Introduction Main Components Authentication Mechanism

1. Contents • Introduction • Main Components • Authentication Mechanism • Authentication of Data and ACK Packets in SDF • Fault Detection • Performance Analysis • Conclusion 1 CNLAB at KAIST CALAB at KAIST

2. wireless ad hoc networks • the protection of routing from adversaries is necessary because routing may not be static • secured route discovery protocol will not suffice to protect against adversary • ex) announce fictitious link, packet drop SDF(Secure data forwarding) protocol • based on AODV • enable a source to reliably transmit data • detect faulty links on its route to the destination 1. Introduction 2 CNLAB at KAIST

3. destination acknowledgements timeouts fault Announcements • destination acknowledges its receipt to the source and every intermediate node • in the reverse direction of the path • for data packets source and intermediate node set a timeout to receive either a destination ACK or a fault announcement • generated by timeout • if the timeout at the source expires, detects a faulty link and discovers a new route Benefits 2. Main Components 3 CNLAB at KAIST

4. one-way hash chain one-time hash tag commitment authentication of ACK • source randomly choose an initial value • bind the hash chain elements to a sequence of message • only used in the first step • the source generates a ACK nonce for each data packet and encrypt it • only the destination can decrypt it 3. Authentication Mechanism 4 CNLAB at KAIST

5. 4. Authentication of Data and ACK Packets in SDF each link is assigned a reserved buffer for every source node the source and destination share a secret key neighboring nodes can establish pair-wise link key • ex) PKI • no packet drop because of congestion 4.1 assumption 5 CNLAB at KAIST

6. 4. Authentication of Data and ACK Packets in SDF 4.2 the initialization step 6 CNLAB at KAIST

7. 4. Authentication of Data and ACK Packets in SDF 4.3 the second round 7 CNLAB at KAIST

8. 5. Fault Detection FA (Fault Announcements) time at intermediate node receive FA at intermediate node • include sequence number of the failed packet and the first downstream link • protected by an HMAC computed with the secret key • verify that the FA is forwarded from its downstream link • cancel the timeout and propagate to its upstream a new FA • generate FA and send FA to source 8 CNLAB at KAIST

9. 5. Fault Detection timeout at source receive FA at source • mark its first downstream link as faulty • check the FA by verifying the HMAC and decrypting the next FA • cancel the timeout • following the last valid FA, source discovers a faulty link 9 the FA to be interpreted and acted upon only by the source, so these false FAs have no effect on any non-faulty routers CNLAB at KAIST

10. used the 802.11 MAC layer and CBR traffic over UDP 6. Performance Analysis 6.1 simulation environment ns-2 with CMU mobility extensions 10 CNLAB at KAIST

11. three metrics • Packet delivery ratio(PDR) • Byte overhead • Average end-to-end delay of data packets 6. Performance Analysis 6.2 performance result 11 CNLAB at KAIST

12. provide solution for secure data forwarding in wireless ad hoc network can detect and locate faulty link on a per packet expect to low performance in TCP no reality • Packet loss because of congestion and wireless link 7. Conclusions 12 CNLAB at KAIST

13. 13 Any Question? CNLAB at KAIST