An efficient secure distributed anonymous routing protocol for mobile

and wireless ad hoc networks

Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba

Sources: Computer Communications, 28(2), pp. 1193-1203, 2005

Reporter: Chun-Ta Li (李俊達 )

2

Outline Introduction Security issues in ad hoc routing Trust management system A secure distributed anonymous routing

protocol (SDAR) Security analysis Conclusions Comments

3

Introduction Mobile ad hoc networks (MANET)

Network functions are carried out by all available nodes Packet forwarding Routing Network management

Wireless radios and a peer-to-peer network model Visualized for crisis solutions or civilian applicati

ons

4

Introduction (cont.) Constraints in mobile devices

Low power microprocessor Small memory Limited bandwidth Short battery life Frequent network topology changes

Anonymous routing Hide the location and relationships of the

communication nodes

5

Security issues in ad hoc routing Passive attacks

eavesdropping discover some valuable information disclose the relationship between nodes

Active attacks replaying, modifying or deleting routing packets malicious updates the routing table routing loops and network congestion external attacks and internal attacks

6

Security issues in ad hoc routing (cont.) Security requirements of this paper

SDAR (Secure Distributed Anonymous Routing ) protocol is secured against passive and active attacks, but not against Denial-of-Service attacks

SDAR maintains the anonymity of the sender and receiver

SDAR is able to identify malicious nodes and avoid using them to establish routes

7

Trust management system Purpose of trust management system

relaying data traffic identify the malicious nodes avoid using malicious nodes during the route

establishment take malicious nodes out of the network

Define the trust level in a node as a cumulative value computed by each of its direct neighboring nodes community: the evaluated node and neighboring nodes

8

Trust management system (cont.) community management

central nodes

neighboring nodes

community

track and listenneighboring central:

． HELLO message {public key of neighboring node}

(broadcasting periodically)

． stores the public key

． removes nodes if it does not receive the HELLO message for some time

leave node

9

Trust management system (cont.) community key management

Three trust levels for neighboring nodes lowest trust level: trust values is δ1 medium trust level: trust value is δ2 (MTLCK) high trust level: trust value is ψ (MTLCK, HTLCK)

updates the community key when a node’s trust level goes up or down or a node leaves the community

community key will be encrypted with the public key of intended neighboring node during distribution

// MTLCK: Medium Trust Level Community Key

// HTLCK: High Trust Level Community Key

10

Trust management system (cont.) Identification of nodes’ malicious behavior

by overhearing the message from next node to next-next node Malicious Dropping Malicious Modification

Trust-based distributed route selection mechanism specifies the trust level requirement in initial message intermediate node will propagate the message only to

selected neighboring nodes depending on the source node requested trust level

11

A secure distributed anonymous routing protocol (SDAR)

Three phases: Path discovery phase Path reverse phase Data transfer phase

Assumptions Bi-directional links Enough computation power A trusted CA Each node holds only one IP

address for its communication

Some malicious nodes

Notations

12

A secure distributed anonymous routing protocol (cont.)

Path discovery phase Sending node S and receiving node R None of intermediate nodes can discover the identity of S and R S triggers this phase by sending path discovery message to all

nodes within its wireless transmission range Path discovery message open part

Encrypted with community key

13

A secure distributed anonymous routing protocol (cont.) Path discovery phase

Each node keeps an internal table for mapping the session TPK, random number, session key and ancestor node

Step 1: check if the message has already been received from other nodes within its wireless transmission range using the TPK as the unique identifier for the message

Step 2: check if the node is the sender’s intended next hop by finding the corresponding community key in its community key lists. If key is found then decrypt the message

14

A secure distributed anonymous routing protocol (cont.) Path discovery phase

Step 3: try to decrypt EPKR(IDR, KS, PLS)

Step 4: if the node is NOT the destined receiver Encrypted (IDi, Session key Ki, SNPath_IDi and signature of receive

d message) with encrypted key TPK and forward to neighbors whose trusted levels meets the trust requirement

15

A secure distributed anonymous routing protocol (cont.)

Path discovery phase Step 5: if the node is

the destined receiver Use the length of

padding PLS to find out the offset of the forth part and get session keys of all nodes along the path

Put all ids, session keys in one message

Send the message to the first node in the reverse path

16

A secure distributed anonymous routing protocol (cont.) Path reverse phase

Use SNSession_IDi to retrieve the key for session, removes one encryption layer and forwards the message to the next node on the reverse path

Add the ID of the successor node into the mapping table When S receives the message, it decrypts the message and passes the

information about all intermediate nodes (i.e. the route) to the higher application

Data transfer phase Use the shared session keys of the intermediate nodes to make the lay

er encryption for the data and each intermediate node just decrypts one encryption layer and forwards the message to the next node according to the ID of the next node

17

A secure distributed anonymous routing protocol (cont.) Finding malicious dropping behavior

Path discovery phase overhear the message with the same TPK from the nei

ghboring node

Path reverse and data transfer phase SNSession_IDi

and SNSession_IDi-2 instead of the TPK

Overhear the message carrying the session key ID of the node’s next hop from the node

node IDi node IDi-1 node IDi-2

overhear

18

A secure distributed anonymous routing protocol (cont.)

Finding malicious modification behavior (path reverse phase) Nodei-1 as an example1. Decrypt message to get two SNs

2. Separate Ni-1 from Mi-1 and check HKi-1(Ni-1) is equal or not, if it is not, Node i must have done malicious modification on Mi-1

3. Get rid of SNSession_IDi and H(Mi-3) from Ni-1 and store H(Mi-3) locally, then decrypt the rest of Ni-1 with K

i-1 and send the result Mi-2 to Node

i-2

4. Overhear Mi-3 from Nodei-2 by checking H(Mi-3) is equal or not

19

Security analysis Theorem 1. SDAR is secured against passive and

active attacks, but not against Denial-of-Service attacks

Theorem 2. SDAR maintains the anonymity of the sender and receiver

Theorem 3. SDAR is able to identify malicious nodes and avoid using them to establish routes

Theorem 4. SDAR is able to establish a route matching certain trust requirements if enough nodes with qualifying trust value exist between the source and destination

20

Conclusions In this paper, authors present a secure

distributed anonymous routing protocol for MANET, called SDAR.

Some advantages can be summarized as follow Non-source-based routing Flexible and reliable route selection Resilience against path hijacking

21

Comments Misrecognize malicious dropping behavior

tamper TPK or SNSession_ID (open part) Solution: mutual authentication or encryption

It can’t prevent malicious modification behavior in path discovery phase (malicious dropping the message)

All neighboring nodes of the sender in collusion would find the sender and they can try to guess the session key KS for attacks