Cristina Nita-Rotaru Spring 2004/Lecture 18 1Security Topics in Networkingand Distributed SystemsCS 590DLecture 18: Wormhole and FloodRushing AttacksDepartment of Computer SciencesPurdue UniversityCristina Nita-Rotaru Spring 2004/Lecture 18 2References• Packet Leashes: A Defenseagainst Wormhole Attacks inWireless Networks. Yih-ChunHu, Adrian Perrig, David B.Johnson, INFOCOM 2003.• Rushing Attacks and Defensein Wireless Ad Hoc NetworkRouting Protocols. Yih-Chun Hu,Adrian Perrig, and David B.Johnson WiSe 2003.Cristina Nita-Rotaru Spring 2004/Lecture 18 3Wormhole Attack• Nodes act in collusion to inject falseinformation• Take a message and tunnel it to thecolluding node in its payload• Attacker records a packet at one locationin the network, tunnels the packet toanother location, and replays it there.• It’s a replay so authentication does nothelpCristina Nita-Rotaru Spring 2004/Lecture 18 4Detecting Wormhole Attacks• Main idea : add to a packet to restrict thepacket’s maximum allowed transmissiondistance (leash)• Geographical leash: insures that therecipient of the packet is within a certaindistance from the sender.• Temporal leash: ensures that the packethas an upper bound of its lifetime (restrictsthe maximum travel distance).Cristina Nita-Rotaru Spring 2004/Lecture 18 5Geographical Leash• Each nodes adds its location and timstampon the packet• Authentication techniques used to allow areceiver to authenticate the location andtimestamp in the received packets• Receiver verifies based on the location andtimestamp on the packet, its own locationand local time, and the speed of movingnodes, if the packet could indeed travel thatdistanced £ ||Ps - Pr|| + 2v*(tr - ts + D ) + dCristina Nita-Rotaru Spring 2004/Lecture 18 6Geographical Leashes (cont.)• Do not require tightly synchronized clocks• can be used in conjunction with radiopropagation model, allowing them to detecttunnels through obstacles• Location info increases overhead on thepacker• require more general broadcast p andauthentication mechanism• can be used until maximum range is < 2vD (v isthe maximum speed of any node and D is thedifference between the clocks)Cristina Nita-Rotaru Spring 2004/Lecture 18 7Temporal Leash• A temporal leash prevents the packet fromtravelling further than distance L, L > D * c,where c is propagation speed of the wirelesssignal and D is the error in the clockssynchronization• Sender includes the time on the packer, andreceiver uses the time on the packet and thelocal time at the receiver to ensure abovecondition• Receiver needs to authenticate theexpiration timeCristina Nita-Rotaru Spring 2004/Lecture 18 8Authentication• Digital signatures too expensive, also issues withthe time when the packet is actually sent (802.11has delays between each packet to avoidcollisions)• HMAC requires shared keys, n(n-1)/2 keys innetwork with n nodes, not good for broadcast• Separate HMAC can be avoided by multiplereceivers sharing the same key, BUT it might allowcolluding receivers to impersonate the sender• TESLA, delays the release of the keys, notappropriate for this environmentCristina Nita-Rotaru Spring 2004/Lecture 18 9TIK Protocol• Implements a temporal leash and enablesthe receiver to detect a wormhole attack• Uses efficient symmetric cryptographicprimitives• Requires accurate time synchronizationbetween all communicating parties• Requires each communicating node to knowjust one public value for each senderCristina Nita-Rotaru Spring 2004/Lecture 18 10TIK Protocol (cont.)• Relies on Tesla, but the synchronized clocksallows them to release the key immediately• Hash chains, then builds the Merkleauthentication tree to be able to do efficientauthentication• Tricks to be able to store just part of the treeand not all tree (still require MB storage)Cristina Nita-Rotaru Spring 2004/Lecture 18 11Flood Rushing Attack• On-demand routing protocols use duplicatesuppression at each node: first RREQ thatreaches a node is considered legitimate, nextare discarded (all have the same identifier,higher identifiers denote new requests)• Attacker disseminates RREQ quicklythroughout the network suppressing any laterlegitimate RREQCristina Nita-Rotaru Spring 2004/Lecture 18 12Why is the Attack Possible?• An attacker can send faster, by avoiding thedelays that are part of the design of bothrouting and MAC (802.11b) protocols• Attacker can send at a higher wirelesstransmission level• An attacker can take advantage of a wormhole,to create flood rushing attacks, use thewormhole to rush the packets ahead of thenormal flowCristina Nita-Rotaru Spring 2004/Lecture 18 13What Protocol Are Vulnerable?• On-demand unsecure (AODV, DSR) andsecure (ARAN, Ariadne, etc) protocols• Result: when under attack, the routingprotocol will not be able to discover pathslonger than 2 hopsCristina Nita-Rotaru Spring 2004/Lecture 18 14Rushing Attack Prevention (RAP)• Use a secure mechanism to infer if anode is indeed a neighbor or not• Use route delegation to allow othernodes to propagate flows (S-BGP like)• Do not always forward the first flood, butwait for several and then userandomization to select one of of the nfloods and then send itCristina Nita-Rotaru Spring 2004/Lecture 18 15Summary• Many attacks in wirelessnetwork can be prevented byproviding authentication,integrity and non-repudiation• Requires some form of keymanagement• Wormholes and flood rushingcan not be addressed byauthentication
View Full Document
Unlocking...