secure routing and intrusion detection for mobile ad hoc networks l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks PowerPoint Presentation
Download Presentation
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks

Loading in 2 Seconds...

play fullscreen
1 / 16

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks - PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on

National Institute for Standards and Technology. Anand Patwardhan Jim Parker Anupam Joshi. Michaela Iorga Tom Karygiannis. Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks. March 10, 2005 Kauai Island, Hawaii. Challenges. Wireless communication

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks' - michael


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
secure routing and intrusion detection for mobile ad hoc networks

National Institute

for Standards

and Technology

Anand Patwardhan

Jim Parker

Anupam Joshi

Michaela Iorga

Tom Karygiannis

Secure Routing and

Intrusion Detection For

Mobile Ad Hoc Networks

March 10, 2005

Kauai Island, Hawaii

challenges
Challenges
  • Wireless communication
    • Short range (802.11, Bluetooth etc.)
    • Open medium
  • Identification and Authentication
    • PKI based solutions infeasible
    • No prior trust relationships
  • Routing
    • Based on dynamic cooperative peer relations
    • Key to survival of MANET
  • Device constraints
    • Power Conservation
    • Finite Storage
    • Computation power
slide3
AODV
  • Ad hoc On-demand Distance Vector routing protocol
  • All up to date routes are not maintained at every node
  • Minimizes number of broadcasts by creating routes on-demand
  • Routes are created as and when required
  • Route remains valid until destination is unreachable or the route is no longer needed
  • Adaptation to dynamic link conditions
  • Low processing and Memory Overhead
  • Low Network Utilization
aodv messaging
AODV Messaging
  • Source Node – node originating routing request
  • Destination Node – sends route reply
  • Sequence Numbers – used to avoid loops/replay
  • Route Request – route discovery message
  • Route Reply – destination to source message
  • Route Error – destination node unreachable
  • Intermediate Node Path List – list of nodes traversed along message path
attacks
Attacks
  • Attacks can be broadly classified into
    • Routing disruption attacks
    • Resource consumption attacks
    • Attacks on data traffic
  • Objective: Isolate and deny resources to intrusive and/or chronically faulty nodes
routing disruptions
Routing disruptions
  • Malicious nodes may:
    • convince nodes that it is routing packets to the correct destination when it is not,
    • fabricate route-maintenance messages,
    • refuse to forward or simply drop packets,
    • spoof routing addresses,
    • and/or modify messages.
secure routing in manets
Secure Routing in MANETs
  • Each node is a Router
  • Identification and Authentication
    • Statistically Unique and Cryptographically Verifiable (SUCV) identifiers
    • No prior trust relationships required
    • Large address space of IPv6 suitable for SUCVs
    • Secure binding between IPv6 address and Public key
secure routing in manets8
Secure Routing in MANETs
  • Routing state
    • Additional fields in control messages to protect data
  • SUCV: IPv6 address and Public Key
    • Secure binding, computationally infeasible to compute private key in order to spoof
    • Routing messages protected against mangling and masquerading
slide9

Securing the IPv6 AODV

MESSAGE:

MESSAGE:

RSA Public Key

RSA Public Key

Signature

Signature

64-bit Hash of Public Key

64-bit Network Specific ID

64-bit Network Specific ID

64-bit Hash of Public Key

IP:

IP:

2003:33:0:0:31ba:af0f:82ea:a0b

2003:13:0:0:16ba:ae7f:8aea:dab3

Binding IP Address

and RSA Public Key

intrusion detection
Intrusion Detection
  • Wired Networks
    • Traffic monitoring at routers, gateways, firewalls
    • Static routes
    • Physical security
  • MANETs
    • Mobile nodes
    • Other radio interference
    • Reliance on cooperative mechanisms for routing
    • Intrusion detection limited to devices within radio-range
intrusion detection challenges
Intrusion Detection Challenges
  • Identity
    • Use SUCVs
  • Mobility
    • False positives
  • Scalability
    • Large radio-ranges or dense networks
  • Aggregation of data
    • Communicate intrusions data to warn others
slide12

B

A

dgram_in

dgram_out

C

  • Datagram dgram_in has:
    • Source IPv6 address, x  U – {B,C}
    • Destination IPv6 address, y  U – {B,C}
    • MAC source, mac(u), u  U – {B,C}
    • MAC destination, mac(B)
  • Corresponding dgram_out must have:
    • Source IPv6 address, x
    • Destination IPv6 address, y
    • MAC source, mac(B)
    • MAC destination, mac(u), u ε U – {B,C}

Packet Forwarding

stateful packet monitoring

{ TCP Sequence no.,

TCP checksum }

{ RREQ, RREP, RERR }

Build and

Maintain

Neighbor table

(mac, ipv6) pairs

And route status

Update

in-memory

Hash table

AODV

TCP

Packets that should be forwarded

IPv6

Ethernet Frame

From the packet capture library (pcap)

Stateful Packet Monitoring
slide15

Future Work

  • Active Response
    • Nodes send out accusations on events that they directly observe
    • Accusations are signed so accuser is accountable
    • No Hearsay is propagated
    • All nodes have same information on which to base decisions
  • Combine cross layer evidence to evaluate trust between MANET nodes
  • Design and develop a secure trust routing protocol
additional information
Additional Information
  • UMBC
    • http://ebiquity.umbc.edu
  • NIST
    • http://csrc.nist.gov/manet