Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: “Mitigating Routing Misbehavior in Mobile Ad Hoc Networks”, Sergio Marti, T.J. Giuli, Kevin Lai, and Mary Baker, MobiCom 2000. Overview Introduction Node misbehavior on routing Proposed approach from the paper Watchdog Pathrater Simulation results Conclusion & comments Ad-Hoc Network A collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure or centralized administration. Lack of infrastructure Distributed peer-to-peer mode of operations Multi-hop Routing Applications Military communication Rescue missions in times of natural disasters Vulnerabilities Vulnerabilities of wireless links Changing topology Absence of infrastructure Nodes may be physically controlled by the attacker Research areas in security Key establishment Secure routing Selfishness Intrusion Detection Secure sensor networks Lightweight cryptographic protocols Node Misbehavior Ad hoc networks maximize total network throughput by using all available nodes for routing and forwarding. A node may misbehave by agreeing to forward the packet and then failing to do so due to overloaded, selfish, malicious or broken Misbehaving nodes can be a significant problem Contemporary Solutions Forward packets only through nodes that share a prior trust relationship. Require key distribution Trust nodes can still be overloaded, broken or compromised Untrusted nodes may be well behaved Isolate the misbehaving from the network. Would add significant complexity to protocols whose behavior must be very well defined Proposed Approach Install extra facilities in the network to detect and mitigate routing misbehavior. Make only minimal changes to the underlying routing algorithm. Introduce two extensions to the Dynamic Source Routing Protocol (DSR) Watchdog Pathrater Definitions & Assumptions Neighbor Neighborhood A node that is within wireless transmission range of another node All the nodes that are within wireless transmission range of a node Links between the nodes are bi-directional Nodes are in promiscuous mode operation Malicious node does not work in group Dynamic Source Routing (DSR) “on-demand” Route Request Message Route Reply Message Route paths are discovered at the time a source sends a packet to a destination for which the source has no path Generate when the route request reach the destination Or when an intermediate node which contains in its route cache an unexpired route to the destination Route Error Handle link breaks DSR (Route Request) 2 1 S 1-2 1-2-5 5 D 8 1-3-4 1 1-3-4-7 1-3-4 4 7 1 3 1-3 1-3-4 6 1-3-4-6 DSR (Route Reply) 2 1-2-5-8 S 1-2-5-8 1-2-5-8 5 8 1 4 7 3 6 D Two extensions on DSR Watchdog Detects misbehaving nodes by overhearing transmission S A B C D Pathrater Avoids routing packets through misbehavior nodes Watchdog Maintain a buffer of recently sent packets Compare each overheard packet with the packet in the buffer to see if there is a match If a packet remained for longer than timeout, increments a failure tally for the node responsible If the tally exceeds a threshold, the node is determined to be misbehaving and the source will be notified Watchdog Advantages Can detect misbehavior at the forwarding level Disadvantages Might not detect in presence of Ambiguous collisions Receiver collisions Limited transmission power Others Ambiguous Collisions The ambiguous problem prevents node A from overhearing transmission from B D S A B Receiver Collision Node S can only tell this whether node A sends the packet to node B, but it cannot tell if B receives it D S A B Limited Transmission Power Misbehaving node can control its transmission power to circumvent the watchdog D S A B Other disadvantages False Misbehavior Collusion When nodes falsely report other nodes as misbehaving Multiple nodes in collusion can mount a more sophisticated attack Partial Dropping A node can circumvent the watchdog by dropping packets at a lower rate than the threshold Pathrater Each node maintains a rating for every other node it knows about in the network It calculates a path metric by averaging the node ratings in the path The metric gives a comparison of the overall reliability of different paths If there are multiple paths to the same destination, it choose the path with the highest metric Methodology Berkeley’s Network Simulator (ns) with wireless extensions made by the CMU Monarch project Simulate 50 nodes Moving speed: 0 - 20m/s Pause time: 0s or 60s % of compromised node: 0 – 40% in 5% increments Metrics of Evaluation Throughput Overhead % of sent data packets actually received by the intended destinations Ratio of routing-related transmissions to data transmissions False Positive Impact of watchdog false positive on network throughput Simulation Extensions Watchdog (WD) Pathrater (PR) Route request (SRR) 4 combinations by extensions WD=ON, PR=ON, SRR=ON WD=ON, PR=ON, SRR=OFF WD=OFF, PR=ON, SRR=OFF WD=OFF, PR=OFF, SRR=OFF Simulation Each metric includes two graphs of simulation results for two separate pause times (0s, 60s) Simulate two different node mobility patterns using 4 different pseudo-random number generator seeds Seeds determine which nodes misbehave Plot the average of the 8 simulations Network Throughput (0s pause time) Network Throughput (60s pause time) Routing Overhead (0s pause time) Routing Overhead (60s pause time) Effects of False Detection (0s pause time) Effects of False Detection (60s pause time) Conclusion Ad hoc networks are vulnerable to nodes that misbehave when routing packets Proposed two possible extensions to DSR to mitigate the effects of routing misbehavior Simulation evaluates that the 2 techniques increases throughput by 17% in network with moderate mobility, while increase ratio of overhead to data transmission from 9% to 17% increases throughput by 27% in network with extreme mobility, while increase ratio of overhead to data transmission from 12% to 24% Comments Work does not mention about how the threshold value is calculated - it is one of the important factor in detecting malicious nodes. If malicious nodes work in a group then it is difficult to identify them Paper does not address other attacks such as Mac attack, False route request and reply messages that bring down throughput in ad-hoc network Thank you!