Documente Academic
Documente Profesional
Documente Cultură
Guided by:-
Presented by:-
Outline
Ad Hoc Networks DSDV Possible Attacks SEAD Conclusion
Ad Hoc Networks
A network without the usual routing infrastructure such as base stations and access points. Quickly and inexpensively set up as needed May arise in personal area networking, meeting rooms and conferences, disaster relief and rescue operations, battle field operations, etc. Routing protocol difficult to design as:
Highly dynamic nature Limited resources including bandwidth, processing capacity, memory, battery power
Routing Protocols
Routing Protocols for Ad Hoc networks
Periodic protocols (proactive) On-demand protocols (reactive) (hybrids of two)
SEAD base on
DSDV (Destination-Sequenced Distance-Vector ad hoc network routing protocol)
DVR
Distance Vector Routing
Easy to implement Efficient (memory/cpu) Path calculation
Bellman-Ford
16/02/2004
Example:
16/02/2004
DVR
Distance Vector Routing
Routing information exchange
Periodically Triggered update
DVR
Counting to infinity problem (looping)
E tell C(Dest: A, Distance:2) from me
DSDV
DSDV
Addition of sequence number to prevent loops Routing table is tagged
with the most recent sequence number
DSDV
Dest
MH1 MH2
Next-hop
MH2 MH2
Metric
2 1
Seq #
S406 S128
MH3
MH4 MH5 MH6 MH7 MH8
MH2
MH4 MH6 MH6 MH6 MH6
2
0 2 1 2 3
S564
S710 S392 S076 S128 S050
MH4 MH6
DSDV
Node receives a routing update
update if sequence number
> orig. = orig. and metric is lower
Routing updates
Periodic Triggered (metric update/new seq. num)
DSDV-SQ
11
DSDV
No Counting to infinity problem (looping)
B tell C(Dest:A,Dist:infinity,S.no: s1>prev)
E tell C(Dest:A,Dist:2,S.no:<s1)--ignored
Assumptions
All wireless links in the network are bidirectional No physical or MAC layer attacks Wireless network may drop, corrupt, duplicate, or reorder packets MAC layer can detect randomly corrupted packets Network diameter(m-1 upper bound) Nodes in ad hoc network may be resource constrained
13
Possible Attacks
Ignorance attack (discarding packets) Jam attack (jam routing packets) Modification attack (modifying packets) Replay attack (sending old advertisements) Wormhole attack
Virtual vertex cut
14
Message Authentication
Ad Hoc wireless network
Infeasible to use asymmetric crypto operations (such as digital signatures)
SEAD
one-way hash functions to do message authentication H:{0, 1}* {0, 1} : length in bits
Tree-Authenticated Values
Values from a one-way hash chain are very efficient to verify, but only if values in sequence Tree structure is used for more efficient authentication of values To authenticate v0, v1, vw-1, place them a leaf nodes of a binary tree blind all the values with a one-way hash function H, vi = H(vi) Use Merkle[1] hash tree construction to commit to the values v0, ... vw-1 Each internal node of the binary tree is derived from its two child nodes
m_parent = H(m_left || m_right)
17
Example:
Sender want to authenticate key v2
It includes values v3, m01, m47 Receiver with an authentic root value m07 verify that H[ H[m01 || H[H[v2] || v3]] || m47] == stored m07
m07
m03
If the verification successful, the receiver knows that v2 is authentic
m23 v'2
H[ H [m01 || H[ H[v2] || v3 ] ]
|| 18 ] m47
SEAD
19
SEAD
dest
MH1 MH2 MH3
metric
3 4 3
n. hop
MH5 MH3 MH6
seq #
12 12 12
hash val
83DF733A B938E96C F2002330
20
3. Releases hn to everybody
21
hn-i*m+j
22
Hn-i*m+j
2 3 4
j=0
h15 h10 h5 h0
h16 h11 h6 h1
h17 h12 h7 h2
h18 h13 h8 h3
h19 h14 h9 h4
B
j=0 1 i=1 h9 2 3 4
C
2
h10 h7 h4 h1
h11 h8 h5 h2
dest metric B 0
n. hop B
seq # 1
hash val h9 of B
h6 h3 h0
dest metric
n. hop
seq #
hash val
i: seq # j: metric
h9 of C
24
B
j=0 1 i=1 h9 2 3 4
C
2
h10 h7 h4 h1
h11 h8 h5 h2
dest metric B A C 0 1 1
h6 h3 h0
i: seq # j: metric
dest metric C B 0 1
B
j=0 1 i=1 h9 2 3 4
C
2
h10 h7 h4 h1
h11 h8 h5 h2
dest metric
B A C
n. hop
B A C n. hop C B B
seq #
2 2 2 seq # 2 2 2
hash val
h6 of B h7 of A h7 of C hash val h6 of C h7 of B h8 of A 26
h6 h3 h0
i: seq # j: metric
dest metric C B A 0 1 2
27
Neighbor authentication
Ensures that the routing information originates from the correct sender assume a shared secret key among each pair of nodes, and use the respective key in conjunction with a Message Authentication Code Each node maintains a neighbor table Each node trusts any zero-metric update with a valid authenticator
if a node has received such an update from another node for a recent sequence number, it considers that node a neighbor and computes a Message Authentication Code for it in subsequent updates.
28
SEAD vs DSDV
SEAD doesn't use an average weighted settling time average weighted settling time
Average time between node receive
first update best update
SEAD doesnt delay any triggered update When a node detects a broken link and send a routing update, SEAD doesn't increment the sequence number. Instead, the node flags its routing table entry for this destination to not accept any new updates for this same sequence number
29
Security Analysis
Given an advertisement for a route
metric: h hops sequence number: s
Security Analysis
An attacker that has not compromised any node (and hence does not possess any cryptographic keys from a node) cannot successfully send any routing messages, since an uncompromised neighbor node will reject the messages due to the failed neighbor authentication SEAD is robust against non-collaborating attackers:
Attacker cannot advertise a better route than it has heard
Security Analysis
If attackers form a vertex cut between two groups
No routing protocol can eliminate such attacks
32
Conclusion
SEAD
Robust against attacks Efficient if nodes in space are distributed randomly enough Doesn't provide a way to prevent an attacker from tampering with next hop or destination columns
Refrences
1. Andrew S. Tanenbaum, Computer Networks 2. Guoyou He, Destination-Sequenced Distance Vector (DSDV) Protocol 3. Willian Stallings, Cryptography and Network Security-Principles and
Practices.
34
Questions?
35
Thanks to All
36