8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
1/41
1
Rushing Attacks and Defensein Wireless Ad Hoc Network Routing Protocols
Yih-Chun Hu, Adrian Perrig, and David B !ohnson
Presenter" #andee$ %a$akshiC# &'()-AC*# + Proect &
*nstructor" Prof es.ek / ilien, 0all 1))&
De$art2ent of Co2$uter #cienceWestern %ichigan 3niversit4
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
2/41
2
5utline
5n-De2and Routing Protocols
Rushing Attacks
Rushing Attack Prevention 6valuation
Conclusion
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
3/41
3
*ntroduction
Wireless Ad hoc network a collection of 2o7ile co2$uters 8or nodes9 coo$erate
to forward $ackets
d4na2ic to$olog4
self-organi.ation
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
4/41
4
*ntroduction 8cont9
Routing $rotocol /rans$ort #u7s4ste2
Neigh7or #tate %aintenance
Data7ase %aintenance
Ad hoc network routing $rotocols Run in untrusted environ2ents
Provide resilience against 2isconfigured nodes
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
5/41
5
Routing Protocols
Proactive routing $rotocol /a7le-Driven routing $rotocol
Reactive routing $rotocol #ource-*nitiated 5n-De2and routing $rotocol
0orward R53/6 R6:36#/ $ackets when needed
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
6/41
6
Co2$arison 7etween /a7le-Driven
Routing and 5n-De2and Routing
Table-driven Routing On-demand Routing
Availability of
Routing information
*22ediatel4 fro2
Route /a7leAfter Route discover4
Route updatesPeriodic advertise2ents When re;uested
Routing overhead Pro$ortional to si.e ofnetwork regardless of
network traffic
Pro$ortional to nu27er of
co22unication nodes andincrease with increased node
2o7ilit4
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
7/41
7
5n-De2and Route Discover4
A
A
A-B
A-C
A-C-E
A-C-E
A-C-E
A-B-D
A-B-D-G A-B-D-G
A-B-D-G
B
G
D
E
C
A
F
H
source
Destination
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
8/41
8
/he Rushing Attack
5n-de2and routing $rotocols use du$licate su$$ression at each node" first
R53/6 R6:36#/ that reaches a node is considered legiti2ate, ne
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
9/41
9
Wh4 is the Attack Possi7le=
An attacker can send faster, 74 avoiding the dela4s that are $art of the
design of 7oth routing and %AC 8>)1((79 $rotocols
Why Delay in ROUTE REQUET for!arding "
#n a $A% protocols using time division On-demand protocols generally specify a delay
Remove these delays at both the $A% and routing layers"
- more collisions
Attacker can send at a higher wireless trans2ission level
An attacker can take advantage of a wor2hole, to create flood rushing
attacks, use the wor2hole to rush the $ackets ahead of the nor2al flow
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
10/41
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
11/41
11
Rushing Attack 6
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
12/41
12
Rushing Attack 6
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
13/41
13
Rushing Attack 6
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
14/41
14
Rushing Attack 6
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
15/41
15
Rushing Attack 6
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
16/41
16
Rushing Attack 6
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
17/41
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
18/41
18
Wor2hole Attack
Attacker records a $acket at one location in the network,tunnels the $acket to another location
Packets may 7e re$la4ed fro2 the far end of the wor2hole
Puts attacker in a $owerful $osition *t@s a re$la4 so authentication does not hel$
A$$lications of the Wor2hole Attack
Denial-of-#ervice Routing Disru$tions
3nauthori.ed Access
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
19/41
19
Routing /ree
Ad#%ted &ro' C(ris )#rlo&
#*d D#+id ,#-*er.s
,S/A slides
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
20/41
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
21/41
21
Wor2hole Attack
/unnel $ackets received inone $lace of the networkand re$la4 the2 in another
$lace
/he attacker can have noke4 2aterial All it re;uiresis two transceivers and onehigh ;ualit4 out-of-7andchannel
Ad#%ted &ro' C(ris )#rlo&
#*d D#+id ,#-*er.s
,S/A slides
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
22/41
22
Disru$ted Routing
%ost $ackets will 7e routedto the wor2hole
/he wor2hole can dro$ $ackets or selectivel4forward $ackets to avoiddetection
Ad#%ted &ro' C(ris )#rlo&
#*d D#+id ,#-*er.s
,S/A slides
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
23/41
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
24/41
24
Network Assu2$tion
Network links are 7idirectional *gnore unidirectional links
*gnore a22ing attack
Re;uires additional hardware 6asier to detect
Disregard attacks on %AC $rotocol %AC 8%ediu2 Access Control9 A5HA and #lotted A5HA
%ediu2-si.ed )~ )) nodes Clustering
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
25/41
25
#ecurit4 Assu2$tions And e4 #etu$
F#st #ut(e*tic#tio* %rotocol
*st#*tly+eri&i#le ro#dc#st #ut(e*tic#tio*
)eys setu% Bro#dc#st #ut(e*tic#tio* $ey #re distriuted i*
#d+#*ce
oer&ul #tt#c$er
Coordi*#ted #tt#c$er
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
26/41
26
#ecure Routing Re;uire2ents And Protocol
#ecure Neigh7or Detection
#ecure route delegation
Rando2i.ed R53/6 R6:36#/ forwarding
Si*-leHo%
G#t(er n
EESS:
#*do'ly
C(oose 1
Secure /ei-(or
Detectio*
;ri-i*#l outi*-
rotocol
yes
*o
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
27/41
27
#ecure Neigh7or Detection
Neigh7or Detection /wo nodes detect a 7idirectional link 7etween the2selves
*n Proactive routing $rotocol
*n Reactive routing $rotocol
Re;uire2ents #ender-receiver can check that the other is within the nor2al
co22unication range
Node needs to hear Neigh7or Re;uest
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
28/41
28
#ecure Neigh7or Detection
/hree-round 2utual authentication $rotocol
S 7roadcasts a Neigh7or Re;uest $acket
R return a Neigh7or Re$l4 $acket to #
# sends a Neigh7or erification to B
#hort dela4 ti2ing Within a 2a
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
29/41
29
Notation
{ }
( )
M
M
R
M A
M A
M B A
AH M B A
A
A
B A
∑
∑∗→
→
−
←
si-*#tureits4it('ess#-ero#dc#sts*odet(#t'e#*s
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
30/41
30
#ecure Neigh7or Detection 8cont9
{ }
( )( )
{ }
( )( )
( )( )
3
3
2
2
1
1
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
31/41
31
#ecure Neigh7or Detection 8cont9
*ntegration with an 5n-De2and Protocol A* " R6:36#/ Neigh7or Re;uestA
BA" Neigh7or Re$l4BA Neigh7or Re;uestB
AB" Neigh7or erificationAB Neigh7or Re$l4AB
B* " R6:36#/ Neigh7or erificationAB Neigh7or erificationBA
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
32/41
32
#ecure Route Delegation
Delegate neigh7or to forward the Route Re;uest $acket
/o verif4 that both nodes of each adacent node $air indeed
7elieves to 7e a neigh7or
A received R53/6 R6:36#/#R id
%A EFRoute Delegation,A,B,#,R,idG
%A E#ign8H8%A99
A B:
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
33/41
33
Rando2i.ed %essage 0orwarding
/o 2ini2i.e the chance that a rushing adversar4 can do2inate all returnedroutes
Rando2i.ed 2essage forwarding Collects a nu27er of R6:36#/s #elects a R6:36#/ at rando2 to forward
/he nu27er of R6:36#/ $ackets collected /he 2ore the 7etter=
/he algorith2 74 which ti2eouts are chosen /o$olog4 closer Ieogra$hicall4 closer Rando2l4
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
34/41
34
#ecure Route Discover4
/o secure an4 $rotocol using an on-de2and Route Discover4 $rotocol
#ecure Neigh7or Detection
#ecure route delegation
Rando2i.ed R53/6 R6:36#/ forwarding
/o li2it the nu27er of R6:36#/s that traverse an attacker
/he nodes that don@t have n distinct $ath to the source of the R6:36#/
Choose a rando2 ti2eout
/wo addition securit4 o$ti2i.ations
6ach R6:36#/ signed
3se location infor2ation
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
35/41
35
6valuation
#i2ulation 6valuation 3nderl4ing $rotocol" Adriane
H5R# as 7roadcast signature
()) nodes
())) 2 < ())) 2
Rando2 wa4$oint 2odel
Pause /i2e" ), J), &), (1), J)), &)), '))
Workload" flows K $ackets $er second
&K-74te $ackets
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
36/41
36
Packet Deliver4 Ratio
L of 5ffered traffic D#R
''>L to ())L
Ariadne 'L to ())L
RAP
M&L to KMML
%AC-la4er congestion
Slide courtesy !2"
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
37/41
37
%edian atenc4
D#R and Ariadne .ero 2ean latenc4
RAP
Congestion Waiting to forward a
R6:36#/
Slide courtesy !2"
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
38/41
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
39/41
39
5verall
6valuation
RAP adds significant costs
Higher costs due to congestion at lower 7it rates
RAP is designed to 7e used onl4 when necessar4 5nl4 when underl4ing $rotocol is una7le to discover a
working route
#ecurit4 Anal4sis
Attacker needs to $ro$agate R53/6 R6:36#/ fro2 eachR53/6 D*#C56RY fro2 2an4 locations
Wouldn@t do it if the4 considered due to intrusion detection
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
40/41
40
Conclusion
Descri7ed the Rushing attack
Presented RAP 8Rushing Attack Prevention9
RAP incurs higher overhead, 7ut it can find usa7le
routes when other $rotocols cannot work
8/16/2019 Mapakshi PT6 30minS CS6910 PT6 S.mapakshi 30 Min Presentation (1)
41/41
41
References
)*+ ,ih-%hun u(Adrian .errig( David &/0ohnson (
1Rushing attac's and defense in !ireless ad hoc net!or' routing protocols2(
Proceedings of the 1))J AC% worksho$ on Wireless securit4, #an Diego, CA,
3#A Availa7le at"htt$"wwwecec2ueduOadrian$roectssecure-routingwise1))J$df
)3+ Rushing Attac's and Defense in Wireless Ad oc 4et!or' Routing
.rotocols ,ih-%hun u( Adrian .errig( and David &/ 0ohnson
.resenter5 Tammy 4guyen Availa7le at"
htt$"wwweecswsueduOs2ediditeaching#$ring)rushing($$t
http://www.ece.cmu.edu/~adrian/projects/secure-routing/wise2003.pdfhttp://www.eecs.wsu.edu/~smedidi/teaching/Spring05/rushing1.ppthttp://www.eecs.wsu.edu/~smedidi/teaching/Spring05/rushing1.ppthttp://www.ece.cmu.edu/~adrian/projects/secure-routing/wise2003.pdf