SECURITY FOR WIRELESS AD HOC NETWORKS

Size: px

Start display at page:

Download "SECURITY FOR WIRELESS AD HOC NETWORKS"

Calvin Barton
5 years ago
Views:

1 SECURITY FOR WIRELESS AD HOC NETWORKS

3 SECURITY FOR WIRELESS AD HOC NETWORKS Farooq Anjum and Petros Mouchtaris

4 Wiley Bicentennial Logo: Richard J. Pacifico Copyright # 2007 by John Wiley & Sons, Inc. All rights reserved Published by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) , fax (978) , or on the web at Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) , fax (201) , or online at Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) , outside the United States at (317) or fax (317) Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at Library of Congress Cataloging-in-Publication Data: Anjum, Farooq. Security for wireless ad hoc networks / by Farooq Anjum & Petros Mouchtaris. p. cm. Includes bibliographical references and index. ISBN: Wireless LANs - - Security measures. I. Mouchtaris, Petros. II. Title TK A dc Printed in the United States of America

5 Dedicated to: My parents (F. A.) My late father (P. M.)

6 CONTENTS Preface Foreword Acknowledgments xi xiii xv 1 Introduction Definition of Wireless Ad Hoc Networks Applications of Wireless Ad Hoc Networks Threats, Attacks, and Vulnerabilities Threats Vulnerabilities in Ad Hoc Networks Attacks Overview of the Book 13 2 Basic Security Concepts Introduction Basic Concepts Attributes Cryptographic Primitives Modes of Operation Miscellaneous Properties One-Way Property of Hash Chains TESLA Summary 38 3 Key Management Introduction Traditional Solution Solutions for Ad Hoc Networks Asymmetric Key-Based Approach Symmetric Key-Based Approach Summary 68 vii

7 viii CONTENTS 4 Secure Routing Introduction Distance-Vector and Link-State Routing Proactive vs Reactive Routing Ad Hoc On-Demand Distance Vector Secure AODV Authenticated Routing for Ad Hoc Networks (ARAN) Security-Aware Ad Hoc Routing Dynamic Source Routing Protocol Secure Routing Protocol Ariadne EndairA: A Provably Secure Routing Protocol Destination-Sequenced Distance-Vector Routing Protocol Secure Efficient Distance Vector Routing (SEAD) SuperSEAD S-DSDV Optimized Link-State Routing Protocol Secure Extension to OLSR Secure Link-State Routing Protocol Anonymous Routing Protocols ANODR MASK Generic Attacks Against Routing Wormhole Attacks Rushing Attacks Sybil Attacks Summary Intrusion Detection Systems Introduction Traditional IDS Systems Unique IDS Challenges in MANET Threat Model Architecture for Intrusion Detection in MANET Noncollaborative Intrusion Detection System Cooperative Intrusion Detection Key Novel Concepts for Cooperative Intrusion Detection in MANET 140

8 CONTENTS ix 5.5 Evidence Collection Local Evidence Promiscuous Monitoring Evidence made Available by Other Nodes Detection of Specific Attacks Detection of Packet Dropping Attacks Detection of Attacks Against Routing Protocols Summary Policy Management Introduction Policy-Based Network Management Overview Architecture Policy Languages Distributed Policy Management Architecture IETF and DMTF Standardization Activities Application of Policy Management to Security Management Role-Based Access Control (RBAC) Trust Management and the KeyNote System Firewall Management Policy Enforcement in a Wireless Ad Hoc Network Summary Secure Localization Introduction Localization Ranging Computation Attacks Secure Localization Distance Bounding Techniques Verifiable Multilateration Directional Antennae-Based Schemes Transmission Range Variation-Based Schemes Hybrid Schemes Malicious Beacons Summary 223

9 x CONTENTS 8 Conclusions and Future Research Vehicular Networks Differences with MANET Open Problems and Solutions Summary 230 Acronyms 231 References 234 Index 245

10 PREFACE Wireless networks, whether cellular networks or wireless local area networks (LANs), have rapidly become an indispensable part of our life. Evidence of this is the widespread usage of such networks in several areas such as office, home, universities, hot-spots such as airports and hotels etc. In addition, the widespread availability of miniature wireless devices such as PDAs, cellular phones, Pocket PCs, and small fixtures on buildings, sensors are one step towards making possible the vision of wireless nirvana a reality. Wireless nirvana is the state of seamless wireless operation where any wireless device would be able to connect to any other wireless device or network at any time, in any place while satisfying the requirements of the user of the device. But as is obvious, we are still a long way off from the goal of wireless nirvana. Technology under development for wireless ad hoc networks is enabling our march toward this end goal; however the security concerns in wireless networking remains a serious impediment to widespread adoption. The underlying radio communication medium for wireless networks is a big vulnerability that can be exploited to launch several attacks against wireless networks. In addition, wireless ad hoc networks usually cannot depend on traditional infrastructure found in enterprise environments such as dependable power sources, high bandwidth, continuous connectivity, common network services, well-known membership, static configuration, system administration, and physical security. Without adequate security, enterprises will shy away from the use of wireless ad hoc networks, governmental agencies will ban the use of wireless ad hoc networks, defense organizations might be unable to guarantee the safety of their personnel in battlefield scenarios and users will be liable for actions that they never committed. Therefore, security of such wireless ad hoc networks is an important area that needs to be addressed if such networks are to be widely used. There are two ways of doing this. One way is for the researchers in this field to identify open problems and provide solutions to the identified open problems. Each such effort makes these wireless networks a little bit more secure. There have been several research efforts in the last couple of years exploring ways of making such networks more secure although much more work still needs to be done. We ourselves have also been engaged in this activity. The second way to address the security issues of such networks is to disseminate widely the known results to the beginners in this field. This will allow more people to comprehend the problems and contribute towards expanding the knowledge in this area. Unfortunately there has not been any work done along these lines. Our effort in this book is focused on this approach of dissemination of known knowledge in the area of security in wireless ad hoc networks. To our knowledge, this book is the first book that focuses exclusively on the topic of security for wireless ad hoc networks. The topic of security in wireless ad hoc networks itself is very vast. This topic spans areas such as securing networking protocols, operating systems on mobile devices, and applications etc. In this book we focus on the topic of xi

11 xii PREFACE securing network protocols in wireless ad hoc networks. Note that networking in ad hoc networks is concerned with enabling two devices with wireless interfaces to communicate with each other. The objective of this book is to make the readers aware of the fundamentals of the area of security of wireless networks as well as the open problems. This will hopefully spur much more activity in this area in the upcoming years. This book provides a broad and comprehensive overview of the research that has been done to date on the security of wireless ad hoc networks and discusses the advantages and disadvantages of the various schemes that have been proposed in the literature. Given the objective of this book, it is necessary to write it in a style that does not assume a detailed knowledge of many concepts. Therefore, in writing this book, the only requirement that we assumed from the reader is a basic understanding of networking concepts. Given this, we explain the concepts of wireless ad hoc networks at a fairly basic level. We also require limited knowledge of security concepts from the reader. We provide a chapter that introduces the basic security concepts that are required for the rest of the book. This book will be of interest to a wide variety of people. A beginner in the field will benefit from a simple description of the various problems and solutions. Such a person will also gain by having a ready compendium of important results in this area thereby saving such a person from the problem of information overload. Thus, this book can be used as a textbook in the first class focusing on security in ad hoc networks. Researchers focusing on wireless networks that would like to consider the security implications of the protocols they are designing would benefit from a description of known problems and solutions to these known problems. Additionally, researchers focusing on novel security schemes for wireless ad hoc networks that would like to become aware of existing research should also profit from the description of various schemes in this book. This will let them know about what is out there and what is needed. Finally, this should also be a valuable book for researchers focusing on applications of wireless ad hoc networks in a commercial or military environment. All these groups comprise the intended audience of the book. Of course, we do not expect this effort to be perfect. Errors might have crept in; some other topics that you, the reader, feel are important might have been left out. In some cases, our comments on the problems and their solutions would have been biased due to our backgrounds. There will be other ways also in which the book could be improved. We would like to hear from you, the reader, on each of these aspects. Therefore, feel free to write to us on these or any other topic that you feel is relevant to the book. And if you enjoyed reading the book, we would like to hear about that also. We also have a blog at where such errata or our responses to your comments will be provided. This title can be accessed at the following FTP site: ftp://ftp.wiley.com/public/sci_tech_med/security_wireless/ In the meantime, happy reading. Farooq Anjum fanjum@telcordia.com Petros Mouchtaris pmouchta@telcordia.com

12 FOREWORD Rapid and automatic establishment of wireless networks and services in the absence of a fixed infrastructure is one of the big challenges of communication. The complexity of the problem is greatly compounded when the nodes of the network have to accommodate rapid and unpredictable motion, dynamically altering the connectivity of the network itself. The attractiveness and value of such ad hoc networks rests on their ability to meet performance parameters hard to achieve otherwise and to do so while optimizing the use of resources such as spectrum, energy, and operations support functions at scale. A final dimension of this multidisciplinary problem is the achievement of a solution which in some sense minimizes the probability of disruption from natural and malicious threats and at the same time maximizes availability assuring authorized users access to critical services. This book captures the current state of the art in wireless ad hoc networks with an emphasis on security and assurance. In the last decade researchers have explored many potential applications of wireless ad hoc networks. The research has ranged from basic theoretical investigations to prototypes and demonstrations. The largest body of work has been in the government arena. The Department of Defense has invested seriously in exploiting wireless ad hoc networks in its transformational programs. Telcordia has been at the forefront of both creating new network technologies and exploring newer approaches for securing such networks. This has involved leveraging ideas from basic science to propose engineering principles for designing and deploying such networks. It has also involved construction of proofof-principle testbeds, prototypes, demonstrations, and the steps necessary to transition the technology to general use. While there are many problems still to be solved, it has been gratifying to see the technology move from a concept to reality. Over this span of time there has been stalwart support for these efforts from agencies such as the Army Research Lab (ARL), the Army Communications Electronics Research, Development and Engineering Center (CERDEC), and DARPA. On the commercial and public sector front the technology has been developing more slowly but is finding its way into many applications. These include transportation networks, emergency response, law enforcement, and sensor systems. Perhaps the greatest use of this technology will be to fill the gap in fixed infrastructure which will allow public wireless systems to really achieve the goal of delivering applications to any place through hybrid networks of cellular and ad hoc components. In performing the research which is codified in this book, one of the ingredients that the authors bring to the table is the knowledge and intuition of real communications systems and applications. In a commercial setting with clients who are used to hardened products that affect a large customer base the non-functional attributes of solutions are just as important as the functional aspects. The delivery of a service over a network can sometimes be demonstrated easily. When the requirement is to build it out at scale with high reliability and availability and with a high degree of security what may seem as an easy xiii

13 xiv FOREWORD problem suddenly becomes hard. One of the values of this book is to expose the reader to such issues in an expository and complete way indicating the parts of the problem that have been solved and the parts that still require further investigation. In closing I would like to commend both Petros Mouchtaris and Farooq Anjum for the professionalism and dedication they have shown in writing this book. They both have highly demanding jobs, so this task took a lot of extra effort. I hope that they get positive feedback and feel the satisfaction they deserve for the excellent job they have done in collecting, codifying, and explaining the advanced material that comprises this important book. Adam Drobot President, Applied Research Telcordia Technologies

14 ACKNOWLEDGMENTS We would like to start by thanking the management of Telcordia who made it possible for us to not only entertain the idea of writing this book, but also executing the idea. Showstopper issues such as copyright were addressed very efficiently which again was due to the Telcordia culture. We would like to thank in particular the president of Applied Research, Adam Drobot, who encouraged us to pursue writing this book. The book itself would not have been possible if not for the efforts of the various people working in this field. These people not only identified the problems in this area but also provided solutions to such problems. In this book, we tried to identify various interesting research problems in the field and discuss approaches that have been pursued by various researchers. Names of such people are scattered all over the book in the form of references to their works that we explain in each of the chapters. We also benefited much from comments on the various chapters of the book provided by various people working in this area. We are very grateful to Srdjan Capkun, Peng Ning, Adrian Perrig, Santosh Pandey, Rajesh Talpade, Ritu Chadha and Mike Little for their comments which resulted in a better manuscript. Writing a book is never easy especially on the families of the authors. The hours of sacrifice needed on the part of the spouses and also their efforts to ensure that the authors are in the right frame of mind is something that we are sure every author appreciates and cannot put a cost to. On this front, the first author is very thankful to Ambareen while the second author is very thankful to Donna. We are also very thankful to the team at John Wiley who made the entire process as painless as possible to us. We would be failing if we do not mention Whitney Lesch who was in constant touch with us to address any questions we had about the book. xv

Real-Time Optimization by Extremum-Seeking Control

Real-Time Optimization by Extremum-Seeking Control Real-Time Optimization by Extremum-Seeking Control KARTIK B. ARIYUR MIROSLAV KRSTIĆ A JOHN WILEY & SONS, INC., PUBLICATION Copyright 2003 by John Wiley