integrating quality of protection into ad hoc routing protocols seung yi, prasad naldurg, robin...
TRANSCRIPT
![Page 1: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/1.jpg)
Integrating Quality of Protection into Ad Hoc Routing Protocols
Seung Yi, Prasad Naldurg, Robin KravetsUniversity of Illinois at Urbana-Champaign
![Page 2: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/2.jpg)
Traditional ad hoc routing protocols
Cooperative by nature Rely on implicit trust-your-neighbor
relationships Focus on convergence time and
routing performance, rather than security
![Page 3: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/3.jpg)
Motivation
![Page 4: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/4.jpg)
Security-Aware ad hoc Routing (SAR)
SAR is an approach to routing that incorporates security levels of nodes into traditional routing metrics
SAR is typically added on top of existing routing algorithms
![Page 5: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/5.jpg)
Goals
Applications can specify the quality of protection on their ad hoc route with respect to security attributes relevant to them
SAR aims to protect routing control messages For example, disclose routing
information to trusted nodes only
![Page 6: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/6.jpg)
Routing Protocol Assume the base protocol is on-demand,
such as DSR Source broadcasts a Route Request (RREQ)
with desired quality of protection Neighbors propagate RREQ only if they
could support the specified quality of protection
RREQ sets up reverse path as it propagates Destination sends Route Reply (RREP) once
it receives RREQ
![Page 7: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/7.jpg)
Path Establishment
S D
RREQ
RREP
![Page 8: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/8.jpg)
Security Attributes (1)AttributesAttributes TechniquesTechniques AttacksAttacks
Timeliness Time stamps Replay
Ordering Sequence numbers Replay
Authenticity Passwords, certificates
Impersonation
Authorization Credentials
![Page 9: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/9.jpg)
Security Attributes (2)AttributesAttributes TechniquesTechniques AttacksAttacks
Integrity Digests, digital signatures
Modification, fabrication
Non-repudiation Chaining of digital signatures
Repudiation
Confidentiality Encryption Eavedropping
![Page 10: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/10.jpg)
Quality of Protection
We have seen how quality of protection is used in path establishment
How to specify quality of protection? Trust hierarchy Bit vector
One bit for each security attribute
![Page 11: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/11.jpg)
Trust Hierarchy Each level has predefined quality of protection These levels represent the security capability of the
mobile nodes and also of the paths Associate a number with each level Trust level or protection should be immutable
Keys of each level are distributed to nodes on that level.
Encrypt the portion of the RREQ and RREP headers that contain the trust level
![Page 12: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/12.jpg)
Simulation Set-up
ns2 network simulator 50 mobile nodes and 3 trust levels
15 (H), 15 (M), 20 (L) 2 different traffic patterns with 20
flows 10% (H), 20% (M), 70% (L) 33% (H), 33% (M), 34% (L)
SAR is implemented on top of AODV
![Page 13: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/13.jpg)
Path Discovery
727476788082848688909294
AODVSAR
Traffic 1 Traffic 2
SAR discovered fewer pathsPaths guaranteed to obey the security requirement
0102030405060708090
100
AODVSAR
![Page 14: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/14.jpg)
Routing Traffic
0
500
1000
1500
2000
2500
RREQ RREP Total
AODVSAR
0
500
1000
1500
2000
2500
3000
RREQ RREP Total
AODVSAR
Traffic 1 Traffic 2
SAR has lower routing traffic overheadnodes drop routing messages if they can not satisfy the security requirement
![Page 15: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/15.jpg)
Simulation Time
2800
2820
2840
2860
2880
2900
2920
AODVSAR
Traffic 1 Traffic 2
SAR takes more time to finishData packets may follow longer but more secure pathsControl packets experience processing overhead
2914
2916
2918
2920
2922
2924
2926
AODVSAR
![Page 16: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/16.jpg)
Strong Points
Exposes security levels to applications so that applications can adapt its behavior
Concept is simple and effective
![Page 17: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/17.jpg)
Weak Points
Overhead: Encryption, hashes, … If the ad hoc network does not have a
path with nodes that meet RREQ’s security requirements, SAR may fail to find a route even if the network is connected
![Page 18: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/18.jpg)
Open Questions
How does SAR perform in real-world experiments?
Which base protocols are most suitable for SAR?
![Page 19: Integrating Quality of Protection into Ad Hoc Routing Protocols Seung Yi, Prasad Naldurg, Robin Kravets University of Illinois at Urbana-Champaign](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697bff91a28abf838cbfcc2/html5/thumbnails/19.jpg)
Any Questions?