Performance Evaluation of Performance Evaluation of Security- - PowerPoint PPT Presentation

Performance Evaluation of Performance Evaluation of Security- -Aware Routing Protocols Aware Routing Protocols Security for Clustered Mobile Ad Hoc for Clustered Mobile Ad Hoc Networks Networks Gregory S. Yovanof - - Kerem Kerem Ericsi Ericsi Gregory S. Yovanof Athens Information Technology Athens Information Technology Tel: +30 210 668 2772 Email: gyov@ait.edu.gr Int’l Workshop on Wireless Ad-Hoc Networks IWWAN’04, Oulu, Finland 1 June 2004

Outline Outline � Hierarchical Clustered Mobile Networks � Secure Routing Protocols � Proactive (SEAD) vs. Reactive (ARIADNE) schemes � System Design Parameters � Multimedia Data, Session Link, Motion Model � Routing Protocol Performance Evaluation � Proactive vs. Reactive Schemes Athens Information Technology � Incremental Overhead due to Security Extensions � Effect of Queuing Buffer Size � Conclusion 2 2

Hierarchical Clustered Ad- Hierarchical Clustered Ad -Hoc Hoc Networks Networks 1) Heterogeneous (Non- Uniform) Hierarchical Clustered Mobile Nets • Battle-field Communications • Emergency and/or Rescue Operations 2) Homogeneous (Uniform) Hierarchical Clustered Athens Information Technology Mobile Networks • Bluetooth scatternets • Multihop Relay-Networks • Nomadic computing 3 3

Need for Secure Routing Need for Secure Routing � Security support is of grave importance to Military Communications Athens Information Technology • Node Classification according to Trust/Authority Levels • Compromised nodes attempt to disrupt the network operations (during the network setup, route discovery or data transport phases, e.g., packet littering, net partinioning, DoS attacks, etc) 4 4

Prior Work – – Our Contribution Our Contribution Prior Work � J. Broch, D. Maltz, Johnson et al. “Performance Comparison of Multihop Routing” MobiCom’98 � No Secure Routing Schemes � Hu, Perrig and Johnson, “ARIADNE …” MobiCom’02, and “SEAD…” June 2002 � Flat Network Topology, No Group Mobility � Our Contribution: Performance Evaluation of Security Aware Routing Protocols in the following scenario � Clustered Mobile Network Athens Information Technology � Group Mobility - Reference Point Group Mobility (RPGM) Model � Session Level Link Formation Through Cluster-Heads � Security Aware Routing Protocols (SEAD and ARIADNE) � Multimedia Data: Delay-sensitive real-time data traffic 5 5

Proactive vs. Reactive Routing Proactive vs. Reactive Routing Protocols Protocols � Proactive: � Actively pursue route updates to destinations, even when route is not used + Reduced communication latency – More overhead � Reactive: � Discover routes to destinations only when needed Athens Information Technology + Less overhead – Increased latency 6 6

Ad Hoc Routing Protocols Ad Hoc Routing Protocols Classification Classification Secure Extension: SEAD Secure Extension: ARIADNE Athens Information Technology 7 7

Proactive Protocol: DSDV Proactive Protocol: DSDV � DSDV – Destination Sequenced Distance Vector: Proactive scheme (table-driven) � Uniform – No Hierarchical structure � Each node sends/responds to a routing message the same way � A routing table is maintained at each node containing entries for all destinations: � Next Hop: the next intermediate node towards the destination � Metric: how many hops to reach the destination � Sequence Number: when this route was advertised � Every node periodically broadcasts the state of its Athens Information Technology routing table � Periodic update interval: Tradeoff between latency of routing info and excessive communication overhead 8 8

SEAD – – Secure Efficient Distance Secure Efficient Distance SEAD Vector Routing Protocol Protocol Vector Routing � SEAD is based on DSDV – Proactive (Table Driven) � Easy to implement and efficient in terms of required memory and CPU processing capacity � Improvements on the original DSDV protocol � Uses efficient one-way Hash Function but no symmetric key cryptography � Built in one-way hash function H:{0,1}* → {0,1} p � Simple to compute but infeasible to invert Athens Information Technology � Robust against multiple uncoordinated attackers creating incorrect routing state � Guards against DoS (Denial-of-Service) Y-C Hu, D.B. Johnson, A. Perrig, “SEAD: Secure Efficient Distance Vector Routing for Mobile Ad Hoc Networks,” Jun ’02 9 9

Reactive Protocol: DSR Reactive Protocol: DSR � Dynamic Source Routing (DSR): On Demand (Reactive) � If destination is unknown, the network is flooded with requests � A node receiving the request re- broadcasts it � Node address is appended to request � Once destination is found, it Athens Information Technology replies through the same path � Found route is placed in a cache � Multiple paths possible 10 10

ARIADNE – – Secure on Demand Secure on Demand ARIADNE Routing Routing � On Demand (Reactive) - DSR based � Source Routing better suited for Security Aware Routing � Sender is able to authenticate every node in the route- reply phase - ensuring trustworthiness of entire route � ARIADNE uses TESLA: an efficient Broadcast Authentication protocol � Prevents large number of Denial-of-Service Athens Information Technology (DoS) type attacks � ARIADNE is efficient, using only highly efficient symmetric cryptographic primitives Y-C Hu, A. Perrig, D.B. Johnson, “ARIADNE: A Secure On Demand Routing Protocol for Ad Hoc Networks,” MobiCom’02 11 11

Route Discovery Route Discovery (ARIADNE/TESLA) (ARIADNE/TESLA) Route Discovery M = <Request, S , D , id, ti > Route Discovery M = <Reply, D , S, ti, ( A, B, C ), ( M A , M B , M C )> Route Request M S* = < M , h 0 > Route Reply M A* = < M , h 1 , A , M A > M B* = < M , h 2 , ( A , B ), ( M A , M B )> S S M E* = < M , h’ 2 , ( A , E ), ( M A , M E )> M A* M AS M S* M E* E E M A* A A M B* M BA M A* B B M B* M C* Athens Information Technology M F* M CB F F M B* C C M C* M C* M DC M G* M DC = < M , M D > G G M C* = < M , h 3 , ( A , B , C ), ( M A , M B , M C )> M CB = < M , M D , ( K C ti ) > M F* = < M , h’ 3 , ( A , B , F ), ( M A , M B , M F )> M BA = < M , M D , ( K C ti , K B ti )> D D M G* = < M , h’ 4 , ( A , B , C , G ), ( M A , M B , M C , M G )> M AS = < M , M D , ( K C ti , K B ti , K A ti )> 12 12

RPGM Movement Model RPGM Movement Model � Reference Point Group Mobility (RPGM) Model Athens Information Technology � Node motion is sum of two vectors: Group Vector GM - Individual Vector RM (GM is the dominant one) � At each intermediate location the Group waits for Pause Time then selects random destination and starts to move again 13 13

Session Level Link Formation Session Level Link Formation � At the Session Layer traffic flows are formed to emulate CGSR (Common Gateway Switch Routing) traffic patterns � Similar to Data Traffic flows in Bluetooth Scatternets � Fits Logical Hierarchy imposed by Military structure � A single node is elected to serve as the Cluster- Head within each Cluster � Traffic is routed through Cluster-Heads Athens Information Technology � Cluster members cannot talk directly to each other Communication from node 4 to 9: Session-Link 4 > 0 > 5 > 9 � Deviation from Flat Routing Communication from node 0 to 5: Session-Link 0 > 5 14 14

Design Parameters - - Simulation Simulation Design Parameters Traffic Parameters: Media Access/Physical: Network Topology: Examined Protocols: � Area:1500m × 300m � 20 active sessions between random node-pairs � MAC scheme: 802.11b, DCF � DSDV - SEAD � 50% Intergroup, 50% Intragroup � Max. node speed: 20 m/s ( ≈ 72km/h) � Medium speed: 2 Mbps � DSR - ARIADNE Network Simulator NS-2 � Constant Bit Rate Traffic (CBR) @ Bit Rates: � Lucent WaveLan DSSS � 50 nodes 19.2 kbps: Voice, digital data services (e.g. GPRS) � Tx power: 24.5 dBm � Avg No. of 5 nodes per cluster/group � 64 kbps: Low quality video conferencing � Rx threshold: -94.4dBm � � max. cluster radius: 100m � 128 kbps: Mid quality video conferencing � Two-ray Ground Reflection Radio Propagation Model Athens Information Technology � Movement model: RPGM � 384 kbps: High quality audio, Low quality video � variable pause times � Transport Protocol: UDP � Simulation Time: 500 seconds 15 15

Performance Metrics Performance Metrics � Packet Delivery Ratio (PDR) � Packets sent / Packets received, [%] � Median Latency (ML) � Packet end-to-end Delay, [seconds] � Routing Overhead (RO) � Total routing traffic generated, [bytes] � Target values for Real-time Interactive Athens Information Technology Multimedia Traffic � PDR better than 75% � One-way, end-to-end Delay up to 250-300 msec 16 16

SEAD vs ARIADNE @ 19.2 SEAD vs ARIADNE @ 19.2 Kbps Kbps � ARIADNE (reactive) outperforms SEAD @ 19.2 kbps � More than 70% PDR, Low Overhead, 5-8 msec Latency Athens Information Technology High Mobility “Stationary”Nodes 17 17

SEAD vs ARIADNE @ 384 SEAD vs ARIADNE @ 384 Kbps Kbps � Protocol behavior changes with the data rate � SEAD (proactive) outperforms ARIADNE @ 384kbps, but: � Very Low PDR (20-30%), Unacceptable Latency (~500msec) � Fails to Accommodate Real-time Multimedia Traffic � Could that be due to the incremental overhead induced by the Security Extensions? Athens Information Technology 18 18