1 / 24

S E A D

S E A D. Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks Yih-Chun Hu, David B.Johnson, Adrian Perrig. Outline. Features of ad-hoc networks Attack types of ad-hoc networks SEAD VS DSDV One-way hash chains Message authentication SEAD VS DSDV Evaluation.

gittel
Download Presentation

S E A D

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. S E A D Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks Yih-Chun Hu, David B.Johnson, Adrian Perrig

  2. Outline • Features of ad-hoc networks • Attack types of ad-hoc networks • SEAD VS DSDV • One-way hash chains • Message authentication • SEAD VS DSDV • Evaluation

  3. Ad Hoc Networks • Unstable link • High mobility • Very limited computing resources • Easy to eavesdrop

  4. Assumptions • All links are bi-directional • No physical or MAC layer attacks • The network may drop, corrupt, duplicate, or reorder packets • MAC layer can detect randomly corrupted packets • Network diameter

  5. Security Threats to Ad Hoc Networks • Wireless communication allows remote attacker to Eavesdrop on all communication • Inject malicious messages into the network • Current ad hoc network routing protocols designed for a trusted environment • Highly susceptible to attacks! • Skilled attacker can prevent communication

  6. Possible Attacks • Ignorance attack (discarding packets) • Jam attack (jam routing packets) • Modification attack (modifying packets) • Replay attack (sending old advertisements) • Blackhole attack

  7. Our Goal • Does not need too much resource • Provides security features • It is robust enough against multiple uncoordinated attackers Developing a protocol that

  8. Distance Vector • DSDV is Based on Distance Vector routing. • It is easy to implement and is efficient in terms of required memory and CPU processing capacity.

  9. DSDV • Destination-Sequenced Distance-Vector routing protocol • Introducing a sequence number to prevent loops • Each node’s routing table is tagged with the most recent sequence number

  10. DSDV (cont) • When a node receives a routing update, the node does the update if the sequence number is greater or sequence number is the same but metric is lower.[same as AODV] • Routing updates are both “periodic and triggered”, and both “full dump or incremental”.

  11. DV vs. DSDV vs. SEAD DV DSDV

  12. DV vs. DSDV vs. SEAD (cont) SEAD

  13. Security features • Using one-way hash chains rather than asymmetric cryptographic operations • Digital Signature like RSA algorithm is used for Encryption and requires a lot of computation. • Using one way hash function is 10000 times faster than using RSA with 1024 bit length Encryption. • Which contradicts with ad-hoc networks nature, in which its Nodes may have a limited resources of CPU, Memory, Power

  14. One-way hash chains • Built on a one-way hash function. • H:{Input Value}*→{Output}p • Simple to compute but infeasible to invert • It is used to authenticate both Destination sequence number and Metric

  15. One-way hash chains • h1,h2,h3,…,hn • h0=x, some arbitrary value • hi=H(hi-1) for all 1≦i≦n • Given hi it is easy to verify the authenticity of hj, if j>i

  16. Message Authentication • The source node randomly pick up a value x in the beginning, and then it generates a hash chain: x=h0,h1,h2,…,hn • Suppose m is the network diameter, and n is divisible by m

  17. Message Authentication (cont) • For authenticating a routing update with sequence number i and metric j, it sends hn-i*m+j • The attacker can never forge better metrics or sequence numbers • Attacker can only generate worse metrics or sequence numbers

  18. Example m=5, n=20 i=sequence number, j=metric, m=network diameter, n=length of hash chain

  19. SEAD v.s. DSDV • SEAD doesn't delay any triggered update • When a node detects a broken link and send a routing update, SEAD doesn't increment the sequence number. Instead, it sets the metric to infinity • As sequence numbers are updated only with BetterMetric , so this will prevent attacks

  20. Evaluation • Scenario parameters • 1500m * 300m • 50 nodes • 20 Source-Destination Pairs • Maximal velocity : 20 m/s • Transmission range : 250m • Date Rate : 4 packets/second (512 bytes/packet) • SEAD parameters • Periodic updates missed before link is declared broken : 3 • Hash length : 80bits

  21. Conclusion (pros) • SEAD is robust against uncoordinated attacks • SEAD is very efficient if nodes in space are distributed randomly enough

  22. Conclusion (cons) • SEAD doesn't provide a way to prevent an attacker from tampering with “next hop” or “sequence number” columns • Hash chains are consumed very fast • Either new hn needs to be released very often or the hash chain to be rather long

  23. Questions?

More Related