Presentation is loading. Please wait.

Presentation is loading. Please wait.

Castor: Scalable Secure Routing for Ad Hoc Networks

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Castor: Scalable Secure Routing for Ad Hoc Networks"— Presentation transcript:

1 Castor: Scalable Secure Routing for Ad Hoc Networks
Wojciech Galuba, Panos Papadimitratos, Marcin Poturalski, Karl Aberer EPFL, Switzerland Zoran Despotovic, Wolfgang Kellerer Docomo Euro-Labs, Munich, Germany

2 Ad-hoc network routing challenges
source destination

3 Ad-hoc network routing challenges
source destination

4 Ad-hoc network routing challenges
source destination Say this is costly, one of the paths fail, throwing bandwidth at the problem

5 Scale Mobility ? Security

6 Castor Continuously-Adapting Secure Topology-Oblivious Routing
Secure route discovery Castor Secure data transmission Provides routes Avoids compromised nodes Evaluates routes Needs route redundancy Continuously-Adapting Secure Topology-Oblivious Routing Skip arrows

7 Topology-obliviousness
The basic ideas of our approach To achieve what was on the prev slide we use Nodes only aware of their neighbors No routing information exchange no routes included in control traffic no routing table fragments exchanged

8 Flows instead of destinations
An important feature of our protocol In-network state is maintained per-flow not per-destination Flow isolation  crucial for security

9 Castor – basic operation
source destination PKTs contain the data payload ACKs follow the reverse path of PKTs

10 Local learning from failures
v3 per-flow per-neighbor reliability estimator + + + - - v2 v1 v4 + + Locality: each node only aware of its neighborhood Autonomy: each node routes independently

11 Broadcast as a fallback
v3 - - - v2 v1 v4 Autonomy: nodes independently decide wether to broadcast or unicast

12 Initial PKT flood source destination No reliability history  each node decides to broadcast the PKT ACKs are broadcasted back

13 Routing around failures
source destination Failure  ACKs stop returning Local repair: on failure some nodes broadcast, most still unicast alternative route discovered without network-wide flood

14 Castor is failure agnostic
Same recovery mechanism good for: Malicious PKT or ACK dropping Links broken by mobility Wider-area outages (e.g. jamming) Wormholes and tunnels

15 Trust model Untrusted cloud of intermediate nodes
Security associations: Source to destination Neighbor to neighbor Simplest in the literature

16 Crucial property: flow state isolation
v2 v5 v1 v4 v3 Isolate in-network states for the two flows Otherwise malicious flows could disrupt the benign flows node reliability v2 0.9 0.2 v3 0.6 0.95 v4 0.8 v5 0.1 Routing state at v1: In spite of the simple trust assumptions, still we can achieve th e

17 Ensuring flow isolation
Flow authentication Nodes can recognize PKTs belonging to the same flow Only source can generate the next PKT ACK authentication Nodes can match ACKs to PKTs Only destination can generate correct ACK Achieved without public-key crypto

18 Evaluation 1Mbps 802.11b MAC 3 km x 3 km plane
1-20 m/s random waypoint mobility 5 flows, 4 packets/s, 100 nodes

19 Blackhole attack: adversary drops data packets
- As the fraction of compromised nodes increases, Castor is able to maintain high levels of packet delivery rates, while the other protocols do not . - Higher granularity, per-link per-flow instead of per-route Blackhole attack: adversary drops data packets not control traffic

20 Bandwidth utilization under blackhole attack
The bandwidth for proactive protocols is higher (SEAD and Sprout) For Castor the bandwidth consumption stays constant, despite the fact PKTs are 256 Bandwidth utilization under blackhole attack

21 Wormhole drops data packets, no mobility
Complete recovery from wormholes

22 Scalability Mobility, 20% of balckholes Increasing the network size

23 Summary Simple PKT-ACK messaging Scalability Fast adaptation Security
flow-control-ready applicable to other networks than MANETs Scalability No routing information exchanged Local repair, few network-wide floods Fast adaptation Security Failure agnosticism Flow state isolation

24

25 PKT – ACK pairing H xl h(h(h(b1)||x1)||x2) xl-1 h(h(b1)||x1) x2 h(b1)
Root of the Merkle tree is the flow ID, used by the intermediate nodes for state isolation Source generates Merkle tree per-flow H Included in PKT xl h(h(h(b1)||x1)||x2) xl-1 h(h(b1)||x1) x2 h(b1) x1=h(b2) h(bw) b1=g(a1) b2=g(a2) bw=g(aw) a1 a2 an Included in ACK Included ecrypted in PKT, destination decrypts © 2009 EPFL, Docomo Euro-Labs

26 Time to recover from blackhole attack
No mobility Time to recover from blackhole attack © 2009 EPFL, Docomo Euro-Labs

Download ppt "Castor: Scalable Secure Routing for Ad Hoc Networks"

Similar presentations

Computer Networking A Top-Down Approach Chapter 4.7.

Computer Networking A Top-Down Approach Chapter 4.7.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Network Layer Routing Issues (I). Infrastructure vs. multi-hop Infrastructure networks: Infrastructure networks: ◦ One or several Access-Points (AP) connected.

Network Layer Routing Issues (I). Infrastructure vs. multi-hop Infrastructure networks: Infrastructure networks: ◦ One or several Access-Points (AP) connected.
Ranveer Chandra , Kenneth P. Birman Department of Computer Science

Ranveer Chandra , Kenneth P. Birman Department of Computer Science
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
Scalable Team Multicast in Wireless Ad hoc networks Exploiting Coordinated Motion Mario Gerla University of California, Los Angeles.

Scalable Team Multicast in Wireless Ad hoc networks Exploiting Coordinated Motion Mario Gerla University of California, Los Angeles.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
An Assessment of Mobile Ad-Hoc Network (MANET) Issues Jerry Usery CS 526 May 12 th, 2008.

An Assessment of Mobile Ad-Hoc Network (MANET) Issues Jerry Usery CS 526 May 12 th, 2008.
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Dissemination protocols for large sensor networks Fan Ye, Haiyun Luo, Songwu Lu and Lixia Zhang Department of Computer Science UCLA Chien Kang Wu.

Dissemination protocols for large sensor networks Fan Ye, Haiyun Luo, Songwu Lu and Lixia Zhang Department of Computer Science UCLA Chien Kang Wu.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
Secure Routing in Ad Hoc Wireless Networks 11.03.2005.

Secure Routing in Ad Hoc Wireless Networks

Similar presentations

Ads by Google