1 / 26

Security Improvement for Ad Hoc Wireless Network

Security Improvement for Ad Hoc Wireless Network. Visal Kith ECE 695 05/05/2006. Security Goal. To improve security in ad hoc routing protocol, especially focus on AODV and DSR. To secure data communication over wireless network. Why Need Security?. To ensure:

smithgary
Télécharger la présentation

Security Improvement for Ad Hoc Wireless Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Improvement for Ad Hoc Wireless Network Visal Kith ECE 695 05/05/2006

  2. Security Goal • To improve security in ad hoc routing protocol, especially focus on AODV and DSR. • To secure data communication over wireless network.

  3. Why Need Security? • To ensure: • Integrity – no unauthorized modification of resources. • Non-repudiation – to ensure that a message was originally sent by the sender and it was verified that the message was received by the recipient. • Confidentiality – information is never released to unauthorized users.

  4. Type of Attacks • Passive Attacks • An attacker stay quietly and listening to the route traffic. The purpose of passive attack is to discover routing information, relationship between nodes, and the network topology. • Active Attacks • An attacker performs actions which to cause interruption and congestion to the network traffic by modifying the content of routing packet, broadcasting wrong information or old information.

  5. Type of Attacks • Denial of Service Attacks • An attack on the network that causes a loss of service to other nodes, either by consuming the bandwidth or overloading the system. • Impersonation Attacks • An attacker broadcast wrong routing information to other nodes and terminate the traffic for the desired destination node. • Military Attacks • An attempt to destruct enemy networks in preparation for battle including intelligence gathering. • An attacker use passive attack to gathering information about network topology. To disable some part of the network temporarily by using denial of service attacks.

  6. Security Requirement • To improve security we need: • An efficient key generation • An efficient key management • Public key cryptography • Digital signature such as DSA, and RSA. • Encryption algorithm such as RSA.

  7. Key Generation • Most public key cryptography require a large size key (prime number), usually 1024 – 2048 bits. • For government and military application key size is up to 15,000. • How to generate a large prime number? • Hash function is played an important role to generate a large number. • Some popular hash functions are SHA-1, SHA-256, and SHA-512.

  8. Key Generation Performance

  9. Key Management • Threshold Cryptography • A dealer shares a secret key between n parties. • At least k out of n node need to combine knowledge to perform cryptography operation. • However, combining the shares would not reveal the actual private key.

  10. Digital Signature • Generally, digital signature scheme consists of: • A key generation algorithm • A signing algorithm • A verification algorithm • Two popular digital signature are: • RSA Signature: developed by Rivest, Shamir and Adleman. The strength of RSA is depend on factoring problem. • DSA: Digital Signature Algorithm was developed by National Institute of Standards and Technology (NIST).

  11. Security Improvement of AODV • AODV Routing Operation • RREQ – Route request message is broadcast when a node needs to discover a new route to a new destination. • RREP – Route reply message is broadcast by a destination node to the origination of the RREQ. • RERR – Route error message is broadcast to notify other nodes that the loss of a link has occurred.

  12. Security Improvement of AODV • AODV Signature Routing Protocol • To provide confident that the message was sent and forwarded by a trusted node, signatures are required from the originator node, as well as an intermediate node. • Originator Signature = [ h(m) ] KA- • Hop Count Signature = [ hCount (Hop Count) ] KN-

  13. Security Improvement of AODV Signature Routing for RREQ

  14. Security Improvement of AODV Signature Routing for RREP

  15. Security Improvement of AODV Signature Routing for RERR

  16. Security Improvement of DSR • DSR Signature Routing Protocol • Similar to AODV, I also use signature routing to secure DSR routing protocol. • Originator Signature = [ h(m) ] KA- • Address Signature = [ h(Address[1], … Address[i]) ] Ki- Where 1 <= i <= n

  17. Security Improvement of DSR Signature Routing for RREQ

  18. Security Improvement of DSR Signature Routing for RREP

  19. Security Improvement of DSR Signature Routing for RERR

  20. Communication Security Over Ad Hoc Wireless Network • Communication such as sending document files, media file, voice communication .etc. over wireless network may be in risk of getting attack. • This paper introduce to use RSA encryption to encrypt the data before sending to the receiver. • Requirement: key size >= 2048 depend on how secret the information is.

  21. A Better Security • To have a better security, I introduce to use nonce, timestamp, and digital signature while encrypting a data. • Nonce – is a number that randomly generate and use only once to ensure that an old communication cannot be reused in replay attacks. • Timestamp - can refer as a time code which uses to verify the existence of the signed document at the time given.

  22. How does it work? • Ex: if node A wants to send message m to node B: • Node A needs to sign on message m SMA = [m]KA- • Then A encrypt CP = {m, NA, t}KA+ SCA = [CP]KA- • Then A  B the following: {m, NA, t}KA+ , SMA , SCA

  23. How does it work? • When B receive the message from A, B need to verify the following: • SCA – is valid or not? • Decrypt the message • Check if nonce is valid? • Check if timestamp is valid? • SMA – is valid or not? • If all the conditions above passed, then B assume that the message m is valid and it was sent by a trusted node. Otherwise, reject the message and send attemp hack notification. Ex: “Attempt Hack Notification – From IP = 79.134.1.210”

  24. Future Work • Improve network topology • Need faster key generation • Improve key management system • Create a better and secure cryptographic system???

  25. Refferences [1] S. Čapkun, J. Hubaux, and L. Buttyán. Mobility Helps Security in Ad Hoc Networks. [2] S. Chakrakbarti, and A. Mishra. Quality of Service in Mobile Ad Hoc Networks. [3] J. Choi. Security Problems for Ad Hoc Routing Protocols. [4] Y. Hu, A. Perrig, and D. Johnson. Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols. [5] Y. Huang and W. Lee. Attack Analysis and Detection for Ad Hoc Routing Protocols. [6] D. Johnson, and Y. Hu. The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks (DSR). IETF MANET Working Group. July 19, 2004. http://www.ietf.org/internet-drafts/draft-ietf-manet-dsr-10.txt [7] A. Mishra and K. Nadkarni. Security in Wireless Ad Hoc Networks. [8] P. Papadimitratos and Z. Haas. Securing Mobile Ad Hoc Networks. [9] C. Perkins, and E. Belding-Royer. RFC 3561 – Ad Hoc On-Demand Distance Vector (AODV) Routing. Networking Group, RFC 3561. July, 2003. http://www.faqs.org/ftp/rfc/pdf/rfc3561.txt.pdf [10] E. Rescorla. Diffie-Hellman Key Agreement Method. Network Working Group, RFC 2631. June 1999. http://www.faqs.org/rfcs/rfc2631.html [11] K. Sanzgiri, B. Dahill, B. Levine, C. Shields, and E. Belding-Royer. A Secure Routing Protocol for Ad Hoc Networks. [12] J. Seberry, J. Pieprzyk, and T. Hardjono. Fundamentals of Computer Security. Pages 171- 216, 256 – 280, and 283 – 350. 2003 [13] US Department of Commerce and National Institute of Standards and Technology, (2000). Digital Signature Standard. Federal Information, Processing Standards Publication 186-2. http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf [14] S. Yi, P. Naldurg, and R. Kravets. A Security-Aware Routing Protocol for Wireless Ad Hoc Networks. [15] D. Zhou. Security Issues in Ad Hoc Networks. [16] L. Zhou, and Z. Haas. Securing Ad Hoc Networks.

  26. Questions??? You can download this paper at: http://www.vkith.com/secure_ad_hoc.pdf

More Related