Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure and Anonymous Mobile Ad-hoc Routing Jiejun Kong, Mario Gerla Department of Computer Science University of California, Los Angeles August 4, 2005.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure and Anonymous Mobile Ad-hoc Routing Jiejun Kong, Mario Gerla Department of Computer Science University of California, Los Angeles August 4, 2005."— Presentation transcript:

1 Secure and Anonymous Mobile Ad-hoc Routing Jiejun Kong, Mario Gerla Department of Computer Science University of California, Los Angeles August 4, 2005 @ ONR Meeting

2 2 Battle between Two MANETs 5.5.5.6 5.5.5.78 5.5.5.16 5.5.5.11 5.5.5.234 5.5.5.82 5.5.5.147 5.5.5.153 5.5.5.69 5.5.5.9 5.5.5.211 5.5.5.18 5.5.5.3 10.10.10.3 10.10.10.4 Correlate nodes’ identities and their locations Visualize ad hoc routes Visualize mobile nodes’ motion patterns Disrupt ad hoc communications

3 3 Outline Adversary –Mobile traffic sensor Stop passive attacks –Privacy-preserving (anonymous) routing Anonymous On Demand Routing (ANODR) Stop active attacks –Secure routing Community-based Security (CBS)

4 4 The Adversary: Mobile Traffic Sensor Mobile traffic analyst –Unmanned aerial vehicle (UAV) –Coordinated positioning (tri-lateration / tri-angulation) can reduce venue uncertainty If moving faster than the transmitter, can always trace the victim venue

5 5 WASP Micro-Aerial Vehicle (MAV) Wingspan: 13 inches Combined wing structure (Lithium-Ion battery pack): 4.25 ounces (120 gm) Total weight of the vehicle: 6 ounces (170 gm) Power: 9 Watts during the flight. Flying time: 1 hour and 47 min

6 6 Outline Adversary –Mobile traffic sensor Stop passive attacks –Privacy-preserving (anonymous) routing Anonymous On Demand Routing (ANODR) Stop active attacks –Secure routing Community-based Security (CBS)

7 7 Proactive Routing vs. On-demand Routing Hiding network topology from adversary –Critical demand in mobile networks. If revealed, adversary knows who is where (via adversarial localization) Proactive routing schemes vulnerable –In OLSR, each update pkt carries full topology info –Network topology revealed to single adversarial sender On-Demand routing more robust to motion detection –AODV, DSR etc

8 8 Recent Anonymous On-demand Routing ANODR [MobiHoc ’ 03] : initiates anonymous on- demand routing MASK [Zhang et al.INFOCOM ’ 05], SDAR [Boukerche et al.,LCN ’ 04] –Like ANODR, route discovery is on-demand –Differs in Key agreement and data delivery ASR [Zhu et al., LCN ’ 04] –Nearly identical to ANODR, except some minor revisions

9 9 ANODR Revisited: The 1 st On-demand Anonymous Scheme ANonymous On Demand Routing On-demand, Identity-free routing –Identity-free routing: node identity not used & revealed (identity anonymity) –protects location & motion pattern privacy MASK and SDAR are not identity-free ASR (an ANODR variant) is also identity-free

10 10 Identity-free Routing  ANODR : destination E receives  RREQ, global_trap, onion  where Route-REQuest Route-REPly A E K A (hello) K B ( K A (hello)) K C ( K B ( K A (hello))) onion = K D ( K C ( K B ( K A (hello))))   RREP, global_proof, onion  B C D #E #D#D #C#C #B#B K C ( K B ( K A (hello))) K B ( K A (hello)) K A (hello)   RREP, global_proof, onion, # X  # X is a random packet stamp selected by X and shared on the hop K X (m) K X (m) denotes using symmetric key K (only known by X) to encrypt a message m

11 11 ANODR’s Identity-free Packet Flow 4342747 5422819 5452343 1745634 9746411 6175747 8543358

12 12 Evaluation: Delivery Ratio (vs. mobility) Delivery ratio degradation is small for efficient schemes like ANODR- KPS, but large for SDAR, ASR and unoptimized ANODR

13 13 Outline Adversary –Mobile traffic sensor Stop passive attacks –Privacy-preserving (anonymous) routing Anonymous On Demand Routing (ANODR) Stop active attacks –Secure routing Community-based Security (CBS)

14 14 Community Based Security (CBS) Stops active disruption attacks End-to-end communication between ad hoc terminals Community -to- Community forwarding (not node -to- node)

15 15 Community: 2-hop scenario Area defined by intersection of 2 collision domains Node redundancy is common in MANET –Not unusually high, need 1 “ good ” node inside the community area Community leadership is determined by contribution –Leader steps down (being taken over) if not doing its job (doesn ’ t forward within a timeout T forw ) Community

16 16 Community: multi-hop scenario The concept of “ self-healing community ” is applicable to multi-hop routing Communities source dest

17 17 Re-config: 2-hop scenario (PROBE, upstream, … ) (PROBE_REP, hop_count, … ) Old community becomes stale due to random node mobility etc. S D oldF newF Newly re-configured community Node D's roaming trace X no ACK PROBE PROBE_REP

18 18 Re-config: multi-hop scenario Optimization –Probing message can be piggybacked in data packets –Probing interval T probe adapted on network dynamics Simple heuristics: Slow Increase Fast Decrease source dest PROBEPROBE_REP X no ACK

19 19 Community Based Security In summary, in mobile networks haunted by non-cooperative behavior, community- based security has exponential gain P community P regular N N  

20 20 QualNet  simulation verification Perfermance metrics –Data delivery fraction, end-to-end latency, control overhead –# of RREQ x -axis parameters –Non-cooperative ratio  –Mobility (Random Way Point Model, speed min=max) Protocol comparison –AODV: standard AODV –RAP-AODV: Rushing Attack Prevention (WiSe ’ 03) –CBS-AODV: Community Based Security

21 21 Performance Gap CBS-AODV ’ s performance only drops slightly with more non-cooperative behavior Tremendous Exp Gain justifies the big gap between CBS- AODV and others %

22 22 Mobility’s impact

23 23 Less RREQ In CBS-AODV, # of RREQ triggered by an attack is less sensitive to non-cooperative ratio  Enforcing RREQ rate limit is more practical in CBS-AODV %

24 24 Multicast Security (MSEC) Testbed Resisting passive eavesdroppers IETF MSEC charter –Standard group key management using GCKS (Group Control / Key Server) –Centralized solution in the infrastructure Our testbed –Distributed GCKS backbone –Service provided by the nearest GCKS node –Automated load balancing and resistance to denial-of-service attacks

25 25 Summary Ad hoc networks can be monitored, disrupted and destroyed –More privacy-preserving (anonymous) routing to defend against passive enemy –More secure routing to defend against active enemy –Given comparable network resources, the most anonymous and most secure MANET wins ANODR has the best anonymity-performance guarantee –Better than other anonymous on-demand schemes CBS has exponential performance gain –Better than other secure routing paradigms

Download ppt "Secure and Anonymous Mobile Ad-hoc Routing Jiejun Kong, Mario Gerla Department of Computer Science University of California, Los Angeles August 4, 2005."

Similar presentations

Multicasting in Mobile Ad Hoc Networks Ravindra Vaishampayan Department of Computer Science University of California Santa Cruz, CA 95064, U.S.A. Advisor:

Multicasting in Mobile Ad Hoc Networks Ravindra Vaishampayan Department of Computer Science University of California Santa Cruz, CA 95064, U.S.A. Advisor:
Proposed ad hoc Routing Approaches Conventional wired-type schemes (global routing, proactive): –Distance Vector; Link State Proactive ad hoc routing:

Proposed ad hoc Routing Approaches Conventional wired-type schemes (global routing, proactive): –Distance Vector; Link State Proactive ad hoc routing:
URSA: Providing Ubiquitous and Robust Security Support for MANET

URSA: Providing Ubiquitous and Robust Security Support for MANET
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.

NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.
Motion-MIX Mobile Traffic Sensor Network vs. Motion-MIX : Tracing & Protecting Mobile Wireless Nodes # Jiejun Kong, # # Jiejun Kong, * Dapeng Wu, + Xiaoyan.

Motion-MIX Mobile Traffic Sensor Network vs. Motion-MIX : Tracing & Protecting Mobile Wireless Nodes # Jiejun Kong, # # Jiejun Kong, * Dapeng Wu, + Xiaoyan.
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
A Secure Ad-hoc Routing Approach using Localized Self-healing Communities Jiejun Kong Mario Gerla Jiejun Kong, * Xiaoyan Hong, Yunjung Yi, Joon-Sang Park,

A Secure Ad-hoc Routing Approach using Localized Self-healing Communities Jiejun Kong Mario Gerla Jiejun Kong, * Xiaoyan Hong, Yunjung Yi, Joon-Sang Park,
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Multicast-Enabled Landmark (M-LANMAR) : Implementation and scalability YunJung Yi, Mario Gerla, JS Park, Yeng Lee, SW Lee Computer Science Dept University.

Multicast-Enabled Landmark (M-LANMAR) : Implementation and scalability YunJung Yi, Mario Gerla, JS Park, Yeng Lee, SW Lee Computer Science Dept University.
Exploiting the Unicast Functionality of the On- Demand Multicast Routing Protocol Sung-Ju Lee, William Su, and Mario Gerla

Exploiting the Unicast Functionality of the On- Demand Multicast Routing Protocol Sung-Ju Lee, William Su, and Mario Gerla
GeoLANMAR Routing: Asymptotic Analysis in Large and Dense Networks Broadnets 2005 Boston, Oct 5, 2005 Mario Gerla, Biao Zhou (UCLA) F. de Rango, S. Marano.

GeoLANMAR Routing: Asymptotic Analysis in Large and Dense Networks Broadnets 2005 Boston, Oct 5, 2005 Mario Gerla, Biao Zhou (UCLA) F. de Rango, S. Marano.
E-ODMRP: Enhanced ODMRP with Motion Adaptive Refresh Soon Y. Oh, Joon-Sang Park, Mario Gerla Computer Science Dept. UCLA.

E-ODMRP: Enhanced ODMRP with Motion Adaptive Refresh Soon Y. Oh, Joon-Sang Park, Mario Gerla Computer Science Dept. UCLA.
ANODR : AN onymous O n- D emand R outing with Untraceable Routes for Mobile Ad Hoc Networks MobiHOC 2003 June 3, 2003 Jiejun Kong, Xiaoyan Hong Wireless-Adaptive-Mobility.

ANODR : AN onymous O n- D emand R outing with Untraceable Routes for Mobile Ad Hoc Networks MobiHOC 2003 June 3, 2003 Jiejun Kong, Xiaoyan Hong Wireless-Adaptive-Mobility.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Secure Routing in Ad Hoc Wireless Networks 11.03.2005.

Secure Routing in Ad Hoc Wireless Networks
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.
Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec. 2006.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec

Similar presentations

Ads by Google