it and sign it
Asymmetric cryptography is costly in terms of CPU and energy usage
![Page 27: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/27.jpg)
02/24/200427Network layer security of Manets
ARANARAN
Example of ARAN:
D
S B C[[RDP,IPD, CertS, NS, t]KS- , CertS ] KB- , CertB
[[RDP,IPD, CertS, NS, t]KS- , CertS ] KC- , CertC
[REP,IPS , CertD , NS , t]KD-, CertD
[[REP,IPS , CertD , NS , t]KD-, CertD ]KC- , CertC[[REP,IPS , CertD , NS , t]KD-, CertD ]KB- , CertB
[RDP,IPD, CertS, NS, t]KS- , CertS
: broadcast
: unicast
![Page 28: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/28.jpg)
02/24/200428Network layer security of Manets
AriadneAriadne
Each node generates a one-way key chain (K0,K1,…Ki,…Kn) and publishes the keys in reverse order from generation
The sender picks Ki which will still be secret at the time the receiver receives the packet
When a receiver receives a packet, it first verifies Ki is still secret, then it buffers the packet and waits for the sender to publish key Ki
Need time synchronization
![Page 29: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/29.jpg)
02/24/200429Network layer security of Manets
SEADSEAD
Based on Destination-Sequence Distance Vector Protocol (DSDV)
Uses one-way hash chain (h0 ,h1,…hi,…hn )
Use a hash value corresponding to the sequence number and metric in a routing update
Attacker can never forge better sequence number or better metric
![Page 30: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/30.jpg)
02/24/200430Network layer security of Manets
Cope with wormhole attackCope with wormhole attack
Geographic leash
Ensures that the recipient of the packet is within a certain distance from the sender
Temporal leash
Ensures that the packet has an upper bound on its lifetime
![Page 31: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/31.jpg)
02/24/200431Network layer security of Manets
Cooperation enforcementCooperation enforcement
Introduction
Solutions
Currency based
Local monitoring
![Page 32: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/32.jpg)
02/24/200432Network layer security of Manets
Cooperation enforcementCooperation enforcement
Currency based Nuglets
Sprite
Local monitoringWatchdog and path rater
Confidant
CORE
Token-based
![Page 33: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/33.jpg)
02/24/200433Network layer security of Manets
NugletsNuglets
Nuglets ---- a virtual currency
Packet purse model Sender pay nuglets in advance
Intermediate node takes nuglets for forwarding service
Packet trade mode Intermediate nodes “buys” the packet from the previous one and “sells” it to the next one
![Page 34: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/34.jpg)
02/24/200434Network layer security of Manets
NugletsNuglets
Advantage Disadvantage
Packet purse model
deters nodes from sending useless data and overloading the network
difficult to estimate the number of nuglets that are required
Packet trade mode
source does not have to know in advance the number of nuglets required
can not prevent nodes from overloading the network
![Page 35: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/35.jpg)
02/24/200435Network layer security of Manets
SpriteSprite
Uses credit to provide incentive to selfish nodes
Nodes keep receipt to get payments from the Credit Clearance Service (CCS)
Credit that a node receives depends on whether its forwarding is successful or not
![Page 36: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/36.jpg)
02/24/200436Network layer security of Manets
Watchdog and path raterWatchdog and path rater
A node's watchdog Listens promiscuously to the next node's transmissions
If a node does not forward, it is misbehaving
The path rater choose the best path from watchdog ratings
S A B C D
: Connected
: Connected through multi-hops
: Forwarding
: Listening
![Page 37: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/37.jpg)
02/24/200437Network layer security of Manets
ConfidantConfidant
Consists of:
Monitor
Reputation System
Path Manager
Trust Manager
![Page 38: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/38.jpg)
02/24/200438Network layer security of Manets
ConfidantConfidant
Detects malicious nodes
by means of observation or reports about several types of attacks
Allows nodes
to route around misbehaved nodes
to isolate misbehaved nodes from the network
![Page 39: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/39.jpg)
02/24/200439Network layer security of Manets
CORECORE
Basic components:
Reputation table
stored in each node
the reputation value of each node
Watchdog mechanism
detect misbehavior nodes
![Page 40: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/40.jpg)
02/24/200440Network layer security of Manets
Token-basedToken-based
Each node has to have a token
Local neighbors monitor
The token is renewed via multiple neighbors
The period of validity of a node’s token is dependent on how long it has stayed and how well it has behaved
![Page 41: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/41.jpg)
02/24/200441Network layer security of Manets
Token-basedToken-based
Composed of:
Neighbor verification
Neighbor monitoring
Intrusion reaction
Security enhanced routing protocol
![Page 42: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/42.jpg)
02/24/200442Network layer security of Manets
SummarySummary
Introduction
Secure routingExisting routing protocols
Security attacks
Defenses
Node cooperationCurrency based
Local monitoring
![Page 43: Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester](https://reader035.vdocument.in/reader035/viewer/2022081516/56649ddd5503460f94ad5aa0/html5/thumbnails/43.jpg)
Thank you!Thank you!