View
222
Download
0
Category
Tags:
Preview:
Citation preview
Anonymous Communications in Mobile Ad HocNetworks
Yanchao Zhang, Wei Liu, Wenjing Lou
Presenter: Bo Wu
Outline
Introduction Threat Model MASK Model Performance Evaluation Conclusion
MANETs
A mobile ad hoc network (MANET) is a type of wireless network, and is a self-configuring network of mobile devices connected by any number of wireless links.
MANETs
Every node in a MANET is also a router because it is required to forward traffic unrelated to its own use.
Each MANET device is free to move independently.
Wireless links are particularly vulnerable to eavesdropping and other attacks
MANETs: Ad hoc?
A short lived network just for the communication needs of the moment
Self Organizing Infrastructure-less network Energy conservation Scalability
MANETs: Challenges
Lack of a centralized entity Network topology changes frequently and
unpredictably Channel access/Bandwidth availability Hidden/Exposed station problem Lack of symmetrical links Power limitation
MANETs: AODV
Source node initiates path discovery by broadcasting a route request (RREQ) packet to its neighbors
Every node maintains two separate counters Sequence number Broadcast-id
B
S
E
C G
F
A
H
D
Y
I
K
P
L
J
TZ
RREQ
AODV part adapted from slides of Sirisha R. Medidi
MANETs: AODV
A neighbor either broadcasts the RREQ to its neighbors or satisfies the RREQ by sending a RREP back to the source
Later copies of the same RREQ request are discarded
B
S
E
C G
F
A
H
D
Y
I
K
P
L
J
TZ
Reverse Path Setup
MANETs: AODV
B
S
E
C G
F
A
H
D
Y
I
K
P
L
J
TZ
Reverse path are automatically set-up
Node records the address of the sender of RREQ
Entries are discarded after a time-out period
MANETs: AODV
B
S
E
C G
F
A
H
D
Y
I
K
P
L
J
TZ
MANETs: AODV
B
S
E
C G
F
A
H
D
Y
I
K
P
L
J
TZ
MANETs: AODV
B
S
E
C G
F
A
H
D
Y
I
K
P
L
J
TZ
Forward Path Setup
MANETs: AODV
B
S
E
C G
F
A
H
D
Y
I
K
P
L
J
TZ
MANETs: AODV
B
S
E
C G
F
A
H
D
Y
I
K
P
L
J
TZ
MANETs: AODV
B
S
E
C G
F
A
H
D
Y
I
K
P
L
J
TZ
MANETs: AODV
Advantages:• efficient algorithm for ad-hoc networks• Highly Scalable • Need for broadcast is minimized• Quick response to link breakage in active
routes• Loop free routes
Traffic Analysis
Frequent communications — can denote planning Rapid, short, communications — can denote negotiations A lack of communication — can indicate a lack of activity, or completion of a
finalized plan Frequent communication to specific stations from a central station — can highlight
the chain of command Who talks to whom — can indicate which stations are 'in charge' or the 'control
station' of a particular network. This further implies something about the personnel associated with each station
Who talks when — can indicate which stations are active in connection with events, which implies something about the information being passed and perhaps something about the personnel/access of those associated with some stations
Who changes from station to station, or medium to medium — can indicate movement, fear of interception
General Defending Methods
Prevent detection Spread spectrum modulation Effective power control Directional antennas
Traffic Padding End to End Encryption and/or Link Encryption
on Data Traffic
Threat Model
Passive Totally quiet, or just inject a small amount of traffic
Monitor every transmission of each node Many adversaries can communicate with each other
very fast May compromise a small number of nodes Limited computational capability
Basic Math
Let G1,G2 be two groups of the same prime order q. Pairing is a computable bilinear map f : G1 × G1 → G2 satisfying the following properties:
1. Bilinearity: ∀ P, Q, R, S G1, we have∈ f (P + Q, R + S) = f (P, R)f (P, S)f (Q, R)f (Q, S)
2. Non-degeneracy: If f (P, Q) = 1 for all Q G∈ 1, then P must be the identity element in G1.
3. Computability: There is an efficient algorithm to compute f(P, Q) for all P, Q G∈ 1.
MASK
MASK stands for ? A novel anonymous on-demand routing
protocol for MANETs anonymous neighborhood authentication anonymous route discovery and data
forwarding
MASK System Model
A number of non-malicious nodes No selfish behavior Moderate movement Trusted Authority bootstrap security parameters
g the master key H1 : {0, 1} → G∗ 1 mapping arbitrary strings to points in G1 H2 : {0, 1} →{0, 1}∗ β mapping arbitrary strings to β-bit fixed-length
output Every node is blind to g TA furnishes each node IDi with a sufficiently large set PSi of collision
resistant pseudonyms and a corresponding secret point set as Si = gH1(PSi) = {Si,j} = {gH1(P Si,j) G∈ 1} (1 ≤ j ≤ |PSi|).
MASK: Anonymous Neighbor Authentication Definition:
two neighboring nodes can ensure that they belong to the same party or have trustable relationship with each other without revealing their either real identifiers or party membership information.
Existing methods: Network-wide key Pairwise key Public-key certification
MASK: Anonymous Neighbor Authentication
Alice and Bob are using pseudonyms randomly selected from their set Alice starts the authentication by sending her pseudonym and a challenge Bob can calculate the corresponding master session key and send the
authentication message back Alice authenticated Bob and replied authentication message Both Bob and Alice generate link IDs and session keys based on the master
session key
MASK: Anonymous Neighbor Authentication After the authentication both sides have:
If a packet is identified by , then it should be decrypted using
Whenever these pairs are used up, Alice and Bob are required to automatically increase both n1 and n2 by one and generate new pairs.
Every node follows this procedure and establishes a neighbor table
MASK: Anonymous Neighbor Authentication Only TA can infer real ID based on
pseudonyms To adversary, Link IDs are random bits Adversary can not infer session key based on
Link IDs
MASK: Anonymous Route Discovery
Besides neighbor table, each node has:Forwarding route table
<dest_id, destSeq, pre-link, next-link>
Reverse route table <dest_id, destSeq, pre-hop-pseudonym>
Target link table The current node is the final destination for the packets
bearing the linkIDs which are in its target link table.
MASK: Anonymous Route Discovery
Anonymous route request<ARREQ, ARREQ_id, dest_id, destSeq, PSx>
ARREQ_id uniquely identifies the requestDest_id is the real id of the destinationdestSeq is the last known sequence number for the
destinationPSx is the active pseudonym of the source
MASK: Anonymous Route Discovery
For each node in the network:Receives ARREQ for the first time
inserts an entry into its reverse route table where this ARREQ comes from
rebroadcasts the ARREQ after changing the embedded pseudonym field to its own.
Discards any ARREQ already seen All nodes broadcast only once
MASK: Anonymous Route Discovery
Anonymous route replies <LinkID, {ARREP, dest_id, destSeq}SKey>
LinkID is the to be used shared packet identifier between the sender and the corresponding receiver
{ARREP, dest_id, destSeq} is encrypted by the paired session key such that only the intended receiver can decrypt it
MASK: Anonymous Route Discovery
Intermediate nodes will discard replies with smaller destSeq than its own record
intermediate node can also generate a route reply if it has one forward route entry for the dest id with destSeq equal to or larger than that contained in the received ARREQ.
Multiple paths are established during this process
MASK: Anonymous Route Discovery
Anonymous Data Forwarding <next-LinkID, MASK payload> next-LinkID is randomly selected from the
next-link-list field MASK payload may be end-to-end encrypted
message Do not necessarily select the best path
Security analysis
Message Coding AttackAdversary can easily link and trace some packets
that do not change their content or length MASK countermeasures
Hop-by-hop encryptionRandom padding
Security analysis
Flow Recognition and Message Replay AttacksRecognize the packets belonging to some
communication flow MASK countermeasures
Hop-by-hop encryptionLinkID update
Security analysis
Timing Analysis AttackTell the difference between nodes by transmission
timing, e.g. transmission rate MASK Countermeasures
When the traffic is light, this attack is quite dangerous
Performance Evaluation
Tate paring for bilinear map f Most expensive part indispensable
SHA-1 to implement the collision resistant hash functions
efficient symmetric algorithm RC6 as hop-by-hop encryption and decryption
Performance Evaluation
For normal traffic, AODV is a little bit better
MASK outperforms AODV for heavy traffic due to available multiple paths
Performance Evaluation
MASK outperforms AODV in terms of overheadIt conducts costly route
discovery less frequently
Performance Evaluation
AODV has much less latency
MASK tries to balance tradeoff between anonymity and latency
Conclusion
Very good resistance to passive attackers Timing attack is still unresolved in this model Very good routing performance But AODV also has a multi-path version ---
AOMDV
Questions?
Recommended