Escolar Documentos
Profissional Documentos
Cultura Documentos
w w w . c r y s y s . h u
Outline
routing protocols for ad hoc wireless networks attacker model securing the control plane
model on-demand route discovery proactive topology discovery
conclusions
reactive (on-demand)
distance vector (e.g., AODV) source routing (e.g., DSR)
routers try to maintain up-to-date routing information to all potential destinations for this reason, routers exchange routing control messages on a regular basis (to handle possible changes in the network topology) routing tables with next hop and routing metric value for destinations
neighboring routers exchange their routing tables with each other based on the received tables, each router updates its own table after some convergence period, each table contains correct metrics
Packet forwarding
topology based routing
routing table driven
next hop router toward the destination of a data packet is defined by the routing table
source routing
the header of each data packet contains the entire route that the packet should follow
target of attacks
control plane
effects have larger scope (e.g., entire parts of the network may become disconnected or use suboptimal routes)
data plane
effects have limited scope (e.g., a few communicating source destination pairs)
internal attacker
capabilities of an external attacker + full control over some (corrupted) routers
access to cryptographic secrets of corrupted routers (sending authentic msgs) re-programming of the behavior of corrupted routers (arbitrary deviations)
rationale: in most of the applications, the network is unattended and routers are not tamper resistant they can be physically attacked and compromised examples:
sensor networks deployed over a large geographical area for monitoring wild life routers embedded in vehicles mesh routers deployed in publicly accessible areas
result in dissemination of incorrect routing information, or prevent dissemination of routing information on the data plane:
deletion (by jamming) of data packets reordering (by jamming and replay) of data packets insertion of fake or modified data packets
internal attacks
on the control plane:
any deviations from the routing protocol (including sending incorrect routing information in an authentic manner)
10
Some observations
most of the external attacks can be thwarted by using cryptographic protection of routing control messages and data packets
an exception is jamming
physical layer countermeasures (e.g., spread spectrum) detection of and re-routing around jammed areas
11
Outline
routing protocols for ad hoc wireless networks attacker model securing the control plane
model on-demand route discovery proactive topology discovery
conclusions
12
effectiveness (liveness):
if a non-corrupted path exists between two non-corrupted routers, A and B, then eventually, the system gets into a state where A can potentially communicate with B
13
Network model
an ad hoc network is represented by a graph G(V, E)
V: vertices are routers (non-corrupted and corrupted) E: edges represent communication links (radio or wormhole)
V* V is the set of corrupted routers L is a labeling function that assigns IDs to routers with the following properties:
each ID is either compromised or uncompromised each non-corrupted router has a unique, uncompromised ID each corrupted router is labeled with all the compromised IDs each router can send messages under any of the assigned IDs {X,Y} {B} {X,Y} {G} {H} {E} {F} {X,Y} {C} {D}
{A}
14
Model of computation
in1 M1 out1
Mis are processes that represent non -corrupted routers Ais are processes that represent corrupted routers C is a process that represents the communication links between the routers processes communicate through buffers computation is performed in rounds
Mis and Ajs read all messages from their incoming buffers, and perform state transitions and write messages in their outgoing buffers C reads all messages from the outgoing buffers of the routers and copy those messages to the appropriate incoming buffers
broadcast communication is modeled by copying the message of a given router into the incoming buffers of all its neighbors
...
...
inAm Am outAm
15
computation:
each process Mi executes a program determined by the routing protocol each process Aj executes an arbitrary program
cryptographic primitives cannot be broken sends messages that are feasible to compute under any of the compromised identifiers
output:
internal state of the non-corrupted processes when the computation terminates conditions for termination depend on the type of the protocol
Laboratory of Cryptography and System Security
--- to be on the safe side
16
correctness:
only plausible routes are accepted by A (in every possible configuration)
effectiveness:
if a non-corrupted path exists between A and B, then A will accept a route (in every possible configuration)
the notion of plausible route captures the following unavoidable misbehaviors (tolerable imperfections)
neighboring corrupted routers can freely communicate with each other in a proprietary way logically they form one entity a corrupted router can pretend to be as many routers as many compromised IDs it has
17
neighboring adversarial nodes are joined it doesnt contain repeating IDs and it can be partitioned in a way that each partition P can be associated with a node v in G such that
P L(v), and neighboring partitions are associated with neighboring nodes in G
{A}
{A}
{X,Y}
{E}
{F}
{X,Y}
{E}
{F}
{X,Y}
AXYGC A|XY|G|C
Laboratory of Cryptography and System Security
--- to be on the safe side
18
A: hA = macAH( RREQ | A | H | id ) A * : [ RREQ, A, H, id, hA, (), () ] E: hE = H( E | hA ) E * : [ RREQ, A, H, id, hE, (E), (sigE) ] F: hF = H(F | hE) F * : [ RREQ, A, H, id, hF, (E, F), (sigE, sigF) ] H A: [ RREP, H, A, (E, F), (sigE, sigF), sigH ] *Y-C Hu, A. Perrig, D. Johnson. Araidne: A secure on-demand routing protocol
for ad hoc networks. Wireless Networks, 11(1-2), 2005
Laboratory of Cryptography and System Security
--- to be on the safe side
19
A: hA = H( A | ) A * : [ RREQ, S, T, id, hA, (, A), (, sigA) ] B: hB = H( B | hA ) B * : [ RREQ, S, T, id, hB, (, A, B), (, sigA, sigB) ] C: hC = H( C | hB ) C * : [ RREQ, S, T, id, hC, (, A, B, C), (, sigA, sigB, sigC) ] X: hB = H(B | hA) hX = H(X | hB) X * : [ RREQ, S, T, id, hX, (, A, B, X), (, sigA, sigB, sigX) ] T S: [ RREP, T, S, (, A, B, X, ), (, sigA, sigB, sigX, ), sigT ]
Laboratory of Cryptography and System Security
--- to be on the safe side
20
H F : [ RREP, A, H, id, (E, F), (sigH)] F E : [ RREP, A, H, id, (E, F), (sigH, sigF)] E A : [ RREP, A, H, id, (E, F), (sigH, sigF, sigE)] *G. Acs, L. Buttyan, I. Vajda. Provably secure on-demand source routing in
ad hoc networks. IEEE Trans. on Mobile Computing, 5(11), 2006.
Laboratory of Cryptography and System Security
--- to be on the safe side 7.3
mobile
21
case 1: Pj={Ni} and Pj+1={Ni+1} are non-corrupted partitions and the nodes v and v that belong to Ni and Ni+1 are not adjacent in G
v would detect that the previous ID in the list doesnt belong to a neighbor
case 2: Pj={Ni}, Pj+1={Ni+1,, Ni+k}, Pj+2={Ni+k+1} are two non-corrupted and a corrupted partition, and either the node v that belongs to Nj or the one v that belongs to Nj+k+1 is not a neighbor of the single corrupted node v*
a) v would detect that the next ID in the list doesnt belong to a neighbor b) v would detect that the previous ID in the list doesnt belong to a neighbor
Laboratory of Cryptography and System Security 22
Research problem 1
the proof does not work for more than one corrupted nodes
corrupted routers can pass information to each other even if they are not neighbors
covert channels (e.g., route request is flooded in the network) tunneling routing control messages within data packets
Is it impossible to ensure correctness in general? Is there a meaningful model where correctness can still be guaranteed?
23
example:
B
drop G E H F
if E is corrupted, then it can drop all route replies no route from A to F will be discovered, although there is a non -corrupted route A, D, G, F a rushing attack can make things even worse
Laboratory of Cryptography and System Security
--- to be on the safe side
24
Y-C. Hu, A. Perrig, D. Johnson. Rushing attacks and defense in wireless ad hoc network routing protocols. ACM WiSe, 2003.
Laboratory of Cryptography and System Security
--- to be on the safe side
25
Research problem 2
How to measure the performance of this approach? How to tune the parameters? Are there other ways to address the problem of effectiveness?
26
assume that A and B are two non-corrupted routers, and A initiates a route discovery towards B
computation terminates when this route discovery is completed (A receives a route reply or timeouts)
correctness:
non-corrupted routers in the network create only plausible routing entries (in every possible configuration)
effectiveness:
if a non-corrupted path exists between A and B, then A will receive a route reply from B that traversed a route from B to A (in every possible configuration)
Laboratory of Cryptography and System Security 27
Definition of plausibility
first attempt:
a routing entry (dst: D, nxt: N, metric: x) of a router v is plausible if
theres a neighbor v of v that uses the ID N theres a path from v to the node v that uses ID D such that this path does not contain v the length of this path is x-1
problems:
a sequence of corrupted routers may appear to be a single router perceived metric value of a path may be smaller than the real value a single corrupted router may emulate a cascade of routers (length is the number of compromised identifiers) perceived metric value of a path may be larger than the real value consequently, any metric computation is inherently unreliable, even if protected (e.g., using hash chains)
Laboratory of Cryptography and System Security
--- to be on the safe side
28
problem:
(H, F, 3)
(H, C, 3)
F B H D
(H, B, 4)
C (H, D, 4)
29
Research problem 3
What would be a meaningful definition of correctness for on -demand distance vector routing? Is it possible to design protocols that satisfy that definition?
30
correctness:
each non-corrupted router A computes a plausible topology
effectiveness:
if a non-corrupted path exists between two non-corrupted routers, A and B, then the topology that they compute contains at least one non -corrupted path between them
31
tolerable imperfections:
assume that A announces a link (A, B), while B does not announce this link
no way to decide which one of them is corrupted as A may be corrupted and B may be non-corrupted, a non-corrupted node should exclude link (A, B) from the topology but it may be also the case that A is non-corrupted and B is corrupted plausible topology can only be a subgraph of the real graph
assume that two corrupted routers A and B both announce a non -existent link (A, B)
link (A, B) should be included in the reconstructed topology we cannot require that a plausible topology is a subgraph of the real graph
32
*L. Buttyan, L. Dora, I. Vajda. Statistical wormhole detection in sensor networks. ESAS 2005
Laboratory of Cryptography and System Security
--- to be on the safe side
33
Research problem 4
How to reliably identify virtual links in the topology?
false negative:
virtual link is not detected routers may select routes that contain a virtual link
false positive:
a real link may be removed from the topology assumption that any two non-corrupted router is connected through a non-corrupted path may become invalid effectiveness may not be achieved
34
consider two non-corrupted routers, A and B, and assume that there is a non-corrupted path between them
the links of this path will be announced by each non-corrupted router of the path as explained above, A and B will get all these announcements the topology constructed by A and B will contain this path
Outline
routing protocols for ad hoc wireless networks attacker model securing the control plane
requirements on-demand route discovery proactive topology discovery
conclusions
36
37
Research problem 5
detection of faulty link requires a long time
if first router on the path is corrupted, then each round of the detection algorithm requires ~2nD time, where
n is the number of hops on the route D is an upper bound on the delay on a link
Herzberg and Kutten* proposed faulty router detection algorithms that need only O(n + fD) time, where
f is the number of corrupted routers on the path is the average delay on a non-faulty link
Is there a way to combine the adaptive approach with the early detection approach?
39
assumptions:
omni-directional antennae use of a single channel no power control
other problems:
when B transmits to C, A may receive something from another node collision at A A will falsely suspect B Bs transmission may be received by A but not by C B may skip retransmission A will falsely believe that the packet has been forwarded monitoring nodes may misbehave too B drops the packet, but A may not report this
40
Example: WATCHERS*
detection of routers that drop or misroute packets based on the conservation of flow principle
(amount of data going into A amount of data destined to A) must be equal to (amount of data coming out from A amount of data originating from A)
diagnosis procedure
snapshot of counter values is flooded in the network each router verifies its neighbors validation: neighbors counter must match the counters of its neighbors conservation of flow: difference between neighbors incoming traffic flow and its outgoing traffic flow must be below a threshold
41
Research problem 6
How to make this approach effective in practice?
how about reordering and modification of data packets? how about legitimate dropping of packets (TTL, congestion, ) ? how to determine threshold values used in the detection algorithm?
J. Hughes, T. Aura, M. Bishop. Using Conservation of Flow as a Security Mechanism in Network Protocols. IEEE Symp. on Security and Privacy (Oakland), 2000. A. Mizrak et al. Detecting and Isolating Malicious Routers. IEEE Trans. on Dependable and Secure Computing, 3(3), 2006.
Laboratory of Cryptography and System Security
--- to be on the safe side
42
Conclusions
securing routing is a complex problem
complexity of routing itself internal attacker model (Byzantine fault model)
practice
implementation of and experimenting with various approaches in real test beds (EU-MESH project: www.eu-mesh.eu)
remark:
routing problems in wired networks are similar while the principles are similar, design and implementation of mechanisms for wireless networks must take into account resource constraints (e.g., in sensor networks) and the broadcast nature of wireless channel
43
A book
written by
Levente Buttyan (BME) Jean-Pierre Hubaux (EPFL)
published in 2007 by
Cambridge University Press ISBN 9780521873710
intended to
graduate students researchers and practitioners
partners:
industry: Proximetry, Forthnet, Thales, Ozone academia: FORTH-ICS, CNR, TU Berlin, SUPSI, TU Budapest (BME)
45