28-04-2011, 12:16 PM
Presented by;p
BORNITA DAS
[attachment=13001]
Security Issues in Mobile Ad hoc Networks
Mobile Ad hoc Networks (MANETs) - Overview
MANET is a self-configuring network of mobile nodes connected by wireless links—the union of which form an arbitrary topology
Individual nodes act as routers
- cooperate to forward both its own traffic as well as its neighbors traffic
Minimal configuration and quick deployment make ad hoc networks suitable for emergency situations like natural or human-induced disasters, military conflicts, emergency medical situations etc
Such a network may operate in a standalone fashion, or may be connected to the larger Internet
- All these features have helped MANETs gain popularity in the last decade
MANETs: Operation
Challenges in Securing MANETs
The salient features of ad hoc networks pose both challenges and opportunities in achieving these security goals
- use of wireless links renders a MANET susceptible to page link attacks ranging from passive eavesdropping to active impersonation, message replay, and message distortion
- to achieve high survivability, ad hoc networks should have a distributed architecture with no central entities
- due to dynamic nature of MANETs, an a priori trust relationship between the nodes cannot be derived. It is desirable for the security mechanisms to adapt on-the-fly to these changes,as node security is critical
- a MANET may consist of hundreds or even thousands of nodes. Security mechanisms should be scalable to handle such a large network.
-lack of fixed topology stops us from using classical solutions like certification authority, hence routing protocol must be sophisticated
Challenges in Securing MANETs
Security in MANET is an essential component for basic network functions like packet forwarding and routing
- network operation can be easily jeopardized if counter measures are not embedded into their design
To secure an ad hoc network, the following attributes may be considered:
- Availability
- Confidentiality
- Integrity
- Authentication
- Non-repudiation
Challenges in Securing MANETs
Security exposures of ad hoc routing protocols are due to two different types of attacks:
- Active attacks through which the misbehaving node has to bear some energy costs in order to perform some harmful operation, and
- Passive attacks that mainly consist of lack of cooperation with the purpose of energy saving.
Nodes that perform active attacks with the aim of damaging other nodes by causing network outage are considered to be malicious.
Nodes that perform passive attacks with the aim of saving battery life for their own communications are considered to be selfish
Selfish nodes can severely degrade network performances and eventually partition the network
Challenges in Securing MANETs -Classification of attacks
Challenges in Securing MANETs - Wormhole Attacks
Challenges in Securing MANETs - Wormhole Attacks
Challenges in Securing MANETs - Wormhole Attacks
Challenges in Securing MANETs - Wormhole Attacks
Challenges in Securing MANETs -Classification of attacks
Presentation Outline
Mobile Ad hoc Networks - Overview
Challenges in Securing MANETs
SRP and how Attacks are encountered
The Secure Routing Protocol (SRP)
Proposed by Papadimitratos & Haas
Designed as an extension of reactive routing protocol
Goal - to combat attacks that disrupt route discovery and guarantee correct topological information
SRP assumptions - a) Bi-directional communication
b) Security Association(SA) between src and dest nodes
c) Non-colluding nodes
SRP has four fundamental components:
Route Request (RREQ)
Query Propagation
Route Reply(RREP)
Reply Validation
The Secure Routing Protocol (SRP) - Route Request
S issues a RREQ to T in a query packet, which is transmitted by broadcast
Query packet has 4 fields in SRP header-
Q seq -Query sequence number that S maintains for each T it attempts to establish route
Qid- random no to distinguish requests
MAC(Message Authentication Code)- generated by a key hashed algorithm with key Ks,t (SA) i.e. MAC=h(S , T , Qid , Qseq , Ks,t)
Route- initialized with S address
The Secure Routing Protocol (SRP) - Query Propagation
Intermediate nodes relay the RREQ along the network
Upon receipt of a RREQ, intermediate nodes extract the source & destination address from IP & SRP header
Based on this maintains a entry in the query table(with Qid)
Forwards the RREQ by broadcast(if no matching entries found)
Repeated by subsequent intermediate nodes till packet reaches its target
The Secure Routing Protocol (SRP) - Route Reply
When RREQ reaches T ; its verified
T checks the S address in IP header, to find if shares an SA with query initiator
If yes,T compares Qseq to Smax( max sequence number that T maintains for each of its SA partners)
If Qseq<= Smax, query packet is discarded
Else,T computes MAC
T compares received MAC to one it computes to verify message integrity
Now T computes RREP
Response packet is same as Request packet
Only change, Route field within MAC
The response is then unicast along the reverse identified route
The Secure Routing Protocol (SRP) - Reply Validation
When S receives response packet , it verifies S,T, Qid & Qseq
S then compares route traversed by the packet to the reverse of the route field identified by T
If two routes don’t match packet is dropped
Else S again computes the MAC and compares with MAC in response packet
If the MACs match ,S accepts the RREP as non-corrupted and deems the route as legitimate path
The Secure Routing Protocol (SRP) - Different Attacks and how they are countered
Let M1 and M2 be two malacious intermediate nodes
Let{QST:n1,n2,n3..,nk} be RREQ and {RST:n1,n2,n3..,nk} be RREP where n1=S, nk=T and
i not=(1,k) are intermediate nodes
Case 1:Fake destination When M receives { QST; S} it tries to mislead S by generating{ RST; S, M1, T} i.e. it fakes that destination T is its neighbor. This is not possible, since only T can generate the MAC which is verified by S.
Case 2
iscard packets If M1 discards request packets that it receives ,it practically removes itself from S’s view. Thus it cannot inflict harm to data flows originating from S, and route chosen by S would not include M1.The Secure Routing Protocol (SRP) - Different Attacks and how they are countered
Case 3:Integrity When M1 receives { RST; S,1, M1, S, 4, T} it tampers with its contents and relays{ RST; S, 1, M, Y, T}. Y being any sequence of nodes. S readily discards the reply due to the integrity protection provided by MAC.
Case 4:Corrupt packet When M2 receives { QST; S, 2, 3 } it corrupts the accumulated route and relays { QST; S, X, 3, M2} to its neighbors, where X is a false IP address. This request arrives at T, which constructs the reply and routes it over {T, M2, 3, X, S} towards S. but when node 3 receives the reply it cannot forward it any further since X is not its neighbor and the reply is dropped
The Secure Routing Protocol (SRP) - Different Attacks and how they are countered
Case 5:Replay If M1 replays route requests to consume network resources, they will be discarded by intermediate nodes, since they maintain a list of query identifiers seen in the past. The query identifier is a random number, so that it is not guessable by the malicious node.
Case 6:SpoofingIf M1 attempts to forward { QST; S, M*} i.e. it spoofs its IP address. Consequently S would accept { RST; S, M*, 1, 4, T} as a route. But the connectivity information conveyed by such a reply is correct.
However, in practice, neighbor discovery that maintain information on the binding of the MAC and IP address can strengthen the protocol. Packets would be discarded when relayed by same data page link interface i.e. same MAC address with more than one different IP address.
The Secure Routing Protocol (SRP) - Strengths & Weakness
Strengths:
Copes with non-colluding malicious nodes
Immune to spoofing
Prevents Black hole attacks
Prevents DoS attacks
Provides Authentication & Integrity
For Confidentiality we can send payload with shared key Ks,t
The Secure Routing Protocol (SRP) - Strengths & Weakness
Weakness:
Suffers from route cache poisoning attacks
Lack of validation mechanism for route maintenance messages
Vulnerable to worm hole attacks
Doesnot provide Non-Repudiation
Other Protocols for Securing MANETs - Securing Routing in MANETs
ARIADNE (a secure routing protocol based on DSR) guarantees that the target node of a route discovery process can authenticate the initiator
the initiator can in turn authenticate each intermediate node on the path to the destination present in the RREP message
no intermediate node can remove a previous node in the node list in the RREQ or RREP messages.
ARAN secure routing protocol (conceived as an on-demand routing protocol) that detects and protects against malicious actions carried out by third parties and peers in the ad hoc environment.
It introduces authentication, message integrity and non-repudiation as part of a minimal security policy for the ad hoc environment
Consists of a preliminary certification process, a mandatory end-to-end authentication stage and an optional second stage that provides secure shortest paths
Conclusion
Security of ad hoc networks has recently gained momentum in the research community
Current work in MANETs secure routing:
ARAN(Authenticated Routing for Adhoc Networks)
Ariadine
SEAD(Secure Efficient Adhoc Distance Vector Routing)
But all the above suffer from Wormhole attacks(as SRP)
SPAAR(Secure Position Aided Adhoc Routing) ,Packet Leashes, Bloodhound & Watchdog proposed as solution,
but both cannot be considered as a total security solution for adhoc
As the technology for ad hoc wireless networks gains maturity, comprehensive security solutions based on realistic trust models and addressing all prevalent issues like routing, key management and cooperation enforcement are expected to appear
