Tema 5.-Seguridad: Problemas Soluciones

Tema 5.
-
Seguridad
Problemas
Soluciones
Redes Inalámbricas y Computación Ubicua/2006-2007

Ubicua/2006-2007
Computación Ubicua/2006-2007 Routing security vulnerabilities
Wireless medium is easy to snoop on

Due to ad hoc connectivity and mobility, it is hard to guarantee
access to any particular node (for instance, to obtain a secret
Inalámbricas yy Computación
key)
Easier for trouble-makers to insert themselves into a mobile ad
hoc network (as compared to a wired network)
Open medium
Redes Inalámbricas

Dynamic topology
Distributed cooperation
(absence of central authorities)
Redes
Constrained capability
(energy)
Ubicua/2006-2007
Computación Ubicua/2006-2007 Securing Ad Hoc Networks
Definition of “Attack” from the RFC 2828 — Internet Security

Glossary :
¾ “ An assault on system security that derives from an intelligent threat, i.e.,
an intelligent act that is a deliberate attempt (especially in the sense of a

method or technique) to evade security services and violate the security
policy of the system.”
Goals
Redes Inalámbricas
¾ Availability: ensure survivability of the network despite denial of service

attacks. The DoS can be targeted at any layer
¾ Confidentiality: ensures that certain information is not disclosed to
unauthorized entities. Eg Routing information information should not be
leaked out because it can help to identify and locate the targets
Redes
¾ Integrity: guarantee that a message being transferred is never corrupted.

¾ Authentication: enables a node to ensure the identity of the nodes
communicating.
¾ Non-Repudiation: ensures that the origin of the message cannot deny
having sent the message
Ubicua/2006-2007
Computación Ubicua/2006-2007 Routing attacks
Classification:
External attack vs. Internal attack
External: Intruder nodes can pose to be a part of the network injecting
¾
erroneous routes, replaying old information or introduce excessive traffic to
partition the network
¾ Internal: The nodes themselves could be compromised. Detection of such
nodes is difficult since compromised nodes can generate valid signatures.
Redes Inalámbricas
Passive attack vs. Active attack

¾ Passive attack: “Attempts to learn or make use of information from the
system but does not affect system resources” (RFC 2828)
¾ Active attack: “Attempts to alter system resources or affect their operation”
Redes
(RFC 2828)
Redes
Redes Inalámbricas
Inalámbricas yy Computación Ubicua/2006-2007
Computación Ubicua/2006-2007
source
Information
destination
Information
Normal Flow
Computación Ubicua/2006-2007 Passive Attacks
Sniffer
Redes Inalámbricas
Passive attacks
Redes
Interception (confidentiality)
Release of message contents Traffic analysis

Ubicua/2006-2007
Computación Ubicua/2006-2007 Sniffers
All machines on a network can “hear” ongoing traffic

A machine will respond only to data addressed specifically to it
Network interface: “promiscuous mode” – able to capture all

frames transmitted on the local area network segment
Risks of Sniffers:
¾ Serious security threat
Redes Inalámbricas
¾ Capture confidential information

Authentication information
Private data
¾ Capture network traffic information
Redes
Computación Ubicua/2006-2007 Interception
Information Information
source destination
Redes Inalámbricas
Redes
Unauthorized party gains access to the asset –

Confidentiality
Example: wiretapping, unauthorized copying of files
Ubicua/2006-2007
Computación Ubicua/2006-2007 Passive attacks
Release of message contents

¾ Intruder is able to interpret and extract information being transmitted
¾ Highest risk: authentication information
Can be used to compromise additional system resources
Traffic analysis
¾ Intruder is not able to interpret and extract the transmitted
Redes Inalámbricas
information
¾ Intruder is able to derive (infer) information from the traffic
characteristics
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Protection against passive attacks
Shield confidential data from sniffers: cryptography

Disturb traffic pattern:
¾ Traffic padding
¾ Onion routing
Modern switch technology: network traffic is directed to the
destination interfaces
Detect and eliminate sniffers
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Active attacks
Active attacks
Interruption Modification Fabrication

Redes Inalámbricas
(availability) (integrity) (integrity)

Redes
Computación Ubicua/2006-2007 Interruption
source destination
Redes Inalámbricas
Redes
Asset is destroyed or becomes unavailable - Availability

Example: destruction of hardware, cutting communication
line, disabling file management system, etc.
Ubicua/2006-2007
Computación Ubicua/2006-2007 Denial of service attack
Adversary floods irrelevant data

Consume network bandwidth
Consume resource of a particular node

E-mail bombing attack: floods victim’s mail with large bogus
messages
¾ Popular
Redes Inalámbricas
¾ Free tools available

Smurf attack:
¾ Attacker multicast or broadcast an Internet Control Message Protocol
(ICMP) with spoofed IP address of the victim system
Redes
¾ Each receiving system sends a respond to the victim

¾ Victim’s system is flooded
Ubicua/2006-2007
Computación Ubicua/2006-2007 TCP SYN flooding
Server: limited number of allowed half-open connections

Backlog queue:
Existing half-open connections
¾
¾ Full: no new connections can be established
¾ Time-out, reset
Attack:
Attacker: send SYN requests to server with IP source that unable to
Redes Inalámbricas
¾
response to SYN-ACK
¾ Server’s backlog queue filled
¾ No new connections can be established
Redes
¾ Keep sending SYN requests

Does not affect
¾ Existing or open incoming connections
¾ Outgoing connections
Ubicua/2006-2007
Computación Ubicua/2006-2007 Protection against DoS, DDoS
Hard to provide full protection

Some of the attacks can be prevented
Filter out incoming traffic with local IP address as source
¾
¾ Avoid established state until confirmation of client’s identity
Internet trace back: determine the source of an attack
Redes Inalámbricas
Redes
Computación Ubicua/2006-2007 Modification
source destination
Redes Inalámbricas
Redes
Unauthorized party tampers with the asset –

Integrity
Example: changing values of data, altering programs,
modify content of a message, etc.
Ubicua/2006-2007
Computación Ubicua/2006-2007 Attacks using modification
Attacks using modification

Idea:
Malicious node announces better routes than the other nodes in order to
¾
be inserted in the ad-hoc network
How ?
¾ Redirection by changing the route sequence number
¾ Redirection with modified hop count
Redes Inalámbricas
¾ Denial Of Service (DOS) attacks

¾ Modify the protocol fields of control messages
¾ Compromise the integrity of routing computation
Redes
¾ Cause network traffic to be dropped, redirected to a different destination

or take a longer route
Ubicua/2006-2007
Redirection with modified hop count:

- The node C announces to B a path with a metric value of one
- The intruder announces to B a path with a metric value of one too

- B decides which path is the best by looking into the hop count value
of each route
Redes Inalámbricas
Node C
Redes
Metric 1 and 3 hops
Node A Node B Node D
Metric 1 and 1 hop
Intruder
Ubicua/2006-2007
Denial Of Service (DOS) attacks with modified source routes:

¾ A malicious node is inserted in the network
¾ The malicious node changes packet headers it receives
¾ The packets will not reach the destination:

¾ The transmission is aborted
Redes Inalámbricas
Node A sends packets Intruder I decapsulates Node C has no direct

with header: (route packets, change the route with E, also the
cache to reach node E) header: packets are dropped
A-B-I-C-D-E A-B-I-C-E
Redes
Node A Node B Intruder I Node C Node D
Node E
Computación Ubicua/2006-2007 Fabrication
source destination
Redes Inalámbricas
Redes
Unauthorized party insets counterfeit object into the

system – Authenticity
Example: insertion of offending messages, addition of
records to a file, etc.
Ubicua/2006-2007
Computación Ubicua/2006-2007 Attacks using fabrication
Attacks using fabrication

¾ Idea:
Generates traffic to disturb the good operation of an ad-hoc network
¾ How ?
Falsifying route error messages
Corrupting routing state

Redes Inalámbricas
Routing table overflow attack

Replay attack
Black hole attack
Redes
Ubicua/2006-2007
Falsifying route error messages:

¾ When a node moves, the closest node sends “error” message to the others
¾ A malicious node can usurp the identity of another node (e.g. By using
spoofing) and sends error messages to the others

¾ The other nodes update their routing tables with these bad information
¾ The “victim” node is isolated
Redes Inalámbricas
Redes
Ubicua/2006-2007
Corrupting routing state:

¾ In DSR, routes can be learned from promiscuously received packets
¾ A node should add the routing information contained in each packet’s
header it overhears
¾ A hacker can easily broadcast a message with a spoofed IP address such
as the other nodes add this new route to reach a special node S
¾ It’s the malicious node which will receive the packets intended to S.
Redes Inalámbricas
Redes
Ubicua/2006-2007
Routing table overflow attack:

¾ Available in “pro-active” protocols.
¾ These protocols try to find routing information before they are needed
¾ A hacker can send in the network a lot of route to non-existent nodes until
overwhelm the protocol
Redes Inalámbricas
Redes
Ubicua/2006-2007
Replay attack:
¾ A hacker sends old advertisements to a node
¾ The node updates its routing table with stale routes
Black hole attack:

¾ A hacker advertises a zero metric route for all destinations
¾ All the nodes around it will route packets towards it
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Attacks using impersonation
Attacks using impersonation

¾ Idea :
Usurpates the identity of another node to perform changes
¾ How ?
Spoofing MAC address of other nodes
Redes Inalámbricas
Redes
Ubicua/2006-2007
Forming loops by spoofing MAC address:

¾ A malicious node M can listen all the nodes when the others nodes can
only listen their closest neighbors
¾ Node M first changes its MAC address to the MAC address of the node A
¾ Node M moves closer to node B than node A is, and stays out of range of
node A
¾ Node M announces node B a shorter path to reach X than the node D
gives
Redes Inalámbricas
A C
Redes
B D E X
Ubicua/2006-2007

¾ Node B changes its path to reach X
¾ Packets will be sent first to node A
¾ Node M moves closer to node D than node B is, and stays out of range of
node B
¾ Node M announces node D a shorter path to reach X than the node E
gives
Redes Inalámbricas
A C
Redes
M
B D E X
Ubicua/2006-2007

¾ Node D changes its path to reach X
¾ Packets will be sent first to node B
¾ X is now unreachable because of the loop formed

Redes Inalámbricas
A C
M
Redes
B D E X
Ubicua/2006-2007
Computación Ubicua/2006-2007 Other Routing attacks
Attacks for routing:

¾ Wormhole attack (tunneling)
¾ Invisible node attack
¾ The Sybil attack

¾ Rushing attack
¾ Non-cooperation
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Wormhole attack
Colluding attackers uses “tunnels” between them to forward

packets
Place the attacker in a very powerful position

The attackers take control of the route by claiming a shorter
path
Redes Inalámbricas
tunnel
N
M ……..….
D
Redes
S C
B
A
Ubicua/2006-2007
Computación Ubicua/2006-2007 Invisible node attack
Attack on DSR
Malicious does not append its IP address
M becomes “invisible” on the path

Redes Inalámbricas
S B M C D
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 The Sybil attack
Represents multiple identities

Disrupt geographic and multi-path routing
B
Redes Inalámbricas
M1
Redes
M2 M5
M3 M4
Ubicua/2006-2007
Computación Ubicua/2006-2007 Rushing attack
Directed against on-demand routing protocols

The attacker hurries route request packet to the next node to
increase the probability of being included in a route
Redes Inalámbricas
Redes
Ubicua/2006-2007
Non-cooperation
Node lack of cooperation, not participate in routing or packet
forwarding
Node selfishness, save energy for itself

Redes Inalámbricas
Redes
Tema 5.-
Seguridad
Problemas
Soluciones
Redes Inalámbricas y Computación Ubicua/2006-2007

Ubicua/2006-2007
Computación Ubicua/2006-2007 Ariadne Overview
Authenticate routing messages using one of:

¾ Shared secrets between each pair of nodes
Avoids need for synchronization
¾ Shared secrets between communicating nodes combined with broadcast

authentication
Requires loose time synchronization
Allows additional protocol optimizations
¾ Digital signatures
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 TESLA Overview
Broadcast authentication protocol used here for authenticating

routing messages
¾ Efficient and adds only a single message authentication code (MAC) to a
message
¾ Requires asymmetric primitive to prevent others from forging MAC
TESLA achieves asymmetry through clock synchronization and
delayed key disclosure
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 TESLA Overview (cont.)
1. Each sender splits the time into intervals
2. It then chooses random initial key (KN)
3. Generates one-way key chain through repeated use of a one-way
hash function (generating one key per time interval)

KN-1=H[KN], KN-2=H[KN-1]…
These keys are used in reverse order of generation
4. The sender discloses the keys based on the time intervals
Redes Inalámbricas
Redes
Ubicua/2006-2007
Sender attaches MAC to each packet

¾ Computed over the packet’s contents
¾ Sender determines time interval and uses corresponding value from one-
way key chain

¾ With the packet, the sender also sends the most recent disclosable one-
way chain value
Redes Inalámbricas
Redes
Ubicua/2006-2007
Receiver knows the key disclosing schedule

¾ Checks that the key used to compute the MAC is still secret by determining that the
sender could not have disclosed it yet
¾ As long as the key is still secret, the receiver buffers the packet
When the key is disclosed, receiver checks its correctness (through

self-authentication) and authenticates the buffered packets
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Network Assumptions
Network links are bidirectional

The network may drop, corrupt, reorder or duplicate packets
Each node must be able to estimate the end-to-end transmission
time to any other node in the network

Disregard physical attacks and Medium Access Control attacks
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Node Assumptions
Resources of nodes may vary greatly, so Ariadne assumes

constrained nodes
All nodes have loosely synchronized clocks

Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Security Assumptions
Three authentication mechanism possibilities:

¾ Pairwise secret keys (requires n(n+1)/2 keys)
¾ TESLA (shared keys between all source-destination pairs)
¾ Digital signatures (requires powerful nodes)

Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Key Setup
Shared secret keys

¾ Key distribution center
¾ Bootstrapping from a Public Key Infrastructure
¾ Pre-loading at initialization
Initial TESLA keys

¾ Embed at initialization
¾ Assume PKI and embed Certifications Authority’s public key at each node
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Ariadne Notation
A and B are principals (e.g., communicating nodes)

KAB and KBA are secret MAC keys shared between A and B
MACKAB(M) is computation of MAC of message M using key KAB

Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Route Discovery
Assume sender and receiver share secret (non-TESLA) keys for

message authentication
Target authenticates ROUTE REQUESTS

¾ Initiator includes a MAC computed with end-to-end key
¾ Target verifies authenticity and freshness of request using shared key
Data authentication using TESLA keys
Each hop authenticates new information in the REQUEST
Redes Inalámbricas
¾
¾ Target buffers REPLY until intermediate nodes release TESLA keys
TESLA security condition is verified at the target
Target includes a MAC in the REPLY to certify the condition was met
Redes
Attacker can remove a node from node list in a REQUEST

One-way hash functions verify that no hop was omitted (per-hop
hashing)
Ubicua/2006-2007
Computación Ubicua/2006-2007 Route Discovery (cont.)
Assume all nodes know an authentic key of the TESLA one-way key
chain of every other node
Securing ROUTE REQUEST
¾ Target can authenticate the sender (using their additional shared key)
¾ Initiator can authenticate each path entry using intermediate TESLA keys
¾ No intermediate node can remove any other node in the REQUEST or REPLY
Redes Inalámbricas
Redes
Ubicua/2006-2007
ROUTE REQUEST packet contains eight fields:
¾ ROUTE REQUEST: label
¾ initiator: address of the sender
¾ target: address of the recipient

¾ id: unique identifier
¾ time interval: TESLA time interval of the pessimistic arrival time
¾ hash chain: sequence of MAC hashes
¾ node list: sequence of nodes on the path
MAC list: MACs of the message using TESLA keys
Redes Inalámbricas
¾
Redes
Ubicua/2006-2007
Upon receiving ROUTE REQUEST, a node:

1. Processes the request only if it is new
2. Processes the request only if the time interval is valid (not too far in the future,
but not for an already disclosed TESLA key)

3. Modifies the request and rebroadcasts it
– Appends its address to the node list, replaces the hash chain with H[A, hash chain],
appends MAC of entire REQUEST to MAC list using KAi where i is the index for the time
interval specified in the REQUEST
Redes Inalámbricas
Redes
Ubicua/2006-2007
When the target receives the route request:

1. Checks the validity of the REQUEST (determining that the keys from the time
interval have not been disclosed yet and that hash chain is correct)
2. Returns ROUTE REPLY containing eight fields

– ROUTE REPLY, target, initiator, time interval, node list, MAC list
– target MAC: MAC computed over above fields with key shared between target and
initiator
– key list: disclosable MAC keys of nodes along the path
Redes Inalámbricas
Redes
Ubicua/2006-2007
Node forwarding ROUTE REPLY

¾ Waits until it can disclose TESLA key from specified interval
Appends that key to the key list
This waiting does delay the return of the ROUTE REPLY but does not consume
extra computational power
Redes Inalámbricas
Redes
Ubicua/2006-2007
When initiator receives ROUTE REPLY

1. Verifies each key in the key list is valid
2. Verifies that the target MAC is valid
3. Verifies that each MAC in the MAC list is valid using the TESLA keys
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Route Maintenance
Based on DSR
¾ Node forwarding a packet to the next hop returns a ROUTE ERROR to the
original sender
Prevent unauthorized nodes from sending errors, we require

errors to be authenticated by the sender
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Route Maintenance (cont.)
ROUTE ERROR contains six fields
¾ ROUTE ERROR: label
¾ sending address: node encountering error
¾ receiving address: intended next hop

¾ time interval: pessimistic arrival time of error at destination
¾ error MAC: MAC of the preceding fields of the error (computed using sender’s
TESLA key)
¾ recent TESLA key: most recent disclosable TESLA key
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Route Maintenance
Errors are propagated just as regular data packets

¾ Intermediate nodes remove routes that use the bad link
Sending node continues to send data packets along the route
until error is validated

¾ Generates additional errors, which are all cleaned up when the error is
finally validated
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Anonymous Communication
Sometimes security requirement may include anonymity

Availability of an authentic key is not enough to prevent traffic

analysis
Redes Inalámbricas
We may want to hide the source or the destination of a packet,

or simply the amount of traffic between a given pair of nodes
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Traffic Analysis
Traditional approaches for anonymous communication, for

instance, based on MIX nodes or dummy traffic insertion, can be
used in wireless ad hoc networks as well
However, it is possible to develop new approaches considering

the broadcast nature of the wireless channel
Redes Inalámbricas
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Mix Nodes [Chaum]
Mix nodes can reorder packets from different flows, insert

dummy packets, or delay packets, to reduce correlation between
packets in and packets out
G
Redes Inalámbricas
C M3
Redes
M1 B M2 E
F
A
Ubicua/2006-2007
Computación Ubicua/2006-2007 Mix Nodes
Node A wants to send message M to node G. Node A chooses 2

Mix nodes (in general n mix nodes), say, M1 and M2
G
Redes Inalámbricas
C M3
Redes
M1 B M2 E
F
A
Ubicua/2006-2007
Node A transmits to M1
message K1(R1, K2(R2, M))
where Ki() denotes encryption using public key Ki of Mix i, and Ri
is a random number
G
Redes Inalámbricas
C M3
Redes
M1 B M2 E
F
A
Redes
Redes Inalámbricas
M1
D
A
C
B
M1 recovers K2(R2,M) and send to M2
M2
M3
E
G
F
Mix Nodes
Redes
Redes Inalámbricas
M1
D
A
C
B
M2 recovers M and sends to G
M2
M3
E
G
F
Mix Nodes
If M is encrypted by a secret key, no one other than G or A

can know M
Since M1 and M2 “mix” traffic, observers cannot determine

Redes Inalámbricas

the source-destination pair without compromising M1 and M2
both
Redes
Ubicua/2006-2007
Computación Ubicua/2006-2007 Alternative Mix Nodes
Suppose A uses M2 and M3 (not M1 and M2)

Î Need to take fewer hops
Choice of mix nodes affects overhead
G
Redes Inalámbricas
C M3
Redes
M1 B M2 E
F
A
Ubicua/2006-2007
Computación Ubicua/2006-2007 Mix Node Selection
Intelligent selection of mix nodes can reduce overhead [Jiang04]

With mobility, the choice of mix nodes may have to be modified

to reduce cost
Redes Inalámbricas
However, change of mix selection has the potential for divulging

more information
Redes

Tema 5.-Seguridad: Problemas Soluciones

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tema 5.-Seguridad: Problemas Soluciones

Uploaded by

Copyright:

Available Formats

Tema 5.

Redes Inalámbricas y Computación Ubicua/2006-2007

 Wireless medium is easy to snoop on

 Definition of “Attack” from the RFC 2828 — Internet Security

an intelligent act that is a deliberate attempt (especially in the sense of a

¾ Availability: ensure survivability of the network despite denial of service

¾ Integrity: guarantee that a message being transferred is never corrupted.

 Passive attack vs. Active attack

Release of message contents Traffic analysis

 All machines on a network can “hear” ongoing traffic

¾ Capture confidential information

Unauthorized party gains access to the asset –

 Release of message contents

 Can be used to compromise additional system resources

 Shield confidential data from sniffers: cryptography

Interruption Modification Fabrication

(availability) (integrity) (integrity)

Asset is destroyed or becomes unavailable - Availability

 Adversary floods irrelevant data

¾ Free tools available

¾ Each receiving system sends a respond to the victim

 Server: limited number of allowed half-open connections

¾ Keep sending SYN requests

 Hard to provide full protection

Unauthorized party tampers with the asset –

 Attacks using modification

¾ Denial Of Service (DOS) attacks

¾ Cause network traffic to be dropped, redirected to a different destination

Redirection with modified hop count:

- The intruder announces to B a path with a metric value of one too

Metric 1 and 3 hops

Node A Node B Node D

Metric 1 and 1 hop

 Denial Of Service (DOS) attacks with modified source routes:

¾ The packets will not reach the destination:

Node A sends packets Intruder I decapsulates Node C has no direct

Node A Node B Intruder I Node C Node D

Unauthorized party insets counterfeit object into the

 Attacks using fabrication

 Corrupting routing state

 Routing table overflow attack

 Falsifying route error messages:

spoofing) and sends error messages to the others

 Corrupting routing state:

 Routing table overflow attack:

 Black hole attack:

 Attacks using impersonation

 Forming loops by spoofing MAC address:

 Forming loops by spoofing MAC address:

 Forming loops by spoofing MAC address:

¾ X is now unreachable because of the loop formed

 Attacks for routing:

¾ The Sybil attack

 Colluding attackers uses “tunnels” between them to forward

 Represents multiple identities

 Directed against on-demand routing protocols

Redes Inalámbricas y Computación Ubicua/2006-2007

 Authenticate routing messages using one of:

¾ Shared secrets between communicating nodes combined with broadcast

 Broadcast authentication protocol used here for authenticating

hash function (generating one key per time interval)

 Sender attaches MAC to each packet

way key chain

Wireless medium is easy to snoop on

Definition of “Attack” from the RFC 2828 — Internet Security

Passive attack vs. Active attack

All machines on a network can “hear” ongoing traffic

Release of message contents

Can be used to compromise additional system resources

Shield confidential data from sniffers: cryptography

Adversary floods irrelevant data

Server: limited number of allowed half-open connections

Hard to provide full protection

Attacks using modification

Denial Of Service (DOS) attacks with modified source routes:

Attacks using fabrication

Corrupting routing state

Routing table overflow attack

Falsifying route error messages:

Corrupting routing state:

Routing table overflow attack:

Black hole attack:

Attacks using impersonation

Forming loops by spoofing MAC address:

Forming loops by spoofing MAC address:

Forming loops by spoofing MAC address:

Attacks for routing:

Colluding attackers uses “tunnels” between them to forward

Represents multiple identities

Directed against on-demand routing protocols

Authenticate routing messages using one of:

Broadcast authentication protocol used here for authenticating

Sender attaches MAC to each packet

Receiver knows the key disclosing schedule

When the key is disclosed, receiver checks its correctness (through

Network links are bidirectional

Resources of nodes may vary greatly, so Ariadne assumes

Three authentication mechanism possibilities:

Shared secret keys

Initial TESLA keys

A and B are principals (e.g., communicating nodes)

Assume sender and receiver share secret (non-TESLA) keys for

Attacker can remove a node from node list in a REQUEST

Upon receiving ROUTE REQUEST, a node:

When the target receives the route request:

Node forwarding ROUTE REPLY

When initiator receives ROUTE REPLY

Prevent unauthorized nodes from sending errors, we require

Errors are propagated just as regular data packets

Sometimes security requirement may include anonymity

Availability of an authentic key is not enough to prevent traffic

We may want to hide the source or the destination of a packet,

Traditional approaches for anonymous communication, for

However, it is possible to develop new approaches considering

Mix nodes can reorder packets from different flows, insert

Node A wants to send message M to node G. Node A chooses 2

If M is encrypted by a secret key, no one other than G or A

Suppose A uses M2 and M3 (not M1 and M2)

Choice of mix nodes affects overhead

Intelligent selection of mix nodes can reduce overhead [Jiang04]

With mobility, the choice of mix nodes may have to be modified

However, change of mix selection has the potential for divulging