1 / 32

Self-Organized Network-Layer Security in Mobile Ad Hoc Networks

Self-Organized Network-Layer Security in Mobile Ad Hoc Networks. Hao Yang(UCLA) Xiaoqiao Meng(UCLA) Songwu Lu(UCLA). The Network. No central controller Dynamic connections Error-prone routing. The Problem. False routing data easily supplied Advertise false route w/ small distance metric

leia
Télécharger la présentation

Self-Organized Network-Layer Security in Mobile Ad Hoc Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Self-Organized Network-Layer Security in Mobile Ad Hoc Networks Hao Yang(UCLA) Xiaoqiao Meng(UCLA) Songwu Lu(UCLA)

  2. The Network • No central controller • Dynamic connections • Error-prone routing

  3. The Problem • False routing data easily supplied • Advertise false route w/ small distance metric • Advertise route update w/ large sequence # • Spoof IP, inform that healthy link is broken • Intentional packet drop • Flood net w/ packets

  4. The Solution • Think of a neighborhood crime watch • Portions of a global secret • Temporary Tokens

  5. The Design • Coherence, unity • Network-level solution • Self-organization (vs. centralized) • Tolerance of compromised nodes • Isolate attackers • Decrease overhead w/ good behavior

  6. The Assumptions • Nodes operating in promiscuous mode • Lower layers already secured • Not concerned w/ packet contents • Cryptography is secure

  7. AODV • Ad-hoc On-demand Distance Vector • Path discovery on demand • Route request w/ destination sequence # • Intermediate node replies or asks as well • Broken link • Send news flash through net • Nodes may ask for new route as necessary

  8. Neighbor Verification • Token = <OwnerID; signingTime; expirationTime;> • Issued from each nearby neighbor w/ secret key by polynomial order k-1 • If k neighbors verify node, token is issued • Other neighbors allowed to be compromised

  9. Security Enhanced Routing Protocol • Amended AODV • Add next-hop field in Route Reply Packet • Routing info now broadcast (vs. unicast) • Nodes maintain routing tables for neighbors • Only tokens, token revocation must be encrypted • Reduce overhead

  10. Neighbor Monitoring • SID – Single Intrusion Detection • Routing Update Misbehavior • Compare route updates of neighbors • New entry correct if & only if sequence # of entries are the same & hop count has incremented • Packet Forwarding Misbehavior • Promiscuous mode, next hop field, watchdog

  11. Intrusion Reaction • Token Revocation List • Bridge between verification & monitoring

  12. Conclusion (Or: the effects of emulating real life) • Pros • Prevents attacks collaborated within neighborhood • Requires little organization • Rewards for good behavior • Cons • Passive monitoring demands energy • Need strong node density to succeed

  13. LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks Sencun Zhu (GMU) Sanjeev Setia (GMU) Sushil Jajodia (GMU)

  14. Overview • Works for static networks with laptop class base station • Symmetric keys used on nodes • Initial key loaded prior to deployment • Initial key destroyed as soon as network deployed and activated. • For D neighbors need D pair wise keys, D cluster keys, a group key and an individual key.

  15. 4 Keys • Individual Key • This key is created for between the node and the base station • Used to send private data between the base and node to send personalized instructions/data

  16. 4 Keys (Cont.) • Group keys • Key used by base station to broadcast to entire ad hock network. • Re-keying must be made easy in case of a compromised node requires re-keying the group

  17. 4 Keys (Cont.) • Cluster Key • Key created between a node and it neighbors during initial deployment of the network • Pair wise shared key • Key shared between a node and it immediate neighbor to provide source authentication and group re-keying

  18. Authentication • Base Station authenticated via μTESLA • Every node can forward a message but must authenticate the sender via pair wise keys to prevent attacks

  19. Defenses • HELLO attack – nodes do not have network wide authentication therefore unable to flood the network • Sinkhole/Wormhole attack – only possible during the first few minutes of network deployment because of assumed static network

  20. An Authentication Framework for Hierarchical Ad Hoc Sensor Networks Mathias Bohge (Rutgers) Wade Trappe (Rutgers)

  21. Overview • Includes a three-tiered, hierarchical model consisting of: sensor, forwarding, access point tiers • Certification using Tesla vs. RSA • Entity authentication • Roaming and handoff • Authenticating data origin • Performance and security evaluation

  22. Three-Tiered Hierarchical Model • Addresses the limitations of flat topology • SN tier (of sensor nodes) • FN tier (of forwarding nodes) • AP tier (of access points) • Application tier (the Internet)

  23. Certification • PGP and X.509 certification systems • Rely on public key cryptography • Unsuitable for low-powered devices • Should not have to verify an RSA sig. • Tesla • Enables low-powered nodes to perform source authentication

  24. Certification (cont.) • Initial certificates • Certificates are used as a form of initial trust • Third party initial certification • Access points have high computing power and power resources, and can thus validate and perform RSA-signatures • Sensor nodes are issued a cert. and key, to use to authenticate to the application. One key per application.

  25. Certification (cont.) • Runtime certificates • No more shared keys • Use trust relationships between the application and the nodes to create new trust relationships • Certificates must be renewed to disconnect misbehaving nodes

  26. Entity Authentication • Access point • Authentication of access point is basis for authenticity in the network • Forwarding nodes • Mobile devices, must maintain flexible authentication • Only authenticate if a sensor node wants to connect in Assured Mode

  27. Entity Authentication (cont.) • Sensor Nodes • Sensor node sends request to application • If application verifies sensor certificate, a shared secret is established with the access point and the sensor node • Sensor now has a secret with the access point and the application

  28. Roaming and Handoff • Sensor nodes may want to connect to a new access point • Any assured mode connections with forwarding nodes must be re-established • Data will at first be blocked by the new access point, until the access point can obtain the Tesla cert. from the application, and complete the handoff (the point at which the sensor can validate the new access point’s certificate, and vice-versa)

  29. Authenticating data origin • Weak Mode • More flexible • Cannot determine who delivered the packat to the access point • No certainty that the packet was not copied by a misbehaving node • Assured Mode • Provides authentication along the path of the packet

  30. Evaluation • Security • Not impossible for intruders to send packets across the network, but uninteresting • Internet access is limited by the access point, unauthorized nodes cannot access the Internet • Packets can still be deleted in the wired part of the network

  31. Evaluation (cont.) • Performance • Adaptability • Network can deal with topology changes using the handoff procedure • Facilitates establishment of new trust relationships without application intervention • Does not burden the application • Scalability • Resources required by sensors does not change

  32. Questions?

More Related