SEAD :Secure Efficient Distance Vector Routing for mobile wireless ad-hoc networks

1
SEAD Secure Efficient Distance Vector Routing
for mobile wireless ad-hoc networks

• Prepared by Irit Siso

2
What will we discuss

• What is an ad-hoc network
• Routing problems in ad-hoc networks
• Assumptions
• Possible attacks
• SEAD solutions
• Evaluation
• Conclusions

3
Introduction

• An ad-hoc network is a collection of wireless
  computers (nodes) communicating among themselfs
  without the help of any infrastructure such as a
  base station.
• Assumtions
• A node in this network is with limited CPU power
  and low battery power
• Limited transmition range
• Nodes in the network may move at any time or even
  move continuously.
• Propagation conditions may change frequently

4
What is an ad-hoc network

• In a distence vector protocol each node in the
  network act as a router. Each router maintains a
  routing table listing all possible destinations
  in the network.

5
What is an ad-hoc network

• Due to the nature of this networks we need a
  secure but efficient routing protocol to
  communicate between the nodes
• We use distance vector protocols.
• they are esey to inplement and require
  relatively little memory or CPU processing
  capacity. (ex. RIP)

6
Routing problems in ad-hoc networks

• Each entry is a nodes routing table contains the
  address of the destination, this node shortest
  known distance (in number of hops) and the adress
  of the next hop.
• To maintain the routing tables, each node
  periodically transmits a routing update. An
  optimization the use of triggered updates
• On demand protocol-
• nodes exchange routing information only when
  needed. A node transmits a new update about some
  destination as soon as the metric in its table
  entry changes.

7
Routing problems in ad-hoc networks

• Routing protocols for ad-hoc networks generally
  can be divided in to tow main categories
• Periodic protocol-
• nodes periodically exchange
  routing information, so evry
  node always know a current route to all
  destinations.

• Drawbacks
• can overload the network when nothing changes. A
  lot of changes can be implemented between the
  updates.

8
Counting to infinity distance vector routing
although simple, has problems.

• In wireless and mobile networks routing loops are
  more common due to the mobilty of the nodes. So
  in addition to a small max matric value and
  poisoned reverse used is RIP for ex. Sead has an
  addition of a sequence number.

B
C
4
X
6
1
A
9
Routing problems in ad-hoc networks

• In each routing table entry we add a sequence
  number. This sequnce number prevent routing loops
  caused by updates being applied out of order.
  This problem is common beacuse the information
  may be spread in many diffrent paths.
• Each node maintains an even sequence nomber that
  it includes in each routing update that it sends.
• Each entry in a nodes routing table is tagged
  whit the most recent sequnce nomber for that
  destination.

10
B
C

• When a node detects a broken link to its neighbor
  (A to C) the node creates a new routing update
  for that neighbor as a destination whit the
  infinity metric and the next odd sequnce number.
• In SEAD - When a node detects that its next hop
  link is broken, it flags its routing table entry
  for that destination to not accept any new
  updates for the same sequence number.

X
A

• When a node recives the update for each
  destination in that update. If the sequence
  number is greater than the current one he has. If
  the sequnce number is equal than he will take the
  one with the lower metric. If the sequnce number
  is smaller he dismiss the recived update

11

• amongst the distance vector routing protocol
  SEAD is based on the DSDV protocol.
• DSDV protocol support both periodic and triggered
  updates

• When to do a triggered update?
• One suggestion is by reciving a new metric for
  some destination.
• Another suggestion is that the receipt of a new
  sequnce number also should couse a triggered
  update.

THE LAST SEGGESTION OUT PERFORM THE FIRST ONE
12
ASSUMPTIONS

• As a matter of terminology we refer to MAC as the
  network Medium Access Control protocol at the
  link layer
• Wireless links in the network are bidirectional,
  since it is necessray for the distributing
  algorithem of distance vector routing.
• Network physical layer and MAC attacks are beyond
  the scope of this lecture.

13
More ASSUMPTIONS

• We assume that the network may drop, corrupt,
  duplicate or reorder packets.
• We also assume that the MAC layer detect
  randomly corrupted packets in some level. (ALOHA)
• The network diameter is the maximum.
• We also limit the max metric value , we use m-1
  to denote the upper bound. Thus all routes that
  can be used by the routing protocol are of length
  less than m hops

14
Securing the protocol

• Another assumption is that nodes are resours
  constraind. So we use One way hash chains and
  Markel hash trees to evoid expensive asymetric
  crypyographic.

• One way hash chains
• In SEAD in order to create a one-way chain a node
  chooses a random initial value x and computes
  h0,h1,...,hn . When h0 x hiH(hi-1).
• Since nodes uses elements in goups of m . A node
  generates its hash chain when n is divisible by
  m.

15

• When a node first enters the network or when it
  used most of its available hash-chain, it can
  choose a new random x.
• In order to distribute the nodes hash- chain we
  use one of this approches
• A trusted entity sign a public key certificates
  for each node. Which uses this key to sign a new
  hash chain.
• A trusted node can securely distribute an
  othenticated hash chain. Using symetric key or
  non- cryptographic approaches.

16

• Merkle hash trees
• The Merkle hash trees are binary trees. For
  simplicity we assume balanced trees.
• To authenticate the values v0,v1,....,vw-1 , we
  use the hash fuction H to compute vi . Each
  internal node of the tree is dirived from its
  tow child nodes.
• m01Hv0v1

17
ATTACKS

• Attackes we wont discuse
• An attaker can attempt ro reduce the amount of
  routing information aveilable to other nodes. By
  not advertising certin routers or by destroying
  routing pachets.
• A node can drop routing packets it recives.
• An intruder can jam routing packets.

ALL THOSE ARE IN THE PHYSICAL LAYER. WHICH THIS
LECTUR DONT DISCUSE
18
Another attack we wont solve here

• A more sutible attack is the creation of a
  worm-hole in the network .
• A B are liked by a privete network . Every
  packet that A recives it forward it to B , which
  spread them to the packet normaly. B may also
  send al of its recived packets to A.
• This attack distrups routing by short circuting
  the normal flow of routing packets
• A sulotion is the use of other mechanisms at the
  MAC layer

19
Attacks we choose to solve

• False metric an attaker can advertise a zero
  metric for all destinations.cousing all nodes
  arond it to route packets for all destinations
  toward it.
• An attacker can modify the source address of an
  advertisment. Spreading inaccurate next hop
  information.
• An attacker can send old advertisment to a node,
  in an attempt that that node will update his
  routing table whit stale routs
• An attacker can be a compromised node. If so, it
  will have access to all cryphtographic keys of
  that node and may cooperate with other attacker
  or compromised node

20
SEAD solutions

• One approch for authenticatig a routing updates
  in distance vector routing protocol is for each
  node to sign each of its routing updates with
  asymetric cryptography.
• Drawbacks
• An attacker can send a large number of arbirary
  routing updates to some victim node. Forcing him
  to spend all of his CPU powerin the attempt to
  verify them. Creating a Denial- Of - Servise
  attack..
• An attacker how has compromised a node can send
  update with the metric 1 claiming all nodes are
  his neighbors.
• Finally- even if thers no attacker large
  generation and verification time can harm the
  preformences of an ad-hoc network

21
SEAD solutions

• Insted we use in SEAD the one way hash chain.
• Each node uses a specific next element of its
  hash-chain in each routing update. The other
  nodes can autenticate the messege by computing
  the hash fuction. Thuse authenticatethe lower
  bound of the metric for this destination.
• This do not prevent a malicious node from
  claiming the same metric he receved as his own.
• The hash chain can only prevent from decreasing
  the the metric. An attacker cannot generate any
  value in the chain that will be used in the
  future.

22
SEAD solutions

• In addition we assume an upper bound, in the size
  of the network diameter. We used m-1 to be that
  bound. Making all metrics in the routing protocol
  less than m. A routing update contains the
  sequence number, and than m elements when one of
  them, used to authenticate that routing update.
• The sequence number
• If a nodes hash chain has the sequence values
• h0,h1,.....,hn when n is divisible by m. Than
  the sequence number i for some routing update
  entry , let k(n/m)-i.
• An element from the group hkm,hkm1,...,hkmm-1.
  if the node lists an entry for itself, it sets
  the address to its own, the metric to 0 , the
  sequence number to its own next sequence number
  and the hash value to the first in his hash
  chain.
• For ex. For sequence number i the node will set
  the the hash value in that entry to its hkm.

23
SEAD solutions

• If the node lists an entry for some other
  destination, it sets the address in that entry to
  the destination nodes address , the metric and
  sequence number to destinations values according
  to the nodes routing table. and the hash value to
  the one recived in the routing update from which
  he learned the route to taht destenation.

24
SEAD solutions

• Denail-Of -Servise attack
• In order to guard against an attacker forcing a
  receiving node to preform a large number of hash
  operations in order to authenticate, we limit the
  number of hashes the node is willing to preform.
  In that we make an asummption about the number of
  routing updates the reciving node had missed.
• Another sulotion is to use a loosely
  synchronized clock.
• Allowing a receiving node to determine if a
  claimed sequence number in an update could be
  authentic before performing any hash operations.

25
SEAD solutions

• Neghbour authentication
• The source of each routing update message in SEAD
  must be authenticated otherwise an attacker can
  create routing loops.
• We can use a broadcast mechanism, such as TESLA
  for neghbour authentication
• Darwbacks such mechanism require synchronized
  clocks and has a relatively high overhead.
• Another approch is a shared secret key among each
  pair of nodes, in addition a message
  authentication code which the sender include in
  each routing update.

26
SEAD solutions

• Since SEAD includes periodic neighbor sensing
  functionality, each node knows the set of
  neghbors he needs to authenticate routing
  updates.
• Each node trusts any zero-metric with a valid
  authenticator. If a node has received such an
  update from another node for a recent sequence
  number, it consider that node a neghbor and
  computes a message authentication code for it.
• When tow nodes first become neghbors, one of them
  will transmit a routing update. The receiverwill
  send a triggered routing table for the other node
  revealing the new node to the network.

27
SEAD solutions

• Same-distance fraud
• Consider a node receiving a message for a
  sequence number s and a metric d, and
  re-advertise the same sequence number and metric.
• To defend against that fraud we use hash tree
  chains. We tye the authenticator to the address
  of the sender.
• We construct a special one way chain were each
  element element of the chain encodes the node id
  , by that forcing a node to increase the metric
  if it want to encode its own id.
• These values are authenticated by Markle trees.
  The root is used to generate the collection of
  values in the next step.

28
SEAD solutions

• We constract the hash tree between each pair
  vi-1, vi of the one-way chain. From them we
  dirive a set of values b0,...,bn using the hash
  function.
• bjHvij , for each j. The root of the tree is
  the previous value of the one way chain
• vi-1 b0n.
• Here we see the node forwards the values b0,b1,
  and b23. and use the value b03 to sign his id.

29
SEAD solutions

• In a small network, each value bj can correspond
  to a single node.since no tow nodes share a
  single value, an attacker has no way to dirive
  its value from the tree chain there for it has to
  follow the hash chain to the next step in order
  to provide a valid authanticator.
• In large networks, we authenticate each node with
  a g- tuple of values. Although no tow nodes share
  the same g- tuple of values, an attacker could
  learn each of its g- values from different
  neighbors.
• For ex. If a hash tree chain with 2m values (the
  hash tree is of height m1) if each node has a
  uniqe id between 0 and
• 2m
• y Than the tuple of values encodes
• 
  2m
• X (node id H sequence number ) mod y
• 
  
• So we change the encoding of the node id for each
  update

30
SEAD solutions

• The overhead to verify authentication values can
  be large if a node has missed several routing
  updates.
• A Denail-Of-Service attack can still accure when
  an attacker forces a victim node to verify a hash
  chain as long as O(ks) were k is the maximum
  number of hops and s is the maximum number of
  sequnce numbers represented by the hash chain.
• A node generates a random hash chain root h0,s
  for each sequence number s. Than by a function
  (ex. PRF) we use an authentic anchor of this hash
  chain.
• Each node builds a hash tree, useing this hash
  chain anchors as leaves. When a node sends an
  update with a new sequence number s , it includes
  the root of the hash chain , the anchor, and the
  path to the root of the hash tree to
  authenticate an update the node follows the path
  to the root. That requires O(log(s)) there for to
  verify an update we need klog(s) computing
  operations

31
Evaluation

• An attacker cannot create a valid advertisment
  with a larger (better) sequence number.
• An attacker that do not collude cannot advertise
  a route shorter than the one it heard. (in a
  small network)
• Furthermore in a larger network when g ?1, and
  Ai is the combinations of nodes that do not
  include the value of bi, needed by the attacker
  the attacker has
  
• UAi SAi- SAi1 ?Ai2 ...(-1) (g 1)
  ?Ai
• The probability can be quite high for ex. When
  m6 and g3 an attacker has a 1.67510-3
  probabilty of success. When 3 consequtive
  advertiesments are required for the metric before
  a routing change is made, the attacker succeeds
  once every 6.74 years.

32
Evaluation

• An attacker that hasnt compromised any node (do
  not posses any cryptographic keys from a node)
  cannot successfuly send any routing messages,
  since an compromised neighbor node will reject
  the message.
• A reapeter can function as a one node wormhole,
  this is not addressed by SEAD.
• A collection of attackers that have compromised
  one or more nodescan only redirect the path from
  the source to the destination if the source best
  known path is as large as the path trough
  attackers.

33
Evaluation

• If each node uses SEAD (including attackers)
  keeps routing tables were the next hop for a
  given destination is set to the authenticated
  source address of the first advertisment received
  by that nade, than the next-hop pointersin all
  nodes routing tables will descrive a route back
  to the destination.
• No routing loops are posible!!! Unless the loop
  contains one or more attackers.
• If a collection of arrackers form a vertex cut
  between tow groups of nodes,the attacker can
  arbitary control the networl the routes between
  any node in one group and a node in the next.
• No routing protocol can eliminate that attack!

34
Evaluation

• To evaluate the preformens of SEAD , whit out
  attackers. We will see a simulation comparing
  SEAD and DSDV-SQ the protocol on which its based.
  
• in this simulation there are pairwise shared
  keys authentichation.
• Nodes moves randomly. Each node initialy placed
  at a random location and pauses for a period of
  time. It than chooses a new random location and
  moves rhere whit a random bounded velocity. When
  he reaches the new location it pauses, and again
  choose a random location.

35
Evaluation

• The number of the nodes in this simulation is 50
• The maximum velocity is 20 m/s
• Nominal radio range is 250m
• Source destinayion pairs 20
• Periodic route update interval 15s
• Periodic updates missed before 3
• Hash length 80bits
• The results are based on 65 randomly generated
  runs at each pause time
• You need to know DSDV-SQ uses a weighted
  settling time delay in sending triggered updates

36
Pause time (d)
Pause time (c)
37
Evaluation

• Simulation results
• SEAD consistenly outperforms DSDV-SQ in terms of
  packet delivery ratio. By not using weighted
  settling time delay in sending triggered updates,
  the number of routing advertisments increases,
  allowing nodes to have more up-to-date routing
  tables.
• However SEAD also increases overhead, both due
  this increased number of routing advertisments ,
  and due to the increase in size of each
  advertisment.
• The increased overhead in SEAD causes some
  conjuction in the network, which shown in the
  latency results (fig. b).

38
Conclusions

• Many previous routing protocols for ad-hoc
  networks have been based on distance vector
  aproaches but they have genrally assumed a
  trusted enviroment.
• Together with existing appoaches for securing the
  physical layer and MAC layer ,the SEAD protocol
  provides a foundation for all secure operation of
  an ad hoc network.
• The SEAD protocol is based on the DSDV-SQ
  protocol.
• For security, we use efficient ove-way hash
  functions and do not use asynetric cryptographic
  elements.
• SEAD actually outpreforms DSDV-SQ in terms of
  packet delivery ratio. Although it does create
  more overhead in the network.

39
The End