Network Access Control for Mobile Ad Hoc Network Pan Wang

advertisement
Network Access Control for Mobile Ad
Hoc Network
Pan Wang
North Carolina State University
Outline
•
•
•
•
Background
Problem statement
Related work
Proposed scheme
– Key Synchronization
– Packet Retransmission
• Analysis, simulation and field test
• Summary
2
Background
• Mobile Ad Hoc Network (MANET)
– A MANET consists of mobile platforms (e.g., a router
with multiple hosts and wireless communications
devices), which are free to move about arbitrarily.
-- IETF RFC2501
– Characteristics of MANET
•
•
•
•
No pre-determined infrastructure
Ease of deployment
Dynamic topologies (e.g., mobility, network partition )
Constrained resources (e.g., bandwidth, energy )
3
Background (Cont)
• Network access control
– Not media access control
– Who has the right to access the network
• Physical*
• Technical *
• Administrative *
– Firewalls
• Conventional network
• Using network topology and service information
* H. F. Tipton, Handbook of information security management
4
Problem Statement
• An attacker may inject “bogus” packets to
consume the network resources, or insert itself
into critical routes
• No mature access control scheme for MANET
– more complicated due to open media and dynamic
topology
5
Related Work
• DHCP Access Control Gateway
• Kerberos
• Distributed firewall
• Pebblenets
• Distributed access control scheme for
consumer operated MANET
• LHAP
6
Related Work --Cont
• LHAP: a lightweight hop-by-hop authentication protocol for
ad-hoc networks
–
–
–
–
Based on one-way key chain and TESLA
Hop-by-hop authentication
Each transmitted packet associated with a traffic key,
Receiver (or intermediate node) verifies K FA (i) to decide whether
forward (accept) the packet K F (i)
A
B
C
M,
M,
Cert &Commit
KKFF(i)
(I+1)
A
SS
D
7
Proposed Scheme – cryptographic tools
• Group key agreement
• Group key distribution
K1-
– Controller chooses key
– Stateful vs. Stateless
4
• Stateless key distribution
– Each user is assigned an
unique set of personal keys
– New key is encrypted with the
personal keys only known to
the legitimate users
– Nice stateless property
K1-
K3-
2
k1
M1
4
k2
M2
k3
k4
M3
8
M4
Proposed Scheme – underlying models
• Network model
– All nodes come from one domain
– A node’s access to the network is controlled by a
domain manager (i.e., key manager)
– Each node has a unique ID and a set of personal
secret keys
• Attack model
– Attackers inject packets to deplete the resources of
node relaying the packets
9
•pan wang:
Proposed Scheme - outline
• Basic idea
– Cryptography-oriented (using group key)
– Authenticate all the packets with a networkwide access control (group session) key.
– Any “bogus” packet that has incorrect
authentication information will be filtered out
immediately.
– As a result, illegitimate nodes will be excluded
from communication (routes).
10
Research challenges
• Two critical challenges
– Synchronization of network access control key
– Interaction between data transmission and key
distribution
If these two challenges can be solved, the
proposed group key based network access
control scheme will be done.
11
Key Synchronization
• Problem statement
– A key update message may fail to propagate
across MANET. Thus, two legitimate user may
simultaneously hold different session key (lack
of key synchronization)
12
Key Synchronization (Cont-1)
• An example of lack of key synchronization
F
F*
P1
D
E
P3
C
P2
Key
Manager
B
A
13
Key Synchronization (Cont-2)
• Solution
– Exploit the stateless feature of the proposed
stateless group key distribution scheme
– Each user buffers the key update message most
recently received
– Transmit the buffered message to the other
users that are using old session keys
14
Key Synchronization (Cont-3)
• Scheme details
– Proactive part
• Broadcast the buffered key update message every t
time unites
– Reactive part
• Send a key synchronization request, if a received
packet has higher session ID
• Send the buffered key update message, if a received
packet has a lower session ID
15
Key Synchronization (Cont-4)
• Illustration of the proposed key synchronization scheme
Broadcast
S
S
S
S
S
S
B
B
B
B
B
B
A
A
A
A
A
A
E
E
E
E
E
E
C
C
C
C
C
C
H
H
H
H
H
H
F
F
F
F
F
F
G
G
G
G
G
G
II
I
III
JJ
J
J
J
J
K
K
K
K
K
K
M
M
M
M
M
M
D
D
D
D
D
D
L
L
L
L
L
L
N
N
N
N
NN
Represents a node that has the most recent key
16
Key Synchronization (Cont-5)
• Security analysis (possible attacks)
– Resource consumption via forged key update
message
• Solution: lightweight authentication methods (Oneway key chain & Merkle hash tree)
– Resource consumption via forged data packet
• Constrained to one-hop
•
– Logically partition MANET via refusing
forwarding key update message
• Multiple paths, watchdog
17
Key Synchronization (Cont-6)
 One-way key chain
k0=h(k1)
k0
k1
kn-1=h(kn)
ki=h(ki+1)
kn
ki
ki+1
kn-1
18
Key Synchronization (Cont-7)
 Merkle hash tree
m07=h(m03,m47)
m07
m03=h(m01,m23)
m03
m47
m01=h(m0,m1)
m01
m23
m45
m67
m0=f(k0)
m0
m1
m2
m3
m4
m5
m6
m7
k0
k1
k2
k3
k4
k5
k6
k7
19
Key Synchronization (Cont-8)
• Performance analysis
– Rely on the adopted stateless group key
distribution scheme
– Storage
• One message
– Computation
– Communication
• Depends on t and number of users using an old key
20
Packet Retransmission
• Problem statement
– The interaction between data transmission and key
distribution. That is, in the case of a lack of key
synchronization, a user may receives some
(unverified) packets authenticated with a different
session key.
21
Packet Retransmission (Cont-1)
• Possible options
– Simply drop
– Buffer and then verify
– Synchronize the keys before sending every data
packet
• All of them have serious drawbacks
22
Packet Retransmission (Cont-2)
• Proposed solution
– Drop, synchronize keys, and then retransmit.
– ACK mechanism
– Unicast & broadcast
S
1. Tx failed due to
lack of key Syn
2. ReTx Request
A
3. Key Syn
B
4. ReTx Packet
5. ACK
D
23
Algorithm of the proposed scheme
24
Packet Retransmission (Cont-3)
• Security analysis (possible attacks)
– Resource consumption attack
– Forged ACK message
– Packet modification
25
Packet Retransmission (Cont-4)
• Performance analysis
– Computation
• Authentication & verification
• Pentium 4 2.1 GHz processor *
MD5 216.674 MB/s
SHA-1 67.977 MB/s
– Communication
• Retransmission rate
26
Simulation Evaluation
– 40/80 nodes randomly
placed in a fixed area (a
square of size 1km x 1km)
– Random walk with a
maximum speed 20m/s
– Communication range
200m
– 2000 simulations, using
different random number
seeds
100%
Percentage of Reachable Nodes
• The simulation modal
80%
60%
40%
20%
0%
20
40
60
80
Number of Nodes
27
100
Simulation Evaluation (Cont-2)
100%
100%
80%
80%
60%
60%
Stateful Scheme
Stateless Scheme
After 1 Cycle of K. Syn
After 2 Cycles of K. Syn
After 3 Cycles of K. Syn
40%
20%
20%
0%
1
2
3
4
5
6
7
Rounds of Key Update (P_lost=0, 40 nodes)
Stateful Scheme
Stateless Scheme
After 1Cycle of K. Syn
After 2 Cycles of K. Syn
After 3 Cycles of K. Syn
40%
8
0%
1
2
3
4
5
6
7
Rounds of Key Update (P_lost=0.25, 40 nodes)
Average percentage of nodes which got the latest session key
28
8
Simulation Evaluation (Cont-3)
100%
100%
95%
95%
90%
90%
Stateful Scheme
85%
85%
Stateless Scheme
80%
After 1 Cycle of K. Syn
75%
75%
After 2 Cycles of K. Syn
70%
Stateful Scheme
Stateless Scheme
After 1 Cycle of K. Syn
After 2 Cycles of K. Syn
After 3 Cycles of K. Syn
80%
70%
After 3 Cycles of K. Syn
65%
65%
1
2
3
4
5
6
7
Rounds of Key Updaye (P_lost=0, 80 nodes)
8
1
3
5
7
Rounds of Key Updates (P_lost=0.25, 80 nodes)
Average percentage of nodes which got the latest session key
29
Simulation Evaluation (Cont-4)
14%
40 nodes
80 nodes
Retransmission Rate
12%
10%
8%
6%
4%
2%
0%
0
0.5
1
1.5
2
2.5
3
Packet Sending Rate (# packets per second )
30
Implementation
• Based on Netfilter
• Two daemons
– Adopt the stateless scheme proposed by Liu & Ning
Verification
PreRouting
Authentication
ROUTE
Local
In
PostRouting
Forward
ROUTE
Local
Out
31
Field Test
• Test bed
– One Dell P4 laptop with Linux 9.0 (kernel 2.4.20)
– Two Compaq iPAQ 3970 PDAs with Familiar v0.7.2
(kernel 2.4.19-rmk-pxal-hh30)
– Lucent Orinoco wireless cards
• Tests
–
–
–
–
Key distribution
User revocation
Packet authentication and verification
Key synchronization
32
Summary
• Network access control is an important issue
for MANET
• Cryptography-oriented solution exploiting the
stateless feature of stateless group key
distribution scheme
• Simulation as well as functioning prototype
indicates it practical and effective
33
Question
34
Download