Security of Routing Protocols in Ad Hoc Wireless Networks presented - - PowerPoint PPT Presentation

security of routing protocols in ad hoc wireless networks
SMART_READER_LITE
LIVE PREVIEW

Security of Routing Protocols in Ad Hoc Wireless Networks presented - - PowerPoint PPT Presentation

Oct 11, 2023 613 likes •896 views

Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola 600.647 Advanced Topics in Wireless Networks Our focus: MANETs Multi-hop routing: unicast multicast infrastructure access Our focus: MANETs

slide-1
SLIDE 1

Security of Routing Protocols in Ad Hoc Wireless Networks

presented by Reza Curtmola 600.647 – Advanced Topics in Wireless Networks

slide-2
SLIDE 2

Our focus: MANETs

Multi-hop routing:

  • unicast
  • multicast
  • infrastructure access
slide-3
SLIDE 3

Our focus: MANETs

Multi-hop routing:

  • unicast
  • multicast
  • infrastructure access
slide-4
SLIDE 4

Our focus: MANETs

Internet Internet

Multi-hop routing:

  • unicast
  • multicast
  • infrastructure access
slide-5
SLIDE 5

Security of Ad Hoc Wireless Networks

  • Security is essential because:

– Lack of physical security makes devices susceptible to theft – All nodes participate in routing, must rely on untrusted nodes – Lack of security leads to degradation of service because medium is shared

  • Difficult to provide because:

– Collaborative nature – Less-robust and shared medium – Requires solution for internal adversaries

slide-6
SLIDE 6

More Basics

  • Transmission range is usually smaller than

network span

  • Need for multi-hop routing
  • All nodes can potentially participate in the

routing protocol

slide-7
SLIDE 7

Security concerns

  • Must define adversarial model
  • Effect on network operation

– Passive attacks – Active attacks

  • Attackers are authorized to participate in

the network operation

– Outside attacks – Inside attacks

slide-8
SLIDE 8

Outside Attacks

  • Attackers do not posses credentials
  • Include:

– packet injection – packet modification – impersonation

  • In general preventable using standard

cryptographic mechanisms that ensure authentication and data integrity

slide-9
SLIDE 9

Inside (Byzantine) Attacks

  • Byzantine behavior:

Arbitrary action by an authenticated node resulting in disruption of the routing service

  • All nodes participate in routing
  • Authentication and data integrity

mechanisms do not provide any guarantees

  • Different than the “selfish node” problem
slide-10
SLIDE 10

Attacks against routing

  • Black Hole Attack
  • Flood Rushing Attack
  • Wormhole Attack
  • Overlay Network Attack

(super-wormhole)

  • Adversaries can act individually or can

collude Traditional & Byzantine

slide-11
SLIDE 11

Other Attacks

  • Traffic analysis
  • Sybil attacks

– A malicious node illegitimately claims multiple identities

  • Node replication

– Adversary captures, replicates and inserts duplicated nodes – Difficult to detect without centralized monitoring

slide-12
SLIDE 12

Routing protocols

  • Routing = act of moving information from

source to destination

  • Types of routing protocols

– Pro-active – continuously learn network topology

  • ☺ routes are available immediately
  • high updating cost for dynamic topology
  • examples: RIP, OSPF, DSDV, OLSR

– Reactive – establish routes when needed

  • ☺ less control traffic
  • additional delay, involve flooding
  • examples: AODV, DSR
slide-13
SLIDE 13

On-Demand Routing Protocols

  • Route Discovery phase

– Based on flooding – RouteRequest – usually flooded – RouteReply – flooded or unicast

  • Route Maintenance Phase

S D

Ad Hoc Network

Req Rep Req Rep

slide-14
SLIDE 14

Black Hole Attack

  • Adversary selectively drops only data

packets, but still participates in the routing protocol correctly

  • The damage is directly related to the

likelihood of an adversary being selected as part of the route

slide-15
SLIDE 15

Black Hole Attack Mitigation

Watchdog and Pathrater

(S. Marti, T. Giuli, K. Lai, M. Baker, “Mitigating routing misbehavior in mobile ad hoc networks”, MobiCom 2000)

  • A node can overhear its neighboring nodes

forwarding packets to other destinations

  • Watchdog and Pathrater
  • Local monitoring can detect:

– Packet forge: An outgoing packet that has no corresponding incoming packet – Packet modification: Difference between the incoming and outgoing packet fields – Intentional packet delay: A packet was forwarded after a threshold time instead of immediately – Packet drop: Packets were not forwarded within a maximum acceptable timeout threshold

slide-16
SLIDE 16

Black Hole Attack Mitigation

Watchdog and Pathrater

What can go wrong?

  • Missed detection: A malicious event goes undetected

at guard G because:

– A collision occurs at G when the malicious node S transmits

  • False detection: A normal event is classified by a

guard G as a malicious event because:

– A collision occurs at G when the sender S transmits a packet – A collision occurs at G when the monitored node D forwards the packet

  • Does not work when power control and

multi-rate are used

  • Also vulnerable to attacks from two

consecutive colluding adversaries

G S D

slide-17
SLIDE 17

Black Hole Attack Mitigation

Secure Data Transmission (SDT)

(P. Papadimitratos, Z. Haas, “Secure data transmission in mobile ad hoc networks”, WiSe 2003)

  • Uses end-to-end acknowledgements from DST
  • Disseminates a packet across several node-disjoint paths
  • Good for well connected networks
  • Bad for sparsely connected networks
  • Protection of node-disjoint path discovery is not fully

achieved against colluding adversaries

  • Also vulnerable to flood rushing attacks
slide-18
SLIDE 18

Flood Rushing Attack

  • Majority of on-demand routing protocols

use flooding for route discovery

  • Attack takes advantage of the

flood suppression mechanism

  • Adversary “rushes” packets through the

network, propagating its flood faster than the legitimate flood

slide-19
SLIDE 19

Flood Rushing Attack

  • Attacker disseminates RREQ, RREP quickly

throughout the network suppressing any later legitimate RREQ, RREP

– By avoiding the delays that are part of the design of both routing and MAC (802.11b) protocols – By sending at a higher wireless transmission level – By using a wormhole to rush the packets ahead of the normal flow

  • Result: an attacker gets selected on many paths,
  • r no path is established
  • Why is the attack possible: flood suppressing

mechanism

slide-20
SLIDE 20

Flood Rushing Attack Mitigation

Rushing Attack Prevention (RAP)

(Y.-C. Hu, A. Perrig, D.B. Johnson, “Rushing Attacks and defense in wireless ad hoc network routing protocols”, WiSe 2003)

  • Wait to receive up to k requests (flood re-broadcasts)
  • Randomly selects one to forward
  • Random selection reduces advantage gained by reaching

a node first

  • Disadvantages:

– Secure neighbor discovery and secure route delegation => multiple rounds of communication => a lot of overhead – Is ineffective if the adversary has compromised k or more nodes

slide-21
SLIDE 21

Byzantine Wormhole Attack

Source Destination Adv1 Adv2 wormhole

  • Attacker (or colluding attackers) records a packet at one

location in the network, tunnels the packet to another location, and replays it there.

  • End-points of the virtual link can not be trusted
  • Result: Allows an adversary to get selected on many

paths

slide-22
SLIDE 22

Two types of wormhole

Source Destination Adv1 Adv2 wormhole

  • Traditional wormhole: adversaries are outside attackers

(non-authenticated)

– honest nodes believe there is a direct link between them

  • Byzantine wormhole: adversaries are inside attackers

(authenticated)

– wormhole link exists between compromised nodes

slide-23
SLIDE 23

Wormhole Attack Mitigation

Packet Leashes (Y.-C. Hu, A. Perrig, D.B. Johnson, “Packet Leashes: A defense against

wormhole attacks in wireless ad hoc networks”, Infocom 2003)

  • Prevents wormhole creation by limiting the transmission

distance of a link

– A temporal leash (extremely tight time synchronization) – A geographical leash (location information)

  • May require additional hardware (very accurate clocks or

GPS receivers), but is effective against traditional wormholes

  • Ineffective against Byzantine wormholes
slide-24
SLIDE 24

Wormhole Attack Mitigation

Directional Antenna

(L. Hu, D. Evans, “Using directional antennas to prevent wormhole attacks”, NDSS 2004)

  • Uses the angle of arrival information available when using

directional antennas

  • Takes advantage of topology distortion that occurs when nodes

communicate through a wormhole

  • To verify a link between two nodes, a third node is required
  • Disadvantage: in low density networks, the number of available

links is reduced

  • Ineffective against Byzantine wormholes
slide-25
SLIDE 25

Super-Wormhole

  • a more general (and stronger) variant of the

wormhole attack

  • several adversaries collude and form an overlay
  • f Byzantine wormholes
  • for n adversaries, it is equivalent to n2 wormholes
slide-26
SLIDE 26

Related Work

  • [Perlman – ’88]: Byzantine robustness for Link State routing protocol

in wired networks)

  • Blackhole:

[Marti, Giuli, Lai, Baker - ‘00] [Papadimitratos, Haas - ’03]

  • Authentication and integrity: [Zhou, Haas – ’99]

[Hubaux, Buttyan, Capkun – ’01] [Dahill, Levine, Shields, Royer – ’02] [Hu, Perrig, Johnson – ‘01, ’02]

  • Flood rushing: [Hu, Perrig, Johnson – ‘03]
  • Wormhole:

[Hu, Perrig, Johnson – ’03] [Hu, Evans – ’04]

  • NO PROTOCOL THAT CAN WITHSTAND ALL OF THE

CONSIDERED BYZANTINE ATTACKS

  • ODSBR fills this gap! (software-only solution)

[Awerbuch, Holmer, Nita-Rotaru, Rubens – Wise ’02 [Awerbuch, Curtmola, Holmer, Nita-Rotaru, Rubens – SecureComm ’05]