Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Similar presentations


Presentation on theme: "Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi."— Presentation transcript:

1 Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi

2 Outline  Introduction to Ad Hoc Networks  Overview of Ad hoc On-demand Distance Vector (AODV) Routing Protocol  Attacks to AODV Ad Hoc Networks  Securing AODV Routing Protocol  Flaws of SAODV  Future Works

3 Ad Hoc Networks  “Infrastructureless” Networks without fixed infrastructure such as base stations or access points  Multi-hop routing when nodes are not in each other’s radio range  Nodes are mobile  Underlying communication medium is wireless  Each node acts as a router  Useful in: personal area networking, meeting rooms, disaster relief, battlefield operations, etc.

4 Motivation  Applications such as military exercises, disaster relief, and mine site operation need more secure and reliable communication  Prior routing protocols generally assume a trusted environment with non-adversarial settings  Securing routing protocols for ad hoc networks are needed

5 AODV Routing Protocol (Ad Hoc On-Demand Distance Vector)  Establish or maintain routes only when nodes need to communicate  Each node maintains a monotonically increasing sequence number to ensure loop free routing  Only one mutable field “Hop Count” in routing messages which implies the distance from the originator. Hop Count is increased by one at each hop.  Four types of routing messages: RREQ: Route Request RREP: Route Reply RERR: Route Error RREP-ACK: Route Reply Acknowledgement

6 Routing Discovery in ADOV RREQ RREP BroadCast S D

7 Attacks on Mobile Networks  Eavesdropping  Confidentiality  Disclosure  Confidentiality  Masquerading  Authenticity  Modification  Integrity Man-In-Middle Attack  Drop / Replay / Delay  Integrity  Flooding  Availability Denial of Service Attack

8 Actual Attacks on AODV (one malicious node)  Forge a RREQ with its address as the originator address.  Forge a RREP with its address as the destination address  Does not increase the hop count, even reduce it when forwarding a RREQ  Increase destination sequence number “fresher” enough in order to update the intermediate nodes’ route table  Does not forward certain RREQ, RREP and certain data messages S D M RREQ S D M RREP

9 Actual Attacks on AODV (more malicious nodes)  Tunneling Attacks Two malicious nodes simulate that they have a link between them By tunneling messages between them Achieve having certain traffic through them Do any type of attacks one malicious node can do Hard to detect and prevent so far, even in SAODV mentioned below

10 SAODV Routing Protocol (WiSe’02 by SigMobile)  Focus on Protecting only Routing messages Mainly Concerning Authentication & Integrity Situation of One malicious node More routing protocol than key management  Two Main Ideas Hash chains to secure the Hop Count information, the only mutable information in the messages  Integrity Digital signatures to authenticate the non-mutable fields of the messages  Authenticity

11 SAODV Hash Chains  Attackers often decrease Hop Count of a RREQ to increase the life of this message, thus gain more time to analyze the communication  Hash chains are used to protect this Hop Count field  A hash chain is formed by applying a one-way hash function ( h) repeatedly to a seed.  When a node originates a RREQ or a RREP message, it performs the following operations:

12 SAODV Hash Chains Algorithm 1. Generates a random number ( seed ) 2. Sets field Max_Hop_Count = TTL 3. Sets field Hash = seed 4. Sets field Hash_Function = h, - h is the hash function which is going be used 5. Calculates field Top_Hash by hashing seed Max_Hop_Count times. Top_Hash = h Max_Hop_Count (seed) - h i (x) is the result of applying the function h to x i times. 6. When a node receives a RREQ or a RREP message, it will verify if Top_Hash == h Max_Hop_Count – Hop_Count (Hash) - Hop_Count is the number of hops this message has passed. 7. Before rebroadcasting a RREQ of forwarding a RREP, a node do Hash = h(Hash)

13 SAODV Digital Signatures  Digital Signatures are used to protect the integrity of the non-mutable data in RREQ and RREP messages  Sign every field of the message except the Hop Count and hash chain fields  Extend original AODV routing protocol’s headers  Secure AODV protocol has six types of messages RREQ (Single) Signature Message RREQ Double Signature Message RREP (Single) Signature Message RREP Double Signature Message RERR Signature Message RREP-ACK Signature Message

14 SAODV Digital Signatures  An originator sends a RREQ double signature message including the RREP flags every time  An intermediate node, if it hasn’t the destination’s route entry, rebroadcasts RREQ with double signatures, one of which is needed for RREP  An intermediate node, if it has the destination’s route entry, sends a RREP with double signatures, one of which is get from the RREP flags it reserved  A destination node sends a RREP single signature message when replying a RREQ S D A B RREQ Double Signature Message RREP Double Signature Message RREP Single Signature Message

15 Key Management of Securing Ad Hoc Routing protocol  Symmetric VS Asymmetric Cryptography Symmetric: everybody that wants to participate in this network has to know the secret key. Maybe not suitable Asymmetric: everybody can participate freely. The originator of the route messages signs the messages when using an asymmetric cryptosystem. Maybe feasible.  SAODV assumes that each ad hoc node has a signature key pair from a suitable asymmetric cryptosystem.

16 Flaws of SAODV  Does not consider how to protect data messages  Can not solve attacks performed by more coordinated malicious nodes  More emphasis on secure routing protocol and has not its own key management mechanism

17 Future Work On This Topic  To realize security in Ad Hoc Networks Intrusion Prevention  Design a secure routing protocol  Design a efficient and effective key management mechanism Intrusion Detection  Study more attacks to AODV and SAODV routing protocol

18 Q & A


Download ppt "Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi."

Similar presentations


Ads by Google