Title: SEAD :Secure Efficient Distance Vector Routing for mobile wireless ad-hoc networks
1SEAD Secure Efficient Distance Vector Routing
for mobile wireless ad-hoc networks
2What will we discuss
- What is an ad-hoc network
- Routing problems in ad-hoc networks
- Assumptions
- Possible attacks
- SEAD solutions
- Evaluation
- Conclusions
3Introduction
- An ad-hoc network is a collection of wireless
computers (nodes) communicating among themselfs
without the help of any infrastructure such as a
base station. - Assumtions
- A node in this network is with limited CPU power
and low battery power - Limited transmition range
- Nodes in the network may move at any time or even
move continuously. - Propagation conditions may change frequently
4What is an ad-hoc network
- In a distence vector protocol each node in the
network act as a router. Each router maintains a
routing table listing all possible destinations
in the network.
5What is an ad-hoc network
- Due to the nature of this networks we need a
secure but efficient routing protocol to
communicate between the nodes - We use distance vector protocols.
- they are esey to inplement and require
relatively little memory or CPU processing
capacity. (ex. RIP)
6Routing problems in ad-hoc networks
- Each entry is a nodes routing table contains the
address of the destination, this node shortest
known distance (in number of hops) and the adress
of the next hop. - To maintain the routing tables, each node
periodically transmits a routing update. An
optimization the use of triggered updates - On demand protocol-
- nodes exchange routing information only when
needed. A node transmits a new update about some
destination as soon as the metric in its table
entry changes.
7Routing problems in ad-hoc networks
- Routing protocols for ad-hoc networks generally
can be divided in to tow main categories - Periodic protocol-
- nodes periodically exchange
routing information, so evry
node always know a current route to all
destinations.
- Drawbacks
- can overload the network when nothing changes. A
lot of changes can be implemented between the
updates.
8Counting to infinity distance vector routing
although simple, has problems.
- In wireless and mobile networks routing loops are
more common due to the mobilty of the nodes. So
in addition to a small max matric value and
poisoned reverse used is RIP for ex. Sead has an
addition of a sequence number.
B
C
4
X
6
1
A
9Routing problems in ad-hoc networks
- In each routing table entry we add a sequence
number. This sequnce number prevent routing loops
caused by updates being applied out of order.
This problem is common beacuse the information
may be spread in many diffrent paths. - Each node maintains an even sequence nomber that
it includes in each routing update that it sends. - Each entry in a nodes routing table is tagged
whit the most recent sequnce nomber for that
destination.
10B
C
- When a node detects a broken link to its neighbor
(A to C) the node creates a new routing update
for that neighbor as a destination whit the
infinity metric and the next odd sequnce number. - In SEAD - When a node detects that its next hop
link is broken, it flags its routing table entry
for that destination to not accept any new
updates for the same sequence number.
X
A
- When a node recives the update for each
destination in that update. If the sequence
number is greater than the current one he has. If
the sequnce number is equal than he will take the
one with the lower metric. If the sequnce number
is smaller he dismiss the recived update
11- amongst the distance vector routing protocol
SEAD is based on the DSDV protocol. - DSDV protocol support both periodic and triggered
updates
- When to do a triggered update?
- One suggestion is by reciving a new metric for
some destination. - Another suggestion is that the receipt of a new
sequnce number also should couse a triggered
update.
THE LAST SEGGESTION OUT PERFORM THE FIRST ONE
12ASSUMPTIONS
- As a matter of terminology we refer to MAC as the
network Medium Access Control protocol at the
link layer - Wireless links in the network are bidirectional,
since it is necessray for the distributing
algorithem of distance vector routing. - Network physical layer and MAC attacks are beyond
the scope of this lecture.
13More ASSUMPTIONS
- We assume that the network may drop, corrupt,
duplicate or reorder packets. - We also assume that the MAC layer detect
randomly corrupted packets in some level. (ALOHA) - The network diameter is the maximum.
- We also limit the max metric value , we use m-1
to denote the upper bound. Thus all routes that
can be used by the routing protocol are of length
less than m hops
14Securing the protocol
- Another assumption is that nodes are resours
constraind. So we use One way hash chains and
Markel hash trees to evoid expensive asymetric
crypyographic.
- One way hash chains
- In SEAD in order to create a one-way chain a node
chooses a random initial value x and computes
h0,h1,...,hn . When h0 x hiH(hi-1). - Since nodes uses elements in goups of m . A node
generates its hash chain when n is divisible by
m.
15- When a node first enters the network or when it
used most of its available hash-chain, it can
choose a new random x. - In order to distribute the nodes hash- chain we
use one of this approches - A trusted entity sign a public key certificates
for each node. Which uses this key to sign a new
hash chain. - A trusted node can securely distribute an
othenticated hash chain. Using symetric key or
non- cryptographic approaches.
16- Merkle hash trees
- The Merkle hash trees are binary trees. For
simplicity we assume balanced trees. - To authenticate the values v0,v1,....,vw-1 , we
use the hash fuction H to compute vi . Each
internal node of the tree is dirived from its
tow child nodes. - m01Hv0v1
17ATTACKS
- Attackes we wont discuse
- An attaker can attempt ro reduce the amount of
routing information aveilable to other nodes. By
not advertising certin routers or by destroying
routing pachets. - A node can drop routing packets it recives.
- An intruder can jam routing packets.
ALL THOSE ARE IN THE PHYSICAL LAYER. WHICH THIS
LECTUR DONT DISCUSE
18Another attack we wont solve here
- A more sutible attack is the creation of a
worm-hole in the network . - A B are liked by a privete network . Every
packet that A recives it forward it to B , which
spread them to the packet normaly. B may also
send al of its recived packets to A. - This attack distrups routing by short circuting
the normal flow of routing packets - A sulotion is the use of other mechanisms at the
MAC layer
19Attacks we choose to solve
- False metric an attaker can advertise a zero
metric for all destinations.cousing all nodes
arond it to route packets for all destinations
toward it. - An attacker can modify the source address of an
advertisment. Spreading inaccurate next hop
information. - An attacker can send old advertisment to a node,
in an attempt that that node will update his
routing table whit stale routs - An attacker can be a compromised node. If so, it
will have access to all cryphtographic keys of
that node and may cooperate with other attacker
or compromised node
20SEAD solutions
- One approch for authenticatig a routing updates
in distance vector routing protocol is for each
node to sign each of its routing updates with
asymetric cryptography. - Drawbacks
- An attacker can send a large number of arbirary
routing updates to some victim node. Forcing him
to spend all of his CPU powerin the attempt to
verify them. Creating a Denial- Of - Servise
attack.. - An attacker how has compromised a node can send
update with the metric 1 claiming all nodes are
his neighbors. - Finally- even if thers no attacker large
generation and verification time can harm the
preformences of an ad-hoc network
21SEAD solutions
- Insted we use in SEAD the one way hash chain.
- Each node uses a specific next element of its
hash-chain in each routing update. The other
nodes can autenticate the messege by computing
the hash fuction. Thuse authenticatethe lower
bound of the metric for this destination. - This do not prevent a malicious node from
claiming the same metric he receved as his own. - The hash chain can only prevent from decreasing
the the metric. An attacker cannot generate any
value in the chain that will be used in the
future.
22SEAD solutions
- In addition we assume an upper bound, in the size
of the network diameter. We used m-1 to be that
bound. Making all metrics in the routing protocol
less than m. A routing update contains the
sequence number, and than m elements when one of
them, used to authenticate that routing update. - The sequence number
- If a nodes hash chain has the sequence values
- h0,h1,.....,hn when n is divisible by m. Than
the sequence number i for some routing update
entry , let k(n/m)-i. - An element from the group hkm,hkm1,...,hkmm-1.
if the node lists an entry for itself, it sets
the address to its own, the metric to 0 , the
sequence number to its own next sequence number
and the hash value to the first in his hash
chain. - For ex. For sequence number i the node will set
the the hash value in that entry to its hkm.
23SEAD solutions
- If the node lists an entry for some other
destination, it sets the address in that entry to
the destination nodes address , the metric and
sequence number to destinations values according
to the nodes routing table. and the hash value to
the one recived in the routing update from which
he learned the route to taht destenation.
24SEAD solutions
- Denail-Of -Servise attack
- In order to guard against an attacker forcing a
receiving node to preform a large number of hash
operations in order to authenticate, we limit the
number of hashes the node is willing to preform.
In that we make an asummption about the number of
routing updates the reciving node had missed. - Another sulotion is to use a loosely
synchronized clock. - Allowing a receiving node to determine if a
claimed sequence number in an update could be
authentic before performing any hash operations.
25SEAD solutions
- Neghbour authentication
- The source of each routing update message in SEAD
must be authenticated otherwise an attacker can
create routing loops. - We can use a broadcast mechanism, such as TESLA
for neghbour authentication - Darwbacks such mechanism require synchronized
clocks and has a relatively high overhead. - Another approch is a shared secret key among each
pair of nodes, in addition a message
authentication code which the sender include in
each routing update.
26SEAD solutions
- Since SEAD includes periodic neighbor sensing
functionality, each node knows the set of
neghbors he needs to authenticate routing
updates. - Each node trusts any zero-metric with a valid
authenticator. If a node has received such an
update from another node for a recent sequence
number, it consider that node a neghbor and
computes a message authentication code for it. - When tow nodes first become neghbors, one of them
will transmit a routing update. The receiverwill
send a triggered routing table for the other node
revealing the new node to the network.
27SEAD solutions
- Same-distance fraud
- Consider a node receiving a message for a
sequence number s and a metric d, and
re-advertise the same sequence number and metric. - To defend against that fraud we use hash tree
chains. We tye the authenticator to the address
of the sender. - We construct a special one way chain were each
element element of the chain encodes the node id
, by that forcing a node to increase the metric
if it want to encode its own id. - These values are authenticated by Markle trees.
The root is used to generate the collection of
values in the next step.
28SEAD solutions
- We constract the hash tree between each pair
vi-1, vi of the one-way chain. From them we
dirive a set of values b0,...,bn using the hash
function. - bjHvij , for each j. The root of the tree is
the previous value of the one way chain - vi-1 b0n.
- Here we see the node forwards the values b0,b1,
and b23. and use the value b03 to sign his id.
29SEAD solutions
- In a small network, each value bj can correspond
to a single node.since no tow nodes share a
single value, an attacker has no way to dirive
its value from the tree chain there for it has to
follow the hash chain to the next step in order
to provide a valid authanticator. - In large networks, we authenticate each node with
a g- tuple of values. Although no tow nodes share
the same g- tuple of values, an attacker could
learn each of its g- values from different
neighbors. - For ex. If a hash tree chain with 2m values (the
hash tree is of height m1) if each node has a
uniqe id between 0 and - 2m
- y Than the tuple of values encodes
-
2m - X (node id H sequence number ) mod y
-
- So we change the encoding of the node id for each
update
30SEAD solutions
- The overhead to verify authentication values can
be large if a node has missed several routing
updates. - A Denail-Of-Service attack can still accure when
an attacker forces a victim node to verify a hash
chain as long as O(ks) were k is the maximum
number of hops and s is the maximum number of
sequnce numbers represented by the hash chain. - A node generates a random hash chain root h0,s
for each sequence number s. Than by a function
(ex. PRF) we use an authentic anchor of this hash
chain. - Each node builds a hash tree, useing this hash
chain anchors as leaves. When a node sends an
update with a new sequence number s , it includes
the root of the hash chain , the anchor, and the
path to the root of the hash tree to
authenticate an update the node follows the path
to the root. That requires O(log(s)) there for to
verify an update we need klog(s) computing
operations
31Evaluation
- An attacker cannot create a valid advertisment
with a larger (better) sequence number. - An attacker that do not collude cannot advertise
a route shorter than the one it heard. (in a
small network) - Furthermore in a larger network when g ?1, and
Ai is the combinations of nodes that do not
include the value of bi, needed by the attacker
the attacker has
- UAi SAi- SAi1 ?Ai2 ...(-1) (g 1)
?Ai - The probability can be quite high for ex. When
m6 and g3 an attacker has a 1.67510-3
probabilty of success. When 3 consequtive
advertiesments are required for the metric before
a routing change is made, the attacker succeeds
once every 6.74 years.
32Evaluation
- An attacker that hasnt compromised any node (do
not posses any cryptographic keys from a node)
cannot successfuly send any routing messages,
since an compromised neighbor node will reject
the message. - A reapeter can function as a one node wormhole,
this is not addressed by SEAD. - A collection of attackers that have compromised
one or more nodescan only redirect the path from
the source to the destination if the source best
known path is as large as the path trough
attackers.
33Evaluation
- If each node uses SEAD (including attackers)
keeps routing tables were the next hop for a
given destination is set to the authenticated
source address of the first advertisment received
by that nade, than the next-hop pointersin all
nodes routing tables will descrive a route back
to the destination. - No routing loops are posible!!! Unless the loop
contains one or more attackers. - If a collection of arrackers form a vertex cut
between tow groups of nodes,the attacker can
arbitary control the networl the routes between
any node in one group and a node in the next. - No routing protocol can eliminate that attack!
34Evaluation
- To evaluate the preformens of SEAD , whit out
attackers. We will see a simulation comparing
SEAD and DSDV-SQ the protocol on which its based.
- in this simulation there are pairwise shared
keys authentichation. - Nodes moves randomly. Each node initialy placed
at a random location and pauses for a period of
time. It than chooses a new random location and
moves rhere whit a random bounded velocity. When
he reaches the new location it pauses, and again
choose a random location.
35Evaluation
- The number of the nodes in this simulation is 50
- The maximum velocity is 20 m/s
- Nominal radio range is 250m
- Source destinayion pairs 20
- Periodic route update interval 15s
- Periodic updates missed before 3
- Hash length 80bits
- The results are based on 65 randomly generated
runs at each pause time - You need to know DSDV-SQ uses a weighted
settling time delay in sending triggered updates
36Pause time (d)
Pause time (c)
37Evaluation
- Simulation results
- SEAD consistenly outperforms DSDV-SQ in terms of
packet delivery ratio. By not using weighted
settling time delay in sending triggered updates,
the number of routing advertisments increases,
allowing nodes to have more up-to-date routing
tables. - However SEAD also increases overhead, both due
this increased number of routing advertisments ,
and due to the increase in size of each
advertisment. - The increased overhead in SEAD causes some
conjuction in the network, which shown in the
latency results (fig. b).
38Conclusions
- Many previous routing protocols for ad-hoc
networks have been based on distance vector
aproaches but they have genrally assumed a
trusted enviroment. - Together with existing appoaches for securing the
physical layer and MAC layer ,the SEAD protocol
provides a foundation for all secure operation of
an ad hoc network. - The SEAD protocol is based on the DSDV-SQ
protocol. - For security, we use efficient ove-way hash
functions and do not use asynetric cryptographic
elements. - SEAD actually outpreforms DSDV-SQ in terms of
packet delivery ratio. Although it does create
more overhead in the network.
39The End