Download Study of Secure Reactive Routing Protocols in Mobile Ad Hoc

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
Document related concepts

Distributed firewall wikipedia , lookup

Computer security wikipedia , lookup

Airborne Networking wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

CAN bus wikipedia , lookup

Kademlia wikipedia , lookup

Routing wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Transcript 
Security in Mobile Ad Hoc
Networks (MANETs)
Group :
►NS. Farid Zafar Sheikh
►NS. Muhammad Zulkifl Khalid
►NS. Muhammad Ali Akbar
►NS. Wasif Mehmood Awan
Department Of Electrical Engg.
College Of E&ME (NUST) ,Rwp.
INTRODUCTION






Mobile Adhoc NETwork (MANETs)
Adhoc On-demand Distance Vector
(AODV)
Security Threats to existing protocols
Secure – AODV (SAODV)
Security analysis
Conclusion
MANETs





One of the most prevalent areas of
research in the recent years
Communication via wireless means
without need of infrastructure
Nodes can perform the roles of both
hosts and routers
No centralized controller and
infrastructure
Dynamic network topology
Advantages Of MANETs





Can access information and services
regardless of geographic position
Can set up computer networks at
any place and time
No need of dedicated infrastructure,
hence cost-effective.
Can cope with Dynamic Topologies.
With improved algorithms, becoming
more scalable.
Disadvantages Of MANETs





Limited resources
Limited physical security
Limited Bandwidth, high error rate
Mutual trust vulnerable to attacks
Security protocols for wired networks
cannot work well for ad hoc networks
MANETs
Classification based on routing table
maintenance.
Table Driven : Also called Proactive
routing protocols. Maintain routes with
every host at all time.
On-Demand : Also called Reactive
routing protocols. Create routes to
remote hosts on-demand.
MANETs
Available ad hoc routing protocols
 Proactive (table driven) approaches
DSDV (Destination Sequenced Distance
Vector)
OLSR (Optimized Link State Routing)
 Reactive (on demand) approaches
DSR (Dynamic Source Routing)
AODV (Ad-hoc On-demand Distance Vector)
Ad hoc On-demand Distance
Vector (AODV)
Uses routing tables, with one route
entry per destination
Each entry stores next hop towards
destination
AODV
Route Discovery Process
 Broadcasting route request (RREQ) packets
 Each RREQ is uniquely identified by the
sender address, destination address and
request id
 If the node is either the destination node or
has a route to the destination node
 Returns a route reply (RREP) containing the
route, to sender
AODV
Route Discovery Process
2
Source
1
5
7
6
8
3
4
Destination
Propagation of a Route Request (RREQ) Packet
AODV
Route Discovery Process
2
Source
1
5
7
6
8
3
4
Destination
Path Taken By the Route Reply (RREP) Packet
AODV
Route Discovery Process
Maintaining “fresh-enough” routes
Uses sequence numbers
Node compares the destination
sequence number of the RREQ with that
of its route table entry
Either responds with its own route if
entry is fresh, or rebroadcasts the RREQ
to its neighbors
AODV
Route Discovery Process
Loop prevention
Before forwarding route request, check
broadcast_id of RREQ
Dropped those that were already
processed
Routing table consists of ‘precursor’ &
‘outgoing’ lists
Precursor list of nodes that use node for
forwarding packets
 Outgoing list of nodes which act as
‘next hops’ in a route

AODV
Route Maintenance




A routing table entry is “expired” if it is not
used recently.
A set of predecessor nodes is maintained
per routing table entry
These nodes are notified with a RERR if
entry expires
If a link break occurs while the route is
active, the node upstream of the break
propagates a RERR message to the source
node
Attacks Possible On
Existing Protocols



Attacks using modification
Attacks using impersonation
Other forms of attacks
Attacks Using Modification
Cause redirection of network traffic
and Denial of Service (DoS) attacks
by
Altering the protocol fields in routing
messages
Injecting routing messages into the
network with falsified values in these
fields.
Attacks using Modification
M
RREQB
Sn = 99
Sn = 99
Source
A
Sn = 10
B
RREQA
X
Destination
RREQB
Redirection with modified route sequence numbers
Attacks using Modification
M
RREQB
Hop count = 0
Hop count = 0
Source
A
Hop count = 2
B
RREQA
X
RREQB
Redirection with modified hop counts
Destination
Destination
Attacks using Modification
RERR
<M,C,D,X>
Source
A
M
D
<M,C,X>
RERR
C
X
Destination
Denial of service with modified source routes
Attacks Using Impersonation



By impersonating another node
(spoofing), a malicious node can
launch many attacks in a network
Traffic belonging to impersonated
node redirected to malicious node
(eavesdropping).
Spoofing is readily combined with
modification attacks to create loops
in routes
Attacks Using Impersonation
Malicious nodes don’t need to
impersonate a single node of
network
 It can take up identity of multiple
nodes of a network (Sybil Attack)
 Data belonging to multiple nodes can
be compromised
Attacks Using Impersonation


By generating false RERR messages
Routes passing through targeted
node would be disrupted
Attacks using Impersonation
I am C!!
RERR: D
is broken
RERR: D
is broken
Source
A
M
B
Routing
entries for X
D
C
X
Destination
Routing
entries for X
Falsifying route error messages in AODV and DSR
Other Forms of Attacks

Wormhole attack



Two attacker nodes A and B linked via a
private network connection
A forwards every packet received
through the wormhole to B for
broadcasting, and conversely
Potentially disrupts routing by short
circuiting the normal flow of routing
packets
SAODV




An extension of the AODV routing
protocol
Providing security features like
integrity and authentication.
Each node has a signature key pair
from a suitable asymmetric
cryptosystem (OpenSSL)
Each node is capable of securely
verifying the association between the
address of a given ad hoc node and
the public key of that node
SAODV
Digital Signatures



Used to protect the integrity of the nonmutable data in RREQ and RREP messages
Sign everything but the Hop Count
(mutable) of the AODV message and the
Hash from the SAODV extension
When a node receives a routing message,
it will verify the signature before any other
action
SAODV
Hash Chains



Used to authenticate the hop count
of RREQ and RREP messages
Ensures that the hop count has not
been altered by an attacker
Is formed by applying a one-way
hash function repeatedly to a seed
SAODV
Hash Chains





Calculating Top hash
Generates a random number as the “seed”
Set the Max_Hop_Count field in the message to
the TTL value of the packet.
Determine the Hash function and use it to
calculate the Top Hash which is obtained by
hashing the seed Max_Hop_Count times.
Top Hash = hMax Hop Count (seed)
Where:
 – h is a hash function.

All this information is stored in the message
RREQ / RREP Extension
SAODV
Hash Chains


Verification of hop Count
When a node receives a RREQ or a RREP
message

Applies the hash function Maximum Hop Count minus
Hop Count times to the value in the Hash field,



Verifies that the resultant value is equal to the value
contained in the Top Hash field.
If it is a valid message,


Top Hash = hMax Hop Count – Hop_Count (seed)
The node applies the hash function to the Hash value
before forwarding it
All the fields mentioned above except the Hash
field are protected by digital signatures in order
to protect their integrity
SAODV
Route Errors




RERR corruption may cause route
destruction
Every node uses digital signatures to
sign the whole message
Any neighbour that receives it
verifies the signature
Destination Sequence no. never
updated from RERR
SAODV
Security Analysis
The digital signature serves as proof
of validity of the information
contained in the routing message
Thus, formation of loops by malicious
nodes through spoofing is prevented
Able to detect that the malicious nodes
are sending out false messages.
SAODV
Security Analysis
A node attempting to transmit false
RERR messages will not succeed
Digital signature will reveal that it is not
on the route and hence is not supposed
to send a RERR.
Sequence number in the RREQs and
RREPs also protected by the digital
signature.
Any modifications to the sequence
number will invalidate the message
SAODV
Security Analysis

The hop authentication implemented
using hash chains counters the
ability of a malicious node for
mounting an attack by modifying the
hop count
SAODV
Security Analysis


SAODV is able to handle all attacks
using either modification or
impersonation
However, it is unable to cope with
wormhole attacks.
SAODV
Key Management & Distribution


One approach can be that nodes are
assigned keys on boot-up by a
central authority
Assumption is that:
key distribution is already done
Every node has list of shared keys of
network
Conclusion








MANET’s are among the fastest evolving network designs
No need for infrastructure, hence installation costs are
minimum.
Provided limited bandwidth and security threats are a BIG
issue.
Security needs greater than for fixed topology networks
due to ad hoc nature.
Security features can be incorporated using various
cryptographic schemes
Security increases packet overhead, further reducing
bandwidth.
No protocol yet designed which exhibits complete security
features.
Hence, secure routing on Mobile Adhoc Networks still in an
evolutionary phase.
We thank you for your patience!
open for questions , if any…
Related documents
WINE (IST-1999
WINE (IST-1999
Ad-hoc On-Demand Distance Vector Routing (AODV) and
Ad-hoc On-Demand Distance Vector Routing (AODV) and
Chapter 1 Exploring the Network
Chapter 1 Exploring the Network
QoS Scheduling with Efficient MAC Layer Multiplexing
QoS Scheduling with Efficient MAC Layer Multiplexing
AODV-BR: Backup Routing in Ad hoc Networks
AODV-BR: Backup Routing in Ad hoc Networks
The Stagecoach Problem
The Stagecoach Problem
Problem 3.4 For the circuit in Fig. P3.4: (a) Apply nodal analysis to
Problem 3.4 For the circuit in Fig. P3.4: (a) Apply nodal analysis to
Slide 1
Slide 1
Multi-hop Data Collection
Multi-hop Data Collection
Document
Document