Chapter 2 Security and Privacy for Routing Protocols ...

Download PDF
3 downloads 3402 Views 1MB Size Report
Comment
Oct 23, 2013 - services. Among the applications and services, are the connection ... to allow mobile workstations to access corporate networks or public ...
Chapter 2

Security and Privacy for Routing Protocols in Mobile Ad Hoc Networks Mohamed Amine Ferrag, Mehdi Nafa, and Salim Ghanemi Contents 2.1 Introduction................................................................................................20 2.2 Mobile Ad Hoc Networks...........................................................................22 2.2.1 Applications in MANET.................................................................22 2.2.1.1 Military Applications.........................................................23 2.2.1.2 Operations of Rescue.........................................................23 2.2.1.3 Corporate Network...........................................................23 2.2.2 The Standard “IEEE 802.11b” in Ad Hoc Mode.............................24 2.3 Needs of Security........................................................................................24 2.3.1 Confidentiality................................................................................25 2.3.2 Authentication.................................................................................25 2.3.3 Authorization...................................................................................25 2.3.4 Message Integrity.............................................................................25 2.3.5 Nonrepudiation...............................................................................26 2.4 Classification of Routing Protocols in MANET..........................................26 2.4.1 Ad Hoc On Demand Distance Vector.............................................28 2.4.2 OLSR Protocol................................................................................28 2.4.3 Zone Routing Protocol....................................................................29 19

K16823_C002.indd 19

10/23/2013 11:26:03 AM

20  ◾  Security for Multihop Wireless Networks

2.5 Vulnerabilities and Protection Tools of MANETs.......................................29 2.5.1 Vulnerability of AODV....................................................................30 2.5.1.1 Detour Attack....................................................................32 2.5.1.2 Routing Table Poisoning....................................................32 2.5.1.3 Sybil Attack.......................................................................32 2.5.1.4 Man-in-the-Middle Attack................................................32 2.5.1.5 Rushing Attack..................................................................33 2.5.1.6 Resource Consumption.....................................................33 2.5.1.7 Routing Table Overflow....................................................33 2.5.1.8 Location Disclosure...........................................................33 2.5.1.9 Worm-/BlackHole Attack..................................................33 2.5.2 Security Mechanisms for Routing Protocol AODV.........................33 2.5.2.1 Solutions Based on Cryptography..................................... 34 2.5.2.2 Systems Reputation Management......................................36 2.5.2.3 Directional Antennas.........................................................37 2.5.2.4 Counter Measurement at the Physical Layer......................37 2.6 Future Research Directions.........................................................................38 2.7 Conclusions.................................................................................................38 References............................................................................................................38

2.1  Introduction Since their introduction, the wireless local area networks (LANs) have attracted the interest of professionals, faced with the needs of mobility and network connectivity to their organization. 802.11 networks, standardized by the IEEE in 1997 [1] has rapidly become until, in some cases, replace traditional wired networks like Ethernet. Since their arrival on the market, the steady evolution of their performance and lower their cost of acquisition helped accelerate their dissemination. The IEEE 802.11 provides two modes: infrastructure mode and ad hoc mode. Infrastructure mode, also called cellular mode, uses a topology built around fixed access points. The latter is responsible for managing exchanges between mobile nodes located in their area transceiver. Multiple access points can be interconnected by a backbone network, called the distribution system to provide connections to a larger number of nodes or increase the space of node mobility. Ad hoc mode, it establishes an exchange point to point between two mobile nodes. If two nodes do not share the same areas transceiver, a direct connection is impossible. In this case, the intermediate nodes are used to establish a path between the source and destination nodes. These networks, whose architecture evolves according to the movement and appearance of nodes, are called Mobile Ad Hoc Network (MANET) or spontaneous networks. In some contexts, users can benefit from the features of MANET to exchange information. A frequently cited example, in civil and military, is an ad hoc network

K16823_C002.indd 20

10/23/2013 11:26:03 AM

Security and Privacy for Routing Protocols  ◾  21

formed by the interconnections between moving vehicles. In the industrial ­networks catch (sensor networks) can form a MANET to adapt to different environments. But many other situations of everyday life are adapted to the use of MANET. Consider, for example, a network created for the purposes and duration of a meeting of participants from different organizations, or a network created between students and their teacher in a classroom for the duration of a course. There are primarily two types of routing protocol in ad hoc networks. First is the reactive routing protocols (dynamic source routing [DSR] [38,39], ad hoc ondemand distance vector [AODV] [6],) that initiate the search for a route when trying to reach a destination that is not contained in the routing table. Second, are the proactive routing protocols (optimized link state routing [OLSR] [7], destinationsequenced distance vector [DSDV] [40]) that regularly update the information in the routing table with route discovery requests. Note that the hybrid algorithms exist. Distance vector algorithms and link state algorithms are the two types of algorithms that are used to maintain accurate routing tables They then make use of both protocols under different conditions. In general, the route discovery is as follows. When a node wants to transmit a message to another node, it broadcasts a route requesting different denominations according to the protocols. The road is built when this route to the recipient can return a message to the sender. The road is then set and the actual data exchange can take place in the absence of authentication, confidentiality, integrity, and so on. Ensuring smooth running of these protocols can greatly compromise network stability. The issue of privacy is almost solved, but major gaps remain in terms of routing protocols. For this reason, the subject of this chapter focuses on the security of routing protocols in MANET. We chose AODV routing protocol because they are most widely used in the ad hoc community. MANET is subject to a number of attacks. For example, an attacker in the MANET may not be willing to route packets to other nodes. On the other hand, more sophisticated attacks against MANET routing can disrupt the route discovery. In addition, they may interfere with maintaining ride disobedient routing protocols. Blackhole, Byzantine , wormhole , and spoofing are illustrations of various attack threats for MANET. For the purposes of group communication security, cryptography has been integrated in MANETs. Among them, the most popular techniques are symmetric and public key infrastructure (PKI). This chapter is devoted mainly to the state-of-the-art security and privacy for routing protocols in MANETs. First, we present the MANETs, their characteristics, application domains, and the 802.11 MAC used in these networks. Then, we present the needs of network security. In addition, we present the basic concept of ad hoc routing protocols including examples of protocols and the security threats they face. Second, we choose AODV routing protocol and we describe the different classification of vulnerabilities and attacks against AODV in MANETs. We mention the main lines of security AODV in mobile ad hoc. Then, we study different approaches to security environment dedicated to AODV in MANETs.

K16823_C002.indd 21

10/23/2013 11:26:03 AM

22  ◾  Security for Multihop Wireless Networks

2.2  Mobile Ad Hoc Networks MANETs continue to evolve with the development of mobile technology. Mobile devices become increasingly smaller and more powerful in terms of processing power and data storage. This allows nodes to ensure applications and more advanced services. Among the applications and services, are the connection requests, routing, and security. In this section, we present the MANETs, their characteristics, and the standard “IEEE 802.11b” in ad hoc mode characteristics of MANET. Ad hoc mobile networks not only possess the same characteristics as mobile networks, but also a number of characteristics that are unique and differentiate them from others. We can cite some key features: ◾◾ Lack of infrastructure: No base station or access point, all nodes in the network moves into a distributed environment without an access point or a point of attachment to the entire network. Nodes play the role of both an active player in the network transmitter and receiver and also as a router to relay communications from other network nodes. ◾◾ Dynamic network topology: The network nodes are autonomous and able to move arbitrarily. Mobility means that the network topology is dynamic because it can change at any time quickly and randomly. This topology change has an impact on the connections, or links unidirectional and bidirectional nodes. ◾◾ Limited resources: Energy sources such as batteries are needed for the communication of mobile nodes. Unfortunately, these sources have a limited lifetime and depend on the depletion treatment performed at the node operations such as transmission, reception, and complex calculations. Therefore, the energy constitutes a real problem. Management mechanisms of energy are required for nodes in order to conserve energy and increase their lifetime. So any solution for MANETs must take into account the energy constraint. ◾◾ Physical links: On the basis of the wireless communication technologies essential to the establishment of an ad hoc network. ◾◾ Modeling of MANET. A MANET can be modeled by a graph (Figure 2.1) Gt = (Vt, Et) where: ◾◾ Vt is the set of nodes. ◾◾ Et models all the connections between these nodes. ◾◾ If e = (u, v) ∈ Et, this means that the nodes u and v are able to communicate directly at time t.

2.2.1  Applications in MANET The ad hoc mobile network has managed to establish itself as a promising ­technology. Their characteristics, and in particular mobility and lack of infrastructure, expand their areas of application. We can cite the strengths of MANETs as follows:

K16823_C002.indd 22

10/23/2013 11:26:03 AM

Security and Privacy for Routing Protocols  ◾  23

Communication link Mobile node

Figure 2.1  Modeling of an ad hoc network.

◾◾ Network at low cost: Wired networks are expensive from the economic viewpoint because they require wiring and infrastructure deployment. However, the MANETs can be deployed anywhere, especially in areas where wired networks cannot be made for reasons of geographical difficulties. Thus, ad hoc networks are becoming an alternative to reduce financial costs. ◾◾ Network hostile place: An example of a hostile place is on the battlefield. In environments with difficult access such as mountainous regions, ad hoc mobile networks are very convenient. ◾◾ Wireless Infrastructure: In the case of a local situation that does not require wired network resources; for example, conferences or meetings. It is not necessary to go through the wired network for internal members.

2.2.1.1  Military Applications Ad hoc mobile networks are designed based on applications for operational rations and military nature. These networks are suitable for hostile environments, because they are dynamic and rapidly deployable. Network nodes that are communicating military: soldiers and armored vehicles.

2.2.1.2  Operations of Rescue Ad hoc wireless networks are also used in rescue operations, especially during earthquakes or other disasters. These networks can be rapidly deployed on land operations and ensure the communication link between rescuers.

2.2.1.3  Corporate Network The ease of deployment of these networks and their reduced cost interests more companies. This ensures a high mobility of agents, data sharing, and conferences. For example, at a meeting or conference, the speaker can communicate with all participants and create an interactive debate.

K16823_C002.indd 23

10/23/2013 11:26:03 AM

24  ◾  Security for Multihop Wireless Networks

LLC 802.2 MAC 802.11 FHSS

DSSS

IR

………………

Figure 2.2  Standardization of LANs by IEEE.

2.2.2  The Standard “IEEE 802.11b” in Ad Hoc Mode The standard “IEEE 802.11” [1] defines two operational modes: infrastructure mode, which requires the presence of specialized equipment called an access point, and control point-to-point communications between hosts on a network. Infrastructure mode is the most common configuration. This is used, for example, to allow mobile workstations to access corporate networks or public networks (hotspots). The specifics of ad hoc mode, presented in Ref. [2], show that applications still belong to the field of research. ◾◾ ◾◾ ◾◾ ◾◾

LLC: Logical link control (data link layer) MAC: Medium access control (data link layer) FHSS: Frequency hopping spread spectrum (physical layer) IR : InfraRouge (physical layer)

Standardization of LANs by IEEE in Figure 2.2 covers the physical layer and data link reference model OSI. The data link layer used by the IEEE is composed of two sublayers: the layer under LLC and the MAC. Layer “LLC” or “IEEE 802.2” is common to all 802 standards of IEEE. Layer IEEE 802.11 is a common layer to several physical layers.

2.3  Needs of Security Basic needs for safe, mobile ad hoc are more or less the same as for wired or wireless infrastructure. The main objective of network security is to ensure that the applications and protected information used as input and generated as output will not be affected by unintentional bad breaks Functional elements needed to build a security system network are: ◾◾ Confidentiality ◾◾ Authentication

K16823_C002.indd 24

10/23/2013 11:26:04 AM

Security and Privacy for Routing Protocols  ◾  25

◾◾ Authorization ◾◾ Message integrity ◾◾ Nonrepudiation

2.3.1  Confidentiality Confidentiality is to keep information away from those who are not allowed to know (content invisible). This is usually what comes to mind when talking about network security. Cryptography is typically used to complete this. At the network layer, we can cite the ESP protocol (encapsulating security payload [3]), which ensures confidentiality to IP datagram by encrypting. ESP is a protocol belonging to IPsec (Internet protocol security [4]). Encryption algorithms, whether symmetric or asymmetric, require an encryption key to encrypt the message before sending it to the destination.

2.3.2  Authentication Authentication verifies the identity of an entity or a node in the network. This is an essential step to control access to network resources. Without authentication, a node attacker can easily impersonate another node in order to enjoy the privileges assigned to that node or to carry out attacks in the identity of the node and harm the reputation of victim node. In the context of wired networks or wireless networks with infrastructure, the authentication process is based on a trusted third party where all network entities trust. The trusted third party is only a certification authority that distributes certificates to nodes that have the right of access to a network service. This authentication scheme is centralized, and is known as public key infrastructure (PKI) [5]. Applying directly to the PKI model, MANET is not possible for reasons of dynamic change and frequent network topology because the authentication service availability is limited due to the capacity of the nodes.

2.3.3  Authorization Authorization is the access control to the network or system resources, so only specific authenticated nodes are allowed access to specific resources. This type of control provides selective access to resources.

2.3.4  Message Integrity Message integrity refers to the condition that the received message is not altered en route compared to the message originally issued. This is protection against threats that can cause unauthorized modification of system configuration or data. Integrity services are designed to ensure the proper functioning of resources and transmission. This service provides protection against deliberate or accidental alteration and unauthorized system functions (system integrity) and information (data integrity).

K16823_C002.indd 25

10/23/2013 11:26:04 AM

26  ◾  Security for Multihop Wireless Networks

In the wireless network, the message can be changed for reasons not malicious, such as corruption of the packet at the radio propagation.

2.3.5  Nonrepudiation Nonrepudiation guarantees that the message sender is the legitimate sender of the received message and the sender cannot deny sending the message. In other words, the nonrepudiation of origin proves that the data has been sent, and nonrepudiation of the arrival proves that they were received. These five basics of network security are implemented as hardware and software in the network devices. Based on these five elements of safety function, it is possible to examine the various emerging technologies to implement specific security needs. In the next section, we present the main principles and characteristics of routing protocols in MANET.

2.4  Classification of Routing Protocols in MANET A routing protocol determines the path between two mobile nodes based on a predefined strategy. In MANET, the routing protocol, distributed across all mobile nodes is more to minimize the time on the road, also called latency, and the use of resources for this operation. We limit our discussion to routing protocols point-topoint, also called unicast routing protocols. When two mobile nodes in MANET directly exchange data packets without using intermediate mobile nodes, the connection is direct. If the path between source and destination nodes requires the presence of several intermediate nodes, the connection is called a multihop. In a network with fixed architecture, routes to the various networks are predefined and maintained by fixed interconnection equipment called routers. The dynamic architecture of MANET, resulting from the movement, the emergence of mobile nodes, or the state of the physical connection, requires regular updating of routing tables located in each mobile node. To route a packet between two nodes mobile in MANET, the basic mechanism is known as flooding. Flooding is performed by successive broadcasts to all neighbors of each node. It forwards the packet to all nodes in the network. Complementary mechanisms of control can be used to avoid closures or duplication of packets. This flooding mechanism, very expensive in network resources, can be applied to very small networks. Routing protocols aim to limit the spread of packet flooding. Depending on the role played by the mobile nodes in the dissemination of messages, we can achieve a first differentiation of routing protocols: ◾◾ When all nodes have the same functionality, the protocol is referred to as uniform.

K16823_C002.indd 26

10/23/2013 11:26:04 AM

Security and Privacy for Routing Protocols  ◾  27

◾◾ If some nodes have special features in the dissemination of messages, the protocol is referred to as nonuniform. We can also distinguish the standard protocols by their mode of operation. Come in fixed architecture, both technical link-state and distance vector have a routing table at each node combines the address of the next node, the vector, the number of intermediate nodes, and the distance. Routing protocols use link-state, a database that allows them to build the network topology and knows the path to all mobile nodes in MANET. Usually a metric based on several parameters relating to connections is used to select the best route. To reduce the network load due to updated packages, some routing protocols trigger the search for a route only when it is requested. The time to obtain a route is longer. Protocols that use this operating mode are called reactive. To reduce the number of control messages required to discover routes, routing protocols that are nonuniform select some mobile nodes to create dynamic and hierarchical architectures. Thus, protocols for the selection of neighbors are that each mobile node discharges the routing function to a subset of direct neighbors. While for partitioning protocols, the network is cutting areas in which routing is performed by a single master node. Some of these protocols, called hybrid, jointly use routing link state and distance vector routing. The main routing protocols are presented according to their mode of operation in Figure 2.3.

Ad Hoc routing protocols

No uniform

Selection of neighbors

Proactive OLSR (7)

Hybrid ZRP (8)

Uniform

Partitioning

Reactive HSR (43)

Proactive CGSR (44)

State links

Reactive DSR (38,39)

Proactive GSR (42)

Distance vector

Reactive AODV (6)

Proactive WRP (41)

Figure 2.3  Classification of routing protocols in MANET.

K16823_C002.indd 27

10/23/2013 11:26:04 AM

28  ◾  Security for Multihop Wireless Networks

Since July 2003, only two routing protocols, AODV [6] and OLSR [7], are subject to an RFC. Each protocol belongs to a family of protocols and each of them has a strategy. We take a routing protocol in each routing type. For reactive protocols, proactive protocols, and hybrid protocols, we take AODV, OLSR, and zone-routing protocol (ZRP), respectively.

2.4.1  Ad Hoc On Demand Distance Vector AODV [6] is a reactive protocol, uniform, and oriented destination. The route chosen is bidirectional and is the shortest path (in number of nodes) between the source and destination. Each node maintains a routing table that stores the entries for a destination: ◾◾ The identifier of the destination ◾◾ The identifier of the next node to the destination ◾◾ The number of nodes to the destination When a source node “S” has data to send to the destination node “D”, but does not have the entire path to the destination, it should initiate a Route “REQuest” (RREQ). This packet is flooded through the network. Each node receiving an “RREQ,” is then forwarded to its neighbors, if it has not already done so at least once, or if it is not the destination node of the message, and under the condition that counter time to live (TTL) is not zero. The package “RREQ” includes the identifier of the source (SrcID), the identifier of the destination (DESTID), sequence number of the source (SrcSeqNum), sequence number of the destination (DesSeqNum), identification of broadcast (BcastID), and TTL. The “DesSeqNum” indicates the freshness of the road accepted by the source. When a node receives an RREQ packet, and if the recipient is or knows a valid path to the destination, it sends the message source REPly Route response (RREP). Otherwise, it rebroadcasts the RREQ to its neighbors. The intermediate node is able to determine if a path is valid or not by comparing its own sequence number with the DesSeqNum in the RREQ. An intermediate node is able to know if the RREQ is already covered or not by comparing the BcastID to SrcID. During the broadcast of RREQ, each intermediate node injects the node address and the preceding BcastID. A timer is used to delete the entry in the case where an RREP packet is not received before the expiration date. When receiving a packet RREP, an intermediate node also stores information about the node from which the packet is received. This node is the next hop in the data transmission to the destination node that initiated the RREP.

2.4.2  OLSR Protocol OLSR protocol [7] is a proactive protocol based on the regular exchange of information on the network topology. The algorithm is optimized by reducing the size

K16823_C002.indd 28

10/23/2013 11:26:04 AM

Security and Privacy for Routing Protocols  ◾  29

and number of messages exchanged: only particular nodes, the MPR broadcast control messages to the entire network. All nodes periodically send HELLO messages to their neighbors (HELLO_ INTERVAL timer) on each node. OLSR uses a single message format, transported by user datagram protocol (UDP). The header specifies whether the message should be sent only in the immediate vicinity or to the entire network. Each node stores the description of its neighborhood: two-hop neighbors interface, MPR and MS. This description is updated each receiving a HELLO message, and old information is erased. OLSR routing is based on the routing of messages by the nodes that have a symmetric neighborhood. A link can participate in a way that it is symmetrical. Routing to remote stations over a hop (1 + N hops) is due to the MPR, which periodically broadcast messages topology control (TC). A sequence number can eliminate duplicates. These messages are used to maintain a table in each station topology. The routing table is built and updated from the information contained in the interface table and the table adjacent to the topology uses a shortest path algorithm. The metric considered is the number of hops.

2.4.3  Zone Routing Protocol Routing protocols hybrids are the result of a combination of the advantages of the two previous families, which offers a good compromise between road and persistence of network overload. In general, hybrid proposals exploit the network hierarchy using reactive and proactive protocols and are then integrated at various levels of the hierarchy. The ZRP routing protocol [8] uses two approaches proactive (IARP) for routing in the same area (Inter area routing protocol) and reactive (IERP) between areas (inter area routing protocol). The IARP maintains information on the status of link nodes at a distance d. In the case where the source node and destination are in the same area, the road is then immediately available. Most existing proactive protocols could be used as IARP in ZRP. In the next section, we present vulnerabilities and protection tools of MANETs. We study in particular the vulnerability of the AODV routing protocol.

2.5  Vulnerabilities and Protection Tools of MANETs MANETs are vulnerable to the same attacks as other types of networks and they are easier to implement because in an ad hoc network, we cannot control access to the transmission medium, or define the limits of network. The ad hoc routing protocols designed with a lack of security controls, which increases the risk of attacks that can be orchestrated by external or internal nodes, take into account the position of the attacking node to the MANET.

K16823_C002.indd 29

10/23/2013 11:26:04 AM

30  ◾  Security for Multihop Wireless Networks

◾◾ The external attackers are nodes that are not part of the network. In this case, the implementation of cryptographic mechanisms can solve the problem: only nodes with the necessary permissions can access the network or decrypt the content. ◾◾ The internal attackers are nodes that are a legitimate part of the network. These nodes have the authorizations and cryptographic material necessary to belong to the network and other nodes make them a priori confidence. For any position (internal or external), the node attacker uses several techniques to disrupt the functioning of the protocol. The combination of these techniques may result in a more sophisticated attack. These techniques known as elementals are presented below: ◾◾ Replay of messages: Node attacker records a sequence of traffic it injects later in the MANET. ◾◾ Changing messages: Node attacker modifies one or more fields of the message before forwarding. ◾◾ Deleting messages: Node attacker deletes messages. ◾◾ Manufacture of messages: Node attacker produces a message and is injected into the MANET. As we have seen, routing protocols operate in two distinct phases: a phase of discovered network topology in which control information about network topology knowledge are exchanged, then a phase retransmission of data messages in which the data are sent from a source to a destination. Unlike wired networks, where routing operations are usually performed by physical equipment interconnection and managed by a dedicated administration legitimate, in MANET, these operations are entirely the responsibility of the nodes that compose them. This operating characteristic raises many security concerns. In the remainder of this section, we present the vulnerability of the routing protocol AODV.

2.5.1  Vulnerability of AODV In [9,10] the authors propose two approaches to analyze attacks against the AODV routing protocol, called respectively anomalous basic events and atomic misuse. The first approach classifies attacks against AODV into two categories: (1) atomic, resulting from manipulation of a single message routing, and (2) composed, defined as a collection of atomic actions. The second approach classifies attacks into a series of elementary events. Each set can contain one or more operations performed in order as follows: (1) receiving a packet, (2) changing packet fields, and (3) the retransmission of the packet is one set of three operations. Table 2.1 provides a list of attacks against the AODV routing protocol.

K16823_C002.indd 30

10/23/2013 11:26:05 AM

K16823_C002.indd 31

x

x

Man-in-the-middle X attack [15] Rushing attack [16]

Resource X consumption [17] Routing table overflow [18] Location X disclosure [19] x

Nodes in the direct vicinity of the opponent Nodes forming the path to a destination

Overflow of routing table Discover the location of mobile nodes

Nodes in the direct Attract traffic vicinity of the opponent All nodes Weakening battery

Create of multiple identities Use impersonation

x

Nodes specific Nodes specific

x

Result

Nodes in the direct Not participate in vicinity of the opponent routing Nodes specific Creating a tunnel and disrupt routing Subset of nodes Creating a tunnel close to the hole and disrupt routing Subset of node Division of routing

Target

X

x

Availability

Source: Adapted from M.A. Ferrag, M. Nafa and S. Ghanmi. A new security mechanism for ad-hoc on-demand distance vector in mobile ad hoc social networks, 7th Workshop on Wireless and Mobile Ad-Hoc Networks (WMAN 2013) in conjunction with the Conference on Networked Systems NetSys/KIVS, Stuttgart, Germany, Mar. 11–15, 2013.

x

x

X

x

x

x

Integrity

Blackhole attack [13] Wormhole attack [20] Routing table poisoning [12] Sybil attack [14]

Authentication X

Confidentiality

Detour attack [11]

Attacks

Influence on the Security Property

Table 2.1  Attacks against the AODV Routing Protocol and Their Influence on the Security Property

Security and Privacy for Routing Protocols  ◾  31

10/23/2013 11:26:05 AM

32  ◾  Security for Multihop Wireless Networks

A

F

E

B

C

G

H

D

Figure 2.4  An example of a MANET containing mobile nodes attackers using AODV.

We present in Figure 2.4, a MANET containing nodes attackers using AODV as routing protocol, and we create different attacks as follows:

2.5.1.1  Detour Attack ◾◾ “A” = source, “D” = destination ◾◾ “A” sends the packet “RREQ” to request the road ◾◾ “B” makes the roads no longer pass through it

2.5.1.2  Routing Table Poisoning ◾◾ “A” = source, “D” = destination ◾◾ “F” and “E” send packets back to “A” for say that the optimal path is “A, F, E, D” ◾◾ The injection of false routing messages causes no-optimal network congestion, or a division of the network.

2.5.1.3  Sybil Attack ◾◾ “A” = source, “E” = destination ◾◾ “B” takes the identity of “C” ◾◾ The attacker has many identities and behaves as if it were a set of nodes.

2.5.1.4  Man-in-the-Middle Attack ◾◾ ◾◾ ◾◾ ◾◾

K16823_C002.indd 32

“A” = source, E” = destination “B” takes the identity of the “E” “B” takes the identity of “A” The attacker impersonates the destination toward the source and the source toward the destination without any of them realizing that he is being attacked.

10/23/2013 11:26:05 AM

Security and Privacy for Routing Protocols  ◾  33

2.5.1.5  Rushing Attack ◾◾ “A” = source, “E” = destination ◾◾ “F” forwards messages faster ◾◾ The attacker relays messages faster for the road that passes by it is taken.

2.5.1.6  Resource Consumption ◾◾ “A” = source, “E” = destination ◾◾ “B” modifies packets for messages passing through it.

2.5.1.7  Routing Table Overflow ◾◾ “A” = source, “E” = destination ◾◾ “F” beyond the routing table of the target.

2.5.1.8  Location Disclosure ◾◾ “A” = source, “E” = destination ◾◾ “B” tend to obtain the identity of the nodes forming the path to “E”.

2.5.1.9  Worm-/BlackHole Attack ◾◾ “A” = source, “E” = destination ◾◾ “F” create a false link between “A” and “E” ◾◾ Transmission of erroneous information, this leads to disruption of routing and loss of connectivity. After seeing the creation of the attacks against the AODV routing protocol, we present different security mechanisms for routing protocol AODV.

2.5.2  Security Mechanisms for Routing Protocol AODV Many solutions have been proposed to secure ad hoc routing protocols. We classify these solutions into two categories (Figure 2.5): 1. Proactive security systems, in the sense that mechanisms are established in advance to ensure the safety enhancing system resilience to attacks with solutions based on cryptography and cons-measurement at the physical layer. 2. Reactive security systems that react according to the behavior of the neighborhood and is divided into reputation management solutions and trust and directional antennas.

K16823_C002.indd 33

10/23/2013 11:26:05 AM

34  ◾  Security for Multihop Wireless Networks

Security solutions

Proactive

Based in cryptography

Conmeasurement at the physical

Reactive

Repution management

Directional antennas

Based in cryptography

Figure 2.5  The mechanism for secure ad hoc routing protocols.

2.5.2.1  Solutions Based on Cryptography Solutions based on cryptography are often used against external attackers. Some approaches are based on cryptographic hashes strings for authentication. This is the case of “SEAD” [21], a proactive routing protocol based on DSDV that protects against attacks by changing the sequence number and the number of hops in the update messages. The same authors also propose an extension to DSR called “ARIADNE” [22]. This solution provides an authentication pointto-point routing messages using the hash function secret key (hash-based message authentication code [HMAC]). However, to ensure secure authentication, ARIADNE is based on TESLA [23], a protocol to ensure secure authentication during broadcasts. In [24] proposes a message-based secure OLSR (M-SOLSR), which uses the signature to ensure that the message comes from a trusted node and, thus, ensures the authentication of the source. With ARAN [25], the authors not only authenticate nodes from end to end; they offer a nonrepudiation service using pre-established certificates distributed by a trusted server. The extension SAODV [ZA02] combines the use of chain hashes and signatures to ensure source authentication and integrity of messages. These security mechanisms based on cryptographic methods are used to secure the transfer of data so that only the relevant nodes can recover original data. A message is transformed to be incomprehensible to unauthorized persons and to prevent any changes. The proper recipient can retrieve the data clearly and is assured that the message has not been altered. The changes in question are based on mathematical functions known as cryptographic algorithms. We distinguish two types of cryptographic algorithms: reversible ones using the same key (symmetric) and those using two different keys (asymmetric).

K16823_C002.indd 34

10/23/2013 11:26:06 AM

Security and Privacy for Routing Protocols  ◾  35

2.5.2.1.1  Symmetric Cryptography A mechanism of the symmetric encryption secret key allows entities (generally two) to perform encryption/decryption using a single key. In this sense, anyone can encrypt messages and so whoever is aware of the secret key can decipher. This encryption mode behaves like a closed box with a lock where entities wishing to communicate must have each a key allowing them to open and close the box. In Figure 2.6a, the node A wants to send a message to B. So it encrypts the message with the key k. Upon receiving the message, B decrypts the message using the same key k. It is important to note that there is an initial phase where two nodes agree on the secret key that will be used. Among the symmetric encryption, algorithms are the best known “Data Encryption Standard (DES)” [27].

2.5.2.1.2  Asymmetric Cryptography A mechanism of asymmetric encryption is a function of two encryption keys: a public key that is provided to all those wishing to send a confidential message to

(a)

Encryption

Message

(b)

Decrypt

Encrypted message with “K”

Message

A

B

K

K

Encryption

Decrypt

Message

Message

Encrypted message with Kpub (B)

A

B

Kpub (B)

Kpriv (B)

Figure 2.6  (a) Symmetric encryption, and (b) Asymmetric encryption.

K16823_C002.indd 35

10/23/2013 11:26:06 AM

36  ◾  Security for Multihop Wireless Networks

one entity and a private key used to decrypt messages intended for it. These two keys are related in such a way that only the private key can decrypt a message encrypted by the corresponding public key. In Figure 2.6.b, the node A wants to send the message to B. It then retrieves the public key of the destination Kpub (B) and encrypts the message. The encrypted message is sent over the communication channel. Destination B decrypts the received message using his secret key Kpriv (B) to obtain the plaintext message sent by A. A public key algorithm is the most popular “RSA” [28] named after its developers, Rivest, Shamir, and Adleman.

2.5.2.1.3  Cryptographic Hash Functions To ensure the integrity of messages, a cryptographic hash function can be used. This is a nonreversible function with the following properties: ◾◾ Unique and fixed size. ◾◾ It is impossible to recover the original message from the digest. ◾◾ Knowing a given message and imprint using a hash function, it is very difficult to generate another message that gives the same impression. ◾◾ It is impossible to find two messages producing the same hash.

2.5.2.1.4  Message Authentication Code The algorithm message authentication code (MAC) is a special case of hash function. As a hash function, the MAC algorithm produces a digest of fixed size (called message authentication code–MAC). But unlike the latter, it uses a secret key in addition. MAC can be used to simultaneously verify the data integrity like any other hash function and the authenticity of the source data. In practice, a calculation method-based MAC hash function that is more sophisticated and safer is used: it is the HMAC [29] has been the subject of the RFC 2104.

2.5.2.2  Systems Reputation Management The proposed solutions are based on reputation systems. In [30] the authors define the reputation as the perception that another node has about its intentions, given a set of old shares and can be combined with other items view. Thus, a node’s behavior cannot decide on its reputation, but can influence its own reputation. A numerical value is associated with the reputation of a node whose calculation is different from a solution to another, but that is mainly based on neighborhood watch and the first-hand information and/or second hand information obtained.

K16823_C002.indd 36

10/23/2013 11:26:06 AM

Security and Privacy for Routing Protocols  ◾  37

One of the first works [31] proposed to use a watchdog and a miss path to ­ itigate the consequences of dishonest behavior. While the former is used to monim tor the neighborhood and detect nontransmission of a packet from a neighbor, the second allows the reputation management and routing evaluating each path used which avoids those with nodes attackers. Trusted AODV (TAODV) [32] is AODV extended by adding a model of reputation management, a specific routing protocol for reputation information management system and key. Confidant [33] (Cooperation of Nodes Fairness in Dynamic Ad Hoc Networks) proposes to combine the use of positive and negative assessments. Thus, each node monitors the behavior of its neighbors while keeping track of estimate (positive or negative) reputation as well as the views of neighbors. These estimates are then combined to give a level of confidence in node directions through which the packet will be routed.

2.5.2.3  Directional Antennas Nodes equipped with directional antennas using sectors (8 in numbers, namely N, S, E, W, NE, NW, SE, and SW) to communicate between them. A node that receives a message from one of its neighbors gets a rough (N, S, E, W) on its position. It knows the relative orientation with respect to its neighbor. These additional bits of information (angle of arrival of the signal) are exploited in some way to facilitate the detection/discovery of wormhole. In [34] the authors propose a method for checking the neighborhood using directional antennas. Neighboring nodes examine the direction of the received signal for each of the other nodes and share a witness. The neighbor relation is only confirmed when the directions of all the pairs match.

2.5.2.4  Counter Measurement at the Physical Layer The first work deals with the wormhole attack based on a hardware and signal processing technique. It is suggested that it may be a secret method of modulating radio signal bits. Only authorized nodes can demodulate the signal. Vulnerability of this method is that it is not kept in a safe space. This can lead to unauthorized adversaries to compromise legitimate nodes in the network to obtain the necessary access or opponents authorized to disclose their knowledge of the method. (It may be considered complementary mechanisms security code modulation/demodulation such as obfuscation, or the starch environment resistant to weathering). In terms of safety, this method only allows a defense against wormhole attacks led by outside node attackers (unauthorized) to the network, that is to say, nodes that do not have key cryptography. There is also the question of establishing/negotiating the secret method between nodes in the network legitimately [26].

K16823_C002.indd 37

10/23/2013 11:26:06 AM

38  ◾  Security for Multihop Wireless Networks

2.6  Future Research Directions The routing function is paramount in ad hoc networks. It is therefore a first requirement to protect against tampering, deliberate or not. However, this chapter considers leaving open a number of additional studies in the following directions: ◾◾ Test the detection system in a real environment. It would be interesting to see the behavior of the proposed system in a real environment. ◾◾ Propose monitoring mechanisms. It would be interesting to set up mechanisms to monitor the implementation of routing protocols to compare the messages exchanged between the nodes in ad hoc networks. ◾◾ Add control messages. It seems interesting to use other types of control messages to detect attacks in ad hoc network. ◾◾ Studying unknown attacks. It would be interesting to propose methods for detecting unknown attacks that will appear in the future based on machine learning methods of nodes. ◾◾ The integration of routing mechanisms in the physical layer and application. In ad hoc networks, routing mechanisms to lime in the network layer, we believe it is worth sharing mechanisms in the physical layer and application. ◾◾ The integration of social networks in ad hoc. With the growing trend of social networking, we think of inventing a special routing protocol for use in the ad hoc network.

2.7  Conclusions In this chapter, we presented the problem of security for routing protocols in MANET, especially AODV. In the first part, we presented the MANETs, their characteristics, application domains, and the 802.11 MAC used in these networks. We addressed the security needs. In Section 2.4, we presented the basic concept of ad hoc routing protocols including examples of protocols and security threats they face. We chose AODV routing protocol and described the different classifications of vulnerabilities and attacks against AODV in MANETs. We mentioned the main lines of security AODV in mobile ad hoc. Then, we studied different approaches to security environment dedicated to AODV in MANETs.

References 1. IEEE Institute of Electrical and Electronics Engineers. http://standards.ieee.org/getieee802/802.11.html (Last accessed: April 2, 2013).

K16823_C002.indd 38

10/23/2013 11:26:06 AM

Security and Privacy for Routing Protocols  ◾  39 2. Matthew S.GAST. 802.11 Wireless Networks—The definitive Guide, O’REILLY, 2002. 3. IP Encapsulating Security Payload (ESP), RFC2406, 1998. 4. Security Architecture for the Internet Protocol, RFC2401, 1998. 5. Chokhani, W. Ford, Internet X.509 public key infrastructure certificate policy and certification practices framework, RFC3647, 2003. 6. C. Perkins, E. Belding-Royer, and S. Das. Ad hoc on-demand distance vector (AODV) routing. http://tools.ietf.org/html/rfc356, July 2003. (Last accessed: April 2, 2013). 7. T. Clausen, P Jacquet. Optimized link state routing protocol. http://tools.ietf.org/ html/draft-ietf-manet-olsr-11, IETF RFC 3626 2003. (Last accessed: April 2, 2013). 8. Z.J Haas, and M.R Pearlman. The Zone Routing Protocol: A Hybrid Framework for Routing in Ad Hoc Networks, in Ad Hoc Networks, edited by C.E. Perkins, Addison Wesley, 2000. 9. P. Ning and K. Sun. How to misuse AODV: a case study of insider attacks against mobile ad-hoc routing protocols. In Proc. IEEE Systems, Man and Cybernetics Society, Information Assurance Workshop (IAW’03), pages 60–67. IEEE, June 2003. 10. Y. Huang and W. Lee. Attack analysis and detection for Ad Hoc routing protocols. In Proc. of 7th International Symposium on Recent Advances in Intrusion Detection RAID, volume 3224, pages 125–145. Springer, September 2004. 11. L. Guang, C. Assi, and A. Benslimane. Interlayer attacks in mobile Ad hoc networks. In Proc. of the Second International Conference on Mobile ad-hoc and sensor networks (MSN 2006), pages 436–448. Springer, December 2006. 12. T. Condie, V. Kacholia, S. Sankararaman, J. Hellerstein, and P. Maniatis. Induced churn as shelter from routing-table poisoning. In Proc. of the 13th Annual Network and Distributed System Security Symposium (NDSS’06), 2006. 13. H. Deng, W. Li, and D.P. Agrawal. Routing security in wireless ad hoc networks. IEEE Communications Magazine, 40(10): 70–75, 2002. 14. J. Douceur. The Sybil attack. Peer-to-Peer Systems, 1: 251–260, 2002. 15. C.Y. Tseng, P. Balasubramanyam, C. Ko, R. Limprasittiporn, J. Rowe, and K. Levitt. A specification-based intrusion detection system for AODV. In Proc. 1st ACM workshop on Security of ad hoc and sensor networks (SASN’03), pages 125–134. ACM, October 2003. 16. Y.C. Hu, A. Perrig, and D.B. Johnson. Rushing attacks and defense in wireless ad hoc network routing protocols. In Proc. of the 2nd ACM workshop on Wireless security, page 40. ACM, 2003. 17. I. Stamouli, P.G. Argyroudis, and H. Tewari. Real-time intrusion detection for ad hoc networks. In Proc. Of the Sixth IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks (WoWMoM’05), pages 374–380. IEEE Computer Society, 2005. 18. S. Gupte and M. Singhal. Secure routing in mobile wireless ad hoc networks. Ad Hoc Networks, 1(1): 151–174, 2003. 19. G. Vigna, S. Gwalani, K. Srinivasan, EM Belding-Royer, and RA Kemmerer. An intrusion detection tool for AODV-based ad hoc wireless networks. In Proc. of the 20th Annual Computer Security Applications Conference (ACSAC’04), pages 16–27. IEEE Computer Society, 2004. 20. Y.C. Hu, A. Perrig, and DB Johnson. Wormhole attacks in wireless networks. IEEE Journal on Selected Areas in Communications, 24(2): 370–380, 2006.

K16823_C002.indd 39

10/23/2013 11:26:06 AM

40  ◾  Security for Multihop Wireless Networks 21. Y.C. Hu, D.B. Johnson, and A. Perrig. SEAD : Secure efficient distance vector routing for mobile wireless ad hoc networks. Ad Hoc Networks, 1(1): 175–192, 2003. 22. Y.C. Hu, A. Perrig, and D.B. Johnson. Ariadne: A secure on-demand routing protocol for ad hoc networks. Wireless Networks (WiNet), 11: 21–38, 2005. 23. A. Perrig, R. Canetti, JD Tygar, and D. Song. The TESLA broadcast authentication protocol. RSA CryptoBytes, 5(2): 2–13, 2002. 24. C. Adjih, T. Clausen, P. Jacquet, A. Laouiti, P. Muhlethaler, and D. Raffo. Securing the OLSR protocol. In Proc. of Med-Hoc-Net, pages 25–27, 2003. 25. K. Sanzgiri, B. Dahill, B.N. Levine, C. Shields, and E.M. Belding-Royer. A secure routing protocol for ad hoc networks. In Proc. 10th IEEE International Conference on Network Protocols (ICNP’02), pages 78–89, November 2002. 26. M.G. Zapata and N. Asokan. Securing ad hoc routing protocols. In Proc. 1st ACM workshop on Wireless security (WiSE’02), pages 1–10. ACM, September 2002. 27. A. Kahate. Cryptography and Network Security. Tata McGraw-Hill, 2 edition, 2003. 28. R.L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2): 126, 1978. 29. H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing for Message Authentication. http://www.ietf.org/rfc/rfc2104.txt, February 1997. Internet Draft. 30. L. Mui, M. Mohtashemi, and A. Halberstadt. A computational model of trust and reputation. In Proc. of the 35th Annual Hawaii International Conference on System Sciences (HICSS), pages 2431–2439, 2002. 31. S. Marti, TJ Giuli, K. Lai, and M. Baker. Mitigating routing misbehavior in mobile ad hoc networks. In Proc. 6th Annual International Conference on Mobile Computing and Networking (MobiCom’00), pages 255–265. ACM, August 2000. 32. X. Li, MR Lyu, and J. Liu. A trust model based routing protocol for secure ad-hoc networks. In Proc. Aerospace Conference, (AC’04), volume 2, pages 1286–1295. IEEE, December 2004. 33. S. Buchegger and J.Y. Le Boudee. Self-policing mobile ad hoc networks by reputation systems. IEEE Communications Magazine, 43(7): 101–107, 2005. 34. L. Hu and D. Evans, Using directional antennas to prevent wormhole attacks, Proc. Network and Distrib. Sys. Sec. Symp., San Diego, CA, Feb. 2004. 35. Nabil Ali Alrajeh et al, Secure routing protocol using cross-layer design and energy harvesting in wireless sensor networks. International Journal of Distributed Sensor Networks 2013. 36. M.A. Ferrag, M. Nafa and S. Ghanmi. A New Security Mechanism for Ad-hoc On-demand Distance Vector in Mobile Ad Hoc Social Networks, 7th Workshop on Wireless and Mobile Ad-Hoc Networks (WMAN 2013) in conjunction with the Conference on Networked Systems NetSys/KIVS, Stuttgart, Germany, Mar. 11–15, 2013. 37. M.A. Ferrag. Study of Attacks in Ad Hoc Networks. LAP LAMBERT Academic Publishing. November 3, 2012. 38. D.B. Johnson and D.A. Maltz. Dynamic source routing in ad hoc wireless networks. In Thomasz Imielinski and Hank Korth, editors, Mobile Computing, volume 353, Chapter 5, 153–181. Kluwer Academic Publishers, 1996. 39. D. Johnson, Y. Hu, and D. Maltz. The Dynamic Source Routing Protocol (DSR) for Mobile Ad Hoc Networks for IPv4.,2007. RFC4728. 40. C.E. Perkins and P. Bhagwat. Highly dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for mobile computers. In Proc. of the Conference on Communications Architectures, Protocols and Applications (SIGCOMM’94), 244–254. ACM, 1994.

K16823_C002.indd 40

10/23/2013 11:26:07 AM

Security and Privacy for Routing Protocols  ◾  41 41. S. Murthy and J.J. Garcia-Luna-Aceves, An efficient routing protocol for wireless networks. ACM Mobile Networks and App. J., Special Issue on Routing in Mobile Communication Networks, pp. 183–97, 1996. 42. Tsu-Wei Chen and Mario Gerla. Global state routing: A new routing scheme for Ad-hoc wireless networks, Proc. IEEE ICC’98, 5 pages. 43. A. Iwata, C.-C. Chiang, G. Pei, M. Gerla, and T.-W. Chen. Scalable routing strategies for ad hoc wireless networks. IEEE Journal on Selected Areas in Communications, Special Issue on Ad-Hoc Networks, 1369–79, 1999. 44. C.-C. Chiang. Routing in clustered multihop, mobile wireless networks with fading channel. Proc. IEEE SICON’97, Apr.1997, pp.197–211.

K16823_C002.indd 41

10/23/2013 11:26:07 AM

Suggest Documents

Chapter 2 Internet Protocols

Chapter 2 Internet Protocols
Read more
2 - Informatica Security & Privacy

2 - Informatica Security & Privacy
Read more
Routing Protocols and Quality of Services for Security ...

Routing Protocols and Quality of Services for Security ...
Read more
Composing security protocols: from confidentiality to privacy

Composing security protocols: from confidentiality to privacy
Read more
Review of Routing Protocols Routing Protocols ...

Review of Routing Protocols Routing Protocols ...
Read more
Routing Protocols and Concepts

Routing Protocols and Concepts
Read more
Chapter 2 - Metagenomic Protocols and Strategies

Chapter 2 - Metagenomic Protocols and Strategies
Read more
Chapter 3 Routing Protocols for Ad Hoc Wireless Networks

Chapter 3 Routing Protocols for Ad Hoc Wireless Networks
Read more
Security Issues in Link State Routing Protocols for MANETs - CiteSeerX

Security Issues in Link State Routing Protocols for MANETs - CiteSeerX
Read more
Towards Provable Security for Ad Hoc Routing Protocols - BME-HIT

Towards Provable Security for Ad Hoc Routing Protocols - BME-HIT
Read more
CCNA Exploration: Routing Protocols and Concepts Chapter 3 Case ...

CCNA Exploration: Routing Protocols and Concepts Chapter 3 Case ...
Read more
routing protocols for optical networks

routing protocols for optical networks
Read more
geographic routing protocols for underwater

geographic routing protocols for underwater
Read more
Modeling and verification of privacy enhancing security protocols

Modeling and verification of privacy enhancing security protocols
Read more
Security Protocols with Privacy and Anonymity of Users - Horizon ...

Security Protocols with Privacy and Anonymity of Users - Horizon ...
Read more
Security Protocols and Privacy Issues into 6LoWPAN ... - IEEE Xplore

Security Protocols and Privacy Issues into 6LoWPAN ... - IEEE Xplore
Read more
A Novel Review on Security and Routing Protocols in MANET

A Novel Review on Security and Routing Protocols in MANET
Read more
Routing Protocols and Concepts - yimg.com

Routing Protocols and Concepts - yimg.com
Read more
Review of Routing Protocols Routing Protocols ... - Google Sites

Review of Routing Protocols Routing Protocols ... - Google Sites
Read more
IP Routing Protocols Commands

IP Routing Protocols Commands
Read more
CCNA Exploration 2 – Routing Protocols and Concepts v4.0 ...

CCNA Exploration 2 – Routing Protocols and Concepts v4.0 ...
Read more
Cryptography and Network Security Chapter 2

Cryptography and Network Security Chapter 2
Read more
Security issues in routing protocols in MANETs at ... - Science Direct

Security issues in routing protocols in MANETs at ... - Science Direct
Read more
Security Analysis of Routing Protocols in Wireless ... - Semantic Scholar

Security Analysis of Routing Protocols in Wireless ... - Semantic Scholar
Read more