Title: Ariadne: A Secure OnDemand Routing Protocol for Ad Hoc Networks
1Ariadne A Secure On-Demand Routing Protocol for
Ad Hoc Networks
(in MobiCom02)
- Yih-Chun Hu, Adrian Perrig, David B.Johnson
- Presented by Lee, Younho
2Contents
- Introduction
- Basic Operation of DSR
- Overview of TESLA
- Assumptions
- Ad Hoc Network Routing Security
- Ariadne
- Ariadne Evaluation
3Introduction
- Ad hoc network
- Ad hoc network routing protocol
- Little research is done in Realistic settings
that adversary exists - In this paper
- Focus on DSR
- Contribution
- Give a model for the types of attacks for ad hoc
networks - Present design and evaluation of new on-demand
secure ad hoc network routing protocols - Ariadne with TESLA
4Basic Operation of DSR
- Route Discovery
- Route Maintenance
- Omitting various optimization technique
(RRS,A,B,D)
(RRS,A,B,D)
(RRS,A,B,D)
S
A
B
D
(RQSD)
(RQS,AD)
(RQS,A,BD)
(REB,D)
(REB,D)
S
A
B
D
(A,B,DPayload)
(A,B,DPayload)
(RD Route Discovery RR Route Reply RE Route
Error)
5Overview of TESLA(1/2)
- TESLA
- Broadcast authentication protocol
- Only a single message authentication code (MAC)
is added - Assuming loose time synchronization and known
pessimistic end-to-end delay - Maximum synchronization error (?)
- pessimistic end-to-end delay (e)
- Key publishing delay d
6Overview of TESLA(2/2)
Send Pi at Ts (Senders clock)
Receive Pi by Tr (Receivers clock)
Receiver
Sender
If Tr(at most Ts e2?) gt T0 itp , Drop
Pi else store it until Pid received
Generate one-way hash chain Kn,,K0 s.t.
H(Ki)Ki-1
Publish key publishing schedule for Ki to T0itp
At Received Pid, verify KnHn-i(Ki) compute
MAC(Ki,Mi) with Ki in packet Pid
Packet Pi (Mi MAC(Ki, Mi) Ki-d)
7Assumptions(1/2)
- Network assumptions
- Disregard under network layer
- Bidirectional link
- May drop, corrupt, reorder, duplicate packets in
transmission - Node assumptions
- Little computational resources
- Loosely synchronized (when used TESLA)
- GPS can be used
- Do not assume trusted hardware such as tamper
proof
8Assumptions(2/2)
- Security assumptions and key setup
- Three key set up mechanism can be used
- Pair-wise shared secret keys
- TESLA
- Assume setting up key sharing mechanism between
communicating nodes - One authentic public TESLA key for each node
- Digital signature
- One authentic public key for each node
- Key setup mechanism in paper
- Key Distribution Center with shared secret keys
or TESLA
9Ad Hoc Network Routing Security(1/2)
- Attacker Model
- Omit passive attack
- Mainly threat confidentiality or anonymity
- Active-y-x model
- Attacker has x nodes(in these, y nodes are
compromised nodes) - Distribute the cryptographic information of y
nodes to x-y nodes - Active VC model
- Attacker has all nodes in a vertex cut
- KDC assumptions
10Ad Hoc Network Routing Security(2/2)
- General attacks on ad hoc network routing
protocols - Routing disruption attacks
- Routing legitimate data packets in dysfunctional
way - Routing loop, black hole, gray hole, detours,
gratuitous detour, black mail, worm hole - Rushing attack
- Disseminates route request packet quickly
- Suppressing any later legitimate route request
packet (nodes think its duplication) - Resource consumption attacks
- Consuming bandwidth and computational resource
- Injection extra packets
- Dos attack
11Ariadne(Design Goals)
- For resilience against Active-1-x and Active-y-x
attacker - Low computational and communicational overhead
- To prevent Dos Attack
- Using TESLA for authentication on nodes in
routing path - Dos protection
12Ariadne(Basic Ariadne Route Recovery(1/3))
- Three conditions of secure routing
- Target Authentication
- To authenticate destination of route request
- Data authentication
- To authenticate nodes in route request and route
reply - TESLA
- Shared symmetric key
- Route reply packet has MAC list of all nodes in
route - Digital signature
- Route reply packet has signature list instead
- Per-hop hashing
- To verify that no hop is omitted
13Ariadne(Basic Ariadne Route Recovery (2/3))
- Ariadne route discovery with TESLA
- Assuming shared key exist between source and
destination (KSD , KDS) - All nodes know authentic TESLA key of one-way
hash key chain of other nodes - Notation
- S,D source , destination
- A,B,C,D nodes
- KAB secret MAC keys shared between A and B ,
only used for each direction of communication - MACKAB(M) computation of message authentication
code (MAC) of message M with MAC Key KAB
14Ariadne(Basic Ariadne Route Recovery (3/3))
Source
h0MACKSD(REQSDidti)
B
h1HA,h0
A
MA MACKAti(REQ,S,D,id,ti,h1,(A),())
B
h2HB,h1
B
MB MACKBti(REQ,S,D,id,ti,h2,(A,B),(MA))
B
Destination
MD MACKDS(REP,D,S, ti,(A,B),(MA ,MB))
15Ariadne(Basic Ariadne Route Maintenance)
(REB,DtidMACKBtid(REB,Dtid)KBti)
(REB,DtiMACKBti(REB,Dti)KBti-d)
(REB,D)
S
A
B
D
(A,B,DPayload)
(A,B,DPayload)
Store it until KBti receives
Verify MAC and remove the path from routing cache
16Ariadne Evaluation
- Performance Evaluation
- Parameters
- Scenario
- Number of nodes 50 , Maximum velocity 20m/s
- Space 1500 m 300 m , Nominal radio range
250m - Source-destination pairs 20 , Source data
pattern 4 packets/sec - Application data payload size 512bytes/packet
- Total application Data Load 327 kbps
- Raw physical bandwidth 2Mbps
- DSR
- Initial route request timeout 2 sec , Maximum
route request timeout 40 sec - Cache size 32 routes Cache ,replacement policy
FIFO - TESLA
- TESLA time interval 1 sec
- Pessimistic end-to-end propagation time 0.2 sec
- Maximum time sync. error 0.1 sec
- Hash length 80 bits
17Ariadne Evaluation
- Performance Evaluation(Contd)
- Moves according to random way point model
- Compares DSR, Ariadne, DSR with no optimization
18Ariadne Evaluation
19Ariadne Evaluation
20Ariadne Evaluation
- Security Analysis
- Ariadne guarantees
- If destination has uncompromised neighbor, it
will return route reply - If at least one route reply returned to source,
Ariadne can route packets along uncompromised
route - Preventing attacks
- Message Authentication Code with hop-by-hop
hashing - TESLA maximum end-to-end delay feature
- TESLA hash-chaining feature
21Conclusion
- Presented the design and evaluation of Ariadne
- Using symmetric cryptography
- Based on DSR
- Future work
- Applied to optimized DSR
22(No Transcript)