securing ad hoc networks presentation - supelec · 2003-03-12 · valérie gayraud & bruno...

Securing Wireless Ad Hoc Networks

Valérie Gayraud & Bruno Tharon

ISS Master 12th March 2003

MP 71 project

Securing Wireless Ad Hoc Networks PRESENTATION - 1Valérie Gayraud & Bruno Tharon

Agenda– Goal of the project– What is a wireless ad hoc network?• Introduction

• Security Issues Analysis

– Risk analysis– Results

• Proposed Solutions

– Models from literature– Securing routing– A specific solution: Ariadne

• Conclusion – Project follow-up– Personal comments


Goal of the project

• List existing security issues in Wireless Ad Hoc Networks (Risk Analysis Approach)

• List solutions and countermeasures

• Have a deeper look onto Routing issues & highlight solutions (MANET*)

• Explore a specific Routing solution (Ariadne)

(*)Mobile Ad Hoc NETworks


What is a Wireless Ad Hoc Network ?

Internet

Infrastructure mode

Wireless Ad Hocmode

Wire

Radio wave


• Collection of wireless mobile nodes*

• Capable of communicating with each other without the use of a network infrastructure

• The mobile hosts are not bound to any centralized control

• Each mobile station acts as a router

(*) Nodes can be: Laptop, PDA, domestic appliances …



• Dynamic topology

• Bandwidth-constrained

• Variable capacity links

• Energy-constrained operation

• Limited physical security

What is a Wireless Ad Hoc Network ?(Features from RFC 2501)

• Autonomous Terminal

• Distributed Operation (cooperative mode)

• Lightweight Terminals

• Multi-hop Routing

• Self-configuration capability


Based on WLAN Technologies


• Personal Area Network (PAN) area

• Special event coverage

• Disaster recovery

What is a Wireless Ad Hoc Network ?(Possible Applications)

• Peer to peer network area

• Industrial area

• Cellular networks area

Civilian, Military, Medical areas


Security requirements(What kind of protection do we need ?in terms of confidentiality, availability, integrity, non-repudiation, anonymity)

Known threats(attacks scenarii)

Vulnerabilities(Is there any weaknesses in the

System ? technical/non technical specific)

Functions/data requiring protection(what do we need to be protected ?)

Risk assessmentTake into account all aspects to determine

the realistic threats that could exlpoitthe vulnerabilities to perform illegalaction onto sensitive functions/data.

Risk analysis

1

2

3

4

5

Risk Analysis (EBIOS Like)


• Sensitive functions :- Routing - (Self)Configuration- Power management- Security functions

• Sensitive data : - Routing Protocol data- (Self)Configuration data- Power management data- Security Attributes

Risk AnalysisStep 1 : Assets requiring protection


• Authentication (corner stone)

• Confidentiality

• Availability

• Integrity

• Non-Repudiation

• Anonymity

Risk Analysis step 2 : Security Requirements


Risk Analysis step 3 : Typical Threats

Internal/externalattack

Passive attack(listen,collect) Active attack

(modification,replication,deletion)

Wired lineeavesdropping

Aireavesdropping

Informationdisclosure

Traffic analysis

ImpersonationUsurpation

Replay

Data modification

Denial of Service

Trojan Horses Viruses Worms Logical bombs


• Channels

• Nodes

• Absence of infrastructure

• Dynamically changing topology

• Routing mechanism

• Absence of centralized server

• Implemented OS in the Node

• WLAN’s vulnerabilities

Risk Analysis Step 4 : Vulnerabilities


Attacks on the basic mechanisms routing and configuration mechanism

Attacks on the security mechanisms

Results : Risks assessment


• Eavesdropping attacks

• Impersonation

• Physical attacks

• Information disclosure

Risks assessment : Potential Scenarios

• Denial of Service attacks• Routing table overflow• Radio jamming• Battery exhaustion• Software alteration attacks• Selfishness of the node


Solutions from Literature 1/2• Authentication

– Key agreement• Contributory• Distributory

– Duckling security policy model (Stajano / Anderson)• Imprinting: Temporary master/slave association ? Physical contact

– Self organized public key infrastructure• Certificates are created, stored and distributed by the users

• Confidentiality– Frequency hoping– Encryption

• Symmetric encryption preferred

• Anonymity– Pseudo-anonymity


Solutions from Literature 2/2• Devices integrity

– Tamper resistance– Tamper evidence

• Message integrity– Digital signature with public key

• Too computational– TESLA (A.Perrig, R. Canetti, D. Song, J.D.Tygar)

• Multicast operations• Authentication of the sender• Scalability to many possible receivers• Handle packets loss• Use a chain of key• Message authenticate with a key disclosed later• Precise synchronization of nodes required


TESLA• Kn random number generated by node A, Ki = h(Ki+1)

• “d”: disclosure time depends on– End to end network delay and loose synchronization

between nodes

Data Packet:Message MkMAC: MACKk ( Mk)Recent TESLA key: Kj

2Packet k from A to B

Data Packet:Message MjMAC: MACKi ( Mj )Recent TESLA key: Kk

1Packet j from A to B

kTime

j i

d d

Kj disclosed ? Reach B

Authentication of Packet j by B3


Broadcast

K is disclosed later in a subsequent message

SourceMessage authentication with secret key K

Destinations

TESLA


Taxonomy of Ad Hoc Routing ProtocolUnicast Rout ing

protocols

N o n Uniform Uni form

Neighbour se lect ion Cluster ingRout ing Area

Topo logy basedLink s tate protocol

Dest inat ion basedDistance Vector protoco l

React iveProact ive

A B R

T O R A

A O D V

F S R

W R P

D S D V

React iveProact ive

D S R

G S R

T B R P F

C E D A R

C B R P

Proact ive React ive

C G S R

H S R

Proact ive React ive

Z R P

O L S R

ZRP (Zone Rout ing Protocol ) D S D V (D y n a m i c destination -Sequenced Distance Vec tor Routing pro tocol)O S L R (Opt imized Link Sta teRout ing protocol) W R P (Wire less Routing Protocol)C E D A R ( Core -Extract ion Distr ibuted Ad Hoc Routing pro tocol) A O D V (Ad hoc On demand Distance Vec tor pro tocol )C B R P (Clus tered Based Rout ing protocol) T O R A (Tempora l ly-Ordered Rout ing Algor i thm protocol)GSR (Global State Routing pro tocol) A B R (Associated-B a s e d long l ived Routing Algor i thm protocol )D S R (Dynamic Source Rout ing protocol) T B R P F (Topology disseminat ion Based on Reverse Path Forwarding pro tocol)F S R (Fisheye State Rout ing pro tocol) C G S R (Clus terhead Ga teway Switch Rout ing protocol)HSR (Hierarchical State Rout ing protocol)


Taxonomy of Routing Protocols

• Route Discovery procedure: –Find a route to the destination

• Route Request• Route Reply

• Route Maintenance procedure:–Maintains connections

• Hello Messages• Route Error



• Proactive Protocol:– Routing data continuously updated– Management data exchange between nodes to make

routes straight away available– Updating costs a lot and a change of topology impacts the

entire network

• Reactive Protocol:– No routing data held permanently– On demand route searching– unused routes are not handled but there’s a delay before

using a route and the searching route mechanism uses broadcast request

• Both (Hybrid Protocol) :



• Uniform (same role for every node):–Distance Vector (destination based)–Link State (topology based)

• Non Uniform (some nodes handle routing):–Neighbor selection (election of nodes to handle

routing, similar as default gateway)–Clustering (Routing Areas), the network is divided

into several routing areas (same as GPRS/UMTS)


A Secure Routing ProtocolAriadne (Yih-Chun Hu, A. Perrig, D.B. Johnson, Mellon University)

• Secure on-demand routing protocol

• Prevents malicious injection or altering of routing data– Routing loop– Black hole– Detours

• Prevents denial of service attacks

• Authentication of routing messages– Shared secret keys– TESLA– Digital signature


Ariadne: ROUTE REQUEST

Route REQUEST Message:Initiator ATarget DIdentifier idTime Interval THash Chain: H(C,H( B, MACKAD( )))Node List: B, CMAC list: MACKBi ( ),MACKCi ( )

3

Packet broadcasted by C

Route REQUEST Message:Initiator ATarget DIdentifier idTime Interval THash Chain: H( B, MACKAD( ))Node List: BMAC list: MACKBi ( )

2Packet broadcasted by B

Route REQUEST Message:Initiator ATarget DIdentifier id Time Interval THash Chain: MACKAD ( )Node List: emptyMAC list : empty

Packet broadcasted by A

1


Route REPLY Message:Target D Initiator ATime Interval TNode List: B, CMAC list: MACKBi ( ),MACKCi ( )Target MAC: MACKDA ( ),Key List: empty

1Packet from D to C

Route REPLY Message:Target D Initiator ATime Interval TNode List: B, CMAC list: MACKBi ( ),MACKCi ( )Target MAC: MACKDA ( ),Key List: KCi

2

Packet from C to B

Route REPLY Message:Target D Initiator ATime Interval TNode List: B, CMAC list: MACKBi ( ),MACKCi ( )Target MAC: MACKDA ( ),Key List: KCi, KBi

3

Packet from B to A

Ariadne: ROUTE REPLY


Route ERROR Message:Sending Address BReceiving Adress ATime IntervalError MAC: MACKBi ( )Recent TESLA key: KBi’

3Packet from B to A

Data Packets A ? C

1

Ariadne: ROUTE ERROR

Broken link2


A Secure Routing ProtocolAriadne ? Evaluation

• Stability of route (Tested twice)

• Less throughput– Due to slower route discovery– Route error processing delayed (TESLA)

• 26 % more overhead than non optimized DSR

• Slower route discovery with TESLA– Delays due to delayed key disclosure


Planning

November 2002

December2002

January2003

February2003

March2003

Draft report delivery01/31/2003

Final report delivery02/28/2003

Presentation 03/11//2003

Kick off meeting Held 11/19/2002

Forecasted Milestones

Achieved Milestones

Final report delivery03/10/2003

Presentation 03/12//2003

Kick off meeting Held 11/19/2002

Draft report review01/14/2003

Draft report review02/24/2003

Draft report delivery12/20/2002

Forecast: 1 day/week for 14 weeks, 14 pers/days: 28 days workload

Effective: Twice more time spent ? 30 pers/days: 60 days workload


• Installation and Configuration– Free BSD 4.7, Linux Suse 8.0,– Windows 98, XP,– 802.11 Aironet and D-Link cards,

Conclusion: Achieved Work

• 802.11 Protocol Study– Sniffers installation (BSD Airtools,

Ethereal)– Frames analysis,

• Programming and test– “Prismtodump” source code analysis,– Denial of Service Implementation. (To Do)


• A Challenge for the Security– Authentication of nodes– Authentication of management messages– Several models, few applications

Securing Wireless Ad Hoc NetworksConclusion

• Routing functions– Reutilization of wired oriented protocols

• Efficiency-oriented• Security not taken into account

– Adaptation of current protocols– Immaturity

• Trade-off between security and autonomy/efficiency


• Work onto existing routing implementation (OSLR from INRIA -> Linux & Windows 2000),

• Can we use IPSEC (VPN) ?

• Take time to study all routing protocols

• Trust Relationship Models,

• Intrusion detection in ad hoc networks

Conclusion : Future work

Any Questions ?


GlossaryAP Access Point AODV Ad hoc On-demand D istance VectorART Autorité de Régulation des TélécommunicationsAT-GDH Arbitrary Topology Generalization of D iffie-HellmanBD-ADDR Bluetooth Device ADDRessBER Bit Error RateBRAN Broadband Radio Access Networks (Group of work within

ETSI)CRC Cyclic Redundancy CheckCSMA/CA Carrier Sense Multiple Access / Carrier AvoidanceDSR Dynamic Source RoutingDVMRP Distance Vector Multicast Routing ProtocolEAP Extensible Authentication ProtocolEBIOS Expression des Besoins et Identification des Objectifs de

Sécurité French approach, stands for security requirements and identification of the target of security

ETSI European Telecommunications Standards InstituteEY-NPMA Elimination Yield None Pre-emptive Priority Multiple

AccessFCC Federal Communications CommissionFSK Frequency-Shift KeyingGDH Generalization of D iffie-HellmanGMSK Gaussian Minimum Shift KeyingGPRS General Packet Radio ServiceHiperLAN High Performance Local Area NetworkIDS Intrusion Detection SystemIEEE Institute of Electrical and Electronics EngineersIETF Internet Engineering Task ForceIrDA Infrared Data AssociationIrLAP Infrared Link Access ProtocolISM Industrial, Scientific and Medical

IV Init VectorMAC Medium Access ControlMANET Mobile Ad hoc NETworkMAODV Multicast Ad hoc On-demand D istance VectorMPR Multi Point RelayNSA National Security AgencyOLSR Optimized Link State RoutingPAN Personal Area NetworkPDA Personal D igital AssistantPGP Pretty Good PrivacyPRNG Pseudo RaNdom GeneratorQoP Quality of ProtectionRIP Routing Internet ProtocolRREQ Route REQuest RREP Route REPlyRERR Route ERRorRSN Robust Security NetworksSAR Security-Aware ad hoc RoutingSIG Special Interest GroupSNMP Simple Network Management ProtocolSRR Send Route RequestSWAP Shared Wireless Access ProtocolTDMA Time D ivision Multiple AccessTESLA Time Efficient Stream Loss-tolerant AuthenticationUMTS Universal Mobile TelecommunicationsWECA Wireless Ethernet Compatibility AllianceWEP Wired Equivalent Privacy ProtocoleWi-Fi Wireless FidelityWLAN Wireless Local Area NetworkWPAN Wireless Personal Area Network



AB

C

D

Then, nodes are capable to communicate with each other or route data for another nodes

Node A : laptop

Node C : computer embedded in a car

Node B : palm pilotNode D : laptop

Communicationcut off but maintains

through B


Possible Application : Solve a lack of coverage in UMTS network

NodeB

NodeB

NodeBNodeB

NodeB

NodeB


Annex: Authentication / Key Agreement

S1

S4

S4

S2

S3

Key = ? S1S2S3S4

Distributory

Contributory

Key = H(PWD)

Pwd

PwdPwd

Pwd

Pwd

securing ad hoc networks presentation - supelec · 2003-03-12 · valérie gayraud & bruno...

Documents