Intégration du raisonnement sur la confiance pour la ... · PDF fileIntroduction Trust-Based Reasoning for OLSR Simulation and results - Example Conclusions and future works Int´egration

Introduction Trust-Based Reasoning for OLSR Simulation and results - Example Conclusions and future works

Integration du raisonnement sur la confiance pourla securite de OLSR

Asmaa Adnane 1, Christophe Bidan 1 and Ludovic Me1, Rafaelde Sousa 2

1Supelec, SSIR team (EA 4039) ,2University of Brasılia - LabRedes, supported by CNPq - Brazil

14th October 2008

A. Adnane, C. Bidan, L. Me, R. de Sousa

Integration du raisonnement sur la confiance pour la securite de OLSR


Plan

1 Introduction

2 Trust-Based Reasoning for OLSR

3 Simulation and results - Example

4 Conclusions and future works




Introduction

Ad hoc route discovery and maintenance introduce specificsecurity problems for routing protocols to prevent, detect orrespond.

Solutions to secure these routing protocols using somecentralized units or trusted third-parties actually constrain theself-organization of ad hoc networks.

For OLSR, we propose the integration of trust reasonings intoeach node behavior, so as to allow a self-organized trust-basedcontrol to help nodes to detect misbehavior attacks.




Notion of trust

The fact that an entity A trusts an entity B in some respectmeans that:

A believes that B will behave in a certain way and performsome action in certain specific circumstances.A actually believes that B has the potential to carry out therelated tasks competently and honestly.

Different types/classes of trust depending onaction/circumstance.

Direct and derived (by means of recommendations) trustrelationships.




Trust specification language [2]

A trusts B with respect to (doing) the action cc :

A trustscc(B)

A trusts the recommendations of entity B about the capacityof other entities to perform action cc :

A trusts.reccc (B) when.path[S ] when.target[R]




Characteristics of the OLSR protocol (1/2)

Flooding routing OLSR routing




Characteristics of the OLSR protocol (2/2)

Proactive link-state routing protocol, with a floodingmechanism to diffuse link state information.

Multi-point relays (MPRs) are selected nodes that forwardmessages during the flooding process.

HELLO messages:

Sent periodically by a node to advertise its links.Allow a node to establish its view of the 2-hop neighborhood,then MPR selection.

TC messages:

Convey the topological information necessary for computingroutes.Periodically broadcast by MPRs advertising link state tosymmetric neighbors.




Notations

MANET : the set of the whole MANET nodes.

LSx : Link Set.

NSx : Neighbor Set.

2HNSx : 2-Hop Neighbor Set.

MPRSx : MPR Set (MPRx ⊆ NSx).

MPRSSx : MPR Selection Set.




Validation process

Validation of basic belief.

Validation of MPR selection:

Validation of local view.Validation of neighbors view.




Validation of basic belief (1/2)

In [3] authors present intrinsic properties of the protocol regardingthe expected correct behavior in message processing and routingorganization.

TCY ⊆ HELLOY

X ∈ TCY ⇒ Y ∈ MPRSX

TCY = (TCY )Z




Validation of basic belief (2/2)

In term of trust :

HELLO and TC message of any neighbor must be consistent:

XHELLOY←− Y ,X

TCY←− Y ,TCY * NSY ⇒ X¬trusts(Y )

Received TC must be consistent with local MPR selection:

XTCY←− ∗, X ∈ TCY , Y /∈ MPRSX ⇒ X¬trusts(Y )

TC messages can not be modified before forwarding:

XTCY←− Y , ∃m ∈ MPRSY , TCY 6= (TCY )m

⇒ X¬trusts(Y , m)




Validation of MPR selection

MPR Selection is a critical operation as it provides each node theaccess to the network. In our approach, after the MPR Selectioneach node should verify the two following points:

1 the nodes selected as MPR must behave correctly regardingthe operations of broadcasting TC messages and forwardingTC messages and data packets originated by MPR selectors;

2 the local choices of MPRs by a node must be in accordance toglobal topology information received by this node.




Validation of the local view

Consistency of the symmetric link:

XHELLOY← Y ,X

HELLOZ← Z ,Z ∈ NSY ⇒ Y ∈ NSZ

In term of trust :

Figure: False link advertised by Y or Z

XHELLOY← Y ,X

HELLOZ← Z , (Z ∈ NSY ,Y /∈ NSZ )or (Y ∈ NSZ ,Z /∈ NSY )⇒ X¬trusts(Y ,Z )




Supervising MPR behavior

MPR selection leads to the following expression :

∀ Y ∈ MPRSX : X trustsfw (Y )

this trust relation is broken in the following situation :

Checking TC message generation:

Y ∈ MPRSX , (XTC8 Y ) or (X

TC← Y ,X /∈ TCY )⇒ X¬trusts(Y )

Checking data packet and TC message forwarding:

Y ∈ MPRSX , (XTCX→ ∗,X TC8 Y ) or (X

DATA→ ∗,X DATAX8 Y )⇒ X¬trusts(Y )




Validation of neighbor view (1/4)

If A,B ∈ NSX and NSA = NSB , then a common neighbor ofA and B must not select both of them as MPRs:

NSA = NSB ⇒ MPRSSA ∩MPRSSB = ∅





If A,B ∈ NSX and NSB ⊂ NSA, then B should not beselected as MPR, all its neighbors will select A as MPR, so Bshould not generate a TC message:

NSB ⊂ NSA ⇒ MPRSSB = ∅





If 2 neighbors, X and Y , have the same neighbors (NS), theyshould also select the same MPRs:

NSX − {Y } = NSY − {X} ⇒ MPRSX = MPRSY or

∀Z ∈ MPRSX , ∃W ∈ MPRSY : NSZ = NSW





In term of trust :

XHELLOA← A,X

HELLOB← B,NSA ⊆ NSB ,∃Z ∈ TCA ∩ TCB ⇒ X¬trusts(A,B,Z )




Implementation

GlomoSim Simulator and the OLSR patch developed by theNiigata University .

Several attack scenario:1 Attack 1: the attacker advertises wrong links information to be

selected as the only MPR by target nodes in order to controlits messages.

2 Attack 2: The attacker does not advertise that it has beenselected as MPR by another nodes.

3 Attack 3: The attacker selected as MPR will not broadcastpackets of target nodes.

In the following, we discuss only results with 100 nodes usingthe first attack scenario.




Detection rate regarding only the concerned nodes bythe attack




Figure: Network example: A is the attacker, T is the Target




Scenario of the attack(1/2)




Scenario of the attack(2/2)




Detection of the attack(1/5): Set of concerned nodes




Detection of the attack(2/5): The target

Inconsistencies between (HELLOA, HELLON7, HELLON8), (TCA,

HELLON7, HELLON8) and (NSA, NSN2, NSN20):




Detection of the attack(3/5): The faulty links

Inconsistencies between HELLOA, TCA and (NSX , X ∈ {7, 8, 9, 21, 22}):




Detection of the attack(4/5):The neighbors of faulty links

Inconsistencies between (TCA, NS7, NS8, NS9) and (TCA, NS21, NS22):




Detection of the attack(5/5): common neighbors

Inconsistencies between (NSA, NSN2, NSN20):




Conclusions and future works

Conclusions

Identification of trust-related properties .

Each node is enabled to mistrust misbehaving nodes bycorrelation of received messages and deductions using thetrust rules.

MPR selection can be validated by exploiting trust propertiesand relations.

The simulation using attack scenarios shows the effectivenessof using mistrust to detect some known attacks against OLSR.




Conclusions/future works

Past (Future works) :-) !

Trust-based reasoning in OLSR nodes can also be useful forrouting table validation,

Trust management module for OLSR without modifying theprotocol.

Measure the impact of trust-based reasoning on the protocol,not only to detect attacks, but to react and take measures tocounter them, while preserving the auto-organization of the adhoc environment.




Bibliography

Clausen T, Jacquet P (2003) IETF RFC-3626: Optimized LinkState Routing Protocol OLSR.

Yahalom R, Klein B, Beth T (1993) Trust Relationships inSecure Systems - A Distributed Authentication Perspective. In:SP’93: Proceedings of the 1993 IEEE Symposium on Securityand Privacy. IEEE Computer Society, Washington, USA.

M. Wang and L. Lamont and P Mason and M. Gorlatova(2005) : An Effective Intrusion Detection Approach for OLSRMANET Protocol. In the first Workshop on Secure NetworkProtocols (NPSec). Boston, Massachusetts, USA.




This is the end ...

Integration du raisonnement sur la confiance pour lasecurite de OLSR

Questions and remarks ?



Documents

Intégration du raisonnement sur la confiance pour la ... · PDF fileIntroduction Trust-Based Reasoning for OLSR Simulation and results - Example Conclusions and future works Int´egration