Xiuzhen Cheng cheng@gwu

Xiuzhen ChengXiuzhen Cheng cheng@gwu.edu

CsciCsci388388 Wireless and Mobile SecurityWireless and Mobile Security – – A Survey on Ad Hoc Routing ProtocolsA Survey on Ad Hoc Routing Protocols

Outline

Introduction

Topology-based routingProactive & Hybrid Protocols

DSDV/WRP/GSR/FSR/LAR

ZRP

Reactive ProtocolsDSR/AODV/TORA/ABR/ASR

Location-based routing

Mobile Ad-Hoc Network

Collection of mobile nodes forming a temporary networkNo centralized administration or standard support servicesEach Host is an independent routerHosts use wireless RF transceivers as network interface

Conferences/Meetings

Search and Rescue

Disaster Recovery

Automated Battlefields

MaNet Issues

Lack of a centralized entity

Network topology changes frequently and unpredictably

Channel access/Bandwidth availability

Hidden/Exposed station problem

Lack of symmetrical links

Power limitationMultipath Fading

Doppler Effect

MaNet Protocols – Topology Based

Proactive ProtocolsTable driven

Continuously evaluate routes

No latency in route discovery

Large network capacity to keep info. current

Most routing info. may never be used!

Reactive ProtocolsOn Demand

Route discovery by some global search

Bottleneck due to latency of route discovery

Link breakage may not affect on-going traffic not in its vicinity

Conventional Routing Protocols

DBF (DV) shows a degradation in performanceKnows the distance to its neighbors and a distance vector.Broadcasts its distance vector to all of its neighbors periodicallyWhen receiving the distance vector from its neighbors, the router computes the estimated distance to all other routersSlow convergence due to “Count to Infinity” ProblemCreates loops during node failure, network partition or congestion

Link State create excessive traffic and control overheadLearn the neighbor’s network address; Measure the cost to each neighbor; Construct a packet telling all that just learnt; Flood this packet to all other routers; Compute the shortest path to every other router

MaNet Protocol Considerations

Simple, Distributed, Reliable and Efficient

Quickly adapt to changes in topology and traffic pattern

Protocol reaction to topology changes should result in minimal control overhead

Bandwidth efficient

Mobility Management involving user location management and Hand-off management

Security

DSDV [Perkins et al 1994]

Improved Classical Bellman-Ford (DV) Routing Algorithm

Routing Table: Dest id # of Hops Dest Seq. # Next Hop

Update messages: broadcasted to neighborsFull dump packets (time-driven): complete routing tableIncremental packets (event-driven): modified entriesEach packet: routing table + broadcast seq. #In a relatively stable network, full dump is infrequent compared to a fast-changing networkTimer: settling time of routes or weighted average time

-- delay the broadcast of the routing updates

DSDV – Cont.

Responding to topology changesBroken links indicated by Any route through a hop with a broken link is also assigned routes are immediately broadcasted

Sequence number of Destination with hops is incremented by 1

Nodes with same or higher sequence number and finite metric broadcast their route information

Route Selection CriteriaLoop-free: most recent seq. #, best metric - # of hops

Route broadcast are asynchronous events; Fluctuations are caused due to possibility of receiving routes with worse metric first

Solution is to maintain two routing tables, one for routing and one for incremental broadcast

Clusterhead Gateway Switch RoutingProtocol (CGSR) [Chiang ’97]

Cluster-head electionLeast Cluster Change (LCC)

Two tables:Cluster member table: mapping from each node to its CH

Routing table: next hop to reach the destination CH

Broadcast update message for both tables periodically using DSDV algorithm

Packet routing (example)

1

2

3

4

5

6

8

7

Node Cluster head Gateway

Routing from node 1 to node 8

Wireless Routing Protocol (WRP)

A path-finding algorithm

Utilizes information regarding the length and the predecessor-to-dest in the shortest path to each destination

Eliminates the “Count to Infinity” Problem and converges faster

An Update message is sent after processing updates from neighbors or a change in link to a neighbor is detected

Each route update from neighbor k causes route entries of other neighbors that use k to be re-computed

The Algorithm

Each node i maintains a Distance table (iDjk), Routing table (Destination Identifier, Distance iDj , Predecessor Pj ,the successor Sj), link cost table (Cost, Update Period), Message Retransmission List (MRL)

Update message: <sender id, seq#, update list or ACK, response list>

Processing Updates and creating Route Table based on new information

Update from k causes i to re-compute the distances of all paths with k as the predecessor

For a destination j, a neighbor p is selected as the successor if p->j does not include i, and is the shortest path to j

WRP Example

Global State Routing (GSR) [Chen et al ’98]

Combination of DV and LSGlobal Network Topology stored in a TableTopology Table broadcast to immediate neighbors onlyEach node maintains:

A neighbor list; A topology table <link-state information & its timestamp per destination>; A next hop table: <next hop per destination>; A distance table: <shortest distance to each dest>.

Update message:Link State/Changes updates are time triggered Updates topology table, reconstructs routing tables, broadcasts new information.

Advantages/Disadvantages of GSR

Advantages :

Avoids Flooding for disconnects/reconnects

Updates are time triggered than event triggered

Greatly reduces control overhead

Disadvantages :

Hogs bandwidth since entire topology table is broadcast with each update

Link state latency depends on update interval

Can GSR be modified to rectify it’s drawbacks ?

Fisheye State Routing (FSR) [Iwata et at ’99]

Improvement over GSR. The network is logically divided into “Fisheye” circles with respect to each node. The scope of the circle may be defined in terms of number of hops

Smaller update message size thus less bandwidth usage

Each node gets accurate information about its neighbors; the accuracy decreases as the distance increases

Packets are routed correctlyThe closer the packet to the dest., the more accurate the route information

The scope of fisheye for the center red node

Hierarchical State Routing (HSR) [Iwata et al ’99]

featured bymultilevel clustering and logical partitioning of mobile nodes

Hierarchical clusteringPhysical level link state exchange inside each cluster; Cluster’s information exchange via gatewaysEach node has hierarchical topology informationRouting information flows from higher-level to lower-levelHierarchical address

<hierarchical cluster #>1

2

3

4

5

6

87

Node Cluster head Gateway

2

4

7

2 7C-21

C-11C-12

C-01

C-02

C-03

<1,1,1><2,3,8>

Zone-based Hierarchical Link State Routing Protocol (ZHLS) [Joa-Ng et al ’99]

Non-overlapping zones

Two topology levels: zone level and node levelNode address: <zone id, node id>

Two types of link state packets (LSP):Node LSP: contains neighborhood information, propagates within the zone

Zone LSP: contains zone information, propagates globally

Each node knows full intra-zone node connectivity and inter-zone connectivity information

How a package is routed?Based on its zone id and node id

Zone Routing Protocol

A Hybrid Routing ProtocolA Zone is defined for each nodeProactive maintenance of topology within a zone (IARP)Distance Vector or Link StateReactive query/reply mechanism between zones (IERP) With Route Caching : Reactive Distance Vector W/O Route Caching : Source RoutingUses ‘Bordercast’ instead of neighbor broadcastNeighbor Discovery/Maintenance (NMD) and Border Resolution Protocol (BRP) used for query control, route accumulation etc.

ZRP Example

A

B

C

DE

F

G H

1 Hop

2 Hops

Multi Hops

Zone Routing Protocol cont.

Routing Zone and IntrAzone Routing ProtocolZone Radius may be based on hop count

Identity and distance of each Node within the Zone isproactively maintained

The Interzone Routing ProtocolCheck if destination is within the routing zone

Bordercast a route query to all peripheral nodes

Peripheral nodes execute the same algorithm

Zone Routing Protocol cont.

Route Accumulation :Provide reverse path from discovery node to source nodeMay employ global caching to reduce query packet length

Query Detection/Control :Terminate Query thread in previously queried regionsIntermediate nodes update a Detected Queries Table[Query Source, ID]

Route Maintenance may be reactive or proactive

Ad-Hoc On-Demand Distance Vector Routing

Protocol overview and objectives

Path Discovery

Reverse Path Setup

Forward Path Setup

Route Table Management

Path Maintenance

Local Connectivity Management

Protocol Overview and Objectives

Pure on-demand protocolNode does not need to maintain knowledge of another node unless it communicates with it

Routes are discovered on an as-needed basis and are maintained only as long as they are necessary

Broadcast discovery packets only when necessary

Distinguish between local connectivity and general topology maintenance

To disseminate Information about changes in local connectivity to those neighboring nodes that are likely to need it

Route Establishment

Initiated whenever nodes want to communicateRoute discovery

RREQ: < source addr, source seq# , broadcast id, dest addr, dest seq#, hop cnt >RREP: <source addr, dest addr, dest seq#, lifetime>Route table:<dest addr, dest seq#, next hop, precursors, lifetime>

1

2

3

4

5

6

7

8

1

2

3

4

5

6

7

8

s s

d d

Propagation of RREQ Path taken by RREP

Route Discovery

Reverse Path Setup when process up-to-date RREQReverse route entry in the route table: <source addr, source seq#, hops to source, addr of node from which RREQ is received, lifetime>

Source sequence number is used to maintain freshness about reverse route to source

Forward Path Setup when process valid RREPForward path entry in the route table: <dest addr, addr of node from which RREP is received, hops to dest, lifetime>

Destination sequence number specified for freshness of route before accepted by source

Route Maintenance

Route Table ManagementRoute Request Expiration Timer for purging reverse paths which do not lie on source-destination routeRoute Caching Timeout after which the route is considered invalidActive_timeout Period used to determine if neighboring node is active

Active Path MaintenanceIf source move causes path breakage, source re-establish route discovery by RREQIf intermediate or destination move causes path breakage, RERR is initiated by the node upstream of the break and sent to all affected sources. How?

Dynamic Source Routing

OverviewConstructs a source route in packet header listing source routeEach host maintains a route cacheRoute discovery used for routes not in cache

Route discovery – build route recordRoute request: initiator, target, route record, unique idIntermediate node appends its addressDestination/intermediate node sends route reply with route record

1

2

3

4

5

6

7

8

1

2

3

4

5

6

7

8

s s

d d

Building route record Route reply with route record

<1><1,2>

<1>

<1>

<1,3>

<1,4>

<1,3,5>

<1,4,6>

<1,3,5,7>

<1,4,6><1,4,6>

<1,4,6>

Route Maintenance and Route Cache

Route MaintenanceRoute error packet sent on detection of break containing addresses on both sides of error, the host that detected the error and the host to which it was trying to send the packet

All upstream node then deletes routes with that particular hop

Route CacheEach forwarding host can add route information to cache

Nodes can operate in promiscuous mode and add information to cache from any packets that they hear

Each intermediate node having a route can send a route reply packet

Performance Comparison of AODV and DSR

DSR has access to significantly greater amount of routing information than AODV by virtue of source routing and promiscuous listeningDSR replies to all requests reaching a destination from a single request cycle whereas AODV only replies once thereby learning only one routeIn DSR no particular mechanism to delete stale routes, unlike AODVIn AODV the route deletion causes all the nodes using that link to delete it, but in DSR only the nodes on that particular part are deleted

Temporally Ordered Routing Algorithm (TORA) [Park et al ’97]

Based on the concept of link reversal

Highly adaptive, efficient, scalable, distributed algorithmMultiple routes from source to destination

For highly dynamic mobile, multi-hop wireless network

Routing MechanismUnique node ID and unique reference ID

Route creation: QRY (dest id) and UPD (dest id, Hi) packets

Route maintenance

Route erasure: Clear packet (CLR) is broadcasted

TORA – Cont.

1

2

3

4

5

6

7

8

1

2

3

4

5

6

7

8

s s

d d

Propogation of QRY(reference level, height)

Height of each node updated by UPD

Route Creation in TORA

(-,-)

(-,-)

(-,-)

(-,-)

(-,-)

(-,-)(0,0)

(-,-)

(0,3) (0,3)

(0,3)

(0,2)

(0,1)

(0,0)

(0,1)(0,2)

TORA – Cont.

1

2

3

4

5

6

7

8

s

d

Re-establishing route in link failure

(0,3) (1,-1)

(1,-1)

(1,0)

(0,1)

(0,0)

(0,1)(0,2)

Associativity Based Routing (ABR) [Toh ’96 ’99]

New metric: degree of association stabilityBeacons periodically sent to its neighborsUpdates the associativity tableAssociation stability means connection stabilityAssociativity ticks reset

Route is long-lived and free from loops, deadlock, and packet duplicatesThe protocol contains 3 phases:

Route discovery: BQ-REPLY cycleRoute reconstruction (RRC): Route deletion (RD): Source-initiated

ABR (cont.)

Signal Stability Routing (SSR) [Dube et al ’97]

New metric: signal strength between nodes and a node’s location stabilitySSR consists of 2 cooperative protocols: Dynamic Routing (DRP) & Static Routing (SRP)

DRP is responsible for Signal stability table (SST) and Routing table (RT) maintenance; Packets go through DRP, then SRP; SRP forwards packets using RT

Route discovery and route maintenance By default, only route request packets from strong channels are forwardedWhen link breakage, intermediate nodes send error message to source, which then initiates a new route-search process; and sends erase message to erase the old route

Comparison

Parameter Table-driven On-demand

Availability Always When needed

Route update periodic N/A

Message load higher lower

Power higher lower

Storage higher lower

Bandwidth higher lower

Scalability Better

Mobility support Better

QoS support ??? ???

Challenges in Ad-hoc Design

Protocols still in Nascent Stage, analysis for which protocol does well in which scenario

QOS issues in Ad-hoc

TCP performance over Ad-hoc

Security in ad hoc routing

Integration of Ad-Hoc Networks in Internet

Multicasting in Ad-hoc Networks

Position-based routing protocols - Characteristics

Uses additional information: physical location of nodes.Position of oneself determined by GPS or the like.

Position of destination node by a location service

Routing decision based onPosition of destination node

Position of neighboring nodes

No need to store routing tables.

Geocasting is possible.

Location ServicesCentralized location service – like cellular networks – impossible!

How to position a server? Chicken-and-egg problem.

Dynamic topology – no server nearby

Position-based routing

To find the position of the destination:Location service: some-for-some; some-for-all; all-for-some; all-for-all

Each node knows the position of its neighbors and itself through periodic beacon broadcast

Packet forwarding strategyGreedy forwarding and Restricted directional flooding (next hop selection and recovery strategy);

These two try to send a packet to a closer node

Recovery strategies for reaching ‘local maximum’

hierarchical approaches

Greedy forwarding + local non-position-based routing

Good scalability

DREAM

Distance Routing Effect Algorithm for Mobility framework (DREAM)

Decentralized All-for-all approachAll nodes hold positions of all nodes

Each entry contains one’s information about direction, distance, and timestamp

Each node controls accuracyTemporal resolution: frequency

Spatial resolution: # of hops update packets leapNot accurate at the long distance

Because of ‘distance effect’, this is reasonable (see next slide)

Distance Effect

The greater the distance between two nodes,

The slower the ratio of changes in position In the picture, A which is fixed sees B and C which is moving

Quorum-based Location Service

Concept from ‘quorum systems’ in databases and distributed computing.

Quorum-Based Location ServiceVirtual backbone contains a small subset of nodesA quorum is a small subset of the backbone nodesThe intersection of any two quorums is non-emptyLocation update in one quorum, location query in another quorumSome-for-some approach

Most recent-timestamped one

Tradeoff betweenThe size of a quorumResilience of reachability.

Grid Location Services (GLS)

The area is divided into hierarchical squares, forming a quadtree

Near node (ID): the least greater than it’s own IDFloods to all nodes in the first-order square, nearest node in nearby 3-squaresAgain, floods near node in the nearby 3 next-order squares until the highest level.Density of information decreases logarithmically as distance increases (see next slide for an example)

Grid Location Services (GLS) - Example

Homezone

Similar to the cellular phone networkPhone moves to another region; it sends periodically position info. to the home agent

Home agent forwards call to the new agent to the phone

Each virtual zone for each node

Defined by Hash(nodeID): no contact to the destination node

All nodes within a circle centered at a node must maintain position information for the node

All-for-some approach

Greedy Packet Forwarding

Most Forward Within R (MFR): nearest to dest. Node CNearest with Forward Progress (NFP): nearest to src. Node A

Minimize ∑p*f(a,b)p = prob. of succ.trans.f(a,b) = progress from a to b.

Compass routing: closest to the straight line S to D. Node B

Minimize spatial travel dist.Randomly choosing: anything closer to dest.

Less accurate position info.Less computation.

S: Source

D: Destination

Circle indicates ‘neighborhood’

Greedy Packet Forwarding (cont.)

Failure case: local maximumSelecting least backward progress can lead to a ‘loop’Simply, “don’t forward”Face-2 algorithm and the perimeter routing strategy of the Greedy Perimeter Stateless Routing Protocol (GPSR)

Per packet basis (more info in it)Enters into recovery modeReturns into greedy mode when the packet reaches a node closer to the destination than the node when it enters into recovery mode.Guarantees find path to destination if there is one.

Planar graphs: No edges crossing each other

Right hand rule for a traversing a graph

Planar graph

Planar sckeme usesRight-hand rule

No crossing heuristic

Parameter Probing

Perimeter Forwarding

Restricted Directional Flooding (RDF)

Distance Routing Effect Algorithm for Mobility framework (DREAM)

Send to all nodes within ‘direction’

Radius of (t1-t2)vmax

If no one-hop neighbor in the direction, ‘recovery procedure’ starts

Location Aided Routing: An aid to route discovery of a reactive routing

Put rectangle points into the packet

Route request is proceeded at a node when it is in the ‘area’

Location Aided Routing (LAR)

A Modified Flooding AlgorithmUtilizes location information of mobile hosts using a GPS for route discoveryFlooding is restricted to a “request zone”, defined by an “expected zone”A node forwards a route request only if it belongs to the “request zone”Tradeoff between latency of route determination and message overhead Resorts to flooding when prior information of destination is not available

Hierarchical routing

Terminodes routing: proactive + greedy position-basedPut positions on the way into the packet.

Get positions by contact others

Has reactive ad hoc routing property

Grid Routing: position-aware node (acts like proxy) with position-unaware nodes

Intermediate Node Forwarding (INF): repair for greedy long-distance routing

If local maximum, discard packet, send notification.

Sender select a position within a circle centered at the middle of the SD line

If fail again, enlarge the circle until pre-specified number of repeatings

Comparison

Comparison (cont.)

Future Research on Position-Based Routing

Quantitative analysis and comparison of all these strategies/techniques

Harsh in GLS and HomeZone may not applicable in high dynamic environment. Probabilistic method?

Location privacy in location service

Refine greedy packet forwarding

Hierarchical routing to connect to internet

Homework

1. To be Presented by Michael Clifford Michael Clifford, Networking in the Solar Trust Model: determining optimal trust paths in a decentralized trust network, 18th Annual Computer Security Applications Confrence, December 9-13, 2002, Las Vegas, Nevada,

2. To be Presented by Fang Liu Yih-Chun Hu, Adrian Perrig, and David B. Johnson, Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols, Proceedings of the 2003 ACM Workshop on Wireless Security (WiSe 2003), pp. 30-40, ACM, San Diego, CA, September 2003.

3. Submit Report Yih-Chun Hu, Adrian Perrig, David B. Johnson, Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks, MobiCom 2002.