aasr authenticated anonymous secure routing for manets in adversarial environments-first review
DESCRIPTION
1st reviewTRANSCRIPT
04/13/2023 1
AASR Authenticated Anonymous Secure Routing for MANETs in Adversarial
Environments
GuiderMs M. Nisha M.E;Assistant Professor
1
Presented By
Saravanan Annamalai
(722013405016)
II M.E Computer Science&Engineering
04/13/2023 2
Introduction
• A Mobile Ad hoc Network (MANET) is a continuously self-configuring, infrastructure-less network of mobile devices connected without wires.
• Each device in a MANET is free to move independently in any direction, and will therefore change its links to other devices frequently.
• Each must forward traffic unrelated to its own use, and therefore be a router.
• The primary challenge in building a MANET is equipping each device to continuously maintain the information required to properly route traffic and security.
04/13/2023 3
Objective
• A routing protocol to provide anonymity and location privacy.
• To defend the potential active attacks without unveiling the
node identities using group signature.
• To prevent intermediate nodes from inferring a real destination
using onion routing.
• Improve throughput in the presence of adversary attacks.
• To reduce the packet loss.
04/13/2023 4
On-demand Ad hoc Routing
• Reactive protocols
– Lower overhead since routes are determined on demand
– Significant delay in route determination
– Employ flooding (global search)
– Control traffic may be difficult
– Example: DSR, AODV etc
04/13/2023 5
Trapdoor
• A trapdoor is a common concept that defines a one-way function between two sets.
• A global trapdoor is an information collection of mechanism in which intermediate nodes may add information elements, such as node IDs, into the trapdoor.
• Only certain nodes, such as the source and destination nodes can unlock and retrieve the elements using pre-established secret keys.
• The usage of trapdoor requires an anonymous end-to-end key agreement between the source and destination.
04/13/2023 6
Group Signature
• It provides authentication without disturbing the anonymity. • Every member in a group may have a pair of group public and
private keys issued by the group trust authority (i.e., group manager).
• The member can generate its own signature by its own private key, and such signature can be verified by other members in the group without revealing the signer’s identity.
• Only the group trust authority can trace the signer’s identity and revoke the group keys.
04/13/2023 7
Issues
• The existing protocols are vulnerable to the attacks of fake
routing packets or denial-of-service (dos) broadcasting.
• Route anonymity for secure communication.
• Location privacy for secure node movement.
• Low throughput in the presence of adversaries.
• Heavy packet loss
04/13/2023 8
Literature Survey
1) M. G. Reed, P. F. Syverson, and D. M. Goldschlag, “Anonymous Connections and Onion Routing,” IEEE Journal on Selcted Area in Comm., vol. 16, no. 4, pp. 482–494, May 1998.
2) D. Boneh, X. Boyen, and H. Shacham, “Short group signatures,” in Proc. Int. Cryptology Conf. (CRYPTO’04), Aug. 2004.
3) J. Kong and X. Hong, “ANODR: ANonymous On Demand Routing with Untraceable Routes for Mobile Ad hoc networks,” in Proc. ACM MobiHoc’03, Jun. 2003, pp. 291–302.
04/13/2023 9
Anonymous Connections and Onion Routing
• Onion routing is an infra structure for private communication over public network.
• An onion is a data structure that is treated as the destination address by onion routers – anonymous connection.
• Onions themselves appear differently to each onion router as well as to network observers.
• The same goes for data carried over the connections they establish.
M. G. Reed, P. F. Syverson, and D. M. Goldschlag, “Anonymous Connections and Onion Routing,” IEEE Journal on Selcted Area in Comm., vol. 16, no. 4, pp. 482–494, May 1998.
04/13/2023 10
Basic Configuration
• Data stream never appears in the clear on the public network,
this data may carry identifying information, but
communication is still private.
• The onion router at the originating protected site knows both
the source and destination of a connection.
• The use of anonymous connections between two sensitive sites
that both control onion routers effectively hides their
communication from outsiders.
04/13/2023 11
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data are exchanged
{{{m}3}4}1 1 2
3
45
04/13/2023 12
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data are exchanged
{{{m’}3}4}1 1 2
3
45
04/13/2023 13
How Onion Routing Works
u
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data are exchanged.
4. Stream is closed.
5. Circuit is changed every few minutes.
1 2
3
45
d
04/13/2023 14
How Onion Routing Works
u1 2
3
45
d
Theorem 1: Adversary can only determine parts of a circuit it controls or is next to.
u 1 2
04/13/2023 15
Short Group Signatures
• Group signatures provide anonymity for signers.
• Signatures in our scheme are approximately the size of a
standard RSA signature with the same security.
• Security of our group signature is based on the Strong Diffie-
Hellman assumption and a new assumption in bilinear groups
called the Decision Linear assumption.
• Proof of security of our system is given by the random oracle
model
D. Boneh, X. Boyen, and H. Shacham, “Short group signatures,” in Proc. Int. Cryptology Conf. (CRYPTO’04), Aug. 2004.
04/13/2023 16
Strong Diffie-hellman Assumption
• Let G1,G2 be cyclic groups of prime order p where possibly G1 = G2.
• Let g1 be a generator of G1 and g2 a generator of G2.• Let say that the (q, t, )-SDH assumption holds in (G1,G2) if no t-
time algorithm has advantage at least in solving the q-SDH problem in (G1,G2).
• To gain confidence in the assumption prove that it holds in generic groups in the sense of Shoup.
• The q-SDH assumption has similar properties to the Strong-RSA assumption.
• Use these properties to construct our short group signature• scheme.
04/13/2023 17
Decision Linear assumption
• Let g1 ϵ G1 as above, along with arbitrary generators u, v, and
h of G1
• Given u, v, h, ua, vb, hc 2 G1 as input, output yes if a + b = c
and no otherwise.
• The (t, )-Decision Linear Assumption (LA) holds in G1 if no t-
time algorithm has advantage at least in solving the Decision
Linear problem in G1.
04/13/2023 18
Group Signature Security Properties
• Correctness, which ensures that honestly-generated signatures
verify and trace correctly.
• Full-anonymity, which ensures that signatures do not reveal
their signer’s identity.
• Full-traceability, which ensures that all signatures, even those
created by the collusion of multiple users and the group
manager, trace to a member of the forging coalition.
04/13/2023 19
ANODR: ANonymous On Demand Routing with Untraceable Routes for Mobile Ad hoc networks
• The design of ANODR is based on - broadcast with trapdoor information
• Un-traceability: ANODR dissociates ad hoc routing from the design of network member’s identity/pseudonym.
• Intrusion tolerance: ANODR ensures there is no single point of compromise in ad hoc routing.
• Un-linkability: Anonymity in terms of un-linkability is defined as un-linkability of an IOI and a pseudonym.
J. Kong and X. Hong, “ANODR: ANonymous On Demand Routing with Untraceable Routes for Mobile Ad hoc networks,” in Proc. ACM MobiHoc’03, Jun. 2003, pp. 291–302.
04/13/2023 20
Routing Attacks in MANET
• Location privacy attack– Correlate a mobile node with its locations (at the
granularity of adversary’s adjustable radio receiving range)– Counting/analyzing mobile nodes in a cell
• Route tracing attack– Visualizing ad hoc routes
• Motion inference attack– Visualizing motion patterns of mobile nodes– Deducing motion pattern of a set of nodes
• Other traffic analysis– Analyzing packet flow metrics (as in Internet traffic
analysis)
04/13/2023 21
Adversary in Mobile Ad Hoc Networks
• External adversary: wireless link intruder– Eavesdropper– Traffic analyst (not necessary to break cryptosystem)– Unbounded interception: adversary can sniff anywhere
anytime• Internal adversary: mobile node intruder– Capture, compromise, tamper– Passive internal adversary is hard to detect due to lack of
exhibition of malicious behavior– Bounded: otherwise secure networking is impossible
04/13/2023 22
Framework of Anonymous Route Discovery (between source and destination)
• Similar to existing on demand routing schemes– Route-REQuest
RREQ,seqnum,to_be_opened_by_destanonymous_trapdoor– Route-REPly
RREP, presented_by_destanonymous_proof• A global trapdoor can only be opened by dest – Not required to know where dest is– destination can present an anonymous proof of door opening
• Need more design to address per-hop
04/13/2023 23
Make On demand Routes Untraceable• ANODR-TBO is robust against node intrusion
– Fully anonymous: no node identity revealed– Fully distributed control: avoid single point of compromise– Multiple paths feasible: avoid single point of failure
• So far anonymous only, and symmetric key only– More complexity in realizing untraceability to hide side channels &
resist traffic analysis• Protect RREP flow
– Need an asymmetric secret channel• Modified RREQ: Embed a temporary asymmetric key ecpk1
RREQ, ecpk1, seqnum, open_by_E, onion • Modified RREP: Exchange a secret seed Nym Kseed
RREP, ecpk1(Kseed), Kseed (proof_from_E, onion)
24
Make Routes Untraceable (cont’d)
• Protect reused route pseudonyms
– Using Kseed to do self-synchronized route pseudonym update
– So far all pseudonyms/aliases are one-time aliases!• Playout “Mixing”– Resist traffic analysis:
Time correlationContent correlation MIX
Alice Bob
Eve
Buffer, Re-order, Batch send,Insert dummy/decoy packets
04/13/2023
Existing System
• The existing protocols are vulnerable to the attacks of fake
routing packets or denial-of-service (DoS) broadcasting, even
the node identities are protected by pseudonyms.
• A number of anonymous secure routing protocols have been
proposed, the requirement is not fully satisfied.
Disadvantages
• Many Anonymous routing protocols are available. But it does
not detect the active attackers effectively.
• Low Throughput in the presence of adversaries.
• Heavy Packet Loss
• High delay
Proposed Work
• The route request packets are authenticated by a group
signature, to defend the potential active attacks without
unveiling the node identities.
• The key-encrypted onion routing with a route secret
verification message, is designed to prevent intermediate
nodes from inferring a real destination.
Route Discovery
• The source node broadcasts an RREQ packet to every node in
the network.
• If the destination node receives the RREQ to itself, it will
reply an RREP packet back along the incoming path of the
RREQ.
• In order to protect the anonymity when exchanging the route
information, the packet formats are to be redesigned, and
modify the related processes.
Route Discovery Contd.
• Source Node: We assume that S initially knows the
information about D, including its pseudonym, public key, and
destination string.
• The destination string dest is a binary string, which means
“You are the destination” and can be recognized by D.
• If there is no session key, S will generate a new session key
KSD for the association between S and D.
Route Discovery Contd.
Route Discovery Contd.
Intermediate Node
I has already established the neighbor relationship with S
and J. I knows where the RREQ packet comes from.
Intermediate Node Contd.
1. I receives the RREQ packet, it will verify the packet with its group public key GT+.
• I can obtain the packet information.• Otherwise, such an RREQ packet will be marked as malicious
and dropped.
2. I checks the Nsq and the timestamp in order to determine whether the packet has been processed before or not.
If the Nsq is not known in the routing table, it is a new RREQ request.– If the Nsq exists in the table but with an old timestamp, it
has been processed before and will be ignored; – if the Nsq exist with a fresh timestamp, then the RREQ is a
repeated request and will be recognized as an attack.
Intermediate Node contd
• I tries to decrypt the part of VD with its own private key.• In case of decryption failure, I understands that it is not the
destination of the RREQ.• I will assemble and broadcast another RREQ packet in the
following format:• I → : [RREQ,Nsq, VD, VSD,Onion(I)]GI−∗
Intermediator’s Onion key & RT
Destination Node
• When the RREQ packet reaches D, D validates it similarly to the intermediate nodes I or J.
• Since D can decrypt the part of VD, it understands that it is the destination of the RREQ.
• D can obtain the session key KSD, the validation nonce Nv, and the validation key Kv. Then D is ready to assemble an RREP packet to reply the S’s route request.
Advantages
• It gives high anonymity protection• AASR provides higher throughput • Lower packet loss ratio in different mobile scenarios in the
presence of adversary attacks. • It also provides better support for the secure communications.