Security in Ad Hoc Wireless Networks

A security protocol should meet following requirements

Data confidentiality/secrecy is concerned with ensuring that data is not
exposed to unauthorized users.
Data integrity means that unauthorized users should not be able to modify
any data without the owner's permission.
System availability means that nobody can disturb the system to have it
unusable.
Authentication is concerned with verifying the identity of a user.
Non-repudiation means that the sender cannot deny having sent a message
and the recipient cannot deny have received the message.
1

Security in Ad Hoc Wireless Networks

Issues and challenges in security provisioning
Shared broadcast radio channel: The radio channel in ad hoc wireless
networks is broadcast and is shared by all nodes in the network.
Insecure operational environment: The operating environments where ad
hoc wireless networks are used may not always be secure. For example,
battlefields.
Lack of central authority: There is no central monitor in ad hoc wireless
networks.
Lack of association: A node can join and leave the network at any point.
Limited resource availability: Resources such as bandwidth, battery
power, and computational power are scarce.
Physical vulnerability: Nodes in these networks are usually compact and
hand-held in nature.
2

Need for Security

Some people who cause security problems and why.

Security Threats
Four types of security threats:
Interception refers to the situation that an unauthorized party has gained
access to a service or data.
Interruption refers to the situation in which services or data become
unavailable, unusable, or destroyed.
Modifications involve unauthorized changing of data or tampering with a
service.
Fabrication refers to the situation in which additional data or activity are
generated that would normally not exist.

Network Security Attacks

Security Attacks

Active Attacks

Passive Attacks
Snooping
MAC Layer
Attacks
Jamming

Network Layer
Attacks

Transport Layer
Attacks

Wormhole
attack

Session
hijacking

Application Layer
Attacks
Repudiation

DoS
Impersonation
Manipulation
of network
traffic
Device
tampering

Blackhole attack
Byzantine attack
Information disclosure
Resource consumption attack
Routing attacks

Other attacks

Network Security Attacks

Network Layer Attacks
Wormhole attack: an attacker receives packets at one location in the network
and tunnels them to another location in the network.
Blackhole attack: A malicious node could divert the packets.
Byzantine attack: A compromised intermediate node could create routing
loops.
Information disclosure: A compromised node may leak confidential
infomraiton to unauthorized nodes in the network.
Resource consumption attack: A malicious node tries to consume/waste away
resources of other nodes present in the network.
Routing attacks
Routing table overflow: An adversary node advertises routes to nonexistent nodes.
Routing table poisoning: The compromised nodes send fictitious routing
updates.
Packet replication: An adversary node replicates stale packets.
Route cache poisoning: Each node maintains a route cache that can be
poisoned by a adversary node.
Rushing attack: On-demand routing protocols that use duplicate
suppression during the route discovery process are vulnerable
to this attack.
6

Network Security Attacks

Transport Layer Attacks
Session hijacking: An adversary takes control over a session between two
nodes.

Application Layer Attacks

Repudiation: Repudiation refers to the denial or attempted denial by a node
involved in a communication.

Other Attacks
Multi-layer attacks could occur in any layer of the network protocol stack.
Denial of service: An adversary attempts to prevent authorized users
from accessing the service.
Jamming: Transmitting signals on the frequency of senders and
receivers to hinder the communication.
SYN flooding: An adversary send a large number of SYN packets to
a victim node.
Distributed DoS attack: Several adversaries attack a service at the
same time.
Impersonation: An adversary pretends to be other node.
Device tampering: Mobile devices get damaged or stolen easily.
7

Key Management
Cryptography is one of the most common and reliable means to
ensure security.
The purpose of cryptography is to take a message or a file, called
the plaintext (P), and encrypt it into the ciphertext (C) in such a
way that only authorized people know how to convert it back to
the plaintext.
The secrecy depends on parameters to the algorithms called keys.
The four main goals of cryptography are confidentiality, integrity,
authentication, and non-repudiation.
Usually, the encryption method E is made public, but let the
encryption as a whole be parameterized by means of a key k (same
for decryption).
Three types of intruders:
Passive intruder only listens to messages.
Active intruder can alter messages.
Active intruder can insert messages.

Cryptography

Intruders and eavesdroppers in communication.

9

Cryptography
There are two major kinds of cryptographic algorithms:
Symmetric (secret-key) system: Use a single key to (1) encrypt the
plaintext and (2) decrypt the ciphertext. Requires that sender and receiver
share the secret key.
Asymmetric (public-key) system: Use different keys for encryption and
decryption, of which one is private, and the other public.

Hashing system: Only encrypt data and produce a fixedlength

digest. There is no decryption; only comparison is possible.
Notation

Description

KA, B

Secret key shared by A and B

K A

Public key of A

K A

Private key of A

10

Cryptography Functions
Cryptography functions
Secret key (symmetric cryptography, e.g., Substitution, Transposition)
Public key (asymmetric cryptography, e.g., RSA)
Hashing (one-way function - message digest, e.g., MD5)Security services

Security services
Privacy (Secrecy): preventing unauthorized release of information
Authentication: verifying identity of the remote participant
Integrity: making sure message has not been altered
Security
Cryptography
algorithms
Secret
key
(e.g., DES)

Public
key
(e.g., RSA)

Security
services
Message
digest
(e.g., MD5)

Privacy

Authentication

11

Message
integrity

Symmetric Cryptosystems
Substitute Cipher: each letter or group of letter is replaced by
another letter or group of letters
Caesar cipher: rotate the letter (a D, b E, c F, z C).
Example: attack DWWDFN
Monoalphabetic substitution
Each letter replaced by different letter
Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM
Disadvantage: It does not smooth out frequencies in the cipher text.
Polyalphabatic cipher use multiple cipher alphabets.

12

Secret-Key Cryptography
Transposition cipher: reorder the letters, but don't disguise them.
Select a key

MEGABUCK
74512836
plea se tr
ansfe ron
ehundred
afnsedtoelnhesurndpaeerr
Plain text cipher text

13

Transposition Ciphers
A transposition cipher.

14

Asymmetric key algorithms

Ttwo keys- Public key(E), private key(D)

Encryption is c= E(m)
Deccryption is m=D(E(m))
Popular example is RSA algorithm.
Sender encrypts with its private key D
Any recepient who know senders public key (E) decrypts it as
m=D(E(m))
TTP is responsible for issuing the D and E.

15

Key management approaches

How to share the secret key among the specified set of
participants??
4 approachesKey predestribution
Key transport
Key arbitration
Key agrement

16

Key predestribution
Distributing the keys to interested parties before the start of
communication
But participants should agree for a priori Once deployed there is no provision for including new members
there is no provision for changing the key.

17

Key predestribution
Distributing the keys to interested parties before the start of
communication
But participants should agree for a priori Once deployed there is no provision for including new members
there is no provision for changing the key.

18

Key transport
One of the entity in the network generates key and is transported to
the members.
It assumes that, members hold a shared prior key and is used to
encrypt the new key.
This encrypted key is then transported
Any member who knows the prior key can decrypt it and can get
the new key.
This is called as KEY ENCRYPTION KEY(KEK)
It assumes the presence of TTP as PKI because prior key may not
exist with all the nodes.
One of the best method- Shamirs three phase protocol.
19

Shamirs three phase protocol

Makes use of commutative encryption using composite function f0 and g()

Generate K
and Kx

Encrypt as
f(kx,K)
Generate Ky
Encrypt as
g(Ky,(f(kx,K))

Decrypts
using Kx

Applies
inverse of f

Encrypt as
g(ky,K)

Decrypts
using Ky
Applies
inverse of g

20

Key arbitration
A central arbitror will create and distribute keys to all the participants
Access points are used as arbitrors in infrastructure based networks.
But APs have to be powered continuously, this may not be suitable
for adhoc n/w.
Solution is to distribute arbitration among nodes by avoiding
replication.

21

Key agrement
Two or more nodes will agree upon a secret key which is then used
for secret communication among them.
A secret context is established between agreed nodes.
Each participant will contribute a part in key management

22

Key management in adhoc n/w

Challenges in key amanagement because of lack of infrastructure
Three solutionsPassword based group systems
Threshold cryptography
Self oganized public key management

23

Threshold cryptography
Network consists of n nodes
Out of n, T+1 nodes will perform arbitration(key distribution).
These nodes are alled as servers
Each server will generate a partial signature using its private key
and submits to a combiner(any one of the server)
there will b t+1 number of combiners
T+1 Combiner combines these signatures and verify its validity
using public key.
If verification fails (because of malicious nodes signature), it
means atleast one signature is in valid out of t+1
Then another set of partial signature are tried.
24

Self oganized public key managemen

A completely self organized public key system for adhoc n/w
Certificates are the keys for authentication.
Initially every node contains two ceertificates in its local buffercertificate of itself and issued by other user.
These certificates are periodically exchanged and updated with
neighboring nodes.
Under any conflicts(replication of keys / node having 2 keys), the
node tries to resolve it by interacting with neighbors.
Example- trust flow

25

 Vertices- public key of individual nodes

Edges- certificates issued by other nodes
A node gets public key of another node through chain of
certificates(trust).

1
trust

trust

y
trust

26

Secure routing in adhoc n/w

Requirements Detection of malicious nodes
Guarantee of correct route discovery
Confidentiality of n/w topology
Stability aganist attacks

27

Secure Efficient Adhoc Distance vector

routing (SEAD)
It is based on the destination sequenced distance vector routing
protocol(DSDV).
It overcomes the attacks such as DoS and Resource consumption.
There are no asymmetric cryptographic operation.
It makes use of a one-way hash function.

28

DISTANCE VECTOR ROUTING

Each node maintains a routing table containing the list of
all known routes to various destination nodes in the
network.
The routing table is updated periodically by exchanging
routing information.
An alternative approach to this is triggered updates in
which each node broadcasts routing updates only if its
routing table gets altered.
29

Generate hash key h1

Send message, hash(h)

Generate hash key h2
Verify the h1 with h2
If authenticated, then
send ack

ack
30

Types of hash
Mangalore
Bangalore
Mumbai
Chennai

3
4
5
6

0001
0010
0011
0100

3
4
5
6

0001
0010
0011
0100

0001
0010
0011
0100

31

ONE-WAY HASH FUNCTION

To differentiate between updates that are received from nonmalicious nodes and malicious nodes SEAD uses authentication
To authenticating the updates SEAD uses a one-way hash function.
The hash function generates hash chain as: h1,h2,h3......
These hashes are used to convert an i/p string of any bit length to a
bit string of fixed length
i.e H:(0,1)*
(0,1)p where p=bit length of o/p string

32

 To create hash chain a node generates random numbers with

-initial values as x belongs to (0,1)p
-first number (h0) as x
- remaining values = calculated as hi = H(hi-1) where i is such
that 0<=i<=n
Now,
for a routing table entry with sequence number i, let k= (k/m)-1
and if distance=j such that (0<=j<=m-1) then hash code generated
is given byhkm+j
Where m is the metric used to select boundary vlaue.
Eg: m can be distance. Then maximum diameter of the n/w is m-1
33

Hashing
The hash code istransmitted along with original update message
Malicious node can break this hashed sequence number only if it
knows previous hash hkm+j-1
Note: this is possible only in normal hash functions (but not in
oneway

34

Security aware adhoc routing protocol

(SAR)
It is based on the security levels assigned to the individual nodes
and Rout request packets.
Security levels are assigned based on

Timeliness
In order delivery of packets
Authenticity
Integrity
Confidentiality

Route request packet is attached with secutity level field

On receival Route request a nodechecks its security level, and35

(SAR)
On receival Route request a nodechecks its security level, and If security level > node's security level then the node is allowed to read n
forward
If security level = node's security level the node is allowed to only to
forward
If security level < node's security level, the node is neither allowed to read
not to forward (request is discarded)

SAR can be implemented in any routing protocol

(here AODV routing is considered)

36

Security aware AODV

37