Network Access Control for Mobile Ad Hoc Network

Pan Wang

North Carolina State University

2

Outline

• Background

• Problem statement

• Related work

• Proposed scheme– Key Synchronization– Packet Retransmission

• Analysis, simulation and field test

• Summary

3

Background

• Mobile Ad Hoc Network (MANET)– A MANET consists of mobile platforms (e.g., a

router with multiple hosts and wireless communications devices), which are free to move about arbitrarily. -- IETF RFC2501

– Characteristics of MANET• No pre-determined infrastructure

• Ease of deployment

• Dynamic topologies (e.g., mobility, network partition )

• Constrained resources (e.g., bandwidth, energy )

4

Background (Cont)

• Network access control– Not media access control – Who has the right to access the network

• Physical*

• Technical *

• Administrative *

– Firewalls • Conventional network

• Using network topology and service information

* H. F. Tipton, Handbook of information security management

5

Problem Statement

• An attacker may inject “bogus” packets to consume the network resources, or insert itself into critical routes

• No mature access control scheme for MANET– more complicated due to open media and dynamic

topology

6

Related Work

• DHCP Access Control Gateway

• Kerberos

• Distributed firewall

• Pebblenets

• Distributed access control scheme for consumer operated MANET

• LHAP

7

Related Work --Cont

• LHAP: a lightweight hop-by-hop authentication protocol for ad-hoc networks– Based on one-way key chain and TESLA– Hop-by-hop authentication– Each transmitted packet associated with a traffic key, – Receiver (or intermediate node) verifies to decide whether

forward (accept) the packet

C

A

B

D

(i)KFA

(i)KFA

S

Cert &Commit

S

M, KF(i)

S

M, KF(I+1)

8

Proposed Scheme – cryptographic tools

• Group key agreement• Group key distribution

– Controller chooses key

– Stateful vs. Stateless

• Stateless key distribution – Each user is assigned an

unique set of personal keys

– New key is encrypted with the personal keys only known to the legitimate users

– Nice stateless property

k1 k2

K1-

2

K3-

4

k3

k4

K1-

4

M1 M2 M3 M4

9

Proposed Scheme – underlying models

• Network model– All nodes come from one domain – A node’s access to the network is controlled by a

domain manager (i.e., key manager) – Each node has a unique ID and a set of personal

secret keys

• Attack model– Attackers inject packets to deplete the resources of

node relaying the packets

10

Proposed Scheme - outline

• Basic idea– Cryptography-oriented (using group key)

– Authenticate all the packets with a network-wide access control (group session) key.

– Any “bogus” packet that has incorrect authentication information will be filtered out immediately.

– As a result, illegitimate nodes will be excluded from communication (routes).

•pan wang:•pan wang:

11

Research challenges

• Two critical challenges – Synchronization of network access control key

– Interaction between data transmission and key distribution

If these two challenges can be solved, the proposed group key based network access control scheme will be done.

12

Key Synchronization

• Problem statement– A key update message may fail to propagate

across MANET. Thus, two legitimate user may simultaneously hold different session key (lack of key synchronization)

13

Key Synchronization (Cont-1)

• An example of lack of key synchronization

A

B

C

DE

KeyManager

P1

P2

P3

F*

F

14

Key Synchronization (Cont-2)

• Solution– Exploit the stateless feature of the proposed

stateless group key distribution scheme

– Each user buffers the key update message most recently received

– Transmit the buffered message to the other users that are using old session keys

15

Key Synchronization (Cont-3)

• Scheme details– Proactive part

• Broadcast the buffered key update message every t time unites

– Reactive part• Send a key synchronization request, if a received

packet has higher session ID

• Send the buffered key update message, if a received packet has a lower session ID

16

Key Synchronization (Cont-4)

• Illustration of the proposed key synchronization scheme

B

A

S E

F

H

J

D

C

G

IK

M

N

LB

A

S E

F

H

J

D

C

G

IK

Broadcast

M

N

LB

A

S E

F

H

J

D

C

G

IK

M

N

LB

A

S E

F

H

J

D

C

G

IK

M

N

LB

A

S E

F

H

J

D

C

G

IK

M

N

LB

A

S E

F

H

J

D

C

G

IK

M L

N

Represents a node that has the most recent key

17

Key Synchronization (Cont-5)

• Security analysis (possible attacks)– Resource consumption via forged key update

message• Solution: lightweight authentication methods (One-

way key chain & Merkle hash tree)

– Resource consumption via forged data packet• Constrained to one-hop •

– Logically partition MANET via refusing forwarding key update message

• Multiple paths, watchdog

18

Key Synchronization (Cont-6)

One-way key chain

k0 k1 ki ki+1 kn-1 kn

k0=h(k1) ki=h(ki+1) kn-1=h(kn)

19

Key Synchronization (Cont-7)

Merkle hash tree

m07

m01

m0 m1

k0 k1

m23

m2 m3

k2 k3

m45

m4 m5

k4 k5

m67

m6 m7

k6 k7

m03 m47

m0=f(k0)

m01=h(m0,m1)

m03=h(m01,m23)

m07=h(m03,m47)

20

Key Synchronization (Cont-8)

• Performance analysis– Rely on the adopted stateless group key

distribution scheme

– Storage• One message

– Computation

– Communication• Depends on t and number of users using an old key

21

Packet Retransmission

• Problem statement – The interaction between data transmission and key

distribution. That is, in the case of a lack of key synchronization, a user may receives some (unverified) packets authenticated with a different session key.

22

Packet Retransmission (Cont-1)

• Possible options– Simply drop

– Buffer and then verify

– Synchronize the keys before sending every data packet

• All of them have serious drawbacks

23

Packet Retransmission (Cont-2)

• Proposed solution– Drop, synchronize keys, and then retransmit.

– ACK mechanism

– Unicast & broadcast

D

S B2. ReTx Request

4. ReTx Packet

1. Tx failed due tolack of key Syn

3. Key SynA

5. ACK

24

Algorithm of the proposed scheme

25

Packet Retransmission (Cont-3)

• Security analysis (possible attacks)

– Resource consumption attack

– Forged ACK message

– Packet modification

26

Packet Retransmission (Cont-4)

• Performance analysis– Computation

• Authentication & verification

• Pentium 4 2.1 GHz processor *

MD5 216.674 MB/s SHA-1 67.977 MB/s

– Communication• Retransmission rate

27

Simulation Evaluation

• The simulation modal– 40/80 nodes randomly

placed in a fixed area (a square of size 1km x 1km)

– Random walk with a maximum speed 20m/s

– Communication range 200m

– 2000 simulations, using different random number seeds

0%

20%

40%

60%

80%

100%

20 40 60 80 100

Number of Nodes

Perc

enta

ge o

f Rea

chab

le N

odes

28

Simulation Evaluation (Cont-2)

Average percentage of nodes which got the latest session key

0%

20%

40%

60%

80%

100%

1 2 3 4 5 6 7 8

Rounds of Key Update (P_lost=0, 40 nodes)

Stateful Scheme

Stateless Scheme

After 1 Cycle of K. Syn

After 2 Cycles of K. Syn

After 3 Cycles of K. Syn

0%

20%

40%

60%

80%

100%

1 2 3 4 5 6 7 8Rounds of Key Update (P_lost=0.25, 40 nodes)

Stateful Scheme

Stateless SchemeAfter 1Cycle of K. Syn

After 2 Cycles of K. SynAfter 3 Cycles of K. Syn

29

Simulation Evaluation (Cont-3)

Average percentage of nodes which got the latest session key

65%

70%

75%

80%

85%

90%

95%

100%

1 2 3 4 5 6 7 8

Rounds of Key Updaye (P_lost=0, 80 nodes)

Stateful Scheme

Stateless Scheme

After 1 Cycle of K. Syn

After 2 Cycles of K. Syn

After 3 Cycles of K. Syn

65%

70%

75%

80%

85%

90%

95%

100%

1 3 5 7Rounds of Key Updates (P_lost=0.25, 80 nodes)

Stateful Scheme

Stateless Scheme

After 1 Cycle of K. Syn

After 2 Cycles of K. Syn

After 3 Cycles of K. Syn

30

Simulation Evaluation (Cont-4)

0%

2%

4%

6%

8%

10%

12%

14%

0 0.5 1 1.5 2 2.5 3

Packet Sending Rate (# packets per second )

Re

tra

ns

mis

sio

n R

ate

40 nodes

80 nodes

31

Implementation

• Based on Netfilter

• Two daemons– Adopt the stateless scheme proposed by Liu & Ning

Pre-Routing ROUTE Forward Post-

Routing

ROUTE

LocalOut

Verification Authentication

LocalIn

32

Field Test

• Test bed– One Dell P4 laptop with Linux 9.0 (kernel 2.4.20)

– Two Compaq iPAQ 3970 PDAs with Familiar v0.7.2 (kernel 2.4.19-rmk-pxal-hh30)

– Lucent Orinoco wireless cards

• Tests– Key distribution

– User revocation

– Packet authentication and verification

– Key synchronization

33

Summary

• Network access control is an important issue for MANET

• Cryptography-oriented solution exploiting the stateless feature of stateless group key distribution scheme

• Simulation as well as functioning prototype indicates it practical and effective

34

Question