Security for the Optimized Link-State Routing Protocol for Wireless Ad Hoc Networks

1. Security for the Optimized Link-State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab

2. Outline • Wireless Ad hoc Networks • Wireless Ad hoc Routing Protocols • OLSR Routing Protocol • Security of Wireless Networks • Security of Ad hoc Routing Protocols • MSc Project • Security for the OLSR Routing Protocol • Implementation and Testing

3. Wireless Ad hoc Networks(1) • Conventional wireless networks consist of wireless clients talking to an Access Point (AP) • Wireless Ad hoc networks are decentralised • Dynamic, nodes can join and leave at any time • Nodes communicate directly with other nodes in wireless range • Out-of-range nodes are reached via intermediate nodes in a multi-hop nature

4. Wireless Ad hoc Networks(2) Regular Wireless Network Wireless Ad hoc Network

5. Wireless Ad hoc Networks(3) • If node A needs to reach node B, how does A know which path leads to B? • This is the responsibility of an Ad hoc Routing Protocol

6. Wireless Ad hoc Routing Protocols(1) • Nodes out of range communicate via intermediate nodes • Serve as routers • Perform data forwarding • Several routes may exist between any two nodes • A simple data multicast approach would work • Highly inefficient • Waste of network resources

7. Wireless Ad hoc Routing Protocols(2) • Ad hoc routing protocols attempt to discover optimal routes to all nodes • There is a large classification of wireless ad hoc routing protocols • Classified in two main categories • Table-Driven (Proactive) • On-Demand (Reactive)

8. Wireless Ad hoc Routing Protocols(3) • Proactive Protocols • Rely on constant communications with other nodes to maintain an overview of networks routes • High overhead; Readily available routes • Reactive Protocols • Initiate route discovery only when a route to a node is required • More efficient; Delay in establishing route

9. The OLSR Routing Protocol(1) • The Optimized Link-State Routing (OLSR) protocol is a proactive routing protocol for wireless ad hoc networks • OLSR consists of the following main tasks: • Link and Neighbour detection • Multi-Point Relay Selection • Topology information diffusion

10. The OLSR Routing Protocol(2) • Link and neighbour detection through periodic emission of “Hello” messages • Topology information is diffused using topology control (TC) messages via multi-point relay nodes

11. The OLSR Routing Protocol(3) • Generic Packet Format

12. The OLSR Routing Protocol(4) • Messages are processed and transmitted from source to destination independently of one another • The generic OLSR packet is simply a point-to-point carrier for the messages between two immediate neighbours

13. Security in Wireless Networks(1) • Wireless networks are highly vulnerable due to the open nature of the technology • Authenticity, confidentiality, and integrity mechanisms are essential • Eavesdropping • Spoofing • Data modification

14. Security in Wireless Networks(2) • The IEEE 802.11i standard is a security amendment for the IEEE 802.11 wireless standard • IEEE 802.11i specifies the security mechanisms offered in the Medium Access Control (MAC) layer • Point-to-point security association between two entities

15. Security in Wireless Networks(3) • In a multi-hop environment, MAC layer security is not enough • End to end security may require security mechanisms employed higher up in the stack

16. Security in Wireless Networks(4)

17. Security of Ad hoc Routing Protocols(1) • Ad hoc routing protocols are generally designed with efficiency as a priority • Security adds overhead • Security is often neglected in the initial design • There is an implicit assumption that nodes are trustworthy

18. Security in the OLSR Protocol(1) • The project aim • Incorporate end to end security mechanisms for each control message • Authentication • Integrity • Replay protection – timestamps • Mutable field protection • Optional encryption/decryption of OLSR packets between neighbouring points

19. Security in the OLSR Protocol(2) • Application level security

20. Security in the OLSR Protocol(3) • Security-aware OLSR control message

21. Signature Schemes • Two signature schemes have been used in the implementation • Shamir’s Identity-based scheme • One-time Signature scheme known as Hash to Obtain Random Subset(HORS) • Aim was to perform a comparison of the two schemes when used to sign OLSR messages

22. Shamir’s Identity-based scheme • Based on RSA public key system • Like RSA, is computationally expensive • A user’s public key is derived from public knowledge of the user, such as it’s IP address or email address • Prevents the need for public key distribution amongst nodes

23. Hash To Obtain Random Subset(HORS) one-time signature scheme • Based on the use of one-way functions • Fast and efficient signature creation and verification • Public/Private key pair limited to a few signatures • Large key and signature sizes • Public key distribution complexities

24. Implementation and Testing • Signature schemes and security extension implemented in C • OLSRd implementation from www.olsr.org • Test the overhead incurred by the security • Traffic, delay, and processing overhead • Delay in route establishment • Testing will be done on 10 node indoor wireless testbed

25. The End Thank you!