SEAD : Secure Efficient Distance Vector Routing for mobile wireless ad-hoc networks Prepared by :Irit Siso

SEAD :SEAD :Secure Efficient Distance Vector Routing Secure Efficient Distance Vector Routing

for mobile wireless ad-hoc networksfor mobile wireless ad-hoc networks

Prepared by :Irit SisoPrepared by :Irit Siso

What will we discuss What will we discuss

What is an ad-hoc networkWhat is an ad-hoc network Routing problems in ad-hoc Routing problems in ad-hoc

networksnetworks AssumptionsAssumptions Possible attacksPossible attacks SEAD solutions SEAD solutions EvaluationEvaluation ConclusionsConclusions

IntroductionIntroduction An ad-hoc network is a collection of An ad-hoc network is a collection of

wireless computers (nodes) communicating wireless computers (nodes) communicating among themselfs without the help of any among themselfs without the help of any infrastructure such as a base station.infrastructure such as a base station.

Assumtions:Assumtions: A node in this network is with limited CPU A node in this network is with limited CPU

power and low battery powerpower and low battery power Limited transmition rangeLimited transmition range Nodes in the network may move at any Nodes in the network may move at any

time or even move continuously.time or even move continuously. Propagation conditions may change Propagation conditions may change

frequentlyfrequently

What is an ad-hoc What is an ad-hoc networknetwork

In a distence vector In a distence vector protocol each node protocol each node in the network act in the network act as a router. Each as a router. Each router maintains a router maintains a routing table routing table listing all possible listing all possible destinations in the destinations in the network.network.

Due to the nature of this networks we Due to the nature of this networks we need a secure but efficient routing need a secure but efficient routing protocol to communicate between protocol to communicate between the nodesthe nodes

We use distance vector protocols.We use distance vector protocols.

they are esey to inplement and they are esey to inplement and require require relatively little memory relatively little memory or CPU processing capacity. (ex. or CPU processing capacity. (ex. RIP)RIP)

What is an ad-hoc What is an ad-hoc networknetwork

Routing problems in ad-hoc Routing problems in ad-hoc networksnetworks

Each entry is a node’s routing table contains the Each entry is a node’s routing table contains the address of the destination, this node shortest address of the destination, this node shortest known distance (in number of hops) and the known distance (in number of hops) and the adress of the next hop.adress of the next hop.

To maintain the routing tables, each node To maintain the routing tables, each node periodically transmits a routing update. An periodically transmits a routing update. An optimization – the use of triggered updatesoptimization – the use of triggered updates

On demand protocol-On demand protocol-nodes exchange routing information only nodes exchange routing information only

when needed. A node transmits a new update when needed. A node transmits a new update about some destination as soon as the metric in about some destination as soon as the metric in its table entry changes.its table entry changes.


Routing protocols for ad-hoc networks Routing protocols for ad-hoc networks generally can be divided in to tow main generally can be divided in to tow main categories:categories:

Periodic protocol-Periodic protocol- nodes periodically exchange routing nodes periodically exchange routing

information, so evry node always information, so evry node always know a current route to all destinations.know a current route to all destinations.

Drawbacks –Drawbacks –can overload the network when nothing can overload the network when nothing changes. A lot of changes can be changes. A lot of changes can be implemented between the updates.implemented between the updates.

Counting to infinity –Counting to infinity –distance vector routing although distance vector routing although

simple, has problems. simple, has problems.

In wireless and mobile In wireless and mobile networks routing networks routing loops are more loops are more common due to the common due to the mobilty of the nodes. mobilty of the nodes. So in addition to a So in addition to a small max matric small max matric value and poisoned value and poisoned reverse used is RIP reverse used is RIP for ex. Sead has an for ex. Sead has an addition of a addition of a sequence number.sequence number.

A

B C

6

4

1X


In each routing table entry we add a sequence In each routing table entry we add a sequence number. This sequnce number prevent routing number. This sequnce number prevent routing loops caused by updates being applied out of loops caused by updates being applied out of order. This problem is common beacuse the order. This problem is common beacuse the information may be spread in many diffrent information may be spread in many diffrent paths.paths.

Each node maintains an even sequence nomber Each node maintains an even sequence nomber that it includes in each routing update that it that it includes in each routing update that it sends.sends.

Each entry in a node’s routing table is tagged Each entry in a node’s routing table is tagged whit the most recent sequnce nomber for that whit the most recent sequnce nomber for that destination.destination.

When a node detects a broken link When a node detects a broken link to its neighbor (A to C) the node to its neighbor (A to C) the node creates a new routing update for creates a new routing update for that neighbor as a destination whit that neighbor as a destination whit the infinity metric and the next odd the infinity metric and the next odd sequnce number.sequnce number.

In SEAD - When a node detects In SEAD - When a node detects that its next hop link is broken, it that its next hop link is broken, it flags its routing table entry for that flags its routing table entry for that destination to not accept any new destination to not accept any new updates for the same sequence updates for the same sequence number.number.

When a node recives the update for each When a node recives the update for each destination in that update. If the sequence destination in that update. If the sequence number is greater than the current one he has. If number is greater than the current one he has. If the sequnce number is equal than he will take the the sequnce number is equal than he will take the one with the lower metric. If the sequnce number one with the lower metric. If the sequnce number is smaller he dismiss the recived updateis smaller he dismiss the recived update

A

B C

X

amongst the distance vector routing amongst the distance vector routing protocol SEAD is based on the DSDV protocol SEAD is based on the DSDV protocol.protocol.

DSDV protocol support both periodic and DSDV protocol support both periodic and triggered updatestriggered updates

When to do a triggered update?When to do a triggered update? One suggestion is by reciving a new metric One suggestion is by reciving a new metric

for some destination.for some destination. Another suggestion is that the receipt of a Another suggestion is that the receipt of a

new sequnce number also should couse a new sequnce number also should couse a triggered update.triggered update.

THE LAST SEGGESTION OUT PERFORM THE FIRST ONE

ASSUMPTIONSASSUMPTIONS

As a matter of terminology we refer to As a matter of terminology we refer to MAC as the network Medium Access MAC as the network Medium Access Control protocol at the link layerControl protocol at the link layer

Wireless links in the network are Wireless links in the network are bidirectional, since it is necessray for the bidirectional, since it is necessray for the distributing algorithem of distance distributing algorithem of distance vector routing.vector routing.

Network physical layer and MAC attacks Network physical layer and MAC attacks are beyond the scope of this lecture.are beyond the scope of this lecture.

More ASSUMPTIONSMore ASSUMPTIONS

We assume that the network may drop, We assume that the network may drop, corrupt, duplicate or reorder packets.corrupt, duplicate or reorder packets.

We also assume that the MAC layer We also assume that the MAC layer detect randomly corrupted packets in detect randomly corrupted packets in some level. (ALOHA)some level. (ALOHA)

The network diameter is the maximum.The network diameter is the maximum. We also limit the max metric value , we We also limit the max metric value , we

use m-1 to denote the upper bound. Thus use m-1 to denote the upper bound. Thus all routes that can be used by the routing all routes that can be used by the routing protocol are of length less than m hopsprotocol are of length less than m hops

Securing the protocolSecuring the protocol

Another assumption is that nodes are Another assumption is that nodes are resours constraind. So we use One –resours constraind. So we use One –way hash chains and Markel hash trees way hash chains and Markel hash trees to evoid expensive asymetric to evoid expensive asymetric crypyographic.crypyographic.One way hash chainsOne way hash chains

In SEAD in order to create a one-way chain a In SEAD in order to create a one-way chain a node chooses a random initial value x and node chooses a random initial value x and computes h0,h1,...,hn . When h0 =x & computes h0,h1,...,hn . When h0 =x & hi=H(hi-1).hi=H(hi-1).

Since nodes uses elements in goups of m . A Since nodes uses elements in goups of m . A node generates its hash chain when n is node generates its hash chain when n is divisible by m.divisible by m.

When a node first enters the network or When a node first enters the network or when it used most of its available hash-when it used most of its available hash-chain, it can choose a new random x.chain, it can choose a new random x.

In order to distribute the nodes hash- In order to distribute the nodes hash- chain we use one of this approches:chain we use one of this approches:

A trusted entity sign a public key A trusted entity sign a public key certificates for each node. Which uses certificates for each node. Which uses this key to sign a new hash chain.this key to sign a new hash chain.

A trusted node can securely distribute A trusted node can securely distribute an othenticated hash chain. Using an othenticated hash chain. Using symetric key or non- cryptographic symetric key or non- cryptographic approaches.approaches.

Merkle hash treesMerkle hash treesThe Merkle hash The Merkle hash

trees are binary trees are binary trees. For simplicity trees. For simplicity we assume we assume balanced trees.balanced trees.

To authenticate the To authenticate the values vvalues v00,v,v11,....,v,....,vw-1w-1 , , we use the hash we use the hash fuction H to fuction H to compute vi’ . Each compute vi’ . Each internal node of the internal node of the tree is dirived from tree is dirived from its tow child nodes.its tow child nodes.

mm0101=H[v’=H[v’00||v’||v’11]]

ATTACKSATTACKS

Attackes we wont discuse:Attackes we wont discuse: An attaker can attempt ro reduce the An attaker can attempt ro reduce the

amount of routing information aveilable amount of routing information aveilable to other nodes. By not advertising certin to other nodes. By not advertising certin routers or by destroying routing pachets.routers or by destroying routing pachets.

A node can drop routing packets it A node can drop routing packets it recives.recives.

An intruder can jam routing packets.An intruder can jam routing packets.

ALL THOSE ARE IN THE PHYSICAL LAYER. WHICH THIS LECTUR DONT DISCUSE

Another attack we wont solve Another attack we wont solve herehere

A more sutible attack is the creation of a A more sutible attack is the creation of a worm-holeworm-hole in the network . in the network .

A & B are liked by a privete network . Every A & B are liked by a privete network . Every packet that A recives it forward it to B , packet that A recives it forward it to B , which spread them to the packet normaly. B which spread them to the packet normaly. B may also send al of its recived packets to A.may also send al of its recived packets to A.

This attack distrups routing by short This attack distrups routing by short circuting the normal flow of routing packetscircuting the normal flow of routing packets

A sulotion is the use of other mechanisms at A sulotion is the use of other mechanisms at the MAC layerthe MAC layer

Attacks we choose to Attacks we choose to solvesolve False metric – an attaker can advertise a zero False metric – an attaker can advertise a zero

metric for all destinations.cousing all nodes metric for all destinations.cousing all nodes arond it to route packets for all destinations arond it to route packets for all destinations toward it.toward it.

An attacker can modify the source address of An attacker can modify the source address of an advertisment. Spreading inaccurate next an advertisment. Spreading inaccurate next hop information.hop information.

An attacker can send old advertisment to a An attacker can send old advertisment to a node, in an attempt that that node will node, in an attempt that that node will update his routing table whit stale routsupdate his routing table whit stale routs

An attacker can be a compromised node. If An attacker can be a compromised node. If so, it will have access to all cryphtographic so, it will have access to all cryphtographic keys of that node and may cooperate with keys of that node and may cooperate with other attacker or compromised nodeother attacker or compromised node

SEAD solutionsSEAD solutionsOne approch for authenticatig a routing updates in One approch for authenticatig a routing updates in

distance vector routing protocol is for each node to distance vector routing protocol is for each node to sign each of its routing updates with asymetric sign each of its routing updates with asymetric cryptography.cryptography.

Drawbacks: Drawbacks: An attacker can send a large number of arbirary An attacker can send a large number of arbirary

routing updates to some victim node. Forcing him to routing updates to some victim node. Forcing him to spend all of his CPU powerin the attempt to verify spend all of his CPU powerin the attempt to verify them. Creating a Denial- Of - Servise attack..them. Creating a Denial- Of - Servise attack..

An attacker how has compromised a node can send An attacker how has compromised a node can send update with the metric 1 claiming all nodes are his update with the metric 1 claiming all nodes are his neighbors.neighbors.

Finally- even if ther’s no attacker large generation Finally- even if ther’s no attacker large generation and verification time can harm the preformences of and verification time can harm the preformences of an ad-hoc networkan ad-hoc network

SEAD solutionsSEAD solutions

Insted we use in SEAD the one way hash chain.Insted we use in SEAD the one way hash chain.Each node uses a specific next element of its Each node uses a specific next element of its

hash-chain in each routing update. The other hash-chain in each routing update. The other nodes can autenticate the messege by nodes can autenticate the messege by computing the hash fuction. Thuse computing the hash fuction. Thuse authenticatethe lower bound of the metric for authenticatethe lower bound of the metric for this destination.this destination.

This do not prevent a malicious node from This do not prevent a malicious node from claiming the same metric he receved as his claiming the same metric he receved as his own.own.

The hash chain can only prevent from decreasing the The hash chain can only prevent from decreasing the thethe metricmetric. An attacker cannot generate any . An attacker cannot generate any value in the chain that will be used in the value in the chain that will be used in the future.future.

SEAD solutionsSEAD solutionsIn addition we assume an upper bound, in the size of the In addition we assume an upper bound, in the size of the

network diameter. We used m-1 to be that bound. Making network diameter. We used m-1 to be that bound. Making all metrics in the routing protocol less than m. A routing all metrics in the routing protocol less than m. A routing update contains the sequence number, and than m update contains the sequence number, and than m elements when one of them, used to authenticate that elements when one of them, used to authenticate that routing update.routing update.

The sequence numberThe sequence numberIf a node’s hash chain has the sequence values:If a node’s hash chain has the sequence values:hh00,h,h11,.....,h,.....,hnn when n is divisible by m. Than the sequence when n is divisible by m. Than the sequence

number i for some routing update entry , let k=(n/m)-i.number i for some routing update entry , let k=(n/m)-i.An element from the group hAn element from the group hkmkm,h,hkm+1km+1,...,h,...,hkm+m-1km+m-1. if the node . if the node

lists an entry for itself, it sets the address to its own, the lists an entry for itself, it sets the address to its own, the metric to 0 , the sequence number to its own next metric to 0 , the sequence number to its own next sequence number and the hash value to the first in his sequence number and the hash value to the first in his hash chain. hash chain.

For ex. For sequence number i the node will set the the For ex. For sequence number i the node will set the the hash value in that entry to its hhash value in that entry to its hkmkm..


If the node lists an entry for some If the node lists an entry for some other destination, it sets the address other destination, it sets the address in that entry to the destination node’s in that entry to the destination node’s address , the metric and sequence address , the metric and sequence number to destination’s values number to destination’s values according to the nodes routing table. according to the nodes routing table. and the hash value to the one recived and the hash value to the one recived in the routing update from which he in the routing update from which he learned the route to taht destenation.learned the route to taht destenation.


Denail-Of -Servise attackDenail-Of -Servise attackIn order to guard against an attacker forcing a In order to guard against an attacker forcing a

receiving node to preform a large number of receiving node to preform a large number of hash operations in order to authenticate, we hash operations in order to authenticate, we limit the number of hashes the node is willing limit the number of hashes the node is willing to preform. In that we make an asummption to preform. In that we make an asummption about the number of routing updates the about the number of routing updates the reciving node had missed.reciving node had missed.

Another sulotion is to use a loosely synchronized Another sulotion is to use a loosely synchronized clock.clock.

Allowing a receiving node to determine if a Allowing a receiving node to determine if a claimed sequence number in an update could claimed sequence number in an update could be authentic before performing any hash be authentic before performing any hash operations.operations.

SEAD solutionsSEAD solutionsNeghbour authenticationNeghbour authenticationThe source of each routing update message in The source of each routing update message in

SEAD must be authenticated otherwise an SEAD must be authenticated otherwise an attacker can create routing loops.attacker can create routing loops.

We can use a broadcast mechanism, such as We can use a broadcast mechanism, such as TESLA for neghbour authenticationTESLA for neghbour authentication

DarwbacksDarwbacks – such mechanism require – such mechanism require synchronized clocks and has a relatively high synchronized clocks and has a relatively high overhead.overhead.

Another approch is a shared secret key among Another approch is a shared secret key among each pair of nodes, in addition a message each pair of nodes, in addition a message authentication code which the sender include authentication code which the sender include in each routing update.in each routing update.


Since SEAD includes periodic neighbor sensing Since SEAD includes periodic neighbor sensing functionality, each node knows the set of functionality, each node knows the set of neghbors he needs to authenticate routing neghbors he needs to authenticate routing updates.updates.

Each node trusts any zero-metric with a valid Each node trusts any zero-metric with a valid authenticator. If a node has received such an authenticator. If a node has received such an update from another node for a recent sequence update from another node for a recent sequence number, it consider that node a neghbor and number, it consider that node a neghbor and computes a message authentication code for it.computes a message authentication code for it.

When tow nodes first become neghbors, one of When tow nodes first become neghbors, one of them will transmit a routing update. The them will transmit a routing update. The receiverwill send a triggered routing table for receiverwill send a triggered routing table for the other node revealing the new node to the the other node revealing the new node to the network.network.

SEAD solutionsSEAD solutionsSame-distance fraudSame-distance fraudConsider a node receiving a message for a sequence Consider a node receiving a message for a sequence

number number ss and a metric and a metric dd, and re-advertise the , and re-advertise the same sequence number and metric.same sequence number and metric.

To defend against that fraud we use hash tree To defend against that fraud we use hash tree chains. We tye the authenticator to the address of chains. We tye the authenticator to the address of the sender.the sender.

We construct a special one way chain were each We construct a special one way chain were each element element of the chain encodes the node id , element element of the chain encodes the node id , by that forcing a node to increase the metric if it by that forcing a node to increase the metric if it want to encode its own id.want to encode its own id.

These values are authenticated by Markle trees. The These values are authenticated by Markle trees. The root is used to generate the collection of values in root is used to generate the collection of values in the next step.the next step.

SEAD solutionsSEAD solutionsWe constract the hash We constract the hash

tree between each tree between each pair vpair vi-1i-1, v, vii of the of the one-way chain. one-way chain. From them we From them we dirive a set of dirive a set of values bvalues b00,...,b,...,bnn using using the hash function.the hash function.

bj=H[vi||j] , for each j. bj=H[vi||j] , for each j. The root of the tree The root of the tree is the previous is the previous value of the one value of the one way chain way chain

vvi-1i-1 =b =b0n0n..Here we see the node Here we see the node

forwards the values forwards the values b’b’00,b,b11, and b, and b2323. and . and use the value buse the value b0303 to to sign his id.sign his id.

SEAD solutionsSEAD solutionsIn a small network, each value bIn a small network, each value bj j can correspond to a single can correspond to a single

node.since no tow nodes share a single value, an attacker node.since no tow nodes share a single value, an attacker has no way to dirive its value from the tree chain there for has no way to dirive its value from the tree chain there for it has to follow the hash chain to the next step in order to it has to follow the hash chain to the next step in order to provide a valid authanticator.provide a valid authanticator.

In large networks, we authenticate each node with a In large networks, we authenticate each node with a tuple tuple of values. Although no tow nodes share the same of values. Although no tow nodes share the same tuple of tuple of values, an attacker could learn each of its values, an attacker could learn each of its values from values from different neighbors. different neighbors.

For ex. If a hash tree chain with 2^m values (the hash tree is For ex. If a hash tree chain with 2^m values (the hash tree is of height m+1) if each node has a uniqe id between 0 and of height m+1) if each node has a uniqe id between 0 and

2^m 2^m y y Than the tuple of values encodes Than the tuple of values encodes 2^m2^m X= (node id +H [sequence number] ) mod yX= (node id +H [sequence number] ) mod y So we change the encoding of the node id for each updateSo we change the encoding of the node id for each update

SEAD solutionsSEAD solutionsThe overhead to verify authentication values can be The overhead to verify authentication values can be

large if a node has missed several routing updates.large if a node has missed several routing updates.A Denail-Of-Service attack can still accure when an A Denail-Of-Service attack can still accure when an

attacker forces a victim node to verify a hash chain attacker forces a victim node to verify a hash chain as long as O(ks) were as long as O(ks) were kk is the maximum number of is the maximum number of hops and hops and s s is the maximum number of sequnce is the maximum number of sequnce numbers represented by the hash chain.numbers represented by the hash chain.

A node generates a random hash chain root h0,s for A node generates a random hash chain root h0,s for each sequence number s. Than by a function (ex. each sequence number s. Than by a function (ex. PRF) we use an authentic anchor of this hash PRF) we use an authentic anchor of this hash chain.chain.

Each node builds a hash tree, useing this hash chain Each node builds a hash tree, useing this hash chain anchors as leaves. When a node sends an update anchors as leaves. When a node sends an update with a new sequence number s , it includes the with a new sequence number s , it includes the root of the hash chain , the anchor, and the path to root of the hash chain , the anchor, and the path to the root of the hash tree to authenticate an the root of the hash tree to authenticate an update the node follows the path to the root. That update the node follows the path to the root. That requires O(log(s)) there for to verify an update we requires O(log(s)) there for to verify an update we need k+log(s) computing operationsneed k+log(s) computing operations

EvaluationEvaluation An attacker cannot create a valid advertisment An attacker cannot create a valid advertisment

with a larger (better) sequence number.with a larger (better) sequence number. An attacker that do not collude cannot advertise An attacker that do not collude cannot advertise

a route shorter than the one it heard. (in a small a route shorter than the one it heard. (in a small network)network)

Furthermore in a larger network when Furthermore in a larger network when ≠≠1, 1, and Ai and Ai is the combinations of nodes that do not include is the combinations of nodes that do not include the value of bi, needed by the attacker the the value of bi, needed by the attacker the attacker has : attacker has :

|UA|UAii| = | = iii1i1i2i2^ ^ ((+1) * +1) * iiThe probability can be quite high for ex. When The probability can be quite high for ex. When

m=6 and m=6 and an attacker has a 1.675*10^-an attacker has a 1.675*10^-33 probabilty of success. When 3 consequtive probabilty of success. When 3 consequtive advertiesments are required for the metric before advertiesments are required for the metric before a routing change is made, the attacker succeeds a routing change is made, the attacker succeeds once every 6.74 years.once every 6.74 years.

EvaluationEvaluation An attacker that has’nt compromised any An attacker that has’nt compromised any

node (do not posses any cryptographic keys node (do not posses any cryptographic keys from a node) cannot successfuly send any from a node) cannot successfuly send any routing messages, since an compromised routing messages, since an compromised neighbor node will reject the message.neighbor node will reject the message.

A reapeter can function as a one node A reapeter can function as a one node wormhole, this is not addressed by SEAD.wormhole, this is not addressed by SEAD.

A collection of attackers that have A collection of attackers that have compromised one or more nodescan only compromised one or more nodescan only redirect the path from the source to the redirect the path from the source to the destination if the source best known path is destination if the source best known path is as large as the path trough attackers.as large as the path trough attackers.

EvaluationEvaluation If each node uses SEAD (including attackers) If each node uses SEAD (including attackers)

keeps routing tables were the next hop for a keeps routing tables were the next hop for a given destination is set to the authenticated given destination is set to the authenticated source address of the first advertisment source address of the first advertisment received by that nade, than the next-hop received by that nade, than the next-hop pointersin all nodes’ routing tables will descrive pointersin all nodes’ routing tables will descrive a route back to the destination.a route back to the destination.

No routing loops are posible!!! Unless the loop No routing loops are posible!!! Unless the loop contains one or more attackers.contains one or more attackers.

If a collection of arrackers form a vertex cut If a collection of arrackers form a vertex cut between tow groups of nodes,the attacker can between tow groups of nodes,the attacker can arbitary control the networl the routes between arbitary control the networl the routes between any node in one group and a node in the next.any node in one group and a node in the next.

No routing protocol can eliminate that attack! No routing protocol can eliminate that attack!

EvaluationEvaluation

To evaluate the preformens of SEAD , whit out To evaluate the preformens of SEAD , whit out attackers. We will see a simulation comparing attackers. We will see a simulation comparing SEAD and DSDV-SQ the protocol on which its SEAD and DSDV-SQ the protocol on which its based. based.

in this simulation there are pairwise shared keys in this simulation there are pairwise shared keys authentichation.authentichation.

Nodes moves randomly. Each node initialy placed Nodes moves randomly. Each node initialy placed at a random location and pauses for a period of at a random location and pauses for a period of time. It than chooses a new random location time. It than chooses a new random location and moves rhere whit a random bounded and moves rhere whit a random bounded velocity. When he reaches the new location it velocity. When he reaches the new location it pauses, and again choose a random location.pauses, and again choose a random location.

EvaluationEvaluation The number of the nodes in this simulation is 50 The number of the nodes in this simulation is 50 The maximum velocity is 20 m/sThe maximum velocity is 20 m/s Nominal radio range is 250mNominal radio range is 250m Source destinayion pairs 20Source destinayion pairs 20 Periodic route update interval 15sPeriodic route update interval 15s Periodic updates missed before 3Periodic updates missed before 3 Hash length 80bitsHash length 80bits The results are based on 65 randomly generated The results are based on 65 randomly generated

runs at each pause timeruns at each pause timeYou need to knowYou need to know – DSDV-SQ uses a weighted – DSDV-SQ uses a weighted

settling time delay in sending triggered updates settling time delay in sending triggered updates

Pause time

(c)

Pause time

(d)

EvaluationEvaluationSimulation resultsSimulation results SEAD consistenly outperforms DSDV-SQ in SEAD consistenly outperforms DSDV-SQ in

terms of packet delivery ratio. By not using terms of packet delivery ratio. By not using weighted settling time delay in sending weighted settling time delay in sending triggered updates, the number of routing triggered updates, the number of routing advertisments increases, allowing nodes to advertisments increases, allowing nodes to have more up-to-date routing tables.have more up-to-date routing tables.

However SEAD also increases overhead, However SEAD also increases overhead, both due this increased number of routing both due this increased number of routing advertisments , and due to the increase in advertisments , and due to the increase in size of each advertisment.size of each advertisment.

The increased overhead in SEAD causes The increased overhead in SEAD causes some conjuction in the network, which some conjuction in the network, which shown in the latency results (fig. b).shown in the latency results (fig. b).

ConclusionsConclusionsMany previous routing protocols for ad-hoc networks Many previous routing protocols for ad-hoc networks

have been based on distance vector aproaches but have been based on distance vector aproaches but they have genrally assumed a trusted enviroment.they have genrally assumed a trusted enviroment.

Together with existing appoaches for securing the Together with existing appoaches for securing the physical layer and MAC layer ,the SEAD protocol physical layer and MAC layer ,the SEAD protocol provides a foundation for all secure operation of an provides a foundation for all secure operation of an ad hoc network.ad hoc network.

The SEAD protocol is based on the DSDV-SQ The SEAD protocol is based on the DSDV-SQ protocol.protocol.

For security, we use efficient ove-way hash functions For security, we use efficient ove-way hash functions and do not use asynetric cryptographic elements.and do not use asynetric cryptographic elements.

SEAD actually outpreforms DSDV-SQ in terms of SEAD actually outpreforms DSDV-SQ in terms of packet delivery ratio. Although it does create more packet delivery ratio. Although it does create more overhead in the network.overhead in the network.

The EndThe End

Documents

SEAD : Secure Efficient Distance Vector Routing for mobile wireless ad-hoc networks Prepared by :Irit Siso