Detecting and Evading Wormholes in Mobile Ad-hoc Wireless Networks
-
Upload
steel-maldonado -
Category
Documents
-
view
24 -
download
1
description
Transcript of Detecting and Evading Wormholes in Mobile Ad-hoc Wireless Networks
1
Detecting and Evading Wormholes in Mobile Ad-hoc Wireless Networks
Asad Amir Pirzada and Chris McDonald
2
Outline
Introduction
Previous Work
Dynamic Source Routing (DSR)
Wormhole Creation
Trust Model
Wormhole Detection and Evasion
Conclusion
Comment
3
Introduction–Mobile ad-hoc wireless networks
Malicious nodes
Improvised and insecure environments
1. Malicious nodes may participate to snoop or sabotage.
• Passive attacks: eavesdeop on packet contents
• Active attacks: imitate, drop or modify legitimate packets
2. Wormhole attacks:Two or more malicious colluding nodes create a higher level virtual tunnel in the network to conduct a variety of attacks.
In this paper present a novel trust-based scheme without engaging any cryptographic means.
4
Introduction—Ad-hoc network Built by wireless nodes
limited transmission range and battery power
Seek the assistance of its neighbouring nodes in forwarding packets.
Routing protocol
Require persistent cooperative behaviour
Each node acts like a mobile router.
Two kinds of routing protocol
Reactive: try to save battery power by discovering routes when they are essentially required
Proactive: establish and maintain routes to avoid the latency continuously
5
Introduction—Ad-hoc network Secure routing protocols
Managed ad-hoc networks
Permit configuration of the nodes with encryption keys and certificates
Pure ad-hoc networks
No a priori knowledge of their future setup
6
Previous WorkPacket Leash, detect and defend against wormhole attacks
A Defense against Wormhole Attacks in Wireless Networks(2003)
DSR , the Dynamic Source Routing Protocol for Mobile Ad Hoc Networks
Visualization of Wormholes in Sensor Networks(2004)
MDS-VOW, the Multi-Dimensional Scaling Visualization of Wormhole
DSR , the Dynamic Source Routing Protocol for Mobile Ad Hoc Networks
Using Directional Antennas to Prevent Wormhole Attacks(2004)
Directional Antennas, using directional antennae to detect Wormhole attacks
SECTOR, the Secure Tracking of Node Encounters in Multi-hop Wireless Networks
SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks(2003)
7
Previous Work
Packet Leash
A mechanism to detect and defend against wormhole attacks.
Two types of leashes:
1. Geographic Leash Each node knows its precise position and all nodes have
a loosely synchronized clock.
2. Temporal Leash All nodes are required to maintain a tightly synchronised
clock.
8
Previous Work– Geographic Leash
1. Know its precise position
2. All nodes have a loosely synchronized clock.
Packets + current position + transmission time
1. Compute the distance and the received packets time
2. Check a wormhole by time and distance
All nodes can obtain an authenticated symmetric key of every other node.
9
Previous Work– Temporal Leash
1. All nodes maintain a tightly synchronized clock.
Packets + transmission time
1. Compare the time to local time (assume propagation speed is equal to the speed of light)
2. Compute the distance to the sender
3. Able to detect the wormholeAll nodes can obtain an authenticated symmetric key of every other node.
10
Previous Work– SECTOR(Secure Tracking of Node Encounters in Multi-hop Wireless Networks)
A set of mechanisms to prevent wormhole attacks without requiring any clock synchronization or location information
Use a distance-bounding protocol (Mutual Authentication with Distance-bounding; MAD) to determine the distance between any two communicating parties.
Assume: Each node is equipped with a special hardware transceiver module to perform two bits XOR operation.
Use message authentication codes (MAC) secured using pairwise secret keys
Provide the receiver with the exact distance to a sender
11
Previous Work– Directoinal Antennas
All nodes share their directional information to prevent wormhole attacks.
Messages from a non-neighbour are discarded.
12
Previous Work– MDS-VOW MDS-VOW (Multi-Dimensional Scaling Visualisation of Wormhole)
To detect wormholes in sensor networks
Not require any special hardware such as positioning devices, synchronised clocks or directional antennas
Adopt social science, computer graphics, and scientific visualization
(1)Estimate the distance (the received signal strength)
immediate neighbours
Centralized controller
(2)sent the distances
13
Dynamic Source Routing(DSR) DSR
A reactive routing protocol
IP source routing
Route discovery: the source node broadcasts a ROUTE REQUEST packet
Broadcast a ROUTE REQUEST packet (unique identification number, the target node address)
Recipient nodeROUTE REPLY packet (list of nodes)
target node
14
Wormhole Creation A wormhole created by three ways
Tunneling of packets above the network layer
Long range tunnel using high power transmitters
Tunnel creation via external wired infrastructure
recipient malicious nodetarget node
packets
modify all received packets( Encapsulate in a higher layer protocol)
collude node
Tunneling of packets above the network layer
•Dispatch to the colluding node
15
Wormhole Creation
recipient malicious nodetarget node
packets
modify all received packets( Encapsulate in a higher layer protocol)
collude node
Long range tunnel using high power transmittersTunnel creation via external wired infrastructure
•Dispatch through the network nodes
16
Wormhole Creation
The colluding nodes (M1, M2) are not the immediate neighbors of the source (S) and destination (D) node.
17
Trust Model–an effort-return based trust model
Txy = Pp PA
neighbouring nodetarget node
packets
Each node executing the trust model monitor their participation in the packet forwarding mechanism
1. Integrity checks success: trust counter increase fail: trust counter decrease
2. Txy = Pp PA: the direct trust in a node y by node x
Pp [0, 1] the existence or absence of a wormhole through node y
PA: preserve a count of the number of packets that have been forwarded by a node
packets
malicious node
1. Each node executing the trust model monitor their participation in the packet forwarding mechanism
2. Integrity checks success: trust counter increase fail: trust counter decrease
3. Txy = Pp PA: the direct trust in a node y by node x
Pp [0, 1] the existence or absence of a wormhole through node y
PA: preserve a count of the number of packets that have been forwarded by a node
x y
18
Wormhole Detection
neighboring nodetarget node
packets packets
malicious node
1. Before transmitting the packet buffers the DSR Source Route header
2. After transmitting the packet place its wireless interface into the promiscuous mode for the Trust Update Interval (TUI)
3. Check wormhole:(1) retransmission: compare packet’s DSR Source Route header in buffer if the same packet increase PA for the neighbor
(2) integrity check
if Salvage field = 0 (not call for a new route discovery) Pp = false (no wormhole) (3) No retransmission is heard and TUI has exceeded. reduce PA and clear the DSR Source Route buffer
19
Wormhole Evasion
target node
(3) Initiating a new route discovery ROUTE REQUEST packet propagated (unavailability of a route from the cache)
destination node
(1) Scan cache for routing
(2) A route in the cache execute the Dijakstra algorithm (return the shortest path in terms of number of hops)
(4) LINK CACHE scheme the default cost of each link = 1 (uniform spread of the inter-node trust levels) wormhole the cost of the link = ∞
20
Conclusions
Wormholes in an ad-hoc network is still a challenging task.
The authors derive trust levels in neighboring nodes based on their sincerity in execution of the routing protocol.
21
Comments
If the neighboring node is broken down failing to forward the packets, this node will be regarded as malicious node permanently.
22
Ad hoc The meaning of ad hoc
In Latin, ad hoc "for this," "for this purpose only," temporary.
A kind of network where stations or devices communicate directly and not via an access point.
Wireless infrastructure does not exist.
A mobile ad-hoc network (MANET) a self-configuring network of mobile routers (and associated hosts) connected
by wireless links—the union of which form an arbitrary topology.
The routers are free to move randomly and organize themselves arbitrarily; thus, the network's wireless topology may change rapidly and unpredictably.
Advantage: rapid deployment and low cost of operation
Applications: military or police network, a natural disaster(flood, earthquake …)
neighbouring nodetarget node
packets packets
malicious node
A P
23
Wormholes
Solutions:
Time-based methods
Cryptography
Exploiting location information
Wormhole link (via a wireline, a long-range wireless transmission, or a optical link)
24
Wormholes
Wormhole threat against network protocol:
Node s2: update and broadcast its routing table entries (s2, s9)
Node s2 Node {s8, s10, s11, s12} only two hops via s9
Neighbors of s2 adjust their routing tables. {s1, s3, s4, s5, s7} route via s2 to reach nodes {s9, s10, s11, s12}.
Attacker Node s2 can redirect and observe a large amount of traffic.
Attacker Node s2 can trigger a denial-of-service (DoS) attack.
25
Wormholes
Byzantine attacks:
Black hole, flood rushing, wormhole and overlay network wormhole
Black hole: All packets are dropped.
26
Integrity check
In the DSR Source Route option:
Salvage field = 0 a new route discovery by the source node
Salvage field <> 0 contain a working route to forward (integrity check pass)