Analysis of the implicit trust within the OLSR protocol

Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion

Analysis of the implicit trust within OLSR

Asmaa Adnane 1, Rafael de Sousa 2, Christophe Bidan 1 andLudovic Me1

1Supelec, SSIR team (EA 4039) ,2University of Brasılia - LabRedes, supported by CNPq - Brazil

31 july 2007

A. Adnane, R. de Sousa, C. Bidan, L. Me



Plan

1 Introduction

2 Implicit trust within OLSR

3 Applying trust to mitigate OLSR vulnerabilities

4 Conclusions/future works

5 Bibliography




Notion of trust

The fact that an entity A trusts an entity B in some respectmeans that

A believes that B will behave in a certain way and performsome action in certain specific circumstancesA actually believes that B has the potential to carry out therelated tasks competently and honestly

Different types/classes of trust depending onaction/circumstance

Direct and derived (by means of recommendations) trustrelationships




Trust specification langage [3]

A trusts B with respect to (doing) the action cc

A trustscc(B)

A trusts the recommendations of entity B about the capacityof other entities to perform action cc

A trusts.reccc (B)when.path[S ]when.target[R ]




Characteristics of the OLSR protocol (1/2)

Flooding routing OLSR routingA. Adnane, R. de Sousa, C. Bidan, L. Me



Characteristics of the OLSR protocol (2/2)

Proactive link-state routing protocol, with a floodingmechanism to diffuse link state information

Multi-point relays (MPRs) are selected nodes that forwardmessages during the flooding process

HELLO messages

Sent periodically by a node to advertise its linksAllow a node to establish its view of the 2-hop neighborhood,then MPR selection

TC messages

Convey the topological information necessary for computingroutesPeriodically broadcast by MPRs advertising link state tosymmetric neighbors




Mental state of each OLSR node

MANET : the set of the whole MANET nodes

LSx : Link Set

NSx : Neighbor Set

2HNSx : 2-Hop Neighbor Set

MPRSx : MPR Set (MPRx ⊆ NSx)

MPRSSx : MPR Selection Set

TSx : Topology Set

RTx : Routing Table




Implicit trust construction within OLSR

Analysis steps

Discovering the neighborhood

MPR selection

MPR Signaling

Computing the routing table





Discovering the neighborhood (1/3)

BA

1: HELLO, LSB = ∅LSA = {Basym}

A¬trusts(B)






BA


A¬trusts(B)

2: HELLO, LSA = Basym B trusts(A)LSB = {Asym}






BA


A¬trusts(B)

2: HELLO, LSA = Basym B trusts(A)LSB = {Asym}

3: HELLO, LSB = {Asym}A trusts(B)LSA = {Bsym}




MPR Selection

MPR Selection (1/4)

The only criterion for MPR selection by a node X is thenumber of symmetrical neighbors of a candidate node Y

The MPR selection imply that X trusts only its neighborsselected as MPR for routing :

b

b

b

bb

b

A

C

B

X

X trustsfw(A)

X trustsfw(C)




MPR Selection

MPR Selection (2/4)

The nodes in MPRSX are required to recommend to X theroutes to the distant nodes

AC B

X

b b b b b bNSA

X trustsfw (A)

A trustsfw(MPRSA)

Z

... trustsfw(MPRS...

)




MPR Selection

MPR Selection (3/4)

AC B

X

b b b b b bNSA

X trustsfw (A)

A trustsfw(MPRSA)

Z

... trustsfw(MPRS...

)

⇒ ∀ Z ∈ MANET : X trusts.recfw(A)

when.path[MPRSA]when.target[Z]




MPR Selection

MPR Selection (4/4)

AC B

X

b b b b b bNSA

X trustsfw (A)

Z

⇒ ∀ Z ∈ MANET : X trusts.recfw(A)

when.path[MPRSA]when.target[Z]

X trusts.recfw(A)

when.path[routeA→Z]

when.target[Z]

routeY1→Yn= Y1, ...,Yn

with Yi+1 ∈ MPRSYi

⇓




MPR Signaling

MPR Signaling

Node A trusts X for advertising (delegation trust) that A isa MPRNode A allows the nodes of its MPRSS to use its resourcesfor routing (access trust)

AX

MPRSX = {A,C}LSX =

{Ampr, Bsym, Cmpr}HELLO, LSX

MPRSSA = {X}

A trustsat(X)

A trustsdt(X)





Computing the routing table (1/3)

Each node X selects the shortest path to reach any othernode Z passing through a selected MPR Y

This calculation will allow X to trust Y for the routingtowards Z

T = (Z ,Y ,N, I ) is a tuple of RTX

∀T ∈ RTX ⇒ X trustsfw−Z (Y )

Actually, there is a chain of this indirect trust relation betweenX and any relay forwarding the packets to Z , this sequenceexpresses the transivity of MPR recommendations in OLSR :






AC B

X

b b b b b bNSA

A trustsdt∪at(X )

... trustsdt∪at(A)

Z trustsdt∪at(...)

Z






AC B

X

b b b b b bNSA

Z

X trustsfw(A)

A trustsfw(MPRSA)

... trustsfw (MPRS...

)

X trusts.rec∗

fw−Z (Z) when.target[Z] when.path[Z]





Implicit trust within OLSR

The routing table is calculated so that there is only one routetowards each destination, and each selected route is theshortest among the routes starting from MPR nodes

After computing the distances to destinations, the node willplace more trust in those nodes which offer the shortest pathstowards the destinations (1)

The inherent risk in the choice of only one route towards anydestination is to choose, as router, a corrupted or misbehavingnode




Case of attack by fabrication of HELLO message

Fabrication of HELLO message




Consequences of the attack


A Batt

HELLO, LSatt = {A, B,C, X} HELLO, LSB = {A, att, C}

MPRSA = {att}





Detection of the attack

A Batt

HELLO, LSatt = {A, B,C, X} HELLO, LSB = {A, att, C}

MPRSA = {att}

TCatt, MPRSSatt = {A, B, C , X} TCB, MPRSSB = {C}

C trustsfw−A(B) and C trustsfw−A(att)

and [NSB − {att}] ⊂ [NSatt − {B}]

⇓Contradiction indicates intrusion




Conclusions and future works

Conclusions

OLSR generates information about trust between nodes

nodes firstly cooperate and gather trust related information,without any validationnodes implicitly deduce information about the other nodes inwhich they have to trust

Trust can be an additional criterion for MPR selection androuting table calculation

Mistrust-based control can be set up to detect suspectbehavior




Future works

Future works

Integrating trust reasonings into OLSR nodes and simulation

Evaluation of possible trust metrics for OLSR

Extension of OLSR using trust rules for MPR selection androuting table calculation

Distributed trust management module for OLSR




Bibliography

Clausen T, Jacquet P (2003) IETF RFC-3626: Optimized LinkState Routing Protocol OLSR.

Marsh S (1994) Formalising Trust as a ComputationalConcept, PhD Thesis, University of Stirling.

Yahalom R, Klein B, Beth T (1993) Trust Relationships inSecure Systems - A Distributed Authentication Perspective. In:SP’93: Proceedings of the 1993 IEEE Symposium on Securityand Privacy. IEEE Computer Society, Washington, USA.





Questions and remarks ?



Technology

Analysis of the implicit trust within the OLSR protocol