1 / 21

October 10 th , 2006 Jinkyu Lee

Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th , 2006 Jinkyu Lee. Contents. Introduction Attacks A Multi-fence Security Solution Network-layer security Message authentication primitives Secure ad hoc routing

meir
Télécharger la présentation

October 10 th , 2006 Jinkyu Lee

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004)Hao Yang, et al. October 10th, 2006 Jinkyu Lee

  2. Contents • Introduction • Attacks • A Multi-fence Security Solution • Network-layer security • Message authentication primitives • Secure ad hoc routing • Secure packet forwarding • Link-layer security • Open Challenges • Conclusions

  3. Introduction • Mobile Ad Hoc Networks (MANETs) • Self-configuration • Self-maintenance • Security Challenges • Shared medium • Resource constraints • Dynamic topology

  4. Introduction • The Goal of Security for MANETs • Protection of the network connectivity between mobile nodes over potentially multi-hop wireless channels • One-hop connectivity through link-layer protocols • Multi-hop connectivity through network-layer routing and data forwarding protocols • Two Approaches • Proactive • Reactive • Network Performance V.S. Security • Scalability, service availability, and robustness

  5. Attacks • Network-layer • Routing attacks • Not to follow the specifications of the routing protocol • Example: modification of the source route listed in the RREQ or RREP (DSR), advertising a route with a smaller distance metric than its actual distance to destination (AODV) • Goal: attraction of traffic toward certain destinations, generation of routing loops, or introduction of sever network congestion and channel contention • Packet forwarding attacks • Not to forward packets properly • Example: drop the packets, modify the contents, duplicate the packets, denial-of-service (DoS)

  6. Attacks • Link-layer • WEP (Wired Equivalent Privacy) • Cryptography attacks • DoS attacks • Control of backoff value • Data corruption using NAV and interfering victim’s link-layer frame

  7. Multi-fence Security Solution • Multi-fence Security Solution should … • Spread across many individual components • Span different layers • Thwart threats from both outsiders and insiders • Encompass prevention, detection, and reaction • Be practical and affordable Secure ad hoc routing Proactive protection through message authentication primitives Secure packet forwarding Reactive protection through detection and reaction Source routing Link state routing Distance vector routing Misbehavior detection Misbehavior reaction Network-layer security solutions Secure wireless MAC Reactive protection through detection and reaction Next-generation WEP Modification to existing protocol to fix the cryptographic loopholes Link-layer security solutions

  8. A Multi-fence Security Solution - Network Layer Security • Message Authentication Primitives • HMAC • Digital signature • One-way HMAC key chain • Secure Ad Hoc Routing • Source routing • Distance vector routing • Link state routing • Other routing protocols • Secure Packet Forwarding • Detection • Reaction

  9. A Multi-fence Security Solution - Network Layer Security • Message Authentication Primitives • HMAC (Message authentication codes) • Symmetric key • Cryptographic one-way hash function • Verified only by the intended receiver • Efficient computation • n (n-1) / 2 keys should be maintained

  10. A Multi-fence Security Solution - Network Layer Security • Message Authentication Primitives • Digital Signature • Asymmetric key • More computation overhead in signing/decrypting and verifying/encrypting operations • Less resilient to DoS attacks • Verified by any node given the public key • n public/private key pairs should be maintained

  11. A Multi-fence Security Solution - Network Layer Security • Message Authentication Primitives • One-way HMAC key chain • Generated by repeated application of the one-way function • Proven to be authentic in reverse order • Lightweight computation • One authenticator can be verified by large numbers of receivers • Shortcomings • Buffer messages • To require additional communication

  12. A Multi-fence Security Solution - Network Layer Security • Secure Ad Hoc Routing • Proactive approach • Source Routing • Goal: to prevent intermediate nodes from modifying nodes to the route • Solution: to attach a per-hop authenticator • Example: Ariadne (extension of DSR) uses a one-way HMAC key chain

  13. A Multi-fence Security Solution - Network Layer Security • Secure Ad Hoc Routing • Source Routing (Ariadne) S A B C D S : pS = (RREQ, S, D), mS = HMACKSD(pS) S-> * : (pS, mS) A : hA = H(A, mS), pA = (RREQ, S, D, [A], hA, []), mA = HMACKA(pA) A-> * : (pA, mA) B : hB = H(B, hA), pB = (RREQ, S, D, [A,B], hB, [mA]), mB = HMACKB(pB) B -> * : (pB, mB) C : hC = H(C, hB), pC = (RREQ, S, D, [A, B, C], hC, [mA, mB]), mC = HMACKC (pC) C -> * : (pC, mC) D : pD = (RREP, D, S, [A, B, C], [mA, mB, mC]), mD = HMACKDS(pD) D -> C : (pD, mD, []) C -> B : (pD, mD, [KC]) B -> A : (pD, mD, [KC, KB]) A -> S : (pD, mD, [KC, KB, KA])

  14. A Multi-fence Security Solution - Network Layer Security • Secure Ad Hoc Routing • Distance Vector Routing • Goal: correct advertisement of the routing metric • Solution: to authenticate aggregation of metric • Link State Routing • Goal: to authenticate both neighbor discovery and neighbor broadcast • Solution: links only added only if two valid LSUs (Link State Update) from both nodes of the link are received • Example: SLSP (Secure Link State Routing) uses digital signatures

  15. A Multi-fence Security Solution - Network Layer Security • Secure Ad Hoc Routing • Other Routing Protocols • ARAN (Authenticated Routing for Ad hoc Networks) • To authenticate link to link by public key cryptography • Information only about the next hop C S A B

  16. A Multi-fence Security Solution - Network Layer Security • Secure Ad Hoc Routing • Other Routing Protocols • [17] • To broadcast both ways to provide redundancy • To improve path length • More communication and less computation

  17. A Multi-fence Security Solution - Network Layer Security • Secure Packet Forwarding • Detection • Localized detection • ACK-based detection • Reaction • Global reaction • End-host reaction

  18. A Multi-fence Security Solution - Link Layer Security • IEEE 802.11 MAC • Intentionally small backoff value • Checking deviation and penalizing • Data corruption using NAV and interfering victim’s link-layer frame • So far, no clear solution • IEEE 802.11 WEP • Attacks • Message privacy and message integrity attacks • Probabilistic cipher key recovery attacks • Enhanced in 802.11i/WPA

  19. Open Challenges • Resiliency-oriented Security Solution - Feature • Bigger Problem Space • Not only to thwart malicious attacks, but also to cope with other network faults • Intrusion Tolerance • Robust against the breakdown of any individual fence • Bigger Solution Space • To use other non-crypto-based schemes to ensure resiliency • Unexpected Faults Tolerance • To enhance redundancy

  20. Open Challenges • Open Challenges • To build efficient fence considering each device’s resource constraint • To identify system principles of how to build a new generation of network protocols • To evaluate the security design

  21. Conclusions • Summary of security issues in MANETs • Resiliency-oriented multi-layered solution design • Focus on network-layer security • Many open problems related to security in MANETs

More Related