Upload
nguyenkien
View
221
Download
0
Embed Size (px)
Citation preview
CONTROL PLANE
ROUTING MISBEHAVIOR
The Vigilant
Giridhar PathakHuey Ling Chuan, Steven
Isaraporn KulkumjonPooja Gada
Agenda
• Introduction to control-plane routing
(AODV & DSR)
• Types of control-plane routing misbehaviors
• Paper 1 (ARAN)
• Paper 2 (ARIADNE and IARIADNE)• Paper 2 (ARIADNE and IARIADNE)
• Paper 3 (SEADOV)
• Conclusion
The Vigilant 2
Control-plane routing misbehavior
• What is Control-plane?
• Populate information in the routing table
• BGP, RIP, OSPF in wired networks
• Theme: control-plane routing misbehavior techniques • Theme: control-plane routing misbehavior techniques
within wireless ad hoc networks and misbehavior
prevention by securing control routing messages.
The Vigilant 4
Summary of papers
• Paper 1: Kimaya Sanzgiri et al., “A secure routing protocol
for Ad Hoc networks (ARAN)”, IEEE ICNP, 2002
• Paper 2: Chu-Hsing et al., “Secure Routing with Malicious
Node Detection for Ad Hoc Networks (ARIADNE / I-Node Detection for Ad Hoc Networks (ARIADNE / I-
ARIADNE)”, 22nd Int. Conference on AINA, 2008
• Paper 3: Celia Li et al., “Secure Routing for Wireless Mesh
Network (SEADOV)”, Int. Journal of Network Security, 2011
The Vigilant 5
Routing protocols in Wireless ad hoc Networks
• Distance Vector Routing
• AODV (Ad hoc On Demand Distance Vector)
• DSR (Dynamic Source Routing)
• DSDV (Destination-Sequenced Distance Vector)
On Demand
• Link State Routing
• OLSR (Optimized Link State Routing)
Proactive
The Vigilant 6
AODV & DSR Route Discovery
• Flooding of control packets to discover routes
• S is the Source and D is the Destination
S D
A B
C E
The Vigilant 7
AODV & DSR Route Discovery
• Flooding of control packets to discover routes
• Source starts broadcasting a RREQ (Route Request) packet to its neighbors
RREQ
S D
A B
C E
RREQ
RREQ
The Vigilant 8
AODV & DSR Route Discovery
• Flooding of control packets to discover routes
• If the neighbors has no relationship with the destination, it will further broadcast the packet
RREQRREQ
S D
A B
C E
RREQRREQ
The Vigilant 9
AODV & DSR Route Discovery
• Flooding of control packets to discover routes
• Once the RREQ packet reaches the destination, or a node that knows the destination, the node will unicast a RREP packet to the source via the routed path
RREQRREQ
S D
A B
C E
RREQ
RREQ
RREQ
The Vigilant 10
AODV & DSR Route Discovery
• Flooding of control packets to discover routes
• Once the RREQ packet reaches the destination, or a node that knows the destination, the node will unicast a RREP packet to the source via the routed path
RREPRREP
S D
A B
C E
RREPRREP
RREP
The Vigilant 11
AODV & DSR Route Maintenance
• Upstream node detects unreachable node
• Sends RERR (Route Error) packet to inform upstream
neighbors
• Route cache alternative (DSR) or rediscovery
S D
A B
C E
RERR
The Vigilant 12
AODV
• Sequence numbers and hop count
• Seq. no. indicates freshness, changes in route
RREQ
SS = 10
DS = 20
RREP
DS = 25
S D
A B
C E
DS = 20HC = 0
S D
A B
C E
DS = 25
HC = 3
RREP
DS = 25HC = 5
The Vigilant 13
DSR
• Source routing
• RREQ packet carries the source path
S D
A B
C E
RREQ:S
RREQ:S
The Vigilant 14
DSR
• Source routing
• RREQ packet carries the source path
RREQ:S,A
S D
A B
C E
RREQ:S,A
RREQ:S,A
The Vigilant 15
DSR
• Source routing
• RREQ packet carries the source path
RREQ:S,A,B
RREQ:S,A,B
S D
A B
C E
RREQ:S,A,B
RREQ:S,A,B
The Vigilant 16
DSR
• Source routing
• RREP: Destination and intermediate nodes add its address to source route
RREP:DRREP:D,B
S D
A B
C E
RREP:DRREP:D,B,A
RREP:D,B
The Vigilant 17
AODV & DSR Differences
AODV DSR
Routing tables
• one route per destination
Routing caches
• multiple routes per destination
Always chooses fresher routes
• Sequence numbers
Does not have explicit mechanism to
expire stale routes
More frequent discovery flood to ensure
freshness
Source Routing
• Intermediate nodes learn routes in 1
discovery cycle
The Vigilant 18
Attacks using modification
• Modify sequence numbers (AODV)
• Sequence number used as timestamps.
• Higher sequence number = freshness
• Mallory modifies RREP with higher sequence number than the destination
The Vigilant 21
Attacks using modification
• Modify hop count (AODV)
• AODV selects routes based on the lowest hop count in the RREP packets
• Mallory can modify the hop count to
• 0 (preferred route)
• Infinity (zombie route)
• Tunneling
The Vigilant 22
Attacks using modification
• Modify Source Routes (DSR)
• Non-existent route (DoS)
• Loops
• No control to prevent loops after route discovery
The Vigilant 23
Attacks using flooding
• Flood the network with an unreachable destination
address
D
A BRREQ
RREQ
RREQ
RREQ
S D
C E
RREQ
RREQ
RREQ
RREQ
Example : S continuously send RREQ packet to destination X
The Vigilant 25
Attacks using impersonation
• Spoofing attacks (AODV and DSR)
• Mallory listens to RREQ / RREP from neighboring nodes
The Vigilant 27
Attacks using impersonation
• Spoofing attacks (AODV and DSR)
• Mallory spoofs as A and replies with a RREP packet with hop count less than C
The Vigilant 28
Attacks using impersonation
• Spoofing attacks (AODV and DSR)
• Mallory spoofs as B and replies with a RREP packet with hop count less than E
The Vigilant 29
Attacks using fabrication
• Falsifying route errors (AODV and DSR)
• Denial of Service
S D
A M
C E
RERRRERR
Route Discovery
The Vigilant 31
Attacks using fabrication
• Route cache poisoning in DSR
MSR:S, M, B, D
Packet to SPacket to S
S D
A B
C E
The Vigilant 32
A SECURE ROUTING PROTOCOL
FOR AD HOC NETWORKS
Brian Neil Levine, Bridget Dahill, Clay Shields,
Elizabeth M. Belding-Royer, Kimaya Sanzgiri
Isaraporn Kulkumjon
Authenticated Routing for Ad-hoc Networks (ARAN)
• Make use of cryptographic certificates and asymmetric key to achieve authentication, message integrity and
nonrepudiation
• Need preliminary certification process before a route
instantiation processinstantiation process
• Routing messages are authenticated at each hop from
source to destination and vice versa
The Vigilant 34
Certification
• Assumptions
• Certificate server T is trusted
• T’s public key is known to all nodes
• Keys are a priori generated and exchanged through a secure channel
• Each node must request its certificate from T before entering the network
The Vigilant 35
Authenticated Route Discovery
The Vigilant
Broadcast Message
Unicast Message
Sign the whole
content with its
own private key
38
Authenticated Route Setup
The Vigilant
Broadcast Message
Unicast Message
Reply to the first RDP -- Delay Metric
40
Route Maintenance• Send ERR message to deactivate route
The Vigilant
Broadcast Message
Unicast Message
42
Key Revocation
• Revocation notices need to be stored until the revoked
certificate expires.
The Vigilant 43
Security Analysis
Prevent Attacks from Using Modification
• Redirection by modified route sequence number or hop
count
• Denial-of-service with modified source routes
• Tunneling attacks• Tunneling attacks
.. also offers fastest path
The Vigilant 44
Security Analysis
Prevent Attacks from Using Impersonation
• Forming Loops by Spoofing
Prevent Attacks from Using Fabrication
Falsifying Route Errors• Falsifying Route Errors
The Vigilant 45
SECURE ROUTING PROTOCOL WITH MALICIOUS NODES DETECTION FOR AD HOC NETWORKS
Chu-Hsing Lin, Wei-Shen Lai, Yen-Lin Huang, Mei-Chun Chou
Giridhar Pathak
ARIADNE
• Secure on demand ad hoc network routing protocol
• Runs a route discovery protocol
• One route between source and destination
• Intermediate nodes cannot use the same route to transmit data for themselvesthemselves
• Withstands compromised nodes
• Symmetric cryptography
51The Vigilant
ARIADNE protocol
• Security against willful active attackers
• Cant alter uncompromised routes consisting of uncompromised nodes
• End to end authentication of routing message
• Shared key KSD and KDS and MAC• Shared key KSD and KDS and MAC
• TESLA for broadcast authentication for routing messages
• Pre hop hashing mechanism
• To verify that no hop is omitted
52The Vigilant
ARIADNE protocol
• Dead link in route
• RErr message sent to initiator
• Intermediate nodes remove route that have dead links
• Strong defense against attacks that modify and fabricate
routing informationrouting information
• Immune to wormhole attacks when used with an
advanced version of TESLA
• Complicated key-exchange, infeasible in current ad hoc
environments
53The Vigilant
ARIADNE protocol
S A DB
<α,h0,(),()><α,h1,(A),(MA)> <α,h2,(A,B),(MA,MB)>
Route list MAC list
<β,MD,()><β,MD,(KBti)><β,MD,(KBti, KAti)>
TESLA key list
• h0 is MAC(α)KSD only D can verify
• h1 is H(A,h0)
• MA is MAC(α,h1,(A),()) KAti this is the TESLA Key
• MD is MAC(β)KDS only S can verify
TESLA key list
Drawbacks of ARIADNE
• Only the sender and destination node can verify the node
list and correctness of the established route
• What if reply information is modified
• Only sender can detect the error
• Cant specify which nodes are bad
55The Vigilant
I-ARIADNE
• Based on ARIADNE
• Reuse of a valid route for increasing packet delivery ratio
• Intermediate nodes verify route information
• Can detect the malicious node
• Can reuse the route information for another route discovery phase
• Decrease in broadcast packets
56The Vigilant
I-ARIADNE protocol
• Sender signs h0
• Each participating node can verify h0
• Sender encrypts h0 with PKSD <α, h0, γ, (), ()>, destination
node can verifynode can verify
• Destination node signs the reply before unicast
• Each node can verify the authenticity of the reply
• Sender unicasts a validate message
• <S, D, h0, (A,B), (KAti, KBti)>
• MAC value is verified by all intermediate nodes
57The Vigilant
Secure Route Maintenance
• Start node runs route discovery
• New route created based on trust relationship from previous
route discovery
RErr returned to start node if dead link • RErr returned to start node if dead link
• Node will try to find a new route, starts route discovery locally
• Local route repair decreases broadcast packets
• New node checks routing table for Destination
• If no route, rebroadcast of route request
• Else unicast route request to destination
58The Vigilant
Summary
ARIADNE
• Symmetric crypto
• Secure route only for
sender and destination
• A lot of control packets for
I-ARIADNE
• Asymmetric crypto
• Reusability of secure
routes
• Lesser control packets for • A lot of control packets for
maintaining secure route
59The Vigilant
• Lesser control packets for
setup and maintenance of
route
Wireless Mesh Networks Introduction
• Superset of Ad hoc networks
• Infrastructure WMN - Mesh Routers
• Client WMN - Client mobile devices
• Hybrid network comprising mesh routers and mesh clients
Hybrid routing• Hybrid routing
• Proactive routing - Traffic flows to the mesh portal
• On-Demand Routing - Intra mesh traffic
61The Vigilant
Blom's Key Pre-Distribuition Scheme
• With N as the network size, M as public information
• a(h+1)xN matrix G over finite field GF(q) is constructed
• Symmetric matrix D , (h+1)x(h+1) is created and kept
secret
• Matrix A= (D.M)T is created• Matrix A= (D.M)T is created
• Node K, only needs to store kth row and kth column of
matrix
• Nodes compute their pairwise keys from the matrix A
• For nodes i and j, the pairwise keys are Kij and Kji
62The Vigilant
Keys in SEAODV
• Each node maintains two key hierarchies
• Broadcast key hierarchy
• Group Transient Key(GTK)
• Broadcast keys from one hop neighbors• Broadcast keys from one hop neighbors
• Authenticate incoming broadcast routing messages (e.g. RREQ)
• Unicast hierarchy
• Pair wise Transient Key(PTK)
• Secret pair wise keys shared with one hop neighbors
• Verify incoming unicast messages (e.g. RREP)
63The Vigilant
Key Exchange Process
• Step 1: Exchange of Seed_G of public G matrix
• Every node broadcasts its public Seed_G to its one hop neighbors
• Upon the completion of this step, every node has public Seed_G of all its one hop neighbors
• Step 2: Derivation of pair-wise transient key
• Using a one hop neighbor node's Seed_G and private row of matrix A, compute PTK
• Upon completion of this step, every node has PTK of all its one hop neighbors
64The Vigilant
Key Exchange Process (Contd..)
• Step 3: Exchange of Group Transient Key
• Node B encrypts GTK_B with its private PTK_B and unicasts the RREP message to A
• Encrypted GTK_B is attached in the unicast RREP message
• On receiving RREP message, A decrypts the GTK_B by using its private PTK_A
• Upon completion, every node has GTK keys from all its one hop neighbors
65The Vigilant
Secure Route Discovery
Modified RREQ
Message Type
Flag & Reserved
Hop Count
RREQID
Dest.
AddressDSN
Originator Address
OSNMAC
(GTK,M)
The Vigilant 66
Secure Route Setup
Modified RREP
Message Type
Flag & Reserved Prefix Sz
Hop Count
RREQID
Dest.
Address
Originator Address
LifetimeMAC
(PTK,M)
The Vigilant 67
Security Analysis of SEAODV
• SEAODV can defend against the following attacks
• RREQ Flooding
• Route Re-direction
• Formation of routing loops
• RERR Fabrication• RERR Fabrication
68The Vigilant
Performance Evaluation
• Low computation cost even if number of nodes on
increases
• Better immunity against DoS attacks
• Extends entire lifetime of the selected route under
condition that certain nodes are classified as mesh clientscondition that certain nodes are classified as mesh clients
69The Vigilant
Conclusion
• Discussed different kind of misbehaviors in control-plane
routing of AODV and DSR.
• Examined the solutions proposed by the 3 papers
• Paper 1: Kimaya Sanzgiri et al., “A secure routing protocol for Ad Hoc • Paper 1: Kimaya Sanzgiri et al., “A secure routing protocol for Ad Hoc networks (ARAN)”, IEEE ICNP, 2002
• Paper 2: Celia Li et al., “Secure Routing with Malicious Node Detection for Ad Hoc Networks (ARIADNE / I-ARIADNE)”, 22nd Int. Conference on AINA, 2008
• Paper 3: Chu-Hsing et al., “Secure Routing in Wireless Mesh Network (SEADOV)”, Int. Journal of Network Security, 2011
The Vigilant 70
Other Approaches
• Trust based
• Francesco Oliviero, Simon Pietro Romano, “A Reputation-based Metric for Secure Routing in Wireless Mesh Networks”
• Reputation based
• Shilpa S G, Mrs. N.R. Sunitha, B.B. Amberker, “A Trust Model for • Shilpa S G, Mrs. N.R. Sunitha, B.B. Amberker, “A Trust Model for Secure and QoS Routing in MANETs”
71The Vigilant