How To Write A Transport Layer Protocol For Wireless Networks

Transcription

1 Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks Introduction Issues Design Goals Classifications TCP Over Ad Hoc Wireless Networks Other Transport Layer Protocols Security in Ad Hoc Wireless Networks Network Security Requirements Issues and challenges in security Network security attacks Key Management Secure Routing 1

2 Introduction The objectives of a transport layer protocol include setting up of: End-to-end connection End-to-end delivery of data packets Flow control Congestion control Transport layer protocols User datagram protocol (UDP): unreliable and connection-less transport layer protocols Transmission control protocol (TCP): reliable, byte-stream-based, and connection-oriented transport layer protocols These traditional wired transport layer protocols are not suitable for ad hoc wireless networks. 2

3 Issues Issues while designing a transport layer protocol for ad hoc wireless networks: Induced traffic refers to the traffic at any given link due to the relay traffic through neighboring links. Induced throughput unfairness refers to the throughput unfairness at the transport layer due to the throughput/delay unfairness existing at the lower layers such as the network and MAC layers. Separation of congestion control, reliability, and flow control could improve the performance of the transport layer. Power and bandwidth constraints affects the performance of a transport layer protocol. Misinterpretation of congestion occurs in ad hoc wireless networks. Completely decoupled transport layer needs to adapt to the changing network environment. Dynamic topology affects the performance of a transport layer. 3

4 Design Goal The protocol should maximize the throughput per connection. It should provide throughout fairness across contending flows. It should minimize connection setup and connection maintenance overheads. The protocol should have mechanisms for congestion control and flow control in the network. It should be able to provide both reliable and unreliable connections. The protocol should be able to adapt to the dynamics of the network. One of the important resources must be used efficiently. The protocol should be aware of resource constraints. The protocol should make use of information from the lower layer. It should have a well-defined cross-layer interaction framework. The protocol should maintain end-to-end semantics. 4

5 Classification of Transport Layer Solutions Transport Layer Solutions for Ad Hoc Wireless Networks TCP over ad hoc wireless networks Other transport layer approach Split Approach End-to-end approach ACTP ATP Split-TCP TCP-ELFN TCP-F TCP-Bus ATCP 5

6 TCP over Ad Hoc Wireless Networks TCP taking 90% of the traffic is predominant in the Internet. This chapter focuses on TCP extension in ad hoc wireless networks. Transport protocol should be independent of the network layer technology, e.g., no matter fiber or radio is used But TCP is optimized for wired network Congestion control TCP assumes timeout is due to congestion Wireless links are not reliable, packet loss may be as high as 20% In wired network, packet loss is due to congestion slow down In wireless network, due to wireless links try harder 6

7 Why does TCP not perform well in Ad Hoc Wireless Networks Misinterpretation of packet loss Frequent path breaks Effect of path length Misinterpretation of congestion window Asymmetric link behavior Uni-directional path: TCP ACK requires RTS-CTS-Data-ACK exchange Multipath routing Network partitioning and remerging The use of sliding-window-based transmission 7

8 TCP Over Ad Hoc Wireless Network Feedback-based TCP (TCP Feedback TCP-F) Requires the support of a reliable link layer and a routing protocol that can provide feedback to the TCP sender about the path breaks. The routing protocol is expected to repair the broken path within a reasonable time period. Advantages: Simple, permits the TCP congestion control mechanism to respond to congestion Disadvantages: If a route to the sender is not available at the failure point (FP), then additional control packets may need to be generated for routing the route failure notification (RFN) packet. Requires modification to the existing TCP. The congestion window after a new route is obtained may not reflect the achievable transmission rate acceptable to the network and the TCP-F receiver. 8

9 TCP Over Ad Hoc Wireless Network TCP with explicit link failure notification (TCP-ELFN) Handle explicit link failure notification Use TCP probe packets for detecting the route reestablishment. The ELFN is originated by the node detecting a path break upon detection of a link failure to the TCP sender. Advantages: improves the TCP performance by decoupling the path break information from the congestion information by the use of ELFN. Less dependent on the routing protocol and requires only link failure notification Disadvantages When the network is partitioned, the path failure may last longer The congestion window after a new route is obtained may not reflect the achievable transmission rate acceptable to the network and TCP receiver. 9

10 TCP Over Ad Hoc Wireless Network TCP with buffering capability and sequence information (TCP- BuS) Use feedback information from an intermediate node on detection of a path break. Use localized query (LQ) and REPLY to find a partial path Upon detection of a path break, an upstream intermediate node originates an explicit route disconnection notification (ERDN) message. Advantages Performance improvement and avoidance of fast retransmission Use on-demand routing protocol Disadvantages Increased dependency on the routing protocol and the buffering at the intermediate nodes The failure of intermediate nodes may lead to loss of packets. The dependency of TCP-BuS on the routing protocol many degrade its performance. 10

11 TCP Over Ad Hoc Wireless Network Ad Hoc TCP (ATCP) uses a network layer feedback mechanism to make the TCP sender aware of the status of the network path Based on the feedback information received from the intermediate nodes, the TCP sender changes its state to the persist state, congestion control state, or the retransmit state. When an intermediate node finds that the network is partitioned, then the TCP sender state is changed to the persist state. The ATCP layer makes use of the explicit congestion notification (ECN) for maintenance for the states. Advantages Maintain the end-to-end semantics of TCP Compatible with traditional TCP Provides a feasible and efficient solution to improve throughput of TCP Disadvantages The dependency on the network layer protocol to detect the route changes and partitions The addition of a thin ATCP layer to the TCP/IP protocol changes the interface functions currently being used. 11

12 TCP Over Ad Hoc Wireless Network Split-TCP provides a unique solution to the channel fairness problem by splitting the transport layer objectives into congestion control and end-to-end reliability. Splits a long TCP connection into a set of short concatenated TCP connections with a number of selected intermediate nodes as terminating points of these short connections. Advantages Improved throughput Improved throughput fairness Lessened impact of mobility Disadvantages It requires modifications to TCP protocol. The end-to-end connection handling of traditional TCP is violated. The failure of proxy nodes can lead to throughput degradation. 12

13 Other Transport Layer Protocols Application controlled transport protocol (ACTP) A light-weight transport layer protocol and not an extension to TCP. ACTP assigns the responsibility of ensuring reliability to the application layer. ACTP stands in between TCP and UDP where TCP experiences low performance with high reliability and UDP provides better performance with high packet loss in ad hoc wireless networks. Advantages Provides the freedom of choosing the required reliability level to the application layer. Scalable for large networks There is no congestion window Disadvantages It is not compatible with TCP. Could lead to heavy congestion 13

14 Other Transport Layer Protocols Ad hoc transport protocol (ATP) specifically designed for ad hoc wireless networks and is not a variant of TCP and differ from TCP in the following ways: Coordination among multiple layers Rate based transmissions Decoupling congestion control and reliability Assisted congestion control ATP uses information from lower layers for Estimation of the initial transmission rate Detection, avoidance, and control of congestion Detection of path breaks Advantages: improved performance, decoupling of the congestion control and reliability mechanisms, and avoidance of congestion window fluctuations Disadvantages The lack of interoperability with TCP Fine-grained per-flow timer may cause the scalable problem 14

15 Security in Ad Hoc Wireless Networks A security protocol should meet following requirements Data confidentiality/secrecy is concerned with ensuring that data is not exposed to unauthorized users. Data integrity means that unauthorized users should not be able to modify any data without the owner's permission. System availability means that nobody can disturb the system to have it unusable. Authentication is concerned with verifying the identity of a user. Non-repudiation means that the sender cannot deny having sent a message and the recipient cannot deny have received the message. 15

16 Security in Ad Hoc Wireless Networks Issues and challenges in security provisioning Shared broadcast radio channel: The radio channel in ad hoc wireless networks is broadcast and is shared by all nodes in the network. Insecure operational environment: The operating environments where ad hoc wireless networks are used may not always be secure. For example, battlefields. Lack of central authority: There is no central monitor in ad hoc wireless networks. Lack of association: A node can join and leave the network at any point. Limited resource availability: Resources such as bandwidth, battery power, and computational power are scarce. Physical vulnerability: Nodes in these networks are usually compact and hand-held in nature. 16

17 Need for Security Some people who cause security problems and why. 17

18 Security Threats Four types of security threats: Interception refers to the situation that an unauthorized party has gained access to a service or data. Interruption refers to the situation in which services or data become unavailable, unusable, or destroyed. Modifications involve unauthorized changing of data or tampering with a service. Fabrication refers to the situation in which additional data or activity are generated that would normally not exist. 18

19 Network Security Attacks Network Layer Attacks Wormhole attack: an attacker receives packets at one location in the network and tunnels them to another location in the network. Blackhole attack: A malicious node could divert the packets. Byzantine attack: A compromised intermediate node could create routing loops. Information disclosure: A compromised node may leak confidential infomraiton to unauthorized nodes in the network. Resource consumption attack: A malicious node tries to consume/waste away resources of other nodes present in the network. Routing attacks Routing table overflow: An adversary node advertises routes to nonexistent nodes. Routing table poisoning: The compromised nodes send fictitious routing updates. Packet replication: An adversary node replicates stale packets. Route cache poisoning: Each node maintains a route cache that can be poisoned by a adversary node. Rushing attack: On-demand routing protocols that use duplicate suppression during the route discovery process are vulnerable to this attack. 19

20 Network Security Attacks Transport Layer Attacks Session hijacking: An adversary takes control over a session between two nodes. Application Layer Attacks Repudiation: Repudiation refers to the denial or attempted denial by a node involved in a communication. Other Attacks Multi-layer attacks could occur in any layer of the network protocol stack. Denial of service: An adversary attempts to prevent authorized users from accessing the service. Jamming: Transmitting signals on the frequency of senders and receivers to hinder the communication. SYN flooding: An adversary send a large number of SYN packets to a victim node. Distributed DoS attack: Several adversaries attack a service at the same time. Impersonation: An adversary pretends to be other node. Device tampering: Mobile devices get damaged or stolen easily. 20

21 Network Security Attacks Security Attacks Passive Attacks Active Attacks Snooping MAC Layer Attacks Network Layer Attacks Transport Layer Attacks Application Layer Attacks Other attacks Jamming Wormhole attack Blackhole attack Byzantine attack Routing attacks Session hijacking Information disclosure Resource consumption attack Repudiation DoS Impersonation Manipulation of network traffic Device tampering 21

22 Key Management Cryptography is one of the most common and reliable means to ensure security. The purpose of cryptography is to take a message or a file, called the plaintext (P), and encrypt it into the ciphertext (C) in such a way that only authorized people know how to convert it back to the plaintext. The secrecy depends on parameters to the algorithms called keys. The four main goals of cryptography are confidentiality, integrity, authentication, and non-repudiation. Usually, the encryption method E is made public, but let the encryption as a whole be parameterized by means of a key k (same for decryption). Three types of intruders: Passive intruder only listens to messages. Active intruder can alter messages. Active intruder can insert messages. 22