SlideShare ist ein Scribd-Unternehmen logo

Ad hoc routing security

Als PPTX, PDF herunterladen
Harry Sunarsa
Harry Sunarsa
1 von 43
SECURING AD HOC NETWORK ROUTING Harry Sunarsa
INTRODUCTION Overview Characteristics Nodes within ad hoc network are - No fixed infrastructure mobile, also known as MANET, they -Dynamic topology communicate with each other within radio - Energy constrained range through direct wireless links or multi- hop routing. - Node acts both as a host and router The nodes can continuously move into and out of the radio range of the other nodes in the ad hoc network, and the routing information will be changing all the time because of the movement of the nodes
SECURITY ISSUES Security Goal [4] • Availability: ensures the survivability of network services despite denial of service attacks. • Confidentiality : Ensures that secret information or data is never disclosed to unauthorized devices. • Integrity : Ensures that a message received is not corrupted. • Authentication: enables a node to ensure the identity of the peer node it is communicating with. • Non-repudiation: ensures that the origin of a message cannot deny having sent the message. Challenge [2]: • the vulnerability of the link • limited physical protection of each of the nodes • dynamically changing of topology • the absence of a certification authority • the lack of the centralized monitoring or management point
SECURITY ISSUES Threat •External attacks come from outside intruders, i.e. non participants in the protocol, whose objective is the disruption of normal routing operation • To defend against the external attacks, nodes can protect routing information in the same way they protect data traffic. • A compromised node is categorized as internal attack. • the most severe threat for MANETs, it may broadcast wrong routing information to other nodes • Detection of compromised nodes through routing information is also difficult due to dynamic topology of Adhoc networks. •Routing protocols for Adhoc networks must handle outdated routing information to accommodate dynamic changing topology.
ROUTING PROTOCOL ISSUES  Attacks using modification of protocol fields of messages • The level of trust in a traditional Ad-hoc network cannot be measured or enforced, enemy nodes or compromised nodes may participate directly in the route discovery and may intercept and filter routing protocol packets to disrupt communication. • Malicious nodes can easily cause redirection of network traffic and DOS attacks by simply altering these fields • in Figure 5, a malicious node M could keep traffic from reaching X by consistently advertising to B a shorter route to X than the route to X, which C is advertising.
ROUTING PROTOCOL ISSUES  Attacks using modification of protocol fields of messages • The attacks can be classified as remote redirection attacks and denial of service attacks  Remote redirection with modified route sequence number (AODV) • Remote redirection attacks are also called black-hole attacks[7]. • a malicious node uses routing protocol to advertise itself as the shortest path to nodes whose packets it wants to intercept • Protocols such as AODV instantiate and maintain routes by assigning monotonically increasing sequence numbers to routes towards a specific destination • any node may divert traffic through itself by advertising a route to a node with a destination sequence number greater than the authentic value. • Figure 5 illustrates an example ad hoc network. Suppose a malicious node, M, receives the RREQ that originated from S for destination X after it is re-broadcast by B during route discovery. • M redirects traffic towards itself by unicasting to B a RREP containing a significantly higher destination sequence num for X than the authentic value last advertised by X.
ROUTING PROTOCOL ISSUES  Attacks using modification of protocol fields of messages  Redirection with modified hop count (AODV) • by modifying the hop count field in route discovery messages. • When routing decisions cannot be made by other metrics, AODV uses the hop count field to determine a shortest path. • The malicious nodes can attract route towards themselves by resetting the hop count field of the RREP to zero. • Once the malicious node has been able to insert itself between two communicating nodes it is able to do anything with the packets passing between them. • It can choose to drop packets to perform a denial of service attack, or alternatively use its place on the route as a first step in man-in-the-middle attack.
ROUTING PROTOCOL ISSUES  Attacks using modification of protocol fields of messages  Denial of service with modified source routes • DSR is a routing protocol, which explicitly states routes in data packets. • These routes lack any integrity checks and a simple denial-of- service attack can be launched in DSR by altering the source routes in packet headers. • Modification to source routes in DSR may also include the introduction of loops in the specified path. • Although DSR prevents looping during the route discovery process, there are insufficient safeguards to prevent the insertion of loops into a source route after a route has been salvaged.
ROUTING PROTOCOL ISSUES  Attacks using impersonation • Current Ad-hoc routing protocols do not authenticate source IP address. A malicious node can launch many attacks by altering its MAC or IP address. • Both AODV and DSR are susceptible to this attack. • In this type of attack, nodes may be able to join the network undetectably, or send false routing information, masquerading as some other trusted node
ROUTING PROTOCOL ISSUES  Attacks using fabrication • Generation of false routing messages is termed as fabrication messages. Such attacks are difficult to detect.  Falsifying route error messages in AODV or DSR • AODV and DSR implement path maintenance measures to recover broken paths when nodes move. • The vulnerability is that routing attacks can be launched by sending false route error messages. • Suppose node S has a route to node X via nodes A, B, and C, as in Figure 5. A malicious node M can launch a denial of service attack against X by continually sending route error messages to B spoofing node C, indicating a broken link between nodes C and X. • B receives the spoofed route error message thinking that it came from C. • B deletes its routing table entry for X and forwards the route error message on to A, who then also deletes its routing table entry. If M listens and broadcasts spoofed route error messages whenever a route is established from S to X, M can successfully prevent communications between S and X.
ROUTING PROTOCOL ISSUES  Attacks using fabrication  Route cache poisoning in DSR • This is a passive attack that can occur in DSR due to promiscuous mode of updating routing table which is employed by DSR. • Occurs when information stored in routing table at routers is deleted, altered or injected with false information. • DSR Nodes learn the routes from packet’s headers, which a node is processing along a path, routes in DSR may also be learned from promiscuously received packets. • A node overhearing any packet may add the routing information contained in that packet's header to its own route cache. • The vulnerability is that an attacker could easily exploit this method of learning routes and poison route caches. • Suppose a malicious node M wanted to poison routes to node X. If M were to broadcast spoofed packets with source routes to X via itself, neighboring nodes that overhear the packet transmission may add the route to their route cache.
ROUTING PROTOCOL ISSUES  Attacks using fabrication  Routing table overflow attack • In routing table overflow attack, the attacker attempts to create route to non-existent nodes. • The goal of the attacker is to create enough routers to prevent new routes from being created or overwhelm the protocol. • Implementation and flush out legitimate routes from routing tables. • Proactive routing algorithms attempt to discover routing information even before they are needed, while reactive algorithms create only when they are needed. This makes proactive algorithms more vulnerable to table overflow attacks.
SOLUTION TO AD HOC ROUTING  Installing extra facilities in the network to mitigate routing misbehavior • Misbehaving nodes can reduce network throughput and result in poor robustness. • A technique to identify and isolate such nodes is proposed in [10] by installing a watchdog and a pathrater in the Ad-hoc network on each node. • The watchdog identifies misbehaving nodes, while the pathrater avoids routing packets through these nodes. • When a node forwards a packet, the node’s watchdog verifies that the next node in the path also forwards the packet. • The watchdog does this by listening promiscuously to the next node’s transmissions. If the next node does not forward the packet, then it is misbehaving. • The pathrater uses this knowledge of misbehaving nodes to choose the network path that is most likely to deliver packets.
SOLUTION TO AD HOC ROUTING Watchdog S A B C D Figure 6: Watchdog’s operation. • when A transmits a packet for B to forward to C, A can often tell if B transmits the packet. • If encryption is not performed separately for each link, which can be expensive, then A can also tell if B has tampered with the payload or the header. Advantages The watchdog mechanism can detect misbehaving nodes at forwarding level and not just the link level.
SOLUTION TO AD HOC ROUTING Watchdog • The watchdog is implemented by maintaining a buffer of recently sent packets and comparing each overheard packet with the packet in the buffer to see if there is a match. • If so, the packet in the buffer is removed and forgotten by the watchdog, since it has been forwarded on. • If the packet has remained in the buffer for longer than a certain timeout, the watchdog increments a failure tally for the node responsible for forwarding on the packet. • If the tally exceeds a certain threshold bandwidth, it determines that the node is misbehaving and sends a message to the source notifying it of the misbehaving node.
SOLUTION TO AD HOC ROUTING Watchdog - Weakness  Ambiguous collision • It prevents A from overhearing transmissions from B • A packet collision occur at A while it is listening for B to forward on a packet. • A does not know if the collision was caused by forwarding on a packet as it should or if B never forwarded the packet and the collision was caused by other nodes in A’s neighborhood. • Because of this uncertainty, A should instead continue to watch B over a period of time. 2 1 1 S A B C D Figure 7: Ambiguous Collision.
SOLUTION TO AD HOC ROUTING Watchdog - Weakness  Receiver collision • node A can only tell whether B sends the packet to C, but it cannot tell if C receives it. • If a collision occurs at C when B first forwards the packet, A only sees B forwarding the packet and assumes that C successfully receives it. • Thus, B could skip retransmitting the packet and evade detection. S A B C D Figure 8: Receiver Collision
SOLUTION TO AD HOC ROUTING Watchdog - Weakness  False misbehavior • It can occur when nodes falsely report other nodes as misbehaving. • A malicious node could attempt to partition the network by claiming that some nodes following it in the path are misbehaving. • For instance, node A could report that node B is not forwarding packets when in fact it is. This will cause S to mark B as misbehaving when A is the culprit. • This behavior, however, will be detected. Since A is passing messages onto B (as verified by S), then any acknowledgements from D to S will go through A to S, and S will wonder why it receives replies from D when supposedly B dropped packets in the forward direction. • In addition, if A drops acknowledgements to hide them from S, the node B will detect this misbehavior and will report it to D.
SOLUTION TO AD HOC ROUTING Watchdog - Weakness  Limited transmission power • Another problem is that a misbehaving node that can control its transmission power can circumvent the watchdog. • A node could limit its transmission power such that the signal is strong enough to be overheard by the previous node but too weak to be received by the true recipient.  Multiple colluding nodes • Multiple nodes in collusion can mount a more sophisticated attack. For example, B and C could collude to cause mischief. In this case, B forwards a packet to C but does not report to A when C drops the packet. Because of its limitation, it may be necessary to disallow two consecutive un- trusted nodes in a routing path.
SOLUTION TO AD HOC ROUTING Watchdog - Weakness  Partial dropping • A node can circumvent the watchdog by dropping packets at a lower rate than the watchdog’s configured minimum misbehavior threshold. • Although the watchdog will not detect this node as misbehaving, this node is forced to forward at the threshold bandwidth. • In this way the watchdog serves to enforce this minimum bandwidth. For the watchdog to work properly it must know where a packet should be in two hops.
SOLUTION TO AD HOC ROUTING Pathrater • The pathrater is run by each node. • It combines the knowledge of misbehaving nodes with link reliability data to pick. The most reliable route. • Each node maintains a rating for every other node it knows about in the network. It calculates a path metric by averaging the node ratings in the path. • This metric gives a comparison of the overall reliability of different paths and allows pathrater to emulate the shortest length path algorithm when no reliability information has been collected. • If there are multiple paths to the same destination, the path with the highest metric is selected. Since the pathrater depends on knowing the exact path a packet has traversed, it must be implemented on top of a source routing protocol.
SOLUTION TO AD HOC ROUTING Pathrater • When anode in the network becomes known to the pathrater (through route discovery), the pathrater assigns it a “neutral” rating of “0.5”. A node always rates itself with a “1.0”. • This ensures that when calculating path rates, if all other nodes are neutral nodes (rather than suspected misbehaving nodes); the pathrater picks the shortest length path. • The pathrater increments the ratings of nodes on all actively used paths by 0.01 at periodic intervals of 200 ms. • An actively used path is one on which the node has sent a packet within the previous rate increment interval. The maximum value a neutral node can attain is 0.8. The node’s rating is decreased by 0.05 when a link break during packet forwarding and the node becomes unreachable. • The lower bound rating of a “neutral” node is 0.0. The pathrater does not modify the ratings of nodes that are not currently in active use.
SOLUTION TO AD HOC ROUTING Pathrater • When the pathrater calculates the path metric, negative path values indicate the existence of one or more suspected misbehaving nodes in the path (special highly negative value is assigned by watchdog, -100 in the simulations,). • If a node is marked as misbehaving due to a temporary malfunction or incorrect accusation it would be preferable if it were not permanently excluded from routing. • Therefore nodes that have negative ratings should have their ratings slowly increased or set back to a non-negative value after a long timeout.
SOLUTION TO AD HOC ROUTING Security Aware Routing - SAR
SOLUTION TO AD HOC ROUTING  Security Aware Routing - SAR • makes use the trust levels (security attributes assigned to nodes) to make informed and secure routing decision. • Current routing protocols discover the shortest path between two nodes. But SAR can discover a path with desired security attributes (E.g. a path through nodes with a particular shared key). • A node initiating route discovery sets the sought security level for the route i.e. the required minimal trust level for nodes participating in the query/reply propagation. • Nodes at each trust level share symmetric encryption keys. Intermediate nodes of different levels cannot decrypt in-transit routing packets or determine whether the required security attributes can be satisfied and drop them. • Only the nodes with the correct key can read the header and forward the packet. So if a packet has reached the destination, it must have been propagated by nodes at the same level, since only they can decrypt the packet, see its header and forward it. Drawbacks A lot of encryption overhead, since each intermediate node has to performs it.
SOLUTION TO AD HOC ROUTING SAODV - Implementation SAR extends AODV • Most of AODV’s original behavior such as on-demand discovery using flooding, reverse path maintenance and forward path setup via Route Request and Reply (RREP) messages is retained. • The RREQ packet has an additional field called RQ_SEC_REQUIREMENT that indicates the required security level for the route the sender wishes to discover. • An intermediate node at the required trust level, updates the RREQ packet by updating another new field, RQ_SEC_GUARANTEE field. The RQ_SEC_GUARANTEE field contains the minimum security offered in the route. • This can be achieved if each intermediate node at the required trust level performs an ‘AND’ operation with RQ_SEC_GUARANTEE field it receives and puts the updated value back into the RQ_SEC_GUARANTEE field before forwarding the packet. • When an RREQ successfully traverses the network, the RQ_SEC_GUARANTEE represents the minimum security level in the entire path from source to destination. • the destination copies this from the RREQ to the RREP, into a new field called RP_SEC_GUARANTEE field. The sender can use this value to determine the security level on the whole path, since the sender can find routes which offer more security than asked for, with which he can make informed decisions.
SOLUTION TO AD HOC ROUTING  Authenticated Routing for Ad-hoc Networks - ARAN • ARAN is presented in [14], introduces authentication, message integrity and non-repudiation to an Ad-hoc environment. • ARAN is composed of two distinct stages. The first stage is simple and requires little extra work from peers beyond traditional ad hoc protocols. Nodes that perform the optional second stage increase the security of their route, but acquire additional cost for their ad hoc peers who may not comply (e.g., if they are low on battery resources). • ARAN makes use of cryptographic certificates for the purposes of authentication and non-repudiation.
SOLUTION TO AD HOC ROUTING ARAN, Stage 1  Preliminary Certification • Before entering the Ad-hoc network, each node requests a certificate from T. For a node A, T -> A: CertA = [IPA, KA+, t, e]KT- • All nodes must maintain fresh certificates with the trusted server and must know T’s public key.  End-to-End authentication • The goal of stage 1 is for the source to verify that the intended destination was reached. • Source node , A, begins route instantiation to a destination X by broadcasting to its neighbors a route discovery packet (RDP): A -> broadcast: [RDP, IPX, CertA, NA, t]KA- • all signed with A's private key. Each time A performs route discovery, it monotonically increases the nonce. Nodes then store the nonce they have last seen with its timestamp.
SOLUTION TO AD HOC ROUTING ARAN, Stage 1 • Intermediate node for RDP , Each node records the neighbor from which it received the message. Let A's neighbor be B. B -> broadcast: [[RDP, IPX, CertA, NA, t]KA-]KB-, CertB • Upon receiving the broadcast, B's neighbor C validates the signature with the given certificate. • C then rebroadcasts the RDP to its neighbors, first removing B's signature. C -> broadcast: [[RDP, IPX, CertA, NA, t]KA-]KC-, CertC • Destination node, unicasts a Reply (REP) packet back along the reverse path to the source. X -> D: [REP, IPA, CertX, NA, t]KX- • Intermediate node for REP, All REPs are signed by the sender. D -> C: [[REP, IPA, CertX, NA, t]KX-]KD-, CertD • C validates D's signature, removes the signature, and then signs the contents of the message before unicasting the RDP to B • C -> B: [[REP, IPA, CertX, NA, t]KX-]KC-, CertC • Source node, verifies that the correct nonce was returned by the destination as well as the destination's signature. Only the destination can answer an RDP packet.
SOLUTION TO AD HOC ROUTING ARAN, Stage 2 • The disadvantage of ARAN is that it requires that nodes keep one routing table entry per source-destination pair that is currently active. This is certainly more costly than per-destination entries in non-secure ad hoc routing protocols. • Stage 2 is done only after Stage 1 is over. This is because the destination certificate is required in this stage. • This stage is primarily used for discovery of shortest path in a secure fashion. Since a path is already discovered , data transfer can be pipelined with Stage 2's shortest path discovery operation. • Source, by broadcasting a Shortest Path Confirmation (SPC) message to its neighbors A -> broadcast: SPC, IPX, CertX, [[IPX, CertA, NA, t]KA- ]KX+ • This signed message is encrypted with X's public key so that other nodes cannot modify the contents
SOLUTION TO AD HOC ROUTING ARAN, Stage 2 • Intermediate Node , a neighbor B that receives the message rebroadcasts the message after including its own cryptographic credentials. B ->broadcast: SPC, IPX, CertX, [[[IPX, CertA, NA, t]KA-]KX+]KB-, CertB]KX+ • Nodes that receive the SPC packet create entries in their routing table so as not to forward duplicate packets. The entry also serves to route the reply packet from the destination along the reverse path. • Destination Node, it checks that all the signatures are valid. X replies to the first SPC it receives and also any SPC with a shorter recorded path by sending Recorded Shortest Path (RSP) message . X -> D: [RSP, IPA, certX, NA, route]KX- • The source eventually receives the packet and verifies that the nonce corresponds to the SPC is originally generated. Advantages The onion-like signing of messages prevents nodes in the middle from changing the path in several ways. First, to increase the path length of the SPC, malicious nodes require an additional valid certificate. Second, malicious nodes cannot decrease the recorded path length or alter it because doing so would break the integrity of the encrypted data.
SOLUTION TO AD HOC ROUTING ARAN, Route Maintenance • Nodes keep track of whether routes are active. When no traffic has occurred on an existing route for that route's lifetime, the route is simply de-activated in the route table. • Data received on an inactive route causes nodes to generate an Error (ERR) message that travels the reverse path towards the source. • Nodes also use ERR messages to report links in active routes that are broken due to node movement. All ERR message must be signed. • For a route between source A and destination X, a node B generates the ERR message for its neighbor C as follows: B -> C: [ERR, IPA, IPX, CertC, NB, t]KB- • This message is forwarded along the path towards the source without modification. • Because messages are signed, malicious nodes cannot generate ERR messages for other nodes
SOLUTION TO AD HOC ROUTING ARAN, Key Revocation • ARAN attempts a best effort key revocation that is backed up with limited time certificates. • Calling the revoked certificate cert r, the transmission appears as • T -> broadcast: [revoke, Cert-R]KT- • Any node receiving this message re-broadcasts it to its neighbors. • Any neighbor of the node with the revoked certificate needs to reform routing as necessary to avoid transmission through the now-untrusted node.
SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] • SRP is applied as an extension of a multitude of existing routing protocols such as DSR [12] and ZRP [13]. • counters the malicious behavior that guarantees the acquisition of correct topological information in a timely manner. • . i.e., the route replies that are validated and accepted by the querying node provide accurate connectivity information, despite the presence of strong adversaries [13]. • Achieved with the existence o a security association between the pair of end nodes only, without the need for intermediate node to cryptographically validate control traffic.
SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] • Here is assumed that a security association (a shared key KST) is established between source (S) and destination (T). • The route request packet is identified by a random query identifier (rnd#) and a sequence number (sq#). • S constructs a Message Authentication Code (MAC) which is a hash of source, destination, random query identifier, sequence number and KST • MAC = h(S, T, rnd#, sq#, KST) • In addition the identifiers (IP addresses) of the traversed intermediate nodes are accumulated in the route request packet. • The intermediate nodes maintain a limited amount of state information regarding relayed queries (by storing their random sequence number), so that previously seen route requests are discarded.
SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] • More than one route request packet reaches the destination through different routes. • The destination T calculates a MAC covering the route reply contents and then returns the packet to S over the reverse route accumulated in the respective request packet. • The destination responds to one or more route request packets to provide the source with an as diverse topology picture as possible. Advantages: • Computing the MAC is not computationally expensive. • Message integrity is preserved. • If confidentiality of data is required, the pay load could be encrypted with the shared key KST
SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] • the query request is denoted as a list { QST; n1, n2, …. nk} • QST denotes the SRP header for a query searching for T and initiated by S. • ni , i not = {1,k} are the IP addresses of the intermediate nodes and n1= S, nk= T. • Similarly, a route reply is denoted as { RST; n1, n2, …. nk}
SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] Case 1 • When M receives { QST; S} it tries to mislead S by generating{ RST; S, M1, T} i.e. it fakes that destination T is its neighbor. • This is possible in a regular routing protocol, but not here, since only T can generate the MAC which is verified by S. Case 2 • If M1 discards request packets that it receives, it narrows the topology view of S. • But at the same time it practically removes itself from S’s view. • Thus it cannot inflict harm to data flows originating from S, and route chosen by S would not include M1.
SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] Case 3 • When M1 receives { RST; S,1, M1, S, 4, T} it tampers with its contents and relays{ RST; S, 1, M, Y, T}. • Y being any sequence of nodes. S readily discards the reply due to the integrity protection provided by MAC. Case 4 • When M2 receives { QST; S, 2, 3 } it corrupts the accumulated route and relays { QST; S, X, 3, M2} to its neighbors, where X is a false IP address. • This request arrives at T, which constructs the reply and routes it over {T, M2, 3, X, S} towards S. • but when node 3 receives the reply it cannot forward it any further since X is not its neighbor and the reply is dropped.
SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] Case 5 • If M1 replays route requests to consume network resources, they will be discarded by intermediate nodes, since they maintain a list of query identifiers seen in the past. • The query identifier is a random number, so that it is not guessable by the malicious node. Case 6 • If M1 attempts to forward { QST; S, M*} i.e. it spoofs its IP address. • Consequently S would accept { RST; S, M*, 1, 4, T} as a route • But the connectivity information conveyed by such a reply is correct.
SOLUTION TO AD HOC ROUTING Attack on SRP Tunneling • If 2 nodes collude during the 2 phases (request and reply) of a single route discovery, then the protocol could be attacked. e.g.: if M1 received a route request, it can tunnel it to M2 • i.e. discover a route to M2 and send the request encapsulated in a data packet. Then M2 broadcasts a request with the route segment between M1 and M2 falsified {QST; S, M1, Z, M2}. • T receives the request and constructs a reply which is routed one {T, M2, Z, M1, S}. M2 receives the reply and tunnels it back to M1, which then returns it to S. As a result the connectivity information is only partially correct. Replay • If M1 rewrites the RND# with some other random number, its neighbors think that it is a genuine packet and keep forwarding it, thus wasting their resources. • Only when the packet reaches the destination this misuse can be detected using the MAC.
Conclusion • Routing protocol threats are usually specific to particular security weakness (not necessary design weakness) of the protocol, which can be categorized using different criteria. • However, proposed routing solutions are capable to operate with dynamic topology but in terms of security measure they provide partial or no solution [4]. • Thus implementation of secure routing protocol is still one of the challenges within ad hoc network.
References 1. Wenjia Li and Anupam Joshi, “Security Issues in Mobile Ad Hoc Networks A Survey”. 2. Jean-Pierre Hubaux, Levente Buttyan and Srdan Capkun, “The Quest for Security in Mobile Ad hoc Networks”, Proceedings of the ACM Symposium on Mobile Ad hoc Networking and Computing, MobiHOC 2001. 3. Hao Yang, Haiyun Luo, Fan Ye, Songwu Lu, and Lixia Zhang, “Security in Mobile Ad Hoc Network Challenge and Solutions”, IEEE Wireless Communications, February 2004 4. L. Zhou, Z. J. Haas. Securing Ad Hoc Networks. IEEE Network, 13(6): 24-30, Nov/Dec 1999. 5. Preetida Vinayakray-Jani, “Security within Ad hoc”, Position Paper, PAMPAS Workshop, Sept. 16/17 2002, London. 6. Dr. Harsh Sadawarti and Anuj K. Gupta, “Secure Routing Techniques for MANETs”, International Journal of Computer Theory and Engineering, Vol. 1, No. 4, October2009, 1793-8201. 7. F.Wang, B. Vetter, and S.Wu, “Secure Routing Protocols: Theory and Practice,” Technical Report, North Carolina State University, May 1997 8. [http://citeseer.nj.nec.com/400961.html.2000.H. Dang,W. Li, and D. P. Agrawal, “Routing security in wireless ad hoc networks”, IEEE Communications Magazine, 0163-6804, pp. 70-75, October 2002.] 9. A. K. Bayya, S. Gupte, Y. K. Shukla, A. Garikapati, “Security in Ad-hoc Networks”. 10. S. Marti, T.J. Giuli, Kevin Lai and Mary Baker, Mitigating Routing Misbehavior in Mobile Ad Hoc Networks. Proceedings of MOBICOM 2000, August 2000. 11. P. Papadimitratos and Z.J. Haas. “Secure routing for mobile ad hoc networks,” SCS Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2002), Jan 2002. 12. D.B. Johnson, D.A Maltz, and J. Broch, “DSR: The Dynamic Source Routing Protocol for Multi-Hop Wireless Ad hoc Networks,” Ad Hoc Networking, C.E. Perkins, Ed., Addison-Wesley, 2001, 139-172. 13. Z. J. Haas, M. Perlman, “The Performance of Query Control Schemes of the Zone Routing Protocol” IEEE/ACM Transactions on Networking, vol. 9, no. 4, pp. 427-438, Aug 2001. 14. B. Dahill, B. N. Levine, E. Royer, and C. Shields, “A secure routing protocol for ad hoc networks,” in Proceedings of the International Conference on Network Protocols (ICNP), pp. 78-87, 2002. 15. F. Stajano and R. Anderson, “The Resurrecting Duckling: Security Issues for Ad Hoc Wireless Networks,” Security Protocols, 7th International Workshop, LNCS, Springer-Verlag, 1999. 16. Seung Yi, P. Naldurg and R. Kravets, “Security-Aware Ad-Hoc Routing for Wireless Networks”.

Empfohlen

Secure routing and data transmission in mobile
Secure routing and data transmission in mobileSecure routing and data transmission in mobile
Secure routing and data transmission in mobile
IJCNCJournal
 
F41023946
F41023946F41023946
F41023946
IJERA Editor
 
AODV protocol
AODV protocolAODV protocol
AODV protocol
Raj Sikarwar
 
Adhoc and routing protocols
Adhoc and routing protocolsAdhoc and routing protocols
Adhoc and routing protocols
shashi712
 
Routing protocols for ad hoc wireless networks
Routing protocols for ad hoc wireless networks Routing protocols for ad hoc wireless networks
Routing protocols for ad hoc wireless networks
Divya Tiwari
 
Dynamic Source Routing Sink hole attack
Dynamic Source Routing Sink hole attackDynamic Source Routing Sink hole attack
Dynamic Source Routing Sink hole attack
Dr Praveen Jain
 
Dynamic source routing
Dynamic source routingDynamic source routing
Dynamic source routing
Ashraf Uddin
 
Lecture 19 22. transport protocol for ad-hoc
Lecture 19 22. transport protocol for ad-hoc Lecture 19 22. transport protocol for ad-hoc
Lecture 19 22. transport protocol for ad-hoc
Chandra Meena
 

Empfohlen

Secure routing and data transmission in mobile
Secure routing and data transmission in mobileSecure routing and data transmission in mobile
Secure routing and data transmission in mobile
IJCNCJournal
 
F41023946
F41023946F41023946
F41023946
IJERA Editor
 
AODV protocol
AODV protocolAODV protocol
AODV protocol
Raj Sikarwar
 
Adhoc and routing protocols
Adhoc and routing protocolsAdhoc and routing protocols
Adhoc and routing protocols
shashi712
 
Routing protocols for ad hoc wireless networks
Routing protocols for ad hoc wireless networks Routing protocols for ad hoc wireless networks
Routing protocols for ad hoc wireless networks
Divya Tiwari
 
Dynamic Source Routing Sink hole attack
Dynamic Source Routing Sink hole attackDynamic Source Routing Sink hole attack
Dynamic Source Routing Sink hole attack
Dr Praveen Jain
 
Dynamic source routing
Dynamic source routingDynamic source routing
Dynamic source routing
Ashraf Uddin
 
Lecture 19 22. transport protocol for ad-hoc
Lecture 19 22. transport protocol for ad-hoc Lecture 19 22. transport protocol for ad-hoc
Lecture 19 22. transport protocol for ad-hoc
Chandra Meena
 
(Paper Presentation) DSDV
(Paper Presentation) DSDV(Paper Presentation) DSDV
(Paper Presentation) DSDV
Rajesh Piryani
 
Ad-hoc routing protocols
Ad-hoc routing protocolsAd-hoc routing protocols
Ad-hoc routing protocols
Rama Raman
 
Performance analysis of aodv protocol on blackhole attack
Performance analysis of aodv protocol on blackhole attackPerformance analysis of aodv protocol on blackhole attack
Performance analysis of aodv protocol on blackhole attack
Mehedi
 
Routing in Mobile Ad hoc Networks
Routing in Mobile Ad hoc NetworksRouting in Mobile Ad hoc Networks
Routing in Mobile Ad hoc Networks
Sayed Chhattan Shah
 
Comparison of different MANET routing protocols in wireless ADHOC
Comparison of different MANET routing protocols in wireless ADHOCComparison of different MANET routing protocols in wireless ADHOC
Comparison of different MANET routing protocols in wireless ADHOC
Amitoj Kaur
 
Cs6003 ahsn-add-qb
Cs6003 ahsn-add-qbCs6003 ahsn-add-qb
Cs6003 ahsn-add-qb
KGunasekaran1
 
Routing protocols in ad hoc network
Routing protocols in ad hoc networkRouting protocols in ad hoc network
Routing protocols in ad hoc network
NIIS Institute of Business Management, Bhubaneswar
 
On-Demand Multicast Routing Protocol
On-Demand Multicast Routing ProtocolOn-Demand Multicast Routing Protocol
On-Demand Multicast Routing Protocol
Senthil Kanth
 
Hs2413641369
Hs2413641369Hs2413641369
Hs2413641369
IJERA Editor
 
IT6601 Mobile Computing Unit IV
IT6601 Mobile Computing Unit IVIT6601 Mobile Computing Unit IV
IT6601 Mobile Computing Unit IV
pkaviya
 
Lecture 9 10 .mobile ad-hoc routing protocols
Lecture 9 10 .mobile ad-hoc routing protocolsLecture 9 10 .mobile ad-hoc routing protocols
Lecture 9 10 .mobile ad-hoc routing protocols
Chandra Meena
 
Lecture 11 14. Adhoc routing protocols cont..
Lecture 11 14. Adhoc routing protocols cont..Lecture 11 14. Adhoc routing protocols cont..
Lecture 11 14. Adhoc routing protocols cont..
Chandra Meena
 
AODV routing protocol
AODV routing protocolAODV routing protocol
AODV routing protocol
Varsha Anandani
 
Routing ad hoc network
Routing ad hoc networkRouting ad hoc network
Routing ad hoc network
Prof. Dr. Noman Islam
 
Ad-HOc presentation
Ad-HOc presentationAd-HOc presentation
Ad-HOc presentation
Elanthendral Mariappan
 
CS6003 AD HOC AND SENSOR NETWORKS
CS6003 AD HOC AND SENSOR NETWORKSCS6003 AD HOC AND SENSOR NETWORKS
CS6003 AD HOC AND SENSOR NETWORKS
Kathirvel Ayyaswamy
 
Medium access control unit 3-33
Medium access control unit 3-33Medium access control unit 3-33
Medium access control unit 3-33
Deepika,Assistant Professor,PES College of Engineering ,Mandya
 
Grayhole
GrayholeGrayhole
Grayhole
Kumud Dixit
 
Mobile Computing UNIT-7
Mobile Computing UNIT-7Mobile Computing UNIT-7
Mobile Computing UNIT-7
Ramesh Babu
 
Ppt multicast routing
Ppt multicast routingPpt multicast routing
Ppt multicast routing
reena aggarwal
 
Unit_4_Full_pdf.pdf.pdf
Unit_4_Full_pdf.pdf.pdfUnit_4_Full_pdf.pdf.pdf
Unit_4_Full_pdf.pdf.pdf
Mathavan N
 
SZRP.pdf
SZRP.pdfSZRP.pdf
SZRP.pdf
ismail eljadidi
 

Weitere ähnliche Inhalte

Was ist angesagt?

Performance analysis of aodv protocol on blackhole attack
Performance analysis of aodv protocol on blackhole attackPerformance analysis of aodv protocol on blackhole attack
Performance analysis of aodv protocol on blackhole attack
Mehedi
 
Lecture 9 10 .mobile ad-hoc routing protocols
Lecture 9 10 .mobile ad-hoc routing protocolsLecture 9 10 .mobile ad-hoc routing protocols
Lecture 9 10 .mobile ad-hoc routing protocols
Chandra Meena
 
Lecture 11 14. Adhoc routing protocols cont..
Lecture 11 14. Adhoc routing protocols cont..Lecture 11 14. Adhoc routing protocols cont..
Lecture 11 14. Adhoc routing protocols cont..
Chandra Meena
 
Mobile Computing UNIT-7
Mobile Computing UNIT-7Mobile Computing UNIT-7
Mobile Computing UNIT-7
Ramesh Babu
 

Was ist angesagt? (20)

(Paper Presentation) DSDV
(Paper Presentation) DSDV(Paper Presentation) DSDV
(Paper Presentation) DSDV
 
Ad-hoc routing protocols
Ad-hoc routing protocolsAd-hoc routing protocols
Ad-hoc routing protocols
 
Performance analysis of aodv protocol on blackhole attack
Performance analysis of aodv protocol on blackhole attackPerformance analysis of aodv protocol on blackhole attack
Performance analysis of aodv protocol on blackhole attack
 
Routing in Mobile Ad hoc Networks
Routing in Mobile Ad hoc NetworksRouting in Mobile Ad hoc Networks
Routing in Mobile Ad hoc Networks
 
Comparison of different MANET routing protocols in wireless ADHOC
Comparison of different MANET routing protocols in wireless ADHOCComparison of different MANET routing protocols in wireless ADHOC
Comparison of different MANET routing protocols in wireless ADHOC
 
Cs6003 ahsn-add-qb
Cs6003 ahsn-add-qbCs6003 ahsn-add-qb
Cs6003 ahsn-add-qb
 
Routing protocols in ad hoc network
Routing protocols in ad hoc networkRouting protocols in ad hoc network
Routing protocols in ad hoc network
 
On-Demand Multicast Routing Protocol
On-Demand Multicast Routing ProtocolOn-Demand Multicast Routing Protocol
On-Demand Multicast Routing Protocol
 
Hs2413641369
Hs2413641369Hs2413641369
Hs2413641369
 
IT6601 Mobile Computing Unit IV
IT6601 Mobile Computing Unit IVIT6601 Mobile Computing Unit IV
IT6601 Mobile Computing Unit IV
 
Lecture 9 10 .mobile ad-hoc routing protocols
Lecture 9 10 .mobile ad-hoc routing protocolsLecture 9 10 .mobile ad-hoc routing protocols
Lecture 9 10 .mobile ad-hoc routing protocols
 
Lecture 11 14. Adhoc routing protocols cont..
Lecture 11 14. Adhoc routing protocols cont..Lecture 11 14. Adhoc routing protocols cont..
Lecture 11 14. Adhoc routing protocols cont..
 
AODV routing protocol
AODV routing protocolAODV routing protocol
AODV routing protocol
 
Routing ad hoc network
Routing ad hoc networkRouting ad hoc network
Routing ad hoc network
 
Ad-HOc presentation
Ad-HOc presentationAd-HOc presentation
Ad-HOc presentation
 
CS6003 AD HOC AND SENSOR NETWORKS
CS6003 AD HOC AND SENSOR NETWORKSCS6003 AD HOC AND SENSOR NETWORKS
CS6003 AD HOC AND SENSOR NETWORKS
 
Medium access control unit 3-33
Medium access control unit 3-33Medium access control unit 3-33
Medium access control unit 3-33
 
Grayhole
GrayholeGrayhole
Grayhole
 
Mobile Computing UNIT-7
Mobile Computing UNIT-7Mobile Computing UNIT-7
Mobile Computing UNIT-7
 
Ppt multicast routing
Ppt multicast routingPpt multicast routing
Ppt multicast routing
 

Ähnlich wie Ad hoc routing security

Security in Manet Using Fl-Saodv
Security in Manet Using Fl-SaodvSecurity in Manet Using Fl-Saodv
Security in Manet Using Fl-Saodv
journal ijrtem
 
11011 a0449 secure routing wsn
11011 a0449 secure routing wsn11011 a0449 secure routing wsn
11011 a0449 secure routing wsn
Muqeed Abdul
 
Performance Analysis of Malicious Node in the Different Routing Algorithms in...
Performance Analysis of Malicious Node in the Different Routing Algorithms in...Performance Analysis of Malicious Node in the Different Routing Algorithms in...
Performance Analysis of Malicious Node in the Different Routing Algorithms in...
ijsrd.com
 
Introduction to mobile ad hoc network (m.a.net)
Introduction to mobile ad hoc network (m.a.net)Introduction to mobile ad hoc network (m.a.net)
Introduction to mobile ad hoc network (m.a.net)
Sohebuzzaman Khan
 

Ähnlich wie Ad hoc routing security (20)

Unit_4_Full_pdf.pdf.pdf
Unit_4_Full_pdf.pdf.pdfUnit_4_Full_pdf.pdf.pdf
Unit_4_Full_pdf.pdf.pdf
 
SZRP.pdf
SZRP.pdfSZRP.pdf
SZRP.pdf
 
Manet - The Art of Networking without a Network
Manet - The Art of Networking without a NetworkManet - The Art of Networking without a Network
Manet - The Art of Networking without a Network
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
manet.pdf
manet.pdfmanet.pdf
manet.pdf
 
Security management in mobile ad hoc networks
Security management in mobile ad hoc networksSecurity management in mobile ad hoc networks
Security management in mobile ad hoc networks
 
implementation of sinkhole attack on DSR protocol
implementation of sinkhole attack on DSR protocolimplementation of sinkhole attack on DSR protocol
implementation of sinkhole attack on DSR protocol
 
Security in Manet Using Fl-Saodv
Security in Manet Using Fl-SaodvSecurity in Manet Using Fl-Saodv
Security in Manet Using Fl-Saodv
 
Mona
MonaMona
Mona
 
Secure routing in wsn-attacks and countermeasures
Secure routing in wsn-attacks and countermeasuresSecure routing in wsn-attacks and countermeasures
Secure routing in wsn-attacks and countermeasures
 
11011 a0449 secure routing wsn
11011 a0449 secure routing wsn11011 a0449 secure routing wsn
11011 a0449 secure routing wsn
 
Various Security Attacks in mobile ad hoc networks
Various Security Attacks in mobile ad hoc networksVarious Security Attacks in mobile ad hoc networks
Various Security Attacks in mobile ad hoc networks
 
Survey paper on Evaluating Trust and Reputation Using Uncertain Reasoning in ...
Survey paper on Evaluating Trust and Reputation Using Uncertain Reasoning in ...Survey paper on Evaluating Trust and Reputation Using Uncertain Reasoning in ...
Survey paper on Evaluating Trust and Reputation Using Uncertain Reasoning in ...
 
Performance Analysis of Routing Protocols (ADSDV, OLSR and TORA) in Wireless ...
Performance Analysis of Routing Protocols (ADSDV, OLSR and TORA) in Wireless ...Performance Analysis of Routing Protocols (ADSDV, OLSR and TORA) in Wireless ...
Performance Analysis of Routing Protocols (ADSDV, OLSR and TORA) in Wireless ...
 
Performance Analysis of Malicious Node in the Different Routing Algorithms in...
Performance Analysis of Malicious Node in the Different Routing Algorithms in...Performance Analysis of Malicious Node in the Different Routing Algorithms in...
Performance Analysis of Malicious Node in the Different Routing Algorithms in...
 
Chapter 2.pptx
Chapter 2.pptxChapter 2.pptx
Chapter 2.pptx
 
Secure routing Adhoc Networks
Secure routing Adhoc NetworksSecure routing Adhoc Networks
Secure routing Adhoc Networks
 
Performance Evaluation of Routing Protocol on AODV and DSR under Wormhole Attack
Performance Evaluation of Routing Protocol on AODV and DSR under Wormhole AttackPerformance Evaluation of Routing Protocol on AODV and DSR under Wormhole Attack
Performance Evaluation of Routing Protocol on AODV and DSR under Wormhole Attack
 
AD HOC.doc
AD HOC.docAD HOC.doc
AD HOC.doc
 
Introduction to mobile ad hoc network (m.a.net)
Introduction to mobile ad hoc network (m.a.net)Introduction to mobile ad hoc network (m.a.net)
Introduction to mobile ad hoc network (m.a.net)
 

Ad hoc routing security

  • 1. SECURING AD HOC NETWORK ROUTING Harry Sunarsa
  • 2. INTRODUCTION Overview Characteristics Nodes within ad hoc network are - No fixed infrastructure mobile, also known as MANET, they -Dynamic topology communicate with each other within radio - Energy constrained range through direct wireless links or multi- hop routing. - Node acts both as a host and router The nodes can continuously move into and out of the radio range of the other nodes in the ad hoc network, and the routing information will be changing all the time because of the movement of the nodes
  • 3. SECURITY ISSUES Security Goal [4] • Availability: ensures the survivability of network services despite denial of service attacks. • Confidentiality : Ensures that secret information or data is never disclosed to unauthorized devices. • Integrity : Ensures that a message received is not corrupted. • Authentication: enables a node to ensure the identity of the peer node it is communicating with. • Non-repudiation: ensures that the origin of a message cannot deny having sent the message. Challenge [2]: • the vulnerability of the link • limited physical protection of each of the nodes • dynamically changing of topology • the absence of a certification authority • the lack of the centralized monitoring or management point
  • 4. SECURITY ISSUES Threat •External attacks come from outside intruders, i.e. non participants in the protocol, whose objective is the disruption of normal routing operation • To defend against the external attacks, nodes can protect routing information in the same way they protect data traffic. • A compromised node is categorized as internal attack. • the most severe threat for MANETs, it may broadcast wrong routing information to other nodes • Detection of compromised nodes through routing information is also difficult due to dynamic topology of Adhoc networks. •Routing protocols for Adhoc networks must handle outdated routing information to accommodate dynamic changing topology.
  • 5. ROUTING PROTOCOL ISSUES  Attacks using modification of protocol fields of messages • The level of trust in a traditional Ad-hoc network cannot be measured or enforced, enemy nodes or compromised nodes may participate directly in the route discovery and may intercept and filter routing protocol packets to disrupt communication. • Malicious nodes can easily cause redirection of network traffic and DOS attacks by simply altering these fields • in Figure 5, a malicious node M could keep traffic from reaching X by consistently advertising to B a shorter route to X than the route to X, which C is advertising.
  • 6. ROUTING PROTOCOL ISSUES  Attacks using modification of protocol fields of messages • The attacks can be classified as remote redirection attacks and denial of service attacks  Remote redirection with modified route sequence number (AODV) • Remote redirection attacks are also called black-hole attacks[7]. • a malicious node uses routing protocol to advertise itself as the shortest path to nodes whose packets it wants to intercept • Protocols such as AODV instantiate and maintain routes by assigning monotonically increasing sequence numbers to routes towards a specific destination • any node may divert traffic through itself by advertising a route to a node with a destination sequence number greater than the authentic value. • Figure 5 illustrates an example ad hoc network. Suppose a malicious node, M, receives the RREQ that originated from S for destination X after it is re-broadcast by B during route discovery. • M redirects traffic towards itself by unicasting to B a RREP containing a significantly higher destination sequence num for X than the authentic value last advertised by X.
  • 7. ROUTING PROTOCOL ISSUES  Attacks using modification of protocol fields of messages  Redirection with modified hop count (AODV) • by modifying the hop count field in route discovery messages. • When routing decisions cannot be made by other metrics, AODV uses the hop count field to determine a shortest path. • The malicious nodes can attract route towards themselves by resetting the hop count field of the RREP to zero. • Once the malicious node has been able to insert itself between two communicating nodes it is able to do anything with the packets passing between them. • It can choose to drop packets to perform a denial of service attack, or alternatively use its place on the route as a first step in man-in-the-middle attack.
  • 8. ROUTING PROTOCOL ISSUES  Attacks using modification of protocol fields of messages  Denial of service with modified source routes • DSR is a routing protocol, which explicitly states routes in data packets. • These routes lack any integrity checks and a simple denial-of- service attack can be launched in DSR by altering the source routes in packet headers. • Modification to source routes in DSR may also include the introduction of loops in the specified path. • Although DSR prevents looping during the route discovery process, there are insufficient safeguards to prevent the insertion of loops into a source route after a route has been salvaged.
  • 9. ROUTING PROTOCOL ISSUES  Attacks using impersonation • Current Ad-hoc routing protocols do not authenticate source IP address. A malicious node can launch many attacks by altering its MAC or IP address. • Both AODV and DSR are susceptible to this attack. • In this type of attack, nodes may be able to join the network undetectably, or send false routing information, masquerading as some other trusted node
  • 10. ROUTING PROTOCOL ISSUES  Attacks using fabrication • Generation of false routing messages is termed as fabrication messages. Such attacks are difficult to detect.  Falsifying route error messages in AODV or DSR • AODV and DSR implement path maintenance measures to recover broken paths when nodes move. • The vulnerability is that routing attacks can be launched by sending false route error messages. • Suppose node S has a route to node X via nodes A, B, and C, as in Figure 5. A malicious node M can launch a denial of service attack against X by continually sending route error messages to B spoofing node C, indicating a broken link between nodes C and X. • B receives the spoofed route error message thinking that it came from C. • B deletes its routing table entry for X and forwards the route error message on to A, who then also deletes its routing table entry. If M listens and broadcasts spoofed route error messages whenever a route is established from S to X, M can successfully prevent communications between S and X.
  • 11. ROUTING PROTOCOL ISSUES  Attacks using fabrication  Route cache poisoning in DSR • This is a passive attack that can occur in DSR due to promiscuous mode of updating routing table which is employed by DSR. • Occurs when information stored in routing table at routers is deleted, altered or injected with false information. • DSR Nodes learn the routes from packet’s headers, which a node is processing along a path, routes in DSR may also be learned from promiscuously received packets. • A node overhearing any packet may add the routing information contained in that packet's header to its own route cache. • The vulnerability is that an attacker could easily exploit this method of learning routes and poison route caches. • Suppose a malicious node M wanted to poison routes to node X. If M were to broadcast spoofed packets with source routes to X via itself, neighboring nodes that overhear the packet transmission may add the route to their route cache.
  • 12. ROUTING PROTOCOL ISSUES  Attacks using fabrication  Routing table overflow attack • In routing table overflow attack, the attacker attempts to create route to non-existent nodes. • The goal of the attacker is to create enough routers to prevent new routes from being created or overwhelm the protocol. • Implementation and flush out legitimate routes from routing tables. • Proactive routing algorithms attempt to discover routing information even before they are needed, while reactive algorithms create only when they are needed. This makes proactive algorithms more vulnerable to table overflow attacks.
  • 13. SOLUTION TO AD HOC ROUTING  Installing extra facilities in the network to mitigate routing misbehavior • Misbehaving nodes can reduce network throughput and result in poor robustness. • A technique to identify and isolate such nodes is proposed in [10] by installing a watchdog and a pathrater in the Ad-hoc network on each node. • The watchdog identifies misbehaving nodes, while the pathrater avoids routing packets through these nodes. • When a node forwards a packet, the node’s watchdog verifies that the next node in the path also forwards the packet. • The watchdog does this by listening promiscuously to the next node’s transmissions. If the next node does not forward the packet, then it is misbehaving. • The pathrater uses this knowledge of misbehaving nodes to choose the network path that is most likely to deliver packets.
  • 14. SOLUTION TO AD HOC ROUTING Watchdog S A B C D Figure 6: Watchdog’s operation. • when A transmits a packet for B to forward to C, A can often tell if B transmits the packet. • If encryption is not performed separately for each link, which can be expensive, then A can also tell if B has tampered with the payload or the header. Advantages The watchdog mechanism can detect misbehaving nodes at forwarding level and not just the link level.
  • 15. SOLUTION TO AD HOC ROUTING Watchdog • The watchdog is implemented by maintaining a buffer of recently sent packets and comparing each overheard packet with the packet in the buffer to see if there is a match. • If so, the packet in the buffer is removed and forgotten by the watchdog, since it has been forwarded on. • If the packet has remained in the buffer for longer than a certain timeout, the watchdog increments a failure tally for the node responsible for forwarding on the packet. • If the tally exceeds a certain threshold bandwidth, it determines that the node is misbehaving and sends a message to the source notifying it of the misbehaving node.
  • 16. SOLUTION TO AD HOC ROUTING Watchdog - Weakness  Ambiguous collision • It prevents A from overhearing transmissions from B • A packet collision occur at A while it is listening for B to forward on a packet. • A does not know if the collision was caused by forwarding on a packet as it should or if B never forwarded the packet and the collision was caused by other nodes in A’s neighborhood. • Because of this uncertainty, A should instead continue to watch B over a period of time. 2 1 1 S A B C D Figure 7: Ambiguous Collision.
  • 17. SOLUTION TO AD HOC ROUTING Watchdog - Weakness  Receiver collision • node A can only tell whether B sends the packet to C, but it cannot tell if C receives it. • If a collision occurs at C when B first forwards the packet, A only sees B forwarding the packet and assumes that C successfully receives it. • Thus, B could skip retransmitting the packet and evade detection. S A B C D Figure 8: Receiver Collision
  • 18. SOLUTION TO AD HOC ROUTING Watchdog - Weakness  False misbehavior • It can occur when nodes falsely report other nodes as misbehaving. • A malicious node could attempt to partition the network by claiming that some nodes following it in the path are misbehaving. • For instance, node A could report that node B is not forwarding packets when in fact it is. This will cause S to mark B as misbehaving when A is the culprit. • This behavior, however, will be detected. Since A is passing messages onto B (as verified by S), then any acknowledgements from D to S will go through A to S, and S will wonder why it receives replies from D when supposedly B dropped packets in the forward direction. • In addition, if A drops acknowledgements to hide them from S, the node B will detect this misbehavior and will report it to D.
  • 19. SOLUTION TO AD HOC ROUTING Watchdog - Weakness  Limited transmission power • Another problem is that a misbehaving node that can control its transmission power can circumvent the watchdog. • A node could limit its transmission power such that the signal is strong enough to be overheard by the previous node but too weak to be received by the true recipient.  Multiple colluding nodes • Multiple nodes in collusion can mount a more sophisticated attack. For example, B and C could collude to cause mischief. In this case, B forwards a packet to C but does not report to A when C drops the packet. Because of its limitation, it may be necessary to disallow two consecutive un- trusted nodes in a routing path.
  • 20. SOLUTION TO AD HOC ROUTING Watchdog - Weakness  Partial dropping • A node can circumvent the watchdog by dropping packets at a lower rate than the watchdog’s configured minimum misbehavior threshold. • Although the watchdog will not detect this node as misbehaving, this node is forced to forward at the threshold bandwidth. • In this way the watchdog serves to enforce this minimum bandwidth. For the watchdog to work properly it must know where a packet should be in two hops.
  • 21. SOLUTION TO AD HOC ROUTING Pathrater • The pathrater is run by each node. • It combines the knowledge of misbehaving nodes with link reliability data to pick. The most reliable route. • Each node maintains a rating for every other node it knows about in the network. It calculates a path metric by averaging the node ratings in the path. • This metric gives a comparison of the overall reliability of different paths and allows pathrater to emulate the shortest length path algorithm when no reliability information has been collected. • If there are multiple paths to the same destination, the path with the highest metric is selected. Since the pathrater depends on knowing the exact path a packet has traversed, it must be implemented on top of a source routing protocol.
  • 22. SOLUTION TO AD HOC ROUTING Pathrater • When anode in the network becomes known to the pathrater (through route discovery), the pathrater assigns it a “neutral” rating of “0.5”. A node always rates itself with a “1.0”. • This ensures that when calculating path rates, if all other nodes are neutral nodes (rather than suspected misbehaving nodes); the pathrater picks the shortest length path. • The pathrater increments the ratings of nodes on all actively used paths by 0.01 at periodic intervals of 200 ms. • An actively used path is one on which the node has sent a packet within the previous rate increment interval. The maximum value a neutral node can attain is 0.8. The node’s rating is decreased by 0.05 when a link break during packet forwarding and the node becomes unreachable. • The lower bound rating of a “neutral” node is 0.0. The pathrater does not modify the ratings of nodes that are not currently in active use.
  • 23. SOLUTION TO AD HOC ROUTING Pathrater • When the pathrater calculates the path metric, negative path values indicate the existence of one or more suspected misbehaving nodes in the path (special highly negative value is assigned by watchdog, -100 in the simulations,). • If a node is marked as misbehaving due to a temporary malfunction or incorrect accusation it would be preferable if it were not permanently excluded from routing. • Therefore nodes that have negative ratings should have their ratings slowly increased or set back to a non-negative value after a long timeout.
  • 24. SOLUTION TO AD HOC ROUTING Security Aware Routing - SAR
  • 25. SOLUTION TO AD HOC ROUTING  Security Aware Routing - SAR • makes use the trust levels (security attributes assigned to nodes) to make informed and secure routing decision. • Current routing protocols discover the shortest path between two nodes. But SAR can discover a path with desired security attributes (E.g. a path through nodes with a particular shared key). • A node initiating route discovery sets the sought security level for the route i.e. the required minimal trust level for nodes participating in the query/reply propagation. • Nodes at each trust level share symmetric encryption keys. Intermediate nodes of different levels cannot decrypt in-transit routing packets or determine whether the required security attributes can be satisfied and drop them. • Only the nodes with the correct key can read the header and forward the packet. So if a packet has reached the destination, it must have been propagated by nodes at the same level, since only they can decrypt the packet, see its header and forward it. Drawbacks A lot of encryption overhead, since each intermediate node has to performs it.
  • 26. SOLUTION TO AD HOC ROUTING SAODV - Implementation SAR extends AODV • Most of AODV’s original behavior such as on-demand discovery using flooding, reverse path maintenance and forward path setup via Route Request and Reply (RREP) messages is retained. • The RREQ packet has an additional field called RQ_SEC_REQUIREMENT that indicates the required security level for the route the sender wishes to discover. • An intermediate node at the required trust level, updates the RREQ packet by updating another new field, RQ_SEC_GUARANTEE field. The RQ_SEC_GUARANTEE field contains the minimum security offered in the route. • This can be achieved if each intermediate node at the required trust level performs an ‘AND’ operation with RQ_SEC_GUARANTEE field it receives and puts the updated value back into the RQ_SEC_GUARANTEE field before forwarding the packet. • When an RREQ successfully traverses the network, the RQ_SEC_GUARANTEE represents the minimum security level in the entire path from source to destination. • the destination copies this from the RREQ to the RREP, into a new field called RP_SEC_GUARANTEE field. The sender can use this value to determine the security level on the whole path, since the sender can find routes which offer more security than asked for, with which he can make informed decisions.
  • 27. SOLUTION TO AD HOC ROUTING  Authenticated Routing for Ad-hoc Networks - ARAN • ARAN is presented in [14], introduces authentication, message integrity and non-repudiation to an Ad-hoc environment. • ARAN is composed of two distinct stages. The first stage is simple and requires little extra work from peers beyond traditional ad hoc protocols. Nodes that perform the optional second stage increase the security of their route, but acquire additional cost for their ad hoc peers who may not comply (e.g., if they are low on battery resources). • ARAN makes use of cryptographic certificates for the purposes of authentication and non-repudiation.
  • 28. SOLUTION TO AD HOC ROUTING ARAN, Stage 1  Preliminary Certification • Before entering the Ad-hoc network, each node requests a certificate from T. For a node A, T -> A: CertA = [IPA, KA+, t, e]KT- • All nodes must maintain fresh certificates with the trusted server and must know T’s public key.  End-to-End authentication • The goal of stage 1 is for the source to verify that the intended destination was reached. • Source node , A, begins route instantiation to a destination X by broadcasting to its neighbors a route discovery packet (RDP): A -> broadcast: [RDP, IPX, CertA, NA, t]KA- • all signed with A's private key. Each time A performs route discovery, it monotonically increases the nonce. Nodes then store the nonce they have last seen with its timestamp.
  • 29. SOLUTION TO AD HOC ROUTING ARAN, Stage 1 • Intermediate node for RDP , Each node records the neighbor from which it received the message. Let A's neighbor be B. B -> broadcast: [[RDP, IPX, CertA, NA, t]KA-]KB-, CertB • Upon receiving the broadcast, B's neighbor C validates the signature with the given certificate. • C then rebroadcasts the RDP to its neighbors, first removing B's signature. C -> broadcast: [[RDP, IPX, CertA, NA, t]KA-]KC-, CertC • Destination node, unicasts a Reply (REP) packet back along the reverse path to the source. X -> D: [REP, IPA, CertX, NA, t]KX- • Intermediate node for REP, All REPs are signed by the sender. D -> C: [[REP, IPA, CertX, NA, t]KX-]KD-, CertD • C validates D's signature, removes the signature, and then signs the contents of the message before unicasting the RDP to B • C -> B: [[REP, IPA, CertX, NA, t]KX-]KC-, CertC • Source node, verifies that the correct nonce was returned by the destination as well as the destination's signature. Only the destination can answer an RDP packet.
  • 30. SOLUTION TO AD HOC ROUTING ARAN, Stage 2 • The disadvantage of ARAN is that it requires that nodes keep one routing table entry per source-destination pair that is currently active. This is certainly more costly than per-destination entries in non-secure ad hoc routing protocols. • Stage 2 is done only after Stage 1 is over. This is because the destination certificate is required in this stage. • This stage is primarily used for discovery of shortest path in a secure fashion. Since a path is already discovered , data transfer can be pipelined with Stage 2's shortest path discovery operation. • Source, by broadcasting a Shortest Path Confirmation (SPC) message to its neighbors A -> broadcast: SPC, IPX, CertX, [[IPX, CertA, NA, t]KA- ]KX+ • This signed message is encrypted with X's public key so that other nodes cannot modify the contents
  • 31. SOLUTION TO AD HOC ROUTING ARAN, Stage 2 • Intermediate Node , a neighbor B that receives the message rebroadcasts the message after including its own cryptographic credentials. B ->broadcast: SPC, IPX, CertX, [[[IPX, CertA, NA, t]KA-]KX+]KB-, CertB]KX+ • Nodes that receive the SPC packet create entries in their routing table so as not to forward duplicate packets. The entry also serves to route the reply packet from the destination along the reverse path. • Destination Node, it checks that all the signatures are valid. X replies to the first SPC it receives and also any SPC with a shorter recorded path by sending Recorded Shortest Path (RSP) message . X -> D: [RSP, IPA, certX, NA, route]KX- • The source eventually receives the packet and verifies that the nonce corresponds to the SPC is originally generated. Advantages The onion-like signing of messages prevents nodes in the middle from changing the path in several ways. First, to increase the path length of the SPC, malicious nodes require an additional valid certificate. Second, malicious nodes cannot decrease the recorded path length or alter it because doing so would break the integrity of the encrypted data.
  • 32. SOLUTION TO AD HOC ROUTING ARAN, Route Maintenance • Nodes keep track of whether routes are active. When no traffic has occurred on an existing route for that route's lifetime, the route is simply de-activated in the route table. • Data received on an inactive route causes nodes to generate an Error (ERR) message that travels the reverse path towards the source. • Nodes also use ERR messages to report links in active routes that are broken due to node movement. All ERR message must be signed. • For a route between source A and destination X, a node B generates the ERR message for its neighbor C as follows: B -> C: [ERR, IPA, IPX, CertC, NB, t]KB- • This message is forwarded along the path towards the source without modification. • Because messages are signed, malicious nodes cannot generate ERR messages for other nodes
  • 33. SOLUTION TO AD HOC ROUTING ARAN, Key Revocation • ARAN attempts a best effort key revocation that is backed up with limited time certificates. • Calling the revoked certificate cert r, the transmission appears as • T -> broadcast: [revoke, Cert-R]KT- • Any node receiving this message re-broadcasts it to its neighbors. • Any neighbor of the node with the revoked certificate needs to reform routing as necessary to avoid transmission through the now-untrusted node.
  • 34. SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] • SRP is applied as an extension of a multitude of existing routing protocols such as DSR [12] and ZRP [13]. • counters the malicious behavior that guarantees the acquisition of correct topological information in a timely manner. • . i.e., the route replies that are validated and accepted by the querying node provide accurate connectivity information, despite the presence of strong adversaries [13]. • Achieved with the existence o a security association between the pair of end nodes only, without the need for intermediate node to cryptographically validate control traffic.
  • 35. SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] • Here is assumed that a security association (a shared key KST) is established between source (S) and destination (T). • The route request packet is identified by a random query identifier (rnd#) and a sequence number (sq#). • S constructs a Message Authentication Code (MAC) which is a hash of source, destination, random query identifier, sequence number and KST • MAC = h(S, T, rnd#, sq#, KST) • In addition the identifiers (IP addresses) of the traversed intermediate nodes are accumulated in the route request packet. • The intermediate nodes maintain a limited amount of state information regarding relayed queries (by storing their random sequence number), so that previously seen route requests are discarded.
  • 36. SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] • More than one route request packet reaches the destination through different routes. • The destination T calculates a MAC covering the route reply contents and then returns the packet to S over the reverse route accumulated in the respective request packet. • The destination responds to one or more route request packets to provide the source with an as diverse topology picture as possible. Advantages: • Computing the MAC is not computationally expensive. • Message integrity is preserved. • If confidentiality of data is required, the pay load could be encrypted with the shared key KST
  • 37. SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] • the query request is denoted as a list { QST; n1, n2, …. nk} • QST denotes the SRP header for a query searching for T and initiated by S. • ni , i not = {1,k} are the IP addresses of the intermediate nodes and n1= S, nk= T. • Similarly, a route reply is denoted as { RST; n1, n2, …. nk}
  • 38. SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] Case 1 • When M receives { QST; S} it tries to mislead S by generating{ RST; S, M1, T} i.e. it fakes that destination T is its neighbor. • This is possible in a regular routing protocol, but not here, since only T can generate the MAC which is verified by S. Case 2 • If M1 discards request packets that it receives, it narrows the topology view of S. • But at the same time it practically removes itself from S’s view. • Thus it cannot inflict harm to data flows originating from S, and route chosen by S would not include M1.
  • 39. SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] Case 3 • When M1 receives { RST; S,1, M1, S, 4, T} it tampers with its contents and relays{ RST; S, 1, M, Y, T}. • Y being any sequence of nodes. S readily discards the reply due to the integrity protection provided by MAC. Case 4 • When M2 receives { QST; S, 2, 3 } it corrupts the accumulated route and relays { QST; S, X, 3, M2} to its neighbors, where X is a false IP address. • This request arrives at T, which constructs the reply and routes it over {T, M2, 3, X, S} towards S. • but when node 3 receives the reply it cannot forward it any further since X is not its neighbor and the reply is dropped.
  • 40. SOLUTION TO AD HOC ROUTING Secure Routing Protocol – SRP [11] Case 5 • If M1 replays route requests to consume network resources, they will be discarded by intermediate nodes, since they maintain a list of query identifiers seen in the past. • The query identifier is a random number, so that it is not guessable by the malicious node. Case 6 • If M1 attempts to forward { QST; S, M*} i.e. it spoofs its IP address. • Consequently S would accept { RST; S, M*, 1, 4, T} as a route • But the connectivity information conveyed by such a reply is correct.
  • 41. SOLUTION TO AD HOC ROUTING Attack on SRP Tunneling • If 2 nodes collude during the 2 phases (request and reply) of a single route discovery, then the protocol could be attacked. e.g.: if M1 received a route request, it can tunnel it to M2 • i.e. discover a route to M2 and send the request encapsulated in a data packet. Then M2 broadcasts a request with the route segment between M1 and M2 falsified {QST; S, M1, Z, M2}. • T receives the request and constructs a reply which is routed one {T, M2, Z, M1, S}. M2 receives the reply and tunnels it back to M1, which then returns it to S. As a result the connectivity information is only partially correct. Replay • If M1 rewrites the RND# with some other random number, its neighbors think that it is a genuine packet and keep forwarding it, thus wasting their resources. • Only when the packet reaches the destination this misuse can be detected using the MAC.
  • 42. Conclusion • Routing protocol threats are usually specific to particular security weakness (not necessary design weakness) of the protocol, which can be categorized using different criteria. • However, proposed routing solutions are capable to operate with dynamic topology but in terms of security measure they provide partial or no solution [4]. • Thus implementation of secure routing protocol is still one of the challenges within ad hoc network.
  • 43. References 1. Wenjia Li and Anupam Joshi, “Security Issues in Mobile Ad Hoc Networks A Survey”. 2. Jean-Pierre Hubaux, Levente Buttyan and Srdan Capkun, “The Quest for Security in Mobile Ad hoc Networks”, Proceedings of the ACM Symposium on Mobile Ad hoc Networking and Computing, MobiHOC 2001. 3. Hao Yang, Haiyun Luo, Fan Ye, Songwu Lu, and Lixia Zhang, “Security in Mobile Ad Hoc Network Challenge and Solutions”, IEEE Wireless Communications, February 2004 4. L. Zhou, Z. J. Haas. Securing Ad Hoc Networks. IEEE Network, 13(6): 24-30, Nov/Dec 1999. 5. Preetida Vinayakray-Jani, “Security within Ad hoc”, Position Paper, PAMPAS Workshop, Sept. 16/17 2002, London. 6. Dr. Harsh Sadawarti and Anuj K. Gupta, “Secure Routing Techniques for MANETs”, International Journal of Computer Theory and Engineering, Vol. 1, No. 4, October2009, 1793-8201. 7. F.Wang, B. Vetter, and S.Wu, “Secure Routing Protocols: Theory and Practice,” Technical Report, North Carolina State University, May 1997 8. [http://citeseer.nj.nec.com/400961.html.2000.H. Dang,W. Li, and D. P. Agrawal, “Routing security in wireless ad hoc networks”, IEEE Communications Magazine, 0163-6804, pp. 70-75, October 2002.] 9. A. K. Bayya, S. Gupte, Y. K. Shukla, A. Garikapati, “Security in Ad-hoc Networks”. 10. S. Marti, T.J. Giuli, Kevin Lai and Mary Baker, Mitigating Routing Misbehavior in Mobile Ad Hoc Networks. Proceedings of MOBICOM 2000, August 2000. 11. P. Papadimitratos and Z.J. Haas. “Secure routing for mobile ad hoc networks,” SCS Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2002), Jan 2002. 12. D.B. Johnson, D.A Maltz, and J. Broch, “DSR: The Dynamic Source Routing Protocol for Multi-Hop Wireless Ad hoc Networks,” Ad Hoc Networking, C.E. Perkins, Ed., Addison-Wesley, 2001, 139-172. 13. Z. J. Haas, M. Perlman, “The Performance of Query Control Schemes of the Zone Routing Protocol” IEEE/ACM Transactions on Networking, vol. 9, no. 4, pp. 427-438, Aug 2001. 14. B. Dahill, B. N. Levine, E. Royer, and C. Shields, “A secure routing protocol for ad hoc networks,” in Proceedings of the International Conference on Network Protocols (ICNP), pp. 78-87, 2002. 15. F. Stajano and R. Anderson, “The Resurrecting Duckling: Security Issues for Ad Hoc Wireless Networks,” Security Protocols, 7th International Workshop, LNCS, Springer-Verlag, 1999. 16. Seung Yi, P. Naldurg and R. Kravets, “Security-Aware Ad-Hoc Routing for Wireless Networks”.