Security in Ad Hoc Networks Steluta Gheorghiu Universitat Politecnica de Catalunya Departament d’Arquitectura de Computadors Outline Introduction Security Security functions Challenges Classification of attacks Solutions Conclusions References Introduction Ad Hoc Networks Characteristics Cost effective Autonomous (stand-alone self organized system) Wireless medium Lack of fixed infrastructure (flexible, reconfigurable) Dynamic topology Limited resources Security Security functions Authentication Confidentiality Integrity Non-repudiation Availability Security (cont.) Challenges Vulnerable channels Vulnerable nodes No infrastructure => centralized authority or online servers difficult to maintain Dynamic topology Resource constraints Different requirements, for different types of applications Classification of attacks By their source By their type Internal External Passive: eavesdropping, traffic monitoring and analyzing Active: data altering, route information changing, service disrupting By the mechanisms they attack Basic mechanisms: routing disruption and resource consumption Security mechanisms: key management Classification of attacks (cont.) By the layer at which they occur Physical layer: communication jamming, eavesdropping, message interception Data link layer: traffic analysis and monitoring, service disruption Network layer: route discovery: message flooding, routing table overflow, routing cache poisoning route maintenance: false control messages data forwarding: wormhole attack, blackhole attack other complex attacks: sleep deprivation, location disclosure Transport layer: session hijacking Application layer: repudiation, mobile virus, worm attacks Solutions “Packet Leashes: A Defense Against Wormhole Attacks in Wireless Ad Hoc Networks”, Yih-Chun Hu, Adrian Perrig, David. B. Johnson Protection against wormhole attacks Packet leashes geographical the recipient of the packet is within a certain distance from the sender each node must know its own location; all nodes must have loosely synchronized clocks Dsr abs(Pr Ps) + 2vTr Ts + dt + dp temporal the packet has an upper bound on its lifetime which restricts the maximum travel distance tightly synchronized clocks (dt in the order of a few microseconds or hundreds of nanoseconds) transmission time+speed of light or expiration time for the packet Solutions “Security-Aware Ad Hoc Routing for Wireless Networks”, Seung Yi, Prasad Naldurg, Robert Kravets protection against blackhole attack SAR protocol: uses AODV as a platform Integrated security metric within the RREQ and RREP packets The discovered routes come with “quality of protection” guarantees User identity is bound with an associated trust level => impersonating attacks are prevented with stronger access control mechanisms For each trust level, it is used a simple shared secret to generate a symmetric encryption/decryption key SAR provides a suite of cryptographic techniques: digital signature, encryption Solutions “A secure Routing Protocol for Ad Hoc Networks”, Kimaya Sanzgiri, Bridget Dahill, Brian Neil Levine, Clay Shields, Elizabeth M. Belding-Royer Authenticated Routing for Ad hoc Networks (ARAN) protocol: uses public key cryptography A managed-open environment with minimal security policy: authentication, message integrity, non-repudiation Nodes obtain a public key certificate from a common certificate authority Route discovery: source floods a digitally signed Route Discovery Packet (RDP); destination sends a digitally signed Route Reply packet back to the source (REP) Conclusions Undiscovered threats and attacks Current solutions address specific problems A general defense system may be impossible to develop! A lot of research still has to be done References Hao Yang, Haiyun Luo, Fan Ye, Songwu Lu, Lixia Zhang, “Security in Mobile Ad Hoc Networks: Challenges and Solutions”, IEEE Wireless Communications, February 2004 Adam Burg, “Ad hoc network specific attacks”, Seminar on Ad hoc networking: concepts, applications, and security, Technische Universitat Munchen, 2003 Levente Buttyan, JeanPierre Hubaux, “Report on a Working Session on Security in Wireless Ad Hoc Networks”, 2002 JeanPierre Hubaux, Levente Buttyan, Srdan Capkun, “The Quest for Security in Mobile Ad Hoc Networks”, MobiHOC 2001 Seung Yi, Robin Kravets, “Practical PKI for Ad Hoc Wireless Networks”, August 2001 Kimaya Sanzgiri, Bridget Dahill, Brian Neil Levine, Clay Shields, Elizabeth M. Belding-Royer, “A secure Routing Protocol for Ad Hoc Networks”, 2002 References (cont.) Lidong Zhou, Zygmunt J. Haas, “Securing Ad Hoc Networks”, 1999 YihChun Hu, Adrian Perrig, “A survey of Secure Wireless Ad Hoc Routing”, IEEE Security&Privacy, 2004 Seung Yi, Prasad Naldurg, Robert Kravets, “SecurityAware Adhoc Routing for Wireless Networks”, 2002 Jiejun Kong, Petros Zerfos, Haiyun Luo, Songwu Lu, Lixia Zhang, “Providing Robust and Ubiquitous Security Support for Mobile AdHoc Network”, 9th International Conference on Network Protocols, 2001 Navid Nikaein, “Think Like an AdHoc Network” Yih-Chun Hu, Adrian Perrig, David. B. Johnson, “Packet Leashes: A Defense Against Wormhole Attacks in Wireless Ad Hoc Networks”, September 2002 Thank you! Questions?