Mitigating Routing Misbehavior in Mobile AdHoc Networks

1
Mitigating Routing Misbehavior in Mobile Ad-Hoc
Networks

• Reference Mitigating Routing Misbehavior in
  Mobile Ad Hoc Networks, Sergio Marti, T.J.
  Giuli, Kevin Lai, and Mary Baker, MobiCom 2000.

2
Overview

• Introduction
• Node misbehavior on routing
• Proposed approach from the paper
• Watchdog
• Pathrater
• Simulation results
• Conclusion comments

3
Ad-Hoc Network

• A collection of wireless mobile hosts forming a
  temporary network without the aid of any
  established infrastructure or centralized
  administration.
• Lack of infrastructure
• Distributed peer-to-peer mode of operations
• Multi-hop Routing
• Applications
• Military communication
• Rescue missions in times of natural disasters

4
Vulnerabilities

• Vulnerabilities of wireless links
• Changing topology
• Absence of infrastructure
• Nodes may be physically controlled by the
  attacker

5
Research areas in security

• Key establishment
• Secure routing
• Selfishness
• Intrusion Detection
• Secure sensor networks
• Lightweight cryptographic protocols

6
Node Misbehavior

• Ad hoc networks maximize total network throughput
  by using all available nodes for routing and
  forwarding.
• A node may misbehave by agreeing to forward the
  packet and then failing to do so due to
  overloaded, selfish, malicious or broken
• Misbehaving nodes can be a significant problem

7
Contemporary Solutions

• Forward packets only through nodes that share a
  prior trust relationship.
• Require key distribution
• Trust nodes can still be overloaded, broken or
  compromised
• Untrusted nodes may be well behaved
• Isolate the misbehaving from the network.
• Would add significant complexity to protocols
  whose behavior must be very well defined

8
Proposed Approach

• Install extra facilities in the network to detect
  and mitigate routing misbehavior.
• Make only minimal changes to the underlying
  routing algorithm.
• Introduce two extensions to the Dynamic Source
  Routing Protocol (DSR)
• Watchdog
• Pathrater

9
Definitions Assumptions

• Neighbor
• A node that is within wireless transmission range
  of another node
• Neighborhood
• All the nodes that are within wireless
  transmission range of a node
• Links between the nodes are bi-directional
• Nodes are in promiscuous mode operation
• Malicious node does not work in group

10
Dynamic Source Routing (DSR)

• on-demand
• Route paths are discovered at the time a source
  sends a packet to a destination for which the
  source has no path
• Route Request Message
• Route Reply Message
• Generate when the route request reach the
  destination
• Or when an intermediate node which contains in
  its route cache an unexpired route to the
  destination
• Route Error
• Handle link breaks

11
DSR (Route Request)
1-2
1-2-5
D
2
5
8
1
1-3-4
1
S
1-3-4-7
1-3-4
7
4
1
1-3
3
1-3-4
1-3-4-6
6
12
DSR (Route Reply)
1-2-5-8
1-2-5-8
D
2
1-2-5-8
5
8
1
S
7
4
3
6
13
Two extensions on DSR

• Watchdog
• Detects misbehaving nodes by overhearing
  transmission
• Pathrater
• Avoids routing packets through misbehavior nodes

C
S
A
B
D
14
Watchdog

• Maintain a buffer of recently sent packets
• Compare each overheard packet with the packet in
  the buffer to see if there is a match
• If a packet remained for longer than timeout,
  increments a failure tally for the node
  responsible
• If the tally exceeds a threshold, the node is
  determined to be misbehaving and the source will
  be notified

15
Watchdog

• Advantages
• Can detect misbehavior at the forwarding level
• Disadvantages
• Might not detect in presence of
• Ambiguous collisions
• Receiver collisions
• Limited transmission power
• Others

16
Ambiguous Collisions

• The ambiguous problem prevents node A from
  overhearing transmission from B

D
S
A
B
17
Receiver Collision

• Node S can only tell this whether node A sends
  the packet to node B, but it cannot tell if B
  receives it

D
S
A
B
18
Limited Transmission Power

• Misbehaving node can control its transmission
  power to circumvent the watchdog

D
S
A
B
19
Other disadvantages

• False Misbehavior
• When nodes falsely report other nodes as
  misbehaving
• Collusion
• Multiple nodes in collusion can mount a more
  sophisticated attack
• Partial Dropping
• A node can circumvent the watchdog by dropping
  packets at a lower rate than the threshold

20
Pathrater

• Each node maintains a rating for every other node
  it knows about in the network
• It calculates a path metric by averaging the node
  ratings in the path
• The metric gives a comparison of the overall
  reliability of different paths
• If there are multiple paths to the same
  destination, it choose the path with the highest
  metric

21
Methodology

• Berkeleys Network Simulator (ns) with wireless
  extensions made by the CMU Monarch project
• Simulate 50 nodes
• Moving speed 0 - 20m/s
• Pause time 0s or 60s
• of compromised node 0 40 in 5 increments

22
Metrics of Evaluation

• Throughput
• of sent data packets actually received by the
  intended destinations
• Overhead
• Ratio of routing-related transmissions to data
  transmissions
• False Positive
• Impact of watchdog false positive on network
  throughput

23
Simulation

• Extensions
• Watchdog (WD)
• Pathrater (PR)
• Route request (SRR)
• 4 combinations by extensions
• WDON, PRON, SRRON
• WDON, PRON, SRROFF
• WDOFF, PRON, SRROFF
• WDOFF, PROFF, SRROFF

24
Simulation

• Each metric includes two graphs of simulation
  results for two separate pause times (0s, 60s)
• Simulate two different node mobility patterns
  using 4 different pseudo-random number generator
  seeds
• Seeds determine which nodes misbehave
• Plot the average of the 8 simulations

25
Network Throughput (0s pause time)
26
Network Throughput (60s pause time)
27
Routing Overhead(0s pause time)
28
Routing Overhead(60s pause time)
29
Effects of False Detection(0s pause time)
30
Effects of False Detection(60s pause time)
31
Conclusion

• Ad hoc networks are vulnerable to nodes that
  misbehave when routing packets
• Proposed two possible extensions to DSR to
  mitigate the effects of routing misbehavior
• Simulation evaluates that the 2 techniques
• increases throughput by 17 in network with
  moderate mobility, while increase ratio of
  overhead to data transmission from 9 to 17
• increases throughput by 27 in network with
  extreme mobility, while increase ratio of
  overhead to data transmission from 12 to 24

32
Comments

• Work does not mention about how the threshold
  value is calculated - it is one of the important
  factor in detecting malicious nodes.
• If malicious nodes work in a group then it is
  difficult to identify them
• Paper does not address other attacks such as Mac
  attack, False route request and reply messages
  that bring down throughput in ad-hoc network

33

• Thank you!