You are on page 1of 4

OLSR Interop and Workshop, 2005

Secure Routing functions for OLSR protocol


Shuichi Ishida, Eriko Ando, Yasuko Fukuzawa
Hitachi, Ltd., Systems Development Laboratory

Abstract In this paper we present secure routing functions for


OLSR protocol. This mechanism employs a strategy that nodes
authenticate each other, and connect only authenticated nodes to
the ad hoc network. By employing the symmetric key
cryptosystem based authentication using a key exchanged after
initial authentication and distributed whole the network, we
achieve to reduce the security overhead.

routing protocols of an ad hoc network, constituted from


authentication and re-authentication of nodes, authentication of
control messages, and a key sharing and updating function.
Chapter 2 describes the outline of the secure routing system
for OLSR, and Chapter 3 describes implementation of security
functions.

Index TermsMobile Ad Hoc Network, Computer Network


Security, OLSR

II. SECURE ROUTING SYSTEM FOR OLSR

I. INTRODUCTION

ireless-communications technology, such as a cell phone


and wireless LAN, is spreading widely. Since
connection of cables is unnecessary, and it can use during
movement,
wireless-communications
technology
is
indispensable to the ubiquitous society whose use of a network
is enabled always anywhere.
The ad hoc network is studied as a network built using
wireless communications [1][2][3][4]. An ad hoc network is
expected to apply to the system which needs to build a
temporary network, because it does not need a fixed
infrastructure, and it is possible to build a network dynamically.
However, since everyone in the area which an electric wave
reaches can receive data in wireless communications, security
countermeasures are indispensable.
Wireless LAN (IEEE 802.11) is one of the
wireless-communications systems, and IEEE 802.11i is a
standard of security.802. 11i defines encryption
communication and user authentication, and user
authentication uses authentication servers, such as a RADIUS
server. However, because existence of a fixed server cannot be
guaranteed in an ad hoc network, the structure of the user
authentication of 802.11i is not suitable [5].
Moreover, security functions with few overheads are
necessary in the ad hoc network which network topology
changes dynamically.
Therefore, we studied ad hoc network-oriented security to
construct the network only with authorized nodes. We
developed the secure routing system for OLSR (OPTIMIZED
LINK STATE ROUTING) which is one of the proactive

This research was sponsored by Information-Technology Promotion


Agency (IPA),Japan, under a grant for the Next-Generation Software
Development Project in the 2004 fiscal year.

A. Overview of OLSR
OLSR is a protocol which exchanges a control message
periodically and creates the routing table beforehand. Each
node broadcasts the control message called HELLO
periodically, and notifies the information on an adjacent node,
i.e. and the node with which it can communicate directly. By
receiving HELLO, each node gets to know existence of the
MPR (MultiPoint Relay) node, which used as relay when
communicating with the node which cannot communicate
directly. The MPR transmits control messages called TC that is
information about nodes to which the MPR can transmit
messages, to all nodes. Each node knows existence of other
nodes with which it cannot communicate directly by receiving
TC, and creates a routing table based on that information.
B. Security Requirement for mobile ad hoc network
There are threats for ad hoc network routing protocol like
having other nodes make incorrect routing table by sending
incorrect control message for the nodes malicious reason.
There are following types of attacks [7].
Incorrect Control Traffic Generation
Incorrect Control Traffic Relaying
To protect ad hoc networks from those malicious node's acts,
we take strategy to connect only authenticated node.
Taking this strategy we have to assume the following cases.
(1) A malicious node sends incorrect control message
pretending authenticated node.
(2) A malicious node takes authenticated node's place when
the node moves.
(3) A malicious node connects network pretending that the
node has been authenticated and moves from other place.
As a countermeasure, we employ message authentication
code for control messages, and a key to create and verify the
code is published only to the authenticated node. And, nodes
are authenticated not only when nodes connect the network first

OLSR Interop and Workshop, 2005


but also when the node moves to another node's communication
range.
Moreover, it is necessary to take into consideration
increasing costs for authentication, message authentication, etc.
And we also should consider the case a node's security data is
leaked, because we can assume ad hoc nodes exists in user's
hand. Influences on the whole network should be as less as
possible in such case.
C. Overview of secure routing functions for OLSR protocol
In this section, the outline of the security function for the
vulnerabilities stated with Section II.B is described.
(1) Authentication of nodes.
We employ authentication of nodes which attempt to
connect to the ad hoc network. To implement authentication
function, it becomes one of main issues which device or
devices authenticate a connecting node. Because existence of
a fixed server cannot be guaranteed to an ad hoc network, we
decided that the nodes connected directly authenticate each
other. Neighbor nodes authenticate each other using a public
key cryptosystem, because we cannot assume the existence
of any fixed authentication server in an ad hoc network.
Moreover, neighbor nodes re-authenticate periodically and
check the completeness of a node because nodes are
movable.
(2) Authentication of control messages
When a node transmits or receives a control message, it
verifies the completeness of the message using MAC
(Message Authentication Code). A key used to make MAC is
shared with a node (sender) and neighbor node of the node
(receiver) because control messages are broadcasted. We
named the key a real circle key.
(3) Key Updating
To prevent a key to be revealed using the same key for a
long period of time, the key need to be updated.
Because the node on an ad hoc network moves, a network
topology changes frequently. As a result, the authentication
using a public key cryptosystem occurs frequently, and an
overhead becomes large. Therefore, we reduced an overhead
by employing authentication using the symmetric key
cryptosystem
for
periodical
re-authentication
and
authentication when nodes move.
(4) Periodical Re-authentication
It enables to reduce overhead of re-authentication, sharing
a symmetric key at the time of initial authentication, and
using symmetric encryption based authentication with that
key for re-authentication.
We named the key a re-authentication key.
(5) Authentication at node's movement
All the nodes that construct an ad hoc network share a
common key. We named the key an ad hoc key. When a node
moves and connects to other nodes in the ad hoc network,
symmetric key based authentication using the ad hoc key is
applied. This mechanism reduces the overhead of
authentication.
(6) Ad hoc key sharing

2
Since existence of a fixed server cannot be assumed in an
ad hoc network, each node in an ad hoc network generates
and distributes an ad hoc key. And the node which received
the ad hoc key chooses one key using the same selection
criterion.
It enables all nodes in the ad hoc network to share one
same ad hoc key. In OLSR, an ad hoc key is distributed using
TC.
Fig. 1 and fig. 2 shows how these security functions work as
a whole. When a node connect to an ad hoc network, mutual
authentication based on a public key cryptosystem is performed
with an neighbor node (initial authentication), and when it
succeeds, a re-authentication key, a real circle key, and an ad
hoc key are exchanged between them. And the node drops
control messages from the node which failed in authentication,
and accepts and processes only control messages from the
successfully authenticated node (fig. 1.). When the received
control message is TC, the node compare ad hoc keys in the TC
with the node's own ad hoc key, and choose the newest one (fig.
2.). Moreover, nodes re-authenticate neighbor nodes
periodically and check the existence. When a node moves,
mutual authentication using an ad hoc key is performed. The
security overhead is reduced using a symmetric key
cryptosystem for a re-authentication and the authentication
when nodes move.
Moreover, in order to maintain security, each node updates
keys periodically. A new re-authentication key is exchanged
during the re-authentication process. A new real circle key and
a new ad hoc key are distributed to the node which adjoins at
the time.

Fig. 1. Overview of secure routing function

Fig. 2. Overview of ad hoc key sharing

OLSR Interop and Workshop, 2005

III. IMPLEMENTATION OF SECURE ROUTING FUNCTION


We developed the secure routing function stated in Chapter
II. This chapter describes each function.
A. System Configuration
We developed the secure routing function stated in Chapter
II. Fig. 3 and TABLE I show the system configuration of a node.
Communication is based on TCP/IP. OpenSSL is a free
cryptographic library [6]. H-OLSR is the OLSR software
embedded by Hitachi, Ltd.
Node
Secure
SecureRouting
RoutingFunctions
Functions

Secure
Secure Routing
Routing
Interface
Interface Library
Library

Between Process
Communication

Secure
Secure Routing
Routing
Functions
Functions

Between Process
Communication

Refer

H-OLSR
H-OLSR

random number.
If the authentication succeeds, a re-authentication key, a real
circle key, and an ad hoc key is exchanged (fig. 4). One node
creates a re-authentication key, and sends it to the other node.
In real circle key updating process, old real circle key is used
until a new real circle key is distributed to all neighbor nodes,
as described in section III.F. Therefore, if authentication of new
node occurs and exchange new real circle key in middle of real
circle key updating process, new node cannot verify MAC. So,
in authentication process, nodes exchange both old and new
real circle key. And ad hoc key is distributed in TC, but a node
does not send TC when MPR does not exist. It means the ad hoc
key should be exchanged also at the time of authentication. As
described in section III.E, two or more ad hoc keys which the
node holds are sent to the other nodes, so that authentication
using an ad hoc key may be attained even if a movement of a
node occurs when all nodes have not chosen same ad hoc key
yet.
Node A
Start Authentication

Node B
Random Number A, Ad hoc Key ID List

1) Create an ad hoc key ID list

Authentication Messages
Key Information

Control Message
Authentication Data B, Random Number B,
Ad hoc key ID or Public Key Certification

TCP/UDP
TCP/UDP

Determine Authentication Type


Create Authentication Data
1) Determine authentication type from ad hoc key ID list
2) Create authentication data B from random number A
using ad hoc key or public key

Verify Authentcation Data

IP
IP

Public
Public Key
Key
Certification
Certification

1) Verify authentication data B


2) Create authentication data A from random
number B using ad hoc key or public key
3) Create re-authentication key
4) Encrypt re-authentication key, real circle
key, and ad hoc key

Authentication Data A, Public Key Certification (optional),


Encrypted Key Data A

Wireless
WirelessInterface
Interface
Encrypted Key Data B

Verify Authentication Data


Get Keys
1) Verify authentication data A
2) Decrypt key data A
3) Encrypt real circle key B and ad hoc key

Get Keys
1) Decrypt key data B

Fig. 3 Configuration of a node

Finish Authentication

Fig. 4 Authentication process


TABLE I
CONFIGURATION OF A NODE

Component
OS
Wireless I/F
Cryptographic
Library
Routing Software

Name / Version
Red Hat Linux 9.01)
IEEE 802.11b
OpenSSL 0.9.7d
H-OLSR

B. Authentication
When a node receives a HELLO message from another node
which has not authenticated, the secure routing functions called
by the OLSR process and starts mutual authentication process.
If the node receives another control message during
authentication process, just drops the message. If a control
message from the node which failed in authentication is
received, it will also be dropped. When a control message from
authenticated node is received, the completeness of a control
message is verified.
If the node shares the same ad hoc key with authenticating
node, authentication using the ad hoc key is processed. If not,
authentication using a public key is processed. The
authentication process is based on challenge-response using a
1)

Linux is a trademark of Linus Torvalds, Redhat is a trademark of Redhat


Software Inc.

C. Re-Authentication
Each node performs a re-authentication with neighbor nodes
periodically using the re-authentication key shared at initial
authentication. Re-authentication process is also based on a
challenge response type authentication like initial
authentication.
D. Control Message Authentication
In OLSR, two or more control messages can be transmitted
in one packet. Therefore, the MAC is generated using the
node's own real circle key and attached for each control packet
(fig. 5). When a node receives a control packet, it verifies the
MAC using the real circle key of a sent node.
Header
(4bytes)
Control Message
(variable length)

MAC
(8bytes)
Real Circle Key ID
(4bytes)
Fig. 5 Format of control packet with MAC

OLSR Interop and Workshop, 2005


E. Ad Hoc Key Sharing
The node which distributes TC (MPR) encrypt an ad hoc key,
key generation time, and a IP address of a node which
generated the key using the node's own real circle key, and
distributes it with TC (fig. 6). When a node receives a TC, it
decrypt it with the real circle key of the node which sent the TC,
compare the key's generation time, and choose the newest ad
hoc key. Because the timing of sending TCs, and the order of
receiving them are different with each nodes, it takes a time by
the time for every node to choose the same ad hoc key.
Therefore, nodes keep some number of ad hoc keys other than
the newest one, and MPR sends some of them in TC.
TC
(variable length)
Length of key data
(4bytes)
Encrypted ad hoc key
(variable length)
MAC
(8bytes)
Real circle key ID
(4bytes)
Fig. 6 Format of TC with ad hoc key

F. Key Updating
This function updates a re-authentication key, a real circle
key, and an ad hoc key. Each new key is encrypted with the old
key and distributed.
(1) Re-authentication key
A re-authentication key is updated during the
re-authentication process after definite period of time.
(2) Real circle key
After a definite period of time passes, a new real circle key
will be generated and it is sent to the neighbor node which
has authenticated and the node under authentication at that
time. In consideration of a packet loss etc., the key is sent 3
times.
(3) Ad hoc key
After a definite period of time passes from last updating, a
new ad hoc key will be generated and it sent 3 times to
neighbor nodes which has authenticated, and nodes under
authentication at that time. If the node is MPR, the new ad
hoc key is distributed at the timing of the next TC
transmission.

IV. CONCLUSION
We designed secure routing functions for OLSR which
consists of node authentication / re-authentication, control
message authentication, key sharing, and key updating function
for the purpose of forming an ad hoc network only by
authenticated nodes. Authentication / re-authentication aimed
to reduce security overhead by using the symmetric key
exchanged during initial authentication process which uses the
public key. As a result, authentication processing time was

4
shortened compare with the authentication using a public key
cryptosystem. The following is mentioned as a future subject.
(1) Optimization of a security parameter
Security parameters, such as a re-authentication interval,
should be set up considering application, network use
environment, etc. The security parameter according to each
system will be evaluated supposing service environment.
(2) Further speedup of authentication process
Shortening of authentication processing time was
achieved by authentication using the ad hoc key which is a
symmetric key shared between the whole ad hoc network
when a node moves in the network. However, an increase of
the node connect to an ad hoc network will increase the
message for authentication and key sharing. In order that the
increase in a message might affect communication efficiency,
it turned out that it is necessary to reduce the amount of data
of the communication message for security. This becomes a
serious problem, because the number of authentication
increases when high-speed movements, such as cars, are
assumed. Research and development of a system which
improve communication efficiency maintaining security are
furthered from now on.
(3) Security functions to create private ad hoc network
Our strategy to authenticate nodes can be used to create
private ad hoc network. But to realize that we need to
consider some other attacks. For example, there may be
possibilities that the unauthorized nodes, which cannot
communicate with each other directly, use the ad hoc
network which consists of authorized nodes to establish
communication.

REFERENCES
[1]
[2]

[3]
[4]
[5]
[6]
[7]

RFC3626,Optimized
Link
State
Routing
Protocol
(OLSR),http://www.ietf.org/rfc/rfc3626.txt,IETF,2003
IETF INTERNET-DRAFT, The Dynamic Source Routing Protocol for
Mobile Ad Hoc Networks
(DSR)
,http://www.ietf.org/internet-drafts/draft-ietf-manet-dsr-09.txt,
IETF, 2003
RFC3561,Ad
hoc
On-Demand
Distance
Vector
(AODV)Routing,http://www.ietf.org/rfc/rfc3561.txt,IETF,2003
RFC3684,Topology Dissemination Based on Reverse-Path Forwarding
(TBRPF) , http://www.ietf.org/rfc/rfc3684.txt,IETF,2004
B. Potter, B. Fleck, 802.11 Security, OReilly Media Inc., 2002
Open
SSL
Project
Homepage,
http://www.infoscience.co.jp/technical/openssl/
C. Adjih, T. Clausen, P. Jacquet, A. Laouiti, P. Mhlethaler, and D. Raffo:
Securing the OLSR Protocol, Med-Hoc-Net 2003, Mahdia, Tunisia, June
25-27, 2003

You might also like