securite adhoc

50 %
50 %
Information about securite adhoc

Published on October 7, 2007

Author: Nathaniel


Security of ad hoc networks routing protocols:  Security of ad hoc networks routing protocols Jean-Marie Orset 9 novembre 2005 Contents:  Contents Weaknesses of Manets Passive / active attacks Requirements / definitions Protection schemes State of the art Conclusion Characteristics:  Characteristics Highly dynamic nature of mobile ad hoc networks Weak bandwith « Peanut » cpu Limited battery power High latency Heterogeneity Both bi-directional and unidirectional links Characteristics:  Characteristics Current ad hoc routing protocols trust all participating nodes No accurate model of an attacker It is difficult to make the difference between a intruder and a node working abnormally Related work:  Related work Various schemes have already been proposed Reactive protocols - DSR, AODV, TORA Proactive protocols - DSDV, OLSR, TBRPF Observation:  Observation They were not conceived to satisfy security requirements, => they do not cope with treats and are very vulnerable If there is no security in the routing protocol, active attackers can easily exploit, even completely disable, an ad hoc network Active / passive:  Active / passive Attacks against ad hoc routing protocols can be active or passive: A passive attack does not disrupt the operation of the protocol, but tries to discover valuable information by listening to traffic (only eavesdrops) An active attack injects arbitrary packets and tries to disrupt the operation of the protocol in order to limit availability, gain authentication, or attract packets destined to other nodes Passive attacks:  Passive attacks Vulnerability of channels: as in any wireless network, messages can be eavesdropped Non-participation attack (lack of Cooperation: selfish nodes) Release of message content, location, topology… Traffic analysis => impossible to detect Active attacks:  Active attacks Spoofing (identity usurpation) Traffic hijacking Blackhole Replay attack Virtual tunnels (wormholes) Resources pillage (cpu, bandwith, battery) Active attacks:  Active attacks Physical Layer:  Physical Layer Jamming: an adversary keeps sending useless signals making other nodes unable to communicate Tampering: an attacker can tamper with nodes physically Link layer:  Link layer Weaknesses of the 802.11b protocol e.g.: weaknesses of the wep protocol Hidden station problem Impersonation:  Impersonation This attack forms a serious risk: if proper authentication of parties is not supported, compromised nodes may, in the network layer, be able to join the network undetectably or send false routing information. Routing disruption attacks:  Routing disruption attacks Forge routing packets To create routing loop To create black hole (all packets are dropped) To cause a node to use wormhole (suboptimal routes) To partition the network Routing disruption attacks:  Routing disruption attacks The attacker adds his address in source route (reactive protocols) Many protocols require HELLO messages to announce themselves (proactive) =>Bad assumption of distance between nodes when receiving HELLO messages Attack on OLSR: example:  Attack on OLSR: example B is MPR of A. C is two hops away from A 1. B and A send Hello messages 3. Insertion of an Hello message by the intruder, claiming a symmetrical link to C Consequences : • The intruder is selected as a MPR by A et B • The trafic from A to C is disrupted to the intruder Intruder Gratuitous detour:  Gratuitous detour Loop creation:  Loop creation Black hole:  Black hole An attacker advertises a zero metric for all destinations causing all nodes around it to route packets towards it The malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept Then it discards all the packets it is asked to forward Gray hole:  Gray hole Same as Blackhole but the attacker keeps on forwarding control packets like Route Error, Route Request… => The network seems to work normally but all data packets are discarded Wormhole:  Wormhole Routing disruption attacks: Cause legitimate packet to be routed in dysfunctional ways Scheme: an attacker records packets at one location in the network, and tunnels them to another location, routing can be disrupted when only routing control messages are tunneled Wormhole:  Wormhole Cripples most ad hoc network routing protocols Breaks neighbor discovery functionality =>unconsistent vision of the topology Almost impossible to prevent Wormhole:  Wormhole Replay attack:  Replay attack An attacker sends old advertisements to a node causing it to update its routing table with stale routes Blackmail:  Blackmail Some protocols use Blacklist to keep trace and exclude malicious nodes When each node maintains “blacklist” Causing avoidance of that node in routes => can be used against normal nodes Rushing attack :  Rushing attack Targeted against on-demand routing protocols with duplicate suppression Disseminates Route Requests quickly, suppressing any later legitimate Route Requests Attack on the route maintenance mechanism => flood the network with Route Error Denial of service attacks:  Denial of service attacks A denial of service attack is any event that diminishes or eliminates a network’s capacity to perform its expected function Injects extra packets to consume resources Data packets Consumes bandwidth, especially over detours or loops Control packets Consumes more bandwidth/computational resources for processing and forwarding such packets Denial of Service:  Denial of Service Routing table overflow: => problematic for proactive protocols like OLSR Resource consumption attacks Bandwith exhaustion Battery exhaustion: (sleep deprivation) In IEEE802.11 based MAC, continuous RTS requests cause battery exhaustion at targeted neighbor Impact of Attacks on DSR (ns2):  Impact of Attacks on DSR (ns2) Impact of Attacks on DSR (ns2):  Impact of Attacks on DSR (ns2) Impacts of Attacks on AODV (ns2):  Impacts of Attacks on AODV (ns2) X-axis is max moving speed, which evaluates the mobility of host. Y-axis is delivery ratio. Two attacks: false distance vector and false destination sequence, are considered. They lead to about 30% and 50% of packets to be dropped. Impact of Attacks on AODV (ns2):  Impact of Attacks on AODV (ns2) Observation:  Observation Current ad hoc routing protocols are rather insecure Consideration of security at design time is the best way to ensure successful network deployment Contents:  Contents Weaknesses of Manets Passive / active attacks Requirements / definitions Protection schemes State of the art Conclusion Definitions:  Definitions Availability Secrecy Integrity Identification Authentication Availability:  Availability Prevent non authorized denies to the information or the resources Typical example: DoS attacks against The bandwith The CPU The memory (routing tables) => Access control mechanisms Secrecy:  Secrecy Prevent not authorized divulgation of information Location of nodes Topology of the network Trafic (eavesdropping) => Usually accomplished by encryption Integrity:  Integrity Ensure that information hasn’t been altered IP Headers Source Route (DSR) => Spread spectrum, digests, checksums, or/and encryption Identification:  Identification Determine the identity of nodes Physical layer: spread spectrum Link layer: MAC address Routing layer: IP address Application layer: login Authentication:  Authentication Verify and validate the identity claimed by a node (need for a third trust authority) => Cryptographic schemes: digital signatures, certificates… Freshness:  Freshness Ensure that the data received is recent Weak freshness: provides partial ordering of msg. Strong freshness: provides total ordering and allows for delay estimation => timestamps + global synchronisation Security requirements:  Security requirements Certain discovery: if a route between two nodes exists it should always be found Self-stabilisation: the routing protocol should be able to recover from any problem without human intervention Byzantine robustness: should be able to function properly even if some participating nodes are disrupting its operation Isolation: misbehaving nodes should be identified and isolated from routing Lightweight computations Contents:  Contents Weaknesses of Manets Passive / active attacks Requirements / definitions Protection schemes State of the art Conclusion Redundancy:  Redundancy Use of multiple routes to transmit redundant informations e.g. n routes between 2 nodes n - r routes for data r routes for control packets (checksum, hash codes…) or message divided in n parts Redundancy:  Redundancy Inconvenients High overhead (more control data) Do not cope with the problem of identification (colluded nodes) of gratuitous detour Vulnerable to DoS attacks (discard of control packets, flooding) Multiple acknowledgments:  Multiple acknowledgments When a node sends a packet, it verifies beside the neighbours if the next node does its job => useless with colluded nodes, consequent overhead, weak protection IPsec:  IPsec Many ad hoc routing protocol specifications suggest IPsec, however: It is too complex Not designed concurrently with the basic protocol, thus may leave unpredictable and undectable vulnerabilities in the system Produces additional configuration overhead Point to point authentication Point to point authentication:  Point to point authentication Authenticate the source of a RREP message by ciphering the source address Pb: vulnerable to replay attack: an attacker can intercept the message and replay it, creating multiple forged routes vulnerable to DoS attacks (the attacker discards the RREP (disponibility) Point to point authentication:  Point to point authentication Peer authentication is only useful to ensure the integrity of data Do not cope with the problems of DoS attacks, routing disruption, routing loops,… Symetric cryptography:  Symetric cryptography 2 identical private keys shared by the entities Encryption: {M}K Decryption: {{MK}K = M Examples: DES, 3DES, AES Symetric cryptography:  Symetric cryptography Many keys are required: n*(n-1)/2 Uneasy distribution of keys => how to send the keys? (smartcards?) More efficient than asymetric schemes (keys much shorter) Require less CPU power (can be easily embedded) Asymetric cryptography:  Asymetric cryptography 2 associated keys: one public and one secrete => computationaly impossible to deduce private key from public one Encryption: {M}K[A] Decryption: {{M}K[A]} K[A]-1 = M Signature: {{M}K[B]-1}K[B] Examples: RSA, MD5, SHA… Asymetric cryptography:  Asymetric cryptography Exchange of keys is easy Keys are bigger Slower than symetric schemes: delay 100 to 1000 times more costful than 3DES! Signature generation: 10 ms (300 Mhz) Signature verification: 1 ms Corresponding overhead: 128 bytes per packet => Use of asymetric crypto. to exchange symetric keys Asymetric cryptography:  Asymetric cryptography Pb: how to be sure that a public key comes from my interlocutor? e.g. real attack: broadcast of fake key (‘man in the middle’ in SSH) The public key must be signed by a third trusted authority => X509 certificate => very difficult in MANET What is a X509 certificate?:  What is a X509 certificate? Standard certificate format (ISO/IEC/ITU 9594-8), RFC 2459 A file containing A version number The issuer name (normally the CA) Subject name (name of the identified entity) Its public key Identifier of the algorithm, key parameters… A serial number Date of creation A validity period Public key infrastructure:  Public key infrastructure Set of services allowing to Create certificates Publish them Verify them Extend their validity Revoke them Public key infrastructure:  Public key infrastructure Classical PKI schemes not applicable in Manets, due to the lack of centralized authority and the very dynamic topology => need to distribute the authority Distributed certification:  Distributed certification The key management service consists of n servers. The service, as a whole has a public / private key pair K/k. The public key K is known by all nodes whereas the private key is divided into n shares: s1, s2, sn. K1/k1 K2/k2 Kn/kn K S1 S2 Sn Server 1 server 2 server n Distributed certification:  Distributed certification Each server i also has a public/private key pair Ki/ki and knows the public keys of all nodes Nodes as clients, can submit query requests to get other client’s public key or submit update requests to change their own public keys Servers can establish secure links among them => Need for a crypto scheme which can be distributed Threshold cryptography:  Threshold cryptography The scheme benefits to be used conjointly with treshold cryptography: A (n, t+1) configuration (n > 3t) allows n parties to share the ability to perform crypto operations t+1 parties can perform this operation jointly This is impossible for at most t colluded parties Threshold cryptography:  Threshold cryptography For the service to sign a certificate, each server generates a partial signature using its private key share and submit it to a combiner With t+1 correct partial signatures, the combiner is able to compute the signature for the certificate Compromised servers can’t generate fake correct certificates because they can generate at most t partial signatures If the operation fails, a combiner can try several sets of t+1 partial signatures Distributed certification:  Distributed certification Well adapted to the context of MANET Allows to establish a distributed certification authority Complex Induce an high overhead, delay Vulnerable to DoS attacks (always incorrect signatures) ARAN:  ARAN «A secure Routing protocol for Ad hoc Networks» Goal: authenticate every control packet by adding a certificate When entering the network, each node must acquire a certificate Then, it will sign each packet to send and join its certificate Afterward, each node must verify the validity of certificate, decipher the packet, analyse it and re-cipher for the next node ARAN:  ARAN Advantages: ensures a good hop-by-hop authentication Counters many attacks (routing disruption…) Drawbacks: Extremely cosful Great delay! CPU greedy! High overhead (overload for every packet) Autonomy substantially reduced ARAN:  ARAN Drawbacks: Prone to replay attacks if the nodes do not have time synchronisation Do not cope with the non-participation problem Need for a central certification authority Vulnerable to DoS attacks (useless replays) e.g. a node floods the network with fake certificates => the packets will be discarded but their analyse consume resources One way hash chains:  One way hash chains Built on a one-way hash function H:{0,1}* =>{0,1}p e.g. signature, MAC: {h(M)}K, {h(M)}K[A]-1 Simple to compute but infeasible to invert Two different messages produce different digests => collision resistant One way hash chains:  One way hash chains A node chooses a random initial value h0{0,1}p It computes a list of values: h0, h1, h2, …hn where hi = H(hi-1) for 0 < i < n hn-1 hn-2 hn h2 h1 … = H(h0) One way hash chains:  One way hash chains Anybody can generate later values Anybody can authenticate a value vj by using an earlier value vi and checking that Hj-i(vj) = vi If vi belongs to the one-way chain and if we have vj with Hj-i(vj) = vi then, vj originates from the same chain and was released by the creator of the chain One way hash chains:  One way hash chains It has been proved that a one-way chain with N elements requires: O(log(N)) storage O(Nlog(N)) computation to access an element SEAD:  SEAD «Secure Efficient distance vector routing for mobile wireless AD hoc Networks» Proposition: to rely on one-way hashs chains to secure the routing (DSDV) When a node S wants to establish a route to D, it generates a hash from the Type of request (RREQ) Its address as well as the one of the next node An identifier (to counter replay attacks) SEAD:  SEAD Then, each node on the route hashes the preceding msg after having added its address and the next one The receptor can verify the consistency between the claimed route and the real one by calculating the hash of all the addresses of nodes belonging to the route SEAD: example:  SEAD: example Without protection: S —> A: S A —> M: S,A M —> B: S,A (M does not append its address) B —> D: S,A,B D verifies and accept fake route = SABD A B S D M SEAD: example:  SEAD: example With protection: S —> A: S,A + H(S,A) A —> M: S,A,M + H(H(S,A) + A,M) M —> B: S,A,B (M does not append its address) B —> D: S,A,B,D + H(H(H(S,A) + M) +B D) D computes the hash chain corresponding to SABD and compares it with the hash chain received => inconsistency! A B S D M SEAD: discussion:  SEAD: discussion Not too much overhead since the digest size is constant Requires not too much calculus power for each node Implies the use of bidirectional links (the route from S to D and from D to S must be the same) Induces a consequent delay Packet leashes:  Packet leashes Concept: to rely on the location of nodes as well as a global synchronisation to counter wormhole attacks When a node sends a packet, it appends an evaluation of the time required to receive it When the receiver receives the packet, it compares the two times, if they are differ from more than x, it deduces there is a detour and asks to establish another one Packet leashes:  Packet leashes Only mean to counter detours on the route Only usable for proactive protocols It is very hard to ensure time synchronisation in MANET Requires means to locate the nodes (GPS) Packet leashes:  Packet leashes Since the topology may change quickly, it is very difficult to predict accurately the time taken by a packet to reach the destination Indeed with a very dynamic topology (node departures, obstacles), the search for a new route will induce a substantial delay Node surveillance:  Node surveillance Each node maintains a rating for every other node it knows about in the network Always 1.0 for itself Newly known nodes starting from 0.5 Increase 0.01 if the node is used by active route Decrease 0.05 if detects a link break, and the node becomes unreachable during packet relay Assign -1 to misbehaving nodes Node surveillance:  Node surveillance Calculates the path metric by averaging the node ratings in the path, and choose the path with highest metric If no path free of misbehaving nodes is found, one sends a new route request to search for more routes Node surveillance: discussion:  Node surveillance: discussion Allow to cope with the problem of non-participation but… Not perfect Only deals with selfish nodes Not work well in face of collisions Not able to tell replay attack Can not tell if next-hop node is selfish, or just has traveled away Contents:  Contents Weaknesses of Manets Passive / active attacks Requirements / definitions Protection schemes State of the art Conclusion Conclusion:  Conclusion There is still no model to describe a malicious behaviour in ad hoc networks => highly difficult to isolate malicious nodes Need for original methods to cope with the characteristics of Manets (e.g. distributed authority…) Conclusion:  Conclusion There is actually NO satisfying solution to secure the routing in ad hoc networks Each secure routing protocol may present some flaws => need for methods to automaticaly verify and validate the protocol Conclusion:  Conclusion Security has a cost! Secure mechanisms imply an high consumption of resources => need to make compromises, depending of the nature of the network (civilian / military) Ariadne:  Ariadne « A Secure On-Demand Routing Protocol for Ad Hoc Networks » Aim: adapt to the computational capacities of nodes Built to be used with the reactive protocol DSR Combine several approches: Private keys + MAC functions Broadcast authentication protocol Digital signatures Ariadne:  Ariadne Ariadne:  Ariadne Ariadne:  Ariadne Consistently lower packet overhead because Ariadne tends to find more stable routes than DSR-NoOpt, reducing no of Errors sent Ariadne:  Ariadne Due to authentication overhead, byte overhead is worse than DSR or DSR-NoOpt Ariadne:  Ariadne Ariadne is slightly worse than DSR-NoOpt because DSR-NoOpt initiates more Route Discovery and thus tends to more quickly find shorter routes Ariadne:  Ariadne Due to reduced number of broken links used in Ariadne, Ariadne has better latency than DSR-NoOpt Ariadne:  Ariadne Ariadne:  Ariadne Do not resolve the problem of distribution of keys 26% more overhead than non optimized DSR Less troughput Due to slower route discovery Route error processing delayed

Add a comment

Related presentations

Related pages

Security in Ad-hoc and Sensor Networks Buch portofrei ...

Bücher bei Weltbild: Jetzt Security in Ad-hoc and Sensor Networks versandkostenfrei online kaufen bei Weltbild, Ihrem Bücher-Spezialisten!
Read more

Ad hoc Security - HD Surveillance Camera | Outdoor IP ...

Ad-HocSecurity - Your one stop shop for Outdoor IP Camera, HD Surveillance Camera, HD Security Camera, Network Camera, DVR Card, Poe Switch. Visit us Today!
Read more

Renforcement de la scurit dans les rues de Tripoli en ...

Renforcement de la sécurité dans les rues de Tripoli en Libye. ... Erhalten Sie täglich um 10.00 Uhr die wichtigsten Meldungen sowie die ersten ...
Read more

Wireless ad hoc network - Wikipedia, the free encyclopedia

A wireless ad hoc network (WANET) ... Microsoft does not allow advanced encryption and security protocols for wireless ad hoc networks on Windows.
Read more

Security in wireless ad-hoc networks – A survey

Pervasive mobile and low-end wireless technologies, such as radio-frequency identification (RFID), wireless sensor networks and the impending vehicular ad ...
Read more

Security in Ad-hoc Networks - ResearchGate - Share and ...

Security in Ad-hoc Networks on ResearchGate, the professional network for scientists.
Read more

Security in Ad-hoc and Sensor Networks: First European ...

Claude - Security in Ad-hoc and Sensor Networks: First European Workshop, ESAS 2004, Heidelberg jetzt kaufen. ISBN: 9783540243960, Fremdsprachige Bücher ...
Read more

Security in Ad Hoc Networks - School of Computer Science ...

Security in Ad Hoc Networks Vesa Kärpijoki Helsinki University of Technology Telecommunications Software and Multimedia Laboratory
Read more

Securing Ad Hoc Networks - Home | Department of Computer ...

Securing Ad Hoc Networks∗ Lidong Zhou Department of Computer Science Zygmunt J. Haas School of Electrical Engineering Cornell University Ithaca, NY 14853
Read more

Adhocs Realtime | Adhoc-Übersicht | Unternehmensberichte ...

5877 Adhoc-Meldungen vom 10.05.16 bis zum 16.05.16 (Treffer: 1-50) Seite: 1 > .. 60 .. 118 : Uhrzeit: Titel: Wert: Kurs +/-% 07:00:27 DGAP-Adhoc: Orascom ...
Read more