Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ad hoc Networking Security: Solving Node Selfishness Problem

Published byOswin Hodge Modified over 9 years ago

Similar presentations

Presentation on theme: "Ad hoc Networking Security: Solving Node Selfishness Problem"— Presentation transcript:

1 Ad hoc Networking Security: Solving Node Selfishness Problem
Presented by : Ali N M Noman PhD Student CSI 5148 Course Instructor: Professor Ivan Stojmenovic C

2 Outline Problem Definition & Security Challenges
Background Information Basic Cryptography- Encryption, Digital Signature DSR Analyzing Solutions Conclusion

3 Node Selfishness Problem:
A form of misbehavior where a node does not participate in network operation in order to save its power. Scenario 1: Node S wants to send a packet(p) to Node D using the route <S,1,2,3,D> , where Node 2 is a selfish node P P S 1 2 3 D Did not forward P Can a selfish node do its own network operation?

4 Node Selfishness Problem
A form of misbehavior where a node does not participate in network operation in order to save its power. Scenario 2: However Node 2 can send a packet (p1) using the route<2,3,D> P1 P1 S 1 2 3 D

5 Node Selfishness Problem: Security Challenges
Is it an active attack? No However it degrades the network performance. “10 to 40% of misbehaving nodes cause 16 to 32% of degradation of the average throughput of the network”. Can traditional cryptographic solution (i.e. integrity, authentication) solve this problem?No

6 Background: Basic Security Goals
Bob wants to send a msg, M to Tom Wired/wireless link Bob Tom Confidentiality/secrecy: Encode(encrypt) M(plain text) into a unreadable text , C(cipher text) prior to transmission so that no one except bob and tom can decode(decrypt) it. Integrity: Tom can verify whether M was not modified in transmission or not. Authentication: Tom can verify that M was really sent by Bob. Non Repudiation: After sending the msg M, Bob cannot deny. Recall the purpose of our handwritten signature. (Digital Signature) (Digital Signature) is one of the main motivation behind developing public key cryptography

7 Public Key Cryptography:RSA
Bob wants to send a msg, M to Tom Wired/wireless link Bob Public key:(e_bob, N) Private Key: (d_bob, N) Tom Public key:(e_tom, N) Private Key: (d_tom, N) Public key is known to all; private key is a secret. Encryption: Encrypt M with receiver’s public key. Here, C= (M)e_tom mod N Decryption: Receiver (i.e. Tom) will decrypt it using its private key which is a secret to all. Here, M= (C)d_tom mod N [assuming C is not modified in transmission]

8 Public Key Cryptography:RSA
Bob wants to send a msg, M to Tom Wired/wireless link Bob Public key:(e_bob, N) Private Key: (d_bob, N) Tom Public key:(e_tom, N) Private Key: (d_tom, N) Digital Signature : Sender(Bob) will encrypts(i.e. sign) the message, M with its private key and send (M | DS) to Tom. Here DS= (M)d_bob mod N Signature Verification: Tom verifies Bob’s signature as follows: If M== (DS)e_bob mod N correct signature Else It is not signed by Bob Remark: This solution ensures integrity and authentication and non repudiation but does not provide secrecy. How can you also include secrecy here??

9 RSA: Computational Challenges
Example: assume C(encrypted text)= 542;Receiver’d private key(d,n)=(157,2773) In this case, P= mod 2773 =805  hard for your calculator. But you can do that using this trick:

10 Question 1: Question : Alice has the public key {e = 13, n = 899} and the private key {d = 517, n =899}. Bob has the public key {e = 17, n = 851} and the private key {d = 233, n = 851}. Suppose Bob has received the plain/unencrypted message 67 and the signature 129. Describe how Bob verifies the signature . [ Note: In this case, message is directly used to calculate signature using RSA] Solution: Here, M=67 and DS=129. Step 1. Bob should decrypt the DS using Alice’s public key M’= (DS)13 mod 899=67 [use the trick given in the presentation] Step 2. Now Bob will compare M’ with M . If they match then the signature is verified.

11 DSR: Dynamic Source Routing
An on demand routing protocol Each data packet carries a complete path(i.e. ordered list of nodes towards destination) DSR Example(simplified): S wants to send a packet ,P to Destination 4 5 S 1 2 3 D S chooses a(best) route to D from its cache : <S,1,2,3,D> . This route is added in packet header of P. 2. (If everything goes well) the packet will traverse to D using the red path

12 DSR: Dynamic Source Routing
2 main mechanisms: Route discovery: Discover (multiple) routes to D. Route maintenance : Updating route cache in nodes in order to ensure data transfer from S to D. DSR Example(simplified): Route Discovery (S to D) <S,4> 4 <S,1> <S,1, 2> <S,1, 2,3> RR=<S,1, 2,3, D> S 1 2 3 D Route Reply <S,5> 5 Route Request : (S, D, request ID,RR=<S>). Each intermediate node adds itself in the RR if it is not D or does not know a path to D D will send back the RR to S using a Route Reply. D can choose an already discovered path to S or can initiate another R. request to S if necessary .

13 DSR: Dynamic Source Routing
Route Maintenance: Sending Route Error Massage to S: Intermediate Node informs S if link is broken Packet Salvaging: Intermediate Node should forward packet to D using other path(if known) if the given path is broken.

14 Solving Node Selfishness Problem
Solutions can be categorized as: Monitoring Based Watchdog End-End Ack 2H-ack Reputation Based CORE CONFIDANT Signed Token Preventive Nuglets (not feasible)

15 Watchdog First proposal for mitigating routing misbehavior in MANET
Most of the later solutions rely on it. 2 components: Watchdog(monitoring) : Misbehavior(selfish) node detection Pathrater: choose a best path by avoiding a path with misbehaving(selfish) node. Build on top of source routing protocol, DSR. Watchdog Summary: Selfish Node detection. All nodes operates in promiscuous mode to monitor its neighbor nodes. If it finds that its neighbor node is misbehaving(selfish) for t (threshold) times, the node reports it to the source node.

16 Watchdog : in selfish node detection
Selfish Node detection using Watchdog: Example(simplified) P P S 1 2 3 D Did not forward P Node 1 does not over hear forwarding of P from Node 2 Confirms it by checking t times Reports to S: Node 2 is selfish

17 Steps involved in finding the best path using pathrater (simpified)
How Pathrater works? Initially a node gives a rate of 0.5 to all of its known nodes and a (fixed) rate of 1 to itself. Adds 0.01 to all nodes in the DSR packet forwarding path if it is successful Deduct from all unreachable nodes of a DSR packet forwarding path (if it is unsuccessful due to broken link). Maximum rating of each node (except the initiator) is 0.8. A misbehavior node will get the rating of -100. Source Node, S will calculate the average rating of all nodes in each path and choose the path with maximum average rating. Steps involved in finding the best path using pathrater (simpified)

18 Executing the entire Watchdog Algorithm
Consider the following Scenario: 1. Node S has the following rate for its known nodes: 2. Assume following events occur in order: E-1: packet forwarding to 3 using route <S,4,1,2,3> is successful E-2: packet forwarding to 3 using route <S,5,1,6,2,3> fails as link between 6 & 2 is broken (i.e. node 2 & node 3 is unreachable) E-3: Packet forwarding attempt using <S,5,7,2,3> identifies Node 7 as a selfish node S 1 2 3 4 5 6 7 1.0 0.55 0.5 0.6 6 4 S 1 2 3 7 5

19 Executing the entire Watchdog Algorithm
Question 2:What is the updated node rating table of node S? Which one of the following 3 routes S will choose to send a packet to Node 3: Is it <S,5,7,2,3> or <S,4,1,2,3> or <S,5,1,2,3>? S 1 2 3 4 5 6 7 1.0 0.55 0.5 0.6 E-1 0.56 0.51 0.61 E-2 0.46 E-3 -100 Final Rating of <S,5,7,2,3> = ( )/5 Rating of <S,4,1,2,3> =( )/5 Rating of <S,5,1,2,3> =( )/5 <S,4,1,2,3> has the highest rating. So it will be chosen

20 Watchdog Algorithm: Pros & Cons
Simple. Enhance the network performance. Weaknesses in Monitoring: collision, limited power transmission. It does not give any penalty to a selfish node, instead it helps the selfish node to save its energy. How?? What if A lies??  Reputation of A??

21 End-End Ack-How it works?
Basis: Monitoring the reliability of routes by acknowledging in an end-end manners If S gets an ack (within the time out interval) from D after sending a packet, the route is fine. Otherwise not Successful delivery of a packet will increase the route rating and unsuccessful delivery decrease route rating If a route’s goes under a threshold(not reliable any more) the route will not be used (may be for a specific time) Cross layer mechanism makes it possible to use TCP ack instead of implementing end –end ack in network layer end-end ack D S TCP TCP Network Network

22 End-End Ack-Pros & Cons
Unreliable routes can be avoided. So routes having selfish node can also be avoided. Cross layer mechanism makes it possible to use TCP ack instead of adding explicit ack in network layer . Ack needs to be signed (specially in network layer ack implementation). In this case, end-end security association is required Can it detect the selfish/misbehaving node? No ---This is the main drawback of this solution.

23 Signed token based Solution
Collaborative localized monitoring. Only Nodes with a valid token(signed collaboratively by its neighbors) can participate in network operation. A misbehaving/selfish node’s token will be revoked by its neighbors. RSA is used Based on threshold secret sharing(polynomial secret sharing). Here private/secret key(sk) is shared among n nodes. Signing a token with private key , sk is same as if k(out of n) nodes sign the token with the part of sk it posses ”

24 Signed token: How it works?
3 components: Collaborative monitoring, token renewal, token revocation. Token Renewal: K out of N neighbor nodes issue/renew a token for a node.

25 Signed token: How it works? contd
Steps Involved(simplified): Upon detecting misbehavior of a neighbor ,a node broadcast a SID( single intrusion detection) to its neighbor. Once a node received m (e.g. m=k) independent SID it broadcasts a GID(Global Intrusion Detection) to its neighbors. When a node received K independent GID, it constructs a signed TREV(token revocation) packet and broadcasts it. Upon receiving the signed TREV, a node checks its TREV table, if there is no entry for this node include it into the TREV table. Any active link with a revoked node will be considered as broken

26 Signed token: Pros & Cons
Localized solutions. Signature management is also done locally. Self organized. Very much suitable for a dense network; protect misbehavior in routing and packet forwarding. A node with less than K neighbors cannot communicate. –> Main Drawback

27 CONFIDANT A reputation based solution. Can be considered as an extension of DSR. Treats Misbehavior as an exception. 4 components: Monitor, Reputation System, Trust Manager, Path Manager 1. Misbehavior detected Exceed the threshold Rate the selfish node considering other’s feedback also . Informs it to others as an alarm Other Nodes will do the same thing. However they will also consider informer’s trustworthiness If the node rate is less than the threshold , avoid the path with misbehaving node

28 Executing CONFIDANT : (simplified example)
Route Cache of A empty 1. Route Request: A wants to send a packet to E 2. Route Reply: D and E both know a path to E Route Cache of A [A,B,E] [A,C,D,E]

29 Executing CONFIDANT : (simplified example)
3 . Data Flow & Alarm: A sends data and receives alarm from C that D is misbehaving Route Cache of A [A,B,E] [A,C,D,E] 4. Act on Alarm: A chooses an alternative path to E Route Cache of A [A,B,E] Updated

30 CONFIDANT: Pros & Cons Performance enhancement with some overhead.
Overhead(O): In this case additional alarm messages are transmitted along with all DSR’s regular messages(i.e. Route Request, Route Reply and Route Error Message) In the last execution of CONFIDANT, Overhead(O)=2/10=1/5=20% [ This is Question3] Trust issue. Alarm msg needs to be signed

31 Conclusion Monitoring is the basis for most of the proposed solutions.
Where as Watchdog solution only avoids a route having misbehaving node , the reputation based solutions (e.g. CONFIDANT and Signed) also penalize the selfish/misbehaving node/ However most of the solutions have some limitations. End-End ack  selfish node undetected Signed Token Node needs at least K neighbors to perform

32 References: Yang, H.; Meng, X.; Lu, S. Self-organized network layer security in mobile ad hoc networks. ACM MOBICOM Wireless Security Workshop (WiSe 2002), Atlanta, GA,Sept 28, 2002. S. Buchegger and J.-Y. Le Boudec, Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks, in Proceedings of the 10th Euromicro Workshop on Parallel, Distributed and Network-based Processing. S. Buchegger and J.-Y. Le Boudec, Performance Analysis of the CONFIDANT Protocol, in Proceedings of MobiHoc 2002. S. Marti, T. Giuli, K. Lai, and M. Baker, Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, in Proceedings of MOBICOM 2000. P. Michiardi and R. Molva, Core: A COllaborative REputation mechanism to Enforce Node Cooperation in Mobile Ad Hoc Networks, in Proceedings of IFIP Communication and Multimedia Security Conference 2002. Conti, M.; Gregori, E.; Maselli, G. Improving the performability of data transfer in mobile ad hoc networks. The 2nd IEEE International Conference on Sensor and Ad Hoc Communications and Networks (SECON 2005), Santa Clara, CA, Sept 26–29, 2005. “Ad Hoc Network Security” by Pietro Michiardi & Refik Molva

33 Thank You. Questions??

34 Appendix-1: RSA key pair generation
Steps Involved: 34

35 Appendix2: Question 1 Digital Signature
Digital Signature (DS): DS is created by encrypting the message with sender’s private key. Receiver can verify it by decrypting DS with sender’s public key. Question 1 : Alice has the public key {e = 13, n = 899} and the private key {d = 517, n =899}. Bob has the public key {e = 17, n = 851} and the private key {d = 233, n = 851}. Suppose Bob has received the plain/unencrypted message 67 and the signature 129. Describe how Bob verifies the signature. [ Note: In this case, message is directly used to calculate signature using RSA] Solution: Here, M=67 and DS=129. Step 1. Bob should decrypt the DS using Alice’s public key M’= (DS)13 mod 899=67 [use the trick discussed during presentation] Step 2. Now Bob will compare M’ with M. If they match then the signature is verified.

36 Appendix3: Question 2 on Pathrater
Question 2:What is the updated node rating table of node S? Which one of the following 3 routes S will choose to send a packet to Node 3: Is it <S,5,7,2,3> or <S,4,1,2,3> or <S,5,1,2,3>? S 1 2 3 4 5 6 7 1.0 0.55 0.5 0.6 E-1 0.56 0.51 0.61 E-2 0.46 E-3 -100 Final Rating of <S,5,7,2,3> = ( )/5 Rating of <S,4,1,2,3> =( )/5 Rating of <S,5,1,2,3> =( )/5 [ Follow Slide No The algorithm is given there] <S,4,1,2,3> has the highest rating. So it will be chosen

37 Appendix 4: Question 3 on CONFIDANT
  Communication Overhead in CONFIDANT: In this case additional alarm messages are transmitted along with all DSR’s messages (i.e. Route Request, Route Reply and Error Message). It is calculated as follows: Question 3: Consider the following execution of the CONFIDANT Algorithm to calculate overhead(0).

38 Appendix 4: Question 3 on CONFIDANT
 Solution: In this case Overhead(O) = 2/(6+4)=1/5= 20%

Download ppt "Ad hoc Networking Security: Solving Node Selfishness Problem"

Similar presentations

Dynamic Source Routing (DSR) algorithm is simple and best suited for high mobility nodes in wireless ad hoc networks. Due to high mobility in ad-hoc network,

Dynamic Source Routing (DSR) algorithm is simple and best suited for high mobility nodes in wireless ad hoc networks. Due to high mobility in ad-hoc network,
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Multicasting in Mobile Ad Hoc Networks Ravindra Vaishampayan Department of Computer Science University of California Santa Cruz, CA 95064, U.S.A. Advisor:

Multicasting in Mobile Ad Hoc Networks Ravindra Vaishampayan Department of Computer Science University of California Santa Cruz, CA 95064, U.S.A. Advisor:
Stimulation for Cooperation in Ad Hoc Networks: Beyond Nuglets Levente Buttyán, Jean-Pierre Hubaux, and Naouel Ben Salem Swiss Federal Institute of Technology.

Stimulation for Cooperation in Ad Hoc Networks: Beyond Nuglets Levente Buttyán, Jean-Pierre Hubaux, and Naouel Ben Salem Swiss Federal Institute of Technology.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
802.11a/b/g Networks Herbert Rubens Some slides taken from UIUC Wireless Networking Group.

802.11a/b/g Networks Herbert Rubens Some slides taken from UIUC Wireless Networking Group.
Mitigating Routing Misbehavior in Mobile Ad Hoc Networks By Sergio Marti, T.J. Giuli, Kevin Lai, & Mary Baker Department of Computer Science Stanford University.

Mitigating Routing Misbehavior in Mobile Ad Hoc Networks By Sergio Marti, T.J. Giuli, Kevin Lai, & Mary Baker Department of Computer Science Stanford University.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.

NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Effects of Applying Mobility Localization on Source Routing Algorithms for Mobile Ad Hoc Network Hridesh Rajan presented by Metin Tekkalmaz.

Effects of Applying Mobility Localization on Source Routing Algorithms for Mobile Ad Hoc Network Hridesh Rajan presented by Metin Tekkalmaz.
Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.

Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.
Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.

Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.
A Reputation Based Scheme for Stimulating Cooperation Aruna Balasubramanian, Joy Ghosh and Xin Wang University at Buffalo (SUNY), Buffalo, NY {ab42, joyghosh,

A Reputation Based Scheme for Stimulating Cooperation Aruna Balasubramanian, Joy Ghosh and Xin Wang University at Buffalo (SUNY), Buffalo, NY {ab42, joyghosh,
TCP over ad hoc networks Ad Hoc Networks will have to be interfaced with the Internet. As such backward compatibility is a big issue. One might expect.

TCP over ad hoc networks Ad Hoc Networks will have to be interfaced with the Internet. As such backward compatibility is a big issue. One might expect.

Similar presentations

Ads by Google