Integrating Quality of Protection into Ad Hoc Routing ProtocolsTraditional ad hoc routing protocolsMotivationSecurity-Aware ad hoc Routing (SAR)GoalsRouting ProtocolPath EstablishmentSecurity Attributes (1)Security Attributes (2)Quality of ProtectionTrust HierarchySimulation Set-upPath DiscoveryRouting TrafficSimulation TimeStrong PointsWeak PointsOpen QuestionsAny Questions?Integrating Quality of Protection into Ad Hoc Routing ProtocolsSeung Yi, Prasad Naldurg, Robin KravetsUniversity of Illinois at Urbana-ChampaignTraditional ad hoc routing protocolsCooperative by natureRely on implicit trust-your-neighbor relationshipsFocus on convergence time and routing performance, rather than securityMotivationSecurity-Aware ad hoc Routing (SAR)SAR is an approach to routing that incorporates security levels of nodes into traditional routing metricsSAR is typically added on top of existing routing algorithmsGoalsApplications can specify the quality of protection on their ad hoc route with respect to security attributes relevant to themSAR aims to protect routing control messagesFor example, disclose routing information to trusted nodes onlyRouting ProtocolAssume the base protocol is on-demand, such as DSRSource broadcasts a Route Request (RREQ) with desired quality of protectionNeighbors propagate RREQ only if they could support the specified quality of protectionRREQ sets up reverse path as it propagatesDestination sends Route Reply (RREP) once it receives RREQPath EstablishmentS DRREQRREPSecurity Attributes (1)AttributesAttributesTechniquesTechniquesAttacksAttacksTimeliness Time stamps ReplayOrdering Sequence numbers ReplayAuthenticity Passwords, certificatesImpersonationAuthorization CredentialsSecurity Attributes (2)AttributesAttributesTechniquesTechniquesAttacksAttacksIntegrity Digests, digital signaturesModification, fabricationNon-repudiation Chaining of digital signaturesRepudiationConfidentiality Encryption EavedroppingQuality of ProtectionWe have seen how quality of protection is used in path establishmentHow to specify quality of protection?Trust hierarchyBit vectorOne bit for each security attributeTrust HierarchyEach level has predefined quality of protectionThese levels represent the security capability of the mobile nodes and also of the pathsAssociate a number with each levelTrust level or protection should be immutableKeys of each level are distributed to nodes on that level.Encrypt the portion of the RREQ and RREP headers that contain the trust levelSimulation Set-upns2 network simulator50 mobile nodes and 3 trust levels15 (H), 15 (M), 20 (L)2 different traffic patterns with 20 flows10% (H), 20% (M), 70% (L)33% (H), 33% (M), 34% (L)SAR is implemented on top of AODVPath DiscoveryTraffic 1 Traffic 2SAR discovered fewer pathsPaths guaranteed to obey the security requirementRouting TrafficTraffic 1 Traffic 2SAR has lower routing traffic overheadnodes drop routing messages if they can not satisfy the security requirementSimulation TimeTraffic 1 Traffic 2SAR takes more time to finishData packets may follow longer but more secure pathsControl packets experience processing overheadStrong PointsExposes security levels to applications so that applications can adapt its behaviorConcept is simple and effectiveWeak PointsOverhead: Encryption, hashes, …If the ad hoc network does not have a path with nodes that meet RREQ’s security requirements, SAR may fail to find a route even if the network is connectedOpen QuestionsHow does SAR perform in real-world experiments?Which base protocols are most suitable for SAR?Any