1

Survey Presentation

Course: 60-564

Fall 2004

Ataul BariInstructor: Dr. A. K. Aggarwal

2

Agenda

IntroductionIntroduction

The DSR ProtocolThe DSR Protocol

The SADSR ProtocolThe SADSR Protocol

The SERAN for Security The SERAN for Security EquipmentEquipment

Closing RemarksClosing Remarks

3

Papers Reviewed

Ghazizadeh, S.; Ilghami, O.; Sirin, E.; Yaman, F.; “Security-aware adaptive dynamic source routing protocol”, Local Computer Networks, 2002. Proceedings. LCN 2002. 27th Annual IEEE Conference on 6-8 Nov. 2002 Pages:751 – 760

Ben-Othman, J.; Xiaoyun Xue; “SERAN: a new protocol to hide an equipment in ad hoc networks”, Computers and Communication, 2003. (ISCC 2003). Proceedings. Eighth IEEE International Symposium on 30 June-3 July 2003 Pages:356 - 361 vol.1

4

Introduction

Wireless Networks Infrastructured Network

Consists of fixed and wired gateways Fixed base station (Access Point) Nodes can move geographically

Ad Hoc (or Infrastructureless) Network All nodes are mobile Nodes communicate with each other No centralized entity (base station, Access point) Nodes are routers

5

Infrastructured Network

6

Ad Hoc Networks

7

Characteristics

Contain a large number of nodes No pre-existing fixed network infrastructure Can be deployed rapidly Nodes can freely move aroundCreation and deletion of network linksDynamically variable topologies Bandwidth constrained links Energy constrained operation

8

The MANET Model

Nodes have fixed IDs (e.g. IP addresses)Wireless communication devices Nodes are powered with lightweight batteries

that have limited life Nodes have equal capability Identical communication devices. Nodes connectivity is not transitive

9

Routing in MANET

Challenging Unpredictable node mobility Dynamic topology variation Nature of wireless media

Types Flat Hierarchical Geo-assisted

Proactive and Reactive Protocols

10

Routing Protocols

11

Security in Ad Hoc Networks

Always a weak Point Inherent quality of wireless media Mobility of the nodes Lack of centralized entity

Security Requirements Availability, Confidentiality, Integrity,

Authentication and Non-Repudiation Threats

DoS, Impersonation, Byzantine Failure, Disclosure and Poor Physical Protection

12

The SADSR Protocol

Security-Aware Adaptive Dynamic Source Routing Protocol

Basic Idea Non-malicious node detects malicious nodes Non-malicious node Isolates malicious nodes

Goal is to Secure DSR Protocol

13

The DSR Protocol

Dynamic Source Routing Protocol Reactive (on-demand) Source-Routed Each node maintains route caches containing the

source routes Updates it whenever it learns about new routes two major phases

Route discovery Route maintenance

14

Route Discovery Contd..

On-DemandCheck Route Cache Initiates route discovery process

Broadcast a RREQ packet Includes Source & Destination Address Includes an unique ID May be replied by intermediate nodes May be replied by destination nodes

15

Route Discovery in DSR

Ref: Padmini Misra; “Routing Protocols for Ad Hoc Mobile Wireless Networks “ http://www.cse.ohio-state.edu/~jain/cis788-99/ftp/adhoc_routing/, 1999

16

Route Maintenance

Route Error Packet Fatal transmission problem at its data link layer Removes that hop from its route cache All routes included that particular hop are truncated

Acknowledgment packets Verify the correct operation of the route links

17

The SADSR

Secure DSR protocol by enhancing it Non-malicious nodes

Detect malicious node Isolate malicious node

Uses digital signatures to authenticate Asymmetric cryptography Keeps

Multiple routes for each destination A local trust value for each node in the network

Each path is assigned with a trust value

18

The Attackers

External attackers Inject erroneous routing information Replay previous routing messages Modify the valid routing information

Internal attackers Trusted at some point of time Not committed to their promises anymore Compromised by external attackers More difficult to detect Isolate affected nodes Pass traffic through special routes

19

Assumptions

Both External and Internal attackers exists Malicious nodes are relatively small All the connections are bidirectional public key crypto is used A secure CA in place All nodes know the public key of CA, Certificate issued on off line basis Certificate bounds a nodes IP with its

public key The certificate obtained from CA never

expires

uA

20

The SADSR Protocol

Three different stages Certificate Acquisition Multi-path Route Discovery Routing

21

Certificate Acquisition

Nodes obtain a certificate from CA Issued in an off-line process Certificates remain valid for entire lifetime Security problem ?

Networks is set up for a certain time onlyCertificate of node v

Nodes get public key of CA,

, ,rv A u v uC E A IP v

uA

22

Multi-path Route Discovery

Initiation of Route discovery processGenerate RREQ message Sign M

Appends, at the end of M, Encrypted hash value of M, Its certificate,

Broadcast M

rv

E H M

vC

, ,dM RREQ IP T

23

Multi-path Route Discovery Contd..

Intermediate node Checks if RREQ not too old Verifies each signature with a probability p Ensures its own signature is not in the sequence Count is less then [(Max. No. of route, m)/2] First RREQ msg. from a neighbor for same route Signs it message Re broadcast the message Entries are discarded after a predefined time, expT

24

Multi-path Route Discovery Contd..

Destination node Sets up a timer for the source node, S Begin to reply Replies all RREQ messages up to the number m Non node-disjoint paths

Use 50% probability to reply To ensure enough route in case of very few neighbor

Generate RREP message, Signs M, Unicast back to S, using same path of RREQ Intermediate nodes checks signature, signs, forwards Rest of RREQs are dropped after time

, ,..., ,d sM RREP IP IP T

expT

25

Routing – Basic Idea

Nodes locally calculate and keep trust value (TV) of the other nodes

Based on the observations it has made so far The trust values of the nodes in a path

Increase every time v successfully sends a message through that path,

Decrease if a message is lost or tampered with Possible as ACK sent through the same path

TV of a path is the product of TVs of its nodes For routing, paths with higher TV are preferred

26

Assignment of Trust Value

Each source node keeps track of The paths through which it has sent packets If it has received the acknowledgement through that path

for the corresponding message

Uses two counters for each v in a path, and The trustworthiness of v, Trustworthiness of a path

=

vx vy

vv

v v

xT

x y

1 2, , ,....., ,ns v v v d 2/1 i

nn

viT

27

Sending Data Packets

For sending a data packet, source node Chose a path randomly from available paths

s are likely to know m paths for d Chance of a path to be chosen is proportional to its trust

value

Appends a sequence number with the data packet Appends the chosen path with the data packet Signs the packet Sends through the chosen path

28

Sending Data Packets Cont’d…

Intermediate nodes Verify the signature of s with a probability p Then forward the packet

Destination node If data packet received through path, Generate an acknowledgement Signs M Sends M to s through the same path, P

Intermediate nodes verify signature, forward

1 2, , ,....,P s v v d

1

, ,....., , ,nv v s sM ACK IP IP IP q

29

Updating Trust Values

The source node s maintains a table of sequence numbers of packets sent the path used and a time stamp for time units

Receives a valid ACK Awards each node on that path Updates entries for each node on that path

Not -Receives a valid ACK after time Assumes that the packet is lost Punish each node on that path Updates entries for each node on that path

ackt

ackt

30

Intermediate Link Failure

fails to communicate with Generate a R.E.M. Signs it Sends it to s

The source node s, after receiving the M Locate and eliminate all path containing the link

kv 1kv

1

, ,....., , ,kv v s sM RERR IP IP IP q

1

,k kv vIP IP

31

Security Analysis

The possible attacks on DSR protocol Attacks on Route Discovery Attacks on Routing Fabrication of Route Error Messages Denial of Service Attacks

32

Attacks on Route Discovery Modification of source routes

content is changed? Detected by signature verification

Some or all node info dropped? No ACK can be reached to S

RREP modified? Not reached S or discarded there

Route cache poisoning Only the destination send back RREP No snooping for intermediate nodes

Not participating in route discovery Passive maliciousness, nothing can do

33

Attacks on Routing

In a Data Packet, may Modify Data

Signature verification fails, No ACK

Routes Not reach destination, No ACK

Dropping the Packets Dropped packet, no ACK Gradual isolation

34

False Route Error Msg. And DoS

Fabrication of Route Error Messages Node may lie that a link is broken Intermediate node do not snoop and update

Denial of Service Attacks Sending RREQs with Fake IDs

Node broadcast may RREQ after spoofing IP intermediate nodes will caught and get rid of some Rest will be caught at the destination, no RREP Still a successful attack can be made

Sending RREQs to a Fake Destination All intermediate nodes will sign and rebroadcast Currently nothing, but may be extended to keep TV for

each S

35

Experimental Results

36

Experimental Results

37

The SERAN

Security Equipment protocol in Routing in Ad hoc Networks

A node is given ability Use the ad hoc network but not provide resources Hide itself from the network

Possible application Conserving energy for critical node Isolate congested node

38

Basic Idea

Neighbouring nodes know each others at the MAC layer

The protected node, communicate with a neighbor

A new layer, SERAN, between the IP and the transport layer

seN

cN

39

Basic Idea Cont’d…

Node needs an IP address to communicate with others Dynamic IP address

Fixed IP addresses -> Normal node No IP addresses -> Invisible node

Use of “Smart Cards” Implementing DHCP in Smart Cards Every time there is a communication

The smart card assigns a IP address to Discards it after that session ended Next time, assigns a different IP address

Ref: http://www.acs.com.hk/smartcardoverview.asp

40

The Smart Card

41

The Communication in SEARAN Whenever there is an outgoing packet

Gets an IP address from the smart cards, pass the packet After passing through the network layer, the address is discarded the packet is uni-cast to including only the destination address in the

SERAN header The SERAN layer is capable of recognizing and sending the message to

the destination. The SERAN header includes the source MAC address to distinguish the

real source.

cN

42

The Communication in SEARAN Incoming packet in the MAC layer, the card checks

The header of the packet to see if the packet’s destination MAC address is its own

If the packet contains the broadcast address (255.255.255.255).

If any of these is true, then get a temporary IP address from the card and pass the packet to the IP layer.

The smart card is capable of decoding the header of the packets.

43

Evaluation of cN

44

Improvement

45

Advantages and Disadvantages

Advantages Can keep a node secret Protected node saves its energy Protected node can send and receive rapidly avoid “overflow routing table”, “sleep deprivation”

Disadvantages Bad influence for the global routing May reduce the number of multi-routes Selection of still remains as an issue cN

46

Conclusions

Security is a weak point in ad hoc networksThe SADSR protocol is proposed to secure

an existing protocol called DSRTests show that SADSR copes well in

presence of malicious nodes SERAN may be used to hide security

equipment in ad hoc networkFirst known approach using smart cardLooking forward to a secure ad hoc network