Presentation is loading. Please wait.

Presentation is loading. Please wait.

GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.

Published byJustin Richard Modified over 8 years ago

Similar presentations

Presentation on theme: "GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG."— Presentation transcript:

1 GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG

2 GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

3 GZ06 : Mobile and Adaptive Systems Motivation  On demand Ad hoc routing protocol  Security in Ad hoc protocols.  Attack models  General protocol  Mobility

4 GZ06 : Mobile and Adaptive Systems Motivation (cont.)  Resource constrained devices (palm)

5 GZ06 : Mobile and Adaptive Systems Ariadne  Ariadne Protocol  They have based there protocol on the basic operators of DSRs, on demand source routing protocol.  Basic operations of DSR are:  Route discovery  Route maintenance

6 GZ06 : Mobile and Adaptive Systems Overview of TESLA Basic Operation of Tesla:  Uses a MAC  Picks an initial key at random Kn.  Generates a set of keys Ko – Kn using a one way Hash chain.  Delayed key discloser  For each K there is a release time.  Time synchronization  You have to pick delta to be the maximum delay error between any 2 nodes. All nodes must know this.

7 GZ06 : Mobile and Adaptive Systems Network Assumptions  They ignore the physical layer  Networks are bidirectional  Attacks on medium access control are disregarded.  Normal network (drop, corrupt, re-order)  Ariadne inherits all assumptions of the broadcast authentication protocol used such as (TESLA).

8 GZ06 : Mobile and Adaptive Systems Node Assumptions  Resource constrained Nodes.  No asymmetric cryptography.  Loosely synchronized clocks.  No trusted hardware used such as tamperproof modules.

9 GZ06 : Mobile and Adaptive Systems Security Assumptions  Ariadne relies on the following keys to be set up, depending on which authentication mechanism is used : 1.Pairwise shared secret key. 2.Digital signatures. 3.If TESLA is used, we assume a mechanism to set up shared secret keys between communicating nodes, and to distribute one authentic public TESLA key for each node.

10 GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

11 GZ06 : Mobile and Adaptive Systems Attack Model  Passive  Active  An attacker injects packets into the network  An attack which has compromised nodes is called an Active-VC attacker if it owns all nodes on a vertex cut through the network that partitions the good nodes into multiple sets.  Active-n-m Active-0-1 Active-1-x Active-y-x

12 GZ06 : Mobile and Adaptive Systems General Attacks on Ad Hoc Network Routing Protocols  Routing disruption attacks  Routing loop  Black hole  Wormhole  Rushing Attack  Resource consumption attacks  Inject extra data packets  Inject extra control packets

13 GZ06 : Mobile and Adaptive Systems Basic Ariadne Route Discovery  Stage 1 – Target verifies Route Requests  Stage 2 - Target authenticates the data in Route Requests and the sender can authenticate the Route Replies  Stage 3 - Provides a way to verify that no node is missing from the node list.  Assume initiator S performs a Route Discovery for target D.  S and D share the secret keys K SD and K DS for message authentication in each direction

14 GZ06 : Mobile and Adaptive Systems Ariadne Route Discovery Using TESLA  A ROUTE REQUEST packet contains eight fields (ROUTE REQUEST, initiator, target, id, time interval, hash chain,node list, MAC list)  The initiator of the REQUEST then initializes the hash chain to MAC KSD (initiator, target id, time interval)  The hash chain for the target node H[ n,H[ n-1,H[ 1,MAC KSD (initiator, target id, time interval)]..]]]  A ROUTE REPLY packet also contains eight fields (ROUTE REPLY, target, initiator, time interval, node list, MAC list, target MAC, key list)

15 GZ06 : Mobile and Adaptive Systems Ariadne Route Maintenance Using TESLA  To prevent unauthorized Route Error Messages, we authenticate a sender.  A ROUTE ERROR packet in Ariadne contains six fields (ROUTE ERROR,sending address, receiving address, time interval, error MAC,recent TESLA key)  It should handle the possible memory consumption attack.

16 GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

17 GZ06 : Mobile and Adaptive Systems Evaluation  Modified Simulation Model  Increased packet size to reflect the additional fields necessary for authenticating  Modified Route Discovery and Maintenance  Adjusted re-transmission timeouts for Route Requests to compensate for the delay  Disallowed the use of prefixes of routes in the Route Cache

18 GZ06 : Mobile and Adaptive Systems Evaluation - Packet Delivery Ratio 4.66% less PDR than DSR-NoOpt in maximum Ariadne outperforms DSR-NoOpt at lower level of mobility

19 GZ06 : Mobile and Adaptive Systems Evaluation - Packet Overhead Ariadne has 41.7% lower packet overhead than DSR-NoOpt

20 GZ06 : Mobile and Adaptive Systems Evaluation - Byte Overhead Ariadne has 26.19% higher byte overhead than DSR-NoOpt

21 GZ06 : Mobile and Adaptive Systems Evaluation – Path Optimality DSR-NoOpt performs slightly better than Ariadne

22 GZ06 : Mobile and Adaptive Systems Evaluation – Average Latency Ariadne always has consistently lower latency than DSR-NoOpt

23 GZ06 : Mobile and Adaptive Systems Security Analysis  Active-0-x  Bogus messages  Wormhole and rushing attacks  Active-1-x  Prevent two nodes from communicating  Replace MAC or keys in the Route Request  Active-y-x  Attempt to force the initiator to repeatedly initiate Route Discoveries  Resist Active-VC?  No solution provided

24 GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

25 GZ06 : Mobile and Adaptive Systems Related Work  Periodic protocols  Much overhead introduced (storage, bandwidth, control and delay)  Protocols that use asymmetric crypto.  Computationally expensive to sign and verify Possible DoS attacks  High network bandwidth usage  Protocols that use network-wide symmetric keys  Single-node compromise

26 GZ06 : Mobile and Adaptive Systems Agenda Introduction Design Evaluation & Analysis Related work Critical Appraisal of the work

27 GZ06 : Mobile and Adaptive Systems Conclusions  Achievements  Security against various types of attacks  Efficient symmetric cryptography  General trusted hardware, powerful processors not needed  Overall Performance  Compared to optimized DSR: less efficient  Compared to unoptimized DSR: better in some metrics (e.g. packet overhead)

28 GZ06 : Mobile and Adaptive Systems Critical Appraisal  Key Setup  Methods: Pre-deployed, KDC, CA  Fixed nodes. Circular dependency. Centralized.  Clock synchronization.  Circular dependency  Resource constrained. Insecure  Maximum end-to-end delay  How to choose adaptively

29 GZ06 : Mobile and Adaptive Systems Critical Appraisal (cont.)  Delay and Buffer Size  Slow responsiveness  Resource constrained  Intermediate nodes authentication  Authentication on demand  Remaining Security Issues  Passive eavesdropper  Inserting data packets attack  Non-participating attacker  Single layer security scheme

30 GZ06 : Mobile and Adaptive Systems Thanks for your attention! Any questions?

Download ppt "GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG."

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.

DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)
1 Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols Yih-Chun Hu, Adrian Perrig, and David B. Johnson Presenter: Sandeep Mapakshi.

1 Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols Yih-Chun Hu, Adrian Perrig, and David B. Johnson Presenter: Sandeep Mapakshi.
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks

Similar presentations

Ads by Google