analysis of the implicit trust within the olsr protocol
TRANSCRIPT
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Analysis of the implicit trust within OLSR
Asmaa Adnane 1, Rafael de Sousa 2, Christophe Bidan 1 andLudovic Me1
1Supelec, SSIR team (EA 4039) ,2University of Brasılia - LabRedes, supported by CNPq - Brazil
31 july 2007
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Plan
1 Introduction
2 Implicit trust within OLSR
3 Applying trust to mitigate OLSR vulnerabilities
4 Conclusions/future works
5 Bibliography
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Notion of trust
The fact that an entity A trusts an entity B in some respectmeans that
A believes that B will behave in a certain way and performsome action in certain specific circumstancesA actually believes that B has the potential to carry out therelated tasks competently and honestly
Different types/classes of trust depending onaction/circumstance
Direct and derived (by means of recommendations) trustrelationships
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Trust specification langage [3]
A trusts B with respect to (doing) the action cc
A trustscc(B)
A trusts the recommendations of entity B about the capacityof other entities to perform action cc
A trusts.reccc (B)when.path[S ]when.target[R ]
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Characteristics of the OLSR protocol (1/2)
Flooding routing OLSR routingA. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Characteristics of the OLSR protocol (2/2)
Proactive link-state routing protocol, with a floodingmechanism to diffuse link state information
Multi-point relays (MPRs) are selected nodes that forwardmessages during the flooding process
HELLO messages
Sent periodically by a node to advertise its linksAllow a node to establish its view of the 2-hop neighborhood,then MPR selection
TC messages
Convey the topological information necessary for computingroutesPeriodically broadcast by MPRs advertising link state tosymmetric neighbors
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Mental state of each OLSR node
MANET : the set of the whole MANET nodes
LSx : Link Set
NSx : Neighbor Set
2HNSx : 2-Hop Neighbor Set
MPRSx : MPR Set (MPRx ⊆ NSx)
MPRSSx : MPR Selection Set
TSx : Topology Set
RTx : Routing Table
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Implicit trust construction within OLSR
Analysis steps
Discovering the neighborhood
MPR selection
MPR Signaling
Computing the routing table
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Discovering the neighborhood
Discovering the neighborhood (1/3)
BA
1: HELLO, LSB = ∅LSA = {Basym}
A¬trusts(B)
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Discovering the neighborhood
Discovering the neighborhood (2/3)
BA
1: HELLO, LSB = ∅LSA = {Basym}
A¬trusts(B)
2: HELLO, LSA = Basym B trusts(A)LSB = {Asym}
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Discovering the neighborhood
Discovering the neighborhood (3/3)
BA
1: HELLO, LSB = ∅LSA = {Basym}
A¬trusts(B)
2: HELLO, LSA = Basym B trusts(A)LSB = {Asym}
3: HELLO, LSB = {Asym}A trusts(B)LSA = {Bsym}
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
MPR Selection
MPR Selection (1/4)
The only criterion for MPR selection by a node X is thenumber of symmetrical neighbors of a candidate node Y
The MPR selection imply that X trusts only its neighborsselected as MPR for routing :
b
b
b
bb
b
A
C
B
X
X trustsfw(A)
X trustsfw(C)
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
MPR Selection
MPR Selection (2/4)
The nodes in MPRSX are required to recommend to X theroutes to the distant nodes
AC B
X
b b b b b bNSA
X trustsfw (A)
A trustsfw(MPRSA)
Z
... trustsfw(MPRS...
)
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
MPR Selection
MPR Selection (3/4)
AC B
X
b b b b b bNSA
X trustsfw (A)
A trustsfw(MPRSA)
Z
... trustsfw(MPRS...
)
⇒ ∀ Z ∈ MANET : X trusts.recfw(A)
when.path[MPRSA]when.target[Z]
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
MPR Selection
MPR Selection (4/4)
AC B
X
b b b b b bNSA
X trustsfw (A)
Z
⇒ ∀ Z ∈ MANET : X trusts.recfw(A)
when.path[MPRSA]when.target[Z]
X trusts.recfw(A)
when.path[routeA→Z]
when.target[Z]
routeY1→Yn= Y1, ...,Yn
with Yi+1 ∈ MPRSYi
⇓
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
MPR Signaling
MPR Signaling
Node A trusts X for advertising (delegation trust) that A isa MPRNode A allows the nodes of its MPRSS to use its resourcesfor routing (access trust)
AX
MPRSX = {A,C}LSX =
{Ampr, Bsym, Cmpr}HELLO, LSX
MPRSSA = {X}
A trustsat(X)
A trustsdt(X)
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Computing the routing table
Computing the routing table (1/3)
Each node X selects the shortest path to reach any othernode Z passing through a selected MPR Y
This calculation will allow X to trust Y for the routingtowards Z
T = (Z ,Y ,N, I ) is a tuple of RTX
∀T ∈ RTX ⇒ X trustsfw−Z (Y )
Actually, there is a chain of this indirect trust relation betweenX and any relay forwarding the packets to Z , this sequenceexpresses the transivity of MPR recommendations in OLSR :
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Computing the routing table
Computing the routing table (2/3)
AC B
X
b b b b b bNSA
A trustsdt∪at(X )
... trustsdt∪at(A)
Z trustsdt∪at(...)
Z
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Computing the routing table
Computing the routing table (3/3)
AC B
X
b b b b b bNSA
Z
X trustsfw(A)
A trustsfw(MPRSA)
... trustsfw (MPRS...
)
X trusts.rec∗
fw−Z (Z) when.target[Z] when.path[Z]
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Computing the routing table
Implicit trust within OLSR
The routing table is calculated so that there is only one routetowards each destination, and each selected route is theshortest among the routes starting from MPR nodes
After computing the distances to destinations, the node willplace more trust in those nodes which offer the shortest pathstowards the destinations (1)
The inherent risk in the choice of only one route towards anydestination is to choose, as router, a corrupted or misbehavingnode
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Case of attack by fabrication of HELLO message
Fabrication of HELLO message
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Consequences of the attack
Consequences of the attack
A Batt
HELLO, LSatt = {A, B,C, X} HELLO, LSB = {A, att, C}
MPRSA = {att}
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Consequences of the attack
Detection of the attack
A Batt
HELLO, LSatt = {A, B,C, X} HELLO, LSB = {A, att, C}
MPRSA = {att}
TCatt, MPRSSatt = {A, B, C , X} TCB, MPRSSB = {C}
C trustsfw−A(B) and C trustsfw−A(att)
and [NSB − {att}] ⊂ [NSatt − {B}]
⇓Contradiction indicates intrusion
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Conclusions and future works
Conclusions
OLSR generates information about trust between nodes
nodes firstly cooperate and gather trust related information,without any validationnodes implicitly deduce information about the other nodes inwhich they have to trust
Trust can be an additional criterion for MPR selection androuting table calculation
Mistrust-based control can be set up to detect suspectbehavior
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Future works
Future works
Integrating trust reasonings into OLSR nodes and simulation
Evaluation of possible trust metrics for OLSR
Extension of OLSR using trust rules for MPR selection androuting table calculation
Distributed trust management module for OLSR
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Bibliography
Clausen T, Jacquet P (2003) IETF RFC-3626: Optimized LinkState Routing Protocol OLSR.
Marsh S (1994) Formalising Trust as a ComputationalConcept, PhD Thesis, University of Stirling.
Yahalom R, Klein B, Beth T (1993) Trust Relationships inSecure Systems - A Distributed Authentication Perspective. In:SP’93: Proceedings of the 1993 IEEE Symposium on Securityand Privacy. IEEE Computer Society, Washington, USA.
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR
Introduction Implicit trust within OLSR Applying trust to mitigate OLSR vulnerabilities Conclusions/future works Bibliography Discussion
Analysis of the implicit trust within OLSR
Questions and remarks ?
A. Adnane, R. de Sousa, C. Bidan, L. Me
Analysis of the implicit trust within OLSR