An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks

1. An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba Sources: Computer Communications, 28(2), pp. 1193-1203, 2005 Reporter: Chun-Ta Li (李俊達)

2. Outline • Introduction • Security issues in ad hoc routing • Trust management system • A secure distributed anonymous routing protocol (SDAR) • Security analysis • Conclusions • Comments

3. Introduction • Mobile ad hoc networks (MANET) • Network functions are carried out by all available nodes • Packet forwarding • Routing • Network management • Wireless radios and a peer-to-peer network model • Visualized for crisis solutions or civilian applications

4. Introduction (cont.) • Constraints in mobile devices • Low power microprocessor • Small memory • Limited bandwidth • Short battery life • Frequent network topology changes • Anonymous routing • Hide the location and relationships of the communication nodes

5. Security issues in ad hoc routing • Passive attacks • eavesdropping • discover some valuable information • disclose the relationship between nodes • Active attacks • replaying, modifying or deleting routing packets • malicious updates the routing table • routing loops and network congestion • external attacks and internal attacks

6. Security issues in ad hoc routing (cont.) • Security requirements of this paper • SDAR (Secure Distributed Anonymous Routing ) protocol is secured against passive and active attacks, but not against Denial-of-Service attacks • SDAR maintains the anonymity of the sender and receiver • SDAR is able to identify malicious nodes and avoid using them to establish routes

7. Trust management system • Purpose of trust management system • relaying data traffic • identify the malicious nodes • avoid using malicious nodes during the route establishment • take malicious nodes out of the network • Define the trust level in a node as a cumulative value • computed by each of its direct neighboring nodes • community: the evaluated node and neighboring nodes

8. Trust management system (cont.) • community management community neighboring  central: track and listen (broadcasting periodically) ．HELLO message {public key of neighboring node} central nodes ．stores the public key neighboring nodes ．removes nodes if it does not receive the HELLO message for some time leave node

9. Trust management system (cont.) • community key management • Three trust levels for neighboring nodes • lowest trust level: trust values is δ1 • medium trust level: trust value is δ2 (MTLCK) • high trust level: trust value is ψ (MTLCK, HTLCK) • updates the community key when a node’s trust level goes up or down or a node leaves the community • community key will be encrypted with the public key of intended neighboring node during distribution // MTLCK: Medium Trust Level Community Key // HTLCK: High Trust Level Community Key

10. Trust management system (cont.) • Identification of nodes’ malicious behavior • by overhearing the message from next node to next-next node • Malicious Dropping • Malicious Modification • Trust-based distributed route selection mechanism • specifies the trust level requirement in initial message • intermediate node will propagate the message only to selected neighboring nodes depending on the source node requested trust level

11. Three phases: Path discovery phase Path reverse phase Data transfer phase Assumptions Bi-directional links Enough computation power A trusted CA Each node holds only one IP address for its communication Some malicious nodes Notations A secure distributed anonymous routing protocol (SDAR)

12. A secure distributed anonymous routing protocol (cont.) • Path discovery phase • Sending node S and receiving node R • None of intermediate nodes can discover the identity of S and R • S triggers this phase by sending path discovery message to all nodes within its wireless transmission range • Path discovery message open part Encrypted with community key

13. A secure distributed anonymous routing protocol (cont.) • Path discovery phase • Each node keeps an internal table for mapping the session • TPK, random number, session key and ancestor node • Step 1: check if the message has already been received from other nodes within its wireless transmission range using the TPK as the unique identifier for the message • Step 2: check if the node is the sender’s intended next hop by finding the corresponding community key in its community key lists. If key is found then decrypt the message

14. A secure distributed anonymous routing protocol (cont.) • Path discovery phase • Step 3: try to decrypt EPKR(IDR, KS, PLS) • Step 4: if the node is NOT the destined receiver • Encrypted (IDi, Session key Ki, SNPath_IDi and signature of received message) with encrypted key TPK and forward to neighbors whose trusted levels meets the trust requirement

15. A secure distributed anonymous routing protocol (cont.) • Path discovery phase • Step 5: if the node is the destined receiver • Use the length of padding PLS to find out the offset of the forth part and get session keys of all nodes along the path • Put all ids, session keys in one message • Send the message to the first node in the reverse path

16. A secure distributed anonymous routing protocol (cont.) • Path reverse phase • Use SNSession_IDi to retrieve the key for session, removes one encryption layer and forwards the message to the next node on the reverse path • Add the ID of the successor node into the mapping table • When S receives the message, it decrypts the message and passes the information about all intermediate nodes (i.e. the route) to the higher application • Data transfer phase • Use the shared session keys of the intermediate nodes to make the layer encryption for the data and each intermediate node just decrypts one encryption layer and forwards the message to the next node according to the ID of the next node

17. A secure distributed anonymous routing protocol (cont.) • Finding malicious dropping behavior • Path discovery phase • overhear the message with the same TPK from the neighboring node • Path reverse and data transfer phase • SNSession_IDiand SNSession_IDi-2instead of the TPK • Overhear the message carrying the session key ID of the node’s next hop from the node overhear node IDi node IDi-1 node IDi-2

18. A secure distributed anonymous routing protocol (cont.) • Finding malicious modification behavior (path reverse phase) • Nodei-1 as an example • Decrypt message to get two SNs • Separate Ni-1 from Mi-1 and check HKi-1(Ni-1) is equal or not, if it is not, Node i must have done malicious modification on Mi-1 • Get rid of SNSession_IDi and H(Mi-3) from Ni-1 and store H(Mi-3) locally, then decrypt the rest of Ni-1 with Ki-1 and send the result Mi-2 to Nodei-2 • Overhear Mi-3 from Nodei-2 by checking H(Mi-3) is equal or not

19. Security analysis • Theorem 1. SDAR is secured against passive and active attacks, but not against Denial-of-Service attacks • Theorem 2. SDAR maintains the anonymity of the sender and receiver • Theorem 3. SDAR is able to identify malicious nodes and avoid using them to establish routes • Theorem 4. SDAR is able to establish a route matching certain trust requirements if enough nodes with qualifying trust value exist between the source and destination

20. Conclusions • In this paper, authors present a secure distributed anonymous routing protocol for MANET, called SDAR. • Some advantages can be summarized as follow • Non-source-based routing • Flexible and reliable route selection • Resilience against path hijacking

21. Comments • Misrecognize malicious dropping behavior • tamper TPK or SNSession_ID (open part) • Solution: mutual authentication or encryption • It can’t prevent malicious modification behavior in path discovery phase (malicious dropping the message) • All neighboring nodes of the sender in collusion would find the sender and they can try to guess the session key KS for attacks