- Self-configuration
- Self-maintenance
Challenges to security
- Open network architecture
- Shared medium
- Resource constraints
- Dynamic topology
Goals of MANET Security
- Protect network connectivity over multi-hop wireless channels
- Link level solutions + network level solutions
Approaches
- Proactive
- Reactive
Attacks (Network Layer)
- Routing attacks
- Attempt to “screw up” the others’ routing tables (remote effect)
- Forwarding attacks
- Leave routing tables alone, but change delivery of packets (local effect)
- Attack dependent on underlying protocol
Attacks (Link Layer)
- Key attacks
- WEP
- DoS attacks - Manipulation of backoff interval
- Easy corruption of other’s data
- Effects are compounded at higher layers
- Solution Outline – A Multi-fence Security Solution
Message Authentication Primitives
- Message authentication code
- One-way hash function based on shared key
- Send data + MAC
- Verified only by intended receiver
- Low computational overhead
- Storage requirement
- O(n2) keys
- Digital signature
- Public key infrastructure w/ certificates
- Encrypt w/ private and decrypt w/ public
- Verified by all receivers
- High computational overhead
- Storage requirement
- O(n) keys
- Certificate revocation lists
- Less resilient to DoS attacks
Secure Routing
- Usually proactive approach
- Authenticate source and routing information
- Based on routing protocols
- Source-based routing
- Distance vector routing
- Link state routing
Secure Source-based Routing
- Append node ids to dynamically create routing path
- Goal: Prevent intermediate nodes from altering routing list
- End-to-end verification of nodes in paths
- Example protocol (Adriadne) uses hash chaining technique
Secure Distance Vector Routing
- Advertise global shortest paths to neighbor
- Based on a distance metric
- Goal: ensure correct advertisement of distance metric and authentic sender
- Authenticate aggregation of metric
- Unclear example in the paper that used hash chain on hop count
Secure Link State Routing
- Discover neighbors and broadcast that info to everyone
- Links only added if bidirectional
- Nodes can collude
- Goal: authenticate both neighbor discovery and neighbor broadcast
- Example protocol (SLSP) uses digital signatures
Secure Packet Forwarding
- Prevention impossible
- Detection
- Monitor neighbors
- Probe path (for failures)
- Reaction
- Related to prevention mechanism
- Global
- End-host
Open Challenges
- Larger problem space
- Thwart attacks but include failures, misconfigurations, and network overload
- Intrusion toleration
- Make system robust in the presence of attacks
- Larger solution space
- Supplement encryption with other mechanisms (connectivity or route redundancy)
- Use redundancy on system and protocol levels
Conclusions
High level description of security issues in MANETSFocused on network layer. Especially routing
Proposed “resiliency-oriented” multi-layered solution design – increased fault tolerance in security systems and called for better analysis models.
High level description of security issues in MANETSFocused on network layer. Especially routing
Proposed “resiliency-oriented” multi-layered solution design – increased fault tolerance in security systems and called for better analysis models.