Wireless Network Security Spring 2013

Similar documents
Wireless Network Security Spring 2015

Wireless Network Security Spring 2016

Wireless Network Security Spring 2016

Wireless Network Security Spring 2011

Wireless Network Security Spring 2015

SECURE ROUTING PROTOCOLS IN AD HOC NETWORKS

Lecture 13: Routing in multihop wireless networks. Mythili Vutukuru CS 653 Spring 2014 March 3, Monday

Content. 1. Introduction. 2. The Ad-hoc On-Demand Distance Vector Algorithm. 3. Simulation and Results. 4. Future Work. 5.

Routing in Ad Hoc Wireless Networks PROF. MICHAEL TSAI / DR. KATE LIN 2014/05/14

AODV Routing Protocol in MANET based on Cryptographic Authentication Method

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Secure routing in ad hoc and sensor networks

Mobile Ad-hoc and Sensor Networks Lesson 04 Mobile Ad-hoc Network (MANET) Routing Algorithms Part 1

LECTURE 9. Ad hoc Networks and Routing

Mobile Ad-hoc Networks (MANET)

A Novel Secure Routing Protocol for MANETs

Security in Ad Hoc Networks *

SEAR: a secure efficient ad hoc on demand routing protocol for wireless networks

Security Issues In Mobile Ad hoc Network Routing Protocols

Secured Routing with Authentication in Mobile Ad Hoc Networks

Secure Routing and Transmission Protocols for Ad Hoc Networks

A Research Study On Packet Forwarding Attacks In Mobile Ad-Hoc Networks

Symmetric Key Cryptography based Secure AODV Routing in Mobile Adhoc Networks

Management Science Letters

Performance Investigation and Analysis of Secured MANET Routing Protocols

CMPE 257: Wireless and Mobile Networking

A Review on Black Hole Attack in MANET

Security Measures in Aodv for Ad Hoc Network

Authenticated Routing for Ad hoc Networks

Considerable Detection of Black Hole Attack and Analyzing its Performance on AODV Routing Protocol in MANET (Mobile Ad Hoc Network)

CHAPTER II LITERATURE REVIEW. route to reach the destination and it will distribute the routing information when there is

Unicast Routing in Mobile Ad Hoc Networks. Dr. Ashikur Rahman CSE 6811: Wireless Ad hoc Networks

Implementation of AODV Protocol and Detection of Malicious Nodes in MANETs

Routing Protocols in MANETs

Self-Organized Network-Layer Security in Mobile Ad Hoc Networks

Secure Ad-Hoc Routing Protocols

Outline. CS5984 Mobile Computing. Taxonomy of Routing Protocols AODV 1/2. Dr. Ayman Abdel-Hamid. Routing Protocols in MANETs Part I

An On-demand Secure Routing Protocol Resilient to Byzantine Failures

A Review on Mobile Ad Hoc Network Attacks with Trust Mechanism

Keywords: Blackhole attack, MANET, Misbehaving Nodes, AODV, RIP, PDR

SRPS: Secure Routing Protocol for Static Sensor Networks

SECURED VECTOR ROUTING PROTOCOL FOR MANET S IN PRESENCE OF MALICIOUS NODES

A COMPARATIVE STUDY ON DIFFERENT TRUST BASED ROUTING SCHEMES IN MANET

A Survey of Existing Approaches for Secure Ad Hoc Routing and Their Applicability to VANETS

Webpage: Volume 4, Issue VI, June 2016 ISSN

An On-demand Secure Routing Protocol Resilient to Byzantine Failures. Routing: objective. Communication Vulnerabilities

UCS-805 MOBILE COMPUTING Jan-May,2011 TOPIC 8. ALAK ROY. Assistant Professor Dept. of CSE NIT Agartala.

Secure Routing for Mobile Ad-hoc Networks

6. Node Disjoint Split Multipath Protocol for Unified. Multicasting through Announcements (NDSM-PUMA)

Optimizing Performance of Routing against Black Hole Attack in MANET using AODV Protocol Prerana A. Chaudhari 1 Vanaraj B.

A Review of Reactive, Proactive & Hybrid Routing Protocols for Mobile Ad Hoc Network

Wireless Network Security Spring 2011

Performance Analysis of Aodv Protocol under Black Hole Attack

Implementation: Detection of Blackhole Mechanism on MANET

Mobile & Wireless Networking. Lecture 10: Mobile Transport Layer & Ad Hoc Networks. [Schiller, Section 8.3 & Section 9] [Reader, Part 8]

ECS-087: Mobile Computing

Secure Routing Techniques to Mitigate Insider Attacks in Wireless Ad Hoc Networks

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Security in Mobile Ad-hoc Networks. Wormhole Attacks

Mobile Ad-Hoc Networks & Routing Algorithms

Packet Estimation with CBDS Approach to secure MANET

Ad-hoc and Infrastructured Networks Interconnection

Wireless Network Security Spring 2011

An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks

Enhanced Secure Routing Model for MANET

Prevention of Cooperative Black Hole Attack in Wireless Ad Hoc Networks

Power aware Multi-path Routing Protocol for MANETS

Wireless Networking & Mobile Computing

Wireless Network Security Spring 2015

MANET TECHNOLOGY. Keywords: MANET, Wireless Nodes, Ad-Hoc Network, Mobile Nodes, Routes Protocols.

Kapitel 5: Mobile Ad Hoc Networks. Characteristics. Applications of Ad Hoc Networks. Wireless Communication. Wireless communication networks types

[Nitnaware *, 5(11): November 2018] ISSN DOI /zenodo Impact Factor

QoS Routing By Ad-Hoc on Demand Vector Routing Protocol for MANET

Survey on Attacks in Routing Protocols In Mobile Ad-Hoc Network

Wireless Network Security Spring 2011

Ad Hoc Networks: Issues and Routing

Routing protocols in Mobile Ad Hoc Network

Secure Bootstrapping and Routing in an IPv6-Based Ad Hoc Network

Comparing the Impact of Black Hole and Gray Hole Attacks in Mobile Adhoc Networks

Mohamed Ahmed Abdelshafy Abdallah

BISS: Building secure routing out of an Incomplete Set of Security associations

A Specification-based Intrusion Detection Engine for Infrastructure-less Networks

A Comparative study of On-Demand Data Delivery with Tables Driven and On-Demand Protocols for Mobile Ad-Hoc Network

A Comparative Study between AODV and DSDV Routing Protocols in Mobile Ad Hoc Networks using Network Simulator NS2

Simulation and Comparative Analysis of AODV, DSR, DSDV and OLSR Routing Protocol in MANET Abstract Keywords:

Defenses against Wormhole Attack

AODV-PA: AODV with Path Accumulation

Computation of Multiple Node Disjoint Paths

A Mechanism for Detection of Cooperative Black Hole Attack in Mobile Ad Hoc Networks

Secure and Efficient Routing Mechanism in Mobile Ad-Hoc Networks

Security Issues in Mobile Ad hoc Network Noman Islam 1, Zubair A.Shaikh 2

A Comparative Study of Routing Protocols for Mobile Ad-Hoc Networks

A Survey on Security Analysis of Routing Protocols By J.Viji Gripsy, Dr. Anna Saro Vijendran

Mobile Communications. Ad-hoc and Mesh Networks

Design & Evaluation of Path-based Reputation System for MANET Routing

A Survey on Security Enhanced Multicast Routing Protocols in Mobile Ad Hoc Networks

Arvind Krishnamurthy Fall A source node s wants to send a packet to a destination node d through a network that might have Byzantine nodes

Gurinder Pal Singh Chakkal, Sukhdeep Singh Dhillon

White Paper. Mobile Ad hoc Networking (MANET) with AODV. Revision 1.0

CS551 Ad-hoc Routing

Transcription:

Wireless Network Security 14-814 Spring 2013 Patrick Tague Class #11 Control-Plane Routing Misbehavior

Agenda Control-Plane Routing Misbehavior MANET Routing Misbehavior at the control-plane Toward secure routing

Routing Routing = path management Routing does not involve actual sending of packets from source to destination(s), only sets up the path Lives in the control plane Involves path setup/discovery, maintenance, and tear-down Challenges in MANET/WSN environments Route using multiple untrusted relay nodes Resource and capability limitations No centralized authority or monitor Secure routing often relies on existing key mgmt.

Popular Routing Protocols Link State (LS) routing Optimized Link State Routing (OSLR) Proactive Distance Vector (DV) routing Destination Sequenced Distance Vector (DSDV) Ad hoc On-demand Distance Vector (AODV) Dynamic Source Routing (DSR) On Demand

On-Demand Routing On-demand routing has several advantages and disadvantages in MANETs Efficiency: (+) Routing information isn't constantly collected and updated, only when needed (-) One-time cost of info collection can be higher Security: (+) Source nodes are aware of the entire path, unlike fully distributed algorithms that just focus on next hop (-) Long-term information typically isn't available Overall, advantages outweigh the disadvantages, so on-demand routing (esp. source routing) is popular

Route Discovery Source S and neighboring nodes use control message exchanges to discover a route from S to destination D

Route Discovery Route request flooding: Source S broadcasts a Route Request (RREQ) packet to its neighbors

RREQ forwarding: Route Discovery If the neighbor has no prior relationship with the destination, it will further broadcast the RREQ

Route Discovery Flooding of control packets to discover routes Once the RREQ packet reaches the destination, or a node that knows the destination, the node will unicast a RREP packet to the source via the routed path

Route Discovery Upon receiving the RREQ, D (or another node that knows D) will unicast a Route Reply (RREP) back to S along the found path

Route Maintenance If a node can no longer reach the next hop Sends Route Error (RERR) control packet to inform upstream neighbors Route cache alternative (DSR) or rediscovery

AODV vs. DSR AODV Routing tables one route per destination Always chooses fresher routes Sequence numbers More frequent discovery flood to ensure freshness DSR Routing caches multiple routes per destination Does not have explicit mechanism to expire stale routes Source Routing Intermediate nodes learn routes in 1 discovery cycle

Routing Misbehavior Just as with other types of misbehavior, routers can be greedy, non-cooperative, or malicious Greedy routers can refuse route discovery requests in order to save their own resources Non-cooperative routers can choose to selectively accept route requests to specific sources/dests Malicious routers can persuade route discovery protocols so paths pass through them, avoid them, or take unnecessary detours

Path Attraction Attacks Black-hole attack: A malicious router broadcasts false claims of being close to the destination in order to attract all traffic and drop it Gray-hole attack: Similar to black-hole attack, except it only drops some packets selectively Ex: forward all routing control packets but drop all data Worm-hole attack: Colluding routers create a low-latency long-distance out-of-band channel to attract routing paths and control data flow

Path Manipulation Attacks Detours: A malicious router can modify/inject control packets to force selection of sub-optimal routes Gratuitous detours : Greedy routers can avoid being on a selected route by advertising long delays or creating virtual nodes Could be considered a form of Sybil attack, where all personalities are on the routing path

Route Subversion Attacks Targeted blacklisting: In any routing protocols using reputation or blacklisting, attackers can falsely accuse or frame benign nodes, subverting the blacklisting process Rushing attacks: Attackers can quickly disseminate forged requests, causing later valid requests to be dropped

Attacks Against AODV/DSR Modification Flooding Impersonation Fabrication

Modification Attacks AODV seq# modification AODV uses seq# as a timestamp (high seq# fresh) Attacker can raise seq# to make its path attractive DSR hop count modification DSR uses #hops for efficiency (low #hops cheap) Attacker can lower/raise #hops to attract/repel

Modification Attacks DSR route modification Non-existent route (DoS) Loops (resource exhaustion, DoS) No control to prevent loops after route discovery (more of a data plane attack, we'll get there later) Tunneling

RREQ Flooding Flood the network with RREQs to an unreachable destination address Example : S continuously send RREQ packet to destination X

AODV/DSR Spoofing Attacker listens for RREQ/RREP from neighbors Send an attractive RREP with spoofed ID Spoof more IDs with interesting results

Fabrication Attacks DoS against AODV/DSR by falsifying route errors

Fabrication Attacks DSR route cache poisoning

Control-Plane Security How to guarantee that an established path can be efficient (e.g., short) and/or reliable? How to prevent attackers from manipulating path discovery/construction? What metrics can be used to quantify the value of a path? Length? Latency? Trust?

Securing DV Routing Distance vector (DV) routing is one of the classical approaches to network routing SEAD: Secure Efficient Ad hoc DV routing [Hu et al., Ad Hoc Networks 2003] Based on DSDV protocol using sequence numbers to prevent routing loops and async. update issues Uses hash chains to authenticate routing updates Relies on existing mechanisms to distribute authentic hash chain end-elements

Securing LS Routing Link-state (LS) routing is another classical approach to network routing SLSP: Secure Link-State Protocol [Papadimitratos and Haas, WSAAN 2003] MAC address / IP address pairs are bound using digital signatures Allows for detection of address re-use and change Link state updates are signed and propagated only in a limited zone, with the hop count authenticated by a hash chain

Secure Routing Protocol [Papadimitratos & Haas, 2002] SRP authenticates single-hop exchanges in DSR request and reply messages Since protection is hop-by-hop, SRP over DSR is vulnerable to path (or other parameter) modification

SAODV [Guerrero Zapata & Asokan, 2002] Secure AODV introduces signatures into the AODV routing protocol to authenticate various message fields RREQ and RREP messages are signed, hop counts are authenticated using hash chains

ARAN [Sanzgiri et al., ICNP 2002] ARAN: Authenticated Routing for Ad hoc Networks (based on AODV) Make use of cryptographic certificates and asymmetric key to achieve authentication, message integrity and non-repudiation Need preliminary certification process before a route instantiation process Routing messages are authenticated at each hop from source to destination and vice versa

Auth. Route Discovery Broadcast Message Unicast Message

Auth. Route Setup Broadcast Message Unicast Message

Route Maintenance Send ERR message to deactivate route Broadcast Message Unicast Message

Modification attacks ARAN Security Prevents redirection using seq# or #hops Prevents DoS with modified source routes Prevents tunneling attacks Impersonation attacks Prevents loop-forming by spoofing Fabrication attacks Prevents route error falsification

ARAN Limitations ARAN relies on an underlying PKI Requires a trusted third-party / infrastructure Requires either: Significant communication overhead to interact with the TTP for near-term updates/revocation Long delays in certificate updates, revocation lists, etc.

Ariadne [Hu, Perrig, & Johnson, 2004] Ariadne is a secure on-demand routing protocol built on DSR and Tesla DSR: Dynamic Source Routing, Tesla: Timed Efficient Stream Loss-tolerant Authentication (broadcast auth) Route request and reply messages are authenticated Ariadne is vulnerable to malicious forwarding by attackers on the selected routing path requires an additional mechanism to feed back path loss/quality

I-Ariadne [Li et al., AINA 2008] I-Ariadne addresses an Ariadne limitation that only S and D can verify the route (only S can detect RREP modification) In I-Ariadne, intermediate nodes can verify route information Allows for malicious node detection Also allows reuse of information from previous RREQ / RREP sessions Improves overhead compared to Ariadne, but needs asymmetric crypto See paper for protocol details

Ariadne vs. I-Ariadne ARIADNE Symmetric crypto Secure route only for sender and destination High control packet overhead for secure route maintenance I-ARIADNE Asymmetric crypto Reusability of secure routes Less control packet overhead for secure route setup and maintenance

SEAODV [Chu-Hsing et al., IJNS 2011] Addresses slightly different problem of secure routing in WMN (vs. MANET) Jointly considering key management as part of the secure routing architecture Incorporates a variant on a widely-used key predistribution scheme by Blom, based on linear algebra Modifies the RREQ/RREP scheme of AODV for keying and context of WMN

SEAODV RREQ/RREP Message Type Flag & Reserved Hop Count RREQ ID Dest. Address DSN Originator Address OSN MAC (GTK,M) Modified RREQ Message Type Flag & Reserved Prefix Sz Hop Count RREQ ID Dest. Address Originator Address Lifetime MAC (PTK,M) Modified RREP

SEAODV Security & Perf. SEAODV can prevent: RREQ flooding Route redirection Routing loop formation RERR fabrication SEAODV performance gains: Lower computation cost as number of nodes increases Better reliability against failures (and DoS attacks) Extends lifetime of routes (under certain mesh conditions)

Further Studies Secure control-plane routing is still an active research topic Many papers other than those presented today, some much more recent My own research group is looking at expanding the idea of on-demand to include adaptive route selection

Next Time Data-Plane Routing Misbehavior Forwarding Fault localization Data-plane challenges in MANETs

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback