An On-Demand Secure Byzantine Routing Protocol - PowerPoint PPT Presentation

About This Presentation
Title:

An On-Demand Secure Byzantine Routing Protocol

Description:

An On-Demand Secure Byzantine Routing Protocol David Holmer Department of Computer Science Presentation Outline Introduction Attacks & Byzantine Behavior ODSBR ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 62
Provided by: DavidHo162
Learn more at: https://www.cs.jhu.edu
Category:

less

Transcript and Presenter's Notes

Title: An On-Demand Secure Byzantine Routing Protocol


1
An On-Demand Secure Byzantine Routing Protocol
  • David Holmer
  • Department of Computer Science

2
Presentation Outline
  • Introduction
  • Attacks Byzantine Behavior
  • ODSBR
  • Results

Feel Free to Ask Questions Throughout the
Presentation
3
Mobile Ad Hoc Wireless Networks
  • Non-centralized architecture - All nodes pass
    traffic
  • Advantages
  • Increased Coverage (overall range less gaps)
  • Reduced Deployment Cost (less wired connectivity)
  • Rapid Deployment (self configuring self
    healing)
  • Security Challenges
  • Collaborative nature
  • All nodes participate in routing - can we trust
    them?
  • Lack of physical security
  • Wireless broadcast medium - anyone can eavesdrop
  • Mobile devices highly susceptible to theft and
    tampering

Security is a Vital Component!
4
Publications
  • WiSE 2002 An On-Demand Secure Routing Protocol
    Resilient to Byzantine Failures
  • MILCOM 2004 The Pulse Protocol Sensor Network
    Routing and Power Saving
  • INFOCOM 2004 The Pulse Protocol Energy
    Efficient Infrastructure Access
  • WONS 2004 High Throughput Route Selection in
    Multi-rate Wireless Networks
  • IZS 2004 Swarm Intelligence Routing Resilient
    to Byzantine Adversaries
  • WONS 2005 The Pulse Protocol Mobile Ad hoc
    Network Performance Evaluation
  • SECURECOM 2005 On the Survivability of Routing
    Protocols in Ad Hoc Wireless Networks
  • NDSS 2005 Secure Multi-hop Infrastructure
    Access
  • INFOCOM 2005 Provably Competitive Adaptive
    Routing
  • MONET Journal 2006 The Medium Time Metric
    High Throughput Route Selection in Multi-rate
    Wireless Networks
  • ESAS 2006 Dynamics of Learning Algorithms for
    the On-Demand Secure Byzantine Routing Protocol

Most relevant to this talk
Other work
5
Basic Problem
Source
Destination
Shortest Path
Fault Free Path
6
Presentation Outline
  • Introduction
  • Attacks Byzantine Behavior
  • ODSBR
  • Results

Feel Free to Ask Questions Throughout the
Presentation
7
Strong Attacks
  • Adversarial Properties
  • Single Majority
  • External Byzantine / Insider
  • Individual Colluding
  • Attacks
  • Insertion/Modification
  • Black hole
  • Wormhole
  • Flood Rushing
  • Denial of service

Black hole
Wormhole
8
Byzantine Behavior
  • Significant research to protect against external
    adversaries (traditional secret based exclusion)
  • However, authenticity and integrity do not
    provide any guarantee about the legitimacy of
    actions taken by authenticated / insider nodes
  • Attacks where the adversary has full control of
    an authenticated device and can perform arbitrary
    actions to disrupt the network
  • Byzantine Generals problem Lamport 82

9
Related Work
  • Byzantine robustness for Wired Link State
    routing Perlman 88
  • Authentication and integrity Zhou, Haas 99
  • Hubaux, Buttyan, Capkun 01
  • Dahill, Levine, Shields, Royer 02
  • Hu, Perrig, Johnson 02, 01
  • Blackhole Marti, Giuli, Lai, Baker - 00
  • Papadimitratos, Haas - 03
  • Wormhole Hu, Perrig, Johnson 03
  • Hu, Evans 04
  • Flood rushing Hu, Perrig, Johnson 03
  • Majority do not address the Byzantine adversarial
    model
  • Focus on individual attacks - no comprehensive
    solutions!

10
Presentation Outline
  • Introduction
  • Attacks Byzantine Behavior
  • ODSBR
  • Results

Feel Free to Ask Questions Throughout the
Presentation
11
On-Demand Secure Byzantine Routing
  • Provides Survivable routing in a Byzantine
    environment
  • Original version published in WiSe 2002 (gt25
    cites)
  • Trust model
  • Source and Destination are trusted
  • Intermediate nodes are authenticated (PKI
    Symmetric keys)but not fully trusted
  • Adversarial model
  • Majority of colluding byzantine adversaries
  • All routing attacks except - eavesdropping,
    resource consumption, wormhole creation, other
    layers
  • Our solution
  • An on-demand routing protocol
  • Link based reliability metric
  • Bounded losses as long as there exists a
    fault-free path
  • Avoids the need for Byzantine Agreement (costly
    less capable)

12
ODSBR Protocol Overview
Route Discovery with Fault Avoidance
Byzantine Fault Detection
Discovered Path
Link Weight Management
Weight List
Faulty Link
13
ODSBR Protocol Overview
Route Discovery with Fault Avoidance
Byzantine Fault Detection
Discovered Path
Link Weight Management
Weight List
Faulty Link
14
Route Discovery
  • On-demand protocol
  • Finds a least weight path
  • Request flood
  • Request includes weight list and signature
  • Signature verified at every hop
  • Prevents un-authorized route requests

15
Route Discovery (cont.)
  • Response flood
  • Prevents response block attack
  • Path and weight accumulated hop by hop
  • Appends signature to response
  • Lower cost updates are re-broadcast
  • Every hops verifies the entire path
  • Prevents flood rushing/blocking attack
  • A min-weight path is always established
  • Path is not guaranteed to be fault free

16
Fault Detection Phase
Route Discovery with Fault Avoidance
Byzantine Fault Detection
Discovered Path
Link Weight Management
Weight List
Faulty Link
17
Fault Detection Strategy
  • Probing technique using authenticated
    acknowledgements
  • Naïve probing technique
  • Too much overhead per data packet!

18
Secure Adaptive Probing
Source
Destination
Success
Fault 1
Fault 2
Fault 3
Fault 4
Binary search identified in log n faults
Trusted Node
Successful Probe
Successful Interval
Intermediate Node
Failed Probe
Faulty Interval
19
Probe Ack Properties
  • Probes
  • Inseparable from data - listed on all packets
  • Integrity checked at each probe - HMAC
  • Enforces path order - reverse ordered HMAC list
  • Acks
  • Authenticated - HMAC
  • Single combined ack packet - individual HMAC of
    entire ack packet so far added at each probe
  • Adversary cant selectively drop some of the acks
  • Staggered timeouts - restarts ack packet
  • A node cant incriminate any link but its own

20
Fault Identification
  • Fault Definition
  • Packet loss rate violates a fixed threshold
  • Excessive delay also causes packet loss
  • Identifies faulty links regardless of reason
  • Malicious behavior
  • Non-malicious malfunction
  • Adverse network behavior
  • Congestion
  • Intermittent connectivity

21
Link Weight Management Phase
Route Discovery with Fault Avoidance
Byzantine Fault Detection
Discovered Path
Link Weight Management
Weight List
Faulty Link
22
Link Weight Management
  • Maintains a weight list of identified links
  • Faulty links have their weight doubled
  • Resets link weights
  • Timed by successful transmissions
  • Bounds average loss rate
  • Weight scheme provides soft avoidance
  • Minimal penalty for false positives
  • Network is never partitioned
  • Allows use of aggressive fault thresholds

23
Presentation Outline
  • Introduction
  • Attacks Byzantine Behavior
  • ODSBR
  • Results

Feel Free to Ask Questions Throughout the
Presentation
24
ODSBR Attack Mitigation
  • Injecting, modifying packets HMAC
  • Replay attack use of nonces
  • Flood rushing protocol relies on the metric,
    and not on timing information
  • Black hole unreliable links are avoided using
    metric
  • Wormhole creation is not prevented, but it is
    avoided using metric

25
Loss Bound Analysis
  • Network of n nodes of which k are adversaries
  • Assume a fault free path exists
  • Protocol bounds the number of packets lost
    communicating with the destination

26
Byzantine Attack Simulation
  • Simulated attacks
  • Black Hole
  • Wormhole
  • Super-Wormhole
  • Flood Rushing

Random StrategicAdversary Placements
27
AODV Simulation Summery
28
ODSBR Simulation Summery
29
Conclusion
  • On-demand routing protocol resilient to a wide
    range of colluding byzantine attacks
  • Adaptive probing scheme identifies faulty link
    location without Byzantine Agreement
  • Bounded long term loss rate guaranteed
    correctness in any network
  • Excellent performance in a myriad of practical
    scenarios

30
(No Transcript)
31
Experimental Lessons Learned
  • Most important factors
  • Flood rushing
  • Strategic positioning
  • Quantify the relative strength of different
    attacks
  • ODSBR
  • able to mitigate wide range of Byzantine attacks
  • not significantly affected by flood rushing
  • performance decreased when a large number of
    adversarial links exists

32
ODSBR - simulation
ACHR - SecureComm05
  • Implementation simulation
  • NS2 network simulator
  • 50 nodes randomly placed within a 1000 x 1000
    meter square area
  • In addition, 0 to 10 adversarial nodes were added
  • Random way-point mobility model
  • A traffic load of 10 CBR flows
  • ODSBR vs. AODV

33
Black Hole
  • Attack
  • An attacker lies along the selected path
  • The attacker passes routing control traffic
    correctly (route request, response, acks, etc.)
  • However it drops or corrupts data traffic
  • Strong variants may do this adaptively to avoid
    detection

Source
Destination
34
Black Hole
  • ODSBR Defense
  • Secured acks detect ANY damage of data flow
  • Adaptive probing localizes the damage to one of
    the adversaries links
  • Weight of adversarial link is increased allowing
    correct path to be found

Source
Destination
35
Black hole attack Flood Rushing
36
Worm Hole
  • Attack
  • Two attackers establish a path and tunnel packets
    from one to the other
  • The worm hole turns many hops into one virtual
    hop creating shortcuts in the network
  • This allows a group of adversaries to easily draw
    in packets and drop them

Source
Destination
37
Worm Hole
  • ODSBR Defense
  • Worm hole creation is not prevented
  • Impossible without assumptions about links and/or
    additional non-standard hardware/information
  • Worm holes are benign unless they disrupt data
    flow
  • Worm hole link can be identified and avoided

Source
Destination
38
Wormhole attack random placement
39
Central wormhole simulation
40
Complete Coverage simulation
41
Flood Rushing Attack
  • exploits flood duplicate suppression
  • authentication doesnt help
  • can result in many adversarial controlled paths
  • ODSBR Defense
  • hop-by-hop authentication
  • process all duplicate flood packets and
    rebroadcast lower metric valid flood packets

42
Byzantine Wormhole attack
Adversary
Adversary
wormhole
Destination
Source
  • ODSBR Defense
  • wormhole formation is not prevented
  • wormhole will be detected and avoided

43
Super-Wormhole
  • a more general (and stronger) variant of the
    wormhole attack
  • several adversaries collude and form an overlay
    of Byzantine wormholes
  • for n adversaries, it is equivalent to n2
    wormholes

44
ODSBR - continued
  • Fault any disruption that causes significant
    loss or delay in the network
  • End-to-end ACKs
  • Reliability metric based on past history
  • Faulty links are identified using an adaptive
    probing technique, and avoided during the secure
    route discovery
  • Maximum damage that can be caused by adversaries
    is bounded
  • q- - ? ? q ? b ? kn ? log2n

45
(No Transcript)
46
(No Transcript)
47
(No Transcript)
48
(No Transcript)
49
Black Hole Flood Rushing
  • Black Hole Adversary selectively drops only
    data packets, but still participates in the
    routing protocol correctly
  • Flood Rushing takes advantage of the flood
    suppression mechanism
  • Simulation
  • Black hole drop all data packets
  • Flood rushing ignore broadcast delays

50
Overhead non-adversarial scenario
51
Overhead attack scenario
52
Analysis
  • for a good path
  • Losses ( Gains ) X LossRate lt 0
  • We get
  • Losses ( Gains ) X LossRate lt delta
  • Delta nodes X adv X log 2 nodes

53
Link Weight Management
  • Maintains a weight list of identified links
  • Faulty links have their weight doubled
  • Resets link weights
  • Timed by successful transmissions
  • Bounds average loss rate
  • Network is never partitioned

1
1
1
1
1
1
54
On-Demand vs. Proactive Routing Security Concerns
  • On-Demand
  • Source Authentication
  • Caching presents adversarial opportunity
  • Pro-active
  • Harder to secure since pieces of information can
    not be traced back to a single source.

55
Black Hole Attack
  • Problem Adversary may delete a packet
  • How do we detect and avoid black holes ?
  • Reliable node may be blamed
  • Detecting failing node Consensus costs ()

X
a
b
c
X
a
b
c
56
Worm Holes
  • Two attackers establish a path and tunnel packets
    from one to the other
  • The worm hole turns many adversarial hops into
    one virtual hop creating shortcuts in the network
  • This allows a group of adversaries to easily draw
    packets into a black hole

Source
Destination
57
Flood Blocking
  • Flood Blocking Attack
  • Adversary propagates a false short path
  • Intermediate nodes do not forward inferior
    valid path information
  • Source ignores the false path
  • No path is established
  • Path must be verified at intermediate nodes

58
Fault Detection Strategy
  • Probing technique using authenticated
    acknowledgements
  • Naïve technique
  • Receiving an ack from every node overly costly!

D
59
OLD Route Discovery
  • On-demand protocol
  • Bi-directional flood
  • Request flood
  • Source includes weight list and a signature
  • Request verified at each hop

Request
Response
60
OLD Probe Ack Specification
  • Probes
  • List of probes attached to every packet
  • Each probe is specified by an HMAC
  • Probes listed in path order
  • Remainder of probe list is onion encrypted
  • Ack
  • Authentication via HMAC
  • Collected and onion encrypted at each probe point

61
Thank You! Questions??
Authors
Baruch Awerbuch, Reza Curtmola, David
Holmer,Herbert Rubens
Cristina Nita-Rotaru
Johns Hopkins University Department of Computer
Science
Purdue University Department of Computer Science
crisn_at_cs.purdue.edu
baruch, crix, dholmer, herb _at_cs.jhu.edu
http//www.cnds.jhu.edu/archipelago
Write a Comment
User Comments (0)
About PowerShow.com