Professional Documents
Culture Documents
Team at Motorola:
Jeff Bonta
George Calcev
Benetido Fouseca
Trefor Delve
Team at Purdue University:
X. Wu
Research scientist (receives his
PhD from UC-Davis)
Y. Lu
PhD student
G. Ding
PhD student
W. Wang
PhD student
Problem statement
How to provide secure, continuous,
and efficient connectivity for a
mobile unit in a structured (cellular
based) or unstructured (ad hoc)
network environment?
3
Challenges
Dynamic topology
Movement, node failure, etc.
Unfriendly environment
Selfish nodes, malicious attackers
Research contributions
Combining advantages of cellular systems and ad
hoc networks to enable a more secure network
structure and better performance
Designing routing protocols for ad hoc networks
that adapt to both network topology and traffic
congestion
Designing intruder identification protocols in ad
hoc networks
Conducting experimental studies in heterogeneous
wireless environments and evaluating our protocols
5
Research directions
Cellular-aided Mobile Ad Hoc Network
(CAMA)
Adaptive and Heterogeneous Mobile
Wireless Networks
Intruder Identification in Ad Hoc Networks
Challenges
Authentication and accounting
No fixed membership
Security concern
Open medium without any centralized control
Current Environment
Cellular network provides:
Wide coverage
Multiple services with single cellular ID
Small packet service in 3G network
Wireless terminals with different protocols
10
CAMA Description
Integration of cellular network and ad hoc
network
CAMA agent works as centralized server
attached to the cellular network
CAMA agent provides ad hoc nodes
information such as authentication, routing
support, keys through cellular channel
Data transmission uses ad hoc channel
11
CAMA Environment
12
Major Ideas
Use signals via cellular network for ad hoc
routing and security managements
Centralized CAMA agent provides control
over distributed ad hoc network
13
No transmission bottleneck
Not all traffic need going through a single node
15
Impact
Cellular service combined with low-cost,
high-data-rate wireless service
16
Research Questions
Feasibilities in commercial applications
requires:
Development of routing algorithm and
protocols for multimedia service
Investigation of CAMA vulnerabilities
Development of security protocols for key
distribution and intrusion detection
Evaluation of gain in ad hoc network
Evaluation of overhead in cellular network
17
Methodology of Research
Building algorithms and protocols
Developing bench marks and performance metrics
on multi-media service
Conducting experimental studies
Using ns-2
Using common platform simulator from Motorola Inc.
Node mobility
Exponentially distributed speed
Node density
400 users/sq.km to 14800 users/sq.km
Traffic pattern
VoIP, TCP, Video
19
Accounting
Charging rate
Award to intermediate nodes
20
21
22
Problem statement
How to provide continuous connectivity for
a mobile unit to a network in which every
node is moving?
Papers:
Secure Wireless Network with Movable Base Stations, being
revised for IEICE/IEEE Joint Special Issue on Assurance
Systems and Networks.
Study of Distance Vector Routing Protocols for Mobile Ad Hoc
Networks, in Proceedings of IEEE International Conference on
Pervasive Computing and Communications (PerCom), 2003.
24
Challenges
Dynamic topology
Movement, node failure, energy problem, etc.
Decentralized control
Limited bandwidth
Congestion is typically the norm rather than the
exception. [RFC 2501]
25
Research contributions
Routing protocols for mobile ad hoc
networks that adapt to not only network
topology, but also traffic and congestion.
Architecture, design of protocols, and
experimental evaluation in heterogeneous
wireless environments
26
Broad impacts
Sensor networks
Military networks
27
28
30
Approach
Routing information
uses
Additional
information
DSDV
Proactive
Distance Vector
DSR
On-demand
Source routing
AODV
On-demand
Distance Vector
ZRP
Hybrid
Distance Vector
ADV
Hybrid
Distance Vector
STAR
Proactive
Link State
ABR
On-demand
Distance Vector
Associativity
AOMDV
On-demand
Distance Vector
Multipath
31
Methodology of research
Developing benchmarks and performance
metrics for routing protocols
Conducting experimental studies
Determine guidelines for design
Evaluate protocols
33
Ongoing research
Study of proactive and on-demand
approaches
Congestion-aware distance vector routing
protocol
Packet loss study
34
Research study
Investigate the proactive and on-demand approaches
Generalize the results obtained from protocols to the
proactive and on-demand approaches
Introduce power consumption as a performance metric
Inject heavy traffic load
Identify the major causes for packet drop
Comprehensively study in various network environments
35
Simulation experiments
DSDV and AODV are studied by varying
network environment parameters
Node mobility (maximum moving speed)
Traffic load (number of connections)
Network size (number of mobile nodes)
Performance metrics
ns-2
Examined protocols
Simulation duration
1000 seconds
Simulation area
Transmission range
1000 m x 1000 m
250 m
Movement model
Random waypoint
Maximum speed
4 24 m/s
Traffic type
Data payload
Packet rate
Node pause time
Bandwidth
CBR (UDP)
512 bytes/packet
4 packets/sec
10 seconds
1 Mb/s
37
Objective:
Dynamically detect congestion and route packets through lesscrowded paths
Method:
Characterize congestion and traffic load by using expected delay.
Consider expected delay at the next hop as the secondary metric
to make routing decisions.
Allow a one-hop longer route to be chosen.
Use destination sequence number to avoid loop.
39
Design issues
Use MAC layer callback to detect broken link
Quick detection
More triggered updates
Whether re-queue a packet
40
CADV
Components:
Real time traffic monitor
Traffic control
Route maintenance module
Route update:
When broadcasts an update, every node advertises the expected
delay of sending a packet as:
E[ D ]
Route maintenance
Apply a function f(E[D], distance) to evaluate the value of a route
41
Observations of CADV
CADV outperforms AODV and DSDV in terms
of delivery ratio
The end-to-end delay becomes longer because
longer routers may be chosen to forward packets
The protocol overhead of CADV is doubled
compared with that of DSDV. It is still less than
that of AODV when the network is loaded
CADV consumes less power per delivered packet
than DSDV and AODV do
42
Large scale
Heterogeneity
Autonomous sub-nets
Base stations have more resources
Base stations take more responsibilities
43
Research questions
How to organize the network?
Minimize the effect of motion
Minimize the involvement of mobile host
44
Related work
Integrating ad hoc and cellular
Mobile-Assisted Connection-Admission (MACA)
[Wu/Mukherjee/Chan, GlobeCom00] (UC-Davis)
Integrated Cellular and Ad-hoc Relaying (iCAR)
[Wu/Qiao/De/Tonguz, JSAC01] (SUNY-Buffalo)
Multihop Cellular Networks (MCN) [Lin/Hsu, InfoCom00] (Taiwan)
Hierarchical structure
Multimedia support for Mobile Wireless Networks (MMWN)
[Ramanathan/Steenstrup, MONET98] (BBN Technologies)
Clustering scheme for hierarchical control in multi-hop wireless
networks [Banerjee/Khuller, InfoCom01] (UMD)
45
Methodology of research
Building architecture, developing
algorithms and protocols
Membership management
Inter-subnet routing
Intra- and inter-subnet authentication
46
Research results
Hierarchical mobile wireless network
(HMWN)
Hierarchical membership management scheme
Segmented membership-based group routing
protocol
Protection of network infrastructure
Secure roaming and fault-tolerant
authentication
47
Intruder Identification in Ad
Hoc Networks
Problem Statement
Intruder identification in ad hoc networks is the
procedure of identifying the user or host that conducts
the inappropriate, incorrect, or anomalous activities
that threaten the connectivity or reliability of the
networks and the authenticity of the data traffic in the
networks.
Papers:
On Security Study of Two Distance Vector Routing Protocols for
Mobile Ad Hoc Networks, in Proceedings of IEEE International
Conference on Pervasive Computing and Communications
(PerCom), 2003.
On Vulnerability and Protection of Ad Hoc On-demand
Distance Vector Protocol, in Proceedings of 10th IEEE
International Conference on Telecommunication (ICT), 2003.
50
Research Motivation
More than ten routing protocols for Ad Hoc
networks have been proposed (AODV, DSR,
DSDV, TORA, ZRP, etc.)
Research focus has been on performance
comparison and optimizations such as multicast
and multiple path detection
Research is needed on the security of Ad Hoc
networks.
Applications: Battlefields, Disaster recovery.
51
Research Motivation
Two types of attacks target Ad Hoc network
External attacks:
MAC layer jamming
Traffic analysis
Internal attacks:
Compromised host sending false routing
information
Fake authentication and authorization
Traffic flooding
52
Research Motivation
Protection of Ad Hoc networks
Intrusion Prevention
Traffic encryption
Sending data through multiple paths
Authentication and authorization
Intrusion Detection
Anomaly pattern examination
Protocol analytical study
53
Research Motivation
Deficiencies of intrusion prevention
Increases the overhead during normal
operations of Ad Hoc networks
Restriction on power consumption and
computation capability prevent the usage of
complex encryption algorithms
Flat infrastructure increases the difficulty for
the key management and distribution
Cannot guard against internal attacks
54
Research Motivation
Why intrusion detection itself is not enough
Detecting intrusion without removing the
malicious host leaves the protection in a passive
mode
Identifying the source of the attack may
accelerate the detection of other attacks
55
Research Motivation
Research problem: Intruder Identification
Research challenges:
How to locate the source of an attack ?
How to safely combine the information from
multiple hosts and enable individual host to
make decision by itself ?
How to achieve consistency among the
conclusions of a group of hosts ?
56
Static routing
Listen to specific IP address
Default router
Cannot apply in Ad Hoc networks
58
Solution
JiNAO:NCSU and MCNC
Encryption and digital signature
59
61
62
63
Problem Statement
Intruder identification in ad hoc networks is
the procedure of identifying the user or host
that conducts the inappropriate, incorrect, or
anomalous activities that threaten the
connectivity or reliability of the networks
and the authenticity of the data traffic in the
networks.
64
Evaluation Criteria
Accuracy
False coverage: Number of normal hosts that are
incorrectly marked as suspected.
False exclusion: Number of malicious hosts that are not
identified as such.
Overhead
Overhead measures the increases in control packets and
computation costs for identifying the attackers (e.g.
verifying signed packets, updating blacklists).
Workload of identifying the malicious hosts in multiple
rounds
65
Evaluation Criteria
Effectiveness
Effectiveness: Increase in the performance of ad hoc
networks after the malicious hosts are identified and
isolated. Metrics include the increase of the packet
delivery ratio, the decrease of average delay, or the
decrease of normalized protocol overhead (control
packets/delivered packets).
Robustness
Robustness of the algorithm: Its ability to resist
different kinds of attacks.
66
Assumptions
A1. Every host can be uniquely identified and its ID cannot be changed
throughout the lifetime of the ad hoc network. The ID is used in the
identification procedure.
A2. A malicious host has total control on the time, the target and the
mechanism of an attack. The malicious hosts continue attacking the
network.
A3. Digital signature and verification keys of the hosts have been
distributed to every host. The key distribution in ad hoc networks is a
tough problem and deserves further research. Several solutions have
been proposed. We assume that the distribution procedure is finished,
so that all hosts can examine the genuineness of the signed packets.
A4. Every host has a local blacklist to record the hosts it suspects. The host
has total control on adding and deleting elements from its list. For the
clarity of the remainder of this paper, we call the real attacker as
malicious host, while the hosts in blacklists are called suspected
hosts.
67
Introduction to AODV
Introduced in 97 by Perkins at NOKIA, Royer at
UCSB
12 versions of IETF draft in 3 years, 4 academic
implementations, 2 simulations
Combines on-demand and distance vector
Broadcast Route Query, Unicast Route Reply
Quick adaptation to dynamic link condition and
scalability to large scale network
Support Multicast
69
- http://www.ietf.org/internet-drafts/draft-ietf-manet-aodv-11.txt
70
71
Establish path to
Unicast reply
the destination
Establish Broadcast
path to
the sourcerequest
S1
S3
Establish Broadcast
path to
the sourcerequest
Establish path to
Unicast reply
the destination
S2
S4
Establish path to
Unicast reply
the destination
Establish
Broadcast
path to
the source
request
S
72
Attacks on AODV
Malicious route request
query non-existing host (RREQ will flood throughout the
network)
74
Protocol Overhead
No Attacks
96%
38%
Silent Discard
91%
41%
False Distance
75%
38%
False Destination
Sequence
53%
66%
Vicious Flooding
91%
293%
75
RREP(D, 5)
RREQ(D,5)3)
S3 RREP(D,
RREQ(D, 3)
S
RREQ(D,20)
3)
RREP(D,
S1
RREQ(D, 3)
RREP(D, 20)
S2
RREP(D, 20)
M
76
ns2
1000 seconds
1000 * 1000 m
30
250 m (Lucent WaveLAN Card
Specification)
5 -- 20 m/s
25
2 pkt / sec
False distance vector and false
destination sequence
78
X-axis is max moving speed, which evaluates the mobility of host. Yaxis is delivery ratio. Two attacks: false distance vector and false
destination sequence, are considered. They lead to about 30% and 50%
of packets to be dropped.
79
D
S3
RREQ(D, 21)
S
S1
S2
S4
Propagation of RREQ
80
82
S
BL {S1}
S4
BL {}
S1
BL {}
INVALID ( D, 5, 21,
{}, SIGN )
BL {S2}
S2
BL {M}
M BL {}
83
84
85
Simulation parameter
Simulation duration
Simulation area
Number of mobile hosts
Transmission range
Pause time between the host
reaches current target and moves to
next target
1000 seconds
1000 * 1000 m
30
250 m
0 60 seconds
Maximum speed
5 m/s
25/50
Packet rate
2 pkt / sec
89
X-axis is host pause time, which evaluates the mobility of host. Y-axis is
delivery ratio. 25 connections and 50 connections are considered. RLR
brings a 30% increase in delivery ratio. 100% delivery is difficult to
achieve due to network partition, route discovery delay and buffer.
91
92
# of normal
hosts identify
the attacker
# of normal
hosts marked as
malicious
30 hosts, 50 connections
# of normal
hosts identify
the attacker
# of normal
hosts marked as
malicious
24
0.22
29
2.2
10
25
29
1.4
20
24
25
1.1
30
28
29
1.1
40
24
29
0.6
50
24
0.07
29
1.1
60
24
0.07
24
1.0
93
# of attackers
30 hosts, 25 connections
30 hosts, 50 connections
# of normal
# of normal
hosts identify all hosts marked as
attackers
malicious
# of normal
# of normal
hosts identify all hosts marked as
attackers
malicious
28
29
1.1
28
0.65
28
2.6
25
27
1.4
21
0.62
25
2.2
15
0.67
19
4.1
94
X-axis is host pause time, which evaluates the mobility of host. Yaxis is normalized overhead (# of control packet / # of delivered
data packet). 25 connections and 50 connections are considered.
RLR increases the overhead slightly.
95
96
97
Robustness of RLR
If the malicious host sends false INVALID
packet
Because the INVALID packets are signed, it cannot
send the packets in other hosts name
If it sends INVALID in its own name, the reverse
labeling procedure will converge on the malicious
host and identify the attacker. The normal hosts
will put it into their blacklists.
98
Robustness of RLR
If the malicious host frames other innocent hosts
by sending false Blacklist
If the malicious host has been identified, the blacklist
will be ignored
If the malicious host has not been identified, this
operation can only lower the threshold by one. If the
threshold is selected properly, it will not impact the
identification results.
99
Robustness of RLR
If the malicious host only sends false
destination sequence about some special host
The special host will detect the attack and send
INVALID packets.
Other hosts can establish new routes to the
destination by receiving the INVALID packets.
100
103
Further Work
Design a set of formalized criteria to evaluate
identification algorithms
Study more features of Ad Hoc networks and
exploit their vulnerability
Simulate attacks on RLR, examine its robustness
Integrate with research on trust
Methods to identify the non-attackers and release
them from blacklist
Mechanisms to release hosts from the permanent
blacklist
104
105
Selected References
106
Selected References
107