)(Routing Security in Ad-hoc Networks

:

:

:

1384/7/30

)(Routing Security in Ad-hoc Networks
:

:

:

1384/7/30

:
.
.
.


.
.
. SEAD Ariadne SRP SAODV ARAN
.
.


1.

.....................................................................................................................

2.

................................................................................................

3.

..........................................................................

4.

...................................................................................
FLOODING .......................................................
................................................................................................. DSR
.............................................................................................. AODV
.............................................................................................

4.1.
4.2.
4.3.
4.4.

..........................................................

5.

..........................................................................MODIFICATION
5.1.
..........................................................
5.1.1.
............................................................ hop
5.1.2.
...................................................
5.1.3.
........................................................................ IMPERSONATION
5.2.
..............................................................................................
5.3.
....................................................................................................
5.4.
6.

..............................................................................

7.

.................................................
7.1.
7.1.1.
7.1.2.
7.1.3.
7.1.4.
7.1.5.
7.1.6.
7.2.
7.3.
7.4.

.7,5
7.6.

.7,6,1
.7,6,2

................................................................................................ARAN
..........................................................................................
...................................................................
...............................................................
........................................................................................
.................................................................
..........................................................................................
.............................................................................................ARIADNE
..............................................................................................SAODV
................................................................................................... SRP
................................................................................................ SEAD
.............................................................................................. SPAAR
..............................................................................................
........................................................................................

-5-

.7,6,3

...........................................................................................

............................................................................

8.

...............................................................................................
.................................................................................................. EKE
.................................................................................. DIFFIE HELLMAN

8.1.
8.2.
8.3.
9.

................................................................

10.

.........................................................................

10.1.
10.2.

...........................................................................................
....................................................................................................

11.

...........................................................................................................

.12

...................................................................................................................

-6-

 .1
1
. .
laptop

.
.
.

. .

.
.

.2
host .
)( .
2 3
.
.
1 .
. .
.
.
.
.

Ad-hoc Networks
Base Station
3
Router
2

-7-

 .1

.
.
.
.
laptop
.

.3


.
.
.
.
.
.
:

...

-8-

 .
.
.

.4
.
1 2 hub .
host .
.
.
.

.4,1

Flooding

flooding
. .
3 .
4
.
.
flooding .

.

.
. flooding .
.
flooding .
.

.

Switch
Router
3
Packet
4
Sequence number
2

-9-

.4,2

DSR

] [3 DSR Dynamic Source Routing 1RREQ

flooding .
RREQ
Broadcast .
. 2RREP
3 RREQ .
. .

[3]. .
. .

.
.
4
RERR
. RERR
. .

.4,3

AODV

] [3 AODV Advanced On-demand Distance Vector

. RREQ
. RREP .
RREQ Broadcast . RREP RREQ
.
RREQ .
RREQ RREP .

.4,4

.
LAR1 DREAM2 .
1

Rout request
Rout Reply
3
Header
4
Rout Error
2

-10-


.
.

.5
.
.
.
.
.

. .
MAC .
4
3

.[1] 5

. .

.5,1

Modification

. .
modification ].[1

.5,1,1

AODV
RREQ . 2
. M RREQ B .

Location-Aided Routing
Distance Routing Effect Algorithm for Mobility
3
Modification
4
Impersonation
5
Fabrication
2

-11-

.2

RREQ S X . M RREP
RREQ .
RREP B .
RREP RREQ RREP M
B.

.5,1,2

hop

AODV
. hop .
RREQ hop .
hop count .
hop count RREQ .
].[1

.5,1,3

DSR
.
. .

.5,2

Impersonation

.
IP MAC .
. ].[1

-12-

B
M

.3

3 .
AODV . M B MAC A
RREP hop count B B A .
M C MAC B RREP hop
count C . C B .
) (A,D,C,B,A .
.
1 2 .

.
.
.
.

.5,3

.
.
. .
. hop
hop
. hop hop .
.
1

Routing-disruption attack
Routing-consumption attack
3
Worm Hole Attack
2

-13-

 1] .[11 Yih-
Chun Hu Adrian Perrig ] .[2 :

:2
] .[11

hop .
hop
. .

:3 ] .[11

.

.5,4

.
on-demand ) ( .
on-demand
. flooding
.
SRP ARAN SAODV Ariadne LAR AODV DSR
.
].[4

.

.
.


. .
] .[4
. CDMA5
.
1

Packet Leashes
Temporal Leashes
3
Geographical Leashes
4
Rushing Attack
5
Carrier Sense Multiple Access
2

-14-


.
.

.

.
.
.
.
hop .
.
.


.
on-demand .
.
.

.6

. .
] .[1
:
.
.
.
.
.
1 .
.
2

.
... .
Open Environment
Managed Open Environment

-15-

1
2

 1
.

. .

.7
.
DSR AODV
.

.7,1

ARAN2

Kimaya Sanzgiri 2002 ] .[1

3 . ARAN
.
802.11 hop .
ARAN
.
. ARAN
unicast
hop )
() . ] [1 (.

.7,1,1

ARAN T
. T
. T
. T .
.
. A T
:

Managed Hostile Environment

Authenticated Routing for Ad hoc Networks
3
Certificate
2

-16-

T A : certA = [IPA,KA+,t,e]KT)(1
: IP A A t
e . .
T .
.
.

:1

.7,1,2

. .
A 2 X :

)(2

A  brdcast : [RDP,IPX, certA, NA,t]KA-

RDP : )" ("RDP IP ) (IPX A

) (certA NA t A . A
.
.
clock skew .
.

. hop .
RDP RDP
.
. A
A
Authenticated Route Discovery
)Route Discovery Packet (RDP

-17-

1
2

 . ) (NA,IPA
RDP .

. spoofing
.
B RDP A .
B brdcast : [[RDP,IPX,certA,NA,t]KA-]KB-,certB

)(3

RDP C B .
C B B
. RDP .
C  brdcast : [[RDP,IPX,certA,NA,t]KA-]KC-,certC

)(4

IP .

.7,1,3

X RDP
. RDP
. RDP
RDP .

. RDP hop
hop .
RDP ) (REP .
REP X D .
)(5

X  D : [REP,IPa,certx,NA,t]KX-

REP : )" ("REP IP (IPa) A

(certx) X .A REP
RDP .
REP hop
. hop D C.

Authenticated Route Setup

-18-

D  C : [[REP,IPa,certx,NA,t]KX-]KD-,certD

)(6

C D
REP B .
C  B : [[REP,IPa,certx,NA,t]KX-]KC-,certC

)(7

REP hop .

X . REP
.

.7,1,4

ARAN on-demand .
.
. ) (ERR
.
.
. A X B C
:
B  C : [ERR,IPA,IPX,certb,Nb,t]KB-

)(8

.
.
.
.

.
.

.7,1,5

. ARAN

Route Maintenance

-19-

 .
. ARAN
1 .

.7,1,6

.
2
.
T
. certr :
T  brdcast : [revoke, certr]KT-

)(9

.
.
.
.
.

.
4 .

.4

S D .
:

Local decision
Managed-open environment

-20-

1
2

 (M)K-X M X .
CertX X t . RREQ
RREP .
AODV .
AODV RERR
. ARAN .
B C .
>B A : <(ROUTE ERROR, S, D, certB , N, t )KB
>A S : <(ROUTE ERROR, S, D, certB , N, t ) KB

RERR .
B .
.
.

].[11

.7,2

Ariadne

ARAN DSR ] .[2

.
1 . 2 hash
.
.
4 . Ariadne :

)Message Authentication Code (MAC

hash

-21-

1
2


. RREQ
. ID hash
hash .
) TIK (
] .[11
.

.7,3

SAODV1

ARAN AODV .
hash . ) .hn-1=H(hn hop count
hop . hop count Max
Count . hop count
hash . .
.

Secure AODV

-22-

 ) hn-1=H(hn
. N hop .

.7,4

SRP1

.
2 ] .[10 SA
.
.
KS,T .
.
.
3

.
.
. 4
5 Byzantine
. .

.

.

.
1

Secure Routing Protocol

)Security Association (SA
3
end hosts
4
non-volatile
5
adversarial
2

-23-


RTS/CTS
. IP
.
.
1
S
: 2 . KS,T
(MAC) 3 .
) (IP .


.

.
T MAC

S .
.
.
5 10 . S
T . M1 M2
. } {QS,T;n1,n2,..,nk QS,T
SRP T S ni , i{1,k} .
IP . n1=S, nk=T
} {RS,T;n1,n2,..,nk .
.

:5
1

Route Request
Query
3
)Message Authentication Code (MAC
2

-24-

 :1 {QS,T;S} M1
} {RS,T;S,M1,T S .
S } {S,M1,T hop
.
M1 S .
M1
KS,T .
:2 M1
1 .
.
S .
S .
S M1 S .
:3 {QS,T;S,1,M1} M1
} {QS,T;S,1,M1,5,4 T .
{RS,T;S,1,M1,5,4,T} M1 } {RS,T;S,1,M1,Y,T
Y .
S .
:4 {QS,T;S,2,3} M2
} {QS,T;S,X,3,M2 X IP )
(IP . T
} {T,M2,3,X,S S . 3
X .
:5 M1

.
.
T .
T .
. T
.
:6 M1 S
.
} {QS,T;n1,,nj . )
( ) (TTL
.
SRP
-25-

 on-demand .

.
*
:7 M1 } {QS,T;S,M IP spoof
. T
. {RS,T;S,M*,1,4,T} S .
. M1
.
ST spoof IP
.
:8 M1 spoofed IP
Mi,Mi+1,Mi+j) . (7 S
T M1 .
1 M1 spoof
. M1
IP . T M1
S . SRP :
M1
. 3 1 5
. M1
T
.
.
.
M1
M2 M2 .M2
M1 M2 } {QS,T;S,M1,Z,M2 T .
M2 .{T,M2,Z,M1,S} :
M1 S .
) ( .
S M2
spoofed IP T .
M2 T .
DSR
. .
. IP
RREQ KS,T .
.
] .[11
-26-

 .
.

RREP .
.
1
SRP INRT .
. INRT
KG
] .[10
].[11
SRP .
.
.

.7,5

SEAD2

DSDV .
.
) metric ( hop
. metric hop .

] .[2
SEAD DSDV .
3 .
SEAD DSDV
] .[11 x

} x {0,1 ) (
h0, h1, , hn .h0=x, hi=H (hi-1) .
hi-3 hi .hi=H(H(H(hi-3))) .
) (
. .
.
. SEAD
] .[11

Intermediate Node Reply Token

Secure Efficient Ad-hoc Distance vector routing protocol
3
Loop
2

-27-

.
SEAD .


] .[11 .
TESLA .
. .

.7,6

SPAAR2

SPAAR
.

hop ) ] [8 (.
SPAAR hop
. SPAAR
. GPS3
.
SPAAR
.
.
.
flooding .

.7,6,1

SPAAR : /
) (
.
/ .
T .
T .
T .
N1 N2 N2
T .
1

Replay Attack
Secure Position Aided Ad-hoc Routing Protocol
3
Global Positioning System
2

-28-

.7,6,2

SPAAR
.
.
.
" " 1 .
.7,6,2,1

: N "" . N
N N
. N N
. N
.
N X1 X1 hop
. N hop
N .
N : / " " 2
. " N 3"N
GEK_N . " N 4"N
GDK_N N .
. N
. N
N .
X1 X2 N
N .
X1 X2 "" .
"" X1 X2 .
.7,6,2,2

" "
.
1

)Table Update Sequence Number (TUSN

Neighbor Group Key pair
3
N's group encryption key
4
N's group decryption key
2

-29-

 . N
hop
.
TUSN RREP
N . " TUSN "
. RREQ
TUSN
.
TUSN

.
.
.
.

RREQ) (
.
"" .
"" N N
. " "NGK .
NGK N N
"" . N NGK N
" " .
.

.7,6,3
.7,6,3,1

)(RREQ

: N RREQ RREQ N D
D TUSN . RREQ
RREQ . RREP
.
: RREQ .
RREQ hop . RREQ
RREQ
.

-30-

 : D .
TUSN
RREQ . RREQ .
RREQ S
. TUSN
RREQ .
RREQ
. .
.7,6,3,2

)(RREP

: RREQ RREP RREQ

TUSN . RREP
RREQ RREP . RREQ
hop .
: RREP
RREP .
RREP .
RREP .
: RREP TUSN .
RREQ_SN RREQ_SN
RREQ . RREP . RREQ_SN
.
TUSN .
.7,6,3,3

.
.
.
.
RREP . hop
.
.
.7,6,3,4

-31-


. .

.
TUSN
MRL .
N " "
. D " "
N S . SPAAR
TUSN .
.
TUSN ) .(TUSN
TUSN
TUSN .

.8
) ] [12 (.

.
. .
laptop .

.
.

.
.

.8,1

IP
. IKE1 ) .
(identity based . 2
Internet Key Exchange
Revoke

-32-

1
2

 . .
cross-certification . .

.

.8,2

EKE

.
) ( .

.
. .
:

:
.

:2
.

:3
.

:4
.

EKE 1992 Bellovin Merrit .

A B P .
. :

) (1) AB: A, P(EA

)) (2) BA: P(EA(R
) (3) AB: R(challengeA, SA
) (4) BA: R(h(challengeA), challengeB, SB
)) (5) AB: R(h(challengeB
A B
. B R A
. Challenge/Response .
SA SB ) K=f(SA,SB .
f) . (

Encrypted Key Exchange

Perfect Forward Secrecy
3
Contributory Key Agreement
4
Tolerance Disruption Attempts
2

-33-

 .
.
. EKE .
.
.
. .
EKE :

) (1) AB: A, P(EA

)) (2) BA: P(EA(R, SB
) (3) AB: R(SA
)) (4) AB: K(SA, H(SA, SB
)) (5) BA: K(SB, H(SA, SB
n Mi, i=1,2,,n .
:
) (1) Mn ALL : Mn, P(E
(2) Mi Mn : Mi, P(E(Ri,Si)), i=1,,n-1
(3) Mn Mi : Ri({Sj, j=1,,n}), i=1,,n-1
(4) Mi Mn : Mi,K(Si,H(S1,S2,,Sn)), for some i
) K=f(S1,S2,,Sn
Mn
. E Mn .

.8,3

Diffie Hellman

.
:
SA

(1) A B : A, P(g ).
) (2) B A : P(gSB),K(Cb
) (3) A B : K(Ca,Cb
) (4) B A : K(Ca
K=gSASB
1 .
.
(1) Mi Mi+1 : gS1S2Si , i=1,, n-2, in sequence
(2) Mn-1 ALL : =gS1S2Sn-1 , broadcast
(3) Mi Mn : P(ci), i=1,,n-1, in parallel, where ci= i/Si and i is a
blinding factor that is randomly chosen by Mi
(4) Mn Mi : (ci)Sn , i=1,,n-1, in parallel
(5) Mi ALL : Mi,K(Mi,H(M1,M2,,Mn)), for some i, broadcast

Challenge/Response

-34-

 i blind . blind
Mn-1 .
Mn-1 .

.9

] [7
.
A B .
A B .
. . n
2 n x n
. n-1 .
i Ci xor Cx+i-1 . x
CX .
.

.10 3

.
. .
].[9

/ 4 5 .

.

6 7 .

.
1

MultiPath Routing
Signaling Link
3
Misbehavior
4
Accidental
5
Deliberate
6
Selfish
7
Malicious
2

-35-


.
.
. .
1 .

.
.
].[5
2 3 .
.
.
.
.
.

] .[9
.
.

.10,1

] .[6
.
. 4 . S
D . A C
B B C .
A B .
A B ] .[6
A . B
C A .
B .
. DSR
5 1 .
1

Reputation
Individual
3
Collusion
4
Watchdog
5
Link
2

-36-

 . A B
].[6

:2 B S
A . A A
B A
B . A
B .

:3 B C
C C .
A B
C . B
A C .

. A S B .
. A
D S . B A
A D .

.
. .
.

. B C
.
B . A C . C
. A
. .

.

.
) hop-by-hop (AODV
.
. hop

Forwarding
Ambiguous Collision
3
Receiver Collision
2

-37-

 . DSR
.

.10,2

] .[6
.
.
.
] .[6 ) ( 0/5
. 1 .
0/5
.
) (200ms 0/01 .
0/8 . .
0/05 . .
.
) (-100
.
.
.

.
2 .

.11
.

.
.
.
. .
. .
Pathrater
)Send Route Request (SRR

-38-

1
2

 .

.

-39-

 .12
1. Bridget Dahill et al, A Secure Routing Protocol for Ad Hoc Networks,
MobiCom 2002, Atlanta, Georgia, USA, September 23-28, 2002.
2. Yih-Chun Hu and Adrian Perrig, A Survey of Secure Wireless Ad Hoc Routing,
IEEE Security and Privacy 2004, Editorial Calendar, Vol. 2, No. 3, PP. 94-105,
May/June 2004.
3. Nicola Milanovic et al, Routing and Security in Mobile Ad Hoc Networks,
IEEE Computer, Vol. 37, No. 2, PP. 61-65, 2004.
4. Yih-Chun Hu, et al, Rushing Attacks and Defense in Wireless Ad Hoc Network
Routing Protocols, Proceedings of the 2003 ACM workshop on Wireless security,
San Diego, USA, PP. 30-40, 2003.
5. Po-Wah Yau and Chris J. Mitchell, Reputation Methods for Routing Security for
Mobile Ad Hoc Networks, Proceedings of SympoTIC '03 Joint IST Workshop on
Mobile Future and Symposium on Trends in Communications, Bratislava,
Slovakia, PP. 130-137, October 2003.
6. Sergio Marti et al, Mitigating Routing Misbehavior in Mobile Ad Hoc
Networks, Proceedings of the 6th annual international conference on Mobile
computing and networking, Boston, USA, PP. 255-265, 2000.
7. Souheila Bouman, Jalel Ben-Othman, Data Security in Ad hoc Networks Using
MultiPath Routing, accepted in The 2004 International Workshop on Mobile Ad
Hoc Networks and Interoperability Issues (MANETII'04), Las Vegas, Nevada,
USA, June 2004.
8. Stephen Carter and Alec Yasinsac, Secure Position Aided Ad hoc Routing,
Proceedings of the IASTED International Conference on Communications and
Computer Networks (CCN02), Nov 3-4, 2002.
9. B Strulo, J Farr and A Smith, Securing mobile ad hoc networks a motivational
approach, BT Technology Journal, Vol. 21, No. 3, PP. 81-90, 2003.
10. Panagiotis Papadimitratos and Zygmunt J. Haas, Secure Routing for Mobile Ad
hoc Networks, SCS Communication Networks and Distributed Systems
Modeling and Simulation Conference (CNDS 2002), San Antonio, TX, January
27-31, 2002.
11. Stefano Basagni et al, Mobile Ad-hoc Networking, IEEE press, John Wiley and
Sons publication, PP. 329-354, 2004
12. N. Asokan and P. Ginzboorg, Key Agreement in Ad hoc Networks, Computer
Communications, vol. 23(17), pp. 1627-1637, 2000.

-40-