The document discusses a routing protocol called AASR for mobile ad hoc networks (MANETs) operating in adversarial environments. The objectives of AASR are to provide anonymity, location privacy, and defend against active attacks while maintaining throughput and reducing packet loss. It aims to achieve this through the use of group signatures, onion routing, and trapdoors to hide the identities of nodes and destinations of packets. The document reviews related work on onion routing, group signatures, and anonymous on-demand routing protocols. It also outlines some attacks on MANETs like location privacy attacks and discusses how the proposed framework uses techniques like trapdoors, asymmetric keys, and pseudonyms to make routing anonymous and untraceable.

1. AASR Authenticated Anonymous Secure
Routing for MANETs in Adversarial
Environments
Guider
Ms M. Nisha M.E;
Assistant Professor
Presented By
SaravananAnnamalai
(722013405016)
II M.E Computer Science&Engineering
9/8/2014 1

2. Introduction
• A Mobile Ad hoc Network (MANET) is a continuously self-configuring,
infrastructure-less network of mobile devices
connected without wires.
• Each device in a MANET is free to move independently in any
direction, and will therefore change its links to other devices
frequently.
• Each must forward traffic unrelated to its own use, and
therefore be a router.
• The primary challenge in building a MANET is equipping
each device to continuously maintain the information required
to properly route traffic and security.
9/8/2014 2

3. Objective
• A routing protocol to provide anonymity and location privacy.
• To defend the potential active attacks without unveiling the
node identities using group signature.
• To prevent intermediate nodes from inferring a real destination
using onion routing.
• Improve throughput in the presence of adversary attacks.
• To reduce the packet loss.
9/8/2014 3

4. On-demand Ad hoc Routing
• Reactive protocols
– Lower overhead since routes are determined on demand
– Significant delay in route determination
– Employ flooding (global search)
– Control traffic may be difficult
– Example: DSR, AODV etc
9/8/2014 4

5. Trapdoor
• A trapdoor is a common concept that defines a one-way
function between two sets.
• A global trapdoor is an information collection of mechanism in
which intermediate nodes may add information elements, such
as node IDs, into the trapdoor.
• Only certain nodes, such as the source and destination nodes
can unlock and retrieve the elements using pre-established
secret keys.
• The usage of trapdoor requires an anonymous end-to-end key
agreement between the source and destination.
9/8/2014 5

6. Group Signature
• It provides authentication without disturbing the anonymity.
• Every member in a group may have a pair of group public and
private keys issued by the group trust authority (i.e., group
manager).
• The member can generate its own signature by its own private
key, and such signature can be verified by other members in
the group without revealing the signer’s identity.
• Only the group trust authority can trace the signer’s identity
and revoke the group keys.
9/8/2014 6

7. Issues
• The existing protocols are vulnerable to the attacks of fake
routing packets or denial-of-service (dos) broadcasting.
• Route anonymity for secure communication.
• Location privacy for secure node movement.
• Low throughput in the presence of adversaries.
• Heavy packet loss
9/8/2014 7

8. Literature Survey
1) M. G. Reed, P. F. Syverson, and D. M. Goldschlag,
“Anonymous Connections and Onion Routing,” IEEE Journal
on Selcted Area in Comm., vol. 16, no. 4, pp. 482–494, May
1998.
2) D. Boneh, X. Boyen, and H. Shacham, “Short group
signatures,” in Proc. Int. Cryptology Conf. (CRYPTO’04),
Aug. 2004.
3) J. Kong and X. Hong, “ANODR: ANonymous On Demand
Routing with Untraceable Routes for Mobile Ad hoc
networks,” in Proc. ACM MobiHoc’03, Jun. 2003, pp. 291–
302.
9/8/2014 8

9. Anonymous Connections and Onion Routing
M. G. Reed, P. F. Syverson, and D. M. Goldschlag, “Anonymous
Connections and Onion Routing,” IEEE Journal on Selcted Area in
Comm., vol. 16, no. 4, pp. 482–494, May 1998.
• Onion routing is an infra structure for private communication
over public network.
• An onion is a data structure that is treated as the destination
address by onion routers – anonymous connection.
• Onions themselves appear differently to each onion router as
well as to network observers.
• The same goes for data carried over the connections they
establish.
9/8/2014 9

10. Basic Configuration
• Data stream never appears in the clear on the public network,
this data may carry identifying information, but
communication is still private.
• The onion router at the originating protected site knows both
the source and destination of a connection.
• The use of anonymous connections between two sensitive sites
that both control onion routers effectively hides their
communication from outsiders.
9/8/2014 10

11. How Onion Routing Works
{{{m}3}4}1 1 2
u d
3
4
5
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data are exchanged
9/8/2014 11

12. How Onion Routing Works
{{{m’}3}4}1 1 2
u d
3
4
5
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data are exchanged
9/8/2014 12

13. How Onion Routing Works
u
1 2
3
4
5
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data are exchanged.
4. Stream is closed.
5. Circuit is changed every few minutes.
d
9/8/2014 13

14. How Onion Routing Works
u
1 2
3
4
5
d
u 1 2
Theorem 1: Adversary can only determine parts of a
circuit it controls or is next to.
9/8/2014 14

15. Short Group Signatures
D. Boneh, X. Boyen, and H. Shacham, “Short group signatures,” in Proc.
Int. Cryptology Conf. (CRYPTO’04), Aug. 2004.
• Group signatures provide anonymity for signers.
• Signatures in our scheme are approximately the size of a
standard RSA signature with the same security.
• Security of our group signature is based on the Strong Diffie-
Hellman assumption and a new assumption in bilinear groups
called the Decision Linear assumption.
• Proof of security of our system is given by the random oracle
model
9/8/2014 15

16. Strong Diffie-hellman Assumption
• Let G1,G2 be cyclic groups of prime order p where possibly
G1 = G2.
• Let g1 be a generator of G1 and g2 a generator of G2.
• Let say that the (q, t, )-SDH assumption holds in (G1,G2) if no
t-time algorithm has advantage at least in solving the q-SDH
problem in (G1,G2).
• To gain confidence in the assumption prove that it holds in
generic groups in the sense of Shoup.
• The q-SDH assumption has similar properties to the Strong-
RSA assumption.
• Use these properties to construct our short group signature
• scheme.
9/8/2014 16

17. Decision Linear assumption
• Let g1 ϵ G1 as above, along with arbitrary generators u, v, and
h of G1
• Given u, v, h, ua, vb, hc 2 G1 as input, output yes if a + b = c
and no otherwise.
• The (t, )-Decision Linear Assumption (LA) holds in G1 if no t-time
algorithm has advantage at least in solving the Decision
Linear problem in G1.
9/8/2014 17

18. Group Signature Security
Properties
• Correctness, which ensures that honestly-generated signatures
verify and trace correctly.
• Full-anonymity, which ensures that signatures do not reveal
their signer’s identity.
• Full-traceability, which ensures that all signatures, even those
created by the collusion of multiple users and the group
manager, trace to a member of the forging coalition.
9/8/2014 18

19. ANODR: ANonymous On Demand Routing with Untraceable
Routes for Mobile Ad hoc networks
J. Kong and X. Hong, “ANODR: ANonymous On Demand Routing with
Untraceable Routes for Mobile Ad hoc networks,” in Proc. ACM
MobiHoc’03, Jun. 2003, pp. 291–302.
• The design of ANODR is based on - broadcast with trapdoor
information
• Un-traceability: ANODR dissociates ad hoc routing from the
design of network member’s identity/pseudonym.
• Intrusion tolerance: ANODR ensures there is no single point of
compromise in ad hoc routing.
• Un-linkability: Anonymity in terms of un-linkability is defined
as un-linkability of an IOI and a pseudonym.
9/8/2014 19

20. Routing Attacks in MANET
• Location privacy attack
– Correlate a mobile node with its locations (at the
granularity of adversary’s adjustable radio receiving range)
– Counting/analyzing mobile nodes in a cell
• Route tracing attack
– Visualizing ad hoc routes
• Motion inference attack
– Visualizing motion patterns of mobile nodes
– Deducing motion pattern of a set of nodes
• Other traffic analysis
– Analyzing packet flow metrics (as in Internet traffic
analysis)
9/8/2014 20

21. Adversary in Mobile Ad Hoc
Networks
• External adversary: wireless link intruder
– Eavesdropper
– Traffic analyst (not necessary to break cryptosystem)
– Unbounded interception: adversary can sniff anywhere
anytime
• Internal adversary: mobile node intruder
– Capture, compromise, tamper
– Passive internal adversary is hard to detect due to lack of
exhibition of malicious behavior
– Bounded: otherwise secure networking is impossible
9/8/2014 21

22. Framework of Anonymous Route
Discovery (between source and destination)
• Similar to existing on demand routing schemes
– Route-REQuest
RREQ,seqnum,to_be_opened_by_destanonymous_trapdoor
– Route-REPly
RREP, presented_by_destanonymous_proof
• A global trapdoor can only be opened by dest
– Not required to know where dest is
– destination can present an anonymous proof of door opening
• Need more design to address per-hop
9/8/2014 22

23. Make On demand Routes Untraceable
• ANODR-TBO is robust against node intrusion
– Fully anonymous: no node identity revealed
– Fully distributed control: avoid single point of compromise
– Multiple paths feasible: avoid single point of failure
• So far anonymous only, and symmetric key only
– More complexity in realizing untraceability to hide side channels &
resist traffic analysis
• Protect RREP flow
– Need an asymmetric secret channel
• Modified RREQ: Embed a temporary asymmetric key ecpk1
RREQ, ecpk1, seqnum, open_by_E, onion
• Modified RREP: Exchange a secret seed Nym Kseed
RREP, ecpk1(Kseed), Kseed (proof_from_E, onion)
9/8/2014 23

24. Make Routes Untraceable (cont’d)
• Protect reused route pseudonyms
– Using Kseed to do self-synchronized route pseudonym
update
– So far all pseudonyms/aliases are one-time aliases!
• Playout “Mixing”
– Resist traffic analysis:
Time correlation
Content correlation
Buffer, Re-order, Batch send,
Insert dummy/decoy packets
Alice Bob
MIX
Eve
9/8/2014
24

25. Existing System
• The existing protocols are vulnerable to the attacks of fake
routing packets or denial-of-service (DoS) broadcasting, even
the node identities are protected by pseudonyms.
• A number of anonymous secure routing protocols have been
proposed, the requirement is not fully satisfied.

26. Disadvantages
• Many Anonymous routing protocols are available. But it does
not detect the active attackers effectively.
• Low Throughput in the presence of adversaries.
• Heavy Packet Loss
• High delay

27. Proposed Work
• The route request packets are authenticated by a group
signature, to defend the potential active attacks without
unveiling the node identities.
• The key-encrypted onion routing with a route secret
verification message, is designed to prevent intermediate nodes
from inferring a real destination.

28. Route Discovery
• The source node broadcasts an RREQ packet to every node in
the network.
• If the destination node receives the RREQ to itself, it will
reply an RREP packet back along the incoming path of the
RREQ.
• In order to protect the anonymity when exchanging the route
information, the packet formats are to be redesigned, and
modify the related processes.

29. Route Discovery Contd.
• Source Node: We assume that S initially knows the
information about D, including its pseudonym, public key, and
destination string.
• The destination string dest is a binary string, which means
“You are the destination” and can be recognized by D.
• If there is no session key, S will generate a new session key
KSD for the association between S and D.

30. Route Discovery Contd.

31. Route Discovery Contd.

32. Intermediate Node
I has already established the neighbor relationship with S
and J. I knows where the RREQ packet comes from.

33. Intermediate Node Contd.
1. I receives the RREQ packet, it will verify the packet with its
group public key GT+.
• I can obtain the packet information.
• Otherwise, such an RREQ packet will be marked as malicious
and dropped.
2. I checks the Nsq and the timestamp in order to determine
whether the packet has been processed before or not.
If the Nsq is not known in the routing table, it is a new
RREQ request.
– If the Nsq exists in the table but with an old timestamp, it
has been processed before and will be ignored;
– if the Nsq exist with a fresh timestamp, then the RREQ is a
repeated request and will be recognized as an attack.

34. Intermediate Node contd
• I tries to decrypt the part of VD with its own private key.
• In case of decryption failure, I understands that it is not the
destination of the RREQ.
• I will assemble and broadcast another RREQ packet in the
following format:
• I → ∗ : [RREQ,Nsq, VD, VSD,Onion(I)]GI−

35. Intermediator’s Onion key & RT

36. Destination Node
• When the RREQ packet reaches D, D validates it similarly to
the intermediate nodes I or J.
• Since D can decrypt the part of VD, it understands that it is the
destination of the RREQ.
• D can obtain the session key KSD, the validation nonce Nv,
and the validation key Kv. Then D is ready to assemble an
RREP packet to reply the S’s route request.

37. Advantages
• It gives high anonymity protection
• AASR provides higher throughput
• Lower packet loss ratio in different mobile scenarios in the
presence of adversary attacks.
• It also provides better support for the secure communications.