A Survey of SecureWireless Ad Hoc Routing.ppt

上传人:deputyduring120 文档编号:377896 上传时间:2018-10-09 格式:PPT 页数:25 大小:264KB
下载 相关 举报
A Survey of SecureWireless Ad Hoc Routing.ppt_第1页
第1页 / 共25页
A Survey of SecureWireless Ad Hoc Routing.ppt_第2页
第2页 / 共25页
A Survey of SecureWireless Ad Hoc Routing.ppt_第3页
第3页 / 共25页
A Survey of SecureWireless Ad Hoc Routing.ppt_第4页
第4页 / 共25页
A Survey of SecureWireless Ad Hoc Routing.ppt_第5页
第5页 / 共25页
亲,该文档总共25页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

1、A Survey of Secure Wireless Ad Hoc Routing,Article by: YIH-CHUN HU, ADRIAN PERRIGIEEE Security and Privacy special issue on Making Wireless Work, 2(3):28-39, 2004. Presented by: Devendra Salvi 04-17-2007,Multihop Ad Hoc network,Access Point,Network boundary,Ad Hoc N/W,Outline,Attacks on Ad hoc netwo

2、rks Key setup in Ad hoc networks SEAD in mobile wireless Ad Hoc network A secure on-demand routing protocol for ad hoc networks Securing AODV Review Questions,Attacks on Ad hoc networks,Attacks on ad hoc network routing protocols are mainly Routing disruption attack Wherein the attacker causes legit

3、imate data packets to be routed in dysfunctional ways.Resource consumption attack Wherein the attacker injects packets into the network to consume network resources such as bandwidth or to consume node resources such as memory/computational power.,Attacks on ad hoc network routing protocols,Routing

4、disruption attack,Insert forged routing packets,Source,Destination,Blackhole / Grayhole,Drop packets,Shortest path,Attacks on ad hoc network routing protocols,Wormhole,Node A,Node B,Xmission range of A,Xmission range of B,Intruder Node X,Intruder Node X,Records Traffic for network A & replays it in

5、network B,Attacks on ad hoc network routing protocols,Solution for wormhole attacks Packet Leashes is keeping constraints on packet in either of two ways Temporal Temporal leashes rely on extremely precise time synchronization and timestamps in each packet. A packets travel time is approximated as t

6、he difference between the receive time and the timestamp.Geographical,Attacks on ad hoc network routing protocols,Solution for wormhole attacks Packet Leashes is keeping constraints on packet in either of two ways TemporalGeographical Where in location information and loosely synchronized clocks is

7、used to create a leash The distance between the sender and receiver is calculated nodes velocity and timestamps.,Key setup in Ad hoc networks,To authenticate a legitimate node Establishing private keys Share private keys between each pair of nodes before deployment. Pitfall: when new nodes join netw

8、ork later Solution: 1. Establishing trust and keys between two nodes in an ad hoc network; Master-slave nodes.,Key setup in Ad hoc networks,SUCV addresses (statistically unique cryptographically verifiable) Each node generates a public- and private-key pair, and then chooses its address based on a c

9、ryptographic hash function of the public key E.g. 1. A nodes entire IPv6 address is the hash functions output,Key setup in Ad hoc networks,Certificates from a certificate authority,node address, node public key, and a signature from the CA (s).,Key setup in Ad hoc networks,Transitive trust and PGP t

10、rust graphs,node address, node public key, and a signature from the CA.,Node A,Node B,Node C,SEAD in mobile wireless Ad Hoc network,To support use of SEAD with nodes of limited CPU processing capability, and to guard against DoS attacks in which an attacker attempts to cause other nodes to consume e

11、xcess network bandwidth or processing time, efficient one-way hash functions are used while asymmetric cryptographic operations in the protocol are not used.,SEAD: Secure efficient Ad hoc Distance vector routing protocol.,SEAD in mobile wireless Ad Hoc network,Destination-Sequenced Distance-Vector a

12、d hoc network routing protocol (DSDV). Distance vector routing; each router maintains list of all possible destinations within the network. Each node router entry maintains:1. address of destination (identity)2. Nodes which form shortest known distance to destination (metric) usually # of hops.3. ad

13、dress of nodes neighbor which is the first hop on the shortest route to destination,SEAD in mobile wireless Ad Hoc network,Destination-Sequenced Distance-Vector ad hoc network routing protocol (DSDV). DSDV introduces a sequence number in each routing table entry. Prevents routing loops.,SEAD in mobi

14、le wireless Ad Hoc network,Hash Chains A one-way hash chain is built on a one-way hash function. To create a one-way hash chain, a node chooses a random x 0,1 and computes the list of values h0, h1, h2, h3, ., hn,where h0 = x, and hi = H(hi 1) for 0 i n, for some n. E.g. Given an authenticated hi va

15、lue, a node can authenticate hi3 by computing H(H(H(hi 3) and verifying that the resulting value equals hi,A secure on-demand routing protocol for ad hoc networks,Ariadne is a secure on-demand routing protocol that withstands node compromise and relies only on highly efficient symmetric cryptography

16、. Ariadne discovers routes on-demand (as they are needed) through route discovery and uses them to source route data packets to their destinations.,*Message authentication code (MAC) computed with key KSD over unique datafor example, a timestamp,Securing AODV,The Ad hoc On-demand Distance Vector rou

17、ting protocol (AODV) spreads distance vector routing information in an on-demand manner. There are two protocols to secure routing protocols Authenticated routing for ad hoc networks (ARAN) SAODV,Securing AODV,Authenticated routing for ad hoc networks (ARAN) Kimaya Sanzgiri and her colleagues develo

18、ped authenticated routing for ad hoc networks (ARAN), which is based on AODV. In ARAN, each node has a certificate signed by a trusted authority, which associates its IP address with a public key.,Securing AODV,(ARAN),1. To initiate a route discovery, the initiator S broadcasts a signed ROUTE REQUES

19、T packet that includes the target D, its certificate (certS), a nonce N, and a timestamp t. 2. Each node that forwards this REQUEST checks the signature or signatures. Node C checks node Bs certificate certB, then checks the signature on the outer message. C then verifies the certificate certS for i

20、nitiator S and uses the key in the certificate to verify the signature on the REQUEST. 3. If the signatures are valid, the forwarding node removes the last forwarders signature and certificate, signs the original REQUEST, and includes its own certificate. The node then broadcasts the REQUEST. Node C

21、 removes node Bs signature, signs the resulting REQUEST, and includes its own certificate. Node C then broadcasts the REQUEST. 4. When the first ROUTE REQUEST from a route discovery reaches the target, the target signs a ROUTE REPLY and sends it to the node from which it received the REQUEST. the ta

22、rget D returns a signed ROUTE REPLY to the previous hop C,Securing AODV,SAODV: A signature is used to authenticate most fields of a route request and route reply and hash chains are used to authenticate the hop count.,A node first authenticates the RREQ to ensure that each field is valid. It then pe

23、rforms duplicate suppression to ensure that it forwards only a single RREQ for each route discovery. The node then increments the hop-count field in the RREQ header, hashes the hop count authenticator, and rebroadcasts the RREQ, together with its RREQ-SSE extension.,Review,Strengths Comprehensive study of security protocols on wireless ad hoc networks,Review,Weaknesses Authors do not present any evaluations of the protocol.,Improvements,Implementation of the discussed protocols.,Questions ?,

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 教学课件 > 大学教育

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1