Castor: Scalable Secure Routing for Ad Hoc Networks

Slides:

Advertisements

Similar presentations

Computer Networking A Top-Down Approach Chapter 4.7.

Advertisements

A Survey of Secure Wireless Ad Hoc Routing

Network Layer Routing Issues (I). Infrastructure vs. multi-hop Infrastructure networks: Infrastructure networks: ◦ One or several Access-Points (AP) connected.

Ranveer Chandra , Kenneth P. Birman Department of Computer Science

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Multicasting in Mobile Ad-Hoc Networks (MANET)

Scalable Team Multicast in Wireless Ad hoc networks Exploiting Coordinated Motion Mario Gerla University of California, Los Angeles.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

An Assessment of Mobile Ad-Hoc Network (MANET) Issues Jerry Usery CS 526 May 12 th, 2008.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dissemination protocols for large sensor networks Fan Ye, Haiyun Luo, Songwu Lu and Lixia Zhang Department of Computer Science UCLA Chien Kang Wu.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

Routing Security in Ad Hoc Networks

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Secure Routing in Ad Hoc Wireless Networks

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

Self-organized fault-tolerant routing in P2P overlays Wojciech Galuba, Karl Aberer EPFL, Switzerland Zoran Despotovic, Wolfgang Kellerer Docomo Euro-Labs,

Anonymous Gossip: Improving Multicast Reliability in Mobile Ad-Hoc Networks Ranveer Chandra (joint work with Venugopalan Ramasubramanian and Ken Birman)

Or, Providing High Availability and Adaptability in a Decentralized System Tapestry: Fault-resilient Wide-area Location and Routing Issues Facing Wide-area.

Computer Networks: Wireless Networks Ivan Marsic Rutgers University Chapter 6 – Wireless Networks.

1 A Practical Secure Neighbor Verification Protocol for Wireless Sensor Networks Reza Shokri, Marcin Poturalski, Gael Ravot, Panos Papadimitratos, and.

Mobile Ad-hoc Pastry (MADPastry) Niloy Ganguly. Problem of normal DHT in MANET No co-relation between overlay logical hop and physical hop – Low bandwidth,

Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester.

BLACK HOLE IN MANET SUBMITTED TO:--SUBMITTED BY:-- Dr. SAPNA GAMBHIRINDRAJEET KUMAR CSE DEPTT.MNW/887/2K11.

The Pulse Protocol: Mobile Ad hoc Network Performance Evaluation Baruch Awerbuch, David Holmer, Herbert Rubens {baruch dholmer WONS Jan.

Leveraging Social Networks for Increased BitTorrent Robustness Wojciech Galuba, Karl Aberer EPFL, Switzerland Zoran Despotovic, Wolfgang Kellerer Docomo.

CIS 725 Wireless networks. Low bandwidth High error rates.

Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks Sonja Buchegger Jean-Yves Le Boudec.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Secure Message Transmission in Mobile Ad hoc Networks Kobra Naalbandi & Zeinab Varamini University of Science and Technology Mazandaran, Distributed Systems.

1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #3 Mobile Ad-Hoc Networks AODV Routing.

Mobile Routing protocols MANET

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

Mobile Adhoc Network: Routing Protocol:AODV

Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) – Advanced.

Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.

Load-Balancing Routing in Multichannel Hybrid Wireless Networks With Single Network Interface So, J.; Vaidya, N. H.; Vehicular Technology, IEEE Transactions.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

1 MANETS – An overview. 2 MANETs Model and Definitions Simulatability – mobility models Routing algorithms Security issues with routing algorithms Tracing.

1 A Practical Routing Protocol for Vehicle-formed Mobile Ad Hoc Networks on the Roads 指導教授：許子衡教授報告學生：董藝興學生作者： Wang, S.Y.; Lin, C.C.; Hwang, Y.W.; Tao,

S Master’s thesis seminar 8th August 2006 QUALITY OF SERVICE AWARE ROUTING PROTOCOLS IN MOBILE AD HOC NETWORKS Thesis Author: Shan Gong Supervisor:Sven-Gustav.

Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.

Ad Hoc Network.

Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)

Anonymous Communications in Mobile Ad Hoc Networks Yanchao Zhang, Wei Liu, Wenjing Lou Presenter: Bo Wu.

Intro DSR AODV OLSR TRBPF Comp Concl 4/12/03 Jon KolstadAndreas Lundin CS Ad-Hoc Routing in Wireless Mobile Networks DSR AODV OLSR TBRPF.

Security and Cooperation in Wireless Networks Georg-August University Göttingen Secure routing in multi-hop wireless networks (I) Secure routing in multi-hop.

Self-stabilizing energy-efficient multicast for MANETs.

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

CWSA Workshop SWAN: Survivable Wireless Ad Hoc Networks Cristina Nita-Rotaru Purdue University J oint work with: Baruch Awerbuch, Reza Curtmola, Dave Holmer.

Ad Hoc On-Demand Distance Vector Routing (AODV) ietf

Using Ant Agents to Combine Reactive and Proactive strategies for Routing in Mobile Ad Hoc Networks Fredrick Ducatelle, Gianni di caro, and Luca Maria.

Advisor: Prof. Han-Chieh Chao Student: Joe Chen Date: 2011/06/07.

Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.

MZR: A Multicast Protocol based on Zone Routing

UNIT-V Transport Layer protocols for Ad Hoc Wireless Networks

ODMRP Enhancement.

Mobile Ad hoc Network: Secure Issues In Multi-Hop Routing Protocols

任課教授：陳朝鈞教授學生：王志嘉、馬敏修

Vinay Singh Graduate school of Software Dongseo University

Computer Networks: Wireless Networks

Routing protocols in Mobile Ad Hoc Network

Presentation transcript:

Castor: Scalable Secure Routing for Ad Hoc Networks Wojciech Galuba, Panos Papadimitratos, Marcin Poturalski, Karl Aberer EPFL, Switzerland Zoran Despotovic, Wolfgang Kellerer Docomo Euro-Labs, Munich, Germany

Ad-hoc network routing challenges source destination

Ad-hoc network routing challenges source destination

Ad-hoc network routing challenges source destination Say this is costly, one of the paths fail, throwing bandwidth at the problem

Scale Mobility ? Security

Castor Continuously-Adapting Secure Topology-Oblivious Routing Secure route discovery Castor Secure data transmission Provides routes Avoids compromised nodes Evaluates routes Needs route redundancy Continuously-Adapting Secure Topology-Oblivious Routing Skip arrows

Topology-obliviousness The basic ideas of our approach To achieve what was on the prev slide we use Nodes only aware of their neighbors No routing information exchange no routes included in control traffic no routing table fragments exchanged

Flows instead of destinations An important feature of our protocol In-network state is maintained per-flow not per-destination Flow isolation  crucial for security

Castor – basic operation source destination PKTs contain the data payload ACKs follow the reverse path of PKTs

Local learning from failures v3 per-flow per-neighbor reliability estimator + + + - - v2 v1 v4 + + Locality: each node only aware of its neighborhood Autonomy: each node routes independently

Broadcast as a fallback v3 - - - v2 v1 v4 Autonomy: nodes independently decide wether to broadcast or unicast

Initial PKT flood source destination No reliability history  each node decides to broadcast the PKT ACKs are broadcasted back

Routing around failures source destination Failure  ACKs stop returning Local repair: on failure some nodes broadcast, most still unicast alternative route discovered without network-wide flood

Castor is failure agnostic Same recovery mechanism good for: Malicious PKT or ACK dropping Links broken by mobility Wider-area outages (e.g. jamming) Wormholes and tunnels

Trust model Untrusted cloud of intermediate nodes Security associations: Source to destination Neighbor to neighbor Simplest in the literature

Crucial property: flow state isolation v2 v5 v1 v4 v3 Isolate in-network states for the two flows Otherwise malicious flows could disrupt the benign flows node reliability v2 0.9 0.2 v3 0.6 0.95 v4 0.8 v5 0.1 Routing state at v1: In spite of the simple trust assumptions, still we can achieve th e

Ensuring flow isolation Flow authentication Nodes can recognize PKTs belonging to the same flow Only source can generate the next PKT ACK authentication Nodes can match ACKs to PKTs Only destination can generate correct ACK Achieved without public-key crypto

Evaluation 1Mbps 802.11b MAC 3 km x 3 km plane 1-20 m/s random waypoint mobility 5 flows, 4 packets/s, 100 nodes

Blackhole attack: adversary drops data packets - As the fraction of compromised nodes increases, Castor is able to maintain high levels of packet delivery rates, while the other protocols do not . - Higher granularity, per-link per-flow instead of per-route Blackhole attack: adversary drops data packets not control traffic

Bandwidth utilization under blackhole attack The bandwidth for proactive protocols is higher (SEAD and Sprout) For Castor the bandwidth consumption stays constant, despite the fact PKTs are 256 Bandwidth utilization under blackhole attack

Wormhole drops data packets, no mobility Complete recovery from wormholes

Scalability Mobility, 20% of balckholes Increasing the network size

Summary Simple PKT-ACK messaging Scalability Fast adaptation Security flow-control-ready applicable to other networks than MANETs Scalability No routing information exchanged Local repair, few network-wide floods Fast adaptation Security Failure agnosticism Flow state isolation

PKT – ACK pairing H xl h(h(h(b1)||x1)||x2) xl-1 h(h(b1)||x1) x2 h(b1) Root of the Merkle tree is the flow ID, used by the intermediate nodes for state isolation Source generates Merkle tree per-flow H Included in PKT xl h(h(h(b1)||x1)||x2) xl-1 h(h(b1)||x1) x2 h(b1) x1=h(b2) h(bw) b1=g(a1) b2=g(a2) bw=g(aw) a1 a2 an Included in ACK Included ecrypted in PKT, destination decrypts © 2009 EPFL, Docomo Euro-Labs

Time to recover from blackhole attack No mobility Time to recover from blackhole attack © 2009 EPFL, Docomo Euro-Labs