![Page 1: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/1.jpg)
Castor: Scalable Secure Routing for Ad Hoc Networks
Wojciech Galuba, Panos Papadimitratos, Marcin Poturalski, Karl AbererEPFL, Switzerland
Zoran Despotovic, Wolfgang Kellerer Docomo Euro-Labs, Munich, Germany
![Page 2: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/2.jpg)
2
Ad-hoc network routing challenges
source
destination
![Page 3: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/3.jpg)
3
Ad-hoc network routing challenges
source
destination
![Page 4: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/4.jpg)
4
Ad-hoc network routing challenges
source
destination
![Page 5: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/5.jpg)
5
Scale Mobility
Security
?
![Page 6: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/6.jpg)
6
Secure route discovery
Secure data transmissionCastor
Continuously-Adapting Secure Topology-Oblivious Routing
Provides routes Avoids compromised
nodes
Evaluates routes Needs route
redundancy
![Page 7: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/7.jpg)
7
Topology-obliviousness
Nodes only aware of their neighbors No routing information exchange
no routes included in control traffic no routing table fragments exchanged
![Page 8: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/8.jpg)
8
Flows instead of destinations
In-network state is maintained per-flow not per-destination
Flow isolation crucial for security
s1 d1
d2s2
![Page 9: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/9.jpg)
9
Castor – basic operation
PKTs contain the data payload ACKs follow the reverse path of PKTs
source
destination
![Page 10: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/10.jpg)
10
Local learning from failures
v2 v1v4
v3
Locality: each node only aware of its neighborhood
Autonomy: each node routes independently
- -+
+
+per-flow per-neighborreliability estimator
+
+
![Page 11: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/11.jpg)
11
Broadcast as a fallback
v2 v1v4
v3
Autonomy: nodes independently decide wether to broadcast or unicast
- --
![Page 12: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/12.jpg)
12
Initial PKT flood
No reliability history each node decides to broadcast the PKT
ACKs are broadcasted back
source
destination
![Page 13: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/13.jpg)
13
Routing around failures
Failure ACKs stop returning Local repair:
on failure some nodes broadcast, most still unicast alternative route discovered without network-wide flood
source
destination
![Page 14: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/14.jpg)
14
Castor is failure agnostic
Same recovery mechanism good for:Malicious PKT or ACK droppingLinks broken by mobilityWider-area outages (e.g. jamming)Wormholes and tunnels
![Page 15: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/15.jpg)
15
Trust model
Untrusted cloud of intermediate nodes Security associations:
Source to destination Neighbor to neighbor
s1 d1
d2s2
![Page 16: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/16.jpg)
16
Crucial property: flow state isolation
v1
Routing state at v1:
v2
v3v4
v5
Isolate in-network states for the two flows
Otherwise malicious flows could disrupt the benign flows
node reliabilityv2 0.9 0.2v3 0.6 0.95v4 0.8 0.9v5 0.1 0.8
![Page 17: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/17.jpg)
17
Ensuring flow isolation Flow authentication
Nodes can recognize PKTs belonging to the same flow
Only source can generate the next PKT ACK authentication
Nodes can match ACKs to PKTsOnly destination can generate correct ACK
Achieved without public-key crypto
![Page 18: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/18.jpg)
18
Evaluation
1Mbps 802.11b MAC 3 km x 3 km plane 1-20 m/s random waypoint mobility 5 flows, 4 packets/s, 100 nodes
![Page 19: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/19.jpg)
19
Blackhole attack: adversary drops data packets not control traffic
![Page 20: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/20.jpg)
20
Bandwidth utilization under blackhole attack
![Page 21: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/21.jpg)
21
Wormhole drops data packets, no mobility Complete recovery from wormholes
![Page 22: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/22.jpg)
22
Scalability
Mobility, 20% of balckholes Increasing the network size
![Page 23: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/23.jpg)
23
Summary Simple PKT-ACK messaging
flow-control-ready applicable to other networks than MANETs
Scalability No routing information exchanged Local repair, few network-wide floods
Fast adaptation Security
Failure agnosticism Flow state isolation
![Page 24: Castor: Scalable Secure Routing for Ad Hoc Networks](https://reader030.vdocuments.us/reader030/viewer/2022033108/5681665d550346895dd9e088/html5/thumbnails/24.jpg)
24