Wireless Network Security Spring 2016

Similar documents
Wireless Network Security Spring 2015

Wireless Network Security Spring 2015

Wireless Network Security Spring 2013

Wireless Network Security Spring 2016

Mobile Ad-hoc and Sensor Networks Lesson 04 Mobile Ad-hoc Network (MANET) Routing Algorithms Part 1

Lecture 13: Routing in multihop wireless networks. Mythili Vutukuru CS 653 Spring 2014 March 3, Monday

Content. 1. Introduction. 2. The Ad-hoc On-Demand Distance Vector Algorithm. 3. Simulation and Results. 4. Future Work. 5.

Wireless Network Security Spring 2011

6. Node Disjoint Split Multipath Protocol for Unified. Multicasting through Announcements (NDSM-PUMA)

Mobile Communications. Ad-hoc and Mesh Networks

LECTURE 9. Ad hoc Networks and Routing

CMPE 257: Wireless and Mobile Networking

Ad Hoc Networks: Issues and Routing

Routing in Ad Hoc Wireless Networks PROF. MICHAEL TSAI / DR. KATE LIN 2014/05/14

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

White Paper. Mobile Ad hoc Networking (MANET) with AODV. Revision 1.0

Security Issues In Mobile Ad hoc Network Routing Protocols

Outline. CS5984 Mobile Computing. Taxonomy of Routing Protocols AODV 1/2. Dr. Ayman Abdel-Hamid. Routing Protocols in MANETs Part I

Simulation and Comparative Analysis of AODV, DSR, DSDV and OLSR Routing Protocol in MANET Abstract Keywords:

Secure Neighbor Discovery. By- Pradeep Yalamanchili Parag Walimbe

Considerable Detection of Black Hole Attack and Analyzing its Performance on AODV Routing Protocol in MANET (Mobile Ad Hoc Network)

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Routing Protocols in MANETs

Ad-hoc and Infrastructured Networks Interconnection

Implementation of AODV Protocol and Detection of Malicious Nodes in MANETs

Wireless Network Security Spring 2011

Unicast Routing in Mobile Ad Hoc Networks. Dr. Ashikur Rahman CSE 6811: Wireless Ad hoc Networks

Security in Mobile Ad-hoc Networks. Wormhole Attacks

Wireless Network Security Spring 2015

SECURE ROUTING PROTOCOLS IN AD HOC NETWORKS

CS551 Ad-hoc Routing

Mobile Security Fall 2013

Switching & ARP Week 3

Power aware Multi-path Routing Protocol for MANETS

UCS-805 MOBILE COMPUTING Jan-May,2011 TOPIC 8. ALAK ROY. Assistant Professor Dept. of CSE NIT Agartala.

Arvind Krishnamurthy Fall 2003

QoS Routing By Ad-Hoc on Demand Vector Routing Protocol for MANET

Wireless Network Security Spring 2014

A Comparative study of On-Demand Data Delivery with Tables Driven and On-Demand Protocols for Mobile Ad-Hoc Network

Figure 1: Ad-Hoc routing protocols.

An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks

Performance Analysis of Aodv Protocol under Black Hole Attack

Computation of Multiple Node Disjoint Paths

ROBUST AND FLEXIBLE IP ADDRESSING FOR MOBILE AD-HOC NETWORK

DYNAMIC SEARCH TECHNIQUE USED FOR IMPROVING PASSIVE SOURCE ROUTING PROTOCOL IN MANET

Performance Comparison of DSDV, AODV, DSR, Routing protocols for MANETs

A Framework for Optimizing IP over Ethernet Naming System

Experiment and Evaluation of a Mobile Ad Hoc Network with AODV Routing Protocol

Varying Overhead Ad Hoc on Demand Vector Routing in Highly Mobile Ad Hoc Network

Kapitel 5: Mobile Ad Hoc Networks. Characteristics. Applications of Ad Hoc Networks. Wireless Communication. Wireless communication networks types

CSC 6575: Internet Security Fall Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers

Wireless Network Security Spring 2013

Mobile & Wireless Networking. Lecture 10: Mobile Transport Layer & Ad Hoc Networks. [Schiller, Section 8.3 & Section 9] [Reader, Part 8]

Secure routing in ad hoc and sensor networks

A COMPARISON OF IMPROVED AODV ROUTING PROTOCOL BASED ON IEEE AND IEEE

Performance Analysis of AODV under Worm Hole Attack 1 S. Rama Devi, 2 K.Mamini, 3 Y.Bhargavi 1 Assistant Professor, 1, 2, 3 Department of IT 1, 2, 3

3. Evaluation of Selected Tree and Mesh based Routing Protocols

Packet Estimation with CBDS Approach to secure MANET

Mobility and Density Aware AODV Protocol Extension for Mobile Adhoc Networks-MADA-AODV

Mobile Ad-hoc Networks (MANET)

Symmetric Key Cryptography based Secure AODV Routing in Mobile Adhoc Networks

Mitigating Superfluous Flooding of Control Packets MANET

A Review of Reactive, Proactive & Hybrid Routing Protocols for Mobile Ad Hoc Network

Secure Enhanced Authenticated Routing Protocol for Mobile Ad Hoc Networks

DELVING INTO SECURITY

Mobile Ad-Hoc Networks & Routing Algorithms

Ad-Hoc Data Processing and Its Relation with Cloud Computing Process Using Functional Approach

Optimizing Performance of Routing against Black Hole Attack in MANET using AODV Protocol Prerana A. Chaudhari 1 Vanaraj B.

Survey on Attacks in Routing Protocols In Mobile Ad-Hoc Network

Prevention of Black Hole Attack in AODV Routing Algorithm of MANET Using Trust Based Computing

A Quick Guide to AODV Routing

Routing protocols in Mobile Ad Hoc Network

A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols. Broch et al Presented by Brian Card

AODV-PA: AODV with Path Accumulation

Webpage: Volume 4, Issue VI, June 2016 ISSN

Wireless Networking & Mobile Computing

1 Multipath Node-Disjoint Routing with Backup List Based on the AODV Protocol

A survey on AODV routing protocol for AD-HOC Network

A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols

Secure Bootstrapping and Routing in an IPv6-Based Ad Hoc Network

6367(Print), ISSN (Online) Volume 4, Issue 2, March April (2013), IAEME & TECHNOLOGY (IJCET)

Study and Comparison of Mesh and Tree- Based Multicast Routing Protocols for MANETs

ECS-087: Mobile Computing

A Comparative Study of Routing Protocols for Mobile Ad-Hoc Networks

Chapter 5 Reading Organizer After completion of this chapter, you should be able to:

Advanced Network Approaches for Wireless Environment

[Wagh*, 5(4): April, 2016] ISSN: (I2OR), Publication Impact Factor: 3.785

IPv6 Associated Protocols. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011

Implementation: Detection of Blackhole Mechanism on MANET

Gurinder Pal Singh Chakkal, Sukhdeep Singh Dhillon

Performance Analysis of Wireless Mobile ad Hoc Network with Varying Transmission Power

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

AN INTRODUCTION TO ARP SPOOFING

Detection of Duplicate Address in Mobile Adhoc Networks for On Demand Routing Protocols

ROUTE STABILITY MODEL FOR DSR IN WIRELESS ADHOC NETWORKS

Wireless Sensor Networks Chapter 7: Naming & Addressing

Dynamic Search Technique Used for Improving Passive Source Routing Protocol in Manet

Internetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview

Ms A.Naveena Electronics and Telematics department, GNITS, Hyderabad, India.

Enhanced Secure Routing Model for MANET

Transcription:

Wireless Network Security Spring 2016 Patrick Tague Class #11 - Identity Mgmt.; Routing Security 2016 Patrick Tague 1

Class #11 Identity threats and countermeasures Basics of routing in ad hoc networks Control-plane attacks and defenses 2016 Patrick Tague 2

Addressing In traditional networking, each device (radio) has two identities, in the form of addresses MAC address: hardware address of the radio needed for link layer communication (e.g., 802.3, 802.11) Hard-coded into the NIC In theory, unique and static IP address: network layer address used for routing and some other higher layer services Virtual software address 2016 Patrick Tague 3

MAC Addresses MAC addresses in the Internet Ethernet and WiFi use MAC addresses for link layer communication Independent of any higher-layer functionality Link layer frames carry source and destination MAC addresses (6B each) MAC addresses in other systems Not typically used in sensor networks due to overhead Not needed if other addressing is available 2016 Patrick Tague 4

IP Addresses IP addresses in the Internet Network layer and above use IP addresses for some identity purposes Independent of whatever is below the network layer IP addresses must be unique IP addresses in other systems To support common applications, most designers are aiming to support IP addressing (to some extent) 2016 Patrick Tague 5

IP Address Resolution In most Internet domains, IP addresses are assigned centrally using DHCP and bound to MAC addresses using ARP DHCP = Dynamic Host Configuration Protocol: host asks server for IP address, which it keeps until expiry ARP = Address Resolution Protocol: host asks other hosts for MAC address corresponding to an IP address 2016 Patrick Tague 6

ARP image from [Whalen et al., 2001] 2016 Patrick Tague 7

Limitations MAC addresses are no longer hardware-bound Most Linux-like systems allow software to change MAC address used, despite hard-coded MAC address Many devices don't have (unique) MAC addresses DHCP is impractical for distributed systems Requires centralization High overhead in dynamic systems ARP has high overhead in distributed systems Requires request flooding 2016 Patrick Tague 8

Distributed Addressing Problem: How should IP addresses (or other suitable identities) be determined in a distributed system such that: Addresses are compact(-able) for low-overhead communication in sensors or embedded devices Network overhead is (relatively) low Addresses are (sufficiently) unique Systems can split and join Duplicate addresses can be detected and fixed Address space is large enough and dynamic 2016 Patrick Tague 9

A Few Approaches Random selection with duplicate address detection (DAD) Send a query to the selected address; if no response, the address probably isn't in conflict Requires flooding a query through the entire network Merging existing networks is difficult MANETconf Configured initiator nodes act like a server that can assign addresses to requesters who arrive later Configured node floods notification and assigns address if no nodes respond negatively Merging existing networks is difficult 2016 Patrick Tague 10

PACMAN [Weniger, JSAC 2005] PACMAN = Passive Auto-Configuration for Mobile Ad hoc Networks Architecture for efficient distributed MANET address auto-configuration 2016 Patrick Tague 11

Address Assignment To avoid overhead of flooding network to check address uniqueness, PACMAN assigns addresses passively and relies on network to expose conflicts Each node chooses its address using a probabilistic algorithm and a list of known used addresses See the paper for details 2016 Patrick Tague 12

Address Encoding To minimize overhead, PACMAN encodes MANET IP addresses MANET uses a fixed IP prefix (2B for IPv4, 8B for IPv6) Node ID only needs log 2 N bits to support N nodes Pad with lots of zeros, but only need to know #0s 2016 Patrick Tague 13

Passive DAD PDAD relies on observation of events that: Never occur in case of unique addresses but always occur in case of address duplication e.g., receiving a route reply when no request was sent Usually don't occur in case of unique addresses but sometimes occur in case of address duplication e.g., link states in a route reply change completely Upon detection of duplication, at least one node can reinitialize the address assignment This also allows relatively easy management of network split and merge events 2016 Patrick Tague 14

Security Issues PACMAN and many similar approaches were not designed with malicious behaviors in mind Threats [Wang et al., 2005]: Address spoofing attacker spoofs the IP address of a victim and hijacks its traffic False address conflict attacker injects conflict messages (or events) to a target victim Address exhaustion attacker claims many addresses to deny service or prevent nodes from joining Negative reply in cases where approval is needed to join, attacker can prevent nodes from joining 2016 Patrick Tague 15

Secure MANET Auto-Conf [Wang et al., 2005] Bind the IP address to a public key to authenticate auto-configuration processes New node A chooses an IP address as the hash of its public key A sends a query to the network for the IP address using a signed, time-stamped Duplicate Address Probe If a receiving node B has an IP conflict, it checks signatures (authenticity, replay prevention, etc.) and conditionally replies with a signed, time-stamped Address Conflict Notice If A receives ACN from B, it checks signatures and conditionally starts over with a new key pair If no reply within a fixed time period, A joins the network using the generated IP address 2016 Patrick Tague 16

Benefits of the Approach Forces the attacker to find a public key that hashes to a victim's IP address before launching the attack Even with relatively small address space, computation/storage overhead is prohibitive Detailed analysis in the paper 2016 Patrick Tague 17

Trust-Based Auto-Conf [Hu & Mitchell, 2005] Misbehavior in the requester-initiator model (MANETconf) Initiator can intentionally assign conflicting address Requester can flood requests repeatedly, causing resource depletion and/or DoS Malicious node can falsely claim that candidate addresses are already in use, causing excess request floods, resource depletion, and DoS Instead of relying on arbitrary nodes, keep track of which nodes are good and which are bad A's trust in B is given by T A (B), computed based on past behaviors/interactions 2016 Patrick Tague 18

Choosing a Trustable Initiator New requester N broadcasts a Neighbor_Query with its threshold T N * Each receiver sends N a InitREP reply with neighbor IDs who have trust values T N * N can chooses its initiator as the neighbor appearing in the most InitREP messages Malicious node is unlikely to be chosen unless majority of neighbors are malicious 2016 Patrick Tague 19

Duplicate Address Check If initiator A gets an Add_Collision message from a node B in response to an Initiator_Request: If B has been previously blacklisted, ignore it If T A (B) T A *, then believe B and start over Otherwise, declare B malicious, add B to the blacklist, and send a Malicious_Suspect message about B to other nodes Other nodes only believe A's Malicious_Suspect message if their trust value in A is high enough 2016 Patrick Tague 20

3rd-Party Duplication Check If a node B detects an address collision between two other nodes, it notifies both of them If a receiving node A gets such a notification from node B: If B has been previously blacklisted, ignore it If T A (B) T A *, believe B and choose a new address Otherwise, add B to the blacklist 2016 Patrick Tague 21

Summary Discussed distributed addressing, threats, and a few approaches to secure auto-configuration PACMAN: Passive auto-configuration for MANETs [Weniger; JSAC 2005] Secure address auto-configuration for MANETs [Wang, Reeves, and Ning; MobiQuitous 2005] Secure auto-configuration in MANETs using trust [Hu and Mitchell; MSN 2005] 2016 Patrick Tague 22

On to routing security let's start with some basics of MANET routing 2016 Patrick Tague 23

Popular Routing Protocols Link State (LS) routing Optimized Link State Routing (OLSR) Proactive Distance Vector (DV) routing Destination Sequenced Distance Vector (DSDV) Ad hoc On-demand Distance Vector (AODV) Dynamic Source Routing (DSR) On Demand 2016 Patrick Tague 24

On-Demand Routing On-demand routing has several advantages and disadvantages in MANETs Efficiency: (+) Routing information isn't constantly collected and updated, only when needed (-) One-time cost of info collection can be higher Security: (+) Source nodes are aware of the entire path, unlike fully distributed algorithms that just focus on next hop (-) Long-term information typically isn't available Overall, advantages outweigh the disadvantages, so ondemand routing (esp. source routing) is popular 2016 Patrick Tague 25

Route Discovery Source S and neighboring nodes use control message exchanges to discover a route from S to destination D 2016 Patrick Tague 26

Route request flooding: Route Discovery Source S broadcasts a Route Request (RREQ) packet to its neighbors 2016 Patrick Tague 27

RREQ forwarding: Route Discovery If the neighbor has no prior relationship with the destination, it will further broadcast the RREQ 2016 Patrick Tague 28

Route Discovery Flooding of control packets to discover routes Once the RREQ packet reaches the destination, or a node that knows the destination, the node will unicast a RREP packet to the source via the routed path 2016 Patrick Tague 29

Route Discovery Upon receiving the RREQ, D (or another node that knows D) will unicast a Route Reply (RREP) back to S along the found path 2016 Patrick Tague 30

Route Maintenance If a node can no longer reach the next hop Sends Route Error (RERR) control packet to inform upstream neighbors Route cache alternative (DSR) or rediscovery 2016 Patrick Tague 31

AODV vs. DSR AODV Routing tables one route per destination DSR Routing caches multiple routes per destination Always chooses fresher routes Sequence numbers Does not have explicit mechanism to expire stale routes More frequent discovery flood to ensure freshness Source Routing Intermediate nodes learn routes in 1 discovery cycle 2016 Patrick Tague 32

Now, how could an attacker interfere with or manipulate MANET routing? 2016 Patrick Tague 33

Modification Attacks AODV seq# modification AODV uses seq# as a timestamp (high seq# fresh) Attacker can raise seq# to make its path attractive DSR hop count modification DSR uses #hops for efficiency (low #hops cheap) Attacker can lower/raise #hops to attract/repel 2016 Patrick Tague 34

Modification Attacks DSR route modification Non-existent route (DoS) Loops (resource exhaustion, DoS) No control to prevent loops after route discovery (more of a data plane attack, we'll get there later) Tunneling 2016 Patrick Tague 35

RREQ Flooding Flood the network with RREQs to an unreachable destination address Example : S continuously send RREQ packet to destination X 2016 Patrick Tague 36

AODV/DSR Spoofing Attacker listens for RREQ/RREP from neighbors Send an attractive RREP with spoofed ID Spoof more IDs with interesting results 2016 Patrick Tague 37

Fabrication Attacks DoS against AODV/DSR by falsifying route errors 2016 Patrick Tague 38

Fabrication Attacks DSR route cache poisoning 2016 Patrick Tague 39

Control-Plane Security How to guarantee that an established path can be efficient (e.g., short) and/or reliable? How to prevent attackers from manipulating path discovery/construction? What metrics can be used to quantify the value of a path? Length? Latency? Trust? 2016 Patrick Tague 40

Feb 23: Forwarding Security Feb 25: SoW Presentations; Network Privacy & Anonymity 2016 Patrick Tague 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback