Presentation is loading. Please wait.

Presentation is loading. Please wait.

On Security Study of Two Distance Vector Routing Protocols for Ad Hoc Networks Weichao Wang, Yi Lu, Bharat Bhargava CERIAS and Department of Computer Sciences.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "On Security Study of Two Distance Vector Routing Protocols for Ad Hoc Networks Weichao Wang, Yi Lu, Bharat Bhargava CERIAS and Department of Computer Sciences."— Presentation transcript:

1 On Security Study of Two Distance Vector Routing Protocols for Ad Hoc Networks Weichao Wang, Yi Lu, Bharat Bhargava CERIAS and Department of Computer Sciences Purdue University March 24 th, 2003 *The research is supported by CERIAS, CISCO URP and NSF CCR-0001788

2 2 Index Research motivation Introduction to protocols Security observations and simulation results Detecting false sequence attacks Intruder identification and reverse labeling restriction (RLR) Experimental studies Conclusion

3 3 Research motivation The hybrid of Internet, cellular system and mobile ad hoc networks introduces vulnerabilities. [S. Bush, GE Research ’99] Security is a central requirement for mobile ad hoc networks. [Hubaux et al, MobiCom ’01] More than ten routing protocols. Security and robustness will impact the design of the standard for ad hoc networks. [Corson & Macker, IETF MANET WG ’02]

4 4 Destination sequenced distance vector (DSDV)  Proposed by Perkins in [SigCOMM ’94] ;  The nodes periodically broadcast the routing tables and proactively construct the routes;  Using destination sequence numbers to avoid routing loop and identify the freshness of the information;  Advantages: Short delay brought by the proactive feature Difficult for the attackers to control the propagation of false information  Disadvantages: Difficult to scale to large networks Computation and communication resources wasted on unused routes Introduction to DSDV

5 5 Ad hoc on-demand distance vector (AODV)  Proposed by Perkins and Royer [Mobile Computing and Applications ’99] ;  The routes are detected only when they are needed by the applications;  Broadcast routing request (RREQ) and unicast routing reply (RREP)  Using destination sequence numbers to avoid routing loop and identify the freshness of the information;  Advantages: Low overhead and smaller routing tables  Disadvantages: On-demand feature brings a longer delay for the first packet Malicious nodes have more flexibility on conducting attacks Introduction to AODV

6 6 Attacks on ad hoc routing procedure Attacks on routing Active attacksPassive attacks Packet silent discard Routing information hiding Routing procedure Flood network False replyWormhole attacks Route request Route broken message False distance vector False destination sequence

7 7 Example attacks on AODV and DSDV Silent packet discard False distance vector attacks False destination sequence attacks Routing request flood False route error packets

8 8 AODV: the malicious node can immediately form a false route reply when it receives the route request. DSDV: the malicious node must send false routes in advance. So the attacks require a longer duration. AODV: the malicious node can make flexible choices on the type of attacks and timing of attacks when it sends false reply to a request. AODV: the routing reply is unicast to the source, it is more difficult to trace back to the malicious node. Security observations

9 9 DSDV: the routing packets are broadcast. It is easier for the intrusion detection system to detect the attacks. DSDV: the malicious node can carry multiple false routes in its routing broadcast packets. So the communication overhead for the attacker is stable when it attacks multiple routes. Security observations (con’d)

10 10 Two kinds of attacks:  false distance vector (hop)  false destination sequence attacks Two conditions for route discovery:  one common destination  hybrid connection (random selection of source and destination in multiple routes) Input parameters:  maximum speed of nodes  number of connections; Output parameters:  packet delivery ratio  communication overhead for the attacker (number of false route reply)  number of good nodes cheated by the false routes Simulation of attacks

11 11 Parameters in Simulation Simulatorns-2 ProtocolsAODV and DSDV Simulation duration1000 seconds Simulation area1000 m x 1000 m Number of nodes30 Transmission range250 m Movement modelRandom waypoint Maximum speed5 – 20 m/s Traffic typeCBR (UDP) Data payload512 bytes/packet Packet rate2 packets/sec Number of malicious node1 Node pause time10 seconds Number of connections5 – 29

12 12 Simulation results of one destination Figure 1: Delivery ratio versus number of connections

13 13 Simulation results of one destination Figure 2: Cheated (affected) nodes versus number of connections

14 14 Simulation results of one destination Figure 3: Communication overhead versus number of connections

15 15 Simulation results combining figure 2 and 3 Figure 4: cheated nodes versus number of false route packets

16 16 Simulation results of hybrid connection Figure 5: Delivery ratio versus movement of nodes

17 17 Simulation results of hybrid connection Figure 6: Communication overhead versus node movement

18 18 The attackers must choose a large number as the false sequence to show its “freshness”. If this number can be detected by the destination node, the attack will be detected. Detecting false destination sequence attacks D SS1 S2 M S3 S4 RREQ(D, 3, ?) RREP(D, 5) RREP(D, 20) X RREQ(D, 20, ?) !! If local DS is only 5, how can other host get 20 ??

19 19 Problem statement: Intruder identification in ad hoc networks is the procedure of identifying the user or host that conducts the inappropriate, incorrect, or anomalous activities that threaten the connectivity or reliability of the networks and the authenticity of the data traffic in the networks. Intruder identification in AODV For more details, refer to the tech report at www.cs.purdue.edu/people/bb

20 20 Intruder identification Objectives:  locate the source of attacks  combine the information from multiple nodes and enable each node to make independent decision  achieve consistency among the conclusions of a group of nodes

21 21 Evaluation Criteria Accuracy  False coverage: Number of normal hosts that are incorrectly marked as suspected.  False exclusion: Number of malicious hosts that are not identified as such. Overhead  Overhead measures the increases in control packets and computation costs for identifying the attackers (e.g. verifying signed packets, updating blacklists).  Workload of identifying the malicious hosts in multiple rounds

22 22 Evaluation Criteria Effectiveness  Effectiveness: Increase in the performance of ad hoc networks after the malicious hosts are identified and isolated. Metrics include the increase of the packet delivery ratio, the decrease of average delay, or the decrease of normalized protocol overhead (control packets/delivered packets). Robustness  Robustness of the algorithm: Its ability to resist different kinds of attacks.

23 23 Reverse Labeling Restriction (RLR) Basic Ideas  Every host maintains a blacklist to record suspicious hosts. Suspicious hosts can be released from the blacklist or put there permanently.  The destination host will broadcast an INVALID packet with its signature when it finds that the system is under attack on sequence. The packet carries the host’s identification, current sequence, new sequence, and its own blacklist.  Every host receiving this packet will examine its route entry to the destination host. If the sequence number is larger than the current sequence in INVALID packet, the presence of an attack is noted. The next hop to the destination will be added into this host’s blacklist.

24 24 Reverse Labeling Restriction (RLR) All routing information or intruder identification packets from hosts in blacklist will be ignored, unless the information is about themselves. After a host is released from the blacklist, the routing information or identification results from it will be processed.

25 25 Example to illustrate RLR D SS1 S2 M S3 S4 BL {} BL {S2} BL {} BL {M} BL {S1} BL {} D sends INVALID packet with current sequence = 5, new sequence = 21. S3 examines its route table, the entry to D is not false. S3 forward packet to S1. S1 finds that its route entry to D has sequence 20, which is > 5. It knows that the route is false. The hop which provides this false route to S1 was S2. S2 will be put into S1’s blacklist. S1 forward packet to S2 and S. S2 adds M into its blacklist. S adds S1 into its blacklist. S forward packet to S4. S4 does not change its blacklist since it is not involved in this route. INVALID ( D, 5, 21, {}, SIGN )

26 26 RLR creates suspicion trees. If a host is the root of a quorum of suspicion trees, it is labeled as the attacker.

27 27 Reverse Labeling Restriction (con’d) Update Blacklist by INVALID Packet  Next hop on the invalid route will be put into local blacklist, a timer starts, a counter ++  Labeling process will be done in the reverse direction of route  When timer expires, the suspicious host will be released from the blacklist and routing information from it will be accepted  If counter > threshold, the suspicious host will be permanently put into blacklist

28 28 Reverse Labeling Restriction (con’d) Update local blacklist by other hosts’ blacklist  Attach local blacklist to INVALID packet with digital signature to prevent impersonation  Every host will count the hosts involved in different routes that say a specific host is suspicious. If the number > threshold, it will be permanently added into local blacklist and identified as an attacker.  Threshold can be dynamically changed or can be different on various hosts

29 29 Reverse Labeling Restriction (con’d) Two other effects of INVALID packets  Establish routes to the destination host: when the host sends out INVALID packet with digital signature, every host receiving this packet can update its route to the destination host through the path it gets the INVALID packet.  Enable new sequence: When the destination sequence reaches its max number (0x7fffffff) and needs to round back to 0, the host sends an INVALID packet with current sequence = 0x7fffffff, new sequence = 0.

30 30 Reverse Labeling Restriction (con’d) Packets from suspicious hosts  Route request: If the request is from suspicious hosts, ignore it.  Route reply: If the previous hop is suspicious and the query destination is not the previous hop, the reply will be ignored.  Route error: will be processed as usual. RERR will activate re-discovery, which will help to detect attacks on destination sequence.  INVALID: if the sender is suspicious, the packet will be processed but the blacklist will be ignored.

31 31 Simulation parameter Simulation duration1000 seconds Simulation area1000 * 1000 m Number of mobile hosts30 Transmission range250 m Pause time between the host reaches current target and moves to next target 0 – 60 seconds Maximum speed5 m/s Number of CBR connection25/50 Packet rate2 pkt / sec

32 32 Reverse Labeling Restriction (con’d) Simulation results The following metrics are chosen: Delivery ratio (evaluate effectiveness of RLR) Number of normal hosts that identify the attacker (evaluate accuracy of RLR) Number of normal hosts that are marked as attacker by mistake (evaluate accuracy of RLR) Normalized overhead (evaluate communication overhead of RLR) Number of packets to be signed (evaluate computation overhead of RLR)

33 33 Reverse Labeling Restriction (con’d) X-axis is host pause time, which evaluates the mobility of host. Y- axis is delivery ratio. 25 connections and 50 connections are considered. RLR brings a 30% increase in delivery ratio. 100% delivery is difficult to achieve due to network partition, route discovery delay and buffer.

34 34 X-axis is number of attackers. Y-axis is delivery ratio. 25 connections and 50 connections are considered. RLR brings a 20% to 30% increase in delivery ratio. Reverse Labeling Restriction (con’d)

35 35 Reverse Labeling Restriction (con’d) 30 hosts, 25 connections30 hosts, 50 connections Host Pause time (sec) # of normal hosts identify the attacker # of normal hosts marked as malicious # of normal hosts identify the attacker # of normal hosts marked as malicious 0240.22292.2 10250291.4 20240251.1 30280291.1 40240290.6 50240.07291.1 60240.07241.0 The accuracy of RLR when there is only one attacker in the system

36 36 Reverse Labeling Restriction (con’d) 30 hosts, 25 connections30 hosts, 50 connections # of attackers# of normal hosts identify all attackers # of normal hosts marked as malicious # of normal hosts identify all attackers # of normal hosts marked as malicious 1280291.1 2280.65282.6 3251271.4 4210.62252.2 5150.67194.1 The accuracy of RLR when there are multiple attackers

37 37 X-axis is host pause time, which evaluates the mobility of host. Y-axis is normalized overhead (# of control packet / # of delivered data packet). 25 connections and 50 connections are considered. RLR increases the overhead slightly. Reverse Labeling Restriction (con’d)

38 38 Reverse Labeling Restriction (con’d) X-axis is host pause time, which evaluates the mobility of host. Y-axis is the number of signed packets processed by every host. 25 connections and 50 connections are considered. RLR does not severely increase the computation overhead to mobile host.

39 39 Reverse Labeling Restriction (con’d) X-axis is number of attackers. Y-axis is number of signed packets processed by every host. 25 connections and 50 connections are considered. RLR does not severely increase the computation overhead of mobile host.

40 40 Robustness of RLR If the malicious host sends false INVALID packet Because the INVALID packets are signed, it cannot send the packets in other hosts’ name If it sends INVALID in its own name, the reverse labeling procedure will converge on the malicious host and identify the attacker. The normal hosts will put it into their blacklists.

41 41 Robustness of RLR If the malicious host frames other innocent hosts by sending false Blacklist If the malicious host has been identified, the blacklist will be ignored If the malicious host has not been identified, this operation can only lower the threshold by one. If the threshold is selected properly, it will not impact the identification results.

42 42 Robustness of RLR If the malicious host only sends false destination sequence about some special host The special host will detect the attack and send INVALID packets. Other hosts can establish new routes to the destination by receiving the INVALID packets.

43 43 The malicious nodes in on-demand protocols can cause real time attacks The malicious nodes in proactive protocols can send multiple false routes in the same round False destination sequence attacks cause a more severe impact on network performance than false distance vector attacks The destination node in proactive protocols has a higher probability to detect attacks because the false routes are broadcast throughout the network Using RLR, the good nodes in AODV can efficiently locate the attackers Observations & Conclusions

44 44 Study the relationship between the average detection delay and the mobility of the nodes Study more types of attacks (include gang attacks) and ascertain their relations to the vulnerabilities of the protocols Study the joint responses to detect attacks and identify intruders The results will lead to a secure routing protocol for mobile ad hoc networks A complete system to implement intruder identification Future work

Download ppt "On Security Study of Two Distance Vector Routing Protocols for Ad Hoc Networks Weichao Wang, Yi Lu, Bharat Bhargava CERIAS and Department of Computer Sciences."

Similar presentations

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.

DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.
Ranveer Chandra , Kenneth P. Birman Department of Computer Science

Ranveer Chandra , Kenneth P. Birman Department of Computer Science
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.

An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.

Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.
Study of Distance Vector Routing Protocols for Mobile Ad Hoc Networks Yi Lu, Weichao Wang, Bharat Bhargava CERIAS and Department of Computer Sciences Purdue.

Study of Distance Vector Routing Protocols for Mobile Ad Hoc Networks Yi Lu, Weichao Wang, Bharat Bhargava CERIAS and Department of Computer Sciences Purdue.
Intruder Identification in Ad Hoc Networks. Problem Statement Intruder identification in ad hoc networks is the procedure of identifying the user or host.

Intruder Identification in Ad Hoc Networks. Problem Statement Intruder identification in ad hoc networks is the procedure of identifying the user or host.
Anonymous Gossip: Improving Multicast Reliability in Mobile Ad-Hoc Networks Ranveer Chandra (joint work with Venugopalan Ramasubramanian and Ken Birman)

Anonymous Gossip: Improving Multicast Reliability in Mobile Ad-Hoc Networks Ranveer Chandra (joint work with Venugopalan Ramasubramanian and Ken Birman)

Similar presentations

Ads by Google