efficient security mechanisms for routing protocols n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Efficient Security Mechanisms for Routing Protocols PowerPoint Presentation
Download Presentation
Efficient Security Mechanisms for Routing Protocols

Loading in 2 Seconds...

  share
play fullscreen
1 / 21
carys

Efficient Security Mechanisms for Routing Protocols - PowerPoint PPT Presentation

204 Views
Download Presentation
Efficient Security Mechanisms for Routing Protocols
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Efficient Security Mechanisms for Routing Protocols Yih-Chun Hu, Adrian Perrig, David B. Johnson Presented by Yuzheng Zhou for CSC774

  2. Secure Routing mechanisms in MANET • Most previous secure routing mechanisms use standard digital signatures • Public key cryptography is expensive, especially for MANET. • Symmetric cryptography much more efficient • Link state routing • Distance vector routing: SEAD works, but is still vulnerable for several attacks • This paper propose four mechanisms addressing secure distance vector/ path vector routing.

  3. Roadmap • Distance vector routing and attacks • Previous work - SEAD • Four mechanisms based on symmetric cryptography • Securing distance vector protocols • Hash tree chain • Tree-authenticated one-way chains • Skiplists • Securing path vector protocols • Cumulative authentication • Conclusion and future work

  4. Distance vector routing • Finds shortest paths between nodes in the network • Each router maintains a routing table list for all possible destinations address / distance (metric) / first hop • Periodically transmits a routing update to each of its neighbor routers sequence / distance (metric)

  5. Attacks to Distance Vector Routing • Advertising short distances (blackhole) • Claim longer distances • Injecting routing loops • Inject a large number of route updates

  6. Previous work: SEAD • SEAD (k=5, n=3) • Attacks • Same distance fraud • Hash chain verification as long as O(ks) • DoS attack for the nodes missing several routing updates

  7. Review: Merkle hash tree • To verify v2, need v3’, m01, m47, and verify

  8. Mechanism I: Hash Tree Chains • Prevent same-distance fraud • A hybrid between a hash tree and a one-way chain • One-way chain property enforce that nodes cannot decrease the distance metric (as in SEAD) • Hash tree property is used to authenticate the node id.

  9. Hash Tree Chains (cont..)

  10. Mechanism II: Tree-authenticated one-way chains • Speed up authentication of revived routing update • O(ks)  O (k +log(s))

  11. Tree-authenticated one-way chains (cont..) Tree-authenticated one-way chains • Use a new hash chain for each sequence number • All the hash chains are organized as a merkle hash tree • To authenticate anchor, following the path to the root of the hash tree • To authenticate update, using the anchor

  12. MW-chains (prepare for skiplists) • Provides instant authentication and low storage overhead for signatures • This one-way chain contains a list of values-heads • Between any two heads are a set of signature branches and a set of checksum branches • Sender uses a checksum chain that moves in the opposite direction of the signature chains, to prevent an attacker from forging an earlier message

  13. MW-chains (cont..)

  14. Mechanism III: Skiplists • Goal: Prevent DoS attacks, speed up hash chain authentication • Method: • Skip many steps in a virtual hash chain • Skipchains can be embedded inside skiplists • Represented by a MW-chain capable of signing enough bits to ensure security • A new head is chosen by hashing the head of this step • Anchor of this skipchain is computed • Sign this new anchor

  15. Skipchains

  16. Path vector routing • Each routing update includes a list of routers on the route • Choose a route with the shortest recorded route • Authenticate each hop the routing update has traversed as recorded in the path • Assure no hops were removed from that recorded path

  17. Path vector routing (cont..) • Traditional way of authentication: • Each node inserts an authenticator in the packet, recipient individually verify each authenticator • Network overhead of carrying a MAC for each node in the path • Cumulative authentication • A single MAC together with an ordered list of nodes traversed by the packet

  18. Mechanism IV: Cumulative Authentication • Each packet maintains a path authenticator and an address list • When packet traverses a node, the node append its address to the address list • Authenticate its position by replacing the path authenticator with a MAC computed over the received path authenticator and the packet’s immutable fields

  19. Cumulative Authentication (cont..) Example: to authenticate packet p, each node authenticate using a MAC shared with target T

  20. Conclusions and future work • Summary • Presented four new mechanisms for secure distance vector and path vector routing protocols • Based on symmetric cryptography • Use Merkle hash tree and M-W chain • Future Work • Decrease the overhead

  21. Thank you!Q & A