Security Issues In Mobile

Ad Hoc Networks

Manik Kapil

Wireless Network Security

Overview
! Introduction to MANET
! Routing Protocols
! Security Aspects
! Introduction to C0PE
! IPSec & Multicast
! Proposals
! Conclusion & References
MANIK KAPIL
Wireless Network Security
MANET
! Infrastructureless with no SAPs
! Host"Router"Host
! Contraints in wireless links
# Limited Computing Resources,
# Precious Battery Power,
# Routing,
# Security Of course!!

MANIK KAPIL
Wireless Network Security
Routing Protocols
! Requirements for MANET routing:
# Distributed Operation
# Loop Free Routing & Unidirectional Link
# Power Conservation
# QoS Support
# Network Layer Security->Firewalls..??

MANIK KAPIL
Wireless Network Security
Existing Schemes for Routing
! Proactive Approach
! Reactive Approach
! Cluster Based Approach (Hybrid)
! Flooding

Design:
# Flat vs Hierarchical

# Geographical Scope of dissemination of info’

# Dynamics of Network Topology

MANIK KAPIL
Wireless Network Security
Security Problems in Routing
Protocols
Denial of Service
!
# Centralized Infrastructure for key storage
etc
# Solutions incur huge overhead
Bogus Routing Information
!
# Better binding and registration schemes
Routing Information Disclosure
!
# Could be dealt by use of IPSec (probably)

MANIK KAPIL
Wireless Network Security
Consistent 0-Administration
Personnel Environment
! Wireless Devices moving independently
! Abstraction of VPI not possible
! Individual Firewalls and Authentication
! Multicasting in C0PE:
# New paradigm: Transient Multicast in c0pe
# Secure Multicast Infrastructure
# 2-way authentication..?

MANIK KAPIL
Wireless Network Security
IPSec
! Authentication Header (AH) & Encapsulating
Security Payload (ESP)
# AH: Authentication & Integrity at IP level
# ESP: Confidentiality at TCP/UDP layer
! Security Association & Security Parameter
Index
! Simple Key-management for IP (SKIP)
# Connectionless protocol, suited for IP
# Reboot of encryption gateways made easier

MANIK KAPIL
Wireless Network Security
Problems in Multicast + IPSec
! Group Owner => group leader
! Lack of proper key revocation strategies
! Lack of leader election strategies
! Fast Dynamics of Group
! Absence of Back up leader
! Choice of Cryptosystems

MANIK KAPIL
Wireless Network Security
Existing Solutions for wired
networks
! Run daemons from application layer to
SKIP layer– Access Control List (ACL)
! Use of single/multiple encryption
schemes
! Exploiting the mobility for dodging
! IEEE 802.11B recommends use of
beacons,
MANIK KAPIL
Wireless Network Security
Protocol Stack with IPSec
Application SKIP Daemon

TCP UDP

SKIP NETWORK LAYER

IP LAYER

DATA LINK LAYER

PHYSICAL LAYER

MANIK KAPIL
Wireless Network Security
Proposals
! Group owner can send beacons at
regular time intervals
! Heuristics for identifying compromised
nodes- traffic analysis, sleep off mode
recurrence
! Elliptic curve cryptography
! Leader election protocol to be handled
by MAC’s station management layer
MANIK KAPIL
Wireless Network Security
Conclusion
! Need of MANET routing protocols$
Hybrid Approach makes sense
! SKIP above IP layer would cut
overheads
! Security in Transient Multicast still an
open problem

MANIK KAPIL
Wireless Network Security
References
! R. Atkinson, “Security Architecture for the Internet Protocol RFC 1825”
! Fox and Gribble, “Charon - Security on the Move,
http://www.cs.berkeley.edu/~gribble/cs294-7_wireless/”
! Doraswamy, Harkins, “IPSec”, Prentice Hall Publishers
! Ashley & Vandenwauver, “Practical Intranet Security”, Kluwer Acad
! D Chapman, “Building Internet Firewalls”, O’Reilly & Associates
! Manet Charter, “http://www.ietf.org/html.charters/manet-charter.html”
! Papers on ad hoc wireless networks
“http://www.ics.uci.edu/~atm/adhoc/paper-collection/papers.html”
! E Madruga and J.J. Garcia-Luna-Aceves " Scalable Multicasting: The
Core Assisted Mesh Protocol " , accepted for publication in
ACM/Baltzer Mobile Networks and Applications Journal

MANIK KAPIL
Wireless Network Security