1 / 23

S E A D

S E A D. Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks Yih-Chun Hu, David B.Johnson, Adrian Perrig. Introduction. Ad Hoc Networks Possible attacks Secure routing protocols. Ad Hoc Networks. Unstable link High mobility Very limited computing resources

lalasa
Télécharger la présentation

S E A D

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. S E A D Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks Yih-Chun Hu, David B.Johnson, Adrian Perrig

  2. Introduction • Ad Hoc Networks • Possible attacks • Secure routing protocols

  3. Ad Hoc Networks • Unstable link • High mobility • Very limited computing resources • Easy to eavesdrop

  4. Assumptions • All links are bi-directional • No physical or MAC layer attacks • The network may drop, corrupt, duplicate, or reorder packets • MAC layer can detect randomly corrupted packets • Network diameter

  5. Possible Attacks • Ignorance attack (discarding packets) • Jam attack (jam routing packets) • Modification attack (modifying packets) • Replay attack (sending old advertisements) • Wormhole attack

  6. Our Goal • Does not need too much resource • Provides security features • It is robust enough against multiple uncoordinated attackers Developing a protocol that

  7. Distance Vector v.s.Link State • Link State routing is too expensive to use • Based on Distance Vector routing. • It is easy to implement and is efficient in terms of required memory and CPU processing capacity. • Improving DSDV protocol

  8. DSDV • Destination-Sequenced Distance-Vector routing protocol • Introducing a sequence number to prevent loops (it doesn't suffer from the count-to-infinity problem) • Each node’s routing table is tagged with the most recent sequence number

  9. DSDV (cont) • When a node receives a routing update, the node does the update if the sequence number is greater or sequence number is the same but metric is lower. • Routing updates are both “periodic and triggered”, and both “full dump or incremental”.

  10. DV vs. DSDV vs. SEAD DV DSDV

  11. DV vs. DSDV vs. SEAD (cont) SEAD

  12. Security featuresUsing one-way hash chains rather than asymmetric cryptographic operations • One-way hash chains • Built on a one-way hash function. • H:{0,1}*→{0,1}p • Simple to compute but infeasible to invert

  13. One-way hash chains • h1,h2,h3,…,hn • h0=x, some arbitrary value • hi=H(hi-1) for all 1≦i≦n • Given hi it is easy to verify the authenticity of hj, if j<i

  14. Message Authentication • The source node randomly pick up a value x in the beginning, and then it generates a hash chain: x=h0,h1,h2,…,hn • Suppose m is the network diameter, and n is divisible by m • It then releases hn to everybody

  15. Message Authentication (cont) • For authenticating a routing update with sequence number i and metric j, it sends hn-i*m+j • The attacker can never forge better metrics or sequence numbers • Attacker can only generate worse metrics or sequence numbers

  16. Message Authentication (cont) • However, other information such as node name or next hop can be forged • To prevent this, stream authentication schemes such as TESLA, HORS can be used • Their recent paper Ariadne has this feature!

  17. Example m=5, n=20 i=sequence number, j=metric, m=network diameter, n=length of hash chain

  18. SEAD v.s. DSDV • SEAD doesn't use an average weighted settling time • SEAD doesn't delay any triggered update • When a node detects a broken link and send a routing update, SEAD doesn't increment the sequence number. Instead, it sets the metric to infinity

  19. Conclusion (pros) • SEAD is robust against uncoordinated attacks • SEAD is very efficient if nodes in space are distributed randomly enough

  20. Conclusion (cons) • SEAD doesn't provide a way to prevent an attacker from tampering with “next hop” or “destination” columns • Instead, it relies on doing neighbor authentication, which is bad • Hash chains are consumed very fast • Either new hn needs to be released very often or the hash chain to be rather long

  21. Future work • Creating a secure protocol based on ZRP is a good idea

  22. Questions?

  23. Have a nice weekend! (Get relaxed and start partying!)

More Related