Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis."— Presentation transcript:

1 Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey 1

2 Topics The Authors The Protocols The Simulations The Authors The Protocols The Simulations 2

3 The Authors Panagiotis Papadimitratos PhD from Cornell University, 2005 Currently Research Associate at Virginia Polytechnic Institute Author of 10 IEEE papers since 2002 1 - ‘02; 1 - ‘03; 6 - ‘05; 2 - ’06 5 are on secure routing and transmission in ad hoc networks PhD from Cornell University, 2005 Currently Research Associate at Virginia Polytechnic Institute Author of 10 IEEE papers since 2002 1 - ‘02; 1 - ‘03; 6 - ‘05; 2 - ’06 5 are on secure routing and transmission in ad hoc networks 3

4 The Authors Zygmunt J Haas 120 IEEE papers Since ’05 - 14 papers total 9 on ad hoc networking 1st listed author on 3 120 IEEE papers Since ’05 - 14 papers total 9 on ad hoc networking 1st listed author on 3 4

5 The Authors Zygmunt J Haas Editor of IEEE Transactions on Networking IEEE Transactions on Wireless Communications IEEE Communications Magazine Chair of IEEE Technical Committee on Personal Communications Editor of IEEE Transactions on Networking IEEE Transactions on Wireless Communications IEEE Communications Magazine Chair of IEEE Technical Committee on Personal Communications 5

6 Goal “Secure data transmission” Provide an end-to-end protocol that: works with TCP provides data integrity provides message authentication provides replay protection detects and compensates for path disruption “Secure data transmission” Provide an end-to-end protocol that: works with TCP provides data integrity provides message authentication provides replay protection detects and compensates for path disruption 6

7 Assumptions All network nodes have: unique identity public/private key pair module implementing network protocols module providing communication across wireless network interface All network nodes have: unique identity public/private key pair module implementing network protocols module providing communication across wireless network interface 7

8 Assumptions Any two nodes can establish an end-to-end Security Association, instantiated by a symmetric shared key, at the time of initial route discovery Any intermediate node that does not behave correctly is an adversary Multiple paths are node-disjoint Route discovery is secure Any two nodes can establish an end-to-end Security Association, instantiated by a symmetric shared key, at the time of initial route discovery Any intermediate node that does not behave correctly is an adversary Multiple paths are node-disjoint Route discovery is secure 8

9 Secure Message Transmission (SMT) Protocol A node, S, establishes a secure association with another node, T S has a set of discovered, active, node disjoint paths through which it can communicate with T S uses message dispersion and encryption to add redundancy to a message it wishes to send to T A node, S, establishes a secure association with another node, T S has a set of discovered, active, node disjoint paths through which it can communicate with T S uses message dispersion and encryption to add redundancy to a message it wishes to send to T 9

10 SMT - Continued S then “breaks” the message into N pieces, M of which need to reach T intact in order for T to recover the message Each piece of the message has a message authentication code and a sequence number, so that T can verify the validity of the message pieces and reject replays S then “breaks” the message into N pieces, M of which need to reach T intact in order for T to recover the message Each piece of the message has a message authentication code and a sequence number, so that T can verify the validity of the message pieces and reject replays 10

11 SMT - Continued T sends to S a feedback message (like an ACK) for each successfully received piece S validates the feedback messages or receives a timeout when no feedback messages are received Each time a message piece is received or not received, the route rating for its route is updated (increased or decreased) Route ratings indicate how preferable a route is, if it is failed or active, and its probabilistically calculated survival time. T sends to S a feedback message (like an ACK) for each successfully received piece S validates the feedback messages or receives a timeout when no feedback messages are received Each time a message piece is received or not received, the route rating for its route is updated (increased or decreased) Route ratings indicate how preferable a route is, if it is failed or active, and its probabilistically calculated survival time. 11

12 Secure Single Path (SSP) Protocol Just like SMT, except - Does not perform data dispersion Uses only one path per message Lower transmission overhead than SMT Higher potential delay time than SMT Just like SMT, except - Does not perform data dispersion Uses only one path per message Lower transmission overhead than SMT Higher potential delay time than SMT 12

13 How it Works: Path Discovery Paths discovery can be implicit or explicit Explicit allows SMT additional versatility and robustness, because it can compose routes from the discovered routes and can correlate loss/delivery with specific links Assumed to be secure Secure Routing Protocol, as proposed by the authors, or paper references [2], [3], [4], [5], [6], and [39] all provide proposals for secure route determination protocols or for securing existing route determination protocols Paths discovery can be implicit or explicit Explicit allows SMT additional versatility and robustness, because it can compose routes from the discovered routes and can correlate loss/delivery with specific links Assumed to be secure Secure Routing Protocol, as proposed by the authors, or paper references [2], [3], [4], [5], [6], and [39] all provide proposals for secure route determination protocols or for securing existing route determination protocols 13

14 How it Works: Path Rating : transmission number : rating of path, s : minimum possible rating : maximum possible rating 14

15 How it Works: Choosing α and β Minimise Regret and Bandwidth Loss (BWL) 15

16 How it Works: Path Survival S: number of Samples t: current path age d: maximum transmission time τ: lifetime of route 16

17 How it Works: Configuration Algorithm Inputs: path set path ratings path survival probabilities optimization objective (successful transmission, minimal transmission overhead) objective specific parameter (desired probability of successful transmission or maximum redundancy) Inputs: path set path ratings path survival probabilities optimization objective (successful transmission, minimal transmission overhead) objective specific parameter (desired probability of successful transmission or maximum redundancy) 17

18 How it Works: Configuration Algorithm II All paths ranked path rating, highest to lowest survival probability, highest to lowest number of hops, lowest to highest For all paths and redundancy options, the probability of successful transmission is calculated Result is an M by N matrix Search matrix to determine (M,N) values that satisfy the input objective All paths ranked path rating, highest to lowest survival probability, highest to lowest number of hops, lowest to highest For all paths and redundancy options, the probability of successful transmission is calculated Result is an M by N matrix Search matrix to determine (M,N) values that satisfy the input objective 18

19 How it Works: Meeting Input Objectives Find the minimum number of paths to achieve a certain success probability Find the minimum redundancy to achieve a certain success probability Find the best values of M and N to achieve the highest probability of success given a certain redundancy 19

20 Simulation Details OPNET - commercially available network simulation software. Free for university courses or R&D network area of 1000m2 3 message sources, 4 - 512B messages each 900s per simulation; 30 randomly seeded runs OPNET - commercially available network simulation software. Free for university courses or R&D network area of 1000m2 3 message sources, 4 - 512B messages each 900s per simulation; 30 randomly seeded runs 20

21 Simulation Details 50 identical nodes 300m communications range 5.5 Mb/sec data rate 655kB MAC buffer Random Waypoint Mobility, 1m/s - 20m/s 50 identical nodes 300m communications range 5.5 Mb/sec data rate 655kB MAC buffer Random Waypoint Mobility, 1m/s - 20m/s 21

22 Protocol Parameters : specified probability of success : minimum path rating : maximum path rating : rating decrease if loss : rating increase if success : initial path rating Adversaries drop packets in both directions No significant difference if drop packets or corrupt 22

23 Simulated Protocols SMT-LS SMT with Link State Idealised routing discovery scheme no delay no control overhead SMT-LS SMT with Link State Idealised routing discovery scheme no delay no control overhead 23

24 Simulated Protocols SMT-RRD SMT with Reactive Route Discovery SMT integrated with Secure Routing Protocol SSP SSP integrated with Secure Routing Protocol SMT-RRD SMT with Reactive Route Discovery SMT integrated with Secure Routing Protocol SSP SSP integrated with Secure Routing Protocol 24

25 Simulation: Reliability Message Delivery Fraction SMT-LSSMT-RRD SS P Note: Messages with delay > 30s were ignored Up to 0.7% of the messages sent are not accounted for Up to 0.7% of the messages sent are not accounted for Should these messages be counted as lost? 25

26 Simulation: Delay SMT-LSSMT-RRDSSP 26

27 Simulation: Overhead Transmission and Routing SMT-LSSMT-RRDSSP 27

28 Simulation: Mobility Pause Time: How long does the node stay in one place? Larger pause time ⇒ less mobility 28

29 Simulation: Network Load SMT-RRD, CBR TCP 29

30 Simulation: Attack Resistance FA: 50% 30

31 Conclusions Provides end-to-end security Effectively protects against data loss Requires no advance knowledge of node trustworthiness Automatically adapt to environment Mechanism not subject to abuse by adversaries Tactical systems that operate in hostile environments Civilian systems compromised by selfish users and rogue network devices Provides end-to-end security Effectively protects against data loss Requires no advance knowledge of node trustworthiness Automatically adapt to environment Mechanism not subject to abuse by adversaries Tactical systems that operate in hostile environments Civilian systems compromised by selfish users and rogue network devices 31

Download ppt "Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis."

Similar presentations

Ranveer Chandra Ramasubramanian Venugopalan Ken Birman

Ranveer Chandra Ramasubramanian Venugopalan Ken Birman
Dynamic Source Routing (DSR) algorithm is simple and best suited for high mobility nodes in wireless ad hoc networks. Due to high mobility in ad-hoc network,

Dynamic Source Routing (DSR) algorithm is simple and best suited for high mobility nodes in wireless ad hoc networks. Due to high mobility in ad-hoc network,
MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Radio Ranveer Chandra, Cornell University joint work with: Victor Bahl (MSR) and Pradeep.

MultiNet: Connecting to Multiple IEEE Networks Using a Single Radio Ranveer Chandra, Cornell University joint work with: Victor Bahl (MSR) and Pradeep.
IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Wireless Card.

IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE Networks Using a Single Wireless Card.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.

DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
1 Location-Aided Routing (LAR) in Mobile Ad Hoc Networks Young-Bae Ko and Nitin H. Vaidya Yu-Ta Chen 2006 Advanced Wireless Network.

1 Location-Aided Routing (LAR) in Mobile Ad Hoc Networks Young-Bae Ko and Nitin H. Vaidya Yu-Ta Chen 2006 Advanced Wireless Network.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong.

A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong.
6/3/2015 1 Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross-Layer Information Awareness CS495 – Spring 2005 Northwestern University.

6/3/ Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross-Layer Information Awareness CS495 – Spring 2005 Northwestern University.
A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols By Josh Broch, David A. Maltz, David B. Johnson, Yih- Chun Hu, Jorjeta.

A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols By Josh Broch, David A. Maltz, David B. Johnson, Yih- Chun Hu, Jorjeta.
An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.

An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.
MAC Layer (Mis)behaviors Christophe Augier - CSE802.11 Summer 2003.

MAC Layer (Mis)behaviors Christophe Augier - CSE Summer 2003.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Research Trends in MANETs at CIIT, Islamabad Mohammad Mahboob Yasin, PhD COMSATS Institute of Information Technology.

Research Trends in MANETs at CIIT, Islamabad Mohammad Mahboob Yasin, PhD COMSATS Institute of Information Technology.
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Similar presentations

Ads by Google