Security in Mobile Ad Hoc Networks: Challenges and Solutions
-
Upload
buckminster-allen -
Category
Documents
-
view
23 -
download
0
description
Transcript of Security in Mobile Ad Hoc Networks: Challenges and Solutions
Security in Mobile Ad Hoc Networks: Challenges and Solutions
Yang et. alUCLA Computer Science Dept.IEEE Wireless 2004
Outline
Motivation and background Attacks Network layer security
Secure routing Secure forwarding
Link layer security Conclusion
Motivation
MANETS recent popularity Self-configuration Self-maintenance
Challenges to security Open network architecture Shared medium Resource constraints Dynamic topology
Goals of MANET Security Protect network connectivity over
multi-hop wireless channels Link level solutions + network level
solutions Approaches
Proactive Reactive
Considerations Overhead versus performance
Attacks (Network Layer) Routing attacks
Attempt to “screw up” the others’ routing tables (remote effect)
Forwarding attacks Leave routing tables alone, but change
delivery of packets (local effect) Attack dependent on underlying
protocol Effects
Attacks (Link Layer)
Key attacks WEP
DoS attacks Manipulation of backoff interval Easy corruption of other’s data
Effects are compounded at higher layers
Solution Outline – A Multi-fence Security Solution
Challenges Distribution Involve multiple layers Attack awareness Completeness
Network Layer Security Overview
Message authentication primitives Secure routing Secure forwarding
Message Authentication Primitives
Message authentication code One-way hash function based on shared
key Send data + MAC Verified only by intended receiver Low computational overhead Storage requirement
O(n2) keys
Message Authentication Primitives
Digital signature Public key infrastructure w/ certificates Encrypt w/ private and decrypt w/ public Verified by all receivers High computational overhead Storage requirement
O(n) keys Certificate revocation lists
Less resilient to DoS attacks
Message Authentication Primitives One-way Hash-based Key Chain
Key chain generated by repeated application of MAC
Keys used in reverse order Verified by nodes w/ commitments Lower computational overhead Storage requirement
Buffer messages, key chains Delayed, lost keys
Extra communication and time synchronization Key revelation
Secure Routing
Usually proactive approach Authenticate source and routing
information Based on routing protocols
Source-based routing Distance vector routing Link state routing Others
Secure Source-based Routing
Append node ids to dynamically create routing path
Goal: Prevent intermediate nodes from altering routing list
End-to-end verification of nodes in paths
Example protocol (Adriadne) uses hash chaining technique
Secure Source-based Routing (2)
e.g. Ariadne (on DSR)
Secure Distance Vector Routing Advertise global shortest paths to
neighbor Based on a distance metric
Goal: ensure correct advertisement of distance metric and authentic sender
Authenticate aggregation of metric Unclear example in the paper that
used hash chain on hop count
Secure Link State Routing
Discover neighbors and broadcast that info to everyone
Links only added if bidirectional Nodes can collude
Goal: authenticate both neighbor discovery and neighbor broadcast
Example protocol (SLSP) uses digital signatures
Other Secure Routing Protocols Broadcast and reply like SBR
Difference route is constructed on the reply Goal: Authenticate link to link
One reply is sent back Possible sub-optimal path or failure
Other Secure Routing Protocols Broadcast both ways to provide redundancy
Improved path length Use of path metric
More communication and less computation
Secure Packet Forwarding
Prevention impossible Detection
Monitor neighbors Probe path (for failures)
Reaction Related to prevention mechanism Global End-host
Open Challenges Larger problem space
Thwart attacks but include failures, misconfigurations, and network overload
Intrusion toleration Make system robust in the presence of attacks
Larger solution space Supplement encryption with other mechanisms
(connectivity or route redundancy) Use redundancy on system and protocol
levels
Open Challenges Collaborative approach
Trust groups of nodes Multi-fence
Devices, layers, protocol stacks, solutions
Better analysis tools Performance tradeoffs Security tradeoffs Interaction of both
Conclusions
High level description of security issues in MANETS
Focused on network layer Especially routing
Proposed “resiliency-oriented” multi-layered solution design – increased fault tolerance in security systems
Called for better analysis models