An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba Sources: Computer Communications, 28(2), pp , 2005 Reporter: Chun-Ta Li ( 李俊達 )

2 Outline  Introduction  Security issues in ad hoc routing  Trust management system  A secure distributed anonymous routing protocol (SDAR)  Security analysis  Conclusions  Comments

3 Introduction  Mobile ad hoc networks (MANET) Network functions are carried out by all available nodes  Packet forwarding  Routing  Network management Wireless radios and a peer-to-peer network model Visualized for crisis solutions or civilian applications

4 Introduction (cont.)  Constraints in mobile devices Low power microprocessor Small memory Limited bandwidth Short battery life Frequent network topology changes  Anonymous routing Hide the location and relationships of the communication nodes

5 Security issues in ad hoc routing  Passive attacks eavesdropping discover some valuable information disclose the relationship between nodes  Active attacks replaying, modifying or deleting routing packets malicious updates the routing table routing loops and network congestion external attacks and internal attacks

6 Security issues in ad hoc routing (cont.)  Security requirements of this paper SDAR (Secure Distributed Anonymous Routing ) protocol is secured against passive and active attacks, but not against Denial-of-Service attacks SDAR maintains the anonymity of the sender and receiver SDAR is able to identify malicious nodes and avoid using them to establish routes

7 Trust management system  Purpose of trust management system relaying data traffic identify the malicious nodes avoid using malicious nodes during the route establishment take malicious nodes out of the network  Define the trust level in a node as a cumulative value computed by each of its direct neighboring nodes community: the evaluated node and neighboring nodes

8 Trust management system (cont.)  community management central nodes neighboring nodes community track and listen neighboring  central: ． HELLO message {public key of neighboring node} (broadcasting periodically) ． stores the public key ． removes nodes if it does not receive the HELLO message for some time leave node

9 Trust management system (cont.)  community key management Three trust levels for neighboring nodes  lowest trust level: trust values is δ1  medium trust level: trust value is δ2 (MTLCK)  high trust level: trust value is ψ (MTLCK, HTLCK) updates the community key when a node ’ s trust level goes up or down or a node leaves the community community key will be encrypted with the public key of intended neighboring node during distribution // MTLCK: Medium Trust Level Community Key // HTLCK: High Trust Level Community Key

10 Trust management system (cont.)  Identification of nodes ’ malicious behavior by overhearing the message from next node to next-next node  Malicious Dropping  Malicious Modification  Trust-based distributed route selection mechanism specifies the trust level requirement in initial message intermediate node will propagate the message only to selected neighboring nodes depending on the source node requested trust level

11 A secure distributed anonymous routing protocol (SDAR)  Three phases: Path discovery phase Path reverse phase Data transfer phase  Assumptions Bi-directional links Enough computation power A trusted CA Each node holds only one IP address for its communication Some malicious nodes  Notations

12 A secure distributed anonymous routing protocol (cont.)  Path discovery phase Sending node S and receiving node R None of intermediate nodes can discover the identity of S and R S triggers this phase by sending path discovery message to all nodes within its wireless transmission range Path discovery message open part Encrypted with community key

13 A secure distributed anonymous routing protocol (cont.)  Path discovery phase Each node keeps an internal table for mapping the session  TPK, random number, session key and ancestor node Step 1: check if the message has already been received from other nodes within its wireless transmission range using the TPK as the unique identifier for the message Step 2: check if the node is the sender ’ s intended next hop by finding the corresponding community key in its community key lists. If key is found then decrypt the message

14 A secure distributed anonymous routing protocol (cont.)  Path discovery phase Step 3: try to decrypt E PKR (ID R, K S, PL S ) Step 4: if the node is NOT the destined receiver  Encrypted (IDi, Session key K i, SN Path_IDi and signature of received message) with encrypted key TPK and forward to neighbors whose trusted levels meets the trust requirement

15 A secure distributed anonymous routing protocol (cont.)  Path discovery phase Step 5: if the node is the destined receiver  Use the length of padding PLS to find out the offset of the forth part and get session keys of all nodes along the path  Put all ids, session keys in one message  Send the message to the first node in the reverse path

16 A secure distributed anonymous routing protocol (cont.)  Path reverse phase Use SN Session_IDi to retrieve the key for session, removes one encryption layer and forwards the message to the next node on the reverse path Add the ID of the successor node into the mapping table When S receives the message, it decrypts the message and passes the information about all intermediate nodes (i.e. the route) to the higher application  Data transfer phase Use the shared session keys of the intermediate nodes to make the layer encryption for the data and each intermediate node just decrypts one encryption layer and forwards the message to the next node according to the ID of the next node

17 A secure distributed anonymous routing protocol (cont.)  Finding malicious dropping behavior Path discovery phase  overhear the message with the same TPK from the neighboring node Path reverse and data transfer phase  SN Session_ID i and SN Session_ID i-2 instead of the TPK  Overhear the message carrying the session key ID of the node ’ s next hop from the node node ID i node ID i-1 node ID i-2 overhear

18 A secure distributed anonymous routing protocol (cont.)  Finding malicious modification behavior (path reverse phase) Node i-1 as an example 1.Decrypt message to get two SNs 2.Separate N i-1 from M i-1 and check H Ki-1 (N i-1 ) is equal or not, if it is not, Node i must have done malicious modification on M i-1 3.Get rid of SN Session_IDi and H(M i-3 ) from N i-1 and store H(M i-3 ) locally, then decrypt the rest of N i-1 with K i-1 and send the result M i-2 to Node i-2 4.Overhear M i-3 from Node i-2 by checking H(M i-3 ) is equal or not

19 Security analysis  Theorem 1. SDAR is secured against passive and active attacks, but not against Denial-of-Service attacks  Theorem 2. SDAR maintains the anonymity of the sender and receiver  Theorem 3. SDAR is able to identify malicious nodes and avoid using them to establish routes  Theorem 4. SDAR is able to establish a route matching certain trust requirements if enough nodes with qualifying trust value exist between the source and destination

20 Conclusions  In this paper, authors present a secure distributed anonymous routing protocol for MANET, called SDAR.  Some advantages can be summarized as follow Non-source-based routing Flexible and reliable route selection Resilience against path hijacking

21 Comments  Misrecognize malicious dropping behavior tamper TPK or SN Session_ID (open part) Solution: mutual authentication or encryption  It can ’ t prevent malicious modification behavior in path discovery phase (malicious dropping the message)  All neighboring nodes of the sender in collusion would find the sender and they can try to guess the session key K S for attacks