Anonymous Communications in Mobile Ad Hoc Networks

1
Anonymous Communications in Mobile Ad HocNetworks

• Yanchao Zhang, Wei Liu, Wenjing Lou
• Presenter Bo Wu

2
Outline

• Introduction
• Threat Model
• MASK Model
• Performance Evaluation
• Conclusion

3
MANETs

• A mobile ad hoc network (MANET) is a type of
  wireless network, and is a self-configuring
  network of mobile devices connected by any number
  of wireless links.

4
MANETs

• Every node in a MANET is also a router because it
  is required to forward traffic unrelated to its
  own use.
• Each MANET device is free to move independently.
• Wireless links are particularly vulnerable to
  eavesdropping and other attacks

5
MANETs Ad hoc?

• A short lived network just for the communication
  needs of the moment
• Self Organizing
• Infrastructure-less network
• Energy conservation
• Scalability

6
MANETs Challenges

• Lack of a centralized entity
• Network topology changes frequently and
  unpredictably
• Channel access/Bandwidth availability
• Hidden/Exposed station problem
• Lack of symmetrical links
• Power limitation

7
MANETs AODV

• Source node initiates path discovery by
  broadcasting a route request (RREQ) packet to its
  neighbors
• Every node maintains two separate counters
• Sequence number
• Broadcast-id

A
L
Y
F
J
B
K
D
P
G
S
C
E
H
I
T
Z
RREQ
AODV part adapted from slides of Sirisha R.
Medidi
8
MANETs AODV

• A neighbor either broadcasts the RREQ to its
  neighbors or satisfies the RREQ by sending a RREP
  back to the source
• Later copies of the same RREQ request are
  discarded

A
L
Y
F
J
B
K
D
P
G
S
C
E
H
I
T
Z
Reverse Path Setup
9
MANETs AODV

• Reverse path are automatically set-up
• Node records the address of the sender of RREQ
• Entries are discarded after a time-out period

A
L
Y
F
J
B
K
D
P
G
S
C
E
H
I
T
Z
10
MANETs AODV
A
L
Y
F
J
B
K
D
P
G
S
C
E
H
I
T
Z
11
MANETs AODV
A
L
Y
F
J
B
K
D
P
G
S
C
E
H
I
T
Z
12
MANETs AODV
A
L
Y
F
J
B
K
D
P
G
S
C
E
H
I
T
Z
Forward Path Setup
13
MANETs AODV
A
L
Y
F
J
B
K
D
P
G
S
C
E
H
I
T
Z
14
MANETs AODV
A
L
Y
F
J
B
K
D
P
G
S
C
E
H
I
T
Z
15
MANETs AODV
A
L
Y
F
J
B
K
D
P
G
S
C
E
H
I
T
Z
16
MANETs AODV

• Advantages
• efficient algorithm for ad-hoc networks
• Highly Scalable
• Need for broadcast is minimized
• Quick response to link breakage in active routes
• Loop free routes

17
Traffic Analysis

• Frequent communications can denote planning
• Rapid, short, communications can denote
  negotiations
• A lack of communication can indicate a lack of
  activity, or completion of a finalized plan
• Frequent communication to specific stations from
  a central station can highlight the chain of
  command
• Who talks to whom can indicate which stations
  are 'in charge' or the 'control station' of a
  particular network. This further implies
  something about the personnel associated with
  each station
• Who talks when can indicate which stations are
  active in connection with events, which implies
  something about the information being passed and
  perhaps something about the personnel/access of
  those associated with some stations
• Who changes from station to station, or medium to
  medium can indicate movement, fear of
  interception

18
General Defending Methods

• Prevent detection
• Spread spectrum modulation
• Effective power control
• Directional antennas
• Traffic Padding
• End to End Encryption and/or Link Encryption on
  Data Traffic

19
Threat Model

• Passive
• Totally quiet, or just inject a small amount of
  traffic
• Monitor every transmission of each node
• Many adversaries can communicate with each other
  very fast
• May compromise a small number of nodes
• Limited computational capability

20
Basic Math

• Let G1,G2 be two groups of the same prime order
  q.
• Pairing is a computable bilinear map
• f G1 G1 ? G2 satisfying the following
  properties
• 1. Bilinearity
• ? P, Q, R, S ? G1, we have
• f (P Q, R S) f (P, R)f (P, S)f (Q, R)f (Q,
  S)
• 2. Non-degeneracy
• If f (P, Q) 1 for all Q ? G1, then P must be
  the identity element in G1.
• 3. Computability
• There is an efficient algorithm to compute
• f(P, Q) for all P, Q ? G1.

21
MASK

• MASK stands for ?
• A novel anonymous on-demand routing protocol for
  MANETs
• anonymous neighborhood authentication
• anonymous route discovery and data forwarding

22
MASK System Model

• A number of non-malicious nodes
• No selfish behavior
• Moderate movement
• Trusted Authority bootstrap security parameters
• g the master key
• H1 0, 1 ? G1 mapping arbitrary strings to
  points in G1
• H2 0, 1 ?0, 1ß mapping arbitrary strings
  to ß-bit fixed-length output
• Every node is blind to g
• TA furnishes each node IDi with a sufficiently
  large set PSi of collision resistant pseudonyms
  and a corresponding secret point set as
• Si gH1(PSi) Si,j gH1(P Si,j) ? G1
  (1 j PSi).

23
MASK Anonymous Neighbor Authentication

• Definition
• two neighboring nodes can ensure that they belong
  to the same party or have trustable relationship
  with each other without revealing their either
  real identifiers or party membership information.
• Existing methods
• Network-wide key
• Pairwise key
• Public-key certification

24
MASK Anonymous Neighbor Authentication

• Alice and Bob are using pseudonyms randomly
  selected from their set
• Alice starts the authentication by sending her
  pseudonym and a challenge
• Bob can calculate the corresponding master
  session key and send the authentication message
  back
• Alice authenticated Bob and replied
  authentication message
• Both Bob and Alice generate link IDs and session
  keys based on the master session key

25
MASK Anonymous Neighbor Authentication

• After the authentication both sides have
• If a packet is identified by , then it
  should be decrypted using
• Whenever these pairs are used up, Alice and Bob
  are required to automatically increase both n1
  and n2 by one and generate new pairs.
• Every node follows this procedure and establishes
  a neighbor table

26
MASK Anonymous Neighbor Authentication

• Only TA can infer real ID based on pseudonyms
• To adversary, Link IDs are random bits
• Adversary can not infer session key based on Link
  IDs

27
MASK Anonymous Route Discovery

• Besides neighbor table, each node has
• Forwarding route table
• ltdest_id, destSeq, pre-link, next-linkgt
• Reverse route table
• ltdest_id, destSeq, pre-hop-pseudonymgt
• Target link table
• The current node is the final destination for the
  packets bearing the linkIDs which are in its
  target link table.

28
MASK Anonymous Route Discovery

• Anonymous route request
• ltARREQ, ARREQ_id, dest_id, destSeq, PSxgt
• ARREQ_id uniquely identifies the request
• Dest_id is the real id of the destination
• destSeq is the last known sequence number for the
  destination
• PSx is the active pseudonym of the source

29
MASK Anonymous Route Discovery

• For each node in the network
• Receives ARREQ for the first time
• inserts an entry into its reverse route table
  where this ARREQ comes from
• rebroadcasts the ARREQ after changing the
  embedded pseudonym field to its own.
• Discards any ARREQ already seen
• All nodes broadcast only once

30
MASK Anonymous Route Discovery

• Anonymous route replies
• ltLinkID, ARREP, dest_id, destSeqSKeygt
• LinkID is the to be used shared packet identifier
  between the sender and the corresponding receiver
• ARREP, dest_id, destSeq is encrypted by the
  paired session key such that only the intended
  receiver can decrypt it

31
MASK Anonymous Route Discovery

• Intermediate nodes will discard replies with
  smaller destSeq than its own record
• intermediate node can also generate a route reply
  if it has one forward route entry for the dest id
  with destSeq equal to or larger than that
  contained in the received ARREQ.
• Multiple paths are established during this
  process

32
MASK Anonymous Route Discovery

• Anonymous Data Forwarding
• ltnext-LinkID, MASK payloadgt
• next-LinkID is randomly selected from the
  next-link-list field
• MASK payload may be end-to-end encrypted message
• Do not necessarily select the best path

33
Security analysis

• Message Coding Attack
• Adversary can easily link and trace some packets
  that do not change their content or length
• MASK countermeasures
• Hop-by-hop encryption
• Random padding

34
Security analysis

• Flow Recognition and Message Replay Attacks
• Recognize the packets belonging to some
  communication flow
• MASK countermeasures
• Hop-by-hop encryption
• LinkID update

35
Security analysis

• Timing Analysis Attack
• Tell the difference between nodes by transmission
  timing, e.g. transmission rate
• MASK Countermeasures
• When the traffic is light, this attack is quite
  dangerous

36
Performance Evaluation

• Tate paring for bilinear map f
• Most expensive part
• indispensable
• SHA-1 to implement the collision resistant hash
  functions
• efficient symmetric algorithm RC6 as hop-by-hop
  encryption and decryption

37
Performance Evaluation

• For normal traffic, AODV is a little bit better
• MASK outperforms AODV for heavy traffic due to
  available multiple paths

38
Performance Evaluation

• MASK outperforms AODV in terms of overhead
• It conducts costly route discovery less frequently

39
Performance Evaluation

• AODV has much less latency
• MASK tries to balance tradeoff between anonymity
  and latency

40
Conclusion

• Very good resistance to passive attackers
• Timing attack is still unresolved in this model
• Very good routing performance
• But AODV also has a multi-path version --- AOMDV

41

• Questions?