1 Prof. Dr.-Ing. Matthias Hollick Security in Mobile Networks and Wireless Mesh Networks Universidad Carlos III de Madrid Departamento de Ingeniería Telemática Phone +34.91.624.8794 Fax +34.91.624.8749 [email protected]or [email protected]Ave. de la Universidad, 30 E-28912 Leganés (Madrid), Spain http://www.it.uc3m.es/ 02-Jul-2009 Wilderness Survival Skills for Multihop Wireless Networks tubs.CITY Technische Universität Carolo-Wilhelmina zu Braunschweig 02-Jul-2009 Making Multihop Wireless Networks Secure and Quality of Service Aware Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009 –2– The Wilderness [Sources: wikimedia commons]
12
Embed
Wilderness Survival Skills for Multihop Wireless Networks · Effects of Node Misbehavior in Mobile Ad hoc Networks Survival Skills A Short Guide to Survival Mitigating Misbehavior
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Prof. Dr.-Ing. Matthias HollickSecurity in Mobile Networks and Wireless Mesh Networks
Universidad Carlos III de MadridDepartamento de Ingeniería Telemática
Wild animals“Smaller animals actually present more of a threat to the survivor than large animals.” (Source www.wilderness-survivor.net)Insects such as mosquitosArachnids…
[Sources: www.sxc.hu]
3
Making Multihop Wireless Networks Secure and Quality of Service Aware
Passive and active attacksWireless channel simplifies attacks
Attacks take place on all layers (examples)Jamming on PHY layer, physical securityof small devices typically weakSelfishness on MAC layerMalicious behavior during routing and/or forwarding on NET layerTRANSPORT layer of the Internet has notbeen designed for multihop wireless networks, is weak even without attackAttacks are scenario/application dependent
Layer 1 – PHY
Layer 2 – LINK
Layer 3 – NET
Layer 4 – TRANS
Layer 5 – APP
4
Making Multihop Wireless Networks Secure and Quality of Service Aware
Heterogeneity of Scenarios, Network Characteristics, Threats, and Security Goals
Industrial WSNHarsh environmental conditionsPhysical protection vs. intruders possibleData integrity to be protectedAvailability to be protectedQoS provisioning under attack
Participatory (Ambient) SensingOpen network susceptible to attackIntegrity & privacy (however protecting privacy might challenge integrity)Confidentiality for some data
MANET/WMNVANET: integrity of warning messages, fast exclusion of errant devices, location privacyMANET: availability of service, protect cooperation of nodes, “classical” network security depending on applicationProvider WMN: closed network (nodes authenticated), QoS provisioning and availability to be protectedCommunity WMN: open network, distributed mechanisms, cooperation necessary
5
Making Multihop Wireless Networks Secure and Quality of Service Aware
Performance Evaluation by Extensive Simulation StudyStarting from a well performing MANET in normal operationStudied variants of AODV routingStudied various degrees of mobilityStudied scale of the networkStudied type/degree of misbehavior
Malicious Nodes - Black HolesActively attract routes by injectingfalse routing information Remove packets from network
Selfish Nodes Optimize their own gain, neglect welfare of other nodesDiscard other node‘s packets
6
Making Multihop Wireless Networks Secure and Quality of Service Aware
ResultsSuccessful communication is possible only in close proximityPacket loss is extremely high, even for few black holesPacket loss further increases with node mobility
49%78%
i.e. 10 out of 250 nodes
Increase in malicious nodes
7
Making Multihop Wireless Networks Secure and Quality of Service Aware
How to prevent intrusions on other layers than network layerE.g. SAODV and Ariadne as secure versions of AODV and DSR
New attack vectors identified by Acs et al. and Hu et al.
(II) Intrusion ResponseE.g. Watchdog & Pathrater by Marti et al.E.g. CONFIDANT by Buchegger et al.E.g. CORE by Michiardi et al.E.g. OCEAN by Bansal et al.
Today, intrusion response is based mostly on addresses, which can easily be attacked in open networks
Making Multihop Wireless Networks Secure and Quality of Service Aware
Approach: Exclude Misbehaving Nodes Based on LocationSetting up ‘quarantine zones’ void of communicationResults in cross-layer and attack-independent defense
Implementation(1) Establish quarantine zones
Interrupt affected routesExclude attacker from network
(2) Establish new routesBy restricting broadcastEvading quarantine zones
(3) Maintain quarantine zonesReset zones periodicallyTracking of attacker not necessary
9
Making Multihop Wireless Networks Secure and Quality of Service Aware
Approach: Buffer Packets During Attack and Retransmit LaterTransparent operation, i.e. sender is informed about IRS event Non-transparent operation, i.e. “silent” or “localized” operation of IRS
Late buffering strategy, i.e. packets are buffered as IDS detects misbehaviorHowever, packet loss during time IDS needs to detect misbehavior
Early buffering strategy, i.e. packets also buffered in detection interval
Transparent Non-transparent
10
Making Multihop Wireless Networks Secure and Quality of Service Aware
Copyright NoticeThis document has been distributed by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
Acknowledgements To André König, Technische Universität Darmstadt, for his work in the area of innovative security mechanisms for Mobile Ad hoc Networks