Integrating Quality of Protection into Ad Hoc Routing Protocols

Seung Yi, Prasad Naldurg, Robin KravetsUniversity of Illinois at Urbana-Champaign

Traditional ad hoc routing protocols

Cooperative by nature Rely on implicit trust-your-neighbor

relationships Focus on convergence time and

routing performance, rather than security

Motivation

Security-Aware ad hoc Routing (SAR)

SAR is an approach to routing that incorporates security levels of nodes into traditional routing metrics

SAR is typically added on top of existing routing algorithms

Goals

Applications can specify the quality of protection on their ad hoc route with respect to security attributes relevant to them

SAR aims to protect routing control messages For example, disclose routing

information to trusted nodes only

Routing Protocol Assume the base protocol is on-demand,

such as DSR Source broadcasts a Route Request (RREQ)

with desired quality of protection Neighbors propagate RREQ only if they

could support the specified quality of protection

RREQ sets up reverse path as it propagates Destination sends Route Reply (RREP) once

it receives RREQ

Path Establishment

S D

RREQ

RREP

Security Attributes (1)AttributesAttributes TechniquesTechniques AttacksAttacks

Timeliness Time stamps Replay

Ordering Sequence numbers Replay

Authenticity Passwords, certificates

Impersonation

Authorization Credentials

Security Attributes (2)AttributesAttributes TechniquesTechniques AttacksAttacks

Integrity Digests, digital signatures

Modification, fabrication

Non-repudiation Chaining of digital signatures

Repudiation

Confidentiality Encryption Eavedropping

Quality of Protection

We have seen how quality of protection is used in path establishment

How to specify quality of protection? Trust hierarchy Bit vector

One bit for each security attribute

Trust Hierarchy Each level has predefined quality of protection These levels represent the security capability of the

mobile nodes and also of the paths Associate a number with each level Trust level or protection should be immutable

Keys of each level are distributed to nodes on that level.

Encrypt the portion of the RREQ and RREP headers that contain the trust level

Simulation Set-up

ns2 network simulator 50 mobile nodes and 3 trust levels

15 (H), 15 (M), 20 (L) 2 different traffic patterns with 20

flows 10% (H), 20% (M), 70% (L) 33% (H), 33% (M), 34% (L)

SAR is implemented on top of AODV

Path Discovery

727476788082848688909294

AODVSAR

Traffic 1 Traffic 2

SAR discovered fewer pathsPaths guaranteed to obey the security requirement

0102030405060708090

100

AODVSAR

Routing Traffic

0

500

1000

1500

2000

2500

RREQ RREP Total

AODVSAR

0

500

1000

1500

2000

2500

3000

RREQ RREP Total

AODVSAR

Traffic 1 Traffic 2

SAR has lower routing traffic overheadnodes drop routing messages if they can not satisfy the security requirement

Simulation Time

2800

2820

2840

2860

2880

2900

2920

AODVSAR

Traffic 1 Traffic 2

SAR takes more time to finishData packets may follow longer but more secure pathsControl packets experience processing overhead

2914

2916

2918

2920

2922

2924

2926

AODVSAR

Strong Points

Exposes security levels to applications so that applications can adapt its behavior

Concept is simple and effective

Weak Points

Overhead: Encryption, hashes, … If the ad hoc network does not have a

path with nodes that meet RREQ’s security requirements, SAR may fail to find a route even if the network is connected

Open Questions

How does SAR perform in real-world experiments?

Which base protocols are most suitable for SAR?

Any Questions?