Академический Документы
Профессиональный Документы
Культура Документы
Introduction
extension to AODV
Uses
Security Requirements
Import authorization: Route information will be imported only if it concerns to the node that is sending the information. Source authentication: To be able to verify that the node is the one it claims to be.
Integrity: To be able to verify the received routing information has not been altered. Data authentication: The combination of the two last ones.
Impersonate a node S by forging a RREQ with its address as a originator address. When forwarding a RREQ generated by S to discover a route to D, reduce the hop count field to increase the chances of being in the route path between S and D, so it can analyze the communication between them. A variant of this is to increment the destination sequence number to make the other nodes believe that this is a 'fresher' route. Impersonate a node D by forging a RREP with its address as a destination address.
A malicious node M impersonate a node by forging a RREP that claims that the node is the destination and, to increase the impact of the attack, claims to be a network leader of the subnet SN with a big sequence number and send it to its neighbors. In this way it will became (at least locally) a blackhole for the whole subnet SN.
Selectively, do not forward certain RREQs and RREPs, do not reply certain RREPs Or, and do not forward certain data messages. This kind of attack is specially hard to even detect because transmission errors have the same effect. A malicious node M forges a RERR message pretending it is the node S and sends it to its neighbor D. The RERR message has a very high destination sequence number dsn for one of the unreachable destinations (U). This might cause D to update the destination sequence number corresponding to U with the value dsn and, therefore, future route discoveries performed by D to obtain a route to U will fail (because U's destination sequence number will be much smaller than the one stored in D's routing table. Generating a RREP with a maximum destination sequence number. And many more.
Digital signatures are used to protect the non-mutable data in the RREQ and RREP messages. (Solves attacks #1 & #3) Problem: Replies generated by intermediate nodes. Solutions:
They
don't
Double
Hash chains are used in SAODV to authenticate the hop count of the AODV routing messages (not only by the end points, but by any node that receives one of those messages). This solves the attack #2. A hash chain is formed by applying a one way hash function repeatedly. Every time a node wants to send a RREQ or a RREP it generates a random number (seed). Sets Max_Hop_Count to the TimeToLive value in the IP header, and Hash to the seed value. Then, it calculates Top_Hash by hashing seed Max_Hop_Count times. Top_Hash = hMax_Hop_Count(seed)
Hash = seed
Every time a node receives a RREQ or a RREP it verifies the hop count of the message. Before rebroadcasting a RREQ or forwarding a RREP, a node hashes one time the Hash value in the Signature Extension.
Hash = h(Hash)
Analysis
Hop count authentication by using hash chains is not perfect: A malign node might forward a message without increase the hop count.
More secure approaches are too expensive, and they don't solve tunneling attacks.
Tunneling attacks are not solved by SAODV. But, who can solve them?
Obscurity is not the way to obtain security. There is no such thing as a tampering resistant device. We want open standards.
Future Work
Try to reduce the processing power requirements of SAODV due to the use of asymmetric cryptography. Add SAODV extension to the NRC-AODV implementation (done by me). NRC-AODV has all the basic AODV features, and was tested in the first AODV interoperability test. (NRC stands for Nokia Research Center)
Thanks To:
N. Asokan: He has contributed to the saodv draft with several improvements and corrections. He suggested the use of hash chains to authenticate the hop count and, that intermediate nodes should sign the lifetime of the RREPs. Everybody who has been discussing SAODV with me or Asokan.
To you: For your attention.
More Info