A Secure Ad-hoc Routing Approach using
Localized Self-healing Communities
MobiHoc, 2005
Presented by An Dong-hyeok
CNLAB at KAIST
Contents
1. Introduction
2. Problem statement
2
3. Community-based secure routing protocol
4. Analytic model
5. Simulation
6. Conclusions
CNLAB at
CALAB
atKAIST
KAIST
Introduction
1. Introduction
Mobile ad hoc networks(MANETs)
• Vulnerable to routing attacks( especially attacks launched by noncooperative network members )
• Packet loss is common
• Security threats about routing have not been fully addressed
Solution
• A new intrusion protection mechanism, community-based security
• Suggest the “self-healing community”
• From node-to-node delivery to community-to-community
CNLAB at KAIST
3
Benefits
2. Problem statement
RREQ flooding attack by non-cooperative members
(selfish or intruded member nodes)
Direct RREQ floods
• Non-cooperative members continuously generate RREQ
• RREQ rate limited & packet suppression needed
Indirect RREQ floods
• RREP & DATA packet loss
• Indirectly trigger more RREQ floods
Excessive floods deplete network resource
CNLAB at KAIST
4
Benefits
2. Problem statement (Indirect attack example)
RREQ
5
dest
source
RREP
RREQ forwarding
• Can trigger more RREQ floods initiated by other good nodes
RREP & DATA packet loss is common in MANET
• Hard to differentiate attackers from non-attackers
- network dynamics? non-cooperative behaviors?
CNLAB at KAIST
Technology
3. Community-based secure routing protocol
3.1 Network assumptions
Assumption 1
• A node can always monitor ongoing transmissions even if the node
itself is not the intended receiver
Assumption 2
• Radio transmission is omni-directional and radio links are symmetric
Assumption 3
• In a network locality there are redundant network members with high
probability
CNLAB at KAIST
6
Technology
3. Community-based secure routing protocol
3.2 Network security assumptions
Assumption 1
• All packet transmissions (including control, data packets and their
ACKs) are protected by data origin authentication service.
• Every packet is authenticated and the packet sender’s identity is
unforgeable
Assumption 2
• The ad hoc nodes are equipped with hardware needed by packet
leashes or Brands-Chaum protocols[6]
• Any pair of topological neighbors in ad hoc routing are physical
neighbors
CNLAB at KAIST
7
Technology
3. Community-based secure routing protocol
3.3 Self-healing community (2-hop scenario)
Area defined by intersection of 3 consecutive transmissions
Node redundancy is common in MANET
• Not unusually high, need 1 “good” node inside the community area
Community leadership is determined by contribution
• Leader steps down (being taken over) if not doing its job (doesn’t
forward within a timeout)
Community member
• Community member must be in the transmission range of exactly
three RREP forwarders
CNLAB at KAIST
8
Technology
3. Community-based secure routing protocol
3.3 Self-healing community (2-hop scenario)
Community
9
B
C
CNLAB at KAIST
D
Technology
3. Community-based secure routing protocol
3.4 Self-healing community (multi-hop scenario)
Communities
1
0
dest
source
The concept of “self-healing community” is applicable to multi-hop routing
CNLAB at KAIST
Technology
3. Community-based secure routing protocol
3.4 on-demand initial configuration
Community around V
formed upon hearing RREP
RREQ
1
1
V1
U
V
E
upstream
V2
RREP EV
CNLAB at KAIST
Technology
3. Community-based secure routing protocol
Communities (if C forwards a correct RREP)
1
2
C”
D
B
C
E
dest
source
C’
Communities(C’ wins)
CNLAB at KAIST
Technology
3. Community-based secure routing protocol
3.4 reconfiguration of self-healing community (multi-hop scenario)
PROBE
PROBE_REP
1
3
source
X nodest
ACK
CNLAB at KAIST
Technology
4. Analytic model
4.1 mobile network model
Divides the network into large number n of very small tiles
A node’s presence probability P at each tile is small
• A spatial binomial distribution B(n, p)
When n is large and P is small, B(n, p) is approximately a
spatial Poisson distribution with rate
If there are N mobile nodes roaming i.i.d
The probability of exactly k nodes in an area A’
CNLAB at KAIST
14
Technology
4. Analytic model
4.2 Community area Aheal
C
A
A
B
(left) maximal community
• 2-hop RREP nodes are
• Area approaching
(right) minimal community
• 2-hop RREP nodes are
• Area approaching 0
CNLAB at KAIST
B
C
15
Technology
4. Analytic model
4.3 modeling adversarial presence
Θ: percentage of non-cooperative network members
X: number of nodes in the forwarding community area
Y: number of cooperative nodes
Z: number of non-cooperative nodes
CNLAB at KAIST
16
Technology
4. Analytic model
4.4 Effectiveness of CBS routing
Per-hop failure prob. Of community-to-community routing is
negligible with respect to network scale N
17
Per-hop success prob. Of node-to-node ad hoc routing
schemes is negligible
Tremendous gain EG := 1 / negligible
CNLAB at KAIST
Technology
4. Analytic model
4.4 Effectiveness of CBS routing
18
N
q
N
q
It is even more tremendous when either network scale or
non-cooperative ratio increases.
CNLAB at KAIST
Alternative
4. Simulation
4.1 Performance Gap
19
CBS-AODV’s performance only drops slightly with more
non-cooperative behavior
CNLAB at KAIST
Alternative
4. Simulation
4.1 Mobility’s impact
20
CNLAB at KAIST
Alternative
4. Simulation
4.1 Less RREQ
21
In CBS-AODV, # of RREQ triggered is less sensitive to
non-coorperative ratio
CNLAB at KAIST
Conclusion
4. Conclusions
Conventional node-to-node routing is vulnerable to routing disruptions
• Excessive but protocol-compliant RREQ floods
• RREP / DATA packet loss
22
The new community-to-community secure routing is solution
• Analytic study approves the community design
Open challenges
• More optimal estimation of forwarding window & probing interval
• Secure and efficient key management between two communities
CNLAB at KAIST
Any Question?
CNLAB at KAIST
23