Upload
jean-barnett
View
218
Download
1
Tags:
Embed Size (px)
Citation preview
Nodes Bearing Grudges: Towards Routing Security,
Fairness, and Robustness in Mobile Ad Hoc Networks
Sonja Buchegger
Jean-Yves Le Boudec
Security Issues
• Cooperation and fairness– Traffic forwarding– Resource saving
• Confidentiality of location– Military– Privacy
• No traffic diversion– Routing– Forwarding
Motivation
• Resource conservation (selfish)
• Better service
• Monetary gains
• Competition
• Stealing
Detection and Reaction
• Want to punish malicious and non-cooperative behavior
• Isolate the problem node
• Implement re-integration into network if possible
Secrets and Lies. Digital Security in a Networked
Worldby Bruce Schneier
• …a prevention-only strategy only works if the prevention mechanisms are perfect; otherwise, someone will find out how to get around them.
• “In theory there is no difference between theory and practice. In practice there is …”
The Grudger Protocol
• Observe node behavior
• Share information
• Components– Monitor (Neighborhood Watch)– Trust Manager– Reputation System (Node Rating)– Path Manager
Observation
• Ad hoc network• Node A sends packet
destined for E, through B.
• B keeps packet copy.• B snoops D.
A
B
C
D
E
The Monitor
• No forwarding
• Unusual traffic attraction
• Route salvaging
• No error messages during errors
• Unusually frequent route updates
• Silent route changes
The Trust Manager
• Trust function
• Trust level administration
• Forwarding of ALARM messages
• Filtering of incoming ALARM messages
The Reputation System
• Own experience: greatest weight
• Observations: lesser weight
• Reported experience: PGP trust weight
The Path Manager
• Path re-ranking based on security metric
• Deletion of paths containing malicious nodes
• Route request from malicious node
• Request for route containing malicious node
Within the Node
• Monitor checks behavior of neighbors• Events are forwarded to Reputation system• If an event threshold is broken, rating for
offending node is updated• If rating of offending node drops below
acceptable threshold, the Path Manager removes routes containing offending node
• ALARM message is sent by the Trust Manager
ALARM
• Sent by the Trust Manager• Type of protocol violation• Number of occurrences observed• Whether the message was self-originated
by the sender• Address of the reporting node• Address of the observed node• Destination address
Between nodes
• Monitor receives ALARM• Trust Manager checks rating of source• Reputation System updates number of
occurrences and accumulated rating*• Note
– *Either the source is fully trusted, or several partially trusted nodes have added to one completely trusted note
– Authentication is a prerequisite
Dynamic Source Routing (DSR)
A
B
CD
E
Route Request {E (A)}
Route Request {E (A)}
Route Request {E (A,C)}
Route Request {E (A,B)}
Route Request {E (A,B)} Route Request {E (A,B)}
Cache E
Dynamic Source Routing (DSR)
A
B
CD
E
Route Reply {A (E,B,A)}
Route Reply {A (E,D,C,A)}
Route Reply {A (E,D,C,A)}
Route Reply {A (E,B,A)}
Attacking DSR
• Incorrect forwarding• Traffic attraction• Route salvage for unbroken link• Short reply time• Set good metrics for bogus routes• Manipulate flow metrics• No Route Errors sent• Use bogus routes• Promiscuous mode to spy on traffic• DoS route updates at short intervals
Grudging Nodes
A
B
CD
E
Data {(A,C,D,E)}
Data {(A,C,D,E)}
XALARM (D, no forwarding, N) Data {(A,C,D,E)}
Testing
• “Performance Analysis of the CONFIDANT Protocol (Cooperation Of Nodes: Fairness In Dynamic Ad-hoc NeTworks)”
• GLOMOSIM
• Malicious nodes (Incorrect forwarding)
• DSR modifications
• Fortified vs. Defenseless networks
Fixed Parameters
• Area: 1000m x 1000m• Speed: uniformly distributed between 0 and 20 m/s• Radio Range: 250m• Placement: uniform• Movement: Random Waypoint• MAC: 802.11• Sending Capacity: 2 Mbps• Application: CBR• Packet Size: 64 B• Simulation Time: 900s
Varied Parameters
• Percent of malicious nodes: 0 – 100%
• Pause time: 0 – 900s
• Number of nodes: 10 – 50
Metrics
• Dropped packets (mean, %)
• Goodput: – Packets Received / Packets Originated
Results
• Every non malicious node was a “friend”
• Defenseless network: 70% packet loss
• Fortified network: >3% packet loss
• Overhead is small (ALARM messages)
• Performance is good even with up to 60% malicious nodes
• Pause time had the least performance influence
Research Pieces
• Event detection– Dropped packets– Mis-routed packets– TCP Syn flood
• Distributed Trust– Friends– No guarantee of connection to authority– Transitive relations
Follow-on
• Distributing reputations
• Authentication
• Immune Networking
• Based on the body’s immune system
• Goals – Learns through observations– Adapts to environment