Ariadne: A Secure OnDemand Routing Protocol for Ad Hoc Networks

1
Ariadne A Secure On-Demand Routing Protocol for
Ad Hoc Networks
(in MobiCom02)

• Yih-Chun Hu, Adrian Perrig, David B.Johnson
• Presented by Lee, Younho

2
Contents

• Introduction
• Basic Operation of DSR
• Overview of TESLA
• Assumptions
• Ad Hoc Network Routing Security
• Ariadne
• Ariadne Evaluation

3
Introduction

• Ad hoc network
• Ad hoc network routing protocol
• Little research is done in Realistic settings
  that adversary exists
• In this paper
• Focus on DSR
• Contribution
• Give a model for the types of attacks for ad hoc
  networks
• Present design and evaluation of new on-demand
  secure ad hoc network routing protocols
• Ariadne with TESLA

4
Basic Operation of DSR

• Route Discovery
• Route Maintenance
• Omitting various optimization technique

(RRS,A,B,D)
(RRS,A,B,D)
(RRS,A,B,D)
S
A
B
D



(RQSD)
(RQS,AD)
(RQS,A,BD)
(REB,D)
(REB,D)
S
A
B
D
(A,B,DPayload)
(A,B,DPayload)
(RD Route Discovery RR Route Reply RE Route
Error)
5
Overview of TESLA(1/2)

• TESLA
• Broadcast authentication protocol
• Only a single message authentication code (MAC)
  is added
• Assuming loose time synchronization and known
  pessimistic end-to-end delay
• Maximum synchronization error (?)
• pessimistic end-to-end delay (e)
• Key publishing delay d

6
Overview of TESLA(2/2)

• Protocol

Send Pi at Ts (Senders clock)
Receive Pi by Tr (Receivers clock)
Receiver
Sender
If Tr(at most Ts e2?) gt T0 itp , Drop
Pi else store it until Pid received
Generate one-way hash chain Kn,,K0 s.t.
H(Ki)Ki-1
Publish key publishing schedule for Ki to T0itp
At Received Pid, verify KnHn-i(Ki) compute
MAC(Ki,Mi) with Ki in packet Pid
Packet Pi (Mi MAC(Ki, Mi) Ki-d)
7
Assumptions(1/2)

• Network assumptions
• Disregard under network layer
• Bidirectional link
• May drop, corrupt, reorder, duplicate packets in
  transmission
• Node assumptions
• Little computational resources
• Loosely synchronized (when used TESLA)
• GPS can be used
• Do not assume trusted hardware such as tamper
  proof

8
Assumptions(2/2)

• Security assumptions and key setup
• Three key set up mechanism can be used
• Pair-wise shared secret keys
• TESLA
• Assume setting up key sharing mechanism between
  communicating nodes
• One authentic public TESLA key for each node
• Digital signature
• One authentic public key for each node
• Key setup mechanism in paper
• Key Distribution Center with shared secret keys
  or TESLA

9
Ad Hoc Network Routing Security(1/2)

• Attacker Model
• Omit passive attack
• Mainly threat confidentiality or anonymity
• Active-y-x model
• Attacker has x nodes(in these, y nodes are
  compromised nodes)
• Distribute the cryptographic information of y
  nodes to x-y nodes
• Active VC model
• Attacker has all nodes in a vertex cut
• KDC assumptions

10
Ad Hoc Network Routing Security(2/2)

• General attacks on ad hoc network routing
  protocols
• Routing disruption attacks
• Routing legitimate data packets in dysfunctional
  way
• Routing loop, black hole, gray hole, detours,
  gratuitous detour, black mail, worm hole
• Rushing attack
• Disseminates route request packet quickly
• Suppressing any later legitimate route request
  packet (nodes think its duplication)
• Resource consumption attacks
• Consuming bandwidth and computational resource
• Injection extra packets
• Dos attack

11
Ariadne(Design Goals)

• For resilience against Active-1-x and Active-y-x
  attacker
• Low computational and communicational overhead
• To prevent Dos Attack
• Using TESLA for authentication on nodes in
  routing path
• Dos protection

12
Ariadne(Basic Ariadne Route Recovery(1/3))

• Three conditions of secure routing
• Target Authentication
• To authenticate destination of route request
• Data authentication
• To authenticate nodes in route request and route
  reply
• TESLA
• Shared symmetric key
• Route reply packet has MAC list of all nodes in
  route
• Digital signature
• Route reply packet has signature list instead
• Per-hop hashing
• To verify that no hop is omitted

13
Ariadne(Basic Ariadne Route Recovery (2/3))

• Ariadne route discovery with TESLA
• Assuming shared key exist between source and
  destination (KSD , KDS)
• All nodes know authentic TESLA key of one-way
  hash key chain of other nodes
• Notation
• S,D source , destination
• A,B,C,D nodes
• KAB secret MAC keys shared between A and B ,
  only used for each direction of communication
• MACKAB(M) computation of message authentication
  code (MAC) of message M with MAC Key KAB

14
Ariadne(Basic Ariadne Route Recovery (3/3))

• Protocols

Source
h0MACKSD(REQSDidti)
B
h1HA,h0
A
MA MACKAti(REQ,S,D,id,ti,h1,(A),())
B
h2HB,h1
B
MB MACKBti(REQ,S,D,id,ti,h2,(A,B),(MA))
B
Destination
MD MACKDS(REP,D,S, ti,(A,B),(MA ,MB))
15
Ariadne(Basic Ariadne Route Maintenance)

• Protocols

(REB,DtidMACKBtid(REB,Dtid)KBti)
(REB,DtiMACKBti(REB,Dti)KBti-d)
(REB,D)
S
A
B
D
(A,B,DPayload)
(A,B,DPayload)
Store it until KBti receives
Verify MAC and remove the path from routing cache
16
Ariadne Evaluation

• Performance Evaluation
• Parameters
• Scenario
• Number of nodes 50 , Maximum velocity 20m/s
• Space 1500 m 300 m , Nominal radio range
  250m
• Source-destination pairs 20 , Source data
  pattern 4 packets/sec
• Application data payload size 512bytes/packet
• Total application Data Load 327 kbps
• Raw physical bandwidth 2Mbps
• DSR
• Initial route request timeout 2 sec , Maximum
  route request timeout 40 sec
• Cache size 32 routes Cache ,replacement policy
  FIFO
• TESLA
• TESLA time interval 1 sec
• Pessimistic end-to-end propagation time 0.2 sec
• Maximum time sync. error 0.1 sec
• Hash length 80 bits

17
Ariadne Evaluation

• Performance Evaluation(Contd)
• Moves according to random way point model
• Compares DSR, Ariadne, DSR with no optimization

18
Ariadne Evaluation
19
Ariadne Evaluation
20
Ariadne Evaluation

• Security Analysis
• Ariadne guarantees
• If destination has uncompromised neighbor, it
  will return route reply
• If at least one route reply returned to source,
  Ariadne can route packets along uncompromised
  route
• Preventing attacks
• Message Authentication Code with hop-by-hop
  hashing
• TESLA maximum end-to-end delay feature
• TESLA hash-chaining feature

21
Conclusion

• Presented the design and evaluation of Ariadne
• Using symmetric cryptography
• Based on DSR
• Future work
• Applied to optimized DSR

22
(No Transcript)