An OnDemand Secure Routing Protocol Resilient to Byzantine Failure

1
An On-Demand Secure Routing Protocol Resilient to
Byzantine Failure

• ACM Workshop on Wireless Security (WiSe),
  September 28 2002
• Baruch Awerbuch, David Holmer, Cristina
  Nita-Rotaru and Herbert Rubens
• 2003/10/30
• Presented by Lee Soo Jin

2
Contents

• Introduction
• Related Work
• Problem Definition and Model
• Network Security Model
• Secure Routing Protocol
• Route Discovery with Fault Avoidance
• Byzantine Fault Detection
• Link Weight Management
• Analysis
• Conclusions and Future Work

3
Introduction(1/2)

• An efficient routing protocol is a key component
• Must converge quickly and use battery power
  efficiently
• Proactive routing VS. On-demand routing
• Proactive routing protocol
• Use periodic updates or beacons
• Constantly consume power
• Not designed to track topology changes occurring
  at a high rate
• On-demand routing protocol
• Initiate a route discovery only when data packet
  need to be routed
• Low power consumption

4
Introduction(2/2)

• In this paper
• Propose an on-demand routing protocol for ad-hoc
  networksthat provides resilience to byzantine
  failures
• Byzantine failures (attacks)
• Creating routing loops
• Misrouting packets on non-optimal paths
• Selectively dropping packets (black hole)

5
Related Work

• Effective public key infrastructure
• Decentralized public-key distribution system
  similar to PGP
• Threshold cryptography
• PGP Elliptic curve cryptography
• Authentication
• Source authentication
• SEAD uses one-way hash chain
• Ariadne uses a variant of the TESLA
• End-to-end authentication
• Hop-by-hop authentication
• Survivability of the routing service
• Promiscuous mode
• Trusted nodes monitoring their neighbors

6
Problem Definition Model

• Problem Definition
• Provide a robust on-demand ad-hoc routing service
  resilient to byzantine failure
• Network Model
• Bi-directional communication on all links in the
  network
• Focus on network layer
• Security Model
• Only the source and destination are trusted
• Any intermediate nodes may exhibit byzantine
  behavior
• Any action by an authenticated node that result
  in disruptionor degradation of the routing
  service
• fault any disruption that causes significant
  loss or delay in the network
• Do not address traditional DoS attacks such as
  packet injection
• Use efficient cryptographic primitives pairwise
  shared key

7
Secure Routing Protocol

• Establishes a Reliability Metric based on past
  history
• Represented by a list of link weight
• Uses it to select the best path
• Each node in the network maintains a weight list
• Dynamically updates list when it detects faults
• Faulty links are identified using a secure
  probing techniquethat is embedded in the normal
  packet stream
• Faulty links are avoided using a secure route
  discovery protocol

8
Route Discovery(1/2)

• Floods both the route request route response
• A single adversary could prevent the path from
  being established
• The initial flood is required to guarantee that
  the route request reaches the destination
• Uses digital signature
• To authenticate the source
• Prevent unauthorized nodes from initiating
  resource consuming route request
• To prevent adversary from specifying an arbitrary
  path (hop by hop)
• Uses link weights to avoid faults
• Choose a route that is a minimum weight path
  between source and destination
• The weights are accumulated as part of the
  response flood

9
Route Discovery(2/2)

• Each intermediate node must verify the weights
  and the signatures carried by a response
• Each node maintains a list of recent requests and
  response that it has already forwarded
• Five step
• Request initiation
• Request propagation
• Request receipt/Response initiation
• Response propagation
• Response receipt

10
Byzantine Fault Detection(1/4)

• Takes in a complete path as an argument and
  returns the faulty link
• Using acknowledgements of the data packets
• Threshold
• Sets a bound on what is considered a tolerable
  loss rate
• Should be chosen as low as possible greater
  than normal loss rate
• fault a loss rate greater than or equal to the
  threshold
• Finds a faulty link after log n faults are
  detected
• Using Binary Search Algorithm
• n the length of the path

11
Byzantine Fault Detection(2/4)
12
Byzantine Fault Detection(3/4)

• Binary Search
• Path sub-division process
• The source controls the search by specifying a
  list of intermediate nodeson data packet
• Probed nodes or Probes the set of nodes
  required to send acks
• Pairwise shared keys between the source and each
  probe
• Can be established on-demand via Diffie-Hellman
  key exchange
• Probe specification
• Essential for the correct operation of the
  detection protocol
• The probe list is onion encrypted
• Each probe is specified by the identifier of the
  node, an HMAC of the packet, and the encrypted
  remaining list

13
Byzantine Fault Detection(4/4)

• Acknowledgement specification
• Each probe does not send its ack immediately, but
  waits for the ack from the next probe and
  combine them into one ack
• Each ack consists of
• The identifier of the probe
• The identifier of the data packet that is being
  acknowledged
• The ack received from the next probe encrypted
  with the shared key
• An HMAC of the new combined ack
• If no ack is received within a timeout, the probe
  gives up waiting, and creates and send its ack
• The source checks the acks from each probe by
  successively verifying the HMACs and decrypting
  the next ack

14
Link Weight Management

• Link Weight List
• Used to avoid faulty links In the process of
  route discovery
• When a link is identified as faulty, a
  multiplicative increase scheme to double its
  weight is used
• The weight of a link can be reset to half of the
  previous valueafter every ack is successfully
  received

15
Analysis

• As long as there is one fault-free path, it will
  be discovered after a bounded number of faults
  have occurred
• The amount of disruption a dynamic adversary can
  causeto the network is bounded
• q- - ?q bknlog2n
• q- total of lost packets
• ? transmission success rate
• q total of successfully transmitted packets
  
• b of lost packets per window
• k of adversarial nodes
• n total of nodes in the network
• Ideal case no adversarial node
• q- - ?q 0

16
Conclusions

• Propose a secure on-demand routing protocol
  resilient to byzantine failure
• Detect malicious links after log n fault occurred
• Faulty links are avoided by the route discovery
  protocol
• Bound logarithmically the total amount of damage
• Future Work
• Explore adaptive threshold or probabilistic
  schemes
• Route caching without breaching security
  guarantees
• Evaluate the overhead of the protocol with
  respect to existing protocol
• Investigate means of protecting routing against
  traditional DoS attacks