This presentation discusses securing the AODV routing protocol for mobile ad hoc networks. It reviews three approaches: 1) Using public key cryptography and group session keys to authenticate nodes and encrypt routing packets. 2) Using intrusion detection and response models to identify compromised nodes based on abnormal routing behavior. 3) The Secure AODV (SAODV) protocol which aims to provide source authentication, neighbor authentication, message integrity, and access control to address vulnerabilities like message tampering, dropping, and replays. Experimental results are compared for SAODV and traditional AODV.
Secure Routing with AODV Protocol for MANET by Ashok Panwar
1. Secure Routing with AODV
Protocol for Mobile Ad Hoc
Networks (MANET’s)
Presented by:-
Ashok Panwar
Technical Officer in ECIL (NPCIL)
Tarapur , Mumbai.
2. Papers Reviewed
Perkins, C.E.; Royer, E.M,”Ad-hoc On-Demand Distance Vector
Routing,” Proceedings of the Second IEEE Workshop on Mobile
Computing Systems and Applications, WMCSA ’99
Pirzada, A.A.; McDonald, C,”Secure Routing with the AODV Protocol,”
Proceedings of the Asia-Pacific Conference on Communications, Oct 3-5,
2005
Bhargava, S.; Agrawal, D.P.,”Security Enhancements in AODV protocol
for Wireless Ad Hoc Networks,” Vehicular Technology Conference Oct 7-
11, 2004, IEEE VTS 54th Vol. 4
Yuxia Lin, A. Hamed Mohsenian Rad, Vincent W. S. Wong, Joo-Han
Song,”Experimental Comparisons between SAODV and AODV Routing
Protocols,” Proceedings of the 1st ACM workshop on Wireless Multimedia
Networking and Performance modeling, WMuNeP Oct 2005
2
Presented by:- Ashok Panwar
Technical Officer in ECIL
3. Outline
Mobile Ad Hoc Networks (MANET)
Applications
Security Design Issues in MANET
Motivation
Traditional AODV
Secured AODV
Experimental Comparisons
Closing Remarks
3
Presented by:- Ashok Panwar
Technical Officer in ECIL
4. Mobile Ad Hoc Networks
A collection of wireless mobile hosts forming a temporary network without the
aid of any established infrastructure.
Significant Features:
Dynamic topology of interconnections
No administrator
Short transmission range- routes between nodes has one or more hops
Nodes act as routers or depend on others for routing
movement of nodes invalidates topology information
4
Presented by:- Ashok Panwar
Technical Officer in ECIL
5. Mobile Ad Hoc Networks (cont.)
The network topology can change any time because of node
mobility and nodes may become disconnected very frequently.
5
Presented by:- Ashok Panwar
Technical Officer in ECIL
6. Mobile Ad Hoc Networks (cont.)
Host A and C are out of range from each other’s wireless transmitter.
While exchanging packets, they use routing services of host B.
B is within the transmission range of both of them.
Routing: Source -> Destination
6
Presented by:- Ashok Panwar
Technical Officer in ECIL
7. Applications of MANET
Useful where geographical or terrestrial constrains
demand totally distributed network without fixed base
station.
Military Battlefields
Disaster and Rescue Operations
Conferences
Peer to Peer Networks
7
Presented by:- Ashok Panwar
Technical Officer in ECIL
8. Security Design Issues in MANET
Do not have any centrally administered secure
routers.
Attackers from inside or outside can easily exploit the
network.
Passive eavesdropping, data tampering, active interfering,
leakage of secret information, DoS etc.
Open peer-to-peer architecture.
Shared Wireless Medium.
Dynamic Topology.
8
Presented by:- Ashok Panwar
Technical Officer in ECIL
9. Motivation
Ad Hoc networks are challenged due to
Nodes are constantly mobile
Protocols implemented are co-operative in nature
Lack of fixed infrastructure and central concentration point where IDS
can collect audit data
One node can be compromised in a way that the incorrect and
malicious behaviour cannot be directly noted at all.
Well-established traditional security approaches to routing are
inadequate in MANET.
9
Presented by:- Ashok Panwar
Technical Officer in ECIL
10. Traditional AODV
Ad Hoc On Demand Distance Vector Routing Protocol
Reactive Protocol: discovers a route on demand.
Nodes do not have to maintain routing information.
Route Discovery
Route Maintenance
Hello messages:
used to determine local connectivity.
can reduce response time to routing requests.
can trigger updates when necessary.
10
Presented by:- Ashok Panwar
Technical Officer in ECIL
11. Traditional AODV – Route Discovery
If a source needs a route to a destination for which it does not already have
a route in its cache:
Source broadcasts Route Request (RREQ) message for
specified destination
Intermediate node:
Returns a route reply packet (RREP) (if route information about
destination in its cache), or
forwards the RREQ to its neighbors (if route information about
destination not in its cache).
If cannot respond to RREQ, increments hop count, saves info to
implement a reverse path set up, to use when sending reply
(assumes bidirectional link…)
11
Presented by:- Ashok Panwar
Technical Officer in ECIL
12. Traditional AODV – RREQ
RREQ packet contains: destination
and source IP address, broadcast ID,
source node’s sequence number and
destination node’s sequence number.
Node 1 wants to send data packet to node
7. Node 6 knows a current route to node
7. Node 1 sends a RREQ packet to its
neighbors.
Source_addr =1
dest_addr =7
broadcast_id = broadcast_id +1
source_sequence_# =
source_sequence_# + 1
dest_sequence_# = last dest_sequence_#
for node 7
Type Flag Resvd hopcnt
Broadcast_id
Dest_addr
Dest_sequence_#
Source_addr
Source_Sequence_#
12
Presented by:- Ashok Panwar
Technical Officer in ECIL
13. Traditional AODV (RREQ)
Nodes 2 and 4 verify that this is a new RREQ (source_sequence_# is not stale) with
respect to the reverse route to node 1.
Forward the RREQ, and increment hop_cnt in the RREQ packet.
RREQ reaches node 6 from node 4, which knows a route to 7.
Node 6 verify that the destination sequence number is less than or equal to the
destination sequence number it has recorded for node 7.
Nodes 3 and 5 will forward the RREQ packet to node 6, but it recognizes the
packets as duplicates.
13
Presented by:- Ashok Panwar
Technical Officer in ECIL
14. Traditional AODV (RREP)
Node 6 has a route to destination. It sends a route reply RREP to the
neighbor that sent the RREQ packet.
Intermediate nodes propagate RREP towards the source using cached
reverse route entries.
Other RREP packets discarded unless, dest_seq_# is higher than the
pervious, or same but hop_cnt is smaller.
Cached reverse routes timeout in nodes that do not see RREP packet.
Type Flag prsz hopcnt
Dest_addr
Dest_sequence_#
Source_addr
lifetime
14
Presented by:- Ashok Panwar
Technical Officer in ECIL
15. Traditional AODV (RREP)
Node 6 sends RREP to node 4
Source_addr=1, dest_addr=7, dest_sequence_# = maximum (sequence no.
stored for node 7, dest_sequence_# in RREQ), hop_cnt =1.
Node 4 finds out it is a new route reply and propagates the RREP packet to
Node 1.
15
Presented by:- Ashok Panwar
Technical Officer in ECIL
16. Approach 1 : Secure AODV
Vulnerability issues of AODV (due to intermediate
nodes):
Deceptive incrementing of sequence number
Deceptive decrementing of hop count
To secure AODV, approach 1 divided security issues
into 3 categories:
Key Exchange
Secure Routing
Data Protection
16
Presented by:- Ashok Panwar
Technical Officer in ECIL
17. Approach 1 : Secure AODV (cont.)
Key Exchange:
All nodes before entering the network procure a one-time
public and private key pair from CA and CA’s public key.
After that, nodes can generate a Group Session Key
between immediate neighbors using a suitable ‘Group
keying protocol’.
These session keys are used for securing the routing
process and data flow.
Thus authentication, confidentiality and integrity is
assured.
17
Presented by:- Ashok Panwar
Technical Officer in ECIL
18. Approach 1 : Secure AODV (cont.)
Secure Routing (RREQ):
Node ‘x’ desiring to establish communication with ‘y’, establishes a group session key
Kx between its immediate neighbors.
Creates RREQ packet, encrypts using Kx and broadcasts.
Intermediate recipients that share Kx decrypt RREQ and modify.
Intermediate nodes that do not share Kx initiate ‘group session key exchange protocol’
with the immediate neighbors.
Intermediate nodes encrypt RREQ packet using the new session key and rebroadcast.
18
Presented by:- Ashok Panwar
Technical Officer in ECIL
19. Approach 1 : Secure AODV (cont.)
Secure Routing (RREP)
In response to RREQ, ‘y’ creates RREP.
RREP is encrypted using the last Group session key that
was used to decrypt RREQ and is unicast back to the
original sender.
If any of the intermediate nodes has moved out of wireless
range, a new group session key is established.
Recipient nodes that share the forward group session key
decrypt RREP and modify.
RREP is then encrypted using backward group session key
and unicast to ‘x’.
19
Presented by:- Ashok Panwar
Technical Officer in ECIL
20. Approach 1 : Secure AODV (cont.)
Data Protection
Node ‘x’ desiring to establish end-to-end secure data channel, first establishes
a session key Kxy with ‘y’.
‘x’ symmetrically encrypts the data packet using Kxy and transmits it over the
secure route.
Intermediate nodes forward the packet in the intended direction.
Node ‘y’ decrypts the encrypted data packet using Kxy.
20
Presented by:- Ashok Panwar
Technical Officer in ECIL
21. Security Analysis for Approach 1
Authorized nodes to perform route computation and discovery.
Routing control packets authenticated and encrypted by each
forwarding node.
Minimal exposure of network topology.
Routing information is encrypted, an adversary will gain no
information on the network topology.
Detection of spoofed routing messages.
Initial authentication links a number of identities to each node’s private
key.
Detection of fabricated routing messages.
To fabricate a routing message session key needs to be compromised.
Prevent redirection of routes from shortest paths.
Routing packets accepted only from authenticated nodes, adversary
cannot inject anything unless an authorized node first authenticates it.
21
Presented by:- Ashok Panwar
Technical Officer in ECIL
22. Approach 2: Secure AODV (cont.)
Defines two types of attacks:
Internal & external
Compromised & Selfish nodes
Malicious nodes
To handle the attacks, this approach suggests two
models:
Intrusion Detection Model (IDM)
Intrusion Response Model (IRM)
22
Presented by:- Ashok Panwar
Technical Officer in ECIL
23. Approach 2: Secure AODV (cont.)
Vulnerability issues of AODV (due to internal
attacks):
Distributed false route request
Denial of service
Destination is compromised
Impersonation
23
Presented by:- Ashok Panwar
Technical Officer in ECIL
24. Approach 2: Secure AODV (cont.)
IDM
Each node employs IDM that
utilizes the neighborhood
information to detect
misbehaviors of its neighbors.
When Misbehavior count >
threshold for a node, information
is sent to other nodes about
misbehaving node.
They in turn check their local
MalCount, and add the result to
the initiator’s response.
IDM is present on all the nodes
and monitors and analyzes
behavior of its neighbors to
detect if any node is
compromised.
Secure Communication
Global Response
Intrusion Response Model
(IRM)
Mal
Count
>
Threshol
d
Intrusion Detection Model
(IDM)
Data Collection
24
Presented by:- Ashok Panwar
Technical Officer in ECIL
25. Approach 2: Secure AODV (cont.)
IDM
Distributed False Route Request
Malicious node may generate frequent unnecessary
route requests i.e. false route message.
If done from different radio range it is difficult to
identify the malicious node (RREQ are broadcasts).
When a node receives RREQ > threshold count by a
specific source for a destination in a particular time
interval- tinterval, the node is declared malicious.
25
Presented by:- Ashok Panwar
Technical Officer in ECIL
26. Approach 2: Secure AODV (cont.)
IDM
Denial of Service
A malicious node may launch DoS attack by
transmitting false control packets and using the entire
network resources.
Other nodes are deprived of these resources.
It can be identified if a node is generating the control
packets that is more than threshold count in a particular
time interval – tfrequency.
26
Presented by:- Ashok Panwar
Technical Officer in ECIL
27. Approach 2: Secure AODV (cont.)
IDM - Destination is Compromised
A destination might not reply if it is:
Not in the network
Overloaded
Did not receive route request
Malicious
It is identified when a source does not receive reply from
destination in a particular time interval – twait.
Neighbors generate ‘Hello’ packets to determine connectivity.
If a node is in network and does not respond to RREQ
destined for it, it is identified as malicious.
27
Presented by:- Ashok Panwar
Technical Officer in ECIL
28. Approach 2: Secure AODV (cont.)
IDM
Impersonation
If Sender encrypts the packet with its private
key and other nodes decrypt with public key of
sender , this attack can be avoided.
If Receiver is not able to decrypt the packet, the
sender might not be the real source and packet
will be dropped.
28
Presented by:- Ashok Panwar
Technical Officer in ECIL
29. Approach 2: Secure AODV (cont.)
Intrusion Response Model ( IRM )
A node ‘x’ identifies that another node ‘m’ is compromised when
malcount for that node ‘m’ increases beyond threshold value.
‘x’ propagates to entire network by transmitting ‘Mal’ packet.
If another node ‘y’ suspects node ‘m’, it reports its suspicion to the
network and transmits ‘ReMal’ packet.
If two or more nodes report about a particular node , ‘Purge’ packet is
transmitted to isolate malicious node from the network.
All nodes having a route through the compromised node look for
newer routes.
All packets received from the compromised node are dropped.
29
Presented by:- Ashok Panwar
Technical Officer in ECIL
30. Approach 3: Secure AODV
SAODV
Vulnerability issues of AODV:
Message Tampering Attack [compromised node]
E.g. Hop count made 0 by attacker node
E.g. Hop count made infinite by selfish node.
Message Dropping Attack [selfish node]
Message Replay (wormhole) Attack [malicious node]
Security Requirements for AODV:
Source Authentication
Neighbor Authentication
Message Integrity
Access Control
30
Presented by:- Ashok Panwar
Technical Officer in ECIL
31. Approach 3: Secure AODV (cont.)
Source Authentication
Receiver should be able to confirm the identity of the source.
Neighbor Authentication
Receiver should be able to confirm the identify of the sender (one-hop
previous node)
Message Integrity
Receiver should be able to verify that content of a message has not be
altered either maliciously or accidentally in transit.
Access Control
It is necessary to ensure that mobile nodes seeking to gain access to the
network have the appropriate access rights.
31
Presented by:- Ashok Panwar
Technical Officer in ECIL
32. Approach 3: Secure AODV (cont.)
Route Discovery
Source node selects a random seed number & sets
Maximum hop-count (MHC) value.
Using hash function h, source computes hash value as
h(seed) and Top_Hash as hMHC
(seed).
Intermediate node checks if Top_Hash = hMHC-Hop_Count
(Hash).
Before rebroadcasting RREQ, increments hop-count field by 1 in
RREQ header.
Computes new Hash value by hashing the old value, h(Hash).
32
Presented by:- Ashok Panwar
Technical Officer in ECIL
33. Approach 3: Secure AODV (cont.)
Route Discovery
Except for hop-count field and hhop-count
(seed), all
other fields of RREQ are non-mutable.
Hence can be authenticated by verifying the
signature in RREQ.
Destination generates RREP on receiving RREQ.
33
Presented by:- Ashok Panwar
Technical Officer in ECIL
34. Closing Remarks
Approach 1
Authors proposed Approach 1 for both secure routing and data protection
No Experiments have been discussed.
Approach 2
No Data Security Provided
Routing load of a network increases as malicious nodes generate False Control
Messages.
After implementing, decreases routing load by identifying malicious node and
isolating them from the network.
Approach 3
Ensure both integrity of data and control packets by using hash functions.
Source, Neighbor authentication and access control are ensured by digital
signatures.
Many indoor and outdoor experiments have been performed.
More efficient.
34
Presented by:- Ashok Panwar
Technical Officer in ECIL