![Page 1: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/1.jpg)
Secure Data Communication in Mobile
Ad Hoc Networks
Secure Data Communication in Mobile
Ad Hoc Networks
Authors: Panagiotis Papadimitratos and Zygmunt J Haas
Presented by Sarah Casey
Authors: Panagiotis Papadimitratos and Zygmunt J Haas
Presented by Sarah Casey
1
![Page 2: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/2.jpg)
TopicsTopics
•The Authors
•The Protocols
•The Simulations
•The Authors
•The Protocols
•The Simulations
2
![Page 3: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/3.jpg)
The AuthorsPanagiotis
Papadimitratos
The AuthorsPanagiotis
Papadimitratos•PhD from Cornell University, 2005
•Currently Research Associate at Virginia Polytechnic Institute
•Author of 10 IEEE papers since 2002
•1 - ‘02; 1 - ‘03; 6 - ‘05; 2 - ’06
•5 are on secure routing and transmission in ad hoc networks
•PhD from Cornell University, 2005
•Currently Research Associate at Virginia Polytechnic Institute
•Author of 10 IEEE papers since 2002
•1 - ‘02; 1 - ‘03; 6 - ‘05; 2 - ’06
•5 are on secure routing and transmission in ad hoc networks
3
![Page 4: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/4.jpg)
The AuthorsZygmunt J Haas
The AuthorsZygmunt J Haas
•120 IEEE papers
•Since ’05 -
•14 papers total
•9 on ad hoc networking
•1st listed author on 3
•120 IEEE papers
•Since ’05 -
•14 papers total
•9 on ad hoc networking
•1st listed author on 3
4
![Page 5: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/5.jpg)
The AuthorsZygmunt J Haas
The AuthorsZygmunt J Haas
•Editor of
• IEEE Transactions on Networking
• IEEE Transactions on Wireless Communications
• IEEE Communications Magazine
•Chair of IEEE Technical Committee on Personal Communications
•Editor of
• IEEE Transactions on Networking
• IEEE Transactions on Wireless Communications
• IEEE Communications Magazine
•Chair of IEEE Technical Committee on Personal Communications
5
![Page 6: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/6.jpg)
GoalGoal
•“Secure data transmission”
•Provide an end-to-end protocol that:
•works with TCP
•provides data integrity
•provides message authentication
•provides replay protection
•detects and compensates for path disruption
•“Secure data transmission”
•Provide an end-to-end protocol that:
•works with TCP
•provides data integrity
•provides message authentication
•provides replay protection
•detects and compensates for path disruption
6
![Page 7: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/7.jpg)
AssumptionsAssumptions
•All network nodes have:
•unique identity
•public/private key pair
•module implementing network protocols
•module providing communication across wireless network interface
•All network nodes have:
•unique identity
•public/private key pair
•module implementing network protocols
•module providing communication across wireless network interface
7
![Page 8: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/8.jpg)
AssumptionsAssumptions
•Any two nodes can establish an end-to-end Security Association, instantiated by a symmetric shared key, at the time of initial route discovery
•Any intermediate node that does not behave correctly is an adversary
•Multiple paths are node-disjoint
•Route discovery is secure
•Any two nodes can establish an end-to-end Security Association, instantiated by a symmetric shared key, at the time of initial route discovery
•Any intermediate node that does not behave correctly is an adversary
•Multiple paths are node-disjoint
•Route discovery is secure
8
![Page 9: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/9.jpg)
Secure Message Transmission (SMT)
Protocol
Secure Message Transmission (SMT)
Protocol•A node, S, establishes a secure
association with another node, T
•S has a set of discovered, active, node disjoint paths through which it can communicate with T
•S uses message dispersion and encryption to add redundancy to a message it wishes to send to T
•A node, S, establishes a secure association with another node, T
•S has a set of discovered, active, node disjoint paths through which it can communicate with T
•S uses message dispersion and encryption to add redundancy to a message it wishes to send to T
9
![Page 10: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/10.jpg)
SMT - ContinuedSMT - Continued
•S then “breaks” the message into N pieces, M of which need to reach T intact in order for T to recover the message
•Each piece of the message has a message authentication code and a sequence number, so that T can verify the validity of the message pieces and reject replays
•S then “breaks” the message into N pieces, M of which need to reach T intact in order for T to recover the message
•Each piece of the message has a message authentication code and a sequence number, so that T can verify the validity of the message pieces and reject replays
10
![Page 11: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/11.jpg)
SMT - ContinuedSMT - Continued
•T sends to S a feedback message (like an ACK) for each successfully received piece
•S validates the feedback messages or receives a timeout when no feedback messages are received
•Each time a message piece is received or not received, the route rating for its route is updated (increased or decreased)
•Route ratings indicate how preferable a route is, if it is failed or active, and its probabilistically calculated survival time.
•T sends to S a feedback message (like an ACK) for each successfully received piece
•S validates the feedback messages or receives a timeout when no feedback messages are received
•Each time a message piece is received or not received, the route rating for its route is updated (increased or decreased)
•Route ratings indicate how preferable a route is, if it is failed or active, and its probabilistically calculated survival time.
11
![Page 12: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/12.jpg)
Secure Single Path (SSP) Protocol
Secure Single Path (SSP) Protocol
• Just like SMT, except -
•Does not perform data dispersion
•Uses only one path per message
•Lower transmission overhead than SMT
•Higher potential delay time than SMT
• Just like SMT, except -
•Does not perform data dispersion
•Uses only one path per message
•Lower transmission overhead than SMT
•Higher potential delay time than SMT
12
![Page 13: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/13.jpg)
How it Works:Path DiscoveryHow it Works:Path Discovery
• Paths discovery can be implicit or explicit
• Explicit allows SMT additional versatility and robustness, because it can compose routes from the discovered routes and can correlate loss/delivery with specific links
• Assumed to be secure
• Secure Routing Protocol, as proposed by the authors, or
• paper references [2], [3], [4], [5], [6], and [39] all provide proposals for secure route determination protocols or for securing existing route determination protocols
• Paths discovery can be implicit or explicit
• Explicit allows SMT additional versatility and robustness, because it can compose routes from the discovered routes and can correlate loss/delivery with specific links
• Assumed to be secure
• Secure Routing Protocol, as proposed by the authors, or
• paper references [2], [3], [4], [5], [6], and [39] all provide proposals for secure route determination protocols or for securing existing route determination protocols
13
![Page 14: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/14.jpg)
How it Works:Path Rating
How it Works:Path Rating
: transmission number: transmission number: rating of path, s: rating of path, s: minimum possible rating: minimum possible rating: maximum possible rating: maximum possible rating
14
![Page 15: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/15.jpg)
How it Works:Choosing α and β
How it Works:Choosing α and β
Minimise Regret and Bandwidth Loss Minimise Regret and Bandwidth Loss (BWL)(BWL)
15
![Page 16: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/16.jpg)
How it Works:Path SurvivalHow it Works:Path Survival
S: number of SamplesS: number of Samplest: current path aget: current path aged: maximum transmission timed: maximum transmission timeττ: lifetime of route: lifetime of route
16
![Page 17: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/17.jpg)
How it Works:Configuration Algorithm
How it Works:Configuration Algorithm• Inputs:
•path set
•path ratings
•path survival probabilities
•optimization objective (successful transmission, minimal transmission overhead)
•objective specific parameter (desired probability of successful transmission or maximum redundancy)
• Inputs:
•path set
•path ratings
•path survival probabilities
•optimization objective (successful transmission, minimal transmission overhead)
•objective specific parameter (desired probability of successful transmission or maximum redundancy)
17
![Page 18: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/18.jpg)
How it Works:Configuration Algorithm
II
How it Works:Configuration Algorithm
II• All paths ranked
• path rating, highest to lowest
• survival probability, highest to lowest
• number of hops, lowest to highest
• For all paths and redundancy options, the probability of successful transmission is calculated
• Result is an M by N matrix
• Search matrix to determine (M,N) values that satisfy the input objective
• All paths ranked
• path rating, highest to lowest
• survival probability, highest to lowest
• number of hops, lowest to highest
• For all paths and redundancy options, the probability of successful transmission is calculated
• Result is an M by N matrix
• Search matrix to determine (M,N) values that satisfy the input objective
18
![Page 19: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/19.jpg)
How it Works:Meeting Input Objectives
How it Works:Meeting Input Objectives
Find the minimum number of paths Find the minimum number of paths to achieve a certain success to achieve a certain success probabilityprobability
Find the minimum redundancy to Find the minimum redundancy to achieve a certain success achieve a certain success probability probability
Find the best values of M and N to Find the best values of M and N to achieve the highest probability of achieve the highest probability of success given a certain redundancysuccess given a certain redundancy
19
![Page 20: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/20.jpg)
Simulation DetailsSimulation Details
•OPNET - commercially available network simulation software. Free for university courses or R&D
•network area of 1000m2
•3 message sources, 4 - 512B messages each
•900s per simulation; 30 randomly seeded runs
•OPNET - commercially available network simulation software. Free for university courses or R&D
•network area of 1000m2
•3 message sources, 4 - 512B messages each
•900s per simulation; 30 randomly seeded runs
20
![Page 21: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/21.jpg)
Simulation DetailsSimulation Details
•50 identical nodes
•300m communications range
•5.5 Mb/sec data rate
•655kB MAC buffer
•Random Waypoint Mobility, 1m/s - 20m/s
•50 identical nodes
•300m communications range
•5.5 Mb/sec data rate
•655kB MAC buffer
•Random Waypoint Mobility, 1m/s - 20m/s
21
![Page 22: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/22.jpg)
Protocol ParametersProtocol Parameters
: specified probability of success: specified probability of success
: minimum path rating: minimum path rating
: maximum path rating: maximum path rating
: rating decrease if loss: rating decrease if loss
: rating increase if success: rating increase if success
: initial path rating: initial path ratingAdversaries drop packets in both directionsAdversaries drop packets in both directionsNo significant difference if drop packets or No significant difference if drop packets or corruptcorrupt
22
![Page 23: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/23.jpg)
Simulated ProtocolsSimulated Protocols
•SMT-LS
•SMT with Link State
• Idealised routing discovery scheme
•no delay
•no control overhead
•SMT-LS
•SMT with Link State
• Idealised routing discovery scheme
•no delay
•no control overhead
23
![Page 24: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/24.jpg)
Simulated ProtocolsSimulated Protocols
•SMT-RRD
•SMT with Reactive Route Discovery
•SMT integrated with Secure Routing Protocol
•SSP
•SSP integrated with Secure Routing Protocol
•SMT-RRD
•SMT with Reactive Route Discovery
•SMT integrated with Secure Routing Protocol
•SSP
•SSP integrated with Secure Routing Protocol
24
![Page 25: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/25.jpg)
Simulation: ReliabilitySimulation: Reliability
Message Delivery FractionMessage Delivery Fraction
SMT-LSSMT-LS SMT-RRDSMT-RRD SSPSSP
Note: Messages with delay > 30s were ignoredNote: Messages with delay > 30s were ignored Up to 0.7% of the messages sent are not accounted forUp to 0.7% of the messages sent are not accounted for
Should these messages be counted as lost?Should these messages be counted as lost?25
![Page 26: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/26.jpg)
Simulation: DelaySimulation: Delay
SMT-LSSMT-LS SMT-RRDSMT-RRD SSPSSP
26
![Page 27: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/27.jpg)
Simulation: OverheadTransmission and
Routing
Simulation: OverheadTransmission and
Routing
SMT-LSSMT-LS SMT-RRDSMT-RRD SSPSSP27
![Page 28: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/28.jpg)
Simulation: MobilitySimulation: Mobility
Pause Time: How long does the node stay in one place?Pause Time: How long does the node stay in one place?Larger pause time Larger pause time ⇒⇒ less mobility less mobility
28
![Page 29: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/29.jpg)
Simulation: Network Load
Simulation: Network Load
SMT-RRD, CBRSMT-RRD, CBR TCPTCP29
![Page 30: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/30.jpg)
Simulation: Attack Resistance
Simulation: Attack Resistance
FA: 50%FA: 50%
30
![Page 31: Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis](https://reader030.vdocuments.net/reader030/viewer/2022032800/56649d3f5503460f94a19147/html5/thumbnails/31.jpg)
ConclusionsConclusions
• Provides end-to-end security
• Effectively protects against data loss
• Requires no advance knowledge of node trustworthiness
• Automatically adapt to environment
• Mechanism not subject to abuse by adversaries
• Tactical systems that operate in hostile environments
• Civilian systems compromised by selfish users and rogue network devices
• Provides end-to-end security
• Effectively protects against data loss
• Requires no advance knowledge of node trustworthiness
• Automatically adapt to environment
• Mechanism not subject to abuse by adversaries
• Tactical systems that operate in hostile environments
• Civilian systems compromised by selfish users and rogue network devices
31