[PPT] - Performance Evaluation of Performance Evaluation of Security- PowerPoint Presentation

SLIDE 1

Performance Evaluation of Performance Evaluation of Security Security-

Aware Routing Protocols

Aware Routing Protocols for Clustered Mobile Ad Hoc for Clustered Mobile Ad Hoc Networks Networks

Gregory S. Yovanof Gregory S. Yovanof -

Kerem

Kerem Ericsi Ericsi

Athens Information Technology Athens Information Technology

Tel: +30 210 668 2772 Email: gyov@ait.edu.gr

Int’l Workshop on Wireless Ad-Hoc Networks IWWAN’04, Oulu, Finland 1 June 2004

SLIDE 2

2 2

Athens Information Technology

Outline Outline

Hierarchical Clustered Mobile Networks Secure Routing Protocols

Proactive (SEAD) vs. Reactive (ARIADNE) schemes

System Design Parameters

Multimedia Data, Session Link, Motion Model

Routing Protocol Performance Evaluation

Proactive vs. Reactive Schemes Incremental Overhead due to Security Extensions Effect of Queuing Buffer Size

Conclusion

SLIDE 3

3 3

Athens Information Technology

Hierarchical Clustered Ad Hierarchical Clustered Ad-

Hoc

Hoc Networks Networks

1) Heterogeneous (Non- Uniform) Hierarchical Clustered Mobile Nets

Battle-field

Communications

Emergency and/or

Rescue Operations 2) Homogeneous (Uniform) Hierarchical Clustered Mobile Networks

Bluetooth scatternets
Multihop Relay-Networks
Nomadic computing

SLIDE 4

4 4

Athens Information Technology

Need for Secure Routing Need for Secure Routing

Security support is of grave importance to

Military Communications

Node Classification according to Trust/Authority Levels
Compromised nodes attempt to disrupt the network operations

(during the network setup, route discovery or data transport phases, e.g., packet littering, net partinioning, DoS attacks, etc)

SLIDE 5

5 5

Athens Information Technology

Prior Work Prior Work – – Our Contribution Our Contribution

J. Broch, D. Maltz, Johnson et al. “Performance

Comparison of Multihop Routing” MobiCom’98

No Secure Routing Schemes

Hu, Perrig and Johnson, “ARIADNE …” MobiCom’02,

and “SEAD…” June 2002

Flat Network Topology, No Group Mobility

Our Contribution: Performance Evaluation of Security

Aware Routing Protocols in the following scenario

Clustered Mobile Network Group Mobility - Reference Point Group Mobility (RPGM) Model Session Level Link Formation Through Cluster-Heads Security Aware Routing Protocols (SEAD and ARIADNE) Multimedia Data: Delay-sensitive real-time data traffic

SLIDE 6

6 6

Athens Information Technology

Proactive vs. Reactive Routing Proactive vs. Reactive Routing Protocols Protocols

Proactive:

Actively pursue route updates to destinations, even

when route is not used

+ Reduced communication latency – More overhead

Reactive:

Discover routes to destinations only when needed

+ Less overhead – Increased latency

SLIDE 7

7 7

Athens Information Technology

Ad Hoc Routing Protocols Ad Hoc Routing Protocols Classification Classification

Secure Extension: ARIADNE Secure Extension: SEAD

SLIDE 8

8 8

Athens Information Technology

Proactive Protocol: DSDV Proactive Protocol: DSDV

DSDV – Destination Sequenced Distance Vector:

Proactive scheme (table-driven)

Uniform – No Hierarchical structure

Each node sends/responds to a routing message the same way

A routing table is maintained at each node containing

entries for all destinations:

Next Hop: the next intermediate node towards the destination Metric: how many hops to reach the destination Sequence Number: when this route was advertised

Every node periodically broadcasts the state of its

routing table

Periodic update interval: Tradeoff between latency of routing info

and excessive communication overhead

SLIDE 9

9 9

Athens Information Technology

SEAD SEAD – – Secure Efficient Distance Secure Efficient Distance Vector Routing Vector Routing Protocol Protocol

SEAD is based on DSDV – Proactive (Table Driven)

Easy to implement and efficient in terms of required memory

and CPU processing capacity

Improvements on the original DSDV protocol

Uses efficient one-way Hash Function but no

symmetric key cryptography

Built in one-way hash function H:{0,1}*→{0,1}p Simple to compute but infeasible to invert

Robust against multiple uncoordinated attackers

creating incorrect routing state

Guards against DoS (Denial-of-Service)

Y-C Hu, D.B. Johnson, A. Perrig, “SEAD: Secure Efficient Distance Vector Routing for Mobile Ad Hoc Networks,” Jun ’02

SLIDE 10

10 10

Athens Information Technology

Reactive Protocol: DSR Reactive Protocol: DSR

Dynamic Source Routing (DSR):

On Demand (Reactive)

If destination is unknown, the

network is flooded with requests

A node receiving the request re-

broadcasts it

Node address is appended to

request

Once destination is found, it

replies through the same path

Found route is placed in a cache Multiple paths possible

SLIDE 11

11 11

Athens Information Technology

ARIADNE ARIADNE – – Secure on Demand Secure on Demand Routing Routing

On Demand (Reactive) - DSR based Source Routing better suited for Security

Aware Routing

Sender is able to authenticate every node in the route-

reply phase - ensuring trustworthiness of entire route

ARIADNE uses TESLA: an efficient

Broadcast Authentication protocol

Prevents large number of Denial-of-Service

(DoS) type attacks

ARIADNE is efficient, using only highly

efficient symmetric cryptographic primitives

Y-C Hu, A. Perrig, D.B. Johnson, “ARIADNE: A Secure On Demand Routing Protocol for Ad Hoc Networks,” MobiCom’02

SLIDE 12

12 12

Athens Information Technology

Route Discovery Route Discovery (ARIADNE/TESLA) (ARIADNE/TESLA)

E

MB* MB* MB* MC* MC* MC* MA* MA* MA* MF* MG* ME* M = <Request, S, D, id, ti> Route Discovery

Route Request S A B C D F G

MS*

MC* = <M, h3, (A, B, C), (MA, MB, MC)> MF* = <M, h’3, (A, B, F), (MA, MB, MF)> MG* = <M, h’4, (A, B, C, G), (MA, MB, MC, MG)> MS* = <M, h0> MA* = <M, h1, A, MA> MB* = <M, h2, (A, B), (MA, MB)> ME* = <M, h’2, (A, E), (MA, ME)>

M = <Reply, D, S, ti, (A, B, C), (MA, MB, MC)> Route Discovery

Route Reply S A B C D F G E

MDC MCB MBA MAS

MDC = <M, MD> MCB = <M, MD, (KCti)> MBA = <M, MD, (KCti, KBti)> MAS = <M, MD, (KCti, KBti, KAti)>

SLIDE 13

13 13

Athens Information Technology

RPGM Movement Model RPGM Movement Model

Reference Point Group Mobility (RPGM) Model

Node motion is sum of two vectors: Group Vector GM - Individual

Vector RM (GM is the dominant one)

At each intermediate location the Group waits for Pause Time then

selects random destination and starts to move again

SLIDE 14

14 14

Athens Information Technology

Session Level Link Formation Session Level Link Formation

At the Session Layer traffic flows are formed to

emulate CGSR (Common Gateway Switch Routing) traffic patterns

Similar to Data Traffic flows in Bluetooth Scatternets Fits Logical Hierarchy imposed by Military structure

A single node is elected to

serve as the Cluster- Head within each Cluster

Traffic is routed through

Cluster-Heads

Cluster members cannot

talk directly to each other

Deviation from Flat

Routing Communication from node 4 to 9: Session-Link 4 > 0 > 5 > 9 Communication from node 0 to 5: Session-Link 0 > 5

SLIDE 15

15 15

Athens Information Technology

Design Parameters Design Parameters -

Simulation

Simulation

Traffic Parameters:

20 active sessions between random node-pairs

50% Intergroup, 50% Intragroup

Constant Bit Rate Traffic (CBR) @ Bit Rates:

19.2 kbps: Voice, digital data services (e.g. GPRS)
64 kbps: Low quality video conferencing

128 kbps: Mid quality video conferencing 384 kbps: High quality audio, Low quality video

Transport Protocol: UDP

Network Topology:

Area:1500m × 300m

Max. node speed: 20 m/s (≈ 72km/h)

50 nodes

Avg No. of 5 nodes per cluster/group

max. cluster radius: 100m

Movement model: RPGM

variable pause times

Simulation Time: 500 seconds

Media Access/Physical:

MAC scheme: 802.11b, DCF Medium speed: 2 Mbps Lucent WaveLan DSSS

Tx power: 24.5 dBm Rx threshold: -94.4dBm Two-ray Ground Reflection Radio Propagation Model

Examined Protocols:

DSDV - SEAD DSR - ARIADNE

Network Simulator NS-2

SLIDE 16

16 16

Athens Information Technology

Performance Metrics Performance Metrics

Packet Delivery Ratio (PDR)

Packets sent / Packets received, [%]

Median Latency (ML)

Packet end-to-end Delay, [seconds]

Routing Overhead (RO)

Total routing traffic generated, [bytes]

Target values for Real-time Interactive

Multimedia Traffic

PDR better than 75% One-way, end-to-end Delay up to 250-300 msec

SLIDE 17

17 17

Athens Information Technology

SEAD vs ARIADNE SEAD vs ARIADNE @ 19.2

@ 19.2 Kbps Kbps

ARIADNE (reactive) outperforms SEAD @ 19.2 kbps

More than 70% PDR, Low Overhead, 5-8 msec Latency

High Mobility “Stationary”Nodes

SLIDE 18

18 18

Athens Information Technology

SEAD vs ARIADNE SEAD vs ARIADNE @ 384

@ 384 Kbps Kbps

Protocol behavior changes with the data rate SEAD (proactive) outperforms ARIADNE @ 384kbps, but:

Very Low PDR (20-30%), Unacceptable Latency (~500msec) Fails to Accommodate Real-time Multimedia Traffic Could that be due to the incremental overhead induced by the

Security Extensions?

SLIDE 19

19 19

Athens Information Technology

DSDV vs SEAD DSDV vs SEAD -

PDR

PDR

Both DSDV and SEAD exhibit similar performance

w.r.t. Packet Delivery Ratio over the entire range of Pause times and Data Rates

SEAD slightly better only at 384 kbps Acceptable PDR levels (>70%) achieved only at

19.2 kbps and in the case of low mobility

SLIDE 20

20 20

Athens Information Technology

DSDV vs SEAD DSDV vs SEAD -

RO

RO

Routing Overhead is insensitive to traffic load

(proactive scheme)

SEAD exhibits slightly higher RO

Due to an optimization feature of SEAD that

discards weighted settling time (more routing packets hence more overhead)

SLIDE 21

21 21

Athens Information Technology

DSDV vs SEAD DSDV vs SEAD -

ML

ML

SEAD exhibits overall longer ML than DSDV Median Latency better in High Mobility

Acceptable ML levels for up to a data rate of 128 kbps

High Mobility

SLIDE 22

22 22

Athens Information Technology

Impact of Impact of Buffer Buffer Size Size on SEAD

n SEAD -
PDR

PDR

For a wide range of values varying the

size of the Queuing Buffer has a minimal effect on the Packet Delivery Ratio

Default Buffer size in ns-2: 50 pckts/buffer

SLIDE 23

23 23

Athens Information Technology

How Data How Data-

Flow

Flow Scenario Scenario A Affect ffects s SEAD SEAD -

PDR

PDR

Flat topology. No Data-Flow constraints.

Clusterheads are removed

Dramatic inrease in Packet Delivery Ratios Clusterheads are bottlenecks!

SLIDE 24

24 24

Athens Information Technology

Performance Summary Performance Summary

No single winner ...

ARIADNE ARIADNE

(reactive)

SEAD SEAD

(proactive)

Mobility Data Rate

19.2kbps

72 Km/hr

384 kbps 64 kbps

Acceptable Multimedia Performance

SLIDE 25

25 25

Athens Information Technology

Conclusion Conclusion

SEAD (proactive) performs better than

ARIADNE at higher data load in the tested:

Clustered, Group Mobile and Constraint Traffic

(Hierarchical) environment

Minimal incremental overhead due to the

Security extensions

Both schemes fail to accommodate the

stringent requirements of real-time interactive multimedia communications in the examined application scenario

QoS constraints demand cross-layered

ptimized protocols (Hierarchical routing,

Traffic/Resource driven cluster formation, Hot-spot mitigation, Load balancing …)

SLIDE 26