Ariadne A Secure On-Demand Routing Protocol for Ad-Hoc Networks



Similar documents
Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks

Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks

Security in Ad Hoc Network

Tema 5.- Seguridad. Problemas Soluciones

Ad hoc networks security. 1. Introduction

Routing Protocols Security in Ah Hoc Networks

LIST OF FIGURES. Figure No. Caption Page No.

In a multihop wireless ad hoc network, mobile nodes

Security for Ad Hoc Networks. Hang Zhao

Optimization of AODV routing protocol in mobile ad-hoc network by introducing features of the protocol LBAR

Secure Unicast Position-based Routing Protocols for Ad-Hoc Networks

Secure Routing for Mobile Ad hoc Networks

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

SPINS: Security Protocols for Sensor Networks

A Review of Secure Ad-hoc Routing

A Comparison Study of Qos Using Different Routing Algorithms In Mobile Ad Hoc Networks

Lecture 2.1 : The Distributed Bellman-Ford Algorithm. Lecture 2.2 : The Destination Sequenced Distance Vector (DSDV) protocol

Robust Routing in Wireless Ad Hoc Networks

II RELATED PROTOCOLS. Dynamic Source Routing (DSR)

COMPARATIVE ANALYSIS OF ON -DEMAND MOBILE AD-HOC NETWORK

EFS: Enhanced FACES Protocol for Secure Routing In MANET


Securing Quality-of-Service Route Discovery in On-Demand Routing for Ad Hoc Networks

Attacks on neighbor discovery

Kaur et al., International Journal of Advanced Engineering Technology E-ISSN

An Implementation of Secure Wireless Network for Avoiding Black hole Attack

International Journal of Advanced Research in Computer Science and Software Engineering

An Efficient Secure Route Discovery Protocol for DSR

DESIGN AND DEVELOPMENT OF LOAD SHARING MULTIPATH ROUTING PROTCOL FOR MOBILE AD HOC NETWORKS

Behavior Analysis of TCP Traffic in Mobile Ad Hoc Network using Reactive Routing Protocols

Evaluating the performance of secure routing protocols in Mobile Ad-hoc Networks

SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks

A Test-Bed for Mobile Ad-hoc Networks

Vulnerabilities of Intrusion Detection Systems in Mobile Ad-hoc Networks - The routing problem

Routing Security in Ad Hoc Wireless Networks 1

SIMULATION STUDY OF BLACKHOLE ATTACK IN THE MOBILE AD HOC NETWORKS

A Workload-Based Adaptive Load-Balancing Technique for Mobile Ad Hoc Networks

An Efficient QoS Routing Protocol for Mobile Ad-Hoc Networks *

Load-balancing Approach for AOMDV in Ad-hoc Networks R. Vinod Kumar, Dr.R.S.D.Wahida Banu

NetworkPathDiscoveryMechanismforFailuresinMobileAdhocNetworks

About the Authors Preface Acknowledgements List of Acronyms

Performance Analysis of Load Balancing in MANET using On-demand Multipath Routing Protocol

Securing Ad Hoc Wireless Networks Against Data Injection Attacks Using Firewalls

Fast and Secure Data Transmission by Using Hybrid Protocols in Mobile Ad Hoc Network

Chapter 5. Simple Ad hoc Key Management. 5.1 Introduction

Ad hoc On Demand Distance Vector (AODV) Routing Protocol

Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)

Securing Ad hoc Routing Protocols

Taxonomy of Routing Security for Ad-Hoc Network

A Novel Technique to Isolate and Detect Jamming Attack in MANET

Self-Organized Network-Layer Security in Mobile Ad Hoc Networks

A Survey of MANET Intrusion Detection & Prevention Approaches for Network Layer Attacks

Security and Scalability of MANET Routing Protocols in Homogeneous & Heterogeneous Networks

CHAPTER 6 SECURE PACKET TRANSMISSION IN WIRELESS SENSOR NETWORKS USING DYNAMIC ROUTING TECHNIQUES

Performance Evaluation of Aodv and Dsr Routing Protocols for Vbr Traffic for 150 Nodes in Manets

Secure Routing in Wireless Sensor Networks

Security protocols for ad-hoc wireless networks Raghava Karanam, Gautam Sreeram Pendum, Narendra Nath Vattikuti

A REVIEW PAPER ON AD HOC NETWORK SECURITY

Review of Prevention techniques for Denial of Service Attacks in Wireless Sensor Network

MOBILE AD HOC NETWORKS SECURITY

Dynamic Source Routing in Ad Hoc Wireless Networks

Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System

A Review Paper on Preventing DDOS Attack and Black Hole Attack with MANETs Protocols

Study of Network Characteristics Incorporating Different Routing Protocols

Security Threats in Mobile Ad Hoc Networks

Secure Routing in Wireless Mesh Networks

Security issues, challenges & solution in MANET

Security Scheme for Distributed DoS in Mobile Ad Hoc Networks

Modified AODV protocol for prevention of Denial of service attacks in wireless Ad hoc networks

Formal Measure of the Effect of MANET size over the Performance of Various Routing Protocols

A Dynamic Reputation Management System for Mobile Ad Hoc Networks

THE FLORIDA STATE UNIVERSITY COLLEGE OF ARTS AND SCIENCES FORMAL SECURITY EVALUATION OF AD HOC ROUTING PROTOCOLS TODD R. ANDEL

SECURITY ISSUES AND LINK EXPIRATION IN SECURE ROUTING PROTOCOLS IN MANET: A REVIEW

Securing Ad hoc Routing Protocols

Load-Balanced Routing through Virtual Paths: Highly Adaptive and Efficient Routing Scheme for Ad Hoc Wireless Networks

Load Balancing and Resource Reservation in Mobile Ad-Hoc Networks 1

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

III. Our Proposal ASOP ROUTING ALGORITHM. A.Position Management

Adaptive Multiple Metrics Routing Protocols for Heterogeneous Multi-Hop Wireless Networks

CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS

UNIT 8:- Mobile Ad-Hoc Networks, Wireless Sensor Networks

To Study the Various Attacks and Protocols in MANET

Energy Efficiency of Load Balancing in MANET Routing Protocols

Secured Data Transmissions In Manet Using Neighbor Position Verfication Protocol

Report on a Working Session on Security in Wireless Ad Hoc Networks

Internet Connectivity for Ad hoc Mobile Networks

Performance Comparison of AODV, DSDV, DSR and TORA Routing Protocols in MANETs

Comparing the Performance of the Ad Hoc Network under Attacks on Different Routing Protocol

Simulation of Internet Connectivity for Mobile Ad Hoc Networks in Network Simulator-2

SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET

ADAPTIVE LINK TIMEOUT WITH ENERGY AWARE MECHANISM FOR ON-DEMAND ROUTING IN MANETS

Fair, Efficient, and Secure Cooperation Incentive Mechanism for Multihop Cellular Networks

`PERFORMANCE COMPARISON OF ENERGY EFFICIENT AODV PROTOCOLS

Hardware/Software Solution to Improve Security in Mobile Ad-hoc Networks

A Performance Comparison of Routing Protocols for Large-Scale Wireless Mobile Ad Hoc Networks

Securing Mobile Ad hoc Networks: Key Management and Routing

How To Write A Transport Layer Protocol For Wireless Networks

Wireless Network Security Spring 2014

Transcription:

Ariadne A Secure On-Demand Routing Protocol for Ad-Hoc Networks Authors: Yih-Chun Hu, Adrian Perrig, David B Johnson Presenter: Sameer Korrapati Date: 4/21/2003 Overview of presentation Introduction : Ad-hoc routing security issues & attacks, basic DSR mechanism Related work Contributions in this paper Ariadne details: Route-discovery, route-maintenance, node misbehavior, malicious floods An optimization for Ariadne Ariadne Evaluation & Security Analysis (if time permits) Conclusions & future work *Knowledge of TESLA assumed, not explained 1

Introduction Security in routing (not just data traffic) is a major concern as it can potentially bring down the whole network (attacks later) On demand routing is more suitable for ad-hoc networks as against periodic-updates based routing protocols (being reactive as opposed to proactive) Ariadne proposes a new on-demand, secure routing protocol for ad-hoc networks Introduction-contd. Based on Dynamic Source Routing protocol (DSR) Authentication scheme has been explained with TESLA, and symmetric cryptography has been used in all messages 2

Attacks on routing in ad-hoc networks Active and Passive Selfishness and Maliciousness Some active attacks: black hole, resource consumption, worm hole, and many more. Attacker Model: Active-n-m Ë n is the number of nodes attacker has compromised, m is the number of attacker s own nodes Ariadne provides resilience against Active-1-x and Active-y-x attacks Overview of DSR Route Discovery Phase: Initiator broadcasts RREQ, if route not in cache, requesting for target. Each intermediate node appends its id and rebroadcasts. target sends RREP, including the list. Source routing Route Maintenance Phase: Needed as routes can break over time. Node detecting this will send a ROUTE_ERROR to remove that route from cache. 3

Related Work Prevention based schemes: SAODV (digital sign), ARAN (certificate-based, with a TTP) SEAD(one-way hash chains), Packet Leashes (deals worm-hole attacks), etc Detection and reaction based: Watchdog-and-Pathrater, CONFIDANT (detects misbehaving nodes) etc Contributions in this paper Proposed a complete secure routing protocol, based on on-demand philosophy. The security scheme made efficient using symmetric key MACs and hash chains Performance evaluation and security analysis presented. Explained some attacks on ad-hoc network routing. 4

Assumptions Key setup is crucial, whichever scheme is used, of the three. For TESLA, shared pair-wise secret keys between source and destination, (why?) and one public key needed (why?), apart from TESLA keys. Nodes strong enough to do needed computations and should have loose clock synchronization Each node can estimate end-to-end transmission time to all other nodes in the network (for TESLA) Assumptions contd. Only network layer security addressed. (Not MAC or physical layer, which are important in wireless ad hoc environments) Broadcast transmission medium is reliable 5

Ariadne Details Ariadne Route Discovery Ariadne Route Maintenance Thwarting routing misbehavior Thwarting malicious RREQ floods An optimization for Ariadne with TESLA Performance Evaluation Security Analysis Notations Notations A, B : principals K AB, K BA : secret MAC keys between A and B MAC (M) : MAC of message M using MAC key K AB 6

Route Discovery 3 ways to authenticate: Digital signs, symmetric key MACs, TESLA. Use of TESLA has been explained, because of its efficiency. Goals: Target can authenticate initiator Initiator can authenticate each entry of the path No intermediate node can remove a previous node s entry in the node list (per-hop hashing) Route Discovery Authentication Authentication of RREQ by target: Initiator includes a MAC computed by shared-key K SD with target Mechanisms for authenticating data in RREQs and RREPs: The appended node-lists have to be authenticated; Uses TESLA for efficiency. Intermediate nodes append their MACs computed with TESLA keys Per-hop hashing technique: To avoid a node from being removed from the node list in the RREQ message, a one-way hash function is used. The source initializes the hash chain to a MAC with a key shared between the source and target. 7

Route Discovery (contd.) Route Request <RREQ, initiator, target, id, time interval, hash chain, node_list, MAC_list> Initiator initializes hash chain to MAC KSD (initiator, target, id, time interval) Intermediate node A which receives the request checks <initiator, id> and checks time interval Time interval : TESLA time interval at the pessimistic expected arrival time of the RREQ at target (say T + 2d) If any condition fails, discard the request Route Discovery (contd.) If all conditions hold, A appends its address to node list, replaces hash chain with H[A, hash chain], appends MAC of entire Request with TESLA key K Ai to MAC list Target checks validity of Request By determining that the keys are not disclosed yet that the hash chain is equal to H[n n, H[n n-1, H[,H[n 1, MAC KSD (initiator, target, id, interval)] ] If Request is valid, target returns a Route Reply 8

Route Discovery (contd.) Route Reply <RREP, target, initiator, time interval, node list, MAC list, target MAC, key list> Packet is sent to initiator along the route in node list Forwarding node waits until it can disclose its key and then append its key Initiator verifies that Each key is valid (TESLA security condition) target MAC is valid (based on K DC shared with target) Each MAC in MAC list is valid (based on TESLA keys) Route Discovery example 9

Route Maintenance Need: In the source routes, an intermediate node might discover that next hop is not working. So it sends ROUTE_ERROR back to initiator Security issue: Prevent unauthorized nodes from sending (bogus) ROUTE_ERRORs The case of malicious nodes not sending genuine ROUTE_ERRORs not considered. Route Maintenance (contd.) Route Error <ROUTE_ERROR, sending address, receiving address, time interval, error MAC, recent TESLA key> source routed back to initiator Intermediate node Forwards the packet and searches its route cache for all routes that use <sending address, receiving address> If exists, checks validity of time interval If valid, checks authentication of the Error Until authentication, saves Error info in memory until a key is disclosed and uses routes in route cache If authenticated, removes all such routes 10

Thwarting routing misbehaviors Issue: What if intermediate nodes in the source route misbehave and don t forward packets? A feedback based reputation scheme to detect misbehaving nodes - relies on feedback about which packets were successfully delivered A node with multiple routes sends a fraction along each route and sends packets along the successful route Malicious node avoidance in Route Discovery Route Request includes a list of malicious nodes to avoid and the MAC h 0 computed over that list no details Malicious nodes can be detected by target Thwarting malicious RREQ floods As flooded RREQs are authenticated at the target, and not at every hop, attacker can flood malicious RREQs. Route Discovery chains To authenticate RREQs instantly One-way chains generated as K i = H N-i [K N ] 1. Release one key for each Discovery (rate-limiting requests) A node not partitioned from the network can prevent an attacker from reusing keys 2. Dictate schedule for disclosure of key + loose clock synchronization (time-synchronizing chain elements) Any node can prevent an attacker from reusing keys Computationally slightly more expensive 11

An optimization So far, only initiator can authenticate the target and its RREP, using the MAC computed with K DS But this RREP passes all intermediate nodes, which can also use it, if authenticated. Solution: Target uses TESLA key that can be used by these intermediate nodes to authenticate it. The key is released by target, to initiator, after appropriate delay, which the intermediate nodes also use. Performance Evaluation ns-2 simulator has been used and following studied: Packet Delivery Ratio Packet overhead Byte overhead Mean Latency 99.99 th percentile latency Path optimality 12

Performance Evaluation packet overhead Performance Evaluation byte overhead» 26.19% higher byte overhead for Ariadne compared to un-optimized DSR because of authentication overhead 13

Security Analysis Argue that if an uncompromised shortest path exists, then Ariadne will find it (correctness) In case of Active-1-1 attacker, black holes and gray holes could be thwarted. (per-hop hashing), flooding of RREQs could be thwarted (route discovery chains) Passive attacks (eavesdropping) cannot be dealt with Conclusions & future work Ariadne adds security extensions to ondemand routing (DSR), which suits ad-hoc networks well. Shown to be better than un-optimized DSR Ariadne prevents a wide range of attacks to secure routing It is efficient in terms of communication and computational overhead. Uses MACs and TESLA 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information