efficient security mechanisms for routing protocols n.
Skip this Video
Download Presentation
Efficient Security Mechanisms for Routing Protocols

Loading in 2 Seconds...

play fullscreen
1 / 21

Efficient Security Mechanisms for Routing Protocols - PowerPoint PPT Presentation

  • Uploaded on

Efficient Security Mechanisms for Routing Protocols. Yih-Chun Hu, Adrian Perrig, David B. Johnson Presented by Yuzheng Zhou for CSC774. Secure Routing mechanisms in MANET. Most previous secure routing mechanisms use standard digital signatures

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Efficient Security Mechanisms for Routing Protocols' - carys

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
efficient security mechanisms for routing protocols

Efficient Security Mechanisms for Routing Protocols

Yih-Chun Hu, Adrian Perrig, David B. Johnson

Presented by Yuzheng Zhou for CSC774

secure routing mechanisms in manet
Secure Routing mechanisms in MANET
  • Most previous secure routing mechanisms use standard digital signatures
    • Public key cryptography is expensive, especially for MANET.
  • Symmetric cryptography much more efficient
    • Link state routing
    • Distance vector routing: SEAD works, but is still vulnerable for several attacks
    • This paper propose four mechanisms addressing secure distance vector/ path vector routing.
  • Distance vector routing and attacks
  • Previous work - SEAD
  • Four mechanisms based on symmetric cryptography
    • Securing distance vector protocols
      • Hash tree chain
      • Tree-authenticated one-way chains
      • Skiplists
    • Securing path vector protocols
      • Cumulative authentication
  • Conclusion and future work
distance vector routing
Distance vector routing
  • Finds shortest paths between nodes in the network
  • Each router maintains a routing table list for all possible destinations

address / distance (metric) / first hop

  • Periodically transmits a routing update to each of its neighbor routers

sequence / distance (metric)

attacks to distance vector routing
Attacks to Distance Vector Routing
  • Advertising short distances (blackhole)
  • Claim longer distances
  • Injecting routing loops
  • Inject a large number of route updates
previous work sead
Previous work: SEAD
  • SEAD (k=5, n=3)
  • Attacks
    • Same distance fraud
    • Hash chain verification as long as O(ks)
    • DoS attack for the nodes missing several routing updates
review merkle hash tree
Review: Merkle hash tree
  • To verify v2, need v3’, m01, m47, and verify
mechanism i hash tree chains
Mechanism I: Hash Tree Chains
  • Prevent same-distance fraud
  • A hybrid between a hash tree and a one-way chain
    • One-way chain property enforce that nodes cannot decrease the distance metric (as in SEAD)
    • Hash tree property is used to authenticate the node id.
mechanism ii tree authenticated one way chains
Mechanism II: Tree-authenticated one-way chains
  • Speed up authentication of revived routing update
    • O(ks)  O (k +log(s))
tree authenticated one way chains cont
Tree-authenticated one-way chains (cont..)

Tree-authenticated one-way chains

  • Use a new hash chain for each sequence number
  • All the hash chains are organized as a merkle hash tree
  • To authenticate anchor, following the path to the root of the hash tree
  • To authenticate update, using the anchor
mw chains prepare for skiplists
MW-chains (prepare for skiplists)
  • Provides instant authentication and low storage overhead for signatures
    • This one-way chain contains a list of values-heads
    • Between any two heads are a set of signature branches and a set of checksum branches
    • Sender uses a checksum chain that moves in the opposite direction of the signature chains, to prevent an attacker from forging an earlier message
mechanism iii skiplists
Mechanism III: Skiplists
  • Goal: Prevent DoS attacks, speed up hash chain authentication
  • Method:
    • Skip many steps in a virtual hash chain
    • Skipchains can be embedded inside skiplists
    • Represented by a MW-chain capable of signing enough bits to ensure security
      • A new head is chosen by hashing the head of this step
      • Anchor of this skipchain is computed
      • Sign this new anchor
path vector routing
Path vector routing
  • Each routing update includes a list of routers on the route
  • Choose a route with the shortest recorded route
  • Authenticate each hop the routing update has traversed as recorded in the path
  • Assure no hops were removed from that recorded path
path vector routing cont
Path vector routing (cont..)
  • Traditional way of authentication:
    • Each node inserts an authenticator in the packet, recipient individually verify each authenticator
    • Network overhead of carrying a MAC for each node in the path
  • Cumulative authentication
    • A single MAC together with an ordered list of nodes traversed by the packet
mechanism iv cumulative authentication
Mechanism IV: Cumulative Authentication
  • Each packet maintains a path authenticator and an address list
  • When packet traverses a node, the node append its address to the address list
  • Authenticate its position by replacing the path authenticator with a MAC computed over the received path authenticator and the packet’s immutable fields
cumulative authentication cont
Cumulative Authentication (cont..)

Example: to authenticate packet p, each node authenticate using a MAC shared with target T

conclusions and future work
Conclusions and future work
  • Summary
    • Presented four new mechanisms for secure distance vector and path vector routing protocols
    • Based on symmetric cryptography
    • Use Merkle hash tree and M-W chain
  • Future Work
    • Decrease the overhead