Adaptive and Secure Routing Protocol for Emergency Mobile Ad Hoc Networks
Secure Routing Protocol for Ad Hoc Networks
description
Transcript of Secure Routing Protocol for Ad Hoc Networks
Nov.6, 2002
Secure Routing Protocolfor Ad Hoc Networks
Li Xiaoqi
Outline Introduction to Ad Hoc Networks Overview of Ad hoc On-demand
Distance Vector (AODV) Routing Protocol
Attacks to AODV Ad Hoc Networks Securing AODV Routing Protocol Flaws of SAODV Future Works
Ad Hoc Networks “Infrastructureless” Networks without fixed
infrastructure such as base stations or access points
Multi-hop routing when nodes are not in each other’s radio range
Nodes are mobile Underlying communication medium is wireless Each node acts as a router Useful in:
personal area networking, meeting rooms, disaster relief, battlefield operations, etc.
Motivation Applications such as military exercises,
disaster relief, and mine site operation need more secure and reliable communication
Prior routing protocols generally assume a trusted environment with non-adversarial settings
Securing routing protocols for ad hoc networks are needed
AODV Routing Protocol (Ad Hoc On-Demand Distance Vector)
Establish or maintain routes only when nodes need to communicate
Each node maintains a monotonically increasing sequence number to ensure loop free routing
Only one mutable field “Hop Count” in routing messages which implies the distance from the originator. Hop Count is increased by one at each hop.
Four types of routing messages: RREQ: Route Request RREP: Route Reply RERR: Route Error RREP-ACK: Route Reply Acknowledgement
Routing Discovery in ADOV
Laptop
PDA
PDA
PDA
Laptop
Laptop
LaptopRREQ
RREPRREP
BroadCast
S
D
Attacks on Mobile Networks
Eavesdropping Confidentiality Disclosure Confidentiality Masquerading Authenticity Modification Integrity
Man-In-Middle Attack Drop / Replay / Delay Integrity Flooding Availability
Denial of Service Attack
Actual Attacks on AODV(one malicious node)
Forge a RREQ with its address as the
originator address. Forge a RREP with its address as the
destination address Does not increase the hop count, even reduce it
when forwarding a RREQ Increase destination sequence number “fresher”
enough in order to update the intermediate nodes’ route table
Does not forward certain RREQ, RREP and certain data messages
S DM
RREQ
S DM
RREP
Actual Attacks on AODV(more malicious nodes)
Tunneling Attacks Two malicious nodes simulate that they
have a link between them By tunneling messages between them Achieve having certain traffic through them Do any type of attacks one malicious node
can do Hard to detect and prevent so far,
even in SAODV mentioned below
SAODV Routing Protocol(WiSe’02 by SigMobile)
Focus on Protecting only Routing messages Mainly Concerning Authentication & Integrity Situation of One malicious node More routing protocol than key management
Two Main Ideas Hash chains to secure the Hop Count information,
the only mutable information in the messages Integrity
Digital signatures to authenticate the non-mutable fields of the messages Authenticity
SAODV Hash Chains
Attackers often decrease Hop Count of a RREQ to increase the life of this message, thus gain more time to analyze the communication
Hash chains are used to protect this Hop Count field A hash chain is formed by applying a one-way hash
function (h) repeatedly to a seed.
When a node originates a RREQ or a RREP message, it performs the following operations:
SAODV Hash Chains Algorithm
1. Generates a random number (seed)2. Sets field
Max_Hop_Count = TTL3. Sets field
Hash = seed4. Sets field
Hash_Function = h, - h is the hash function which is going be used
5. Calculates field Top_Hash by hashing seed Max_Hop_Count times.Top_Hash = h Max_Hop_Count (seed)
- hi(x) is the result of applying the function h to x i times.
6. When a node receives a RREQ or a RREP message, it will verify if Top_Hash == h Max_Hop_Count – Hop_Count (Hash)
- Hop_Count is the number of hops this message has passed.
7. Before rebroadcasting a RREQ of forwarding a RREP, a node doHash = h(Hash)
SAODV Digital Signatures Digital Signatures are used to protect the integrity of the
non-mutable data in RREQ and RREP messages Sign every field of the message except the Hop Count
and hash chain fields Extend original AODV routing protocol’s headers Secure AODV protocol has six types of messages
RREQ (Single) Signature Message RREQ Double Signature Message RREP (Single) Signature Message RREP Double Signature Message RERR Signature Message RREP-ACK Signature Message
SAODV Digital Signatures
An originator sends a RREQ double signature message including the RREP flags every time
An intermediate node, if it hasn’t the destination’s route entry, rebroadcasts RREQ with double signatures, one of which is needed for RREP
An intermediate node, if it has the destination’s route entry, sends a RREP with double signatures, one of which is get from the RREP flags it reserved
A destination node sends a RREP single signature message when replying a RREQ
S DA B
RREQ Double Signature Message
RREQ Double Signature Message
RREP Double Signature Message
RREP Single Signature Message
Key Management of Securing Ad Hoc Routing protocol
Symmetric VS Asymmetric Cryptography Symmetric: everybody that wants to participate in
this network has to know the secret key. Maybe not suitable
Asymmetric: everybody can participate freely. The originator of the route messages signs the messages when using an asymmetric cryptosystem. Maybe feasible.
SAODV assumes that each ad hoc node has a signature key pair from a suitable asymmetric cryptosystem.
Flaws of SAODV
Does not consider how to protect data messages
Can not solve attacks performed by more coordinated malicious nodes
More emphasis on secure routing protocol and has not its own key management mechanism
Future Work On This Topic
To realize security in Ad Hoc Networks Intrusion Prevention
Design a secure routing protocol Design a efficient and effective key
management mechanism Intrusion Detection
Study more attacks to AODV and SAODV routing protocol
Q & AQ & A