06-07-2012, 04:12 PM
mobile ad hoc network
[attachment=27006]
Wormhole:
As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a general mechanism, called packet leashes, for detecting and, thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. We also discuss topology-based wormhole detection, and show that it is impossible for these approaches to detect some wormhole topologies.
Flooding:
In an ad hoc network, each host assumes the role of a router and relays packets toward final destinations. This paper studies efficient routing mechanisms for packet flooding in ad hoc wireless networks. Because a packet is broadcast to all neighboring nodes, the optimality criteria of wireless network routing are different from that of the wired network routing. We show that the minimum cost flooding tree problem is similar to MCDS (Minimum Connected Dominating Set) problem and prove the NP-completeness of the minimum cost flooding tree problem. Then, we propose two flooding methods: self-pruning and dominant pruning. Both methods utilize the neighbor information to reduce redundant transmissions. Performance analysis shows that both methods perform significantly better than the blind flooding. Especially, dominant pruning performs close to the practically achievable best performance limit.
Gray hole attack:
In this paper, we propose a complete protocol to detect a chain of cooperating malicious nodes in an ad hoc network that disrupts transmission of data by feeding wrong routing information. Our technique is based on sending data in equal but small sized blocks instead of sending whole of data in one continuous stream. The flow of traffic is monitored independently at the neighborhoods of both source and destination. The results of monitoring are gathered by a backbone network of trusted nodes. With assumption that a neighborhood of any node in the ad hoc network has more trusted nodes than malicious nodes, our protocol can not only detect but also remove a chain of cooperating malicious nodes (gray/black hole) by ensuring an end-to-end checking between the transmission of two blocks of data. The protocol takes O(mdBN) time for detection and removal of gray/black holes chain which betters an earlier O(n2) time bound [4] for detecting a single black hole in the network. Here, m is the number of malicious nodes in the network, dBN is the diameter of a backbone network formed out of the flat ad hoc network, and n is the total number of nodes in the ad hoc network.
Spoofing:
Spoofing is a serious threat for both ad hoc and sensor networks, that can cause adverse effects on a network's operations. Although cryptographic authentication can assure the identity of a transmitter, authentication is not always desirable or possible as it requires key management and more extensive computations. In this paper we argue that it is desirable to have a functionality complementary to traditional authentication that can detect device spoofing with no dependency on cryptographic material. Towards this objective, we propose using forge-resistant relationships associated with transmitted packets to detect anomalous activity. Our strategy is generic, operates in a 1-hop neighborhood, and thus can locally provide protection in order to defend ad hoc or sensor networks from anomalous intrusions. As two specific constructions, we explore the use of monotonic relationships in the sequence number fields, and the enforcement of statistical characteristics of legitimate traffic. We then provide an example of how these relationships can be used to construct a classifier that provides a multi-level threat assessment. We validate the usefulness of these methods for anomalous traffic scenarios involving multiple sources sharing the same MAC address through experiments conducted on the ORBIT wireless testbed.
Dynamic Source Routing' (DSR) is a routing protocol for wireless mesh networks. It is similar to AODV in that it forms a route on-demand when a transmitting computer requests one. However, it uses source routing instead of relying on the routing table at each intermediate device.
Determining source routes requires accumulating the address of each device between the source and destination during route discovery. The accumulated path information is cached by nodes processing the route discovery packets. The learned paths are used to route packets. To accomplish source routing, the routed packets contain the address of each device the packet will traverse. This may result in high overhead for long paths or large addresses, like IPv6. To avoid using source routing, DSR optionally defines a flow id option that allows packets to be forwarded on a hop-by-hop basis.
This protocol is truly based on source routing whereby all the routing information is maintained (continually updated) at mobile nodes. It has only two major phases, which are Route Discovery and Route Maintenance. Route Reply would only be generated if the message has reached the intended destination node (route record which is initially contained in Route Request would be inserted into the Route Reply).
To return the Route Reply, the destination node must have a route to the source node. If the route is in the Destination Node's route cache, the route would be used. Otherwise, the node will reverse the route based on the route record in the Route Request message header (this requires that all links are symmetric). In the event of fatal transmission, the Route Maintenance Phase is initiated whereby the Route Error packets are generated at a node. The erroneous hop will be removed from the node's route cache; all routes containing the hop are truncated at that point. Again, the Route Discovery Phase is initiated to determine the most viable route.
For information on other similar protocols, see the ad hoc routing protocol list.
Dynamic source routing protocol (DSR) is an on-demand protocol designed to restrict the bandwidth consumed by control packets in ad hoc wireless networks by eliminating the periodic table-update messages required in the table-driven approach. The major difference between this and the other on-demand routing protocols is that it is beacon-less and hence does not require periodic hello packet (beacon) transmissions, which are used by a node to inform its neighbors of its presence. The basic approach of this protocol (and all other on-demand routing protocols) during the route construction phase is to establish a route by flooding RouteRequest packets in the network. The destination node, on receiving a RouteRequest packet, responds by sending a RouteReply packet back to the source, which carries the route traversed by the RouteRequest packet received.
Consider a source node that does not have a route to the destination. When it has data packets to be sent to that destination, it initiates a RouteRequest packet. This RouteRequest is flooded throughout the network. Each node, upon receiving a RouteRequest packet, rebroadcasts the packet to its neighbors if it has not forwarded it already, provided that the node is not the destination node and that the packet’s time to live (TTL) counter has not been exceeded. Each RouteRequest carries a sequence number generated by the source node and the path it has traversed. A node, upon receiving a RouteRequest packet, checks the sequence number on the packet before forwarding it. The packet is forwarded only if it is not a duplicate RouteRequest. The sequence number on the packet is used to prevent loop formations and to avoid multiple transmissions of the same RouteRequest by an intermediate node that receives it through multiple paths. Thus, all nodes except the destination forward a RouteRequest packet during the route construction phase. A destination node, after receiving the first RouteRequest packet, replies to the source node through the reverse path the RouteRequest packet had traversed. Nodes can also learn about the neighboring routes traversed by data packets if operated in the promiscuous mode (the mode of operation in which a node can receive the packets that are neither broadcast nor addressed to itself). This route cache is also used during the route construction phase.
Rsa:
Key generation
RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. The keys for the RSA algorithm are generated the following way:
1. Choose two distinct prime numbers p and q.
For security purposes, the integers p and q should be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found using a primality test.
2. Compute n = pq.
n is used as the modulus for both the public and private keys
3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function.
4. Choose an integer e such that 1 < e < φ(n) and greatest common divisor of (e, φ(n)) = 1; i.e., e and φ(n) are coprime.
e is released as the public key exponent.
e having a short bit-length and small Hamming weight results in more efficient encryption - most commonly 0x10001 = 65,537. However, small values of e (such as 3) have been shown to be less secure in some settings.[4]
5. Determine d = e–1 mod φ(n); i.e., d is the multiplicative inverse of e mod φ(n).
This is more clearly stated as solve for d given (de) mod φ(n) = 1
This is often computed using the extended Euclidean algorithm.
d is kept as the private key exponent.
The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d which must be kept secret.
Notes:
An alternative, used by PKCS#1, is to choose d matching de ≡ 1 mod λ with λ = lcm(p − 1, q − 1), where lcm is the least common multiple. Using λ instead of φ(n) allows more choices for d. λ can also be defined using the Carmichael function, λ(n).
The ANSI X9.31 standard prescribes, IEEE 1363 describes, and PKCS#1 allows, that p and q match additional requirements: be strong primes, and be different enough that Fermat factorization fails.
Encryption
Alice transmits her public key to Bob and keeps the private key secret. Bob then wishes to send message M to Alice.
He first turns M into an integer m, such that by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext corresponding to
.
This can be done quickly using the method of exponentiation by squaring. Bob then transmits to Alice.
Note that at least nine values of m will yield a ciphertext c equal to m,[5] but this is very unlikely to occur in practice.
[edit]Decryption
Alice can recover from by using her private key exponent via computing
.
Given , she can recover the original message M by reversing the padding scheme.
[attachment=27006]
Wormhole:
As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a general mechanism, called packet leashes, for detecting and, thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. We also discuss topology-based wormhole detection, and show that it is impossible for these approaches to detect some wormhole topologies.
Flooding:
In an ad hoc network, each host assumes the role of a router and relays packets toward final destinations. This paper studies efficient routing mechanisms for packet flooding in ad hoc wireless networks. Because a packet is broadcast to all neighboring nodes, the optimality criteria of wireless network routing are different from that of the wired network routing. We show that the minimum cost flooding tree problem is similar to MCDS (Minimum Connected Dominating Set) problem and prove the NP-completeness of the minimum cost flooding tree problem. Then, we propose two flooding methods: self-pruning and dominant pruning. Both methods utilize the neighbor information to reduce redundant transmissions. Performance analysis shows that both methods perform significantly better than the blind flooding. Especially, dominant pruning performs close to the practically achievable best performance limit.
Gray hole attack:
In this paper, we propose a complete protocol to detect a chain of cooperating malicious nodes in an ad hoc network that disrupts transmission of data by feeding wrong routing information. Our technique is based on sending data in equal but small sized blocks instead of sending whole of data in one continuous stream. The flow of traffic is monitored independently at the neighborhoods of both source and destination. The results of monitoring are gathered by a backbone network of trusted nodes. With assumption that a neighborhood of any node in the ad hoc network has more trusted nodes than malicious nodes, our protocol can not only detect but also remove a chain of cooperating malicious nodes (gray/black hole) by ensuring an end-to-end checking between the transmission of two blocks of data. The protocol takes O(mdBN) time for detection and removal of gray/black holes chain which betters an earlier O(n2) time bound [4] for detecting a single black hole in the network. Here, m is the number of malicious nodes in the network, dBN is the diameter of a backbone network formed out of the flat ad hoc network, and n is the total number of nodes in the ad hoc network.
Spoofing:
Spoofing is a serious threat for both ad hoc and sensor networks, that can cause adverse effects on a network's operations. Although cryptographic authentication can assure the identity of a transmitter, authentication is not always desirable or possible as it requires key management and more extensive computations. In this paper we argue that it is desirable to have a functionality complementary to traditional authentication that can detect device spoofing with no dependency on cryptographic material. Towards this objective, we propose using forge-resistant relationships associated with transmitted packets to detect anomalous activity. Our strategy is generic, operates in a 1-hop neighborhood, and thus can locally provide protection in order to defend ad hoc or sensor networks from anomalous intrusions. As two specific constructions, we explore the use of monotonic relationships in the sequence number fields, and the enforcement of statistical characteristics of legitimate traffic. We then provide an example of how these relationships can be used to construct a classifier that provides a multi-level threat assessment. We validate the usefulness of these methods for anomalous traffic scenarios involving multiple sources sharing the same MAC address through experiments conducted on the ORBIT wireless testbed.
Dynamic Source Routing' (DSR) is a routing protocol for wireless mesh networks. It is similar to AODV in that it forms a route on-demand when a transmitting computer requests one. However, it uses source routing instead of relying on the routing table at each intermediate device.
Determining source routes requires accumulating the address of each device between the source and destination during route discovery. The accumulated path information is cached by nodes processing the route discovery packets. The learned paths are used to route packets. To accomplish source routing, the routed packets contain the address of each device the packet will traverse. This may result in high overhead for long paths or large addresses, like IPv6. To avoid using source routing, DSR optionally defines a flow id option that allows packets to be forwarded on a hop-by-hop basis.
This protocol is truly based on source routing whereby all the routing information is maintained (continually updated) at mobile nodes. It has only two major phases, which are Route Discovery and Route Maintenance. Route Reply would only be generated if the message has reached the intended destination node (route record which is initially contained in Route Request would be inserted into the Route Reply).
To return the Route Reply, the destination node must have a route to the source node. If the route is in the Destination Node's route cache, the route would be used. Otherwise, the node will reverse the route based on the route record in the Route Request message header (this requires that all links are symmetric). In the event of fatal transmission, the Route Maintenance Phase is initiated whereby the Route Error packets are generated at a node. The erroneous hop will be removed from the node's route cache; all routes containing the hop are truncated at that point. Again, the Route Discovery Phase is initiated to determine the most viable route.
For information on other similar protocols, see the ad hoc routing protocol list.
Dynamic source routing protocol (DSR) is an on-demand protocol designed to restrict the bandwidth consumed by control packets in ad hoc wireless networks by eliminating the periodic table-update messages required in the table-driven approach. The major difference between this and the other on-demand routing protocols is that it is beacon-less and hence does not require periodic hello packet (beacon) transmissions, which are used by a node to inform its neighbors of its presence. The basic approach of this protocol (and all other on-demand routing protocols) during the route construction phase is to establish a route by flooding RouteRequest packets in the network. The destination node, on receiving a RouteRequest packet, responds by sending a RouteReply packet back to the source, which carries the route traversed by the RouteRequest packet received.
Consider a source node that does not have a route to the destination. When it has data packets to be sent to that destination, it initiates a RouteRequest packet. This RouteRequest is flooded throughout the network. Each node, upon receiving a RouteRequest packet, rebroadcasts the packet to its neighbors if it has not forwarded it already, provided that the node is not the destination node and that the packet’s time to live (TTL) counter has not been exceeded. Each RouteRequest carries a sequence number generated by the source node and the path it has traversed. A node, upon receiving a RouteRequest packet, checks the sequence number on the packet before forwarding it. The packet is forwarded only if it is not a duplicate RouteRequest. The sequence number on the packet is used to prevent loop formations and to avoid multiple transmissions of the same RouteRequest by an intermediate node that receives it through multiple paths. Thus, all nodes except the destination forward a RouteRequest packet during the route construction phase. A destination node, after receiving the first RouteRequest packet, replies to the source node through the reverse path the RouteRequest packet had traversed. Nodes can also learn about the neighboring routes traversed by data packets if operated in the promiscuous mode (the mode of operation in which a node can receive the packets that are neither broadcast nor addressed to itself). This route cache is also used during the route construction phase.
Rsa:
Key generation
RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. The keys for the RSA algorithm are generated the following way:
1. Choose two distinct prime numbers p and q.
For security purposes, the integers p and q should be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found using a primality test.
2. Compute n = pq.
n is used as the modulus for both the public and private keys
3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function.
4. Choose an integer e such that 1 < e < φ(n) and greatest common divisor of (e, φ(n)) = 1; i.e., e and φ(n) are coprime.
e is released as the public key exponent.
e having a short bit-length and small Hamming weight results in more efficient encryption - most commonly 0x10001 = 65,537. However, small values of e (such as 3) have been shown to be less secure in some settings.[4]
5. Determine d = e–1 mod φ(n); i.e., d is the multiplicative inverse of e mod φ(n).
This is more clearly stated as solve for d given (de) mod φ(n) = 1
This is often computed using the extended Euclidean algorithm.
d is kept as the private key exponent.
The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d which must be kept secret.
Notes:
An alternative, used by PKCS#1, is to choose d matching de ≡ 1 mod λ with λ = lcm(p − 1, q − 1), where lcm is the least common multiple. Using λ instead of φ(n) allows more choices for d. λ can also be defined using the Carmichael function, λ(n).
The ANSI X9.31 standard prescribes, IEEE 1363 describes, and PKCS#1 allows, that p and q match additional requirements: be strong primes, and be different enough that Fermat factorization fails.
Encryption
Alice transmits her public key to Bob and keeps the private key secret. Bob then wishes to send message M to Alice.
He first turns M into an integer m, such that by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext corresponding to
.
This can be done quickly using the method of exponentiation by squaring. Bob then transmits to Alice.
Note that at least nine values of m will yield a ciphertext c equal to m,[5] but this is very unlikely to occur in practice.
[edit]Decryption
Alice can recover from by using her private key exponent via computing
.
Given , she can recover the original message M by reversing the padding scheme.