security of adhoc networks
TRANSCRIPT
-
8/7/2019 Security of AdHoc networks
1/45
Security of Ad-Hoc NetworksBy
V.G.Vinod VydiswaranAmreek SinghPrasanna H. Kulkarni
-
8/7/2019 Security of AdHoc networks
2/45
2
What are Ad Hoc Networks? Networks with no fixed infrastructure
Mobile nodes : communicate withinradio-range directly or through routers
Node mobility implies frequent changein network topology.
Rapidly deployed networks
Relatively low cost
-
8/7/2019 Security of AdHoc networks
3/45
3
Security Goals Availability
Survive despite DoS attack
Primary concern: Key management service
Confidentiality
Integrity
Authentication
Non-repudiation
-
8/7/2019 Security of AdHoc networks
4/45
4
Challenges Use of wireless links leads ad hoc
networks susceptible to link attacks
Relatively poor protection, as inbattlefields
So for high survivability, distributed
architecture needed. Dynamic network topology : ROUTING
Scalable security mechanisms
-
8/7/2019 Security of AdHoc networks
5/45
5
Outline of further talk Scalability considerations
How the network must be scalable
Key Management issues
How to generate secret keys
How to distribute keys secretly
Secure Routing considerations
Issues regarding malicious intruder
-
8/7/2019 Security of AdHoc networks
6/45
Scalability Concerns
-
8/7/2019 Security of AdHoc networks
7/45
7
The lack of infrastructure introduces
Introduces vulnerability to DoS attacks in
ad hoc networks. Mobility induces link breakage and channel
errors.
Need of scalability Growing commercial and military
deployments of these networks.
-
8/7/2019 Security of AdHoc networks
8/45
8
These issues are addressed through alocalized trust model.
Where the functionality of security isdistributed over all networking nodes.
And nodes collaboratively secure the whole
system.
-
8/7/2019 Security of AdHoc networks
9/45
9
Related works (Kerberos and X.509)
They too use CA.
They gain popularity but they does notwork well with large networks.
Problems The cost of maintaining large centralized servers
may be high.
The CA servers are inviting targets of maliciousattacks.
Multihop communication over the error pronewireless channel exposes the data transmission tohigh loss rates.
It may cause severe wireless channel contentionaround the CA servers.
-
8/7/2019 Security of AdHoc networks
10/45
10
Localized trust model
Assumptions made Communication between one hop neighboring
node is considered to be more reliable than multi-hop communication.
Each node has atleast K-one hop legitimateneighboring nodes.
Each node is equipped with some localmechanism to identify misbehaving nodes among
its one hop neighborhood.
-
8/7/2019 Security of AdHoc networks
11/45
11
Localized Trusted Model An entity is trusted, if any K trusted
neighboring entities claim so.
A locally trusted entity is globally accepted. A locally distrusted entity is regarded as
untrustworthy anywhere.
Two imp parameters : K & Tcert Two options to set K Set it as globally fixed parameter
Set it as location dependent.
-
8/7/2019 Security of AdHoc networks
12/45
12
This uses certificate based authenticationapproach. Each node ID is associated with
< PKi , SKi >
Each node carries a certificate signed with SKi.
PK is assumed to be well known for certificateverification.
Nodes without valid certificates are treated asadversaries and denied from access to any networksuch as pkt forwarding or routing.
When a new mobile node moves to a new location,it exchanges certificate with its new neighbors.
Authenticated nodes help each other forward androute pkt.
-
8/7/2019 Security of AdHoc networks
13/45
13
Localised certification services Certificates are stamped with expiration time. What happens when node Vi requests new
certificate. Vj returns a partial certificate by applying its share
of SK. By collecting K partial certificates, Vi combines
them and makes its full certificate. As if it were
from CA. Nodes with valid certificates are globally trusted. Adversaries are effectively isolated and their
impact on the overall network is localized.
-
8/7/2019 Security of AdHoc networks
14/45
14
Self initialization in Traditional
approach At bootstrapping phase of the network.
A dealer sends each node its share of the SK.
New nodes can anytime join, so dealer shouldbe online to handle.
This compromises with system robustnessand security
The dealer would become the single point offailure.
-
8/7/2019 Security of AdHoc networks
15/45
15
Self Initialization in Local Trust
model Dealer is only responsible to initialize first K nodes.
Initialized nodes initialize other nodes.
Benefits of certification services into each nodes onehop locality: Service availability and robustness against DoS attacks
This models protocols are immune to unreliability ofunderlying transport layer protocols.
By this distributed approach system maintenanceoverhead is balanced over the network.
And hot spots of congestion are avoided.
-
8/7/2019 Security of AdHoc networks
16/45
16
K-bounded coalition offsetting technique: Node Vi chooses a coalition of K nodes, typically from its one
hop neighborhood.
Vi broadcasts the request to K nodes, together with thenode ID of these K nodes.
Node Vj from set B generate a partial certificate and finallysends it.
Upon receiving K partial certificates from set B node Vicombines them together to generate candidate certificate.
Finally Vi applies K-bounded coalition offsetting to recovernew certificate.
One broadcast request and k unicast responses.
-
8/7/2019 Security of AdHoc networks
17/45
17
Drawback in algorithm:
If any node from B fails or moves out.
All other partial certificates are useless.
Vi has to start the whole process again.
-
8/7/2019 Security of AdHoc networks
18/45
18
An Optimization: Dynamic coalescing
Certification from any K nodes in the
neighborhood, instead of being specifiedby Vi.
Rest all is same.
-
8/7/2019 Security of AdHoc networks
19/45
19
Important issues:
Information that Vj keeps of Vi.
Records of Vj concerned Vi. If Vj s record does not provide enough info for
Vi.
May be they meet first time
Two approaches Serve Vi s request : prb roaming adversaries
Discard request : prb unfare to legitimate nodes.
-
8/7/2019 Security of AdHoc networks
20/45
20
Complete Shuffling: Vi wants to join the network Vj decides to serve
But it is unsecure for node Vj to return itsshare directly to Vi. Nodes in B completely shuffle their indvidual
partial shares. Each pair in B securely exchanges a shuffling factor Di,j. One adds this share and another subtracts this share. For node Vj there are K-1 shuffling factors, and it must
apply all of them.
-
8/7/2019 Security of AdHoc networks
21/45
21
Implementation Issues:
Design can be implemented in any layerabove MAC layer.
Application layer is good for severalreasons
Modifications to lower layer protocols areavoided.
Can also achieve maximal independency of theunderlying network.
-
8/7/2019 Security of AdHoc networks
22/45
Key management
-
8/7/2019 Security of AdHoc networks
23/45
23
Primary Features Lack of infrastructure too harsh
W
e assume Public key infrastructure Certification Authority
Needs to stay on-line
Studied replication to increase availability
Use of distributed trust among group of servers
Use of Digital Signatures
-
8/7/2019 Security of AdHoc networks
24/45
24
Encrypted Key Exchange Derive strong shared key from weak
shared key
Desired properties
Forward Secrecy
Contributory Key Agreement
Tolerance to disruption attempts
-
8/7/2019 Security of AdHoc networks
25/45
25
ELE ( Contd..) Protocol
2-party
Non-contributory multiparty Contributory multiparty
Drawback
E must be random
Active attacker chooses E such that Msg.2 is proneto Dictionary Attack
-
8/7/2019 Security of AdHoc networks
26/45
26
Diffie-Hellman Key Exchange Protocol:
2-party
Multi-party
Efficient Implementation
Use of d-cube
-
8/7/2019 Security of AdHoc networks
27/45
27
Eliminating Centralized CA Emulate central CA distributed over several
nodes
Key Management Service
Totally distributed architecture
Works from weaker to stronger shared keys
Works only if one password already shared
Self-organizing public key infrastructure
Decentralized PEM, PGP,
-
8/7/2019 Security of AdHoc networks
28/45
28
Key Management Service Primary tier of servers
Service has one private/public key pair
Each server has its own private/publickey pair
Each server giving one share of service
private key The private key can also be changed
periodically
-
8/7/2019 Security of AdHoc networks
29/45
29
Public key distribution for
Self-Organizing Systems Certificates stored and distributed by
users If A believes that given public key is indeed
Bs, A issues public key certificate to B
Construction of Trust Graphs
Merging graphs to find path from C toD, if C wants certificate of D
Efficient Shortcut Hunter algorithm
-
8/7/2019 Security of AdHoc networks
30/45
30
Future scope Use of smart cards for tamper-resistant
information storage
Dynamic routing information storagestill a problem
Only node contributing to the benefit of
community allowed to use network
-
8/7/2019 Security of AdHoc networks
31/45
Secure Routing
-
8/7/2019 Security of AdHoc networks
32/45
32
Secure Routing Basic Assumptions
The underlying data link layer provides
reliable transmission on a link basis Links are bidirectional
A one-to-one mapping between MediumAccess Control and IP address exists
each transmission is received by allneighbors, which are assumed to operatein promiscuous (random) mode.
-
8/7/2019 Security of AdHoc networks
33/45
33
Basic Terminology Source S
Destination T
Message Authentication Code (MAC)
Shared Key ( KS,T )
Route Request {QS,T; n1, n2, , nk} Route Reply {RS,T; n1, n2, , nk}
-
8/7/2019 Security of AdHoc networks
34/45
34
Sample Network
Fig: Example Topology: S wishes to discover route to T in presence oftwo malicious nodes M1 and M2
-
8/7/2019 Security of AdHoc networks
35/45
35
Scenarios Scenario 1:
M1 receives {QS,T; S}, it attempts to mislead S
by generating {RS,T; S, M1, T} M1does not have KS,T , so cannot generate
valid MAC
False reply packet --- discarded by S
Scenario 2: M1discards request packets arriving from its
neighbors, e.g. from node 1.
-
8/7/2019 Security of AdHoc networks
36/45
36
Scenarios Scenario 3:
M1 sees {QS,T; S,1,M1}
T generates reply for {QS,T; S,1,M1,5,4,T} M1 receives {RS,T; S,1,M1,5,4,T}
It tampers with its contents and relays {RS,T; S,1,M1,Y,T}--- Y is any invented sequence of nodes
Scenario 4: M1 sees {QS,T; S,2,3}
It corrupts accumulated route to {QS,T; S,X,3,M2}
Reply over {T, M2,3,X,S} ---X is invalid IP
-
8/7/2019 Security of AdHoc networks
37/45
37
Scenarios Scenario 5:
In order to consume network resources, M1 replays routerequests
Query identifiers recorded at intermediate nodes (QuerySequence Number)
Scenario 6: M1 observes few route requests from S and fabricates
several queries with subsequent query identifiers
Goal is to make intermediate nodes store theseidentifiers and discard upcoming valid identifiers
Very low probability of correct guess on query identifiersin encrypted form.
-
8/7/2019 Security of AdHoc networks
38/45
38
Scenarios Scenario 7:
M1 attempts to forward {QS,T; S, M*} i.e. it spoofs IP
address
S would accept {QS,T; S, M*,1,4,T} route
Scenario 8: M1 attempts to return a number of replies, each with
different spoofed IP address, Mi, Mi+1, , Mi+j This would lead S to believe that there are many paths
to T, while actually each is controlled by M1 But M1cannot generate replies. So S safely discards all
above packets.
-
8/7/2019 Security of AdHoc networks
39/45
39
Scenarios Scenario 9:
Nodes colluded during 2 phases of a route discovery of asingle path.
When M1 receives a route request, it tunnels it to M2 i.e.discover a route to M2 and send the requestencapsulated in data packet
Then M2broadcasts this request with path between M1and M2 falsified as {QS,T;S,M1,Z,M2}
T sends reply for this on {S,M1,Z,M2} M2 sends this reply message to M1 via tunneled path.
M1 forwards it to S.
Thus S thinks of a false route as a correct route.
-
8/7/2019 Security of AdHoc networks
40/45
40
SRP Header
-
8/7/2019 Security of AdHoc networks
41/45
41
SRP Header Query Identifier QID:
32 bit quantity Used by intermediate nodes as a means to identify the
request. It is generated by a secure pseudorandom number
generator.
Message Authentication Code MAC: 96 bit long field Generated by a one-way hash function Inputs to hash function are
Entire IP Header Route Request Packet Shared Key KS,T
-
8/7/2019 Security of AdHoc networks
42/45
42
SRP Header Type:
Depends on the type of node
For S, it denotes that packet is Request For T, it denotes that packet is Reply
Query Sequence Number Qseq: 32 bit quantity
Set initially at the establishment of Security Association
Increases monotonically
Cannot wrap round (connection reestablishment in caseof wrapping round)
-
8/7/2019 Security of AdHoc networks
43/45
43
Conclusions Ad Hoc networks pose an interesting
problem in networking with dynamic
routing and highly insecure workingenvironment
Need of Secure, Scalable, Reliable and
Efficient algorithms for Keymanagement and Routing
-
8/7/2019 Security of AdHoc networks
44/45
44
Bibliography Securing Ad Hoc Networks L.Zhou, Z.J.Haas
Key Agreement in Ad Hoc Networks N.Asokan,P.Ginzboorg
Quest for Security in Mobile Ad Hoc Networks J.P.Hubaux, L.Buttyar, S.Capkun
Providing Robust and Ubiquotous Security support forMobile Ad Hoc Networks H.Luo, J.Kong, S.Lu, et al.
Mitigating Routing misbehaviour S.Marti, T.J.Guili,K.Lai, M.Baker
Secure Routing in Mobile Ad Hoc Networks P.Papadimitratos, Z.J.Haas
-
8/7/2019 Security of AdHoc networks
45/45
45
Thank You
for your presence andpatient hearing