Post on 02-Jan-2016
description
Integrating Quality of Protection into Ad Hoc Routing Protocols
Seung Yi, Prasad Naldurg, Robin KravetsUniversity of Illinois at Urbana-Champaign
Traditional ad hoc routing protocols
Cooperative by nature Rely on implicit trust-your-neighbor
relationships Focus on convergence time and
routing performance, rather than security
Motivation
Security-Aware ad hoc Routing (SAR)
SAR is an approach to routing that incorporates security levels of nodes into traditional routing metrics
SAR is typically added on top of existing routing algorithms
Goals
Applications can specify the quality of protection on their ad hoc route with respect to security attributes relevant to them
SAR aims to protect routing control messages For example, disclose routing
information to trusted nodes only
Routing Protocol Assume the base protocol is on-demand,
such as DSR Source broadcasts a Route Request (RREQ)
with desired quality of protection Neighbors propagate RREQ only if they
could support the specified quality of protection
RREQ sets up reverse path as it propagates Destination sends Route Reply (RREP) once
it receives RREQ
Path Establishment
S D
RREQ
RREP
Security Attributes (1)AttributesAttributes TechniquesTechniques AttacksAttacks
Timeliness Time stamps Replay
Ordering Sequence numbers Replay
Authenticity Passwords, certificates
Impersonation
Authorization Credentials
Security Attributes (2)AttributesAttributes TechniquesTechniques AttacksAttacks
Integrity Digests, digital signatures
Modification, fabrication
Non-repudiation Chaining of digital signatures
Repudiation
Confidentiality Encryption Eavedropping
Quality of Protection
We have seen how quality of protection is used in path establishment
How to specify quality of protection? Trust hierarchy Bit vector
One bit for each security attribute
Trust Hierarchy Each level has predefined quality of protection These levels represent the security capability of the
mobile nodes and also of the paths Associate a number with each level Trust level or protection should be immutable
Keys of each level are distributed to nodes on that level.
Encrypt the portion of the RREQ and RREP headers that contain the trust level
Simulation Set-up
ns2 network simulator 50 mobile nodes and 3 trust levels
15 (H), 15 (M), 20 (L) 2 different traffic patterns with 20
flows 10% (H), 20% (M), 70% (L) 33% (H), 33% (M), 34% (L)
SAR is implemented on top of AODV
Path Discovery
727476788082848688909294
AODVSAR
Traffic 1 Traffic 2
SAR discovered fewer pathsPaths guaranteed to obey the security requirement
0102030405060708090
100
AODVSAR
Routing Traffic
0
500
1000
1500
2000
2500
RREQ RREP Total
AODVSAR
0
500
1000
1500
2000
2500
3000
RREQ RREP Total
AODVSAR
Traffic 1 Traffic 2
SAR has lower routing traffic overheadnodes drop routing messages if they can not satisfy the security requirement
Simulation Time
2800
2820
2840
2860
2880
2900
2920
AODVSAR
Traffic 1 Traffic 2
SAR takes more time to finishData packets may follow longer but more secure pathsControl packets experience processing overhead
2914
2916
2918
2920
2922
2924
2926
AODVSAR
Strong Points
Exposes security levels to applications so that applications can adapt its behavior
Concept is simple and effective
Weak Points
Overhead: Encryption, hashes, … If the ad hoc network does not have a
path with nodes that meet RREQ’s security requirements, SAR may fail to find a route even if the network is connected
Open Questions
How does SAR perform in real-world experiments?
Which base protocols are most suitable for SAR?
Any Questions?