Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Published byErin Hoover Modified over 8 years ago

Similar presentations

Presentation on theme: "Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and."— Presentation transcript:

1 Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and a destination ► Affects most protocols  DSR Route discovery  aodv  Ariadne  SAODV  ARAN  Protocols designed to be secure

2 How the attack works ► The attacker manipulates request forwarding if a request for an initiator and target include a hop through the attacker so that further legitimate request will not reach the destination ► Denial of service against inefficient authentication mechanisms by bombarding them with challenges or flood the network interface transmission queues of nearby nodes

3 Defenses ► Secure neighbor detection  Design a protocol that may be used by the nodes to ensure that its responder is within maximum communication range ► Use of a hash chain as a form of simple authentication between neighbors ► Utilize secure route discovery via loosely synchronized time on each node and implementing a protocol in which communication is only transmitted and “listened” to at uniquely calculated intervals

4 LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks ► Localized Encryption and Authentication Protocol ► Different types of messages between sensor nodes have different security requirements  Four types of keys: ► Individual key (shares with the base) ► Pairwise key (shares w/ another sensor node) ► Cluster key (shares w/ multiple neighboring nodes) ► Group key (shares w/ all nodes) ► Designed to limit the power of a compromised node, then efficiently block it

5 Assumptions ► Sensor network is static (no mobility) ► Base station is the controller, but is has little interaction ► Sensor nodes similar to current generation technology ► Immediate neighbors not known in advance ► Wireless insecurities ► Compromised node’s information is all compromised ► Base station will not be compromised ► When a node joins, all keys are deleted by the time it could be compromised ► Many nodes may be in unattended environments ► Only the base station uses µTESLA

6 Features ► Passive participation – node does not report an event if it overhears a neighbor node reporting that event (type of in-network processing) ► One-way key chains for efficient inter-node traffic authentication ► Lightweight authentication schemes ► Vulnerable to combination sinkhole and wormhole attacks

7 Authentication Framework for Hierarchical Ad Hoc Sensor Networks ► 3 tiers  Simple devices in need of authentication  Forwarding nodes with additional processing power  Access points connected to the internet

8 Assumptions ► Varying levels of computation power within the sensor network ► Sensors do not communicate with one another ► Forwarding nodes act as radio relays for the sensors to the access points

9 Authentication mechanism ► CA issues a TESLA certificate for forwarding node (B), signed with TESLA key, a MAC is included in the certificate ► The simple device (D) asks for access to the network ► B authenticates itself to D by sending the certificate and a MAC created using D’s key ► D checks B’s certificate, making sure that the CA did not yet broadcast this certificate to everyone ► The CA delivers the certificate to all forwarding nodes, if the certificate matches that of B, the device is authenticated

10 BISS: Building Secure Routing out of an Incomplete Set of Security Associations ► Indirect route authentication vs. Direct  Set of security associations are incomplete  Initiator trusts the target to have security associations for a secure route ► Increases number of security associations ► Performs well in dense networks  200/km2 – needs 80% security associations  400/km2 – needs 30% security associations ► Time and mobility?

11 Security with BISS ► Assumes that strong encryption will protect contents of packets ► Listed possible attacks:  Attacks against privacy  Traffic analysis ► Said to effectively prevent most active attacks (as long as a node has not been compromised)

12 Security Associations Setup ► Requires an off-line authority  Assigns each node a unique identity and certificate  Slow ► Density of 350/km 2  All security associations - 3 hours  40% of security associations – 15 minutes

13 Byzantine Detection and Routing Byzantine node: a node that consistently drops packets, either maliciously or due to unreliability

14 Message Transfer ► Device sends a message with source and destination header. ► Each device, when receiving such a message, will see if the message matches a message recently heard, if it does not it will pass the message along and add it to the recent message list. ► When the destination receives a message, it sends an acknowledgement packet.

15 Message Transfer

16 Byzantine Detection ► The network will tolerate a certain threshold of loss, once reached, the network will locate the adversarial node ► The algorithm work similar to a binary search, the new destination changes to the node halfway to the true destination. If the new connection is reliable, we reposition closer to the destination until the Byzantine node is found

17 Byzantine Detection

Download ppt "Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and."

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.

Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.

Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Challenge: Securing Routing Protocols Adrian Perrig

Challenge: Securing Routing Protocols Adrian Perrig
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

Similar presentations

Ads by Google