Castor: Scalable Secure Routing for Ad Hoc Networks

Wojciech Galuba, Panos Papadimitratos, Marcin Poturalski, Karl AbererEPFL, Switzerland

Zoran Despotovic, Wolfgang Kellerer Docomo Euro-Labs, Munich, Germany

2

Ad-hoc network routing challenges

source

destination

3

Ad-hoc network routing challenges

source

destination

4

Ad-hoc network routing challenges

source

destination

5

Scale Mobility

Security

?

6

Secure route discovery

Secure data transmissionCastor

Continuously-Adapting Secure Topology-Oblivious Routing

Provides routes Avoids compromised

nodes

Evaluates routes Needs route

redundancy

7

Topology-obliviousness

Nodes only aware of their neighbors No routing information exchange

no routes included in control traffic no routing table fragments exchanged

8

Flows instead of destinations

In-network state is maintained per-flow not per-destination

Flow isolation crucial for security

s1 d1

d2s2

9

Castor – basic operation

PKTs contain the data payload ACKs follow the reverse path of PKTs

source

destination

10

Local learning from failures

v2 v1

v4

v3

Locality: each node only aware of its neighborhood

Autonomy: each node routes independently

- -+

+

+per-flow per-neighborreliability estimator

+

+

11

Broadcast as a fallback

v2 v1

v4

v3

Autonomy: nodes independently decide wether to broadcast or unicast

- --

12

Initial PKT flood

No reliability history each node decides to broadcast the PKT

ACKs are broadcasted back

source

destination

13

Routing around failures

Failure ACKs stop returning Local repair:

on failure some nodes broadcast, most still unicast alternative route discovered without network-wide flood

source

destination

14

Castor is failure agnostic

Same recovery mechanism good for:Malicious PKT or ACK droppingLinks broken by mobilityWider-area outages (e.g. jamming)Wormholes and tunnels

15

Trust model

Untrusted cloud of intermediate nodes Security associations:

Source to destination Neighbor to neighbor

s1 d1

d2s2

16

Crucial property: flow state isolation

v1

Routing state at v1:

v2

v3v4

v5

Isolate in-network states for the two flows

Otherwise malicious flows could disrupt the benign flows

node reliabilityv2 0.9 0.2v3 0.6 0.95v4 0.8 0.9v5 0.1 0.8

17

Ensuring flow isolation

Flow authenticationNodes can recognize PKTs belonging to the

same flowOnly source can generate the next PKT

ACK authenticationNodes can match ACKs to PKTsOnly destination can generate correct ACK

Achieved without public-key crypto

18

Evaluation

1Mbps 802.11b MAC 3 km x 3 km plane 1-20 m/s random waypoint mobility 5 flows, 4 packets/s, 100 nodes

19

Blackhole attack: adversary drops data packets not control traffic

20

Bandwidth utilization under blackhole attack

21

Wormhole drops data packets, no mobility Complete recovery from wormholes

22

Scalability

Mobility, 20% of balckholes Increasing the network size

23

Summary Simple PKT-ACK messaging

flow-control-ready applicable to other networks than MANETs

Scalability No routing information exchanged Local repair, few network-wide floods

Fast adaptation Security

Failure agnosticism Flow state isolation

24