1 / 32

Thwart malicious behavior in wireless networks

Thwart malicious behavior in wireless networks. How to secure naming & addressing? establish keys? secure neighbor discovery? secure routing? protect privacy?. How to secure routing?. ad-hoc routing protocols attacks on ad-hoc routing protocols countermeasures secure routing protocols.

verdi
Télécharger la présentation

Thwart malicious behavior in wireless networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Thwart malicious behavior in wireless networks • How to • secure naming & addressing? • establish keys? • secure neighbor discovery? • secure routing? • protect privacy?

  2. How to secure routing? ad-hoc routing protocols attacks on ad-hoc routing protocols countermeasures secure routing protocols

  3. Ad-hoc routing protocols • Reactive approaches • Dynamic Source Routing (DSR) • broadcast route request • each node appends its ID before forwarding it • Ad Hoc On-Demand Distance Vector Routing (AODV) • node maintain routing table • Link reversal algorithms • Proactive approaches • Optimized Link State Routing (OLSR) • Destination-Sequenced Distance-Vector (DSDV) • Other approaches • Position-based approaches

  4. Attacks objectives increase adversarial control over the communications between some nodes degrade QoS provided by the network increase resource consumption of some nodes (e.g., CPU, memory, or energy)

  5. Adversary model insider adversary can corrupt legitimate nodes attacker not all-powerful not physically present everywhere launches attacks from regular devices

  6. Attack mechanisms eavesdrop, replay, modify, or delete control packets fabricate control packets containing fake routing information (forgery) fabricate control packets under a fake identity (spoofing) drop data packets (attack against the forwarding function) wormholes and tunneling

  7. Wormhole attack • out-of-band connection between two locations in network, controlled by adversary • distance of locations large • wired connection • long-range directional wireless link • one-end (selectively) transfers packets to other-end via out-of-band connection • disappear from one-end, appear at other-end

  8. Wormhole attack to DSR destination wormhole source

  9. Wormhole attack to optimized link state routing destination wormhole source

  10. Tunneling • adversary controls some corrupted nodes in network • one controlled node receives route request msg, it puts msg as payload of data packet, sends to another controlled node • packet routed using multi-hop routing • receiving controlled node takes it out • control message disappear at one controlled node; reappear at the other controlled node

  11. Wormhole & tunneling • similar results on routing: routes are shortened (in hop count) • tunneling attack • network layer, need to have adversary nodes • no out-of-band connection • wormhole attack • need out-of-band connection • at physical layer • attack against neighbor discovery

  12. Types of attacks route disruption route diversion create incorrect routing state generate extra control traffic create a gray hole

  13. Route disruption adversary prevents a route from being discovered between two nodes degrade QoS two victims cannot communicate other nodes can also suffer and be coerced to use suboptimal routes attack mechanisms: dropping route request/reply messages on a vertex cut forging route error messages combining wormhole/tunneling and control packet dropping

  14. Example: route disruption in DSR D B G E A H C F source: C; destination: H (1) A prevents route (C,A,…,H) from discovered (2) A prevent route (C,B,…,H) from discovered by making sure route request from A arrives earlier

  15. Example: route disruption in AODV D B G E A H C F source: C; destination: H E set hop-count from A to 0 G sends route reply to E, E drops

  16. Route diversion route established differ from that without adversary increase adversarial control diverted routes contain a node that adversary controls or a link that adversary can observe increase resource consumption many routes are diverted towards a victim degrade QoS increase end-to-end delay (by increasing length of discovered routes) attack mechanisms forge/manipulate/drop control msg setting up wormhole/tunnel

  17. Creating incorrect routing state jeopardizing routing state in some nodes so that state appears to be correct data packets routed using that state will never reach their destinations increase resource consumption or degrade QoS victims will use their incorrect state, until they learn that something goes wrong attack mechanisms spoof, forge, modify, or drop control packets

  18. Example: creating incorrect routing state in DSR D attacker B source: A destination: H G E A H C H: (D, F) F Route (A, D, F, H) does not exist ! A  *: [RREQ, id, A, H; ()] B  A: [RREP, <src route>, A, H; (D, F)]

  19. Generating extra control traffic injecting spoofed control packets into the network increasing resource consumption control packets are often flooded in the entire network

  20. Setting up a gray hole adversarial node selectively drops data packets that it should forward degrade QoS packet delivery ratio between some nodes can decrease considerably increase resource consumption waste resources of those nodes that forward the data packets that are finally dropped by the adversary implementation is trivial adversarial node participates in route establishment selectively drops received data packets even better if combined with wormhole/tunneling

  21. Countermeasures authenticate control packets protect mutable information in control packets detect wormholes and tunnels combat gray holes

  22. Authenticate control packets questions: who should authenticate control packets? who should be able to verify authenticity? solution 1: authentication: packet originators verification: target of control packets drawback: ?

  23. Authenticate control packets design principle authentication: packet originators verification: target of control packets each node that processes and re-broadcasts or forwards the control packet broadcast authentication: originator authenticates msg s.t. every node can verify its authenticity Originator uses digital signature

  24. What if control packet changes on the way? intermediate nodes add information before re-broadcasting or forwarding (e.g., hop count, node list) this added information is not protected by control packet origin authentication traceable change (e.g., adding node identifiers) untraceable change (e.g., increasing the hop count)

  25. Protect traceable change entire control packet can be re-signed by each node that modifies it • problems: • added signatures can be removed • efficient aggregate signatures • re-signing increases resource consumption (potentially each node needs to re-sign broadcast messages) • corrupted nodes can still add incorrect information and sign it

  26. Protect untraceable change more difficult example: A receives control packet w/ hop count, A must trust all nodes on forwarding chain to believe it; A does not even know who are on the chain one approach: eliminate hop-counts use other routing metrics (e.g., ARAN uses the delay as the routing metric)

  27. Detecting tunnels • nodes at two ends of tunnel appear to be neighbors • use position info: they should not be neighbors • delay over tunnel longer (multi-hops) • won’t use tunnel when using end-to-end delay as routing metric • local monitoring • control packet disappears and reappears • not very reliable

  28. Combating gray holes use multiple, preferably disjoint routes increased robustness but also increased resource consumption resource consumption can be somewhat decreased by applying error correcting coding detect and react monitor neighbors and identify misbehaving nodes use routes that avoid those misbehaving nodes not reliable

  29. Some secure ad hoc network routing protocols SRP (secure variant of DSR) Ariadne (on-demand source routing) endairA (on-demand source routing) S-AODV (on-demand distance vector routing) ARAN (on-demand, routing metric is the propagation delay) SEAD (proactive distance vector routing) SMT (multi-path routing combined error correcting) Watchdog and Pathrater ( “detect and react” to defend against gray holes) ODSBR (source routing with gray hole detection)

  30. SRP (Secure Routing Protocol) uses symmetric-key authentication (MACs) only source and the destination share a key  only end-to-end authentication no cache at intermediate nodes simple but does not prevent manipulation of mutable info added by intermediate nodes secure neighbor discovery protocols can help

  31. SRP illustrated D B G source: A destination: H E A H C F A  * : [RREQ, A, H, id, sn, macAH, ()] B  * : [RREQ, A, H, id, sn, macAH, (B)] C  * : [RREQ, A, H, id, sn, macAH, (C)] D  * : [RREQ, A, H, id, sn, macAH, (D)] E  * : [RREQ, A, H, id, sn, macAH, (E)] F  * : [RREQ, A, H, id, sn, macAH, (E, F)] G  * : [RREQ, A, H, id, sn, macAH, (D, G)] H  A : [RREP, A, H, id, sn, (E, F), macHA] macAH: Message Authentication Code covering RREQ, A, H, id, and sn

  32. Secure routing summary attacks against routing aim at increase adversarial control degrade QoS increase resource consumption countermeasures authenticate control messages detect wormholes & tunnels combat gray holes several secured ad hoc network routing protocols have been proposed different pros & cons

More Related