Security Schemes for the OLSR Protocol for Ad Hoc Networks. (Schémas de sécurité pour le protocole OLSR pour les réseaux ad hoc)

Within the domain of wireless computer networks, this thesis examines the security issues related to protection of packet routing in ad hoc networks (MANETs). This thesis classifies the different possible attacks and examines in detail the case of OLSR (Optimized Link State Routing protocol). We propose a security architecture based on adding a digital signature, as well as more advanced techniques such as: reuse of previous topology information to validate the actual link state, cross-check of advertised routing control data with the node's geographical position, and intra-network misbehavior detection and elimination via flow coherence control or passive listening. Countermeasures in case of compromised routers are also presented. This thesis also assesses the practical problems concerning the choice of a suitable symmetric or asymmetric cipher, the alternatives for the algorithm of cryptographic keys distribution, and the selection of a method for signature timestamping.

[1]  Gene Tsudik,et al.  Key Agreement in Dynamic Peer Groups , 2000, IEEE Trans. Parallel Distributed Syst..

[2]  Zygmunt J. Haas,et al.  The Interzone Routing Protocol (IERP) for Ad Hoc Networks , 2002 .

[3]  O. Kure,et al.  A performance evaluation of security schemes proposed for the OLSR protocol , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[4]  Valérie Issarny,et al.  An efficient group key agreement protocol for ad hoc networks , 2005, Sixth IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks.

[5]  Xiaoyan Hong,et al.  Landmark routing for large ad hoc wireless networks , 2000, Globecom '00 - IEEE. Global Telecommunications Conference. Conference Record (Cat. No.00CH37137).

[6]  Bohyung Han,et al.  Robust routing in wireless ad hoc networks , 2002, Proceedings. International Conference on Parallel Processing Workshop.

[7]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[8]  Elizabeth M. Belding-Royer,et al.  A secure routing protocol for ad hoc networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[9]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[10]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[11]  C. Adjih,et al.  Attacks Against OLSR : Distributed Key Management for Security , 2022 .

[12]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[13]  Panagiotis Papadimitratos,et al.  Secure link state routing for mobile ad hoc networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[14]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[15]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[16]  John Moy,et al.  OSPF for IPv6 , 1999, RFC.

[17]  Tuomas Aura,et al.  Using conservation of flow as a security mechanism in network protocols , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[18]  Todor Cooklev,et al.  Air Interface for Fixed Broadband Wireless Access Systems , 2004 .

[19]  A. Laouiti,et al.  Optimized link state routing protocol for ad hoc networks , 2001, Proceedings. IEEE International Multi Topic Conference, 2001. IEEE INMIC 2001. Technology for the 21st Century..

[20]  Nitin H. Vaidya,et al.  Location-aided routing (LAR) in mobile ad hoc networks , 1998, MobiCom '98.

[21]  Oivind Kure,et al.  Secure Extension to the OLSR protocol , 2004 .

[22]  Biswanath Mukherjee,et al.  Detecting disruptive routers: a distributed network monitoring approach , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[23]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[24]  Levente Buttyán,et al.  Enforcing service availability in mobile ad-hoc WANs , 2000, MobiHoc.

[25]  Danny Dolev,et al.  Dynamic fault-tolerant clock synchronization , 1995, JACM.

[26]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[27]  Danny Dhillon,et al.  Implementing a fully distributed certificate authority in an OLSR MANET , 2004, 2004 IEEE Wireless Communications and Networking Conference (IEEE Cat. No.04TH8733).

[28]  Raj Jain,et al.  Potential Networking Applications of Global Positioning Systems (GPS) , 1998, ArXiv.

[29]  Philippe Jacquet,et al.  Optimized Link State Routing Protocol (OLSR) , 2003, RFC.

[30]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2002, MobiCom '02.

[31]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[32]  J. J. Garcia-Luna-Aceves,et al.  An efficient routing protocol for wireless networks , 1996, Mob. Networks Appl..

[33]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[34]  Lijun Liao,et al.  Group Key Agreement for Ad Hoc Networks , 2007, IACR Cryptol. ePrint Arch..

[35]  Rob Flickenger,et al.  Building wireless community networks , 2001 .

[36]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[37]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[38]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[39]  Robin Kravets,et al.  Security-aware ad hoc routing for wireless networks , 2001, MobiHoc '01.

[40]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[41]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[42]  Mario Gerla Landmark Routing Protocol (LANMAR) for Large Scale Ad Hoc Networks , 2002 .

[43]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[44]  John Marshall An Analysis of SRP for Mobile Ad Hoc Networks , 2003 .

[45]  Marcelo Spohn,et al.  SOURCE TREE ADAPTIVE ROUTING (STAR) PROTOCOL , 1999 .

[46]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[47]  Paul Mühlethaler,et al.  An advanced signature system for OLSR , 2004, SASN '04.

[48]  Uyless D. Black Internet Security Protocols: Protecting IP Traffic , 2000 .

[49]  Jean-Pierre Hubaux,et al.  The quest for security in mobile ad hoc networks , 2001, MobiHoc '01.

[50]  Karl N. Levitt,et al.  Protecting routing infrastructures from denial of service using cooperative intrusion detection , 1998, NSPW '97.

[51]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[52]  Charles E. Perkins,et al.  Ad-hoc on-demand distance vector routing , 1999, Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications.

[53]  Anis Laouiti,et al.  Securing the OLSR routing protocol with or without compromised nodes in the network , 2005 .

[54]  Imrich Chlamtac,et al.  A distance routing effect algorithm for mobility (DREAM) , 1998, MobiCom '98.

[55]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[56]  Gene Tsudik,et al.  Diffie-Hellman key distribution extended to group communication , 1996, CCS '96.

[57]  Yih-Chun Hu,et al.  SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks , 2002, Proceedings Fourth IEEE Workshop on Mobile Computing Systems and Applications.

[58]  Paul Mühlethaler,et al.  OLSR with GPS information , 2004 .

[59]  S. Garfinkel,et al.  Web Security, Privacy & Commerce , 2001 .

[60]  Ondrej Mikle,et al.  Practical Attacks on Digital Signatures Using MD5 Message Digest , 2004, IACR Cryptol. ePrint Arch..

[61]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[62]  L. B. Milstein,et al.  Theory of Spread-Spectrum Communications - A Tutorial , 1982, IEEE Transactions on Communications.

[63]  Gregory A. Hansen,et al.  The Optimized Link State Routing Protocol , 2003 .

[64]  P. Jacquet,et al.  Securing the OLSR protocol , 2003 .

[65]  John Bowers,et al.  Securing E-Business Applications and Communications , 2001 .

[66]  Brad Karp,et al.  GPSR: greedy perimeter stateless routing for wireless networks , 2000, MobiCom '00.

[67]  Brian Weis The Use of RSA Signatures within ESP and AH , 2003 .

[68]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[69]  Srdjan Capkun,et al.  Self-Organized Public-Key Management for Mobile Ad Hoc Networks , 2003, IEEE Trans. Mob. Comput..

[70]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[71]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[72]  J. Vig Introduction to Quartz Frequency Standards , 1992 .

[73]  Srdjan Capkun,et al.  GPS-free Positioning in Mobile Ad Hoc Networks , 2001, Proceedings of the 34th Annual Hawaii International Conference on System Sciences.

[74]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[75]  Adrian Perrig,et al.  The BiBa one-time signature and broadcast authentication protocol , 2001, CCS '01.

[76]  Anis Laouiti,et al.  Multipoint Relaying: An Efficient Technique for Flooding in Mobile Wireless Networks , 2000 .

[77]  Stephen A. Thomas,et al.  SSL & TLS Essentials: Securing the Web , 2000 .

[78]  Radia J. Perlman,et al.  Network layer protocols with Byzantine robustness , 1988 .

[79]  Jing Liu,et al.  Secure Routing for Mobile Ad Hoc Networks , 2007, Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007).

[80]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[81]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[82]  Mario Gerla,et al.  Fisheye State Routing Protocol (FSR) for Ad Hoc Networks , 2002 .

[83]  Steven M. Bellovin,et al.  The Security Flag in the IPv4 Header , 2003, RFC.

[84]  Yih-Chun Hu,et al.  Rushing attacks and defense in wireless ad hoc network routing protocols , 2003, WiSe '03.

[85]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[86]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[87]  Charles E. Perkins,et al.  Highly dynamic Destination-Sequenced Distance-Vector routing (DSDV) for mobile computers , 1994, SIGCOMM.

[88]  Cédric Adjih,et al.  Securing OLSR Using Node Locations , 2005 .

[89]  Guy Pujolle,et al.  Wi-Fi par la pratique , 2002 .

[90]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[91]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[92]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[93]  Zygmunt J. Haas,et al.  The Intrazone Routing Protocol (IARP) for Ad Hoc Networks , 2002 .

[94]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[95]  Ben Lynn,et al.  Authenticated Identity-Based Encryption , 2002, IACR Cryptol. ePrint Arch..

[96]  Thomas Clausen,et al.  The Optimized Link State Routing Protocol: Evaluation through Experiments and Simulation , 2001 .

[97]  Ieee . Wg Part11 : Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications, Higher-Speed Physical Layer Extension in the 2.4 GHz Band , 1999 .

[98]  Jiejun Kong,et al.  Providing robust and ubiquitous security support for mobile ad-hoc networks , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[99]  M. Jiang,et al.  Cluster based routing protocol (CBRP) , 1999 .

[100]  Dirk Fox,et al.  Digital Signature Standard (DSS) , 2001, Datenschutz und Datensicherheit.

[101]  S. Carter Secure Position Aided Ad Hoc Routing , 2003 .

[102]  Li Gong,et al.  A security risk of depending on synchronized clocks , 1992, OPSR.

[103]  J.J. Garcia-Luna-Aceves,et al.  Wireless internet gateways (WINGs) , 1997, MILCOM 97 MILCOM 97 Proceedings.

[104]  Rajendra V. Boppana,et al.  An adaptive distance vector routing algorithm for mobile, ad hoc networks , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[105]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[106]  Philippe Jacquet,et al.  Investigating the impact of partial topology in proactive MANET routing protocols , 2002, The 5th International Symposium on Wireless Personal Multimedia Communications.

[107]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[108]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[109]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[110]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[111]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[112]  Liang Hong,et al.  Secure OLSR , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[113]  Srdjan Capkun,et al.  Small worlds in security systems: an analysis of the PGP certificate graph , 2002, NSPW '02.

[114]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[115]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[116]  Mohamed Anis Laouiti Unicast et Multicast dans les réseaux ad hoc sans fil , 2002 .

[117]  Eli Winjum,et al.  Trust Metric Routing to Regulate Routing Cooperation in Mobile Wireless Ad Hoc Networks , 2005 .

[118]  Srdjan Capkun,et al.  Secure and Privacy-Preserving Communication in Hybrid Ad Hoc Networks , 2004 .

[119]  Alfred Menezes,et al.  Pairing-Based Cryptography at High Security Levels , 2005, IMACC.

[120]  Yih-Chun Hu Packet Leashes : A Defense against Wormhole Attacks in Wireless Ad Hoc Networks , 2001 .

[121]  Li Gong,et al.  Variations on the themes of message freshness and replay-or the difficulty in devising formal methods to analyze cryptographic protocols , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[122]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[123]  Mario Gerla,et al.  Fisheye state routing: a routing scheme for ad hoc wireless networks , 2000, 2000 IEEE International Conference on Communications. ICC 2000. Global Convergence Through Communications. Conference Record.

[124]  Zygmunt J. Haas,et al.  A new routing protocol for the reconfigurable wireless networks , 1997, Proceedings of ICUPC 97 - 6th International Conference on Universal Personal Communications.

[125]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[126]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[127]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[128]  Edward W. Knightly,et al.  Denial of service resilience in ad hoc networks , 2004, MobiCom '04.

[129]  L. Kleinrock,et al.  Packet Switching in Radio Channels : Part Il-The Hidden Terminal Problem in Carrier Sense Multiple-Access and the Busy-Tone Solution , 2022 .

[130]  Donal O'Mahony,et al.  Secure routing for mobile ad hoc networks , 2005, IEEE Communications Surveys & Tutorials.

[131]  Fred L. Templin,et al.  Topology Dissemination Based on Reverse-Path Forwarding (TBRPF) , 2004, RFC.

[132]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[133]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[134]  A. M. Abdullah,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1997 .

[135]  Manel Guerrero Zapata Secure Ad hoc On-Demand Distance Vector (SAODV) Routing , 2006 .

[136]  Mani B. Srivastava,et al.  Dynamic fine-grained localization in Ad-Hoc networks of sensors , 2001, MobiCom '01.

[137]  Sondre Wabakken Engell Securing the OLSR Protocol , 2004 .

[138]  Avishai Wool,et al.  How to prove where you are: tracking the location of customer equipment , 1998, CCS '98.

[139]  Charles E. Perkins,et al.  Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for mobile computers , 1994, SIGCOMM.

[140]  David B. Johnson,et al.  The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks , 2003 .

[141]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[142]  Ricardo Staciarini Puttini,et al.  Certification and Authentication Services for Securing MANET Routing Protocols , 2003, MWCN.

[143]  Jari Arkko,et al.  MIKEY: Multimedia Internet KEYing , 2004, RFC.

[144]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[145]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .