Security in Ad Hoc Networks

advertisement
Security in Ad Hoc Networks
Steluta Gheorghiu
Universitat Politecnica de Catalunya
Departament d’Arquitectura de Computadors
Outline


Introduction
Security






Security functions
Challenges
Classification of attacks
Solutions
Conclusions
References
Introduction

Ad Hoc Networks

Characteristics






Cost effective
Autonomous (stand-alone self organized system)
Wireless medium
Lack of fixed infrastructure (flexible, reconfigurable)
Dynamic topology
Limited resources
Security

Security functions





Authentication
Confidentiality
Integrity
Non-repudiation
Availability
Security (cont.)

Challenges






Vulnerable channels
Vulnerable nodes
No infrastructure => centralized authority or online servers difficult to maintain
Dynamic topology
Resource constraints
Different requirements, for different types of
applications
Classification of attacks

By their source



By their type



Internal
External
Passive: eavesdropping, traffic monitoring and analyzing
Active: data altering, route information changing, service
disrupting
By the mechanisms they attack


Basic mechanisms: routing disruption and resource
consumption
Security mechanisms: key management
Classification of attacks (cont.)

By the layer at which they occur



Physical layer: communication jamming, eavesdropping,
message interception
Data link layer: traffic analysis and monitoring, service
disruption
Network layer:






route discovery: message flooding, routing table overflow,
routing cache poisoning
route maintenance: false control messages
data forwarding: wormhole attack, blackhole attack
other complex attacks: sleep deprivation, location disclosure
Transport layer: session hijacking
Application layer: repudiation, mobile virus, worm attacks
Solutions

“Packet Leashes: A Defense Against Wormhole Attacks in Wireless
Ad Hoc Networks”, Yih-Chun Hu, Adrian Perrig, David. B. Johnson

Protection against wormhole attacks

Packet leashes

geographical


the recipient of the packet is within a certain distance from the sender
each node must know its own location; all nodes must have loosely
synchronized clocks
Dsr  abs(Pr  Ps) + 2vTr  Ts + dt + dp

temporal

the packet has an upper bound on its lifetime which restricts the
maximum travel distance

tightly synchronized clocks (dt in the order of a few microseconds or
hundreds of nanoseconds)

transmission time+speed of light or expiration time for the packet
Solutions

“Security-Aware Ad Hoc Routing for Wireless Networks”, Seung Yi,
Prasad Naldurg, Robert Kravets
 protection against blackhole attack
 SAR protocol: uses AODV as a platform
 Integrated security metric within the RREQ and RREP packets
 The discovered routes come with “quality of protection” guarantees
 User identity is bound with an associated trust level =>
impersonating attacks are prevented with stronger access control
mechanisms
 For each trust level, it is used a simple shared secret to generate a
symmetric encryption/decryption key
 SAR provides a suite of cryptographic techniques: digital signature,
encryption
Solutions

“A secure Routing Protocol for Ad Hoc Networks”,
Kimaya Sanzgiri, Bridget Dahill, Brian Neil Levine,
Clay Shields, Elizabeth M. Belding-Royer




Authenticated Routing for Ad hoc Networks (ARAN) protocol: uses
public key cryptography
A managed-open environment with minimal security policy:
authentication, message integrity, non-repudiation
Nodes obtain a public key certificate from a common certificate
authority
Route discovery: source floods a digitally signed Route Discovery
Packet (RDP); destination sends a digitally signed Route Reply
packet back to the source (REP)
Conclusions




Undiscovered threats and attacks
Current solutions address specific problems
A general defense system may be impossible
to develop!
A lot of research still has to be done
References






Hao Yang, Haiyun Luo, Fan Ye, Songwu Lu, Lixia Zhang, “Security
in Mobile Ad Hoc Networks: Challenges and Solutions”, IEEE
Wireless Communications, February 2004
Adam Burg, “Ad hoc network specific attacks”, Seminar on Ad hoc
networking: concepts, applications, and security, Technische
Universitat Munchen, 2003
Levente Buttyan, JeanPierre Hubaux, “Report on a Working Session
on Security in Wireless Ad Hoc Networks”, 2002
JeanPierre Hubaux, Levente Buttyan, Srdan Capkun, “The Quest for
Security in Mobile Ad Hoc Networks”, MobiHOC 2001
Seung Yi, Robin Kravets, “Practical PKI for Ad Hoc Wireless
Networks”, August 2001
Kimaya Sanzgiri, Bridget Dahill, Brian Neil Levine, Clay Shields,
Elizabeth M. Belding-Royer, “A secure Routing Protocol for Ad Hoc
Networks”, 2002
References (cont.)






Lidong Zhou, Zygmunt J. Haas, “Securing Ad Hoc Networks”, 1999
YihChun Hu, Adrian Perrig, “A survey of Secure Wireless Ad Hoc
Routing”, IEEE Security&Privacy, 2004
Seung Yi, Prasad Naldurg, Robert Kravets, “SecurityAware Adhoc
Routing for Wireless Networks”, 2002
Jiejun Kong, Petros Zerfos, Haiyun Luo, Songwu Lu, Lixia Zhang,
“Providing Robust and Ubiquitous Security Support for Mobile
AdHoc Network”, 9th International Conference on Network
Protocols, 2001
Navid Nikaein, “Think Like an AdHoc Network”
Yih-Chun Hu, Adrian Perrig, David. B. Johnson, “Packet Leashes: A
Defense Against Wormhole Attacks in Wireless Ad Hoc Networks”,
September 2002
Thank you!
Questions?
Download