A Key Management Solution for Secure Routing in Mobile Ad Hoc Networks

Transcription

1 A Key Maagemet Solutio for Secure Routig i Mobile Ad Hoc Networks Sulaima ASHRAPH asulaima@ur.ac.rw Natioal Uiversity of Rwada Butare, Rwada ad Dawoud S DAWOUD dsheouda@ur.ac.rw Natioal Uiversity of Rwada Butare, Rwada ad Adrois NIYONKURU aiyokuru@ur.ac.rw Natioal Uiversity of Rwada Butare, Rwada ABSTRACT This paper ivestigates the eed for security ad more specifically key maagemet for secure routig i mobile ad hoc etworks. A key maagemet protocol is proposed for o-demad ad hoc routig protocols. The proposal provides key distributio ad security evaluatio to allow the most secure path to be selected durig route discovery. Simulatios modeled i s-2 ivestigate the success of the key distributio mechaism ad security scheme. Keywords: Ad hoc etworks, Trust chai, O-demad routig protocol, Secure Routig. 1. INTRODUCTION With recet wireless techology advaces mobile ad hoc etworks have foud icreasig applicatio i the military ad commercial domai. However the uique characteristics of mobile ad hoc etwork make them difficult to secure. Such characteristics iclude the lack of etwork ifrastructure, o prior relatioships, ureliable multi-hop commuicatio chaels, resource limitatio ad ode mobility. Before these dyamic etworks ca be deployed ito the commercial ad military area they must be secured agaist malicious attackers. We idetify that most of the security attacks target the etwork layer ad more specifically the routig protocol. Such attacks iclude blackhole attacks, wormhole attacks, eavesdroppig attacks, byzatie attacks, resource cosumptio attacks ad routig table poisoig. The etwork layer provides a critical service to the mobile ad hoc etwork, called the routig protocol. I the cotext of trust ad security the provisio of secure routes is oe of the most vital elemets for trust establishmet. Adversaries target the routig protocol specifically ad a secure routig solutio is eeded for a secure implemetatio ad deploymet of ad hoc etworks. Secure ad hoc routig protocols exist but their operatioal assumptios typically iclude a existig key maagemet system. The followig sectio ivestigates the operatioal requiremets for existig secure ad hoc routig protocols. Secure ad hoc routig protocols are divided ito three categories: symmetric cryptography, asymmetric cryptography, ad reputatio based protocols. Although symmetric cryptographic approaches do ot rely o a public key ifrastructure they still require some kid of key maagemet i a ad hoc etwork. The SEAD protocol [1] desiged for the table-drive DSDV routig protocol requires a key maagemet mechaism to distribute a autheticated iitial hash elemet. SEAD uses a oe-way hash fuctio to provide hop-by-hop autheticatio for routig packets hop cout ad sequece umbers. Ariade [2] proposed a DSR based o-demad protocol uses TESLA autheticatio [3] to provide ed-to-ed autheticatio. A key maagemet system is assumed preset to distribute the TESLA keys. TESLA autheticatio also requires clock sychroizatio betwee participatig odes which is difficult without the presece of a olie TTP. ARAN [4], SAODV [5] ad SLSP [6] use asymmetric cryptography ad key maagemet is simply assumed for each of these protocols. ARAN assumes that a olie TTP is preset that acts as a certificate authority (CA) to provide edto-ed autheticatio i a o-demad eviromet. Prior shared secrets are assumed betwee all participatig odes ad the CA. The SAODV protocol is based o the AODV odemad routig protocol ad provides ed-to-ed autheticatio by autheticatig the routig packets mutable fields with a hash chai ad immutable fields with a digital sigature [5]. SAODV assumes the presece of a key maagemet system to distribute keys ad iitial hash elemets. SLSP secures a table drive lik state routig protocol (OLSR) by providig secure eighbor discovery ad autheticated lik state updates [6]. SLSP uses digital sigatures ad assumes that odes eter the etwork with asymmetric key pairs ad a key maagemet scheme is preset to certify the keys i the etwork. ODSBR [7] is based o the o-demad DSR routig protocol. ODSBR autheticates its routig packets with digital sigatures

2 ad a public key ifrastructure is assumed to maage the keys. ODSBR employs a reputatio based mechaism to moitor data packets ad maitai a path specific ratig list. Shared keys are assumed to allow for autheticated ackowledgemet messages to be trasmitted betwee a source ad probe odes which provide the evidece for path ratig. CONFIDANT [8] is aother reputatio based solutio which does ot use ay cryptographic techiques ad therefore does ot require a key maagemet system. CONFIDANT does assume pre-exitig relatioships betwee a small umber of odes called frieds. The CONFIDANT is a o-demad solutio which provides a ode specific reputatio list to help selectig secure paths durig route discovery. The observatio is made that most secure ad hoc routig protocols assume the existece of a key maagemet system to certify, autheticate, ad distribute keyig iformatio. Pure mobile ad hoc etworks caot assume the existece of a trusted third party (TTP) ad must address the problem of key maagemet. 2. OUR APPROACH a. System Model We view the trust problem i ad hoc etworks as a weighted trust graph G(V,E) where the vertex V represet odes ad the edges E represet paths. There is o TTP preset durig commuicatio. The routig eviromet is o-demad. Each ode is assumed to have a asymmetric key pair before eterig the etwork. We desig a key maagemet system to provide key maagemet for secure o-demad routig protocols. The system operatio is as follows. A key distributio scheme is proposed which is divided ito two compoets: localized key exchages ad remote ed-to-ed key exchages. A local autheticatio is performed by exchagig keys betwee close proximity eighbours over a locatio-limited chael. Remote ed-to-ed key exchage uses the established localized relatioships to share keys remotely across multiple hops. The security evidece provided by certificates is allowed to ifluece the selectio of routes durig the route discovery phase. We propose a security evaluatio metric which aggregates trust alog a path based o a security metric ad path distace. Similar to [14], we cosider a fully distributed etwork of wireless odes with geeric medium access cotrol (such as IEEE ) ad secure o- demad routig mechaisms. Nodes ca be statioary or move with low to high mobility speeds (0m/s -20m/s). We assume that there are o pre-existig ifrastructure ad o form of olie trusted authority to assist the key distributio mechaism. Sice we are cosiderig authority-based MANETs as defied i [14], there exists a offlie authority to bootstrap the system; before users joi the etwork they have to acquire a certificate from the offlie trusted authority. The trusted authority thus oly provides each ode with its ow certificate ad ot with the certificates of ay other odes. This requiremet is fudametal to esurig scalability ad o-demad etwork formatio. Each ode is also issued with the authetic public key of the trusted authority ad a uiversal set of system parameters. The certificate must cotai the offlie authority s idetity, the ode s public key ad idetity/etwork address, a uique sequece umber, certificate geeratio date ad expiry date b. Key distributio scheme 1) Localized key exchage: Neighbourig odes ca securely exchage keyig material without the presece of a TTP. Nodes i close proximity first exchage preautheticatio iformatio across a locatio-limited chael. Locatio-limited chaels iclude ifrared, physical cotact, audio, etc. Because of the ature ad characteristics of a locatio-limited chael like ifrared the eighbors ca be assured that the pre- autheticatio is legitimately from the seder. After users exchage pre-autheticatio iformatio a group certificate exchage scheme is implemeted over the mai wireless chael. Certificates bidig a ode s uique ID ad public key are exchaged ad autheticated usig the previously acquired pre- autheticated iformatio. Followig the routig protocol the localized key exchage has two approaches. Firstly followig a route request immediate odes perform a localized key exchage. Alteratively localized key exchage would follow a hello packet broadcast of a odemad routig protocol like AODV. 2) Remote ed-to-ed key exchage: The certificate of the source ode A is forwarded alog the request route packet RREQ idepedet of the routig packets. At each hop the itermediate ode is iquired if it possesses the source s certificate. If ot a separate uicast message is set back to the previous hop requestig the sources certificate. This procedure follows the RREQ util it reaches its target. The destiatio ode B caches the sources certificate ad replies with a route reply message RREP. The RREP is forwarded alog the reverse path ad at each itermediate ode the local certificate repository is checked if it cotais the destiatio s certificate. If the certificate is ot foud a uicast certificate exchage similar to the forward path oe is performed. All the certificates are verified o the REPP route. This approach miimizes uecessary certificate verificatios o paths which will ot be selected. Whe a ode (RN) receives a routig cotrol packet it checks i its certificate database if it has the certificates of the packet origiator (ON) ad the previous hop ode (PN) o the forward route. If RN has both the certificates of ON ad PN (CertON ad CertPN), it ca process the cotrol packet as ormal. If ot, it requests both the certificates from PN. If RN does ot have the certificate of PN, the it also seds its ow certificate with the request to the previous- hop. Figure 1: Certificate distributio mai procedure

3 Note that if RN is the first-hop o the route, the the previoushop ode ad the cotrol packet origiator ode will be the same etity. The routig messages thus effectively chai odes together ad allow them to relay all keyig material, as required, alog the virtual chais. The proposed key distributio scheme, works as follows: Whe ay ode i the etwork receives a RCP it first determies if the origiator of the message (ON) has the same etwork address as the previous hop ode (PN) o the forward route, that is, RN has to determie if ON is the first-hop. I case whe the addresses of ON ad PN are the same, the RN rus: Protocol 1: RN searches its certificate repository for ON certificate If foud, Process the routig message RCP ON ad RN Exchage Certificate (Peer-to- Peer) CertRN ON, ON CertON Process the routig message RCP If the ON address ad the previous-hop ode (PN) address are ot equal, RN rues protocol 2. The RN will search its certificate repository for CertON ad CertPN. Protocol 2: RN searches its repository for CertPN If Foud, Search for CertON If Foud No actio, process routig packet as ormal Peer-to-Peer certificate exchage CertRN PN, CertPN RN Search for CertON If Foud Cert PN, CertPN RN Peer-to-Peer certificate exchage CertRN Cert PN CertPN CertON RN Process routig packet as ormal c. Security Evaluatio Scheme The key distributio scheme follows the route discovery phase exchagig keys locally ad remotely. The security evaluatio scheme ehaced the route discovery phase. This compoet s core approach is to provide trust path selectio based o both distace ad a security metric. The ad hoc etwork is modeled as a weighted trust graph G(V,E) where the edges E are odes with a weighted trust metric t. This trust metric is assumed to be available based o either public key certificates or a reputatiobased moitorig system. The vertexes V represet the weighted paths or routes i the etwork. We propose a evaluatio metric for these weighted paths. We propose the use of the semirig mathematical operators ad to aggregatio trust alog a multi-hop path of the ad hoc o-demad protocol. The distace semirig approach uses the operator to aggregate metrics alog a path like parallel resistors would be summed ie The aggregated value will decrease alog RT R1 R2 R a path ad the total is always less tha the summatios smallest compoet. This descriptio aligs with our desig specificatios. The aggregated value will be low for routes with high hop couts. Secodly it will reflect the trust characteristics of a trust chai which states that a chai is oly as strog as its weakest lik. Followig the route discovery phase, at each hop of a RREQ the curret path weight is calculated ad compared to a implicit path revocatio threshold. If the aggregated trust is more tha the threshold value the path ad associated weight are stored i the routig table correspodig to the reverse route ad the RREQ is forwarded. Similarly at each hop of a RREP the curret path weight is calculated ad stored i the routig table matchig the forward route. Multiple replies to a sigle RREQ are filtered by the hop cout metric i stadard AODV ad DSR o- demad routig protocols. We propose that routes are filtered based o their sequece umber ad their semirig based weighted path metric. This filters the most recet routes ad based o the ature of the weighted path metric, hop cout ad trust are both accouted for. 3. RELATED WORK Key maagemet solutios are preseted i [9-11]. The self issuig certificate chai approach i [12] proposes a self orgaized key maagemet solutio that treats the etwork as a weighted direct graph. This proposal is a proactive methods desiged for applicatio layer security. Proximity based key agreemet is ivestigated i [13] ad agai by Capku i [14] where security relies upo odes mobility to provide multiple close proximity key exchages. This proposal is limited by its reliace o mobility. A proactive reputatio-based solutio is proposed i [15] which operates o the applicatio layer. Semi- rig mathematics [16] is used to realize the proactive geeric-sigle-source-shortestdistace algorithm. The majority of literature metioed fuctios i a proactive maer for applicatio layer solutios. We propose a reactive approach for the etwork layer 4. EVALUATION Our approach is simulated as a C++ etwork layer applicatio i s-2. It is plaed for ad hoc o- demad routig protocols ad desiged o the AODV routig protocol but our solutio is ot protocol specific. The key distributio scheme is simulated ad test i large ode eviromet with varyig mobility ad load. The packet delivery ratio is examied to ivestigate how the security mechaism affects the success of the routig protocol. The ormalised routig load is ivestigated to show the overhead of the key exchage compoets. The security evaluatio scheme is difficult to evaluate usig simulatios. The scearios is established where the assumed weighted ode edges carry a security metric

4 which idetifies fault detectio or data trasmissio errors carried out by odes for example i [7, 8]. This allows the proposal to protect agaist black hole attacks. Simulatios are set up which ivestigate the packet delivery ratio with a chagig umber of adversary odes. i) Performace Metric The followig quatitative metrics are used to aalyze the performace of the routig protocols i mobile ad hoc etworks. (a) Packet Delivery Ratio: The packet delivery ratio (PDR) represets the percetage of data packets that are successfully received by their iteded destiatio. This metric is also kow as throughput ad is cosidered a measuremet of the effectiveess of a routig protocol. The equatio for PDR is: 1 CBRrec PDR% = CBRset where 1 CBRrec ad 1 CBRrec are the umber of CBR data packets received ad set respectively. (b) Routig Overhead: A routig protocol uses cotrol packets to establish routes o which data packets are trasmitted. Cotrol packets are separate from data packets but share the same commuicatio chael. Due to the lack of chael capacity i mobile ad hoc etworks a large umber of cotrol packets ca result i poor etwork performace. Key maagemet would require additioal cotrol packets to achieve key maagemet fuctioality this will be reflected i the simulatios. The routig overhead is also kow as a routig protocol s iteral efficiecy ad will represet the umber of cotrol packets used for a give protocol. (c) Average Ed-to-Ed Delay: This is a qualitative measuremet of the delay of data packets. The average ed-toed delay of a data packet is the time from which it is created at the source ad whe it arrives at the iteded destiatio. The delay icludes propagatio ad queuig delay. Delay ca be caused by a high umber of cotrol packets propagatig i the etwork or a high computatioal overhead for the give protocol. The average ed-to-ed delay is calculated as follows, 1 CBRsedtime CBRrecvtime Ed to Ed Delay = 1 CBRrec where CBRsedtime ad CBRrecvtime represet the record times that a CBR data packet was set ad received ii) Simulatio Model A routig protocol was desiged i C++ based o the AODV routig protocol available i the s-2.31 package. The routig protocol is programmed as a routig aget class. The routig aget hadles the establishmet of routes ad certificate distributio. Modificatios are made to the AODV routig aget at the RecvRequest, SedRequest, RecvReply, ad SedReply fuctios. These modificatios allow for the distributio of separate certificate packets, triggered by the routig packets. The routig aget s packet header was modified to iclude a certificate cotrol packet CertS. The size of the certificate icluded is 450 bytes. The size of the certificate cotrol packets is icreased resultig i a effective delay i commuicatio simulatig the trasfer of actual certificates. A certificate table is icluded at each ode CertTable which is updated by certificate cotrol packets. The certificate table is liked to the routig table ad each ode is resposible for maagig its ow certificate table. A simulatio tcl file is writte to setup the mobile ad hoc etwork s desired simulatio sceario, traffic ad mobility model. The trace support files i s-2.31 were modified to support the routig aget allowig the iclusio of certificate cotrol packets ad trust iformatio. As a result the output trace ad am files reflect the operatio of the routig aget. Figure 2 shows a sample output of the am simulatio file. Figure 2: Sample am simulatio file illustratig typical etwork topology iii) Packet Delivery The packet delivery results for the AODV routig protocol is preseted i Figure 3 & 4. Figure 3 represets a simulatio eviromet with a pause time of 0 secods. This represets a etwork of odes that are cotiually movig, while Figure 4 represets a partially stable etwork. The observatio is made that as the speed icreases both protocols throughput decreases. At high speeds the etwork topology chages rapidly causig breakages i routig liks. The reductio i packet delivery at high speeds is because both protocols will drop data packets as a result of icreased routig breakages. The stable etwork i Figure 4 shows better performace at higher speeds because the umber of route lik breakages is reduced as a result of a larger pause time. A large pause time represets a etwork that will move at a give speed the pause i a fixed locatio for a set amout of time. Durig this time routig lik breakages are ot expected util movemet commeces agai. A certificate distributio scheme would expect a severe reductio i performace due to a excessive umber of packets beig trasmitted i the etwork or the additioal size of the cotrol packet. A covetioal certificate distributio scheme, suggested as a possible solutio i [8], simply icludes the source certificate i the request packets RREQ ad the destiatios certificate i the reply packets RREP. This method was implemeted as a separate routig aget AODVcert i s2. A similar method is suggested i [6]. Implemetatio icludes icreasig the packet size of the routig cotrol packets to iclude a 450 byte certificate. This effectively icreased the regular 56 byte AODV route cotrol packets to 506 bytes. Such a approach would result i the simplest method of certificate distributio but trasmittig 450 bytes more data per cotrol packet would severely reduce the etwork performace. 5. CONCLUSION It is cocluded from ivestigatio of existig secure ad hoc routig protocols that the majority assume the existece of a key

5 PDR % PDR % maagemet system to distribute ad maage the asymmetric or symmetric keys. We propose a key maagemet solutio that provides a key exchage scheme ad a security evaluatio scheme. The proposal is desig for a o-demad ad hoc routig protocol. Simulatios i s-2 ivestigate the packet delivery ratio of the solutio s key exchage scheme compared at varyig load ad mobility. The security evaluatio scheme allows for the most trusted route to be selected durig the route discovery phase. A available security metric is assumed ad simulatios ivestigate the success of prevetig black hole attacks Speed (m/s) AODV: pausetime = 0s AODVcert: pausetime = 0s Figure 3: Packet Delivery Ratio for highly mobile etwork (0 secod pause time) Speed (m/s) AODV: pausetime = 250s AODVcert: pausetime = 250s Figure 4: Packet Delivery Ratio for partially stable etwork (250 secod pause time) 5. REFERENCES [1] Y.-C. Hu, D. B. Johso, ad A. Perrig, "SEAD: Secure Efficiet Distace Vector Routig for Mobile Wireless Ad Hoc Networks", i Proceedigs of the Fourth IEEE Workshop o Mobile Computig Systems ad Applicatios: IEEE Computer Society, [2] Y.-C. Hu, A. Perrig, ad D. B. Johso, "Ariade: a secure o-demad routig protocol for ad hoc etworks", Wireless Networks, vol. 11, pp , [3] A. Perrig, R. Caetti, D. Sog, ad D. Tygar, "Efficiet ad Secure Source Autheticatio for Multicast", Network ad Distributed System Security Symposium (NDSS'01), [4] K. Sazgiri, B. Dahill, B. N. Levie, C. Shields, ad E. M. Beldig-Royer, "A Secure Routig Protocol for Ad Hoc Networks" i Proceedigs of the 10th IEEE Iteratioal Coferece o Network Protocols: IEEE Computer Society, [5] M. G. Zapata, "Secure ad hoc o-demad distace vector routig," SIGMOBILE Mob. Comput. Commu. Rev., vol. 6, pp , [6] P. Papadimitratos ad Z. J. Haas, "Secure Lik State Routig for Mobile Ad Hoc Networks," i Proceedigs of the 2003 Symposium o Applicatios ad the Iteret Workshops (SAINT'03 Workshops): IEEE Computer Society, [7] B. Awerbuch, R. Curtmola, D. Holmer, C.Nita- Rotaru, ad H. Rubes, "ODSBR: A o-demad secure Byzatie resiliet routig protocol for wireless ad hoc etworks," ACM Tras. If. Syst. Secur., vol. 10, pp. 1-35, [8] S. Buchegger ad J.-Y. L. Boudec, "Performace aalysis of the CONFIDANT protocol," i Proceedigs of the 3 rd ACM iteratioal symposium o Mobile ad h oc etworkig & computig, Lausae, Switzerlad: ACM, [9] S. Basagi, K. Herri, D. Bruschi, ad E. Rosti, "Secure pebbleets," i Proceedigs of the 2d ACM iteratioal symposium o Mobile ad hoc etworkig & computig, Log Beach, CA, USA: ACM,2001. [10] L. Zhou ad Z. J. Haas, "Securig Ad Hoc Networks," IEEE Network: special issue o etwork security, vol. 13, pp , [11] D. B. Smetters, D. Balfaz, D. K. Smetters, P. Stewart, ad H. C. Wog, "Talkig To Stragers: Autheticatio i Ad-Hoc Wireless Networks," [12] S. Capku, L. Butty, ad J.-P. Hubaux, "Self- Orgaized Public-Key Maagemet for Mobile Ad Hoc Networks," IEEE Trasactios o Mobile Computig, vol. 2, pp , [13] A. Scaell, A. Varshavsky, A. LaMarca, ad E. D. Lara, "Proximity-based autheticatio of mobile devices," Iteratioal Joural Secure Networks, vol. 4, pp. 4-16, [14] S. Capku, L. Buttya, ad J.-P. Hubaux, "Mobility Helps Peer-to-Peer Security," IEEE Trasactios o Mobile Computig,vol. 5, pp , [15] G. Theodorakopoulos ad J. S. Baras, "O Trust Models ad Trust Evaluatio Metrics for Ad-Hoc Networks," IEEE Joural o Selected Areas i Commuicatios, vol. 24, pp , [16] M. Mohri, "Semirig frameworks ad algorithms for shortest-distace problems," Joural o Autom. Lag. Comb., vol. 7, pp ,2002.