a secure on-demand routing protocol for ad hoc networks
DESCRIPTION
A Secure On-Demand Routing Protocol for Ad Hoc Networks. Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG. Introduction. Design. Evaluation & Analysis. Related work. Critical Appraisal of the work. Agenda. Motivation. On demand Ad hoc routing protocol - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/1.jpg)
GZ06 : Mobile and Adaptive Systems
A Secure On-Demand Routing Protocol for Ad Hoc Networks
Allan HUNTWandao PUNYAPORN
Yong CHENGTingting OUYANG
![Page 2: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/2.jpg)
GZ06 : Mobile and Adaptive Systems
Agenda
Introduction
Design
Evaluation & Analysis
Related work
Critical Appraisal of the work
![Page 3: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/3.jpg)
GZ06 : Mobile and Adaptive Systems
Motivation
On demand Ad hoc routing protocol
Security in Ad hoc protocols.Attack models
General protocol
Mobility
![Page 4: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/4.jpg)
GZ06 : Mobile and Adaptive Systems
Motivation (cont.)
Resource constrained devices (palm)
![Page 5: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/5.jpg)
GZ06 : Mobile and Adaptive Systems
Ariadne
Ariadne ProtocolThey have based there protocol on the basic
operators of DSRs, on demand source routing protocol.
Basic operations of DSR are:
Route discovery
Route maintenance
![Page 6: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/6.jpg)
GZ06 : Mobile and Adaptive Systems
Overview of TESLA
Basic Operation of Tesla:Uses a MAC
Picks an initial key at random Kn.Generates a set of keys Ko – Kn using a one way
Hash chain.
Delayed key discloserFor each K there is a release time.
Time synchronizationYou have to pick delta to be the maximum delay error
between any 2 nodes. All nodes must know this.
![Page 7: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/7.jpg)
GZ06 : Mobile and Adaptive Systems
Network Assumptions
They ignore the physical layer
Networks are bidirectional
Attacks on medium access control are disregarded.
Normal network (drop, corrupt, re-order)
Ariadne inherits all assumptions of the broadcast authentication protocol used such as (TESLA).
![Page 8: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/8.jpg)
GZ06 : Mobile and Adaptive Systems
Node Assumptions
Resource constrained Nodes.
No asymmetric cryptography.
Loosely synchronized clocks.
No trusted hardware used such as tamperproof modules.
![Page 9: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/9.jpg)
GZ06 : Mobile and Adaptive Systems
Security Assumptions
Ariadne relies on the following keys to be set up, depending on which authentication mechanism is used:
1. Pairwise shared secret key.
2. Digital signatures.
3. If TESLA is used, we assume a mechanism to set up shared secret keys between communicating nodes, and to distribute one authentic public TESLA key for each node.
![Page 10: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/10.jpg)
GZ06 : Mobile and Adaptive Systems
Agenda
Introduction
Design
Evaluation & Analysis
Related work
Critical Appraisal of the work
![Page 11: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/11.jpg)
GZ06 : Mobile and Adaptive Systems
Attack Model
PassiveActive
An attacker injects packets into the network An attack which has compromised nodes is
called an Active-VC attacker if it owns all nodes on a vertex cut through the network that partitions the good nodes into multiple sets.
Active-n-m• Active-0-1• Active-1-x• Active-y-x
![Page 12: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/12.jpg)
GZ06 : Mobile and Adaptive Systems
General Attacks on Ad Hoc Network Routing Protocols
Routing disruption attacks Routing loop Black hole Wormhole Rushing Attack
Resource consumption attacks Inject extra data packets Inject extra control packets
![Page 13: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/13.jpg)
GZ06 : Mobile and Adaptive Systems
Basic Ariadne Route Discovery
Stage 1 – Target verifies Route Requests
Stage 2 - Target authenticates the data in Route Requests and the sender can authenticate the Route Replies
Stage 3 - Provides a way to verify that no node is missing from the node list.
Assume initiator S performs a Route Discovery for target D.
S and D share the secret keys KSD and KDS for message authentication in each direction
![Page 14: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/14.jpg)
GZ06 : Mobile and Adaptive Systems
Ariadne Route Discovery Using TESLA
A ROUTE REQUEST packet contains eight fields(ROUTE REQUEST, initiator , target , id , time interval , hash chain,no
de list , MAC list)
The initiator of the REQUEST then initializes the hash chain to
MACKSD(initiator, target id, time interval)
The hash chain for the target nodeH[n,H[n-1 ,H[1,MACKSD(initiator, target id, time interval)]..]]]
A ROUTE REPLY packet also contains eight fields( ROUTE REPLY, target , initiator , time interval , node list,
MAC list , target MAC , key list)
![Page 15: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/15.jpg)
GZ06 : Mobile and Adaptive Systems
Ariadne Route Maintenance Using TESLA
To prevent unauthorized Route Error Messages, we authenticate a sender.
A ROUTE ERROR packet in Ariadne contains six fields
(ROUTE ERROR,sending address, receiving address, time interval, error MAC,recent TESLA key)
It should handle the possible memory consumption attack.
![Page 16: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/16.jpg)
GZ06 : Mobile and Adaptive Systems
Agenda
Introduction
Design
Evaluation & Analysis
Related work
Critical Appraisal of the work
![Page 17: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/17.jpg)
GZ06 : Mobile and Adaptive Systems
Evaluation
Modified Simulation Model Increased packet size to reflect the additional
fields necessary for authenticating Modified Route Discovery and Maintenance Adjusted re-transmission timeouts for Route
Requests to compensate for the delay Disallowed the use of prefixes of routes in the
Route Cache
![Page 18: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/18.jpg)
GZ06 : Mobile and Adaptive Systems
Evaluation - Packet Delivery Ratio
4.66% less PDR than DSR-NoOpt in maximumAriadne outperforms DSR-NoOpt at lower level of mobility
![Page 19: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/19.jpg)
GZ06 : Mobile and Adaptive Systems
Evaluation - Packet Overhead
Ariadne has 41.7% lower packet overhead than DSR-NoOpt
![Page 20: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/20.jpg)
GZ06 : Mobile and Adaptive Systems
Evaluation - Byte Overhead
Ariadne has 26.19% higher byte overhead than DSR-NoOpt
![Page 21: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/21.jpg)
GZ06 : Mobile and Adaptive Systems
Evaluation – Path Optimality
DSR-NoOpt performs slightly better than Ariadne
![Page 22: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/22.jpg)
GZ06 : Mobile and Adaptive Systems
Evaluation – Average Latency
Ariadne always has consistently lower latency than DSR-NoOpt
![Page 23: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/23.jpg)
GZ06 : Mobile and Adaptive Systems
Security Analysis
Active-0-x Bogus messages Wormhole and rushing attacks
Active-1-x Prevent two nodes from communicating Replace MAC or keys in the Route Request
Active-y-x Attempt to force the initiator to repeatedly initiate
Route Discoveries Resist Active-VC?
No solution provided
![Page 24: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/24.jpg)
GZ06 : Mobile and Adaptive Systems
Agenda
Introduction
Design
Evaluation & Analysis
Related work
Critical Appraisal of the work
![Page 25: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/25.jpg)
GZ06 : Mobile and Adaptive Systems
Related Work
Periodic protocols Much overhead introduced (storage,
bandwidth, control and delay) Protocols that use asymmetric crypto.
Computationally expensive to sign and verify• Possible DoS attacks
High network bandwidth usageProtocols that use network-wide
symmetric keys Single-node compromise
![Page 26: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/26.jpg)
GZ06 : Mobile and Adaptive Systems
Agenda
Introduction
Design
Evaluation & Analysis
Related work
Critical Appraisal of the work
![Page 27: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/27.jpg)
GZ06 : Mobile and Adaptive Systems
Conclusions
Achievements Security against various types of attacks Efficient symmetric cryptography General
• trusted hardware, powerful processors not needed
Overall Performance Compared to optimized DSR: less efficient Compared to unoptimized DSR: better in
some metrics (e.g. packet overhead)
![Page 28: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/28.jpg)
GZ06 : Mobile and Adaptive Systems
Critical Appraisal
Key Setup Methods: Pre-deployed, KDC, CA Fixed nodes. Circular dependency. Centralized.
Clock synchronization. Circular dependency Resource constrained. Insecure
Maximum end-to-end delay How to choose adaptively
![Page 29: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/29.jpg)
GZ06 : Mobile and Adaptive Systems
Critical Appraisal (cont.)
Delay and Buffer Size Slow responsiveness Resource constrained
Intermediate nodes authentication Authentication on demand
Remaining Security Issues Passive eavesdropper Inserting data packets attack Non-participating attacker Single layer security scheme
![Page 30: A Secure On-Demand Routing Protocol for Ad Hoc Networks](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f5550346895dc74045/html5/thumbnails/30.jpg)
GZ06 : Mobile and Adaptive Systems
Thanks for your attention!Any
questions?