Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi."— Presentation transcript:

1 Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi

2 Outline  Introduction to Ad Hoc Networks  Overview of Ad hoc On-demand Distance Vector (AODV) Routing Protocol  Attacks to AODV Ad Hoc Networks  Securing AODV Routing Protocol  Flaws of SAODV  Future Works

3 Ad Hoc Networks  “Infrastructureless” Networks without fixed infrastructure such as base stations or access points  Multi-hop routing when nodes are not in each other’s radio range  Nodes are mobile  Underlying communication medium is wireless  Each node acts as a router  Useful in: personal area networking, meeting rooms, disaster relief, battlefield operations, etc.

4 Motivation  Applications such as military exercises, disaster relief, and mine site operation need more secure and reliable communication  Prior routing protocols generally assume a trusted environment with non-adversarial settings  Securing routing protocols for ad hoc networks are needed

5 AODV Routing Protocol (Ad Hoc On-Demand Distance Vector)  Establish or maintain routes only when nodes need to communicate  Each node maintains a monotonically increasing sequence number to ensure loop free routing  Only one mutable field “Hop Count” in routing messages which implies the distance from the originator. Hop Count is increased by one at each hop.  Four types of routing messages: RREQ: Route Request RREP: Route Reply RERR: Route Error RREP-ACK: Route Reply Acknowledgement

6 Routing Discovery in ADOV RREQ RREP BroadCast S D

7 Attacks on Mobile Networks  Eavesdropping  Confidentiality  Disclosure  Confidentiality  Masquerading  Authenticity  Modification  Integrity Man-In-Middle Attack  Drop / Replay / Delay  Integrity  Flooding  Availability Denial of Service Attack

8 Actual Attacks on AODV (one malicious node)  Forge a RREQ with its address as the originator address.  Forge a RREP with its address as the destination address  Does not increase the hop count, even reduce it when forwarding a RREQ  Increase destination sequence number “fresher” enough in order to update the intermediate nodes’ route table  Does not forward certain RREQ, RREP and certain data messages S D M RREQ S D M RREP

9 Actual Attacks on AODV (more malicious nodes)  Tunneling Attacks Two malicious nodes simulate that they have a link between them By tunneling messages between them Achieve having certain traffic through them Do any type of attacks one malicious node can do Hard to detect and prevent so far, even in SAODV mentioned below

10 SAODV Routing Protocol (WiSe’02 by SigMobile)  Focus on Protecting only Routing messages Mainly Concerning Authentication & Integrity Situation of One malicious node More routing protocol than key management  Two Main Ideas Hash chains to secure the Hop Count information, the only mutable information in the messages  Integrity Digital signatures to authenticate the non-mutable fields of the messages  Authenticity

11 SAODV Hash Chains  Attackers often decrease Hop Count of a RREQ to increase the life of this message, thus gain more time to analyze the communication  Hash chains are used to protect this Hop Count field  A hash chain is formed by applying a one-way hash function ( h) repeatedly to a seed.  When a node originates a RREQ or a RREP message, it performs the following operations:

12 SAODV Hash Chains Algorithm 1. Generates a random number ( seed ) 2. Sets field Max_Hop_Count = TTL 3. Sets field Hash = seed 4. Sets field Hash_Function = h, - h is the hash function which is going be used 5. Calculates field Top_Hash by hashing seed Max_Hop_Count times. Top_Hash = h Max_Hop_Count (seed) - h i (x) is the result of applying the function h to x i times. 6. When a node receives a RREQ or a RREP message, it will verify if Top_Hash == h Max_Hop_Count – Hop_Count (Hash) - Hop_Count is the number of hops this message has passed. 7. Before rebroadcasting a RREQ of forwarding a RREP, a node do Hash = h(Hash)

13 SAODV Digital Signatures  Digital Signatures are used to protect the integrity of the non-mutable data in RREQ and RREP messages  Sign every field of the message except the Hop Count and hash chain fields  Extend original AODV routing protocol’s headers  Secure AODV protocol has six types of messages RREQ (Single) Signature Message RREQ Double Signature Message RREP (Single) Signature Message RREP Double Signature Message RERR Signature Message RREP-ACK Signature Message

14 SAODV Digital Signatures  An originator sends a RREQ double signature message including the RREP flags every time  An intermediate node, if it hasn’t the destination’s route entry, rebroadcasts RREQ with double signatures, one of which is needed for RREP  An intermediate node, if it has the destination’s route entry, sends a RREP with double signatures, one of which is get from the RREP flags it reserved  A destination node sends a RREP single signature message when replying a RREQ S D A B RREQ Double Signature Message RREP Double Signature Message RREP Single Signature Message

15 Key Management of Securing Ad Hoc Routing protocol  Symmetric VS Asymmetric Cryptography Symmetric: everybody that wants to participate in this network has to know the secret key. Maybe not suitable Asymmetric: everybody can participate freely. The originator of the route messages signs the messages when using an asymmetric cryptosystem. Maybe feasible.  SAODV assumes that each ad hoc node has a signature key pair from a suitable asymmetric cryptosystem.

16 Flaws of SAODV  Does not consider how to protect data messages  Can not solve attacks performed by more coordinated malicious nodes  More emphasis on secure routing protocol and has not its own key management mechanism

17 Future Work On This Topic  To realize security in Ad Hoc Networks Intrusion Prevention  Design a secure routing protocol  Design a efficient and effective key management mechanism Intrusion Detection  Study more attacks to AODV and SAODV routing protocol

18 Q & A

Download ppt "Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi."

Similar presentations

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
1 A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks By Lei Chen.

1 A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks By Lei Chen.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Security Improvement for Ad Hoc Wireless Network Visal Kith ECE 695 05/05/2006.

Security Improvement for Ad Hoc Wireless Network Visal Kith ECE /05/2006.
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.

Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
1 Survey Presentation Course: 60-564 Fall 2004 Ataul Bari Instructor: Dr. A. K. Aggarwal.

1 Survey Presentation Course: Fall 2004 Ataul Bari Instructor: Dr. A. K. Aggarwal.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
Secure Routing in Ad Hoc Wireless Networks 11.03.2005.

Secure Routing in Ad Hoc Wireless Networks
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

Similar presentations

Ads by Google