View
215
Download
2
Tags:
Embed Size (px)
Citation preview
Network Access Control for Mobile Ad Hoc Network
Pan Wang
North Carolina State University
2
Outline
• Background
• Problem statement
• Related work
• Proposed scheme– Key Synchronization– Packet Retransmission
• Analysis, simulation and field test
• Summary
3
Background
• Mobile Ad Hoc Network (MANET)– A MANET consists of mobile platforms (e.g., a
router with multiple hosts and wireless communications devices), which are free to move about arbitrarily. -- IETF RFC2501
– Characteristics of MANET• No pre-determined infrastructure
• Ease of deployment
• Dynamic topologies (e.g., mobility, network partition )
• Constrained resources (e.g., bandwidth, energy )
4
Background (Cont)
• Network access control– Not media access control – Who has the right to access the network
• Physical*
• Technical *
• Administrative *
– Firewalls • Conventional network
• Using network topology and service information
* H. F. Tipton, Handbook of information security management
5
Problem Statement
• An attacker may inject “bogus” packets to consume the network resources, or insert itself into critical routes
• No mature access control scheme for MANET– more complicated due to open media and dynamic
topology
6
Related Work
• DHCP Access Control Gateway
• Kerberos
• Distributed firewall
• Pebblenets
• Distributed access control scheme for consumer operated MANET
• LHAP
7
Related Work --Cont
• LHAP: a lightweight hop-by-hop authentication protocol for ad-hoc networks– Based on one-way key chain and TESLA– Hop-by-hop authentication– Each transmitted packet associated with a traffic key, – Receiver (or intermediate node) verifies to decide whether
forward (accept) the packet
C
A
B
D
(i)KFA
(i)KFA
S
Cert &Commit
S
M, KF(i)
S
M, KF(I+1)
8
Proposed Scheme – cryptographic tools
• Group key agreement• Group key distribution
– Controller chooses key
– Stateful vs. Stateless
• Stateless key distribution – Each user is assigned an
unique set of personal keys
– New key is encrypted with the personal keys only known to the legitimate users
– Nice stateless property
k1 k2
K1-
2
K3-
4
k3
k4
K1-
4
M1 M2 M3 M4
9
Proposed Scheme – underlying models
• Network model– All nodes come from one domain – A node’s access to the network is controlled by a
domain manager (i.e., key manager) – Each node has a unique ID and a set of personal
secret keys
• Attack model– Attackers inject packets to deplete the resources of
node relaying the packets
10
Proposed Scheme - outline
• Basic idea– Cryptography-oriented (using group key)
– Authenticate all the packets with a network-wide access control (group session) key.
– Any “bogus” packet that has incorrect authentication information will be filtered out immediately.
– As a result, illegitimate nodes will be excluded from communication (routes).
•pan wang:•pan wang:
11
Research challenges
• Two critical challenges – Synchronization of network access control key
– Interaction between data transmission and key distribution
If these two challenges can be solved, the proposed group key based network access control scheme will be done.
12
Key Synchronization
• Problem statement– A key update message may fail to propagate
across MANET. Thus, two legitimate user may simultaneously hold different session key (lack of key synchronization)
13
Key Synchronization (Cont-1)
• An example of lack of key synchronization
A
B
C
DE
KeyManager
P1
P2
P3
F*
F
14
Key Synchronization (Cont-2)
• Solution– Exploit the stateless feature of the proposed
stateless group key distribution scheme
– Each user buffers the key update message most recently received
– Transmit the buffered message to the other users that are using old session keys
15
Key Synchronization (Cont-3)
• Scheme details– Proactive part
• Broadcast the buffered key update message every t time unites
– Reactive part• Send a key synchronization request, if a received
packet has higher session ID
• Send the buffered key update message, if a received packet has a lower session ID
16
Key Synchronization (Cont-4)
• Illustration of the proposed key synchronization scheme
B
A
S E
F
H
J
D
C
G
IK
M
N
LB
A
S E
F
H
J
D
C
G
IK
Broadcast
M
N
LB
A
S E
F
H
J
D
C
G
IK
M
N
LB
A
S E
F
H
J
D
C
G
IK
M
N
LB
A
S E
F
H
J
D
C
G
IK
M
N
LB
A
S E
F
H
J
D
C
G
IK
M L
N
Represents a node that has the most recent key
17
Key Synchronization (Cont-5)
• Security analysis (possible attacks)– Resource consumption via forged key update
message• Solution: lightweight authentication methods (One-
way key chain & Merkle hash tree)
– Resource consumption via forged data packet• Constrained to one-hop •
– Logically partition MANET via refusing forwarding key update message
• Multiple paths, watchdog
18
Key Synchronization (Cont-6)
One-way key chain
k0 k1 ki ki+1 kn-1 kn
k0=h(k1) ki=h(ki+1) kn-1=h(kn)
19
Key Synchronization (Cont-7)
Merkle hash tree
m07
m01
m0 m1
k0 k1
m23
m2 m3
k2 k3
m45
m4 m5
k4 k5
m67
m6 m7
k6 k7
m03 m47
m0=f(k0)
m01=h(m0,m1)
m03=h(m01,m23)
m07=h(m03,m47)
20
Key Synchronization (Cont-8)
• Performance analysis– Rely on the adopted stateless group key
distribution scheme
– Storage• One message
– Computation
– Communication• Depends on t and number of users using an old key
21
Packet Retransmission
• Problem statement – The interaction between data transmission and key
distribution. That is, in the case of a lack of key synchronization, a user may receives some (unverified) packets authenticated with a different session key.
22
Packet Retransmission (Cont-1)
• Possible options– Simply drop
– Buffer and then verify
– Synchronize the keys before sending every data packet
• All of them have serious drawbacks
23
Packet Retransmission (Cont-2)
• Proposed solution– Drop, synchronize keys, and then retransmit.
– ACK mechanism
– Unicast & broadcast
D
S B2. ReTx Request
4. ReTx Packet
1. Tx failed due tolack of key Syn
3. Key SynA
5. ACK
24
Algorithm of the proposed scheme
25
Packet Retransmission (Cont-3)
• Security analysis (possible attacks)
– Resource consumption attack
– Forged ACK message
– Packet modification
26
Packet Retransmission (Cont-4)
• Performance analysis– Computation
• Authentication & verification
• Pentium 4 2.1 GHz processor *
MD5 216.674 MB/s SHA-1 67.977 MB/s
– Communication• Retransmission rate
27
Simulation Evaluation
• The simulation modal– 40/80 nodes randomly
placed in a fixed area (a square of size 1km x 1km)
– Random walk with a maximum speed 20m/s
– Communication range 200m
– 2000 simulations, using different random number seeds
0%
20%
40%
60%
80%
100%
20 40 60 80 100
Number of Nodes
Perc
enta
ge o
f Rea
chab
le N
odes
28
Simulation Evaluation (Cont-2)
Average percentage of nodes which got the latest session key
0%
20%
40%
60%
80%
100%
1 2 3 4 5 6 7 8
Rounds of Key Update (P_lost=0, 40 nodes)
Stateful Scheme
Stateless Scheme
After 1 Cycle of K. Syn
After 2 Cycles of K. Syn
After 3 Cycles of K. Syn
0%
20%
40%
60%
80%
100%
1 2 3 4 5 6 7 8Rounds of Key Update (P_lost=0.25, 40 nodes)
Stateful Scheme
Stateless SchemeAfter 1Cycle of K. Syn
After 2 Cycles of K. SynAfter 3 Cycles of K. Syn
29
Simulation Evaluation (Cont-3)
Average percentage of nodes which got the latest session key
65%
70%
75%
80%
85%
90%
95%
100%
1 2 3 4 5 6 7 8
Rounds of Key Updaye (P_lost=0, 80 nodes)
Stateful Scheme
Stateless Scheme
After 1 Cycle of K. Syn
After 2 Cycles of K. Syn
After 3 Cycles of K. Syn
65%
70%
75%
80%
85%
90%
95%
100%
1 3 5 7Rounds of Key Updates (P_lost=0.25, 80 nodes)
Stateful Scheme
Stateless Scheme
After 1 Cycle of K. Syn
After 2 Cycles of K. Syn
After 3 Cycles of K. Syn
30
Simulation Evaluation (Cont-4)
0%
2%
4%
6%
8%
10%
12%
14%
0 0.5 1 1.5 2 2.5 3
Packet Sending Rate (# packets per second )
Re
tra
ns
mis
sio
n R
ate
40 nodes
80 nodes
31
Implementation
• Based on Netfilter
• Two daemons– Adopt the stateless scheme proposed by Liu & Ning
Pre-Routing ROUTE Forward Post-
Routing
ROUTE
LocalOut
Verification Authentication
LocalIn
32
Field Test
• Test bed– One Dell P4 laptop with Linux 9.0 (kernel 2.4.20)
– Two Compaq iPAQ 3970 PDAs with Familiar v0.7.2 (kernel 2.4.19-rmk-pxal-hh30)
– Lucent Orinoco wireless cards
• Tests– Key distribution
– User revocation
– Packet authentication and verification
– Key synchronization
33
Summary
• Network access control is an important issue for MANET
• Cryptography-oriented solution exploiting the stateless feature of stateless group key distribution scheme
• Simulation as well as functioning prototype indicates it practical and effective
34
Question