Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)

8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)

1/41

1

Rushing Attacks and Defensein Wireless Ad Hoc Network Routing Protocols

Yih-Chun Hu, Adrian Perrig, and David B !ohnson

Presenter" #andee$ %a$akshiC# &'()-AC*# + Proect &

*nstructor" Prof es.ek / ilien, 0all 1))&

De$art2ent of Co2$uter #cienceWestern %ichigan 3niversit4


2/41

2

5utline

5n-De2and Routing Protocols

Rushing Attacks

Rushing Attack Prevention 6valuation

Conclusion


3/41

3

*ntroduction

Wireless Ad hoc network a collection of 2o7ile co2$uters 8or nodes9 coo$erate

to forward $ackets

d4na2ic to$olog4

self-organi.ation


4/41

4

*ntroduction 8cont9

Routing $rotocol /rans$ort #u7s4ste2

Neigh7or #tate %aintenance

Data7ase %aintenance

Ad hoc network routing $rotocols Run in untrusted environ2ents

Provide resilience against 2isconfigured nodes


5/41

5

Routing Protocols

Proactive routing $rotocol /a7le-Driven routing $rotocol

Reactive routing $rotocol #ource-*nitiated 5n-De2and routing $rotocol

0orward R53/6 R6:36#/ $ackets when needed


6/41

6

Co2$arison 7etween /a7le-Driven

Routing and 5n-De2and Routing

Table-driven Routing On-demand Routing

Availability of

Routing information

*22ediatel4 fro2

Route /a7leAfter Route discover4

Route updatesPeriodic advertise2ents When re;uested

Routing overhead Pro$ortional to si.e ofnetwork regardless of

network traffic

Pro$ortional to nu27er of

co22unication nodes andincrease with increased node

2o7ilit4


7/41

7

5n-De2and Route Discover4

A

A

A-B

A-C

A-C-E

A-C-E

A-C-E

A-B-D

A-B-D-G A-B-D-G

A-B-D-G

B

G

D

E

C

A

F

H

source

Destination


8/41

8

/he Rushing Attack

5n-de2and routing $rotocols use du$licate su$$ression at each node" first

R53/6 R6:36#/ that reaches a node is considered legiti2ate, ne


9/41

9

Wh4 is the Attack Possi7le=

An attacker can send faster, 74 avoiding the dela4s that are $art of the

design of 7oth routing and %AC 8>)1((79 $rotocols

Why Delay in ROUTE REQUET for!arding "

#n a $A% protocols using time division On-demand protocols generally specify a delay

Remove these delays at both the $A% and routing layers"

- more collisions

Attacker can send at a higher wireless trans2ission level

An attacker can take advantage of a wor2hole, to create flood rushing

attacks, use the wor2hole to rush the $ackets ahead of the nor2al flow


10/41


11/41

11

Rushing Attack 6


12/41

12

Rushing Attack 6


13/41

13

Rushing Attack 6


14/41

14

Rushing Attack 6


15/41

15

Rushing Attack 6


16/41

16

Rushing Attack 6


17/41


18/41

18

Wor2hole Attack

Attacker records a $acket at one location in the network,tunnels the $acket to another location

Packets may 7e re$la4ed fro2 the far end of the wor2hole

Puts attacker in a $owerful $osition *t@s a re$la4 so authentication does not hel$

A$$lications of the Wor2hole Attack

Denial-of-#ervice Routing Disru$tions

3nauthori.ed Access


19/41

19

Routing /ree

Ad#%ted &ro' C(ris )#rlo&

#*d D#+id ,#-*er.s

,S/A slides


20/41


21/41

21

Wor2hole Attack

/unnel $ackets received inone $lace of the networkand re$la4 the2 in another

$lace

/he attacker can have noke4 2aterial All it re;uiresis two transceivers and onehigh ;ualit4 out-of-7andchannel


#*d D#+id ,#-*er.s

,S/A slides


22/41

22

Disru$ted Routing

%ost $ackets will 7e routedto the wor2hole

/he wor2hole can dro$ $ackets or selectivel4forward $ackets to avoiddetection


#*d D#+id ,#-*er.s

,S/A slides


23/41


24/41

24

Network Assu2$tion

Network links are 7idirectional *gnore unidirectional links

*gnore a22ing attack

Re;uires additional hardware 6asier to detect

Disregard attacks on %AC $rotocol %AC 8%ediu2 Access Control9 A5HA and #lotted A5HA

%ediu2-si.ed )～ )) nodes Clustering


25/41

25

#ecurit4 Assu2$tions And e4 #etu$

F#st #ut(e*tic#tio* %rotocol

*st#*tly+eri&i#le ro#dc#st #ut(e*tic#tio*

)eys setu% Bro#dc#st #ut(e*tic#tio* $ey #re distriuted i*

#d+#*ce

oer&ul #tt#c$er

Coordi*#ted #tt#c$er


26/41

26

#ecure Routing Re;uire2ents And Protocol

#ecure Neigh7or Detection

#ecure route delegation

Rando2i.ed R53/6 R6:36#/ forwarding

Si*-leHo%

G#t(er n

EESS:

#*do'ly

C(oose 1

Secure /ei-(or

Detectio*

;ri-i*#l outi*-

rotocol

yes

*o


27/41

27


Neigh7or Detection /wo nodes detect a 7idirectional link 7etween the2selves

*n Proactive routing $rotocol

*n Reactive routing $rotocol

Re;uire2ents #ender-receiver can check that the other is within the nor2al

co22unication range

Node needs to hear Neigh7or Re;uest


28/41

28


/hree-round 2utual authentication $rotocol

S 7roadcasts a Neigh7or Re;uest $acket

R return a Neigh7or Re$l4 $acket to #

# sends a Neigh7or erification to B

#hort dela4 ti2ing Within a 2a


29/41

29

Notation

{ }

( )

M

M

R

M A

M A

M B A

AH M B A

A

A

B A

∑

∑∗→

→

−

←

si-*#tureits4it('ess#-ero#dc#sts*odet(#t'e#*s


30/41

30

#ecure Neigh7or Detection 8cont9

{ }

( )( )

{ }

( )( )

( )( )

3

3

2

2

1

1


31/41

31

#ecure Neigh7or Detection 8cont9

*ntegration with an 5n-De2and Protocol A＊ " R6:36#/ Neigh7or Re;uestA

BA" Neigh7or Re$l4BA Neigh7or Re;uestB

AB" Neigh7or erificationAB Neigh7or Re$l4AB

B＊ " R6:36#/ Neigh7or erificationAB Neigh7or erificationBA


32/41

32

#ecure Route Delegation

Delegate neigh7or to forward the Route Re;uest $acket

/o verif4 that both nodes of each adacent node $air indeed

7elieves to 7e a neigh7or

A received R53/6 R6:36#/#R id

%A EFRoute Delegation,A,B,#,R,idG

%A E#ign8H8%A99

A B:


33/41

33

Rando2i.ed %essage 0orwarding

/o 2ini2i.e the chance that a rushing adversar4 can do2inate all returnedroutes

Rando2i.ed 2essage forwarding Collects a nu27er of R6:36#/s #elects a R6:36#/ at rando2 to forward

/he nu27er of R6:36#/ $ackets collected /he 2ore the 7etter=

/he algorith2 74 which ti2eouts are chosen /o$olog4 closer Ieogra$hicall4 closer Rando2l4


34/41

34

#ecure Route Discover4

/o secure an4 $rotocol using an on-de2and Route Discover4 $rotocol


#ecure route delegation

Rando2i.ed R53/6 R6:36#/ forwarding

/o li2it the nu27er of R6:36#/s that traverse an attacker

/he nodes that don@t have n distinct $ath to the source of the R6:36#/

Choose a rando2 ti2eout

/wo addition securit4 o$ti2i.ations

6ach R6:36#/ signed

3se location infor2ation


35/41

35

6valuation

#i2ulation 6valuation 3nderl4ing $rotocol" Adriane

H5R# as 7roadcast signature

()) nodes

())) 2 < ())) 2

Rando2 wa4$oint 2odel

Pause /i2e" ), J), &), (1), J)), &)), '))

Workload" flows K $ackets $er second

&K-74te $ackets


36/41

36

Packet Deliver4 Ratio

L of 5ffered traffic D#R

''>L to ())L

Ariadne 'L to ())L

RAP

M&L to KMML

%AC-la4er congestion

Slide courtesy !2"


37/41

37

%edian atenc4

D#R and Ariadne .ero 2ean latenc4

RAP

Congestion Waiting to forward a

R6:36#/

Slide courtesy !2"


38/41


39/41

39

5verall

6valuation

RAP adds significant costs

Higher costs due to congestion at lower 7it rates

RAP is designed to 7e used onl4 when necessar4 5nl4 when underl4ing $rotocol is una7le to discover a

working route

#ecurit4 Anal4sis

Attacker needs to $ro$agate R53/6 R6:36#/ fro2 eachR53/6 D*#C56RY fro2 2an4 locations

Wouldn@t do it if the4 considered due to intrusion detection


40/41

40

Conclusion

Descri7ed the Rushing attack

Presented RAP 8Rushing Attack Prevention9

RAP incurs higher overhead, 7ut it can find usa7le

routes when other $rotocols cannot work


41/41

41

References

)*+ ,ih-%hun u(Adrian .errig( David &/0ohnson (

1Rushing attac's and defense in !ireless ad hoc net!or' routing protocols2(

Proceedings of the 1))J AC% worksho$ on Wireless securit4, #an Diego, CA,

3#A Availa7le at"htt$"wwwecec2ueduOadrian$roectssecure-routingwise1))J$df

)3+ Rushing Attac's and Defense in Wireless Ad oc 4et!or' Routing

.rotocols ,ih-%hun u( Adrian .errig( and David &/ 0ohnson

.resenter5 Tammy 4guyen Availa7le at"

htt$"wwweecswsueduOs2ediditeaching#$ring)rushing($$t
http://www.ece.cmu.edu/~adrian/projects/secure-routing/wise2003.pdfhttp://www.eecs.wsu.edu/~smedidi/teaching/Spring05/rushing1.ppthttp://www.eecs.wsu.edu/~smedidi/teaching/Spring05/rushing1.ppthttp://www.ece.cmu.edu/~adrian/projects/secure-routing/wise2003.pdf

Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)

Documents

Transcript of Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)