Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester.

Published byAdam Spencer Modified over 9 years ago

Similar presentations

Presentation on theme: "Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester."— Presentation transcript:

1 Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester

2 02/24/20042Network layer security of Manets Outline Introduction Secure routing Existing routing protocols Routing attacks Secure routing protocols Cooperation enforcement Solutions to enforce cooperation

3 02/24/20043Network layer security of Manets Introduction Example of Mobile Ad hoc networks A B D C E F

4 02/24/20044Network layer security of Manets Introduction Characteristics of Manet: Wireless connection, broadcasting Dynamic topology Unfriendly environment Limited resource

5 02/24/20045Network layer security of Manets Introduction Advantage Ease of deployment Fast to deploy Decreased dependence on infrastructure Application of Manet emergency deployments search and rescue missions military operations commercial applications

6 02/24/20046Network layer security of Manets Introduction Vulnerabilities The basic mechanism The security mechanism Security goals Availability Confidentiality Integrity Authentication Non-repudiation

7 02/24/20047Network layer security of Manets Secure routing Existing routing protocols Security threats for routing Secure routing protocols

8 02/24/20048Network layer security of Manets Existing routing protocols Table driven routing DSDV (destination sequenced distance vector) CGSR (Clusterhead Gateway Switch Routing) WRP (Wireless Routing Protocol) On demand routing DSR (dynamic source routing) AODV (ad-hoc on-demand distance vector) TORA (Temporally Ordered Routing Algorithm)

9 02/24/20049Network layer security of Manets DSR Dynamic source routing Route discovery/Route maintenance Every packet have the entire route

10 02/24/200410Network layer security of Manets DSR S S S-A S-C S-C-E S-A-BS-A-B-D S-C-E-F S-C-E-H D H F E B A S C S-A-B S-C-E-H

11 02/24/200411Network layer security of Manets AODV Ad-hoc on-demand distance vector routing No maintenance of routing table as in DSDV Each node remembers only the next hop for the route, not the whole route

12 02/24/200412Network layer security of Manets AODV D S A E F B C : Reverse path : Forward path

13 02/24/200413Network layer security of Manets Routing attacks Classification: External attack vs. Internal attack Passive attack vs. Active attack

14 02/24/200414Network layer security of Manets Routing attacks Attacks for routing: Modification Fabrication Wormhole attack (tunneling) Denial of service attack Invisible node attack The Sybil attack Rushing attack Non-cooperation

15 02/24/200415Network layer security of Manets Modification Modify the protocol fields of control messages Compromise the integrity of routing computation Cause network traffic to be dropped, redirected to a different destination or take a longer route

16 02/24/200416Network layer security of Manets Fabrication Generating false routing messages, e.g. routing error messages Can cause denial-of-service CMBSD : Connected : Connected through multi-hops : Forward false error message

17 02/24/200417Network layer security of Manets Wormhole attack Colluding attackers uses “ tunnels ” between them to forward packets Place the attacker in a very powerful position The attackers take control of the route by claiming a shorter path

18 02/24/200418Network layer security of Manets Wormhole attack A M B C N D S tunnel Example of wormhole attack ……..….

19 02/24/200419Network layer security of Manets Denial of service attack Adversary floods irrelevant data Consume network bandwidth Consume resource of a particular node

20 02/24/200420Network layer security of Manets Invisible node attack Attack on DSR Malicious does not append its IP address M becomes “invisible” on the path CMBSD

21 02/24/200421Network layer security of Manets The Sybil attack Represents multiple identities Disrupt geographic and multi-path routing M1M1 B M4M4 M5M5 M2M2 M3M3

22 02/24/200422Network layer security of Manets Rushing attack Directed against on-demand routing protocols The attacker hurries route request packet to the next node to increase the probability of being included in a route

23 02/24/200423Network layer security of Manets Non-cooperation Node lack of cooperation, not participate in routing or packet forwarding Node selfishness, save energy for itself

24 02/24/200424Network layer security of Manets Secure routing protocols SRP (Secure Routing Protocol) ARAN (Authenticated Routing for Ad hoc Networks) Ariadne SEAD (Secure Efficient Ad hoc Distance vector routing ) Cope with wormhole attack

25 02/24/200425Network layer security of Manets SRP Assume a shared secret key between the source node and the destination node Verification of the route request/reply packet using MAC (Message Authentication Code) Identities of intermediate nodes accumulated in the route request packet

26 02/24/200426Network layer security of Manets ARAN Requires a trusted certification authority Every node forwards a route request or a route reply must verify it and sign it Asymmetric cryptography is costly in terms of CPU and energy usage

27 02/24/200427Network layer security of Manets ARAN Example of ARAN: D S B C [[RDP,IP D, Cert S, N S, t]K S -, Cert S ] K B -, Cert B [[RDP,IP D, Cert S, N S, t]K S -, Cert S ] K C -, Cert C [REP,IP S, Cert D, N S, t]K D -, Cert D [[REP,IP S, Cert D, N S, t]K D -, Cert D ]K C -, Cert C [[REP,IP S, Cert D, N S, t]K D -, Cert D ]K B -, Cert B [RDP,IP D, Cert S, N S, t]K S -, Cert S : broadcast : unicast

28 02/24/200428Network layer security of Manets Ariadne Each node generates a one-way key chain (K 0,K 1,…K i,…K n ) and publishes the keys in reverse order from generation The sender picks K i which will still be secret at the time the receiver receives the packet When a receiver receives a packet, it first verifies K i is still secret, then it buffers the packet and waits for the sender to publish key K i Need time synchronization

29 02/24/200429Network layer security of Manets SEAD Based on Destination-Sequence Distance Vector Protocol (DSDV) Uses one-way hash chain (h 0,h 1,…h i,…h n ) Use a hash value corresponding to the sequence number and metric in a routing update Attacker can never forge better sequence number or better metric

30 02/24/200430Network layer security of Manets Cope with wormhole attack Geographic leash Ensures that the recipient of the packet is within a certain distance from the sender Temporal leash Ensures that the packet has an upper bound on its lifetime

31 02/24/200431Network layer security of Manets Cooperation enforcement Introduction Solutions Currency based Local monitoring

32 02/24/200432Network layer security of Manets Cooperation enforcement Currency based Nuglets Sprite Local monitoring Watchdog and path rater Confidant CORE Token-based

33 02/24/200433Network layer security of Manets Nuglets Nuglets ---- a virtual currency Packet purse model Sender pay nuglets in advance Intermediate node takes nuglets for forwarding service Packet trade mode Intermediate nodes “buys” the packet from the previous one and “sells” it to the next one

34 02/24/200434Network layer security of Manets Nuglets AdvantageDisadvantage Packet purse model deters nodes from sending useless data and overloading the network difficult to estimate the number of nuglets that are required Packet trade mode source does not have to know in advance the number of nuglets required can not prevent nodes from overloading the network

35 02/24/200435Network layer security of Manets Sprite Uses credit to provide incentive to selfish nodes Nodes keep receipt to get payments from the Credit Clearance Service (CCS) Credit that a node receives depends on whether its forwarding is successful or not

36 02/24/200436Network layer security of Manets Watchdog and path rater A node's watchdog Listens promiscuously to the next node's transmissions If a node does not forward, it is misbehaving The path rater choose the best path from watchdog ratings SABCD : Connected : Connected through multi-hops : Forwarding : Listening

37 02/24/200437Network layer security of Manets Confidant Consists of: Monitor Reputation System Path Manager Trust Manager

38 02/24/200438Network layer security of Manets Confidant Detects malicious nodes by means of observation or reports about several types of attacks Allows nodes to route around misbehaved nodes to isolate misbehaved nodes from the network

39 02/24/200439Network layer security of Manets CORE Basic components: Reputation table stored in each node the reputation value of each node Watchdog mechanism detect misbehavior nodes

40 02/24/200440Network layer security of Manets Token-based Each node has to have a token Local neighbors monitor The token is renewed via multiple neighbors The period of validity of a node’s token is dependent on how long it has stayed and how well it has behaved

41 02/24/200441Network layer security of Manets Token-based Composed of: Neighbor verification Neighbor monitoring Intrusion reaction Security enhanced routing protocol

42 02/24/200442Network layer security of Manets Summary Introduction Secure routing Existing routing protocols Security attacks Defenses Node cooperation Currency based Local monitoring

43 Thank you!

Download ppt "Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
1 A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks By Lei Chen.

1 A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks By Lei Chen.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Security Improvement for Ad Hoc Wireless Network Visal Kith ECE 695 05/05/2006.

Security Improvement for Ad Hoc Wireless Network Visal Kith ECE /05/2006.
NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.

NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Jorge Hortelano, Juan Carlos Ruiz, Pietro Manzoni

Jorge Hortelano, Juan Carlos Ruiz, Pietro Manzoni
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
Yih-Chun Hu Carnegie Mellon University

Yih-Chun Hu Carnegie Mellon University
Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.

Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Similar presentations

Ads by Google