1 / 38

Security in Mobile Ad Hoc Networks (MANETs)

Security in Mobile Ad Hoc Networks (MANETs). Group : NS. Farid Zafar Sheikh NS. Muhammad Zulkifl Khalid NS. Muhammad Ali Akbar NS. Wasif Mehmood Awan Department Of Electrical Engg. College Of E&ME (NUST) ,Rwp. INTRODUCTION. M obile A dhoc NET work (MANETs)

bill
Download Presentation

Security in Mobile Ad Hoc Networks (MANETs)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security in Mobile Ad Hoc Networks (MANETs) • Group : • NS. Farid Zafar Sheikh • NS. Muhammad Zulkifl Khalid • NS. Muhammad Ali Akbar • NS. Wasif Mehmood Awan • Department Of Electrical Engg. College Of E&ME (NUST) ,Rwp.

  2. INTRODUCTION • Mobile Adhoc NETwork (MANETs) • Adhoc On-demand Distance Vector (AODV) • Security Threats to existing protocols • Secure – AODV (SAODV) • Security analysis • Conclusion

  3. MANETs • One of the most prevalent areas of research in the recent years • Communication via wireless means without need of infrastructure • Nodes can perform the roles of both hosts and routers • No centralized controller and infrastructure • Dynamic network topology

  4. Advantages Of MANETs • Can access information and services regardless of geographic position • Can set up computer networks at any place and time • No need of dedicated infrastructure, hence cost-effective. • Can cope with Dynamic Topologies. • With improved algorithms, becoming more scalable.

  5. Disadvantages Of MANETs • Limited resources • Limited physical security • Limited Bandwidth, high error rate • Mutual trust vulnerable to attacks • Security protocols for wired networks cannot work well for ad hoc networks

  6. MANETs • Classification based on routing table maintenance. • Table Driven : Also called Proactive routing protocols. Maintain routes with every host at all time. • On-Demand : Also called Reactive routing protocols. Create routes to remote hosts on-demand.

  7. MANETs • Available ad hoc routing protocols • Proactive (table driven) approaches • DSDV (Destination Sequenced Distance Vector) • OLSR (Optimized Link State Routing) • Reactive (on demand) approaches • DSR (Dynamic Source Routing) • AODV (Ad-hoc On-demand Distance Vector)

  8. Ad hoc On-demand Distance Vector (AODV) • Uses routing tables, with one route entry per destination • Each entry stores next hop towards destination

  9. AODVRoute Discovery Process • Broadcasting route request (RREQ) packets • Each RREQ is uniquely identified by the sender address, destination address and request id • If the node is either the destination node or has a route to the destination node • Returns a route reply (RREP) containing the route, to sender

  10. 2 7 5 1 3 Source 4 6 8 Destination AODV Route Discovery Process Propagation of a Route Request (RREQ) Packet

  11. 2 7 5 1 3 Source 4 6 8 Destination AODVRoute Discovery Process Path Taken By the Route Reply (RREP) Packet

  12. AODVRoute Discovery Process • Maintaining “fresh-enough” routes • Uses sequence numbers • Node compares the destination sequence number of the RREQ with that of its route table entry • Either responds with its own route if entry is fresh, or rebroadcasts the RREQ to its neighbors

  13. AODVRoute Discovery Process • Loop prevention • Before forwarding route request, check broadcast_id of RREQ • Dropped those that were already processed • Routing table consists of ‘precursor’ & ‘outgoing’ lists • Precursor list of nodes that use node for forwarding packets • Outgoing list of nodes which act as ‘next hops’ in a route

  14. AODVRoute Maintenance • A routing table entry is “expired” if it is not used recently. • A set of predecessor nodes is maintained per routing table entry • These nodes are notified with a RERR if entry expires • If a link break occurs while the route is active, the node upstream of the break propagates a RERR message to the source node

  15. Attacks Possible On Existing Protocols • Attacks using modification • Attacks using impersonation • Other forms of attacks

  16. Attacks Using Modification • Cause redirection of network traffic and Denial of Service (DoS) attacks by • Altering the protocol fields in routing messages • Injecting routing messages into the network with falsified values in these fields.

  17. M Sn = 99 RREQB Sn = 99 Sn = 10 A B X Source Destination RREQB RREQA Attacks using Modification Redirection with modified route sequence numbers

  18. M RREQB Hop count = 0 Hop count = 0 Hop count = 2 A B X Source Destination RREQA RREQB Attacks using Modification Source Destination Redirection with modified hop counts

  19. RERR M D <M,C,D,X> <M,C,X> RERR A C X Source Destination Attacks using Modification Denial of service with modified source routes

  20. Attacks Using Impersonation • By impersonating another node (spoofing), a malicious node can launch many attacks in a network • Traffic belonging to impersonated node redirected to malicious node (eavesdropping). • Spoofing is readily combined with modification attacks to create loops in routes

  21. Attacks Using Impersonation • Malicious nodes don’t need to impersonate a single node of network • It can take up identity of multiple nodes of a network (Sybil Attack) • Data belonging to multiple nodes can be compromised

  22. Attacks Using Impersonation • By generating false RERR messages • Routes passing through targeted node would be disrupted

  23. RERR: D is broken M B D RERR: D is broken Routing entries for X A C X Source Destination Routing entries for X Attacks using Impersonation I amC!! Falsifying route error messages in AODV and DSR

  24. Other Forms of Attacks • Wormhole attack • Two attacker nodes A and Blinkedvia a private network connection • Aforwards every packet received through the wormhole to Bfor broadcasting, and conversely • Potentially disrupts routing by short circuiting the normal flow of routing packets

  25. SAODV • An extension of the AODV routing protocol • Providing security features like integrity and authentication. • Each node has a signature key pair from a suitable asymmetric cryptosystem (OpenSSL) • Each node is capable of securely verifying the association between the address of a given ad hoc node and the public key of that node

  26. SAODVDigital Signatures • Used to protect the integrity of the non­mutable data in RREQ and RREP messages • Sign everything but the Hop Count (mutable) of the AODV message and the Hash from the SAODV extension • When a node receives a routing message, it will verify the signature before any other action

  27. SAODVHash Chains • Used to authenticate the hop count of RREQ and RREP messages • Ensures that the hop count has not been altered by an attacker • Is formed by applying a one-way hash function repeatedly to a seed

  28. SAODVHash Chains • Calculating Top hash • Generates a random number as the “seed” • Set the Max_Hop_Count field in the message to the TTL value of the packet. • Determine the Hash function and use it to calculate the Top Hash which is obtained by hashing the seed Max_Hop_Count times. • Top Hash = hMax Hop Count (seed) Where: • – h is a hash function. • All this information is stored in the message

  29. RREQ / RREP Extension

  30. SAODVHash Chains • Verification of hop Count • When a node receives a RREQ or a RREP message • Applies the hash function Maximum Hop Count minus Hop Count times to the value in the Hash field, • Top Hash = hMax Hop Count – Hop_Count (seed) • Verifies that the resultant value is equal to the value contained in the Top Hash field. • If it is a valid message, • The node applies the hash function to the Hash value before forwarding it • All the fields mentioned above except the Hash field are protected by digital signatures in order to protect their integrity

  31. SAODVRoute Errors • RERR corruption may cause route destruction • Every node uses digital signatures to sign the whole message • Any neighbour that receives it verifies the signature • Destination Sequence no. never updated from RERR

  32. SAODVSecurity Analysis • The digital signature serves as proof of validity of the information contained in the routing message • Thus, formation of loops by malicious nodes through spoofing is prevented • Able to detect that the malicious nodes are sending out false messages.

  33. SAODVSecurity Analysis • A node attempting to transmit false RERR messages will not succeed • Digital signature will reveal that it is not on the route and hence is not supposed to send a RERR. • Sequence number in the RREQs and RREPs also protected by the digital signature. • Any modifications to the sequence number will invalidate the message

  34. SAODVSecurity Analysis • The hop authentication implemented using hash chains counters the ability of a malicious node for mounting an attack by modifying the hop count

  35. SAODVSecurity Analysis • SAODV is able to handle all attacks using either modification or impersonation • However, it is unable to cope with wormhole attacks.

  36. SAODVKey Management & Distribution • One approach can be that nodes are assigned keys on boot-up by a central authority • Assumption is that: • key distribution is already done • Every node has list of shared keys of network

  37. Conclusion • MANET’s are among the fastest evolving network designs • No need for infrastructure, hence installation costs are minimum. • Provided limited bandwidth and security threats are a BIG issue. • Security needs greater than for fixed topology networks due to ad hoc nature. • Security features can be incorporated using various cryptographic schemes • Security increases packet overhead, further reducing bandwidth. • No protocol yet designed which exhibits complete security features. • Hence, secure routing on Mobile Adhoc Networks still in an evolutionary phase.

  38. We thank you for your patience! open for questions , if any…

More Related