290 likes | 474 Vues
Secure Ad-Hoc Routing. CS 598 HL, Fall 2006. routing table. routing table. routing table. Network-Layer Security. What to secure: Routing Packet forwarding. Challenges. Wireless media are open, shared, and unreliable - no clear line of defense Device compromise or theft
E N D
Secure Ad-Hoc Routing CS 598 HL, Fall 2006
routing table routing table routing table Network-Layer Security • What to secure: • Routing • Packet forwarding
Challenges • Wireless media are open, shared, and unreliable - no clear line of defense • Device compromise or theft • Resource constraints, network dynamics
Proactive vs. Reactive • Proactive: • install a lock in the door • authorized personnel have key • Reactive • employ a doorman • report to the police when the bad guys enter.
Pro and Con • Proactive approach: • Proven secure to bad guys without the key • If the bad guy obtains the key by any means … • Reactive approach: • Hopefully, bad guys will be caught • Absent-minded doorman • The police need some time to come • All proposals on secure routing are proactive • A few reactive proposals address packet forwarding - reactive
Secure Ad-Hoc Routing • Message authentication primitives • Secure source routing • Secure DSR • Secure distance vector routing • Secure DSDV, AODV
Message Authenticators • HMAC: message authentication codes • Digital signature • One-way HMAC chain
HMAC • Alice and Bob share a secret symmetric key K • Alice wants to send a message M to Bob: • HMAC: hK(M) [MD5(M.K) or SHA-1(M.K)] • Alice sends {M, hK(M)} to Bob • Bob is assured that M is from Alice
HMAC • Advantages • Computationally efficient • Disadvantages: • Only intended receiver can verify • Pair-wise key sharing • A total of N(N-1)/2 keys for N nodes • SRP uses HMAC • Secure routing protocol for DSR
Digital Signature • Based on asymmetric cryptograph (e.g., RSA) • Alice, Bob, and Charles • Alice: (PKA, SKA) • Bob: (PKB, SKB) • Charles: (PKC, SKC) • Alice wants to send M to Bob • DA(M) [MSKA mod N] • Alice sends {M, DA(M)} to Bob • Bob is assured that M is from Alice
Digital Signature • Advantages: • A total of N key pairs for N nodes • Each node only needs to carry 1 key pair for itself, and a “group” public key PK • Disadvantages: • 3~4 orders of magnitude more computation overhead • SAODV, ARAN use digital signature • Authenticated routing for ad hoc networks
One-way HMAC Key Chain • Based on HMAC • A one-way hash key chain • h0, h1, h2, …, hn • h1 = H(h0), h2 = H(h1), …, hn = H(hn-1) • Divide time into slots: possess hn release hn-2 release hn-1 use hn-1 use hn-2
One-way HMAC key chain • Advantages: • A total of N roots for a network of N nodes • Computationally efficient • Disadvantages: • Time synchronization • Efficient storage of key chains (or on-line generation) • Delayed authentication (MAC must be received before the key is released • Two rounds of communication (key release) • SEAD, Ariadne, and Packet Leash use TESLA • For DSDV, DSR, and wormhole attacks
Secure Ad-Hoc Routing • Message authentication primitives • Secure source routing • Secure DSR • Secure distance vector routing • Secure DSDV, AODV
Secure Source Routing • Challenges: • Cannot remove nodes from source routes • Cannot add nodes into source routes • Solution: • Attach a per hop authenticator on routing messages • Ariadne uses one-way HMAC key chain to generate per hop authenticator
Ariadne • S -> A -> B -> C -> D
Ariadne • What kind of attacks it can handle? • Bogus route • Add or remove nodes from the route • Replay attack (partially, longer than TESLA’s time interval) • What kind of attacks it cannot handle? • Collaborative attackers • Replay attack up to TESLA’s time interval • Attacks on time synchronization • Selfishness
Secure Ad-Hoc Routing • Message authentication primitives • Secure source routing • Secure DSR • Secure distance vector routing • Secure DSDV, AODV
Secure Distance Vector Routing • Challenge: • Advertise routing metric properly • Increase hop count by 1 for each hop • Cannot decrease hop count • Advertise sequence number correctly • Cannot increase the sequence number • Solution: • Hash chain
Hash Chain for Secure Hop Count • Assuming maximum hop count is n • A node • Generates hash chain • h0, h1, h2, …, hn • h1 = H(h0), h2 = H(h1), …, hn = H(hn-1) • hx= h0 , HopCount = 0 • Add {hx, hn, HopCount} into RREP • When receiving a RREP • Verify hn = Hn-HopCount(hx) • hx= H(hx), HopCount ++ • Add {hx, hn, HopCount} into RREP
Hash Chain • Attacks it can handle • Increase sequence number • Decrease hop count • Cannot handle • Collaborative attackers • Replay attackers, especially when the update period is long and the attackers are mobile • Selfishness • Neighbor authentication is not clear • More complicated scheme using hash tree to ensure monotonically increasing hop count • Only applicable to discrete routing metric • Discretize continuous metric
Secure Ad-Hoc Routing • Message authentication primitives • Secure source routing • Secure DSR • Secure distance vector routing • Secure DSDV, AODV
Reactive Approaches to Pkt Forwarding/routing • Intrusion Detection • Watchdog and Pathrater • CONFIDANT
Intrusion Detection • Intrusion Detection in Wireless Ad Hoc Networks, L. Zhang, W. Lee, MobiCom 2002 • Distributed IDS • Statistical anomaly detection • Gather information from multiple layers • Problem: How to realize this framework? • Mobility • Imperfect information source • False accusation • Dynamic member join/leave
Watchdog and Pathrater • Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, M. Baker, MobiCom 2000 • Source Routing • Localized Watchdog (each node monitors its next hop) • End-to-End Pathrater evaluates the path quality and chooses the best
CONFIDANT • Performance Analysis of the CONFIDANT Protocol, J. Boudec, MobiHoc 2002
CONFIDANT • Neighborhood monitor • No collaboration • Send alarm to friends • Individual reaction to bad guys • Detection: ? • Node Authentication: ?
Discussion • Secure Routing problem should be solved in a proactive manner • Service enforcement should be solved in a combined manner • On-demand detection • Local Repair (also good for general ad hoc routing) • Fairness: ad hoc node is both the user and the service provider
Network Security • Trust/key management • PKI, KDC, Self-organized PGP • Nov. 12~17 lecture • MAC layer security • Insecurity of 802.11 WEP • Secure pkt forwarding for sensor net • Filtering of injected false data reports • Incentives • Collaboration motivation and enforcement • Privacy • How to achieve the same level of privacy that cellular network provides?