Secure Routing with AODV Protocol for

Mobile Ad Hoc Networks

Anitha Prahladachar Tahira Farid

Course: 60-564 Instructor: Dr. Aggarwal

Papers Reviewed Perkins, C.E.; Royer, E.M,”Ad-hoc On-Demand Distance

Vector Routing,” Proceedings of the Second IEEE Workshop on Mobile Computing Systems and Applications, WMCSA ’99

Pirzada, A.A.; McDonald, C,”Secure Routing with the AODV Protocol,” Proceedings of the Asia-Pacific Conference on Communications, Oct 3-5, 2005

Bhargava, S.; Agrawal, D.P.,”Security Enhancements in AODV protocol for Wireless Ad Hoc Networks,” Vehicular Technology Conference Oct 7-11, 2004, IEEE VTS 54th Vol. 4

Yuxia Lin, A. Hamed Mohsenian Rad, Vincent W. S. Wong, Joo-Han Song,”Experimental Comparisons between SAODV and AODV Routing Protocols,” Proceedings of the 1st ACM workshop on Wireless Multimedia Networking and Performance modeling, WMuNeP Oct 2005

Outline Mobile Ad Hoc Networks (MANET) Applications Security Design Issues in MANET Motivation Traditional AODV Secured AODV Experimental Comparisons Closing Remarks

Mobile Ad Hoc Networks

A collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure.

Significant Features: Dynamic topology of interconnections No administrator Short transmission range- routes between nodes has one

or more hops Nodes act as routers or depend on others for routing movement of nodes invalidates topology information

Mobile Ad Hoc Networks (cont.) The network topology can change any time

because of node mobility and nodes may become disconnected very frequently.

Mobile Ad Hoc Networks (cont.)

Host A and C are out of range from each other’s wireless transmitter.

While exchanging packets, they use routing services of host B. B is within the transmission range of both of them.

Routing: Source -> Destination

Applications of MANET Useful where geographical or terrestrial

constrains demand totally distributed network without fixed base station.

Military Battlefields Disaster and Rescue Operations Conferences Peer to Peer Networks

Security Design Issues in MANET Do not have any centrally administered

secure routers. Attackers from inside or outside can easily

exploit the network. Passive eavesdropping, data tampering, active

interfering, leakage of secret information, DoS etc.

Open peer-to-peer architecture. Shared Wireless Medium. Dynamic Topology.

MotivationAd Hoc networks are challenged due to

Nodes are constantly mobile Protocols implemented are co-operative in nature Lack of fixed infrastructure and central concentration

point where IDS can collect audit data One node can be compromised in a way that the

incorrect and malicious behaviour cannot be directly noted at all.

Well-established traditional security approaches to routing are inadequate in MANET.

Traditional AODV Ad Hoc On Demand Distance Vector Routing

Protocol Reactive Protocol: discovers a route on demand. Nodes do not have to maintain routing

information. Route Discovery Route Maintenance Hello messages:

used to determine local connectivity. can reduce response time to routing requests. can trigger updates when necessary.

Traditional AODV – Route Discovery If a source needs a route to a destination for which it does

not already have a route in its cache: Source broadcasts Route Request (RREQ)

message for specified destination Intermediate node:

Returns a route reply packet (RREP) (if route information about destination in its cache), or

forwards the RREQ to its neighbors (if route information about destination not in its cache).

If cannot respond to RREQ, increments hop count, saves info to implement a reverse path set up, to use when sending reply (assumes bidirectional link…)

Traditional AODV – RREQ RREQ packet contains:

destination and source IP address, broadcast ID, source node’s sequence number and destination node’s sequence number.

Node 1 wants to send data packet to node 7. Node 6 knows a current route to node 7. Node 1 sends a RREQ packet to its neighbors.

Source_addr =1 dest_addr =7 broadcast_id = broadcast_id +1source_sequence_# =

source_sequence_# + 1dest_sequence_# = last

dest_sequence_# for node 7

Type Flag Resvd hopcnt

Broadcast_id

Dest_addr

Dest_sequence_#

Source_addr

Source_Sequence_#

Traditional AODV (RREQ)

Nodes 2 and 4 verify that this is a new RREQ (source_sequence_# is not stale) with respect to the reverse route to node 1.

Forward the RREQ, and increment hop_cnt in the RREQ packet. RREQ reaches node 6 from node 4, which knows a route to 7. Node 6 verify that the destination sequence number is less than or

equal to the destination sequence number it has recorded for node 7.

Nodes 3 and 5 will forward the RREQ packet to node 6, but it recognizes the packets as duplicates.

Traditional AODV (RREP) Node 6 has a route to destination. It sends a route reply

RREP to the neighbor that sent the RREQ packet. Intermediate nodes propagate RREP towards the source

using cached reverse route entries. Other RREP packets discarded unless, dest_seq_# is higher

than the pervious, or same but hop_cnt is smaller. Cached reverse routes timeout in nodes that do not see

RREP packet.

Type Flag prsz hopcnt

Dest_addr

Dest_sequence_#

Source_addr

lifetime

Traditional AODV (RREP)

Node 6 sends RREP to node 4 Source_addr=1, dest_addr=7, dest_sequence_# = maximum

(sequence no. stored for node 7, dest_sequence_# in RREQ), hop_cnt =1.

Node 4 finds out it is a new route reply and propagates the RREP packet to Node 1.

Approach 1 : Secure AODV Vulnerability issues of AODV (due to

intermediate nodes): Deceptive incrementing of sequence number Deceptive decrementing of hop count

To secure AODV, approach 1 divided security issues into 3 categories: Key Exchange Secure Routing Data Protection

Approach 1 : Secure AODV (cont.)

Key Exchange: All nodes before entering the network procure a one-time public

and private key pair from CA and CA’s public key. After that, nodes can generate a Group Session Key between

immediate neighbors using a suitable ‘Group keying protocol’. These session keys are used for securing the routing process

and data flow. Thus authentication, confidentiality and integrity is assured.

Approach 1 : Secure AODV (cont.) Secure Routing (RREQ):

Node ‘x’ desiring to establish communication with ‘y’, establishes a group session key Kx between its immediate neighbors.

Creates RREQ packet, encrypts using Kx and broadcasts. Intermediate recipients that share Kx decrypt RREQ and modify. Intermediate nodes that do not share Kx initiate ‘group session key

exchange protocol’ with the immediate neighbors. Intermediate nodes encrypt RREQ packet using the new session key

and rebroadcast.

Approach 1 : Secure AODV (cont.) Secure Routing (RREP)

In response to RREQ, ‘y’ creates RREP. RREP is encrypted using the last Group session

key that was used to decrypt RREQ and is unicast back to the original sender.

If any of the intermediate nodes has moved out of wireless range, a new group session key is established.

Recipient nodes that share the forward group session key decrypt RREP and modify.

RREP is then encrypted using backward group session key and unicast to ‘x’.

Approach 1 : Secure AODV (cont.)

Data Protection Node ‘x’ desiring to establish end-to-end secure data channel,

first establishes a session key Kxy with ‘y’. ‘x’ symmetrically encrypts the data packet using Kxy and

transmits it over the secure route. Intermediate nodes forward the packet in the intended

direction. Node ‘y’ decrypts the encrypted data packet using Kxy.

Security Analysis for Approach 1 Authorized nodes to perform route computation and discovery.

Routing control packets authenticated and encrypted by each forwarding node.

Minimal exposure of network topology. Routing information is encrypted, an adversary will gain no

information on the network topology. Detection of spoofed routing messages.

Initial authentication links a number of identities to each node’s private key.

Detection of fabricated routing messages. To fabricate a routing message session key needs to be compromised.

Prevent redirection of routes from shortest paths. Routing packets accepted only from authenticated nodes, adversary

cannot inject anything unless an authorized node first authenticates it.

Approach 2: Secure AODV (cont.) Defines two types of attacks:

Internal & external Compromised & Selfish nodes Malicious nodes

To handle the attacks, this approach suggests two models: Intrusion Detection Model (IDM) Intrusion Response Model (IRM)

Approach 2: Secure AODV (cont.) Vulnerability issues of AODV (due to

internal attacks): Distributed false route request Denial of service Destination is compromised Impersonation

Approach 2: Secure AODV (cont.) IDM

Each node employs IDM that utilizes the neighborhood information to detect misbehaviors of its neighbors.

When Misbehavior count > threshold for a node, information is sent to other nodes about misbehaving node.

They in turn check their local MalCount, and add the result to the initiator’s response.

IDM is present on all the nodes and monitors and analyzes behavior of its neighbors to detect if any node is compromised.

Secure Communication

Global Response

Intrusion Response Model (IRM)

Mal Count > Threshold

Intrusion Detection Model (IDM)

Data Collection

Approach 2: Secure AODV (cont.) IDM

Distributed False Route Request Malicious node may generate frequent unnecessary

route requests i.e. false route message. If done from different radio range it is difficult to

identify the malicious node (RREQ are broadcasts). When a node receives RREQ > threshold count by a

specific source for a destination in a particular time interval- tinterval, the node is declared malicious.

Approach 2: Secure AODV (cont.) IDM

Denial of Service A malicious node may launch DoS attack by

transmitting false control packets and using the entire network resources.

Other nodes are deprived of these resources. It can be identified if a node is generating the control

packets that is more than threshold count in a particular time interval – tfrequency.

Approach 2: Secure AODV (cont.) IDM - Destination is Compromised A destination might not reply if it is:

Not in the network Overloaded Did not receive route request Malicious

It is identified when a source does not receive reply from destination in a particular time interval – twait.

Neighbors generate ‘Hello’ packets to determine connectivity.

If a node is in network and does not respond to RREQ destined for it, it is identified as malicious.

Approach 2: Secure AODV (cont.) IDM

Impersonation If Sender encrypts the packet with its private key and

other nodes decrypt with public key of sender , this attack can be avoided.

If Receiver is not able to decrypt the packet, the sender might not be the real source and packet will be dropped.

Approach 2: Secure AODV (cont.) Intrusion Response Model ( IRM )

A node ‘x’ identifies that another node ‘m’ is compromised when malcount for that node ‘m’ increases beyond threshold value.

‘x’ propagates to entire network by transmitting ‘Mal’ packet.

If another node ‘y’ suspects node ‘m’, it reports its suspicion to the network and transmits ‘ReMal’ packet.

If two or more nodes report about a particular node , ‘Purge’ packet is transmitted to isolate malicious node from the network.

All nodes having a route through the compromised node look for newer routes.

All packets received from the compromised node are dropped.

Approach 3: Secure AODV SAODV Vulnerability issues of AODV:

Message Tampering Attack [compromised node] E.g. Hop count made 0 by attacker node E.g. Hop count made infinite by selfish node.

Message Dropping Attack [selfish node] Message Replay (wormhole) Attack [malicious node]

Security Requirements for AODV: Source Authentication Neighbor Authentication Message Integrity Access Control

Approach 3: Secure AODV (cont.) Source Authentication

Receiver should be able to confirm the identity of the source.

Neighbor Authentication Receiver should be able to confirm the identify of the

sender (one-hop previous node) Message Integrity

Receiver should be able to verify that content of a message has not be altered either maliciously or accidentally in transit.

Access Control It is necessary to ensure that mobile nodes seeking to

gain access to the network have the appropriate access rights.

Approach 3: Secure AODV (cont.) Route Discovery

Source node selects a random seed number & sets Maximum hop-count (MHC) value.

Using hash function h, source computes hash value as h(seed) and Top_Hash as hMHC(seed).

Intermediate node checks if Top_Hash = hMHC-

Hop_Count(Hash). Before rebroadcasting RREQ, increments hop-count

field by 1 in RREQ header. Computes new Hash value by hashing the old value,

h(Hash).

Approach 3: Secure AODV (cont.) Route Discovery

Except for hop-count field and hhop-

count(seed), all other fields of RREQ are non-mutable.

Hence can be authenticated by verifying the signature in RREQ.

Destination generates RREP on receiving RREQ.

Experimental Comparisons Between AODV and

SAODV Indoor Experiments

10 laptops are placed in the same room

Facilitates the comparison of ns-2 simulation and indoor emulation results.

Outdoor Experiments Conducted in a rugby field

(250m – 100m approx.). Participants with laptop

walked randomly at 1m/sec.

Each test run took 6 mins.

Experimental Comparisons (Results and Discussions) Indoor Emulation and Simulation Results

UDP Traffic – UDP Packet Delivery Ratio

Experimental Comparisons (Results and Discussions) Indoor Emulation and Simulation Results

UDP Traffic – Routing Control Overhead (in packets)

Experimental Comparisons (Results and Discussions) Indoor Emulation and Simulation Results

UDP Traffic – Routing Control Overhead (in bytes)

Experimental Comparisons (Results and Discussions) Outdoor Results

UDP Packet Delivery Ratio Routing Control overhead for

UDP Amount of Routing Packets Aggregate Routing Overhead

Closing Remarks Approach 1

Authors proposed Approach 1 for both secure routing and data protection

No Experiments have been discussed. Approach 2

No Data Security Provided Routing load of a network increases as malicious nodes

generate False Control Messages. After implementing, decreases routing load by identifying

malicious node and isolating them from the network. Approach 3

Ensure both integrity of data and control packets by using hash functions.

Source, Neighbor authentication and access control are ensured by digital signatures.

Many indoor and outdoor experiments have been performed. More efficient.

Thank you!!!Questions???