Secure communication in cellular and ad hoc environments

About This Presentation

Title:

Secure communication in cellular and ad hoc environments

Description:

This is supported by Motorola Communication Research Lab & National Science Foundation ... Research of Interest to Motorola. Evaluating CAMA routing in ... – PowerPoint PPT presentation

Number of Views:178

Avg rating:3.0/5.0

Slides: 108

Provided by: wangwe

Learn more at: https://www.cs.purdue.edu

Category:

more less

Transcript and Presenter's Notes

Title: Secure communication in cellular and ad hoc environments

1
Secure communication in cellular and ad hoc
environments

Bharat Bhargava
bb_at_cs.purdue.edu
Department of Computer Sciences,
Purdue University
This is supported by Motorola Communication
Research Lab National Science Foundation

Team at Motorola
Jeff Bonta
George Calcev
Benetido Fouseca
Trefor Delve
Team at Purdue University
X. Wu Research scientist (receives his PhD
from UC-Davis)
Y. Lu PhD student
G. Ding PhD student
W. Wang PhD student

3
Problem statement

How to provide secure, continuous, and efficient
connectivity for a mobile unit in a structured
(cellular based) or unstructured (ad hoc) network
environment?

4
Challenges

Dynamic topology
Movement, node failure, etc.

Heterogeneous and decentralized control

Limited resources
Bandwidth, processing ability, energy
Unfriendly environment
Selfish nodes, malicious attackers

5
Research contributions

Combining advantages of cellular systems and ad
hoc networks to enable a more secure network
structure and better performance
Designing routing protocols for ad hoc networks
that adapt to both network topology and traffic
congestion
Designing intruder identification protocols in ad
hoc networks
Conducting experimental studies in heterogeneous
wireless environments and evaluating our protocols

6
Research directions

Cellular-aided Mobile Ad Hoc Network (CAMA)
Adaptive and Heterogeneous Mobile Wireless
Networks
Intruder Identification in Ad Hoc Networks

7
Cellular-aided Mobile Ad Hoc Network (CAMA)
8
CAMA Problem Statement

How to realize commercial peer-to-peer
applications over mobile wireless ad hoc
networks?
Papers
Integrating Heterogeneous Wireless
Technologies Cellular-Aided Mobile Wireless Ad
hoc Networks (CAMA), submitted to ACM Special
Issues of the Journal on Special Topics in Mobile
Networking and Applicaitons (MONET).

9
Challenges

Authentication and accounting
No fixed membership
Security concern
Open medium without any centralized control
Real time services
Dynamic topology and slow routing information
distribution

10
Current Environment

Cellular network provides
Wide coverage
Multiple services with single cellular ID
Small packet service in 3G network
Wireless terminals with different protocols

11
CAMA Description

Integration of cellular network and ad hoc
network
CAMA agent works as centralized server attached
to the cellular network
CAMA agent provides ad hoc nodes information such
as authentication, routing support, keys through
cellular channel
Data transmission uses ad hoc channel

12
CAMA Environment
13
Major Ideas

Use signals via cellular network for ad hoc
routing and security managements
Centralized CAMA agent provides control over
distributed ad hoc network

14
CAMA vs. ad hoc network

CAMA has advantages over pure ad hoc
networks in
Simple network authentication and accounting
Routing server for more accurate routing
decisions
Certification authority for key distribution
Central security check point for intrusion
detection

15
CAMA vs. cellular/WLAN

CAMA has advantages over cellular/WLAN
integrated network in
No extra fixed infrastructure
No access point needed
No ad hoc channel radio coverage limit
Multi-hop ad hoc link
No transmission bottleneck
Not all traffic need going through a single node

16
Impact

Cellular service combined with low-cost,
high-data-rate wireless service

17
Research Questions

Feasibilities in commercial applications
requires
Development of routing algorithm and protocols
for multimedia service
Investigation of CAMA vulnerabilities
Development of security protocols for key
distribution and intrusion detection
Evaluation of gain in ad hoc network
Evaluation of overhead in cellular network

18
Methodology of Research

Building algorithms and protocols
Developing bench marks and performance metrics on
multi-media service
Conducting experimental studies
Using ns-2
Using common platform simulator from Motorola
Inc.
Comparing with ad hoc routing protocols
Ad hoc on-demand distance vector routing (AODV)
Destination source routing (DSR)

19
Research of Interest to Motorola

Evaluating CAMA routing in realistic simulation
environment
Radio environment
Adaptive data rate determined by
signal-noise-ratio (SNR)
Node mobility
Exponentially distributed speed
Node density
400 users/sq.km to 14800 users/sq.km
Traffic pattern
VoIP, TCP, Video
Inaccurate position information
Error of 5m to 100m

20
Research of Interest to Motorola (ctn.)

Authentication
By CAMA agent
By mobile nodes
Accounting
Charging rate
Award to intermediate nodes

21
Research of Interest to Motorola (ctn.)

Key assignment
Group key assignment
For entire ad hoc network
For nodes along an active route
Session key assignment
For peer-to-peer communication

22
Research of Interest to Motorola (ctn.)

Intrusion detection
Information collection
Information for different intrusions
Malicious judging rule
Quick malicious node elimination vs. probability
of wrong judgment
Detection cost vs. gain

23
Adaptive and Heterogeneous Mobile Wireless
Networks
24
Problem statement

How to provide continuous connectivity for a
mobile unit to a network in which every node is
moving?

Papers Secure Wireless Network with Movable
Base Stations, being revised for IEICE/IEEE
Joint Special Issue on Assurance Systems and
Networks. Study of Distance Vector Routing
Protocols for Mobile Ad Hoc Networks, in
Proceedings of IEEE International Conference on
Pervasive Computing and Communications (PerCom),
2003.
25
Challenges

Dynamic topology
Movement, node failure, energy problem, etc.

Decentralized control

Limited bandwidth
Congestion is typically the norm rather than the
exception. RFC 2501

26
Research contributions

Routing protocols for mobile ad hoc networks that
adapt to not only network topology, but also
traffic and congestion.

Architecture, design of protocols, and
experimental evaluation in heterogeneous wireless
environments

27
Broad impacts

Sensor networks

Military networks

28
Two network environments considered

Mobile ad hoc networks
No centralized control
Large scale heterogeneous wireless networks with
control in base stations
Wireless networks with movable base stations
(WNMBS)

29
Research questions in mobile ad hoc networks

Development of ad hoc routing protocols that
adapt to traffic load and network congestion.
Identify the network parameters that impact the
performance of routing protocols.
Determine the appropriateness of on-demand and
proactive approaches (given specific routing
requirements and network parameters).
Identify features of ad hoc networks that can be
used to improve routing.

30
Related work (routing protocol)

Destination-Sequenced Distance Vector (DSDV)
Perkins/Bhagwat, SigComm94 (Nokia)
Ad-hoc On-demand Distance Vector (AODV)
Perkins/Royer/Das, WMCSA99, IETF draft 98-03
(Nokia, UCSB, SUNY-Stony Brook)
Dynamic Source Routing (DSR) Johnson/Maltz,
Mobile Computing96, IETF draft 03 (Rice Univ.,
CMU)
Zone Routing Protocol (ZRP) Haas/Pearlman/Samar,
ICUPC97, IETF draft 99-02 (Cornell)
Adaptive Distance Vector (ADV) Boppana/Konduru,
InfoCom01 (UT-San Antonio)
Source-Tree Adaptive Routing (STAR)
Garcia-Luna-Aceves/Spohn, MONET01 (UCSC,
Nokia)
Associativity-Based Routing (ABR) Toh, Wireless
Personal Communications Journal97 (Cambridge
Univ.)
Ad-hoc On-demand Multipath Distance Vector
(AOMDV) Marina/Das, ICNP01 (Univ. of
Cincinnati)

31
Related work (contd)
32
Related work (performance comparison)

Comparison of DSDV, TORA, AODV and DSR
Broch/Maltz/Johnson/Hu/Jetcheva, MobiCom98
(CMU)
Scenario-based performance analysis of DSDV,
AODV, and DSR Johansson/Larsson/Hedman/Mielczarek
/Degermark, MobiCom99 (Ericsson)
Performance comparison of AODV and DSR
Perkins/Royer/Das/Marine, IEEE Personal
Communications01

33
Methodology of research

Developing benchmarks and performance metrics for
routing protocols
Conducting experimental studies
Determine guidelines for design
Evaluate protocols
Building algorithms and protocols

34
Ongoing research

Study of proactive and on-demand approaches
Congestion-aware distance vector routing protocol
Packet loss study

35
Research study

Investigate the proactive and on-demand
approaches
Generalize the results obtained from protocols to
the proactive and on-demand approaches
Introduce power consumption as a performance
metric
Inject heavy traffic load
Identify the major causes for packet drop
Comprehensively study in various network
environments
Propose a congestion-aware routing protocol

36
Simulation experiments

DSDV and AODV are studied by varying network
environment parameters
Node mobility (maximum moving speed)
Traffic load (number of connections)
Network size (number of mobile nodes)
Performance metrics
Packet delivery ratio
Average end-to-end delay
Normalized protocol overhead
Normalized power consumption

37
Simulation setup for experiments
38
Motivation for a new proactive protocol

The proactive protocols provide better support
for
Applications requiring QoS
Timely propagate network conditions
Intrusion and anomaly detection
Constantly exchange the network topology
information
The proactive approach exhibits better
scalability with respect to the number of mobile
nodes and traffic load.

39
Proposed protocol Congestion Aware Distance
Vector (CADV)

Problem with the proactive approach
Congestion
Objective
Dynamically detect congestion and route packets
through less-crowded paths
Method
Characterize congestion and traffic load by using
expected delay.
Consider expected delay at the next hop as the
secondary metric to make routing decisions.
Allow a one-hop longer route to be chosen.
Use destination sequence number to avoid loop.

40
Design issues

Use MAC layer callback to detect broken link
Quick detection
More triggered updates
Whether re-queue a packet
Allowing a one-hop longer route
A one-hop shorter route may not replace the
current one if it introduces significantly more
delay.
To avoid short-lived loop, do not replace the
current route with a longer one if they have the
same sequence number.
Deal with fluctuation
Use randomness in routing decisions to reduce
fluctuation

41
CADV

Components
Real time traffic monitor
Traffic control
Route maintenance module
Route update
When broadcasts an update, every node advertises
the expected delay of sending a packet as
Route maintenance
Apply a function f(ED, distance) to evaluate
the value of a route

42
Observations of CADV

CADV outperforms AODV and DSDV in terms of
delivery ratio
The end-to-end delay becomes longer because
longer routers may be chosen to forward packets
The protocol overhead of CADV is doubled compared
with that of DSDV. It is still less than that of
AODV when the network is loaded
CADV consumes less power per delivered packet
than DSDV and AODV do

43
Characteristics of wireless networks with movable
base stations

Large scale
Heterogeneity
Autonomous sub-nets
Base stations have more resources
Base stations take more responsibilities

44
Research questions

How to organize the network?
Minimize the effect of motion
Minimize the involvement of mobile host
How to build routing protocol?
IP-compliant
Cooperate with various intra-subnet routing
protocols
How to secure communications?
Authenticate
Maintain authentication when a host is roaming

45
Related work

Integrating ad hoc and cellular
Mobile-Assisted Connection-Admission (MACA)
Wu/Mukherjee/Chan, GlobeCom00 (UC-Davis)
Integrated Cellular and Ad-hoc Relaying (iCAR)
Wu/Qiao/De/Tonguz, JSAC01 (SUNY-Buffalo)
Multihop Cellular Networks (MCN) Lin/Hsu,
InfoCom00 (Taiwan)
Mobile base station
Distributed, dynamic channel allocation
Nesargi/Prakash, IEEE Transactions on Vehicular
Technology02 (UT-Dallas)
Hierarchical structure
Multimedia support for Mobile Wireless Networks
(MMWN) Ramanathan/Steenstrup, MONET98 (BBN
Technologies)
Clustering scheme for hierarchical control in
multi-hop wireless networks Banerjee/Khuller,
InfoCom01 (UMD)

46
Methodology of research

Building architecture, developing algorithms and
protocols
Membership management
Inter-subnet routing
Intra- and inter-subnet authentication
Evaluation through experiments

47
Research results

Hierarchical mobile wireless network (HMWN)
Hierarchical membership management scheme
Segmented membership-based group routing protocol
Protection of network infrastructure
Secure roaming and fault-tolerant authentication

48
Future research plan

Develop congestion avoidance routing protocol for
ad hoc networks.
Conduct experiments to study the effect of
implementing congestion avoidance at different
layers.
Conduct a series of experiments to evaluate HMWN.

49
Intruder Identification in Ad Hoc Networks
50
Problem Statement

Intruder identification in ad hoc networks is the
procedure of identifying the user or host that
conducts the inappropriate, incorrect, or
anomalous activities that threaten the
connectivity or reliability of the networks and
the authenticity of the data traffic in the
networks.

Papers On Security Study of Two Distance
Vector Routing Protocols for Mobile Ad Hoc
Networks, in Proceedings of IEEE International
Conference on Pervasive Computing and
Communications (PerCom), 2003. On Vulnerability
and Protection of Ad Hoc On-demand Distance
Vector Protocol, in Proceedings of 10th IEEE
International Conference on Telecommunication
(ICT), 2003.
51
Research Motivation

More than ten routing protocols for Ad Hoc
networks have been proposed (AODV, DSR, DSDV,
TORA, ZRP, etc.)
Research focus has been on performance comparison
and optimizations such as multicast and multiple
path detection
Research is needed on the security of Ad Hoc
networks.
Applications Battlefields, Disaster recovery.

52
Research Motivation

Two types of attacks target Ad Hoc network
External attacks
MAC layer jamming
Traffic analysis
Internal attacks
Compromised host sending false routing
information
Fake authentication and authorization
Traffic flooding

53
Research Motivation

Protection of Ad Hoc networks
Intrusion Prevention
Traffic encryption
Sending data through multiple paths
Authentication and authorization
Intrusion Detection
Anomaly pattern examination
Protocol analytical study

54
Research Motivation

Deficiencies of intrusion prevention
Increases the overhead during normal operations
of Ad Hoc networks
Restriction on power consumption and computation
capability prevent the usage of complex
encryption algorithms
Flat infrastructure increases the difficulty for
the key management and distribution
Cannot guard against internal attacks

55
Research Motivation

Why intrusion detection itself is not enough
Detecting intrusion without removing the
malicious host leaves the protection in a passive
mode
Identifying the source of the attack may
accelerate the detection of other attacks

56
Research Motivation

Research problem Intruder Identification
Research challenges
How to locate the source of an attack ?
How to safely combine the information from
multiple hosts and enable individual host to make
decision by itself ?
How to achieve consistency among the conclusions
of a group of hosts ?

57
Related Work in wired Networks

Secure routing / intrusion detection in wired
networks
Routers have more bandwidth and CPU power
Steady network topology enables the use of static
routing and default routers
Large storage and history of operations enable
the system to collect enough information to
extract traffic patterns
Easier to establish trust relation in the
hierarchical infrastructure

58
Related Work in wired networks

Attack on RIP (Distance Vector)
False distance vector
Solution (Bellovin 89)
Static routing
Listen to specific IP address
Default router
Cannot apply in Ad Hoc networks

59
Related Work in wired networks

Attack on OSPF (Link State)
False connectivity
Attack on Sequence Number
Attack on lifetime
Solution
JiNAONCSU and MCNC
Encryption and digital signature

60
Related Work in Ad Hoc Networks

Lee at GaTech summarizes the difficulties in
building IDS in Ad Hoc networks and raises
questions
what is a good architecture and response system?
what are the appropriated audit data sources?
what is the good model to separate normal and
anomaly patterns?
Haas at Cornell lists the 2 challenges in
securing Ad Hoc networks
secure routing
key management service

61
Related Work in Ad Hoc Networks

Agrawal at University of Cincinnati presents the
general security schemes for the secure routing
in Ad Hoc networks
Nikander at Helsinki discusses the
authentication, authorization, and accounting in
Ad Hoc networks
Bhargavan at UIUC presents the method to enhance
security by dynamic virtual infrastructure
Vaidya at UIUC presents the idea of securing Ad
Hoc networks with directional antennas

62
Related Work ongoing projects

TIARA Techniques for Intrusion Resistant Ad-Hoc
Routing Algorithm (DARPA)
develop general design techniques
focus on DoS attack
sustain continued network operations
Secure Communication for Ad Hoc Networking (NSF)
Two main principles
redundancy in networking topology, route
discovery and maintenance
distribution of trust, quorum for trust

63
Related Work ongoing projects

On Robust and Secure Mobile Ad Hoc and Sensor
Network (NSF)
local route repair
performance analysis
malicious traffic profile extraction
distributed IDs
proposed a scalable routing protocol
Adaptive Intrusion Detection System (NSF)
enable data mining approach
proactive intrusion detection
establish algorithms for auditing data

64
Problem Statement

Intruder identification in ad hoc networks is the
procedure of identifying the user or host that
conducts the inappropriate, incorrect, or
anomalous activities that threaten the
connectivity or reliability of the networks and
the authenticity of the data traffic in the
networks.

65
Evaluation Criteria

Accuracy
False coverage Number of normal hosts that are
incorrectly marked as suspected.
False exclusion Number of malicious hosts that
are not identified as such.
Overhead
Overhead measures the increases in control
packets and computation costs for identifying the
attackers (e.g. verifying signed packets,
updating blacklists).
Workload of identifying the malicious hosts in
multiple rounds

66
Evaluation Criteria

Effectiveness
Effectiveness Increase in the performance of ad
hoc networks after the malicious hosts are
identified and isolated. Metrics include the
increase of the packet delivery ratio, the
decrease of average delay, or the decrease of
normalized protocol overhead (control
packets/delivered packets).
Robustness
Robustness of the algorithm Its ability to
resist different kinds of attacks.

67
Assumptions

A1. Every host can be uniquely identified and its
ID cannot be changed throughout the lifetime of
the ad hoc network. The ID is used in the
identification procedure.
A2. A malicious host has total control on the
time, the target and the mechanism of an attack.
The malicious hosts continue attacking the
network.
A3. Digital signature and verification keys of
the hosts have been distributed to every host.
The key distribution in ad hoc networks is a
tough problem and deserves further research.
Several solutions have been proposed. We assume
that the distribution procedure is finished, so
that all hosts can examine the genuineness of the
signed packets.
A4. Every host has a local blacklist to record
the hosts it suspects. The host has total control
on adding and deleting elements from its list.
For the clarity of the remainder of this paper,
we call the real attacker as malicious host,
while the hosts in blacklists are called
suspected hosts.

68
Applying Reverse Labeling Restriction to Protect
AODV

Introduction to AODV
Attacks on AODV and their impacts
Detecting False Destination Sequence Attack
Reverse Labeling Restriction Protocol
Simulation results

69
Introduction to AODV

Introduced in 97 by Perkins at NOKIA, Royer at
UCSB
12 versions of IETF draft in 3 years, 4 academic
implementations, 2 simulations
Combines on-demand and distance vector
Broadcast Route Query, Unicast Route Reply
Quick adaptation to dynamic link condition and
scalability to large scale network
Support Multicast

70
Security Considerations for AODV

AODV does not specify any special security
measures. Route protocols, however, are prime
targets for impersonation attacks. If there is
danger of such attacks, AODV control messages
must be protected by use of authentication
techniques, such as those involving generation of
unforgeable and cryptographically strong message
digests or digital signatures.
- http//www.ietf.org/internet-drafts/draft-ietf
-manet-aodv-11.txt

71
Message Types in AODV

RREQ route request
RREP route reply
RERR route error

72
Route Discovery in AODV
D
Establish path to the destination
Establish path to the source
S1
S3
Establish path to the source
Establish path to the destination
S2
S4
Establish path to the destination
Establish path to the source
S
73
Introduction to AODV (cond)

Security Features of AODV
Combination of Broadcast and Unicast
Route reply is sent out along a single path,
prevent the disclosure of routing information
Fast Expiration of Reverse Route Entry
Route entry created by un-replied route request
will expire in a short time
Freshness of Routing Information
Unique, monotonic destination sequence for every
host, could only be updated by destination/request
initiator

74
Attacks on AODV

Malicious route request
query non-existing host (RREQ will flood
throughout the network)
False route error
route broken message sent back to source (route
discovery is re-initiated)
False distance vector
reply one hop to destination to every request
and select a large enough sequence number
False destination sequence
select a large number (even beat the reply from
real destination)

75
Impacts of Attacks on AODV
76
False Destination Sequence Attack
D
S3
S
S1
S2
M
77
Attacks on AODV and Simulation Results

Simulation of Attacks
A module called AODV Attack added into ns2
Four attacks have been implemented
malicious route request
silently discard
false distance vector
false destination sequence

78
Attacks to AODV and Simulation Results

Simulation parameters

79
Attacks to AODV and Simulation Results
X-axis is max moving speed, which evaluates the
mobility of host. Y-axis is delivery ratio. Two
attacks false distance vector and false
destination sequence, are considered. They lead
to about 30 and 50 of packets to be dropped.
80
Detecting false destination sequence attackby
destination host during route rediscovery
(1). S broadcasts a request that carries the old
sequence 1 21
(2) D receives the RREQ. Local sequence is 5, but
the sequence in RREQ is 21. D detects the false
desti-nation sequence attack.
D
S3
RREQ(D, 21)
S
S1
S2
M
S4
Propagation of RREQ
81
Reverse Labeling Restriction (RLR)

Basic Ideas
Every host maintains a blacklist to record
suspicious hosts. Suspicious hosts can be
released from the blacklist or put there
permanently.
The destination host will broadcast an INVALID
packet with its signature when it finds that the
system is under attack on sequence. The packet
carries the hosts identification, current
sequence, new sequence, and its own blacklist.
Every host receiving this packet will examine its
route entry to the destination host. If the
sequence number is larger than the current
sequence in INVALID packet, the presence of an
attack is noted. The next hop to the destination
will be added into this hosts blacklist.

82
Reverse Labeling Restriction (RLR)

All routing information or intruder
identification packets from hosts in blacklist
will be ignored, unless the information is about
themselves.
After a host is released from the blacklist, the
routing information or identification results
from it will be processed.

83
Example to illustrate RLR
D
S3
INVALID ( D, 5, 21, , SIGN )
S
S1
S2
M
S4
D sends INVALID packet with current sequence 5,
new sequence 21. S3 examines its route table,
the entry to D is not false. S3 forward packet to
S1. S1 finds that its route entry to D has
sequence 20, which is 5. It knows that the
route is false. The hop which provides this false
route to S1 was S2. S2 will be put into S1s
blacklist. S1 forward packet to S2 and S. S2 adds
M into its blacklist. S adds S1 into its
blacklist. S forward packet to S4. S4 does not
change its blacklist since it is not involved in
this route.
84
Reverse Labeling Restriction (cond)

Update Blacklist by INVALID Packet
Next hop on the invalid route will be put into
local blacklist, a timer starts, a counter
Labeling process will be done in the reverse
direction of route
When timer expires, the suspicious host will be
released from the blacklist and routing
information from it will be accepted
If counter threshold, the suspicious host will
be permanently put into blacklist

85
RLR creates suspicion trees. If a host is the
root of a quorum of suspicion trees, it is
labeled as the attacker.
86
Reverse Labeling Restriction (cond)

Update local blacklist by other hosts blacklist
Attach local blacklist to INVALID packet with
digital signature to prevent impersonation
Every host will count the hosts involved in
different routes that say a specific host is
suspicious. If the number threshold, it will be
permanently added into local blacklist and
identified as an attacker.
Threshold can be dynamically changed or can be
different on various hosts

87
Reverse Labeling Restriction (cond)

Two other effects of INVALID packets
Establish routes to the destination host when
the host sends out INVALID packet with digital
signature, every host receiving this packet can
update its route to the destination host through
the path it gets the INVALID packet.
Enable new sequence When the destination
sequence reaches its max number (0x7fffffff) and
needs to round back to 0, the host sends an
INVALID packet with current sequence
0x7fffffff, new sequence 0.

88
Reverse Labeling Restriction (cond)

Packets from suspicious hosts
Route request If the request is from suspicious
hosts, ignore it.
Route reply If the previous hop is suspicious
and the query destination is not the previous
hop, the reply will be ignored.
Route error will be processed as usual. RERR
will activate re-discovery, which will help to
detect attacks on destination sequence.
INVALID if the sender is suspicious, the packet
will be processed but the blacklist will be
ignored.

89
Simulation parameter
90
Reverse Labeling Restriction (cond)Simulation
results

The following metrics are chosen
Delivery ratio (evaluate effectiveness of RLR)
Number of normal hosts that identify the attacker
(evaluate accuracy of RLR)
Number of normal hosts that are marked as
attacker by mistake (evaluate accuracy of RLR)
Normalized overhead (evaluate communication
overhead of RLR)
Number of packets to be signed (evaluate
computation overhead of RLR)

91
Reverse Labeling Restriction (cond)
X-axis is host pause time, which evaluates the
mobility of host. Y-axis is delivery ratio. 25
connections and 50 connections are considered.
RLR brings a 30 increase in delivery ratio. 100
delivery is difficult to achieve due to network
partition, route discovery delay and buffer.
92
Reverse Labeling Restriction (cond)
X-axis is number of attackers. Y-axis is delivery
ratio. 25 connections and 50 connections are
considered. RLR brings a 20 to 30 increase in
delivery ratio.
93
Reverse Labeling Restriction (cond)
The accuracy of RLR when there is only one
attacker in the system
94
Reverse Labeling Restriction (cond)
The accuracy of RLR when there are multiple
attackers
95
Reverse Labeling Restriction (cond)
X-axis is host pause time, which evaluates the
mobility of host. Y-axis is normalized overhead
( of control packet / of delivered data
packet). 25 connections and 50 connections are
considered. RLR increases the overhead slightly.
96
Reverse Labeling Restriction (cond)
X-axis is host pause time, which evaluates the
mobility of host. Y-axis is the number of signed
packets processed by every host. 25 connections
and 50 connections are considered. RLR does not
severely increase the computation overhead to
mobile host.
97
Reverse Labeling Restriction (cond)
X-axis is number of attackers. Y-axis is number
of signed packets processed by every host. 25
connections and 50 connections are considered.
RLR does not severely increase the computation
overhead of mobile host.
98
Robustness of RLR

If the malicious host sends false INVALID packet
Because the INVALID packets are signed, it cannot
send the packets in other hosts name
If it sends INVALID in its own name, the reverse
labeling procedure will converge on the malicious
host and identify the attacker. The normal hosts
will put it into their blacklists.

99
Robustness of RLR

If the malicious host frames other innocent hosts
by sending false Blacklist
If the malicious host has been identified, the
blacklist will be ignored
If the malicious host has not been identified,
this operation can only lower the threshold by
one. If the threshold is selected properly, it
will not impact the identification results.

100
Robustness of RLR

If the malicious host only sends false
destination sequence about some special host
The special host will detect the attack and send
INVALID packets.
Other hosts can establish new routes to the
destination by receiving the INVALID packets.

101
Securing Ad Hoc networks -- Establish trust
relationship in open area

Evaluate known knowledge
Known knowledge
Interpretations of observations
Recommendations
An algorithm that evaluates trust among hosts is
being developed
A hosts trustworthiness affects the trust toward
the hosts on the route
Predict of trustworthiness of a host
Current approach uses the result of evaluation as
prediction.

102
Securing Ad Hoc networks -- Establish trust
relationship in open area

What trust information is needed when adding/
removing suspicious host from blacklist?
The trust opinion of S1 towards an entity S2 in a
certain context R
What characteristics of trust need to be included
in the model?
Dependability combination of competence,
benevolence, and integrity
Predictability

103
Securing Ad Hoc networks -- Establish trust
relationship in open area

What is the suitable representation of trust?
A random variable is used to represent trust so
that the inherent uncertainty of deriving trust
from behaviors can be accommodated.
How to represent the interpretation of an
observation?
A trust distribution function

104
Further Work

Design a set of formalized criteria to evaluate
identification algorithms
Study more features of Ad Hoc networks and
exploit their vulnerability
Simulate attacks on RLR, examine its robustness
Integrate with research on trust
Methods to identify the non-attackers and release
them from blacklist
Mechanisms to release hosts from the permanent
blacklist

105

More information may be found at
http//raidlab.cs.purdue.edu
Our papers and tech reports
W. Wang, Y. Lu, B. Bhargava, On vulnerability and
protection of AODV, CERIAS Tech Report TR-02-18.
B. Bhargava, Y. Zhong, Authorization based on
Evidence and Trust, in Proceedings of Data
Warehouse and Knowledge Management Conference
(DaWak), 2002
Y. Lu, B. Bhargava and M. Hefeeda, An
Architecture for Secure Wireless Networking, IEEE
Workshop on Reliable and Secure Application in
Mobile Environment, 2001
W. Wang, Y. Lu, B. Bharagav, On vulnerability
and protection of AODV, in proceedings of ICT
2003.
W. Wang, Y. Lu, B. Bhargava, On security study
of two distance vector routing protocols for two
mobile ad hoc networks, in proceedings of PerCOm
2003.

106
Selected References

1 C. Perkins and E. Royer, Ad-hoc on-demand
distance vector routing, in Proceedings of the
2nd IEEE Workshop on Mobile Computing Systems and
Applications, 1999.
2 C. Perkins, Highly dynamic
destination-sequenced distancevector routing
(DSDV) for mobile computers, in Proceedings of
SIGCOMM, 1994.
3 Z. Haas and M. Pearlman, The zone routing
protocol (ZRP) for ad hoc networks, IETF
Internet Draft, Version 4, July, 2002.
4 T. Camp, J. Boleng, B. Williams, L. Wilcox,
and W. Navidi, Performance comparison of two
location based routing protocols for ad hoc
networks, in Proceedings of the IEEE INFOCOM,
2002.
5 Z. Haas, J. Halpern, and L. Li, Gossip-based
ad hoc routing, in Proceedings of the IEEE
INFOCOM, 2002.
6 C. Perkins, E. Royer, and S. Das,
Performance comparison of two on-demand routing
protocols for ad hoc networks, in Proceedings of
IEEE INFOCOM, 2000.
7 S. Das and R. Sengupta, Comparative
performance evaluation of routing protocol for
mobile, ad hoc networks, in Proceedings of IEEE
the Seventh International Conference on Computer
Communications and Networks, 1998.
8 L. Venkatraman and D. Agrawal,
Authentication in ad hoc networks, in
Proceedings of the 2nd IEEE Wireless
Communications and Networking Conference, 2000.

107
Selected References

9 Y. Zhang and W. Lee, Intrusion detection in
wireless ad-hoc networks, in Proceedings of ACM
MobiCom, 2000.
10 Z. Zhou and Z. Haas, Secure ad hoc
networks, IEEE Networks, vol. 13, no. 6, pp.
2430, 1999.
11 V. Bharghavan, Secure wireless LANs, in
Proceedings of the ACM Conference on Computers
and Communications Security, 1994.
12 P. Sinha, R. Sivakumar, and V. Bharghavan,
Enhancing ad-hoc routing with dynamic virtual
infrastructures., in Proceedings of IEEE
INFOCOM, 2001.
13 S. Bhargava and D. Agrawal, Security
enhancements in AODV protocol for wireless ad hoc
networks, in Proceedings of Vehicular Technology
Conference, 2001.
14 P. Papadimitratos and Z. Haas, Secure
routing for mobile ad hoc networks, in
Proceedings of SCS Communication Networks and
Distributed Systems Modeling and Simulation
Conference (CNDS), 2002.
15 P. Albers and O. Camp, Security in ad hoc
network A general id architecture enhancing
trust based approaches, in Proceedings of
International Conference on Enterprise
Information Systems (ICEIS), 2002.