Upload
bruce-fleming
View
212
Download
0
Embed Size (px)
Citation preview
SECURITY-AWARE AD-HOC ROUTING SECURITY-AWARE AD-HOC ROUTING FOR WIRELESS NETWORKSFOR WIRELESS NETWORKS
Seung Yi, Prasad Naldurg, Robin KravetsSeung Yi, Prasad Naldurg, Robin Kravets
Department of Computer ScienceDepartment of Computer ScienceUniversity of Illinois at Urbana-ChampaignUniversity of Illinois at Urbana-Champaign
August, 2001August, 2001
Presented by:Presented by:
Poonam MunshiPoonam Munshi
SECURITY-AWARE AD-HOC ROUTING (SAR)SECURITY-AWARE AD-HOC ROUTING (SAR)
Need for Secure Routing - MotivationNeed for Secure Routing - Motivation
SAR – Protocol and BehaviorSAR – Protocol and Behavior
Protocol MetricsProtocol Metrics
Protection in SARProtection in SAR
Implementation of SARImplementation of SAR
Performance Evaluation & ConclusionPerformance Evaluation & Conclusion
NEED FOR SECURE ROUTING - MOTIVATIONNEED FOR SECURE ROUTING - MOTIVATION
Problems in ad-hoc wireless networksProblems in ad-hoc wireless networks– Lack of fixed infrastructure supportLack of fixed infrastructure support– Frequent changes to network topologyFrequent changes to network topology– Poor protection to protocol packets at physical layerPoor protection to protocol packets at physical layer– Network layer routing protocols are “cooperative” by natureNetwork layer routing protocols are “cooperative” by nature
Based on implicit ‘trust-your-neighbor’ relationshipsBased on implicit ‘trust-your-neighbor’ relationshipsSusceptible to erroneous routing updates, replay attacks etc.Susceptible to erroneous routing updates, replay attacks etc.
SAR - ApproachSAR - Approach– Use different security attributes to improve the quality of the Use different security attributes to improve the quality of the
security of an ad-hoc routesecurity of an ad-hoc route– Incorporate security levels of nodes into traditional routing Incorporate security levels of nodes into traditional routing
metricsmetrics– Goal :Goal :
Quantify the notion of trust Quantify the notion of trust Represent trust relationships explicitly by defining a suitable Represent trust relationships explicitly by defining a suitable hierarchy of trust valueshierarchy of trust valuesIntegrate the trust value of a node and the security attributes of a Integrate the trust value of a node and the security attributes of a route to provide an “integrated security metric” route to provide an “integrated security metric”
NEED FOR SECURE ROUTING - MOTIVATIONNEED FOR SECURE ROUTING - MOTIVATION
ChallengesChallenges– Ensuring data is routed through a secure route composed of Ensuring data is routed through a secure route composed of
trusted nodestrusted nodes– Security of the information in the routing protocol messagesSecurity of the information in the routing protocol messages
Example Scenario – Battlefield communicationExample Scenario – Battlefield communication
Transmission range
Shortest route
Secure route
Private
Officer
General
SAR – PROTOCOL OVERVIEWSAR – PROTOCOL OVERVIEW
Similar to policy-based routing protocols for QoSSimilar to policy-based routing protocols for QoS
Protocol:Protocol:– Basic protocol : On-demand protocol AODVBasic protocol : On-demand protocol AODV– Embed security metric into the RREQ packet itself and change Embed security metric into the RREQ packet itself and change
the forwarding behavior of the protocol w.r.t. RREQsthe forwarding behavior of the protocol w.r.t. RREQs
– Source node :Source node :Specify desired level of security in the RREQSpecify desired level of security in the RREQ
Broadcast the packet Broadcast the packet
– Intermediate node :Intermediate node :Process/forward the packet only if it can provide the required Process/forward the packet only if it can provide the required security or has the required authorization or trust level ;security or has the required authorization or trust level ;
Otherwise drop the RREQOtherwise drop the RREQ
– If an end-to-end path with the required security found, the If an end-to-end path with the required security found, the intermediate node or eventual destination sends a suitably intermediate node or eventual destination sends a suitably modified RREPmodified RREP
SAR – BEHAVIOR OVERVIEWSAR – BEHAVIOR OVERVIEW
Route discovered by SAR may not be the shortest route in Route discovered by SAR may not be the shortest route in terms of hop-countterms of hop-count
SAR finds a route with a ‘quantifiable guarantee of security’ SAR finds a route with a ‘quantifiable guarantee of security’
If one or more routes satisfying the required security If one or more routes satisfying the required security attributes exists, SAR finds the shortest such routeattributes exists, SAR finds the shortest such route
Optimal route:: All nodes on the shortest path (in terms of All nodes on the shortest path (in terms of hop-count) satisfy the security requirementshop-count) satisfy the security requirements
Drawback:– If no path with nodes that meet the RREQ’s security If no path with nodes that meet the RREQ’s security
requirements exists, SAR fails to find a route even requirements exists, SAR fails to find a route even though the network may be connectedthough the network may be connected
SAR – PROTOCOL METRICSSAR – PROTOCOL METRICS
Explicit representation of trust levels using a simple hierarchy that reflects organizational privileges
Trust hierarchy– Associate a number with each privilege levelAssociate a number with each privilege level
Numbers reflect security/importance/capabilities of mobile Numbers reflect security/importance/capabilities of mobile nodes and also of the pathsnodes and also of the paths
– QoP (Quality of Protection) bit vectorQoP (Quality of Protection) bit vector
Trust level or protection should be immutableTrust level or protection should be immutable– Keys can be distributed a priori, or a key agreement can
be reached by some form of authentication– Encrypt the portion of the RREQ and RREP headers that
contain the trust level.
SAR – PROTOCOL METRICSSAR – PROTOCOL METRICS
Secure Ad Hoc Routing – Properties and Techniques used to guarantee these properties
PropertyProperty TechniqueTechnique
TimelinessTimeliness TimestampTimestamp
Ordering Sequence Number
AuthenticityAuthenticity Password, CertificatePassword, Certificate
AuthorizationAuthorization CredentialCredential
IntegrityIntegrity Digest, Digital SignatureDigest, Digital Signature
ConfidentialityConfidentiality EncryptionEncryption
Non-repudiationNon-repudiation Chaining of Digital SignaturesChaining of Digital Signatures
PROTECTION IN SAR PROTOCOLPROTECTION IN SAR PROTOCOL
Trust HierarchyTrust Hierarchy– Protocol Protocol User Trust Level User Trust Level User IdentityUser Identity– Nodes and users can be forced to respect trust hierarchy Nodes and users can be forced to respect trust hierarchy
using cryptographic techniques, e.g., encryption, public using cryptographic techniques, e.g., encryption, public key certificates, shared secretskey certificates, shared secrets
– Outsider attacks Threshold cryptography, key sharing, etc. can be usedThreshold cryptography, key sharing, etc. can be usedSAR uses simple shared secret to generate a symmetric encryption/decryption key per trust level.
– Insider AttacksCompromised users within a protection domain or trust levelSecure transient associations, tamper proofing etc. can be used
AAA
PROTECTION IN SAR PROTOCOLPROTECTION IN SAR PROTOCOL
Threats to Information in Transit– Interruption
– Interception and Subversion– Modification– Fabrication
Replay Attacks:– SAR uses sequence numbers and timestamps
Passive Attacks:– Examples: covert channels, traffic analysis, sniffing to
compromise keys– Using a suitable MAC layer encryption protocol for protection
against sniffing/eavesdropping
SAR - IMPLEMENTATIONSAR - IMPLEMENTATION
SAODV ( Security-aware AODV):– on-demand route discovery using flooding, reverse path maintenance in
intermediate nodes, and forward path setup via RREP messages
– RREQ (Route REQuest) packet:RQ_SEC_REQUIREMENT : the security requirement
– Set by the sender; does not change during route discovery phase – Simple integer values or bit vector
RQ_SEC_GUARANTEE : the security guarantee– Indicates the maximum level of security afforded by all nodes on the
discovered path– Updated at every hop during the route discovery phase
If the application requested integrity support, a new field to store the computed digital signatures added to the RREQ
– RREP (Route REPly) packet :RQ_SEC_GUARANTEE : the security guarantee
– Copied from RREQ and sent back to sender to indicate security level over whole path
SAR - IMPLEMENTATIONSAR - IMPLEMENTATION
SAODV Route Discovery– Source node :
Set the RQ_SEC_REQUIREMENT field in the RREQ packetBroadcast the packet just as in AODV
– When an intermediate node receives an RREQFirst check if the node can satisfy the security requirement indicated in the packetIf yes, update the RQ_SEC_GUARANTEE field; forward to its neighborsIf no, drop the RREQ packet
– When RREQ arrives at the destinationIndicates the presence of a path from the sender to the receiver that satisfiesthe security requirement specified by the senderCopy RQ_SEC_GUARANTEE from RREQ into RREPSend the RREP back to sender as in AODV
SAR - IMPLEMENTATIONSAR - IMPLEMENTATION
– When an intermediate node receives an RREPThe RREP packet arrives at an intermediate node in the reverse pathUpdate its routing tableRecord the new RQ_SEC_GUARANTEE value
– This value indicates the maximum security available on the cached forward path.
– When a trusted intermediate node answers a RREQ query using cached information
Compare RQ_SEC_GUARANTEE of the cached route to the security requirement in the RREQ packetSent back RREP containing cached path information only if the forward path can guarantee enough security
EXAMPLE SCENARIO - REVISITEDEXAMPLE SCENARIO - REVISITED
Example Scenario – Battlefield communicationExample Scenario – Battlefield communication– Embed the rank of the node as a metric in route negotiation
(establish routes that avoid all privates)– If no route found, the generals may decide to set up a route that
can support 128-bit encryption
Transmission range
Shortest route through private
Secure route through officers only
Private
Officer
General
PERFORMANCE EVALUATION & CONCLUSIONPERFORMANCE EVALUATION & CONCLUSION
SAR enables the discovery of secure routes in a mobile ad hoc environment. Though not optimal, routes discovered by SAR come with “quality of protection" guarantees. The processing overheads in SAR are offset by restricting the scope of the flooding for more relevant routes, providing comparable price/performance benefits.Its integrated security metrics allow applications to explicitly capture and enforce explicit cooperative trust relationships.SAR also provides customizable security (e.g., encryption for confidentiality etc.) to the flow of routing protocol messages themselvesThe techniques enabled by SAR can be easily incorporated into genericad hoc routing protocols