A Secure Ad-hoc Routing Approach using Localized Self-healing Communities - PowerPoint PPT Presentation

1 / 42
About This Presentation
Title:

A Secure Ad-hoc Routing Approach using Localized Self-healing Communities

Description:

A Secure Ad-hoc Routing Approach using Localized Self-healing Communities Jiejun Kong, *Xiaoyan Hong, Yunjung Yi, Joon-Sang Park, *Jun Liu, Mario Gerla – PowerPoint PPT presentation

Number of Views:77
Avg rating:3.0/5.0
Slides: 43
Provided by: Cs76
Category:

less

Transcript and Presenter's Notes

Title: A Secure Ad-hoc Routing Approach using Localized Self-healing Communities


1
A Secure Ad-hoc Routing Approach using Localized
Self-healing Communities
  • Jiejun Kong, Xiaoyan Hong, Yunjung Yi, Joon-Sang
    Park, Jun Liu,Mario Gerla
  • WAM Laboratory
  • Computer Science Department Computer
    Science Department
  • University of California, Los Angeles
    University of Alabama, Tuscaloosa
  • jkong,yjyi,jspark,gerla_at_cs.ucla.edu
    jliu,hxy_at_cs.ua.edu

2
Problem Statement
  • RREQ flooding attack by non-cooperative members
    (selfish or intruded member nodes)
  • Direct RREQ floods
  • Non-cooperative members continuously generate
    RREQ
  • RREQ rate limited packet suppression needed
  • Indirect RREQ floods
  • RREP DATA packet loss
  • Caused by rushing attack etc. Hu et al.,WiSe03
  • Indirectly trigger more RREQ floods
  • Dont blame the RREQ initiator
  • Excessive floods deplete network resource

3
Indirect Attack Example
dest
source
  • RREQ forwarding
  • Rushing attackers disobey delay
    (MAC/routing/queuing) requirements w/ higher
    prob., are placed on RREP / DATA path
  • Can trigger more RREQ floods initiated by other
    good nodes
  • RREP DATA packet loss is common in MANET
  • Hard to differentiate attackers from
    non-attackersnetwork dynamics?
    non-cooperative behaviors?

4
Outline
  • Related work
  • Community-based secure routing approach
  • Strictly localized
  • Self-healing community substitutes single
    node
  • Our analytic model
  • Asymptotic network security model
  • Stochastic model for mobile networks
  • Empirical simulation verification
  • Summary

5
Related Secure Routing Approaches
  • Cryptographic protections TESLA in Ariadne, PKI
    in ARAN
  • Cannot stop non-cooperative network membersThey
    have required credentials / keys
  • Network-based protections
  • Straight-forward RREQ rate limit DSR, AODV
  • Long RREQ interval causes non-trivial routing
    performance degradation
  • Multi-path secure routing Awerbuch,WiSe02
    Haas,WiSe03
  • Not localized, incurs global overhead, expensive
  • Node-disjoint multi-path preferred, but
    challenging
  • Rushing Attack Prevention (RAP) Hu,WiSe03
  • RREQ forwarding delayed and randomized to counter
    rushing
  • Causes large route acquisition delay less likely
    to find optimal path

6
Our design
  • Goal minimize of allowed RREQ floods
  • Ideally, 1 initial on-demand RREQ flood for each
    e2e connection
  • Maintain comparable routing performance
  • Solution
  • Build multi-node communities to counter
    non-cooperative packet loss
  • Design applies to wide range of ad hoc routing
    protocols various ad hoc networks

7
Community 2-hop scenario
Community
  • Area defined by intersection of 3 consecutive
    transmissions
  • Node redundancy is common in MANET
  • Not unusually high, need 1 good node inside the
    community area
  • Community leadership is determined by
    contribution
  • Leader steps down (being taken over)if not doing
    its job (doesnt forward within a timeout Tforw)

8
Community multi-hop scenario
  • The concept of self-healing community is
    applicable to multi-hop routing

9
Community Based Security (CBS)
  • End-to-end communication between ad hoc terminals
  • Community-to-community forwarding (not
    node-to-node)
  • Challenge adversary knows CBS prior to its
    attack
  • It would prevent the network from forming
    communities
  • Network mobility etc. will disrupt CBS

10
On demand initial config
  • Communities formed during RREP
  • Simple heuristics promiscuously overheard 3
    consecutive (ACKs of) RREP packets? set
    community membership flag for the connection
  • Goal revisited reduce the need of RREQ floods
  • In spite of non-cooperative behavior

11
On demand initial config around V
V1
V
U
E
V2
  • (Potentially non-cooperative) Vs community must
    be formed at RREP
  • Else V drops RREP and succeeds
  • V1 and V2 need to know Vs upstream

12
ACK-based config
Communities (if C forwards a correct RREP)
C
D
E
C
B
dest
source
C
13
Proactive re-config
  • Each community loses shape due to network
    dynamics (mobility etc.)
  • End-to-end proactive probing to maintain the
    shape
  • PROBE unicast take-over
  • PROBE_REP unicast take-over
  • Just like RREP
  • Again reduce the need of RREQ floods
  • In spite of random mobility non-cooperative
    behavior

14
Re-config 2-hop scenario
Old community becomes staledue to random node
mobility etc.
  • (PROBE, upstream, )
  • (PROBE_REP, hop_count, )

oldF
S
D
newF

15
Re-config multi-hop scenario
source
dest
  • Optimization
  • Probing message can be piggybacked in data
    packets
  • Probing interval Tprobe adapted on network
    dynamicsSimple heuristics Slow Increase Fast
    Decrease

16
Control flow Data flow
  • Control flows job
  • Config communities RREP
  • Reconfig communities PROBE, PROBE_REP( data
    packets piggybacked with probe info)
  • Unicast take-over
  • DATA
  • DATA packets
  • Unicast make-up (not take-over)community
    setup unchanged

17
Outline
  • Other countermeasures
  • Community-based routing approach
  • Strictly localized w/ clearly-defined per-hop
    operation
  • Self-healing community substitutes single
    node
  • Our analytic model
  • Asymptotic network security model
  • Stochastic model for mobile networks
  • Empirical simulation verification
  • Summary

18
Notion Security as a landslide game
  • Played by the guard and the adversary
  • Proposal can be found as early as Shannons 1949
    paper
  • Not a 50-50 chance game, which is too good for
    the adversary
  • The notion has been used in modern crypto since
    1970s
  • Based on NP-complexity
  • The guard wins the game with 1 - negligible
    probability
  • The adversary wins the game with negligible
    probability
  • The asymptotic notion of negligible applies to
    one-way function (encryption, one-way hash),
    pseudorandom generator, zero-knowledge proof,
    AND this time

19
Our Asymptotic Network Security Model
  • Concept the probability of security breach
    decreases exponentially toward 0 when network
    metric increases linearly / polynomially
  • Consistent with computational cryptographys
    asymptotic notion of negligible /
    sub-polynomial
  • is negligible by definition

x is key length in computational cryptox is
network metric (e.g., of nodes) in network
security
20
The Asymptotic Cryptography Model
The negligible line(sub-polynomial line)
Probability of security breach
1 2 of key bits (key length)
128
  • See Lenstras analysis for proper key
    length(given adversarys brute-force
    computational power)
  • There are approximately 2268 atoms in the entire
    universe
  • Security can be achieved by a polynomial-bounded
    guard against a polynomial-bounded adversary

21
Our Asymptotic Network Security Model
The negligible line(sub-polynomial line)
The exponential line(memory-less line)
Probability of network security breach
Network metric (e.g., of nodes -- network scale)
  • Conforming to the classic notion of security used
    in modern cryptography ! Weve used the same
    security notion

22
Mobile network model
  • Divides the network into large number n of very
    small tiles (i.e., possible positions)
  • A nodes presence probability p at each tile is
    small? Follows a spatial bionomial distribution
    B(n,p)
  • When n is large and p is small, B(n,p) is
    approximately a spatial Poisson distribution with
    rate r1
  • If there are N mobile nodes roaming i.i.d.
    rN Nr1
  • The probability of exactly k nodes in an area A

23
r1 in Random Way Point model
Bettstetter et al.
a1000
24
Community area Aheal
  • (left) maximal community
  • 2-hop RREP nodes are (1 e)R away
  • Area approaching
  • (right) minimal community
  • 2-hop RREP nodes are (2 - e)R away
  • Area approaching 0
  • Real world scenarios randomly distribute between
    these two extremes

25
Modeling adversarial presence
  • q percentage of non-cooperative network members
    (e.g., probability of node selfishness
    intrusion)
  • 3 random variables
  • x number of nodes in the forwarding community
    area
  • y number of cooperative nodes
  • z number of non-cooperative nodes

26
Effectiveness of CBS routing
  • Per-hop failure prob. of community-to-community
    routing is negligible with respect to network
    scale N
  • Per-hop success prob. of node-to-node ad hoc
    routing schemes is negligible (under rushing
    attack)
  • Tremendous gain EG 1 / negligible approaching
    1

27
Community Based Security
Pcommunity
Pregular
  • In summary, in mobile networks haunted by
    non-cooperative behavior, community-based
    security has tremendous (
    ) gain ( )

28
QualNet? simulation verification
  • Perfermance metrics
  • Data delivery fraction, end-to-end latency,
    control overhead
  • of RREQ
  • x-axis parameters
  • Non-cooperative ratio q
  • Mobility (Random Way Point Model, speed minmax)
  • Protocol comparison
  • AODV standard AODV
  • RAP-AODV Rushing Attack Prevention (WiSe03)
  • CBS-AODV Community Based Security

29
Performance Gap
  • CBS-AODVs performance only drops slightly with
    more non-cooperative behavior
  • Tremendous EG justifies the big gap between
    CBS-AODV and others

30
Mobilitys impact
31
Less RREQ
  • In CBS-AODV, of RREQ triggered is less
    sensitive to non-cooperative ratio q
  • Enforcing RREQ rate limit is more practical in
    CBS-AODV

32
Summary
  • Conventional node-to-node routing is vulnerable
    to routing disruptions
  • Excessive but protocol-compliant RREQ floods
  • Rushing attack RREP / DATA packet loss
  • The new community-to-community secure routing is
    our answer
  • Analytic study approves the community design
  • Empirical simulation study justifies the analytic
    results
  • General design
  • Open challenges
  • More optimal estimation of forwarding window
    Tforw probing interval Tprobe
  • Secure and efficient key management between two
    communities

33
Thank you! Questions?
34
This slide is intentionally left blank
  • Backup slides follow

35
r1
  • Inspired by Bettstetter et al.s work
  • For any mobility model (random walk, random way
    point), Bettstetter et al. have shown thatr1 is
    computable following
  • For example, in random way point model in a
    square network area of size aa defined by
    -a/2x a/2 and -a/2y a/2
  • r1 is location dependent, yet computable in
    NS2 QualNet given any area A (using finite
    element method)

36
Delivery fraction Control overhead
  • CBS-AODVs performance only drops slightly with
    more non-cooperative behavior
  • Tremendous EG justifies the big gap (of delivery
    fraction total control overhead) between
    CBS-AODV and others

37
Latency
  • Route acquisition latency monotonically increases
    with q
  • AODVs avg. data packet latency drops due to
    short routes

38
Mobilitys impact
  • CBSs have better delivery fraction
  • CBS-AODV,cons_floods cost is too high

39
RREQ limit control
  • In CBS-AODV, of RREQ triggered is less
    sensitive to non-cooperative ratio q
  • Enforcing RREQ rate limit is more practical in
    CBS-AODV

40
Protocol Details
  • Packet format
  • (RREQ, upstream_node, )
  • (RREP, hop_count, )
  • In DSR or AODV , some of the extra fields can be
    spared

41
Protocol Details
  • Unicast control packets their ACKs

42
Protocol Details
  • Unicast control flows config/re-config
    communities
  • RREP, PROBE, PROBE_REP packets data packets
    piggybacked with probe info
  • Unicast take-over
  • Data flows
  • DATA packets
  • Unicast make-up (not take-over)
Write a Comment
User Comments (0)
About PowerShow.com