Wireless Network Security Spring 2016

Similar documents
Wireless Network Security Spring 2015

Wireless Network Security Spring 2015

Wireless Network Security Spring 2013

Wireless Network Security Spring 2016

ShortMAC: Efficient Data-plane Fault Localization. Xin Zhang, Zongwei Zhou, Hsu- Chun Hsiao, Tiffany Hyun- Jin Kim Adrian Perrig and Patrick Tague

SECURE ROUTING PROTOCOLS IN AD HOC NETWORKS

Secure routing in ad hoc and sensor networks

Packet Estimation with CBDS Approach to secure MANET

Lecture 13: Routing in multihop wireless networks. Mythili Vutukuru CS 653 Spring 2014 March 3, Monday

Security Issues In Mobile Ad hoc Network Routing Protocols

A Research Study On Packet Forwarding Attacks In Mobile Ad-Hoc Networks

Management Science Letters

AODV Routing Protocol in MANET based on Cryptographic Authentication Method

A Novel Secure Routing Protocol for MANETs

Wireless Network Security Spring 2011

Wireless Network Security Spring 2011

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Self-Organized Network-Layer Security in Mobile Ad Hoc Networks

SEAR: a secure efficient ad hoc on demand routing protocol for wireless networks

SRPS: Secure Routing Protocol for Static Sensor Networks

Secured Routing with Authentication in Mobile Ad Hoc Networks

Wireless Network Security Spring 2015

Routing in Ad Hoc Wireless Networks PROF. MICHAEL TSAI / DR. KATE LIN 2014/05/14

An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks

Performance Investigation and Analysis of Secured MANET Routing Protocols

LHAP: A Lightweight Hop-by-Hop Authentication Protocol For Ad-Hoc Networks

Secure and Efficient Routing Mechanism in Mobile Ad-Hoc Networks

Security in Ad Hoc Networks *

Mobile Ad-hoc and Sensor Networks Lesson 04 Mobile Ad-hoc Network (MANET) Routing Algorithms Part 1

BISS: Building secure routing out of an Incomplete Set of Security associations

Secure Routing and Transmission Protocols for Ad Hoc Networks

Reliable Broadcast Message Authentication in Wireless Sensor Networks

Implementation of AODV Protocol and Detection of Malicious Nodes in MANETs

A Survey of Existing Approaches for Secure Ad Hoc Routing and Their Applicability to VANETS

Content. 1. Introduction. 2. The Ad-hoc On-Demand Distance Vector Algorithm. 3. Simulation and Results. 4. Future Work. 5.

ShortMAC: Efficient Data-Plane Fault Localization

Security in Mobile Ad-hoc Networks. Wormhole Attacks

Defense Against Packet Injection in Ad Hoc Networks

[Nitnaware *, 5(11): November 2018] ISSN DOI /zenodo Impact Factor

Measure of Impact of Node Misbehavior in Ad Hoc Routing: A Comparative Approach

Survey on Attacks in Routing Protocols In Mobile Ad-Hoc Network

Mobile Ad-hoc Networks (MANET)

LECTURE 9. Ad hoc Networks and Routing

Implementation: Detection of Blackhole Mechanism on MANET

Security Issues in Mobile Ad hoc Network Noman Islam 1, Zubair A.Shaikh 2

International Journal of Scientific & Engineering Research Volume 9, Issue 4, April ISSN

Secure Routing for Mobile Ad-hoc Networks

A Survey on Security Analysis of Routing Protocols By J.Viji Gripsy, Dr. Anna Saro Vijendran

Secure Ad-Hoc Routing Protocols

Design & Evaluation of Path-based Reputation System for MANET Routing

On Demand secure routing protocol resilient to Byzantine failures

Computation of Multiple Node Disjoint Paths

Wireless Network Security Spring 2011

Secure Routing Techniques to Mitigate Insider Attacks in Wireless Ad Hoc Networks

Network Fault Localization Adrian Perrig. Overview

Symmetric Key Cryptography based Secure AODV Routing in Mobile Adhoc Networks

CERIAS Tech Report

A Review on Mobile Ad Hoc Network Attacks with Trust Mechanism

Authenticated Routing for Ad hoc Networks

CMPE 257: Wireless and Mobile Networking

PRIVACY AND TRUST-AWARE FRAMEWORK FOR SECURE ROUTING IN WIRELESS MESH NETWORKS

Defenses against Wormhole Attack

Mobile Communications. Ad-hoc and Mesh Networks

LHAP: A Lightweight Hop-by-Hop Authentication Protocol For Ad-Hoc Networks

HMM Sequential Hypothesis Tests for Intrusion Detection in MANETs Extended Abstract

Arvind Krishnamurthy Fall 2003

Mobile & Wireless Networking. Lecture 10: Mobile Transport Layer & Ad Hoc Networks. [Schiller, Section 8.3 & Section 9] [Reader, Part 8]

Channel Aware Detection based Network Layer Security in Wireless Mesh Networks

Keywords: Blackhole attack, MANET, Misbehaving Nodes, AODV, RIP, PDR

An On-demand Secure Routing Protocol Resilient to Byzantine Failures

CHAPTER 4 SINGLE LAYER BLACK HOLE ATTACK DETECTION

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols

MANET TECHNOLOGY. Keywords: MANET, Wireless Nodes, Ad-Hoc Network, Mobile Nodes, Routes Protocols.

SECURED VECTOR ROUTING PROTOCOL FOR MANET S IN PRESENCE OF MALICIOUS NODES

Enhanced Secure Routing Model for MANET

J. A. Drew Hamilton, Jr., Ph.D. Director, Information Assurance Laboratory and Associate Professor Computer Science & Software Engineering

ShortMAC: Efficient Data-Plane Fault Localization

International Journal of Advanced Research in Computer Science and Software Engineering

CHAPTER II LITERATURE REVIEW. route to reach the destination and it will distribute the routing information when there is

TAODV: A Trusted AODV Routing Protocol for Mobile Ad Hoc Networks

ECS-087: Mobile Computing

Multipath Routing Protocol for Congestion Control in Mobile Ad-hoc Network

Detection of Malicious Nodes in Mobile Adhoc Network

A COMPARATIVE STUDY ON DIFFERENT TRUST BASED ROUTING SCHEMES IN MANET

A Mechanism for Detection of Gray Hole Attack in Mobile Ad Hoc Networks

A Technique for Improving Security in Mobile Ad-hoc Networks

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

UCS-805 MOBILE COMPUTING Jan-May,2011 TOPIC 8. ALAK ROY. Assistant Professor Dept. of CSE NIT Agartala.

Security Measures in Aodv for Ad Hoc Network

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

Authenticated AODV Routing Protocol using onetime signature and transitive signature schemes

An On-demand Secure Routing Protocol Resilient to Byzantine Failures. Routing: objective. Communication Vulnerabilities

A SYMMETRIC TOKEN ROUTING FOR SECURED COMMUNICATION OF MANET

Mitigating Routing Misbehavior in Mobile Ad Hoc Networks

Mobile Routing : Computer Networking. Overview. How to Handle Mobile Nodes? Mobile IP Ad-hoc network routing Assigned reading

Routing Security in Mobile Ad Hoc Networks: An Extension of DSR

Securing AODV Using HMAC of Cryptography for MANETs

A Secure Cooperative Bait Detection Approach for Detecting and Preventing Black Hole Attacks In MANETS Using CBDS Shireen Sultana 1, Swati Patil 2

WAP: Wormhole Attack Prevention Algorithm in Mobile Ad Hoc Networks

A Novel approach to prevent collaborative attacks in MANETS using Cooperative Bait detection Scheme (CBDS)

Transcription:

Wireless Network Security Spring 2016 Patrick Tague Class #12 Routing Security; Forwarding Security 2016 Patrick Tague 1

SoW Presentation SoW Thursday in class I'll post a template Each team gets ~5 minutes Written SoW Due Thursday Use IEEE 2-column format Questions? 2016 Patrick Tague 2

Class #12 Examples of approaches for control-plane security Data-plane attacks and defenses 2016 Patrick Tague 3

Control-Plane Security How to guarantee that an established path can be efficient (e.g., short) and/or reliable? How to prevent attackers from manipulating path discovery/construction? What metrics can be used to quantify the value of a path? Length? Latency? Trust? 2016 Patrick Tague 4

Securing DV Routing Distance vector (DV) routing is one of the classical approaches to network routing SEAD: Secure Efficient Ad hoc DV routing [Hu et al., Ad Hoc Networks 2003] Based on DSDV protocol using sequence numbers to prevent routing loops and async. update issues Uses hash chains to authenticate routing updates Relies on existing mechanisms to distribute authentic hash chain end-elements 2016 Patrick Tague 5

Securing LS Routing Link-state (LS) routing is another classical approach to network routing SLSP: Secure Link-State Protocol [Papadimitratos and Haas, WSAAN 2003] MAC address / IP address pairs are bound using digital signatures Allows for detection of address re-use and change Link state updates are signed and propagated only in a limited zone, with the hop count authenticated by a hash chain 2016 Patrick Tague 6

Secure Routing Protocol [Papadimitratos & Haas, 2002] SRP authenticates single-hop exchanges in DSR request and reply messages Since protection is hop-by-hop, SRP over DSR is vulnerable to path (or other parameter) modification 2016 Patrick Tague 7

SAODV [Guerrero Zapata & Asokan, 2002] Secure AODV introduces signatures into the AODV routing protocol to authenticate various message fields RREQ and RREP messages are signed, hop counts are authenticated using hash chains 2016 Patrick Tague 8

ARAN [Sanzgiri et al., ICNP 2002] ARAN: Authenticated Routing for Ad hoc Networks (based on AODV) Make use of cryptographic certificates and asymmetric key to achieve authentication, message integrity and nonrepudiation Need preliminary certification process before a route instantiation process Routing messages are authenticated at each hop from source to destination and vice versa 2016 Patrick Tague 9

Auth. Route Discovery Broadcast Message Unicast Message 2016 Patrick Tague 10

Auth. Route Setup Broadcast Message Unicast Message 2016 Patrick Tague 11

Route Maintenance Send ERR message to deactivate route Broadcast Message Unicast Message 2016 Patrick Tague 12

Modification attacks ARAN Security Prevents redirection using seq# or #hops Prevents DoS with modified source routes Prevents tunneling attacks Impersonation attacks Prevents loop-forming by spoofing Fabrication attacks Prevents route error falsification 2016 Patrick Tague 13

ARAN Limitations ARAN relies on an underlying PKI Requires a trusted third-party / infrastructure Requires either: Significant communication overhead to interact with the TTP for near-term updates/revocation Long delays in certificate updates, revocation lists, etc. 2016 Patrick Tague 14

Ariadne [Hu, Perrig, & Johnson, 2004] Ariadne is a secure on-demand routing protocol built on DSR and Tesla DSR: Dynamic Source Routing, Tesla: Timed Efficient Stream Loss-tolerant Authentication (broadcast auth) Route request and reply messages are authenticated Ariadne is vulnerable to malicious forwarding by attackers on the selected routing path requires an additional mechanism to feed back path loss/quality 2016 Patrick Tague 15

What about forwarding security at the data plane? 2016 Patrick Tague 16

Data Plane Security Injecting and modifying packets are issues of packet/data integrity, can be solved using cryptographic techniques Though not efficiently solved...more in a moment Forwarding to the wrong next hop is an issue of protocol compliance, but can be checked and reported similar to packet/data integrity Packet dropping is an issue of compliance and availability 2016 Patrick Tague 17

Data Plane Availability Cryptographic primitives alone cannot solve availability problems at the data plane Cannot provide any sort of guarantee about delivering data through routers that misbehave In general, crypto alone cannot solve DoS problems Data plane availability is partially due to compliant behavior of routing nodes and partly due to natural nondeterministic faults, errors, and failures 2016 Patrick Tague 18

E2E Delivery Measures Suppose packet delivery is measured end-to-end using signatures or MACs Every message carries overhead for packet authentication, but message authentication is already desirable for many other reasons Packet drop induces end-to-end retransmission With high delay if the ACK is also dropped/modified Packet modification forces routers to carry bogus message all the way to the destination node 2016 Patrick Tague 19

Limitations Paths can only be changed after a large number of end-to-end transactions, i.e., after enough data is available to make a decision Path-based detection only identifies a bad path, not a bad node Good nodes may be excluded from networking May have to search a large number of paths to find one with good performance In fact, exponential in #attackers 2016 Patrick Tague 20

Per-Node Delivery Measures Suppose packet delivery is measured per node Verification at finer granularity may require more overhead (e.g., MAC per node) Quicker retransmission requests can be issued by intermediate routers, but malicious routers can also request retransmissions Routers are forced to do more computation and reporting Neighbors may be required to overhear behavior 2016 Patrick Tague 21

ShortMAC [Zhang et al., NDSS 2012] Instead of reacting to poor performance, highly efficient monitoring can enable continuous monitoring with minimal overhead A few key design insights allow for significant efficiency gains by making seemingly-significant tradeoffs with detectability 2016 Patrick Tague 22

Fault Localization ShortMAC Counters Packet authentication Fault localization monitor packet W/ pkt authentication, content count count, content Counters-only approach yields small state and low communication overhead Source A BDetectable! C 6 6 46 Detectable! 2016 Patrick Tague 23

Limiting the Attacker Limiting attacks instead of perfect detection Detect every misbehavior? Costly! Error-prone! Absorb low-impact attack: tolerance threshold Trap the attacker into a dilemma Enable probabilistic algorithms with provable bounds Attack more? Will get caught! Stay under the threshold? Damage is bounded! Source Dest. 2016 Patrick Tague 24

ShortMAC ShortMAC packet marking Limiting instead of perfectly detecting fake packets Source marks each packet with k bits (w/ keyed PRF) K 1 K d 1 0 K 2 1 Source K 1 K 2 K d k-bit MAC, e.g., k = 1 (, 1, 0, 1) K 1 K 2 1 2 = PRF Kd (, SN, TTL d ) Forge m? 50% chance of inconsistency. Detectable! = PRF K2 (, SN, TTL 2, ) Dest K d = PRF K1 (, SN, TTL 1,, ) 2016 Patrick Tague 25

Detection using Counters High-level steps Each node maintains two counters (counter only!) Secure reporting (details in paper) Threshold-based detection (details in paper) robust to natural errors sends 1000 pkts 0 0 250 1-bit MAC 1000 1000 750 Source 1 2 3 forges 500 pkt 125 625 Dest. 2016 Patrick Tague 26

Limitations ShortMAC was designed for the Internet and has some implicit assumptions that limit its use in wireless domains Detection is based on a threshold value much higher than a natural packet loss threshold in wireless, natural packet loss can be high Source must share pairwise symmetric key with every node along the path 2016 Patrick Tague 27

Random Audits in MANETs [Kozma & Lazos, WiSec 2009] Instead of constantly monitoring every node's forwarding behavior, only perform path audits when end-to-end performance degrades To audit a path, the source constructs a disjoint audit path to a node on the path and uses this path to carry audit request/response 2016 Patrick Tague 28

Efficient Auditing Upon request, a node generates a proof of which packets it has seen Reporting a list of all packets is inefficient, so compression is required Bloom Filter does lossy packet list compression: A 2 n -bit vector can be indexed by an n-bit hash function Each of k such hash functions maps a packet to a bit Any 0 : the corresponding packet was not received All k 1 s: corresponding packet was probably received 2016 Patrick Tague 29

Random Audits REAct = Resource Efficient ACcounTability Audits are triggered by performance degradation Source S audits a node N on the path If the returned Bloom filter from N is sufficiently close to that of S, then audit a node downstream Else, audit a node upstream of N Eventually, search will converge to the lossy link Source can change route around the lossy link to identify which node is misbehaving 2016 Patrick Tague 30

Limitations REAct assumes that attackers have a static attack strategy Dropping packets only when not being audited will work, but it will allow detection in other ways REAct assumes that multiple attackers do not collude Colluding attackers can trade duties when being audited, thereby throwing off the search process 2016 Patrick Tague 31

Feb 25: SoW Presentations; Network Privacy & Anonymity 2016 Patrick Tague 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback