Professional Documents
Culture Documents
DISCOVERY IN MANETs
ABSTRACT — MANETs are the collections of wireless mobile devices. In general, MANETs use dynamic routing for data
transfer between source and destination; they need reliable, efficient and highly secure route between the two ends. The discovery of
secure route is a major task and also it has gained more importance. A security model named ABV model uses two routing algorithms
SRP and Ariadne. Both the methods are found to be insecure because of hidden channel attacks. A novel route discovery algorithm
called endairA was developed within this same model as a solution. The security proof for the route discovery algorithm in endairA is
also flawed and also subjected to a hidden channel attack. For ubiquitous applications, secure route is necessary for data transmission
from source to destination. The main objective of this paper is to analyze the security challenges in the route discovery of MANETs
and to provide the appropriate solutions.
INDEX TERMS — Proactive Routing, Mobile Node, Message Authentication Code, Hidden Channel Attack, Dynamic Source
Routing Protocol, Mobile Ad-hoc Networks.
1 INTRODUCTION
1
Ariadne is an on-demand routing aprotocol based on Dynamic
Source Routing (DSR) protocol. Unlike SRP, the Ariadne shares the
Key to all the intermediate nodes for authentication. Ariadne protocol
assumes that the source and the destination share a secret key KST that
2 PHASES OF ROUTING allows them to authenticate each other. To establish a secure route to
the destination, the source node floods a RREQ packet that has eight
fields <ROUTE REQUEST, intitator, target, id, time interval, hash
Routing is a basic network functionality that supports
chain, node list, and MAC list>. The ‘id’ is an identifier that has not
communication. In MANETs, each node acts as a router forwarding
been recently used in route discovery. The hash chain field is
data to other nodes. We distinguish three basic phases in routing:
initialized by the initiator to the MAC calculated over the initiator,
1) Route discovery in which one or more routes that link a source S
target, id, time interval, using the key KST (MACKST (initiator, target,
to a target T are sought.
id, time interval)). The node list and MAC list are empty initially and
2) Route maintenance in which broken links of established routes are
will be filled by the intermediate and target nodes.
fixed.
The RREP packet consists of target, initiator, time interval,
3) Packet forwarding in which communication is achieved via
node list, MAC list (which correspond to fields from the
established routes.
corresponding RREQ), target MAC and key list. Target MAC is a
Route discovery can be proactive (table driven) or reactive
MAC calculated by the destination over first five fields with the key
(on-demand). In proactive routing, usually nodes maintain routing
KST. Key list is left empty to be initialized by the intermediate nodes,
tables with routing information to potential target nodes. The tables
along the reverse route in the RREQ. The destination sends the
are updated at regular intervals and used by intermediate nodes for
RREP to the initiator along the source route which is the reverse of
route discovery. With reactive algorithms, routes are discovered only
the sequence of hops in the node list in the RREQ. The node
when needed.
forwarding the route RREP waits until it is able to disclose the key
for the specified time interval. The node then appends the key to the
2.1 Routing Security in Manets key list field in the RREP and forwards the RREP to the next hop
towards the source. The waiting delays do not add significant
The nodes in an ad-hoc network also function as routers that discover computation overhead but adds to storage overheads. When the
and maintain routes to other nodes in the network. The primary goal initiator receives the RREP, it checks if the keys in the key list are
of a MANET routing protocol is to establish a correct and efficient valid, target MAC is valid and each MAC in the MAC list is valid. If
route between a pair of nodes so that messages may be delivered in a all these are valid only then will it accept the RREP.
timely manner. If routing can be misdirected, the entire network can
be paralyzed. Thus, routing security plays an important role in the
security of the whole network. 4.1 The Attack on Ariadne
Attacks can be classified into passive and active attacks. A
passive attack does not disrupt the operation of a routing protocol, The attack against Ariadne is briefly described in [16]. Consider an
but only attempts to discover valuable information by listening to instance with source node S and let,
routing traffic, which makes it very difficult to detect. An active
attack is an attempt to improperly modify data, gain authentication, (S, A, X, B, Y, D, T) (1)
or procure authorization by inserting false packets into the data
stream or modifying packets transition through the network. Active be a sequence of identifiers of neighbor nodes in which only X; Y are
attack can be further divided into external attacks and internal faulty. Let C ≠ B be another neighbor of both X and Y. In the attack,
attacks. An external attack is one caused by nodes that do not belong when the first adversarial node X receives the route request,
to the network. An internal attack is one from compromised or
hijacked nodes that belong to the network. msgS,T,rreq = (rreq, S, T, id, A, macSA), (2)
it broadcasts
3 THE SOURCE ROUTING PROTOCOL msgS,T,rreq = (rreq, S, T, id, A, X, macSAX), (3)
SRP is an on-demand source routing protocol that captures the basic This is received by both B and C, which broadcast the corresponding
features of reactive routing. In SRP, route requests generated by a route request. The second adversarial node Y does not respond to
source S are protected by Message Authentication Codes (MACs) either request, while a little later, the first adversarial node X creates
computed using a key shared with the target T. Requests are a fake route reply in the name of Y:
broadcast to all the neighbors of S. Each neighbor that receives a msgS,T,rrep = (rrep, S, T, id, A, X, B, Y, macSAX) (4)
request for the first time appends its identifier to the request and
rebroadcasts it. Intermediate nodes do the same. The MAC in the (with the wrong MAC) and unicasts it to B, which only checks the id
request is not checked because only S and T know the key used to and that X; Y are its neighbors. Since B has processed an earlier
compute it. When this request reaches the target T, its MAC is request with identifier id, it will retransmit this, intending it for X.
checked by T. If it is valid, then it is assumed by the target that all Node Y intercepts it and generates the route request:
adjacent pairs of nodes on the path of the route request are neighbors. msgS,T,rreq = (rreq, S, T, id, A, X, Y , macSAXY ) (5)
Such paths are called valid or plausible routes. Here the upstream
route from T to S is authenticated by the target, the downstream route This is accepted by D and continued along to T. Since the iterated
is not and it may divert the routes. MAC is correctly constructed, it will be accepted by the target T,
which creates and sends back the route reply:
4 ARIADNE msgS,T,rrep = (rrep, S, T, id, A, X, Y , D, macT ) (6)
2
When this reaches Y, the label for node C is added to the listing so successfully returned to the initiator with the correct appended
that C will rebroadcast it. When X gets it, this label is discarded and signatures.
the message is sent back to the source S, where it will get validated. We validate the EndairA model to ensure that the paths are
In this attack, the adversarial node X has succeeded in correctly constructed, the target signature protects the reverse rrep,
shortening an existing route by using a hidden channel—namely the and the intermediate node signatures are appended in the proper
one provided by the lack of directionality in wireless broadcast— order during the rrep and compared against the signed accumulated
linking it to the second faulty node Y and sending via this channel path.
the message to Y . This message contains macSAX, an MAC that Y
needs in order to compute macSAXY. There are several other hidden
channels that X and Y could use, as we shall see later.
5.1 Hidden Channel Attack in EndairA
Consider a sequence of nodes,
5 ENDAIRA (S, A, X, B, Y, D, T) (13)
The protocol endairA is designed to address the Hidden channel where, X, Y are faulty nodes.
attack described above. In endairA, the route replies of intermediate
nodes are protected. When the node A receives,
The EndairA message formats follow as: msgS,T,rreq = (rreq, S, T, id) (14)
1) <rreq, initiator, target, id, accum path>
2) <rrep, initiator, target, accum path, sig list> When the first faulty node X receives,
msgS,T,rreq = (rreq, S, T, id, A) (15)
We illustrate the EndairA protocol using the network topology and
message sequence shown in figure 1 and 2. When the node B receives,
msgS,T,rreq = (rreq, S, T, id, A, X) (16)
endairA
msg1 = (rreq, 0 3, id, () ) (7)
60
msg2 = (rreq, 0 ,3, id, (1) ) (8)
50
40
Possible Paths
30
msg4 = (rrep, 0, 3, (1, 2), (sig3) ) Secured Paths
20
sig3 = SK3 {rrep, 0, 3, id, (1, 2), ()} (10)
10
3
secure communication, so intermediate nodes should expect to There are several proposals for secure ad-hoc routing protocols (see
retransmit the encrypted data. [12] for a recent overview). However, most of these proposals come
with an informal security analysis with all the pitfalls of informal
7 THE PROTOCOL E-ENDAIRA security arguments. In this section, we report on a few exceptions,
where some attempts are made to use formal methods for the
verification of ad-hoc routing protocols.
To mitigate the effects of the hidden channel attack in the networking In [23], the authors try to reach a goal similar to ours but
environment, we proposed a new protocol named Enhanced EndairA with a different approach. They propose a formal model for ad-hoc
(E-EndairA). This represents a first effort toward a formal security routing protocols with the aim of representing insider attacks.
model that can deal with concurrent attacks and is successful in Routing security is defined in terms of a safety and liveness property.
mitigating a class of hidden channel attacks—the attacks that are The liveness property requires that it is possible to discover routes,
intrinsic to the wireless broadcast medium in a neighborhood. As like while the safety property requires that discovered routes do not
the endairA protocol, the E-endairA also address the Hidden channel contain adversarial nodes.
attack as well as here the route replies of intermediate nodes are
protected. In E-endairA,
50
The route reply from S to T is of the form,
No of Nodes
40
msg S,T,rrep = (rrep, S, T, id, X1…….Xp, sigT.......sigXj) Possible Paths
30
(20) Secured Paths
20
Here the target should verify that there’s no repeating ID in the node
10
list and the last node in the node list is a neighbour. Each
intermediate node should check, whether its own ID is in the node 0
list; there’s no repeating ID in the node list; next and previous nodes 0 5 10 15
in the node list are neighbours and all the signatures are valid. No of Paths
Similarly the source must verify that there’s no repeating ID in the Figure 4.Possible and Secured paths in the proposed E-
node list. first node in the node list is a neighbour and all the
signatures are valid. endiarA algorithm
4
Proc. European Workshop Security and Privacy in Ad Hoc and
Sensor Networks (ESAS ’05), pp. 113-127, 2005.
REFERENCES
[16] G. _ Acs, L. Buttya´n, and I. Vajda, “Provably Secure On-
[1] Mike Burmester, “On the Security of Route Discovery in Demand Source Routing in Mobile Ad Hoc Networks,” IEEE Trans.
MANETs”, IEEE Transactions on mobile computing,vol.8,no. 9,sep Mobile Computing, vol. 5, no. 11, pp. 1533-1546, Nov. 2006.
2009.
[17] G. _ Acs, L. Buttya´n, and I. Vajda, “Modelling Adversaries and
[2] C.E. Perkins and P. Bhagwat, “Highly Dynamic Destination- Security Objectives for Routing Protocols in Wireless Sensor
Sequenced Distance-Vector Routing (DSDV) for Mobile Networks,” Proc. Workshop Security in Ad Hoc and Sensor
Computers,” Proc. ACM SIGCOMM, pp. 234-244, 1994. Networks (SASN ’06), pp. 49-58, 2006.
[3] D. Johnson and D. Maltz, “Dynamic Source Routing in Ad-Hoc
Wireless Networks,” Mobile Computing, T. Imielinski and H. Korth, [18] B. Pfitzmann and M. Waidner, “Composition and Integrity
eds., Kluwer Academic Publishers, 1996. Preservation of Secure Reactive Systems,” Proc. ACM Conf.
Computer and Comm. Security, pp. 245-254, 2000.
[4] P. Papadimitratos and Z. Haas, “Secure Routing for Mobile Ad-
Hoc Networks,” Proc. SCS Comm. Networks and Distributed [19] R. Canetti, “Universally Composable Security: A New Paradigm
Systems Modeling and Simulation Conf. (CNDS ’02), 2002. for Cryptographic Protocols,” Proc. IEEE Ann. Symp. Foundations
of Computer Science (FOCS ’01), pp. 136-145, 2001.
[5] C. Perkins, “Ad-Hoc On-Demand Distance Vector Routing,”
Proc. Military Comm. Conf. (MILCOM ’97), panel on ad-hoc [19] Y.-C. Hu, A. Perrig, and D. Johnson, “Ariadne: A Secure On-
networks, 1997. Demand Routing Protocol for Ad Hoc Networks,” Proc. ACM
MobiCom, 2002.
[6] C.E. Perkins and E.M. Belding-Royer, “Ad-Hoc On-Demand
Distance Vector Routing,” Proc. Second Workshop Mobile [20] J.T.A. Perrig, R. Canetti, and D. Song, “Efficient Authentication
Computing Systems and Applications (WMCSA ’99), pp. 90-100, and Signing of Multicast Streams over Lossy Channels,” Proc. IEEE
1999. Symp. Security and Privacy, pp. 56-73, 2000.
[7] M.G. Zapata, “Secure Ad-Hoc On-Demand Distance Vector [21] D. Beaver, “Foundations of Secure Interactive Computing,”
Routing,” Mobile Computing and Comm. Rev., vol. 6, no. 3, pp. Proc. Conf. Advances in Cryptology (CRYPTO ’91), pp. 377-391,
106-107, 2002. 1992.
[8] P. Papadimitratos and Z. Haas, “Securing Mobile Ad-Hoc [22] D. Beaver and S. Haber, “Cryptographic Protocols Provably
Networks,” Handbook of Ad Hoc Wireless Networks, M. Ilyas, ed., Secure against Dynamic Adversaries,” Proc. Conf. Advances in
CRC Press, 2002. Cryptology (EUROCRYPT ’92), pp. 307-323, 1992.
[9] K. Sanzgiri, B. Dahill, B.N. Levine, C. Shields, and E.M. [23] S. Yang and J. Baras, “Modeling Vulnerabilities of Ad-Hoc
Belding-Royer, “A Secure Routing Protocol for Ad Hoc Networks,” Routing Protocols,” Proc. ACM Workshop Security of Ad-Hoc and
Proc. IEEE Int’l Conf. Network Protocols (ICNP ’02), pp. 78-89, Sensor Networks, Oct. 2003.
2002.