Routing Security in Ad Hoc Networks

Justin Lomheim

Shirshanka Das

Outline

Ad Hoc Networks DSR Review AODV Review Specific Attacks on DSR and AODV ARAN Protocol (e.g. secure AODV) Questions References

Ad Hoc Networks

infrastructureless dynamic topologies (in mobile ad hoc nets) variable capacity, limited bandwidth links energy constrained operation unicast, multicast, broadcast traffic physical security considerations currently AODV & DSR routing under

consideration for IETF MANET specification

Ad Hoc On Demand Distance Vector (AODV) Review distance vector algorithm using sequence

numbers for updates (based on DSDV) generates routes on-demand, reducing

total number of broadcasts required classified as a pure on-demand scheme,

since nodes not involved in routing do not maintain routing info or participate in table exchanges

Dynamic Source Routing (DSR) Review on-demand protocol based upon source routing designed for scenarios where only a few source

nodes flow to a few destination nodes source and destination nodes gather routing info

into caches, through exchange of flooded query and reply packets with full routing information

once discovered, routes are as needed until they fail due to lost message transmissions

AODV and DSR Route Discovery

S

I

DRREQ

RREQRREQ

No Route To D !!

Cache Hit !!

RREQ

RREQ

RREPRREP

RREP

RREP

RREP

AODV Link Failure Mgmt

infinite metric assigned to broken links if a node along a route moves, its upstream

neighbor detects it and forwards a notification message (RREQ w/ infinite metric)

link breakage triggers notification back to users of formerly active links until source is reached, which may then re-initiate route discovery.

AODV versus DSR

Both use a similar mechanism of RREP , RREQ and route caching

AODV : maintains DV type next hop forwarding tables

DSR : relies on source routing

Specific Attacks on AODV & DSR

modification sequence numbers hop counts source routes tunneling

impersonation fabrication

error messages source routes (cache poisoning)

DoS trivial DoS*

Modification of Sequence Numbers

In AODVa malicious node may divert traffic through

itself by advertising a route (via a RREP) with a much higher sequence number than actual RREP

Modification of Hop Counts

In AODVsince routing decisions can involve hop count

metric, a malicious node can request the hop count to zero so make itself more likely to be chosen along the path to the destination

A selfish node could use a high hop count to ensure no one routes through it in case it wants to save power

Modification of Source Routes

In DSRas packets are delivered, a malicious node

can simply remove necessary source route entries in the packet header

malicious node can drop any error messages coming back along the path

Tunneling

S D

M2M1

Encap Decap

Falsely

tunneled path

Impersonation to create loops

A

EC

D

B

M

X

Impersonation to create loops

A

EC

D

BM

X

Impersonation to create loops

A

EC

D

B XM

Impersonation to create loops

A

EC

D

B X

M

Fabrication Attacks

False route error messages in AODV and DSR

Route Cache poisoning

Challenges

No centrally administered secure routers No strict security policies Highly dynamic nature of mobile ad hoc

networks Current ad hoc routing protocols trust all

participating nodes

Problem

Secure ad hoc routing protocols are difficult to design:- Existing protocols are optimized to spread routing information quickly as the network changes- Security mechanisms consume resources and can delay or even prevent successful exchanges of routing information

Specific attacks Location disclosure: reveals information regarding the

location of nodes, or the structure of the network Black hole: an attacker advertises a zero metric for all

destinations causing all nodes around it to route packets towards it

Replay attack: an attacker sends old advertisements to a node causing it to update its routing table with stale routes

Wormhole: an attacker records packets at one location in the network, and tunnels them to another location, routing can be disrupted when only routing control messages are tunneled

Requirements for a secure ad hoc routing protocol Prevents the exploits discussed Route signaling cannot be spoofed Fabricated routing messages cannot be injected Routing messages cannot be altered in transit except in

accordance with the functionality of the routing protocol Routing loops cannot be formed through malicious action Routes cannot be redirected from the shortest path Unauthorized nodes should be excluded from route

computation and discovery Network topology should not be exposed neither to

adversaries not to authorized nodes

Authenticated Routing for Ad Hoc Networks (ARAN) Protocol Effectively basic AODV, except route

discovery/setup/maintenance are authenticated

Utilizes public-key cryptography to verify hop-by-hop all route request “RDP” & route reply “REP” packets

Eliminates most routing security problems except for tunneling & trivial DoS attacks

ARAN – Initial Setup

Trusted certificate server T

Public Key AIP Address ACreate TimeExpiry Time

Signature by T

A B C D

Certificate A Certificate B Certificate C Certificate D

ARAN – Route Discovery

A B C D

IP Address D

Certificate A

Nonce ACreate Time

Signature by A

RDP: A -> D

Initial RDP packet

ARAN – Route Discovery

A B C Dverified

RDP: A -> D

Certificate B

Signature by B

Intermediate RDP Packet

RDP: A -> D

ARAN – Route Discovery

A B C Dverified

RDP: A -> D

Signature by C

RDP: A -> Dverified

Certificate C

ARAN – Route Setup

A B C Dverified verified verified

*Replies to first RDP packet*

IP Address A

Certificate D

Nonce A

Create Time

Signature by D

Initial REP packet

REP: A->D

ARAN – Route Setup

REP: A -> D

CertificateC

Signature by C

Intermediate REP Packet

A B C Dverified verified verified

REP: A->Dverified

ARAN – Route Setup

REP: A -> D

CertificateB

Signature by B

A B C Dverified verified verified

REP: A->D

verifiedverified

ARAN – Route Complete

A B C Dverified verified verified

verifiedverifiedverified

ARAN – Route Maintenance

A B C D

Link broken!

IP Address A

IP Address D

Nonce C

Create Time

Certificate C

Signature by C

ERR: A->D

Questions

Conflict between small weight nodes, cryptography – is there any reason to implement ARAN?

Any way to avoid centralized trust certificate server T?

Key revocation issues… Sensor network security?