Monday, May 9, 2011

Security in Manet Networks Challenges and Solutions

MANETS recent popularity
  • Self-configuration
  • Self-maintenance
Challenges to security
  • Open network architecture
  • Shared medium
  • Resource constraints
  • Dynamic topology
Goals of MANET Security
  • Protect network connectivity over multi-hop wireless channels
  • Link level solutions + network level solutions
  • Proactive
  • Reactive

Attacks (Network Layer)
  • Routing attacks
  • Attempt to “screw up” the others’ routing tables (remote effect)
  • Forwarding attacks
  • Leave routing tables alone, but change delivery of packets (local effect)
  • Attack dependent on underlying protocol
Attacks (Link Layer)
  • Key attacks
  • WEP
  • DoS attacks - Manipulation of backoff interval
  1. Easy corruption of other’s data
  2. Effects are compounded at higher layers
  3. Solution Outline – A Multi-fence Security Solution
Message Authentication Primitives
  • Message authentication code
  1. One-way hash function based on shared key
  2. Send data + MAC
  3. Verified only by intended receiver
  4. Low computational overhead
  5. Storage requirement
  6. O(n2) keys
  • Digital signature
  1. Public key infrastructure w/ certificates
  2. Encrypt w/ private and decrypt w/ public
  3. Verified by all receivers
  4. High computational overhead
  5. Storage requirement
  6. O(n) keys
  7. Certificate revocation lists
  8. Less resilient to DoS attacks

Secure Routing
  • Usually proactive approach
  • Authenticate source and routing information
  • Based on routing protocols
  • Source-based routing
  • Distance vector routing
  • Link state routing
Secure Source-based Routing
  • Append node ids to dynamically create routing path
  • Goal: Prevent intermediate nodes from altering routing list
  • End-to-end verification of nodes in paths
  • Example protocol (Adriadne) uses hash chaining technique

Secure Distance Vector Routing
  • Advertise global shortest paths to neighbor
  • Based on a distance metric
  • Goal: ensure correct advertisement of distance metric and authentic sender
  • Authenticate aggregation of metric
  • Unclear example in the paper that used hash chain on hop count

Secure Link State Routing
  • Discover neighbors and broadcast that info to everyone
  • Links only added if bidirectional
  • Nodes can collude
  • Goal: authenticate both neighbor discovery and neighbor broadcast
  • Example protocol (SLSP) uses digital signatures
Secure Packet Forwarding
  • Prevention impossible
  • Detection
  • Monitor neighbors
  • Probe path (for failures)
  • Reaction
  • Related to prevention mechanism
  • Global
  • End-host
Open Challenges
  • Larger problem space
  • Thwart attacks but include failures, misconfigurations, and network overload
  • Intrusion toleration
  • Make system robust in the presence of attacks
  • Larger solution space
  • Supplement encryption with other mechanisms (connectivity or route redundancy)
  • Use redundancy on system and protocol levels

High level description of security issues in MANETSFocused on network layer. Especially routing
Proposed “resiliency-oriented” multi-layered solution design – increased fault tolerance in security systems and called for better analysis models.