View
59
Download
0
Category
Tags:
Preview:
DESCRIPTION
Routing Security in Ad Hoc Networks. Justin Lomheim Shirshanka Das. Outline. Ad Hoc Networks DSR Review AODV Review Specific Attacks on DSR and AODV ARAN Protocol (e.g. secure AODV) Questions References. Ad Hoc Networks. infrastructureless dynamic topologies (in mobile ad hoc nets) - PowerPoint PPT Presentation
Citation preview
Routing Security in Ad Hoc Networks
Justin Lomheim
Shirshanka Das
Outline
Ad Hoc Networks DSR Review AODV Review Specific Attacks on DSR and AODV ARAN Protocol (e.g. secure AODV) Questions References
Ad Hoc Networks
infrastructureless dynamic topologies (in mobile ad hoc nets) variable capacity, limited bandwidth links energy constrained operation unicast, multicast, broadcast traffic physical security considerations currently AODV & DSR routing under
consideration for IETF MANET specification
Ad Hoc On Demand Distance Vector (AODV) Review distance vector algorithm using sequence
numbers for updates (based on DSDV) generates routes on-demand, reducing
total number of broadcasts required classified as a pure on-demand scheme,
since nodes not involved in routing do not maintain routing info or participate in table exchanges
Dynamic Source Routing (DSR) Review on-demand protocol based upon source routing designed for scenarios where only a few source
nodes flow to a few destination nodes source and destination nodes gather routing info
into caches, through exchange of flooded query and reply packets with full routing information
once discovered, routes are as needed until they fail due to lost message transmissions
AODV and DSR Route Discovery
S
I
DRREQ
RREQRREQ
No Route To D !!
Cache Hit !!
RREQ
RREQ
RREPRREP
RREP
RREP
RREP
AODV Link Failure Mgmt
infinite metric assigned to broken links if a node along a route moves, its upstream
neighbor detects it and forwards a notification message (RREQ w/ infinite metric)
link breakage triggers notification back to users of formerly active links until source is reached, which may then re-initiate route discovery.
AODV versus DSR
Both use a similar mechanism of RREP , RREQ and route caching
AODV : maintains DV type next hop forwarding tables
DSR : relies on source routing
Specific Attacks on AODV & DSR
modification sequence numbers hop counts source routes tunneling
impersonation fabrication
error messages source routes (cache poisoning)
DoS trivial DoS*
Modification of Sequence Numbers
In AODVa malicious node may divert traffic through
itself by advertising a route (via a RREP) with a much higher sequence number than actual RREP
Modification of Hop Counts
In AODVsince routing decisions can involve hop count
metric, a malicious node can request the hop count to zero so make itself more likely to be chosen along the path to the destination
A selfish node could use a high hop count to ensure no one routes through it in case it wants to save power
Modification of Source Routes
In DSRas packets are delivered, a malicious node
can simply remove necessary source route entries in the packet header
malicious node can drop any error messages coming back along the path
Tunneling
S D
M2M1
Encap Decap
Falsely
tunneled path
Impersonation to create loops
A
EC
D
B
M
X
Impersonation to create loops
A
EC
D
BM
X
Impersonation to create loops
A
EC
D
B XM
Impersonation to create loops
A
EC
D
B X
M
Fabrication Attacks
False route error messages in AODV and DSR
Route Cache poisoning
Challenges
No centrally administered secure routers No strict security policies Highly dynamic nature of mobile ad hoc
networks Current ad hoc routing protocols trust all
participating nodes
Problem
Secure ad hoc routing protocols are difficult to design:- Existing protocols are optimized to spread routing information quickly as the network changes- Security mechanisms consume resources and can delay or even prevent successful exchanges of routing information
Specific attacks Location disclosure: reveals information regarding the
location of nodes, or the structure of the network Black hole: an attacker advertises a zero metric for all
destinations causing all nodes around it to route packets towards it
Replay attack: an attacker sends old advertisements to a node causing it to update its routing table with stale routes
Wormhole: an attacker records packets at one location in the network, and tunnels them to another location, routing can be disrupted when only routing control messages are tunneled
Requirements for a secure ad hoc routing protocol Prevents the exploits discussed Route signaling cannot be spoofed Fabricated routing messages cannot be injected Routing messages cannot be altered in transit except in
accordance with the functionality of the routing protocol Routing loops cannot be formed through malicious action Routes cannot be redirected from the shortest path Unauthorized nodes should be excluded from route
computation and discovery Network topology should not be exposed neither to
adversaries not to authorized nodes
Authenticated Routing for Ad Hoc Networks (ARAN) Protocol Effectively basic AODV, except route
discovery/setup/maintenance are authenticated
Utilizes public-key cryptography to verify hop-by-hop all route request “RDP” & route reply “REP” packets
Eliminates most routing security problems except for tunneling & trivial DoS attacks
ARAN – Initial Setup
Trusted certificate server T
Public Key AIP Address ACreate TimeExpiry Time
Signature by T
A B C D
Certificate A Certificate B Certificate C Certificate D
ARAN – Route Discovery
A B C D
IP Address D
Certificate A
Nonce ACreate Time
Signature by A
RDP: A -> D
Initial RDP packet
ARAN – Route Discovery
A B C Dverified
RDP: A -> D
Certificate B
Signature by B
Intermediate RDP Packet
RDP: A -> D
ARAN – Route Discovery
A B C Dverified
RDP: A -> D
Signature by C
RDP: A -> Dverified
Certificate C
ARAN – Route Setup
A B C Dverified verified verified
*Replies to first RDP packet*
IP Address A
Certificate D
Nonce A
Create Time
Signature by D
Initial REP packet
REP: A->D
ARAN – Route Setup
REP: A -> D
CertificateC
Signature by C
Intermediate REP Packet
A B C Dverified verified verified
REP: A->Dverified
ARAN – Route Setup
REP: A -> D
CertificateB
Signature by B
A B C Dverified verified verified
REP: A->D
verifiedverified
ARAN – Route Complete
A B C Dverified verified verified
verifiedverifiedverified
ARAN – Route Maintenance
A B C D
Link broken!
IP Address A
IP Address D
Nonce C
Create Time
Certificate C
Signature by C
ERR: A->D
Questions
Conflict between small weight nodes, cryptography – is there any reason to implement ARAN?
Any way to avoid centralized trust certificate server T?
Key revocation issues… Sensor network security?
Recommended