secure routing for mobile ad hoc networks
play

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos - PowerPoint PPT Presentation

Feb 17, 2023 •402 likes •560 views

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas Presented by Leland Smith CS 6204, Spring 2005 1 Overview What are MANETs? Motivation Secure Routing Protocol Protocol Description

  1. Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas Presented by Leland Smith CS 6204, Spring 2005 1

  2. Overview ♦ What are MANETs? ♦ Motivation ♦ Secure Routing Protocol ♦ Protocol Description ♦ Discussion CS 6204, Spring 2005 2

  3. Mobile Ad hoc NETworking ( MANET ) [1] ♦ Self-organized wireless interconnection of communication devices that would: – Extend or operate in concert with the wired networking infrastructure – Possibly evolve to autonomous networks ♦ Unique characteristics and challenges CS 6204, Spring 2005 3

  4. Mobile Ad hoc NETworking ( MANET ) [2] ♦ Characteristics – Absence of fixed infrastructure – Decentralized operation ♦ Challenges – Physical limitations – Difficult to determine which nodes to trust – Difficult to have a clear picture of membership • Cannot make trust assumptions in large networks – No guarantee paths are free of malicious nodes CS 6204, Spring 2005 4

  5. Motivation ♦ Current MANET routing protocol cannot cope with disruptions due to malicious behavior. – Denial of service attacks on end nodes ♦ Propose the Secure Routing Protocol (SRP) – Applied as an extension to existing routing protocols. – Guarantees acquisition of correct topological information in a timely manner. CS 6204, Spring 2005 5

  6. Secure Routing Protocol (SRP) ♦ Features – Guarantees that a node initiating a route discovery will be able to identify and discard replies providing false topological information. • Or avoid receiving them all together. – Places computational overhead on end-nodes • Efficient and scalable • Doesn’t rely on state stored on intermediate nodes. – Only requires a security association between the pair of end nodes. • Security association? ♦ Assumptions – Adversary nodes are not capable of colluding within one step of protocol execution – Each broadcast is received by all neighbors within range. Nodes operate in promiscuous mode. CS 6204, Spring 2005 6

  7. Basic Concept ♦ Request: – A source node initiates a route discovery and broadcasts the request packet along with a secure Message Authentication Code and secret key shared between the source and destination. – IP addresses are accumulated along the path. ♦ Propagation: – Intermediate nodes relay route requests such that one or more request packets arrive at the destination. – Discard previously seen route requests. – Provide feedback in the event of path breakage. ♦ Reply: – Calculates new MAC covering route reply contents. – Returns packet to source along the reverse of the accumulated path. – Responds to one or more requests from the same query to provide the source with a diverse topology picture. – Querying node validates replies and updates its topology view. CS 6204, Spring 2005 7

  8. Packet Format Builds on underlying basis protocol 6 words = 192 byte header CS 6204, Spring 2005 8

  9. SRP Packet Components ♦ Query Sequence number ( Q seq ): – Increases with each route request by a node – Allows destination to detect outdated routes – Initialized at establishment of security association ♦ Query Identifier ( Q id ): – Used by intermediate nodes to identify request – Output of secure pseudorandom number generator ♦ Message Authentication Code ( MAC ): – Generated by a keyed hash function – Input: entire IP header, basis protocol route request packet, shared key K S,T – Excludes: accumulated addresses of intermediate nodes, mutable IP header fields. CS 6204, Spring 2005 9

  10. 10 Process Example CS 6204, Spring 2005

  11. Query Propagation ♦ Determine whether SRP header is present – If not, route according to basis protocol – If so: • Route according to SRP • Extract Q id , source and destination addresses and store in query table. • If incoming packet Q id , source and destination addresses match one already in the query table, discard the packet. • Query frequency heuristics CS 6204, Spring 2005 11

  12. Route Reply ♦ Verifies request packet – Security association? – In sequence? ♦ Calculate hash of request fields and compare to the request header MAC – Verification complete ♦ Formulate reply using the same Q id and Q seq as the request and recompute the MAC for the new packet. ♦ Destination generates numerous replies to a single valid request. – Disallow malicious neighbor to control multiple replies. CS 6204, Spring 2005 12

  13. Reply Validation ♦ Source discards reply if it does not correspond to a currently pending query ♦ Compare reply IP source-route with the reverse of the route carried in the reply payload. Discard if they differ ♦ Calculate MAC using data in reply payload and the shared key. ♦ Upon verification, source is assured that the request reached destination T, and that the reply was not tampered with on its way from T to S. CS 6204, Spring 2005 13

  14. Route Maintenance ♦ Topology changes must be detected ♦ Route error packets source-routed along the prefix of the route reported as broken. ♦ The path source compares the route traversed by the error packet to the prefix of the corresponding route. ♦ Verifies error feedback refers to the actual route, and was generated by a node on the route. ♦ Correctness of feedback cannot be verified – A malicious node on route S->T can at most invalidate that route, mislead S by corrupting error packets from another node, or mask a dropped packet as a link failure CS 6204, Spring 2005 14

  15. Summary & Conclusion ♦ Proofs in paper ♦ Implementations? ♦ How to establish security associations? CS 6204, Spring 2005 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Corridor Routing Routing in Mobile in Mobile Ad Ad- -hoc hoc Networks Networks Corridor

Corridor Routing Routing in Mobile in Mobile Ad Ad- -hoc hoc Networks Networks Corridor

Corridor Routing Routing in Mobile in Mobile Ad Ad- -hoc hoc Networks Networks Corridor Christian Vogt, University of Karlsruhe Michael Gerharz, University of Bonn Christian de Waal, University of Bonn Med-Hoc-Net 2004, Bodrum, Turkey

345 views • 19 slides
Routing in Ad-hoc networks P R E S E N T E D B Y - L E W I S T S E N G R A C H I T A G A R W A

Routing in Ad-hoc networks P R E S E N T E D B Y - L E W I S T S E N G R A C H I T A G A R W A

Routing in Ad-hoc networks P R E S E N T E D B Y - L E W I S T S E N G R A C H I T A G A R W A L Ad-hoc networks Infrastructure-less networks No fixed routers (potentially) mobile nodes Dynamically and arbitrarily located

1.15k views • 94 slides
Capacity Deficit in Mobile Wireless Ad Hoc Networks Due to Geographic Routing Networks Due to

Capacity Deficit in Mobile Wireless Ad Hoc Networks Due to Geographic Routing Networks Due to

Capacity Deficit in Mobile Wireless Ad Hoc Networks Due to Geographic Routing Networks Due to Geographic Routing Overheads Alhussein A. Abouzeid ECSE Department Rensselaer Polytechnic Institute Joint work with Nabhendra Bisnik Joint work with

611 views • 28 slides
Routing In Ad Hoc Networks 1. Introduction to Ad-hoc networks 2. Routing in Ad-hoc networks 3.

Routing In Ad Hoc Networks 1. Introduction to Ad-hoc networks 2. Routing in Ad-hoc networks 3.

Routing In Ad Hoc Networks 1. Introduction to Ad-hoc networks 2. Routing in Ad-hoc networks 3. Proactive routing protocols DSDV 4. Reactive routing protocols DSR, AODV 5. Non-uniform routing protocols ZRP, CEDAR 6. Other

392 views • 22 slides
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures C. Karlof and D. Wagner

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures C. Karlof and D. Wagner

T-79.194 Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures C. Karlof and D. Wagner presentation by Maarit Hietalahti Helsinki University of Technology Laboratory for Theoretical Computer Science

298 views • 14 slides
Load Balanced Link Reversal Routing in Mobile Wireless Ad Hoc Networks Nabhendra Bisnik,

Load Balanced Link Reversal Routing in Mobile Wireless Ad Hoc Networks Nabhendra Bisnik,

Load Balanced Link Reversal Routing in Mobile Wireless Ad Hoc Networks Nabhendra Bisnik, Alhussein Abouzeid Costas Busch ECSE Department CSCI Department RPI RPI Mobile Wireless Networks Wireless nodes are mostly battery driven ) limited

616 views • 35 slides
Routing Algorithms for Mobile Ad Hoc Networks Costas Busch (RPI) Srikanth Surapaneni (RPI)

Routing Algorithms for Mobile Ad Hoc Networks Costas Busch (RPI) Srikanth Surapaneni (RPI)

Analysis of Link Reversal Routing Algorithms for Mobile Ad Hoc Networks Costas Busch (RPI) Srikanth Surapaneni (RPI) Srikanta Tirthapura (Iowa State University) Talk Outline Link Reversal Routing Previous Work & Contributions Analysis of

995 views • 66 slides
A Game-theoretic Incentive Scheme for Social- aware Routing in Selfish Mobile Social Networks

A Game-theoretic Incentive Scheme for Social- aware Routing in Selfish Mobile Social Networks

A Game-theoretic Incentive Scheme for Social- aware Routing in Selfish Mobile Social Networks Behrouz Jedari PhD candidate email: bjedari@mail.dlut.edu.cn Mobile and Social Computing Laboratory Dalian University of Technology 25 November 2015

426 views • 23 slides
Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure Routing? Current routing protocols assume trusted environment! Even misconfigurations severely disrupt Internet routing Secure routing

245 views • 22 slides
Breadcrumb Routing: Query-Response Geocast for Mobile Originators in Vehicular Networks IEEE

Breadcrumb Routing: Query-Response Geocast for Mobile Originators in Vehicular Networks IEEE

Institute of Operating Systems and Computer Networks Breadcrumb Routing: Query-Response Geocast for Mobile Originators in Vehicular Networks IEEE Vehicular Networking Conference 2014 Julian Timpner, Mario Wozenilek, Lars Wolf, December 3, 2014

820 views • 37 slides
Wireless networks Routing: DSR, AODV 1 Routing in Ad Hoc Networks Goals Adapt quickly

Wireless networks Routing: DSR, AODV 1 Routing in Ad Hoc Networks Goals Adapt quickly

Wireless networks Routing: DSR, AODV 1 Routing in Ad Hoc Networks Goals Adapt quickly to topology changes No centralization Loop free routing Load balancing among different routes in case of congestion Supporting

908 views • 89 slides
Mobile routing in elastic optical networks Ireneusz Szczeniak, Andrzej Jajszczyk, and Andrzej

Mobile routing in elastic optical networks Ireneusz Szczeniak, Andrzej Jajszczyk, and Andrzej

Mobile routing in elastic optical networks Ireneusz Szczeniak, Andrzej Jajszczyk, and Andrzej Pach AGH University of Science and Technology, Poland ICCC 2014 Introduction Problem statement Solutions Simulation results Conclusion Plan of

302 views • 13 slides
Density-based vs. Proximity-based Anycast Routing for Mobile Networks Vincent Lenders, Martin May

Density-based vs. Proximity-based Anycast Routing for Mobile Networks Vincent Lenders, Martin May

Density-based vs. Proximity-based Anycast Routing for Mobile Networks Vincent Lenders, Martin May and Bernhard Plattner Department of Information Technology and Electrical Engineering Swiss Federal Institute of Technology (ETH) Z urich,

464 views • 13 slides
CS 525M Mobile and Ubiquitous Computing Seminar Ted Goodwin Mitigating Routing Misbehavior

CS 525M Mobile and Ubiquitous Computing Seminar Ted Goodwin Mitigating Routing Misbehavior

CS 525M Mobile and Ubiquitous Computing Seminar Ted Goodwin Mitigating Routing Misbehavior in Mobile Ad Hoc Networks Sergio Marti, T.J. Giuli, Kevin Lai, and Mary Baker Department of Computer Science Stanford University Stanford, CA

454 views • 34 slides
An OMNeT++ based Framework for Mobility-aware Routing in Mobile Robotic Networks Benjamin Sliwa,

An OMNeT++ based Framework for Mobility-aware Routing in Mobile Robotic Networks Benjamin Sliwa,

dortmund university OMNeT++ Community Summit 2016 An OMNeT++ based Framework for Mobility-aware Routing in Mobile Robotic Networks Benjamin Sliwa, Christoph Ide and Christian Wietfeld September 16, 2016 Faculty of Electrical Engineering &

551 views • 29 slides
NETI@home : A Distributed Approach to NETI@home Collecting End-to-End Network Performance

NETI@home : A Distributed Approach to NETI@home Collecting End-to-End Network Performance

NETI@home : A Distributed Approach to NETI@home Collecting End-to-End Network Performance Measurements Charles Robert Simpson, Jr. Dr. George F. Riley Georgia Institute of Technology Atlanta, GA, USA Presented to PAM 2004 The 5th Passive

634 views • 15 slides
THE COURSE COMPUTER SOFTWARES OF FINANCIAL PLANNING OVERVIEW University ASUE Teacher Mare

THE COURSE COMPUTER SOFTWARES OF FINANCIAL PLANNING OVERVIEW University ASUE Teacher Mare

Reforming Master Programmes in Finance in Armenia and Moldova / REFINE An Erasmus+ Capacity Building Project (2017-2020) THE COURSE COMPUTER SOFTWARES OF FINANCIAL PLANNING OVERVIEW University ASUE Teacher Mare Khachatryan BASIC

770 views • 30 slides
Cross-language High Similarity Search using a Conceptual Thesaurus no 2 and Paolo Rosso 1 Parth

Cross-language High Similarity Search using a Conceptual Thesaurus no 2 and Paolo Rosso 1 Parth

Introduction Conceptual Thesaurus Method Results Analysis References Cross-language High Similarity Search using a Conceptual Thesaurus no 2 and Paolo Rosso 1 Parth Gupta 1 , Alberto Barr on-Cede 1 Universitat Polit` ecnica de Val`

613 views • 26 slides
Counting Arithmetical Structures Luis David Garc a Puente Department of Mathematics and

Counting Arithmetical Structures Luis David Garc a Puente Department of Mathematics and

Counting Arithmetical Structures Luis David Garc a Puente Department of Mathematics and Statistics Sam Houston State University Blackwell-Tapia Conference 2018 The Institute for Computational and Experimental Research in Mathematics

719 views • 59 slides
Smart NICs Ian Pratt Smart L2 NIC features Privileged/unprivileged NIC driver model

Smart NICs Ian Pratt Smart L2 NIC features Privileged/unprivileged NIC driver model

TM Smart NICs Ian Pratt Smart L2 NIC features Privileged/unprivileged NIC driver model Free/rx/tx descriptor queues into guest Packet demux and tx enforcement Validation of frag descriptors TX QoS CSUM offload / TSO / LRO

714 views • 7 slides
XORs in the Air: Practical Wireless Network Coding S. Katti, H. Rahul, W. Hu, D. Katabi, M.

XORs in the Air: Practical Wireless Network Coding S. Katti, H. Rahul, W. Hu, D. Katabi, M.

XORs in the Air: Practical Wireless Network Coding S. Katti, H. Rahul, W. Hu, D. Katabi, M. Medard, J. Crowcroft MIT & University of Cambridge Can we use 3 transmissions to send traffic? 2 1 3 4 Can we use 3 transmissions to send

827 views • 25 slides
Getting from Nothing to Something AKA: Bootstrapping, Commissioning, Pairing, ... Cullen

Getting from Nothing to Something AKA: Bootstrapping, Commissioning, Pairing, ... Cullen

Getting from Nothing to Something AKA: Bootstrapping, Commissioning, Pairing, ... Cullen Jennings, PhD Cisco Smart Object Security Workshop March 2012 Friday, March 23, 12 Goal So Cisco sold me this super constrained, super smart, super

356 views • 10 slides
Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter

Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter

Source: [5] Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter Pilgerstorfer 03.03.2015 1 Motivation Pairing without user interaction Traditional authentication E.g. enter/confirm shared PIN

270 views • 26 slides

More recommend