Security in Ad hoc Networks - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Security in Ad hoc Networks

Description:

A set of mobile hosts that carry out basic networking functions ... Without the help of an established infrastructure ... Source node (A) : [RDP; IPx; certA; NA; t]KA ... – PowerPoint PPT presentation

Number of Views:79
Avg rating:3.0/5.0
Slides: 17
Provided by: camarsK
Category:

less

Transcript and Presenter's Notes

Title: Security in Ad hoc Networks


1
Security in Ad hoc Networks
  • Refik Molva and Pietro Michiardi
  • Personal Wireless Communication, September 2003
  • Presented by Jumin Song

2
Contents
  • Introduction
  • Secure Routing Proposals
  • Cooperation Enforcement
  • Key Management
  • Conclusion

3
Introduction (1/2)
  • Mobile ad hoc network (MANET)
  • A set of mobile hosts that carry out basic
    networking functions
  • Packet forwarding, routing, network management
  • Characteristics
  • Without the help of an established infrastructure
  • Carried out by not dedicated nodes but all
    available nodes
  • Different environment based on the organizational
    links
  • Managed environments
  • Controlled by an organization and priori trust
    relationship
  • A few special scenarios military networks
  • Open environments
  • Cannot rely on any existing trust relationship
    among the nodes
  • For correct operation of network
  • Correct execution of critical network functions
    by each node
  • A fair share of the functions between each nodes

4
Introduction (2/2)
  • Security exposures in MANET
  • Active attacks
  • By malicious nodes
  • Disrupt the correct functioning of a routing
    protocol
  • Modifying, fabricating, impersonating, wormhole
    attack
  • Passive attacks
  • By selfish nodes
  • Degrade network performances and partition the
    network
  • Selfishness can cause serious damage in terms of
    global network throughput and delay MM 02

5
Secure Routing Proposals (1/5)
  • Proposals
  • Secure Routing Protocol PH 02
  • ARIADNE PJ 02
  • ARAN DLRS 02
  • A secure Routing protocol for Ad hoc Networks
  • Notes on the wormhole attack
  • Overview
  • Oriented to on-demand routing protocols
  • Does not consider the selfishness problem
  • Needs to a managed environment

6
Secure Routing Proposals (2/5)
  • Secure Routing Protocol PH 02
  • Assumption
  • Exist a secret symmetric key between source node
    and destination node
  • Operation
  • Source node Message Authentication Code (MAC)
  • Destination node Verifying the integrity and
    authenticity of the RREQ
  • Intermediate node Priority ranking
  • Pros
  • Non-colluding malicious nodes that modify, replay
    and fabricate routing packets
  • Cons
  • Wormhole attack
  • Route cache poisoning attack
  • Lack of a validation for route maintenance message

7
Secure Routing Proposals (3/5)
  • ARIADNE PJ 02
  • Assumption
  • A shared secret key (KS,D) between source and
    destination
  • An authentic key (KAi) for each node in network
  • Operation
  • ltROUTE REQUEST, initiator, target, id, time
    interval, hash chain, node list, MAC listgt
  • Source node MACKS,D(initiator, target, id, time
    interval),
  • Intermediate node Hnode address, hash chain,
    MACKAi(entire REQUEST)
  • Destination node Verifying the RREQ
  • Pros
  • Target node of a route discovery process can
    authenticate initiator
  • Initiator can authenticate each intermediate node
    in RREP
  • No intermediate node can remove a previous node
    in the node list in RREQ or RREP
  • Cons
  • It does not take into account selfish node

8
Secure Routing Proposals (4/5)
  • ARAN DLRS 02
  • Assumption
  • A trusted certificate server (T)
  • Each node has a certificate signed by T
  • IP, public key, timestamp
  • Operation
  • Source node (A) RDP IPx certA NA tKA
  • Intermediate node (B) RDP IPx certA NA
    tKAKB certB
  • Intermediate node (C) RDP IPx certA NA
    tKAKC certC
  • Destination node (X) REP IPA certX NA tKX
  • Pros
  • Modification, fabrication, impersonation
  • Cons
  • Cost problem in terms of CPU and energy usage
  • Not immune to the wormhole attack

9
Secure Routing Proposals (5/5)
  • Notes on the wormhole attack
  • Packet leashes PG 01
  • Temporal leashes
  • Extremely precise time synchronization and
    timestamps in each packet
  • Geographical leashes
  • Location information and loosely synchronized
    clocks
  • Modifying the routing protocol
  • Path discovery mechanism
  • Handle multiple routes
  • Verification mechanism
  • Detect anomalies when comparing the metrics

10
Cooperation Enforcement (1/3)
  • Selfishness can cause serious damage in terms of
    global network throughput and delay MM 02
  • Cooperation enforcement
  • Currency-based solutions
  • Some form of digital cash is used as an incentive
  • Monitoring solutions
  • Misbehaving nodes will be detected through the
    shared observations of legitimate nodes

11
Cooperation Enforcement (2/3)
  • Nuglets BH 01
  • Nuglet virtual currency used in every
    transaction
  • Two models
  • Packet purse model source pays
  • Packet trade model destination pays
  • CONFIDANT BB 02
  • Aiming at detecting selfish nodes
  • Components
  • Network monitor
  • Reputation records, Trust records
  • Path manager
  • Limitation
  • Assumptions for detection-based reputation systems

12
Cooperation Enforcement (3/3)
  • CORE MM 02
  • Collaborative monitoring technique reputation
    mechanism
  • No negative ratings are spread between the nodes
  • Gradually isolate selfish nodes
  • It suffers from the spoofing attack
  • Token-based cooperation enforcement YML 02
  • Token
  • Required in order to participate in the network
    operation
  • Constructed using a group signature
  • Components
  • Neighbor verification, Neighbor monitoring,
    Intrusion reaction, Security enhanced routing
    protocol
  • Limitation
  • Low node mobility, Spoofing attack

13
Key Management (1/3)
  • Key management
  • Symmetric key based scheme
  • Pair-wise secret keys to establish session keys
    used for authentication and message integrity
  • Example SRP, ARIADNE
  • Public key based scheme
  • Each node possesses a pair of public and private
    keys based on an asymmetric algorithm
  • Example ARAN

Entity authentication Message integrity
Secure routing
Key management
14
Key Management (2/3)
  • Self-organized public key management based on
    PGPCBH 02
  • Overview
  • A public key management solution similar to PGP
    (Pretty Good Privacy)
  • Certificate
  • Based on users personal acquaintances
  • Stored in a local certificate repository
  • Distributed by the users themselves
  • When two users wish to authenticate each others
    public key
  • Find a certificate chain using only the
    certificates stored in their combined local
    repositories
  • Using Shortcut Hunter algorithm based on small
    world phenomenon
  • Consideration
  • Public key in the certificate indeed belongs to
    the node identification named in the certificate?
  • It has problems before the number of certificates
    issued reaches a critical amount

15
Key Management (3/3)
  • Authentication based on polynomial secret sharing
    LL 00
  • Conception
  • Certificate
  • Cooperatively generated by a set of neighbors
  • Using a group signature
  • Secret sharing
  • Secret signature key is distributed among several
    nodes
  • Localized trust model
  • An entity is trusted if any k trusted entities
    claim so
  • A locally trusted entity is globally accepted
  • Drawback
  • Requirement for a trusted dealer that initializes
    the very first k nodes of a coalition
  • Every node has at least k trusted neighbors

16
Conclusion
  • Problems of the existing security solutions
  • Only cover a subset of all threats
  • Lack of cooperation enforcement mechanisms
  • Make unrealistic assumptions
  • Availability of key management infrastructures
  • In contrast with the very nature of ad hoc
    networks
  • Comprehensive security solutions are expected to
    appear
  • Based on realistic trust models
  • Addressing all prevalent issues
  • Routing , Cooperation enforcement, Key management
Write a Comment
User Comments (0)
About PowerShow.com