Network-layer Security of Mobile Ad

hoc Networks
Jiangyi Hu
Advisor: Dr. Mike Burmester

Outline
Introduction
Secure routing
Existing routing protocols
Routing attacks
Secure routing protocols

Cooperation enforcement
Solutions to enforce cooperation

Network layer security of Manets

02/24/2004

Introduction
Example of Mobile Ad hoc networks
C

Network layer security of Manets

02/24/2004

Introduction
Characteristics of Manet:
Wireless connection, broadcasting
Dynamic topology
Unfriendly environment
Limited resource

Network layer security of Manets

02/24/2004

Introduction
Advantage
Ease of deployment
Fast to deploy
Decreased dependence on infrastructure

Application of Manet
emergency deployments
search and rescue missions
military operations
commercial applications

Network layer security of Manets

02/24/2004

Introduction
Vulnerabilities

The basic mechanism

The security mechanism

Security goals

Availability
Confidentiality
Integrity
Authentication
Non-repudiation

Network layer security of Manets

02/24/2004

Secure routing
Existing routing protocols
Security threats for routing
Secure routing protocols

Network layer security of Manets

02/24/2004

Existing routing protocols

Table driven routing
DSDV (destination sequenced distance vector)
CGSR (Clusterhead Gateway Switch Routing)
WRP (Wireless Routing Protocol)

On demand routing
DSR (dynamic source routing)
AODV (ad-hoc on-demand distance vector)
TORA (Temporally Ordered Routing Algorithm)

Network layer security of Manets

02/24/2004

DSR
Dynamic source routing
Route discovery/Route maintenance
Every packet have the entire route

Network layer security of Manets

02/24/2004

DSR
A
S-A-B-D
S-A-B-D

S-A-B-D

S-A

S-A-B

S-A-B
S-C-E-H
S-C-E

S-C-E
S-C

C
Network layer security of Manets

S-C-E
S-C-E-H

S-C-E-F

F
10

02/24/2004

AODV
Ad-hoc on-demand distance vector routing
No maintenance of routing table as in DSDV
Each node remembers only the next hop for
the route, not the whole route

Network layer security of Manets

11

02/24/2004

AODV
D
C
B
F

A
E

: Forward path

S
Network layer security of Manets

: Reverse path

12

02/24/2004

Routing attacks
Classification:
External attack vs. Internal attack
Passive attack vs. Active attack

Network layer security of Manets

13

02/24/2004

Routing attacks
Attacks for routing:
Modification
Fabrication
Wormhole attack (tunneling)
Denial of service attack
Invisible node attack
The Sybil attack
Rushing attack
Non-cooperation

Network layer security of Manets

14

02/24/2004

Modification
Modify the protocol fields of control messages
Compromise the integrity of routing
computation
Cause network traffic to be dropped,
redirected to a different destination or take a
longer route

Network layer security of Manets

15

02/24/2004

Fabrication
Generating false routing messages, e.g.
routing error messages
Can cause denial-of-service

: Connected
: Connected through multi-hops
: Forward false error message

Network layer security of Manets

16

02/24/2004

Wormhole attack
Colluding attackers uses tunnels between
them to forward packets
Place the attacker in a very powerful
position
The attackers take control of the route by
claiming a shorter path

Network layer security of Manets

17

02/24/2004

Wormhole attack
Example of wormhole attack
tunnel

...

D
C

S
B

A
Network layer security of Manets

18

02/24/2004

Denial of service attack

Adversary floods irrelevant data
Consume network bandwidth
Consume resource of a particular node

Network layer security of Manets

19

02/24/2004

Invisible node attack

Attack on DSR
Malicious does not append its IP address
M becomes invisible on the path
S

Network layer security of Manets

20

02/24/2004

The Sybil attack

Represents multiple identities
Disrupt geographic and multi-path routing
B
M1

M5

M2
M3

Network layer security of Manets

M4

21

02/24/2004

Rushing attack
Directed against on-demand routing protocols
The attacker hurries route request packet to
the next node to increase the probability of
being included in a route

Network layer security of Manets

22

02/24/2004

Non-cooperation
Node lack of cooperation, not participate in
routing or packet forwarding
Node selfishness, save energy for itself

Network layer security of Manets

23

02/24/2004

Secure routing protocols

SRP (Secure Routing Protocol)
ARAN (Authenticated Routing for Ad hoc
Networks)
Ariadne
SEAD (Secure Efficient Ad hoc Distance
vector routing )
Cope with wormhole attack

Network layer security of Manets

24

02/24/2004

SRP
Assume a shared secret key between the
source node and the destination node
Verification of the route request/reply packet
using MAC (Message Authentication Code)
Identities of intermediate nodes accumulated
in the route request packet

Network layer security of Manets

25

02/24/2004

ARAN
Requires a trusted certification authority
Every node forwards a route request or a
route reply must verify it and sign it
Asymmetric cryptography is costly in terms of
CPU and energy usage

Network layer security of Manets

26

02/24/2004

ARAN
Example of ARAN:
S

[RDP,IPD, CertS, NS, t]KS- , CertS

[[REP,IPS , CertD , NS , t]KD-, CertD ]KB- , CertB

[[RDP,IPD, CertS, NS, t]KS- , CertS ] KB- , CertB

[[REP,IPS , CertD , NS , t]KD-, CertD ]KC- , CertC

[[RDP,IPD, CertS, NS, t]KS- , CertS ] KC- , CertC

[REP,IPS , CertD , NS , t]KD-, CertD

: broadcast
: unicast

D
Network layer security of Manets

27

02/24/2004

Ariadne
Each node generates a one-way key chain (K0,K1,Ki,
Kn) and publishes the keys in reverse order from
generation
The sender picks Ki which will still be secret at the time
the receiver receives the packet
When a receiver receives a packet, it first verifies Ki is
still secret, then it buffers the packet and waits for the
sender to publish key Ki
Need time synchronization

Network layer security of Manets

28

02/24/2004

SEAD
Based on Destination-Sequence Distance
Vector Protocol (DSDV)
Uses one-way hash chain (h0 ,h1,hi,hn )
Use a hash value corresponding to the
sequence number and metric in a routing
update
Attacker can never forge better sequence
number or better metric

Network layer security of Manets

29

02/24/2004

Cope with wormhole attack

Geographic leash
Ensures that the recipient of the packet is within a
certain distance from the sender

Temporal leash
Ensures that the packet has an upper bound on its
lifetime

Network layer security of Manets

30

02/24/2004

Cooperation enforcement
Introduction
Solutions
Currency based
Local monitoring

Network layer security of Manets

31

02/24/2004

Cooperation enforcement
Currency based
Nuglets
Sprite

Local monitoring
Watchdog and path rater
Confidant
CORE
Token-based

Network layer security of Manets

32

02/24/2004

Nuglets
Nuglets ---- a virtual currency
Packet purse model
Sender pay nuglets in advance
Intermediate node takes nuglets for forwarding
service

Packet trade mode

Intermediate nodes buys the packet from the
previous one and sells it to the next one

Network layer security of Manets

33

02/24/2004

Nuglets
Advantage
Packet
purse
model

deters nodes from

difficult to estimate the
sending useless data and number of nuglets that
overloading the network
are required

source does not have to

Packet
trade mode know in advance the
number of nuglets
required

Network layer security of Manets

Disadvantage

34

can not prevent nodes

from overloading the
network

02/24/2004

Sprite
Uses credit to provide incentive to selfish
nodes
Nodes keep receipt to get payments from the
Credit Clearance Service (CCS)
Credit that a node receives depends on
whether its forwarding is successful or not

Network layer security of Manets

35

02/24/2004

Watchdog and path rater

A node's watchdog Listens promiscuously to the
next node's transmissions
If a node does not forward, it is misbehaving
The path rater choose the best path from watchdog
ratings
S

: Connected
: Connected through multi-hops
: Forwarding
: Listening
Network layer security of Manets

36

02/24/2004

Confidant
Consists of:
Monitor
Reputation System
Path Manager
Trust Manager

Network layer security of Manets

37

02/24/2004

Confidant
Detects malicious nodes
by means of observation or reports about several
types of attacks

Allows nodes
to route around misbehaved nodes
to isolate misbehaved nodes from the network

Network layer security of Manets

38

02/24/2004

CORE
Basic components:
Reputation table
stored in each node
the reputation value of each node

Watchdog mechanism
detect misbehavior nodes

Network layer security of Manets

39

02/24/2004

Token-based
Each node has to have a token
Local neighbors monitor
The token is renewed via multiple neighbors
The period of validity of a nodes token is
dependent on how long it has stayed and how
well it has behaved

Network layer security of Manets

40

02/24/2004

Token-based
Composed of:
Neighbor verification
Neighbor monitoring
Intrusion reaction
Security enhanced routing protocol

Network layer security of Manets

41

02/24/2004

Summary
Introduction
Secure routing
Existing routing protocols
Security attacks
Defenses

Node cooperation
Currency based
Local monitoring

Network layer security of Manets

42

02/24/2004

Thank you!