MobiHoc 2002 Working Session on Security in Ad Hoc Networks Secure Routing and Transmission Protocols for Ad Hoc Networks Zygmunt J. Haas and P. Papadimitratos (Panos) Cornell University Wireless Networks Laboratory (WNL) Ithaca, NY 14853, U.S.A haas@ece.cornell.edu http://wnl.ece.cornell.edu
Agenda Overview of the Secure Routing Protocol (SRP) Performance Evaluation of the Secure Routing Protocol (SRP) Overview of the Secure Message Transmission (SMT) Protocol Prof. Zygmunt Haas Cornell University 2
Overview of the Secure Routing Protocol (SRP) Discover correct routing information Up-to-date Factual Authentic What is correct routing information? Adversaries Arbitrary malicious (Byzantine) behavior Compromise the route discovery Prof. Zygmunt Haas Cornell University 3
MANET Secure Routing - the goal Goal: To discover correct routing information On demand Flat architecture Wireless multi-hop connectivity Broadcast, shared medium Bi-directional links Single data-link interface per node Prof. Zygmunt Haas Cornell University 4
MANET Secure Routing - the challenge Additional challenges: No fixed infrastructure Dynamically changing network membership Frequent topology changes Limited resources Assumptions: Security association between the two end nodes Adversaries do not collude within the two phases (query-response) of a single route discovery Prof. Zygmunt Haas Cornell University 5
Note: Our approach discovers the correct routing information it does not secure the actual data forwarding this is the function of the Secure Message Transmission (SMT) protocol Prof. Zygmunt Haas Cornell University 6
The basics of SRP Routing traffic propagation rules Control the network-layer propagation End nodes: Low-cost cryptography, detect invalid routing information Intermediate nodes: No cryptographic operations, discard a portion of the forged traffic Nodes accept only correct connectivity Prof. Zygmunt Haas Cornell University 7
The operation of SRP S T broadcasts validates queries a query - Random One reply Identifier per neighbor - Increasing Identifier - Cryptographic header Replies Intermediate nodes - Cryptographic No cryptography header - Source-routed No replies over the - reverse Place ID route in request - Controlled Validated by flooding S - Priority/Round-Robin Source (S) Destination (T) Prof. Zygmunt Haas Cornell University 8
The operation of SRP (con t) Route Maintenance - No cryptography - Route error messages are source-routed to S - S compares to the prefix of the broken route Source (S) Destination (T) Prof. Zygmunt Haas Cornell University 9
An example of SRP operation - Impersonate T - Fabricate reply - Corrupt request - Forge route error Adversary (M) Source (S) Destination (T) Prof. Zygmunt Haas Cornell University 10
An example of SRP operation (con t) - Corrupt request Request 1 Request 2 - Corrupt reply Adversary (M) Source (S) Destination (T) Prof. Zygmunt Haas Cornell University 11
The SRP - Conclusions Secure Routing Protocol Minimal trust assumptions Low overhead (shown next) Correct connectivity in the presence of adversaries Extension: replies from intermediate nodes Full paper: wnl.ece.cornell.edu (P.Papadimitratos and Z.J. Haas, "Secure Routing for Mobile Ad Hoc Networks," SCS Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2002), San Antonio, TX, January 27-31, 2002) Prof. Zygmunt Haas Cornell University 12
SRP Performance Evaluation Assess the practicality of secure routing for mobile ad hoc networks MANET nodes have limited resources Network operation conditions stress the routing protocol Security features impose additional overhead However, a secured routing protocol should maintain its effectiveness Prof. Zygmunt Haas Cornell University 13
Performance Evaluation Criteria of a Secure Routing Protocol Does the protocol provide correct connectivity information in a timely manner? Does it deliver data with acceptable delays? What is the control overhead it imposes? What computational resources are required to support the security mechanisms? How does the protocol perform when adversaries disrupt its operation? Prof. Zygmunt Haas Cornell University 14
The SRP design The design of SRP takes into account the limitations of the MANET paradigms incorporates widely accepted techniques uses low-cost cryptographic tools assumes trust only between the two communicating end nodes, which are the only ones that incur the cryptographic overhead Prof. Zygmunt Haas Cornell University 15
The SRP design (con t) Route replies are provided only by the associated destinations Nodes do not maintain routing information for non-trusted destinations Communicating end nodes generate and validate message authentication codes (MAC) appended to route requests and replies Prof. Zygmunt Haas Cornell University 16
Impact of SRP on network performance Processing overhead Transmission overhead Possible sources of routing information are narrowed down Route discovery delays increase Control message overhead increases Prof. Zygmunt Haas Cornell University 17
Our Evaluation Methodology Evaluate SRP in a benign setting, under a wide range of scenarios, and determine whether it remains competitive (baseline) Evaluate SRP in a malicious setting, for different numbers of adversaries, and compare against the baseline performance Prof. Zygmunt Haas Cornell University 18
Simulation Models Number of Nodes Coverage Area Simulation time Mobility Traffic Load PHY/MAC Data Collection Tool 50 1500m-by-300m 300 sec Random waypoint, Pause={0,30,100,200} 10, 20, 30 CBR sources 802.11, DCF, 2Mbps, 250m Measurements averaged over 4 runs OPNET Prof. Zygmunt Haas Cornell University 19
Simulation Models (con t) Basic SRP Each source has a security association (SA) with, and transmits to a single destination INRT (Intermediate Node Reply Token) SRP In addition to the end-to-end SA s, nodes assumed to belong to the same group share a group key Group sizes: 10 and 20 nodes Source & destination pair belongs to same group Prof. Zygmunt Haas Cornell University 20
SRP baseline performance Prof. Zygmunt Haas Cornell University 21
SRP baseline performance (cont d) Prof. Zygmunt Haas Cornell University 22
SRP baseline performance (cont d) Prof. Zygmunt Haas Cornell University 23
SRP baseline performance - observations SRP successfully copes with all scenarios The routing load is significantly high, as expected The performance degrades as the load increases Packet delivery fraction decreases, end-to-end delay increases Prof. Zygmunt Haas Cornell University 24
SRP baseline performance (cont d) Prof. Zygmunt Haas Cornell University 25
SRP baseline performance (cont d) Cryptographic overhead is surprisingly low It does not increase as the load increases For Basic-SRP, it does not decrease as mobility decreases For INRT-SRP, the increase is primarily due to increase in group size The measured computational load corresponds to two SA s per node Prof. Zygmunt Haas Cornell University 26
SRP baseline performance (cont d) Basic-SRP vs. INRT-SRP INRT-SRP performs better as the load increases (packet delivery fraction, delay) INRT-SRP has consistently lower routing load INRT-SRP roughly doubles the cryptographic computational overhead However, INRT-SRP can support communication with a larger number of destinations Overhead reduces as mobility decreases Prof. Zygmunt Haas Cornell University 27
Performance of SRP under attack Parameters: 10 sources, Basic-SRP, pause time={0,100} Number of adversaries: {1,5,10,15} out of 50 nodes Two simple attacks Corrupt all in-transit control traffic and relay it Generate a forged reply for each received request Each adversary assumes one type of misbehavior for the simulated period (roughly one half of the malicious nodes per attack type) Prof. Zygmunt Haas Cornell University 28
Performance of SRP under attack (con t) Prof. Zygmunt Haas Cornell University 29
Performance of SRP under attack (con t) Performance is not significantly affected Visible degradation as the number of adversaries increases, especially in terms of delay Network size and density, and thus topological redundancies, contribute to the protocol s resilience Prof. Zygmunt Haas Cornell University 30
Performance of SRP - conclusions SRP remains competitive to protocols that were not originally designed with security provisions. SRP withstands the presence of a significantly high number of adversaries. SRP can be employed even if network nodes have limited computational capabilities. Thus, SRP appears to be viable and practical solution for secure routing for MANETs. Prof. Zygmunt Haas Cornell University 31