security of routing protocols in ad hoc wireless networks
play

Security of Routing Protocols in Ad Hoc Wireless Networks presented - PowerPoint PPT Presentation

Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola 600.647 Advanced Topics in Wireless Networks Our focus: MANETs Multi-hop routing: unicast multicast infrastructure access Our focus: MANETs


  1. Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola 600.647 – Advanced Topics in Wireless Networks

  2. Our focus: MANETs Multi-hop routing: • unicast • multicast • infrastructure access

  3. Our focus: MANETs Multi-hop routing: • unicast • multicast • infrastructure access

  4. Our focus: MANETs Multi-hop routing: Internet • unicast Internet • multicast • infrastructure access

  5. Security of Ad Hoc Wireless Networks • Security is essential because: – Lack of physical security makes devices susceptible to theft – All nodes participate in routing, must rely on untrusted nodes – Lack of security leads to degradation of service because medium is shared • Difficult to provide because: – Collaborative nature – Less-robust and shared medium – Requires solution for internal adversaries

  6. More Basics • Transmission range is usually smaller than network span • Need for multi-hop routing • All nodes can potentially participate in the routing protocol

  7. Security concerns • Must define adversarial model • Effect on network operation – Passive attacks – Active attacks • Attackers are authorized to participate in the network operation – Outside attacks – Inside attacks

  8. Outside Attacks • Attackers do not posses credentials • Include: – packet injection – packet modification – impersonation • In general preventable using standard cryptographic mechanisms that ensure authentication and data integrity

  9. Inside (Byzantine) Attacks • Byzantine behavior: Arbitrary action by an authenticated node resulting in disruption of the routing service • All nodes participate in routing • Authentication and data integrity mechanisms do not provide any guarantees • Different than the “selfish node” problem

  10. Attacks against routing • Black Hole Attack Traditional • Flood Rushing Attack • Wormhole Attack & • Overlay Network Attack Byzantine (super-wormhole) • Adversaries can act individually or can collude

  11. Other Attacks • Traffic analysis • Sybil attacks – A malicious node illegitimately claims multiple identities • Node replication – Adversary captures, replicates and inserts duplicated nodes – Difficult to detect without centralized monitoring

  12. Routing protocols • Routing = act of moving information from source to destination • Types of routing protocols – Pro-active – continuously learn network topology • ☺ routes are available immediately • � high updating cost for dynamic topology • examples: RIP, OSPF, DSDV, OLSR – Reactive – establish routes when needed • ☺ less control traffic • � additional delay, involve flooding • examples: AODV, DSR

  13. On-Demand Routing Protocols • Route Discovery phase – Based on flooding – RouteRequest – usually flooded – RouteReply – flooded or unicast • Route Maintenance Phase Req Req D Ad Hoc Network S Rep Rep

  14. Black Hole Attack • Adversary selectively drops only data packets , but still participates in the routing protocol correctly • The damage is directly related to the likelihood of an adversary being selected as part of the route

  15. Black Hole Attack Mitigation Watchdog and Pathrater (S. Marti, T. Giuli, K. Lai, M. Baker, “Mitigating routing misbehavior in mobile ad hoc networks”, MobiCom 2000) • A node can overhear its neighboring nodes forwarding packets to other destinations • Watchdog and Pathrater • Local monitoring can detect: – Packet forge: An outgoing packet that has no corresponding incoming packet – Packet modification: Difference between the incoming and outgoing packet fields – Intentional packet delay: A packet was forwarded after a threshold time instead of immediately – Packet drop: Packets were not forwarded within a maximum acceptable timeout threshold

  16. Black Hole Attack Mitigation Watchdog and Pathrater What can go wrong? • Missed detection: A malicious event goes undetected at guard G because: – A collision occurs at G when the malicious node S G transmits • False detection: A normal event is classified by a guard G as a malicious event because: – A collision occurs at G when the sender S transmits a S D packet – A collision occurs at G when the monitored node D forwards the packet • Does not work when power control and multi-rate are used • Also vulnerable to attacks from two consecutive colluding adversaries

  17. Black Hole Attack Mitigation Secure Data Transmission (SDT) (P. Papadimitratos, Z. Haas, “Secure data transmission in mobile ad hoc networks”, WiSe 2003) • Uses end-to-end acknowledgements from DST • Disseminates a packet across several node-disjoint paths • Good for well connected networks • Bad for sparsely connected networks • Protection of node-disjoint path discovery is not fully achieved against colluding adversaries • Also vulnerable to flood rushing attacks

  18. Flood Rushing Attack • Majority of on-demand routing protocols use flooding for route discovery • Attack takes advantage of the flood suppression mechanism • Adversary “rushes” packets through the network, propagating its flood faster than the legitimate flood

  19. Flood Rushing Attack • Attacker disseminates RREQ, RREP quickly throughout the network suppressing any later legitimate RREQ, RREP – By avoiding the delays that are part of the design of both routing and MAC (802.11b) protocols – By sending at a higher wireless transmission level – By using a wormhole to rush the packets ahead of the normal flow • Result: an attacker gets selected on many paths, or no path is established • Why is the attack possible: flood suppressing mechanism

  20. Flood Rushing Attack Mitigation Rushing Attack Prevention (RAP) (Y.-C. Hu, A. Perrig, D.B. Johnson, “Rushing Attacks and defense in wireless ad hoc network routing protocols”, WiSe 2003) • Wait to receive up to k requests (flood re-broadcasts) • Randomly selects one to forward • Random selection reduces advantage gained by reaching a node first • Disadvantages: – Secure neighbor discovery and secure route delegation => multiple rounds of communication => a lot of overhead – Is ineffective if the adversary has compromised k or more nodes

  21. Byzantine Wormhole Attack Adv2 Adv1 wormhole Destination Source • Attacker (or colluding attackers) records a packet at one location in the network, tunnels the packet to another location, and replays it there. • End-points of the virtual link can not be trusted • Result: Allows an adversary to get selected on many paths

  22. Two types of wormhole Adv2 Adv1 wormhole Destination Source • Traditional wormhole: adversaries are outside attackers (non-authenticated) – honest nodes believe there is a direct link between them • Byzantine wormhole: adversaries are inside attackers (authenticated) – wormhole link exists between compromised nodes

  23. Wormhole Attack Mitigation Packet Leashes (Y.-C. Hu, A. Perrig, D.B. Johnson, “Packet Leashes: A defense against wormhole attacks in wireless ad hoc networks”, Infocom 2003) • Prevents wormhole creation by limiting the transmission distance of a link – A temporal leash (extremely tight time synchronization) – A geographical leash (location information) • May require additional hardware (very accurate clocks or GPS receivers), but is effective against traditional wormholes • Ineffective against Byzantine wormholes

  24. Wormhole Attack Mitigation Directional Antenna (L. Hu, D. Evans, “Using directional antennas to prevent wormhole attacks”, NDSS 2004) • Uses the angle of arrival information available when using directional antennas • Takes advantage of topology distortion that occurs when nodes communicate through a wormhole • To verify a link between two nodes, a third node is required • Disadvantage: in low density networks, the number of available links is reduced • Ineffective against Byzantine wormholes

  25. Super-Wormhole • a more general (and stronger) variant of the wormhole attack • several adversaries collude and form an overlay of Byzantine wormholes • for n adversaries, it is equivalent to n 2 wormholes

  26. Related Work • [Perlman – ’88]: Byzantine robustness for Link State routing protocol in wired networks) • Blackhole: [Marti, Giuli, Lai, Baker - ‘00] [Papadimitratos, Haas - ’03] • Authentication and integrity: [Zhou, Haas – ’99] [Hubaux, Buttyan, Capkun – ’01] [Dahill, Levine, Shields, Royer – ’02] [Hu, Perrig, Johnson – ‘01, ’02] • Flood rushing: [Hu, Perrig, Johnson – ‘03] • Wormhole: [Hu, Perrig, Johnson – ’03] [Hu, Evans – ’04] • NO PROTOCOL THAT CAN WITHSTAND ALL OF THE CONSIDERED BYZANTINE ATTACKS • ODSBR fills this gap! (software-only solution) [Awerbuch, Holmer, Nita-Rotaru, Rubens – Wise ’02 [Awerbuch, Curtmola, Holmer, Nita-Rotaru, Rubens – SecureComm ’05]

Recommend


More recommend