A Survey of Secure Wireless Ad Hoc Routing

1
A Survey of Secure WirelessAd Hoc Routing

• Authors Yih-Chun Hu and Adrian Perrig
• Publish IEEE Security and Privacy special
  issue on Making Wireless Work, 2(3)28-39, 2004
• Presenter Danzhou Liu

2
Contents

• Introduction
• Attacks on Ad Hoc Network
• Secure Routing in Ad Hoc Network
• Discussions

3
Introduction

• This paper is a survey of research in secure ad
  hoc routing protocols and the challenges faced.
• Ad hoc network
• Collection of mobile nodes forming a network
• Do not have a pre-established network
  infrastructure such as base access points
• Each node moves dynamically and arbitrarily
• All nodes typically operate on a common frequency
  band
• Routing protocols are needed if network span
  exceeds radio range (multi-hop)
• Applications
• Search and Rescue
• Disaster Recovery
• Automated Battlefields

4
Introduction

• Challenges in ad hoc networks
• Limited physical security
• Lack of infrastructure and authorization
  facilities
• Security protocols for wired networks cannot work
  for ad hoc networks
• Volatile network topology makes it hard to detect
  malicious nodes
• Intrinsic mutual trust vulnerable to attacks

5
MANET Routing Protocols Classification
6
DSR

• The Dynamic Source Routing (DSR) is a reactive
  topology-based routing protocol.
• Route discovery
• When the source node S wants to send a packet to
  the destination node D, it first consults its
  route cache. If an unexpired route is found, use
  this route. Otherwise, S initiates route
  discovery by broadcasting a route request (RREQ)
  packet (SID, DID, seq_no).
• Each node appends its own identifier when
  forwarding RREQ
• Limited flooding the node only forwards the RREQ
  to its neighbors if the RREQ has not yet been
  seen by the node and if the nodes address does
  not already appear in the route record.
• After receiving RREQ, node D or an intermediate
  node containing unexpired route to node D
  generates a route reply (RREP) to node S.
• Route maintenance
• Route error packets and acknowledgments

7
DSR Route Discovery
N2
N1-N2
Destination
N1-N2-N5
N5
N8
N1
Source
N1
N1-N3-N4-N7
N1-N2-N5
N1-N3-N4
N4
N7
N1
N1-N3-N4
N1-N3
N1-N3-N4-N6
N3
N6
N1-N3-N4
8
DSR Route Reply
N2
N1-N2-N5-N8
Destination
N1-N2-N5-N8
N5
N8
N1-N2-N5-N8
Source
N1
N4
N7
N3
N6
9
DSDV

• The Destination-Sequenced Distance-Vector (DSDV)
  is a proactive topology-based routing protocol.
• Each node maintains a routing table which stores
• next hop towards each destination
• a cost metric for the path to each destination
• a destination sequence number that is created by
  the destination itself
• Sequence numbers used to avoid formation of loops
• Each node periodically and triggeredly forwards
  the routing table to its neighbors
• Route Selection
• Select route with higher destination sequence
  number (This ensure to use always newest
  information from destination)
• Select the route with better metric when sequence
  numbers are equal.

10
DSDV Route Update

• B increases Seq. No from 100 gt 102

• B sends routing update to A and C

(A, 1, A-500) (B, 0, B-102) (C, 1, C-588)
(A, 1, A-500) (B, 0, B-102) (C, 1, C-588)
A
B
C
Dest. Next Metric Seq.
A A 1 A-550
B B 0 B-100
C C 2 C-588
Dest. Next Metric Seq.
A A 0 A-550
B B 1 B-100
C B 2 C-586
Dest. Next Metric Seq.
A B 1 A-550
B B 2 B-100
C C 0 C-588
B-102
B-102
B-102
2
1
1
C-588
11
Contents

• Introduction
• Attacks on Ad Hoc Network
• Secure Routing in Ad Hoc Network
• Discussions

12
Two Attack Categories (DoS)

• Routing-disruption attacks drive packets onto
  dysfunctional routes
• Routing loop send forged routing packets to
  create a routing loop
• Black hole drop all packets
• Gray hole drop some packets, e.g., just forward
  routing packets but not data packets
• Gratuitous detour claim falsely longer route by
  adding virtual nodes
• Wormhole use a pair of attacker nodes linked via
  a private network connection, prevent other nodes
  to discover routes.
• Rushing fire ROUTE REQUESTS in advance to
  suppress any later legitimate ROUTE REQUESTS
  against on-demand routing protocols
• Resource-consumption attacks inject packets into
  the network
• Consume network resources such as bandwidth,
  nodes memory and computation power

13
Attacker Model

• Passive Attacker not inject packets, just
  eavesdrop
• Just threat against communication privacy or
  anonymity
• Not against the networks function or routing
  protocol
• Not be discussed further
• Active Attacker eavesdrop and inject packets
• Assume that the attacker owns all the
  cryptographic key information of compromised
  nodes and distributes it among all its nodes.
• Active-n-m, where n is the number of nodes it has
  compromised and m is the number of nodes it owns
  
• Active-0-1
• Active-0-x
• Active-1-x
• Active-y-x
• ActiveVC controls all traffic between nodes

Increasing strength
14
Contents

• Introduction
• Attacks on Ad Hoc Network
• Secure Routing in Ad Hoc Network
• Discussions

15
Key Setup in Ad Hoc Network

• How to spread key for authentication.
• Secrete Key a shared key to encode and decode
  (DEC).
• Public Key a shared public key to encode and a
  private key to decode (RSA).
• Common set of authorities
• Protect private key distribution from eavesdrop
• Protect legal nodes list distribution from active
  attack by side channel

16
Protect Key Distribution

• SUCV Addresses
• Each node generates a public- and private-key
  pair
• Choose its address based on a cryptographic hash
  function of the public key
• Certificate Authority (CA).
• Node has a certificate containing its address,
  public key and a signature from CA.
• CA is vulnerable to compromise. This is overcome
  by requiring a node to have certificates from
  several CAs.
• Transitive Trust and PGP Trust Graph
• Each node signs certificates for other nodes
• If A trusts B, and B trusts C, then A trusts C
• Public Key Revocation
• Revoke the certificate for a compromised nodes
  public key
• Sign Negative certificates
• Blacklisting or flooding other revocation
  information

17
Ariadne A Secure On-Demand Routing Protocol for
Ad Hoc Network

• Ariadne is a secure on-demand routing protocol
• Based on Dynamic Source Routing (DSR) Protocol
• Withstand node compromise, avoid routing
  misbehavior by monitoring nodes prior
  performance
• Rely only on highly efficient symmetric
  cryptography
• Use one way hashing to overcome node removal from
  the node list
• Route request authenticity Route reply
  authentication
• Ariadne can authenticate routing messages using
  one of three schemes
• Shared secrets between each pair of nodes
• Shared secrets between communicating nodes
  combined with broadcast authentication
• Digital Signatures

18
Route Discovery

• Route Request
• ltRoute Request, initiator, target, id, time
  interval, hash chain, node list, MAC listgt
  (Note MAC Message Authentication Code)
• Initiator initializes hash chain to
  MACKSD(initiator, target, id, time interval)
• Non-target node A which receives the request
  checks ltinitiator, idgt and checks time interval
• Time interval must not be too far in the future
  and key corresponding to it must not be disclosed
  yet
• If any condition fails, discard the request
• If all conditions hold, A appends its address to
  node list, replaces hash chain with HA, hash
  chain, appends MAC of entire Request with TESLA
  key KAi to MAC list

19
Route Discovery

• Target checks validity of Request
• By determining that the keys are not disclosed
  yet and that the hash chain is equal to
• If Request is valid, target returns a Route Reply
• Route Reply
• ltRoute Reply, target, initiator, time interval,
  node list, MAC list, target MAC, key listgt
• Sent to initiator along the route in node list
• Forwarding node waits and appends its key
• Initiator verifies each key in key list, target
  MAC, each MAC in MAC list

Hnn, Hnn-1, H,Hn1, MACKSD(initiator, target,
id, interval)
20
Route Discovery
RS ltM, h0, (), ()gt RA ltM, h1, (A),
(MA)gt RB ltM, h2, (A, B), (MA, MB)gt RE ltM,
h2, (A, E), (MA, ME)gt

• Route Request
• Route to be found S ? A ? B ? C ? D
• M ?Request, S, D, id, ti?
• S h0 MACKSD(M)
• S ? ? ?M, h0, (), ()?
• A h1 H (A, h0)
• MA MACKAti ?M, h1, (A), ()?
• A ? ? ?M, h1, (A), (MA)?
• B h2 H (B, h1)
• MB MACKBti ?M, h1, (A, B), (MA)?
• B ? ? ?M, h2, (A, B), (MA, MB)?
• C h3 H (C, h2)
• MC MACKCti ?M, h3, (A, B, C), (MA, MB)?
• C ? ? ?M, h3, (A, B, C), (MA, MB, MC)?

Finally, D checks validity of request by checking
whether keys are disclosed, and hash chain
consistent
RC ltM, h3, (A, B, C), (MA, MB, MC)gt RF ltM,
h3, (A, B, F), (MA, MB, MF)gt RG ltM, h4, (A,
B, C, G), (MA, MB, MC, MG)gt
21
Route Discovery
Route Reply M ?Reply, D, S, ti , (A, B, C),
(MA, MB, MC) ? D MD MACKDS (M) D ? C ?M,
MD, ()? C ? B ?M, MD, (KCti)? B ? A ?M, MD,
(KCti, KBti)? A ? S ?M, MD, (KCti, KBti,
KAti)?
RDC ltM, MD, ()gt RCB ltM, MD, (KCti)gt RBA ltM,
MD, (KCti, KBti)gt RAS ltM, MD, (KCti, KBti,
KAti)gt
RAS
RBA
RCB
Finally, S verifies each key in key list, target
MAC, each MAC in MAC list
RDC
22
SEAD Secure Efficient Ad Hoc Distance Vector

• Based on DSDV (Destination-Sequenced
  Distance-Vector) ad hoc routing protocol
• Overcomes attackers creating incorrect routing
  state
• Using one-way hashing chain and sequence number
• Authenticating Routing Updates

23
Secure AODV (Ad Hoc On-demand Distance Vector)
Routing Protocol

• ARAN Authenticated Routing for Ad Hoc Networks
• Each node has a certificate signed by a trusted
  authority
• On-Demand Routing with route discovery and
  maintenance
• Record next hop and when unavailable it initiate
  route maintenance

24
Secure AODV

• SAODV
• Add signature extensions to AODV
• Use hash chain to confirm each hop
• Allow a route reply double signature extension
  (RREP-DSE) from intermediate node.

25
Secure Link-State Routing

• Digital signatures and one way hash chains
• Updates through the Neighbor Lookup Protocol
  (NLP)
• Hash chains used to authenticate hop count
• Limited hops when LS update
• Lightweight flooding prevention

26
Reputation Based Systems

• Require underlying secure routing protocol
• Four components of Confidant monitor, trust
  monitor, reputation system, and path manager.
• Using Weight list
• List of links with cost metric associated with
  each link
• Protect route from existing attacker

27
Discussions

• Strengths of the paper
• Discuss possible attacks
• Presents an attacker model
• Presents state-of-art secure wireless ad hoc
  routing techniques
• Weaknesses of the paper
• A more complete model of possible attacks would
  let the protocol designers evaluate the security
  of their routing protocols.
• Not discuss how to improve performance efficiency
• Future work
• Model secure routing problems
• Design routing protocols that have strong
  security as well as good performance

28
Thank You QA