AODV - Security Considerations

8/1/2018 AODV: SECURITY CONSIDERATIONS
Security Considerations
AODV :
1
INTRODUCTION
8/1/2018
 MANET
AODV: SECURITY CONSIDERATIONS

 Malicious Attacks in MANET
 AODV
 AODV: Route Discovery Process
 Security Based Enhancements on AODV

2
MANET
8/1/2018
 Dynamic network

 Mobile devices connected together by wireless link
 Frequently changing Network topology
 Multi-hop network
 Each node has to play two roles

3
MALICIOUS ATTACKS IN MANET
8/1/2018
1) Eavesdropping

2) Spoofing
3) Control packet modification
4) Denial of service
a) Black Hole Attack
b) Gray Hole Attack
4
AODV
8/1/2018
 Reactive packet routing protocol

 Consists of four message sets:
1. Route request (RREQ)
2. Route reply (RREP)
3. Route error (RERR)
4. for link status monitoring (HELLO)
5
ROUTE REQUEST (RREQ)
The fields in RREQ are:
8/1/2018

 Source address

 Source sequence no
 Broadcast ID (Request ID)
 Destination address
 Destination sequence no
 Hop count
 The pair < source address, broadcast ID >

uniquely identifies a RREQ.
6
ROUTE REPLY (RREP)
8/1/2018
The fields in RREP are:


 Source address
 Destination address
 Destination sequence no
 Hop count
 Route lifetime
7
SEQUENCE NUMBER
 Serves as time stamps
8/1/2018
 Ensures freshness of the route
 Increments with new messages from the node

 Higher the sequence number, fresher the route
 Sequence number is higher --> existing route is

more up-to-date
THE WAY OF ATTACK

 The malicious nodes causing Grayhole and
Blackhole attack will always attempt to make its
sequence number higher than that of any other
nodes. 8
AODV ROUTE DISCOVERY PROCESS
8/1/2018
Source
F
S RREQ RREQ

RREQ
RREP RREQ
B C
RREP
RREQ
RREQ RREP
D Destination
A
RREQ
E
9
ROUTE REQUEST (RREQ)
8/1/2018
 To discover a route to the destination
 Utilizes the broadcast behavior of nodes

 Intermediate nodes use it to update their routing
tables
 Contains the most recent sequence number for
the destination
 Valid destination must have a sequence number
as great as that contained in the RREQ
 Intermediate node drops redundant RREQ
10
S ROUTE REQUEST (RREQ)
D?
8/1/2018
D?
D?
D?
D?
D? D?
11
D
ROUTE REPLY (RREP)
8/1/2018
Destination node uncast a RREP back to the source


route.
 A node generates a RREP if:
a) It is itself the destination.

b) It has an active route to the destination.
 As the RREP propagates back to the source node,
intermediate nodes update their routing tables.
12
13
D
S
ROUTE REPLY (RREP)
S
S
S
RERR MESSAGES
8/1/2018
 This message is broadcast for broken links
 Generated directly by a node or passed on when

received from another node
HELLO MESSAGES
 Hello Message = RREP with TTL = 1
 This message is used for broadcasting connectivity
information.
 A node should use Hello messages only if it is part
of an active route. 14
SECURITY BASED ENHANCEMENTS
ON AODV
8/1/2018
I. Enhance Route Discovery for AODV (ERDA)
II. Using Digital Signature and Hash Chain
III. Reliable AODV (R- AODV)
IV. Modified Reliable AODV (MR- AODV)
V. Using RSA key exchange and Encryption
15
ENHANCE ROUTE DISCOVERY FOR
AODV (ERDA)
8/1/2018
 Minimum modification to existing AODV algorithm.

 There are three new elements:
 rrep_table to store incoming RREP packet
 mali_list to keep the detected malicious nodes identity
 rt_upd, parameter to control the routing table update
 This parameter can receive either true or false value.
 Two parts:
 Securing routing table update
 Detecting and isolating malicious node
16
17
SECURING ROUTING TABLE UPDATE
 Step 01: RREQ message is sent out by S to D.

 Step 02: All neighbouring nodes will respond to node S.
8/1/2018
 Step 03: RREPs received by node S are stored in rrep_tab table.
//network is under Black hole attack and M be the malicious node with a

high sequence number.//
 Step 04: The routing table of S is updated with the information
from M.
 Step 05: rt_upd parameter value will continue as ‘true’.
//destination sequence number of A is smaller than the one in the routing
table.//
 Step 06: The routing table of S is updated with the information
from A.
 Step 07: former route entry is overwritten by the later one.
 Step 08: the rt_upd parameter value is then set to false.
18
 Step 09: function call: "detecting malicious node".
DETECTING AND ISOLATING MALICIOUS NODE
 Step 01: Routing table updation will be continued until rt_upd
8/1/2018
parameter = ‘false’.
 Step 02: if rt_upd parameter = ‘false’, then the information in

the rrep_tab table will be analysed using the heuristic
method.
 Step 03: Node with high destination sequence number will be
isolated as a malicious node.
 Step 04: The identity of those suspected nodes will be kept in
mali_list.
 Step 05: rrep_tab table will be flushed after the process.
(Memory Management)
 Step 06: The rt_upd parameter value again is set back to
‘true’. 19
20
USING DIGITAL SIGNATURE AND HASH
CHAIN
8/1/2018
DIGITAL SIGNATURES
To authenticate the non-modifiable fields of the


messages.
 Authentication is performed in an end-to-end
manner.
 Steps:
 Normal AODV route discovery mechanism.
 This RREP will be sent with a RREP Signature
Extension.
 When a node receives a RREP, it first verifies the
signature before creating or updating a route to that 21
host.
HASH CHAINS
 To secure the hop count information (The only modifiable
information in the messages).
8/1/2018
 End to end kind of technique cannot be applied to modifiable
information.
Mechanisms:


1) During the generation of RREQ or a RREP message:

 Generates a random number (seed).
 Hopcount_Limit = TTL
 H_field = seed
 H_function = h
 T_Hash = h(seed) _Hopcount_Limit times
2) When a node receives a RREQ or a RREP message:

 T_Hash = h(H_field ) _Hopcount_Limit times
3) Before rebroadcasting a RREQ or forwarding a RREP:

22
 H_field = h(H_field)
RELIABLE AODV (R- AODV)
 A Malicious_ node_list is added to the RREQ packet
8/1/2018
field to notify other nodes.
 Add a flag called Do_not_consider to RREP to mark a

malicious node.
 State of a node can be expressed by:
 number of sent out RREQs
 number of received RREPs
 routing table sequence number.
 We use these three parameters to calculate a Peak
value.
 The Peak value is the maximum possible value of the
sequence number that any RREP can have in the 23
current state.
24
R-AODV STEPS:
 RREP with sequence number > Peak value will be marked
as Do_not_consider.
8/1/2018
 The node sending that RREP is marked as a malicious
node.

 RREP is then sending to the source node via reverse path.
 Each node getting this RREP updates route entry for the
malicious node.
 The source node rebroadcasts RREQ along with a list of
malicious nodes.
DISADVANTAGE:
 If attacker generates destination sequence number which is
less than or equal to PEAK value, the node is not detected 25
as a malicious node.
MODIFIED RELIABLE AODV (MR- AODV)
 MR AODV is a modified version of R-AODV.
8/1/2018
 In MR-AODV when a node detects a malicious node, it

updates the routing table with malicious node entry and
discards the RREP.
 It is neither forwarded on the reverse path nor requires a
DO_NOT_CONSIDER flag.
 Thus, all RREPs reaching to the source node will be sent by
genuine nodes only.
 The RREP indicating shortest fresher path will be chosen
for data transmission by the source node.
26
27
8/1/2018
28
 The functionaliy of node broadcasting RREQ.

8/1/2018
29
 The functionality of node receiving the broadcasted RREQ.
8/1/2018
30
 The functionality of node receiving RREP.
ADVANTAGE OF MR – AODV OVER R – AODV
MR-AODV attempts to reduce routing overhead by not
8/1/2018

forwarding RREP after detection of misbehavior.

DISADVANTAGE:
 If attacker generates destination sequence number which is

less than or equal to PEAK value, the node is not detected
as a malicious node.
31
USING RSA KEY EXCHANGE AND ENCRYPTION
 It uses R-AODV.
8/1/2018
 The nodes are arranged in spanning tree topology.
 The spanning tree maintains security associations only

with neighbouring nodes.
 The Neighbourhood Key method, in which each node
shares secret key only with the authenticated
neighbours in the adhoc network, is used.
 This avoids group re-keying.
 Whenever there is a change in the set of authenticated
neighbours, a node must compute a new key and send
this new key to all its authenticated neighbours.
 After the key exchange, the message is encrypted twice,
by using neighbourhood key and message specific key. 32
33
34
CONSTRUCTION OF SPANNING TREE
35
RSA KEY EXCHANGE
36
ENCRYPTION OF MESSAGE
37
DECRYPTION OF MESSAGE
CONCLUSION
8/1/2018
 The Grayhole and Blackhole attacks are considered
as the most dangerous attacks towards adhoc
network.

 Detection and the isolation of malicious nodes are
the major goals of security based enhancements.
 Need for a new enhancement.
38
REFERENCES
8/1/2018
1) Sisily, S and S. Sreedhar, (2013). “An Efficient AODV Protocol and
Encryption Mechanism for Security Issues in Adhoc Networks”,
International Conference on Microelectronics,

Communication and Renewable Energy.
2) Sony, S. J. and S. D. Nayak, (2013). “Enhancing Security Features &
Performance of AODV Protocol under Attack for MANET”,
International Conference on Intelligent Systems and Signal
Processing, pp. 325-328.
3) Jalil, K. A., Z. Ahmad and J. L. A. Manan, (2011). “Securing Routing
Table Update in AODV Routing Protocol”, IEEE Conference on
Open Systems, pp. 116-121.
4) Jhaveri, R. H., (2013). “MR-AODV: A Solution to Mitigate Blackhole
and Grayhole Attacks in AODV Based MANETs”, Third
International Conference on Advanced Computing &
Communication Technologies, pp. 254-260.
39
40
41

AODV - Security Considerations

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

AODV - Security Considerations

Загружено:

Авторское право:

Доступные форматы

8/1/2018 AODV: SECURITY CONSIDERATIONS

AODV: SECURITY CONSIDERATIONS

 AODV: Route Discovery Process

 Security Based Enhancements on AODV

AODV: SECURITY CONSIDERATIONS

 Frequently changing Network topology

 Each node has to play two roles

AODV: SECURITY CONSIDERATIONS

AODV: SECURITY CONSIDERATIONS

The fields in RREQ are:

AODV: SECURITY CONSIDERATIONS

 The pair < source address, broadcast ID >

AODV: SECURITY CONSIDERATIONS

 Serves as time stamps

 Increments with new messages from the node

AODV: SECURITY CONSIDERATIONS

 Sequence number is higher --> existing route is

THE WAY OF ATTACK

AODV: SECURITY CONSIDERATIONS

AODV: SECURITY CONSIDERATIONS

AODV: SECURITY CONSIDERATIONS

a) It is itself the destination.

AODV: SECURITY CONSIDERATIONS

II. Using Digital Signature and Hash Chain

III. Reliable AODV (R- AODV)

IV. Modified Reliable AODV (MR- AODV)

V. Using RSA key exchange and Encryption

AODV: SECURITY CONSIDERATIONS

 Step 01: RREQ message is sent out by S to D.

AODV: SECURITY CONSIDERATIONS

 Step 01: Routing table updation will be continued until rt_upd

AODV: SECURITY CONSIDERATIONS

To authenticate the non-modifiable fields of the

AODV: SECURITY CONSIDERATIONS

AODV: SECURITY CONSIDERATIONS

1) During the generation of RREQ or a RREP message:

 T_Hash = h(seed) _Hopcount_Limit times

2) When a node receives a RREQ or a RREP message:

3) Before rebroadcasting a RREQ or forwarding a RREP:

 A Malicious_ node_list is added to the RREQ packet

AODV: SECURITY CONSIDERATIONS

AODV: SECURITY CONSIDERATIONS

 MR AODV is a modified version of R-AODV.

AODV: SECURITY CONSIDERATIONS

 The functionaliy of node broadcasting RREQ.

MR-AODV attempts to reduce routing overhead by not

AODV: SECURITY CONSIDERATIONS

 If attacker generates destination sequence number which is

AODV: SECURITY CONSIDERATIONS

AODV: SECURITY CONSIDERATIONS

AODV: SECURITY CONSIDERATIONS

Вам также может понравиться