Download Data security based on multipath routing.

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Cryptanalysis wikipedia , lookup

Quantum key distribution wikipedia , lookup

Deep packet inspection wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Security-focused operating system wikipedia , lookup

Diffie–Hellman key exchange wikipedia , lookup

Distributed firewall wikipedia , lookup

Computer security wikipedia , lookup

Wireless security wikipedia , lookup

Mobile security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Secure multi-party computation wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript
Survey on
Areas of standardization
For
Securing Ad hoc networks
By
Ajith U Kamath
60-564 Project
Based on
 Standardization Areas for securing
Ad hoc networks
By Rajesh Talpade and Anthony McAuley
 Data Security in Ad hoc networks
using Multipath routing
By Souheila Bouam and Jalel Ben-Othman
AGENDA
 Introduction
 Attacks in Ad hoc networks and Areas of
standardization
 Node configuration
 Key Management
 Routing protocol security

Data security based on multipath routing
 Intrusion Detection
 Conclusion
Introduction
 What are Mobile Ad hoc networks ?
 Characteristics
 Problems encountered
Attacks in Ad hoc networks
 Passive attacks
 Active attacks
 Black hole attack
 Worm hole attack
 Routing tables overflow attacks
Attacks in Ad hoc networks
 Active attacks
 Sleep deprivation attacks
 Location disclosure attacks
 Denial of service attacks
 Impersonation attacks
"Problems worthy of attack prove their worth by hitting
back.“ – By Piet Hein
Areas of Standardization
It is expected in future, multi vendor
ad hoc devices would inter-operate
securely on a large scale.
Standardization Areas,




Node configuration
Key management
Routing protocol security
Intrusion detection
Node Configuration
In realistic deployment scenarios nodes of ad
hoc network should support auto-configuration.
 Link Local IP address assignment
Private address spaces (e.g. 169.254/16 prefix)
 IPv6 address generation based on
hardware interface
Problems: different designs for different link-layers,
non-unique interface addresses in some link-layers or
vendors, and changeable interface addresses.
Node Configuration
 Distributed dynamic host configuration
protocol




MANET Initialization
New node joining the MANET
Graceful departure of the node
Migration of Requester
 tolerate message losses, network partitioning
and mergers
 does not account for the possibility of nodes
behaving maliciously
Key Management
For enforcing confidentiality, integrity,
authentication and non-repudiation of
messages in ad hoc networks.

Key management Service through CA
A centralized CA-based approach is not applicable
to ad hoc networks.
Replicating the CA, introduces the problem of
maintaining the synchronization across the
multiple CA’s
Key Management
 Threshold cryptography
An (n; t + 1) threshold cryptography scheme
allows ‘n’ parties to share the ability to perform a
cryptographic operation, so that any ‘t + 1’ parties
can perform this operation jointly, whereas it is
infeasible for at most ‘t’ parties to do so, even by
collusion.
Key Management
But places unreasonable requirement of forcing some
nodes to “volunteer” for specific roles.
Ref: Parallel reliable threshold multisignature by Yair Frankel and Yvo G
Key Management
 Self organized public key infrastructure
 Public key certificates are issued by the users.
 When user u wants to obtain the authentic public
key of user v, it acquires a chain of public key
certificates such that the first certificate of the chain
can directly be verified by u using a public key that
u holds and trusts.
 Similar to PGP but self organized.
 The approach is probabilistic.
Key Management
Ref: The Quest for Security in Mobile Ad Hoc Networks by Jean-Pierre Hubaux, Levente
Butty´an and Srdan Capkun
Routing Protocol Security
An attacker can inject incorrect routing
information, replay old information, or cause
excessive load to prevent proper routing
protocol functioning.
 Data security based on multipath routing.
Exploit the feature of existence of multiple paths
between nodes in an Ad hoc network.
Routing Protocol Security

Assumptions made by the protocol
 The sender ‘A’ and the receiver ‘B’ are
authenticated.
 WEP (Wireless Equivalent Privacy) is used for the
encryption/decryption of all the frames at MAC
layer and the authentication of the terminals.
 A mechanism of discovering the topology of the
network is available.
 The used routing protocol supports multi-routes.
Routing Protocol Security
 Description
 It uses n routes (n ≥ 3) among N available.
 There exist two types of channels
 The original message m is divided into (n-1) parts.
 The protocol generates, then, a random number x
(1< x ≤ (n-1), x integer).
 Algorithm can be run with both reactive and
proactive routing protocols.
Routing Protocol Security
Ref: Data Security in Ad hoc Networks Using MultiPath Routing By Souheila BOUAM
and Jalel BEN-OTHMAN
Routing Protocol Security
 Position of SDMP
 The SDMP header
Routing Protocol Security
 Improvements
(Accepted in the 2004 International Workshop on
Mobile Ad Hoc Networks and Interoperability Issues.)
 Error and Retransmit management
Ref: Securing Data Transmissions and Retransmissions Management in Ad hoc
Networks By Souheila BOUAM and Jalel BEN-OTHMAN
Routing Protocol Security
 Experimental results
 Sending data using the algorithm (n=8 and n=4)
and using classical method with one channel are
compared. The transmitted file is 4.48 MB length
and length of each block is 64 Kbytes.
Ref: Data Security in Ad hoc Networks Using MultiPath Routing By Souheila BOUAM and
Jalel BEN-OTHMAN
Routing Protocol Security
 In the second test, different block sizes at each
data transmission were used. A base file of 19200
Bytes was used.
Ref: Data Security in Ad hoc Networks Using MultiPath Routing By Souheila BOUAM and
Jalel BEN-OTHMAN
Routing Protocol Security
 Drawbacks of the protocol
 Diversity coding provides single line failure
with only one extra line instantaneously
without communicating with the transmitter.
But this feature is not made use of in the
protocol.
 A particular sequence has to be followed to
get each message parts. If a message part is
lost, all the remaining parts cannot be
obtained until receiver receives the lost
message part.
 More bandwidth is consumed for transmitting
the message.
Routing Protocol Security
 Protocols based on multi path routing
 SPREAD (Security Protocol for Reliable data
delivery) – uses threshold secret sharing system.
Provides maximum security along with reliability
of some extent.
 Split multi path routing - uses the source routing.
The message parts are sent on maximum routes
with maximally disjoint paths. The protocol builds
multiple routes using request/reply cycles.
 M-TCP – Multipath TCP
Routing Protocol Security
 Dynamic Source Routing
 Source routing is a routing technique in which the
sender of a packet determines the complete
sequence of nodes through which to forward the
packet.
 Assumes that all hosts wishing to communicate with
other hosts within the ad hoc network are willing to
participate fully in the protocols of the network.
 Route Discovery protocol
Routing Protocol Security
 Grudging Nodes in DSR
 Once non-cooperative behavior has been detected
and exceeds threshold values, an ALARM message is
sent.
Intrusion Detection
In an ad hoc network, there does not exists natural
traffic concentrators such as firewalls/gateways and
localized communication pattern.
 Intrusion Detection in Ad hoc networks
Every node in the ad-hoc network participates in
intrusion detection and response.
 Each node is responsible for detecting signs of
intrusion locally and independently.
 Neighboring nodes can collaboratively investigate in a
broader range.

Intrusion Detection
The conceptual IDS model at every system in the ad hoc
network.
Ref: Intrusion Detection in Wireless Ad Hoc Networks By Yongguang Zhang and Wenke
Lee
Intrusion Detection
Standardization of the intrusion detection mechanisms
and processes enables nodes from multiple vendors to
share information and collectively determine the
intruding node(s).
Conclusion
Even though significant research work exists in the
above areas of ad hoc networks, little or no attempt has
been made to standardize mechanisms that would
enable multi vendor nodes to inter-operate on a large
scale and permit commercial deployments of ad hoc
networks. Based on the requirements for each of the
identified areas, candidate proposals will need to be
evaluated.
Thank You
Questions ? Comments ?