An ad hoc wireless network is an autonomous self-organizing system of mobile nodes connected by wireless links where nodes not in direct range can communicate via intermediate nodes. A common technique used in routing protocols for ad hoc wireless networks is to establish the routing paths ondemand, as opposed to continually maintaining a complete routing table. A significant concern in routing is the ability to function in the presence of byzantine failures which include nodes that drop, modify, or mis-route packets in an attempt to disrupt the routing service. We propose an on-demand routing protocol for ad hoc wireless networks that provides resilience to byzantine failures caused by individual or colluding nodes. Our adaptive probing technique detects a malicious link after log n faults have occurred, where n is the length of the path. These links are then avoided by multiplicatively increasing their weights and by using an on-demand route discovery protocol that finds a least weight path to the destination.

We study methods for reducing the cost of secure link state routing. In secure link state routing, routers may need to verify the authenticity of many routing updates, and some routers such as border routers may need to sign many routing updates. Previous work such as public-key based schemes either is very expensive computationally or has certain limitations. This paper presents an efficient solution, based on a detection-diagnosis-recovery approach, for the link state routing update authentication problem. Our scheme is scalable to handle large networks, applicable to routing protocols that use multiple-valued cost metrics, and applicable even when link states change frequently. 1. Introduction Routers exchange routing control packets to disseminate their current states. Based on these control packets, routers can construct their routing tables to cooperatively forward packets from source to destination. If routing infrastructure components, such as routers or inter-router links, ar...

It is critical to protect the network infrastructure (e.g., network routing and management protocols) against security intrusions, yet dealing with insider attacks are probably one of the most challenging research problems in network security. We study the security threats, especially internal/insider threats, for the standardized routing protocol OSPF. In OSPF, a group of routers collaborate, exchange routing information, and forward packets for each other. If one (and maybe more than one) router is evil or compromised, how can this router damage the whole network? In this paper, we analyze OSPF and identify its strengths and weakness under various insider attacks. Furthermore, to confirm our analysis, we have implemented and experimented one attack, the max sequence number attack, on our OSPF routing testbed. Our attack is very successful against two independently developed router products as it will block routing updates for 60 minutes by simply injecting one bad OSPF protocol data ...

We present Keyed HIP (KHIP), a secure, hierarchical multicast routing protocol. We show that other shared-tree multicast routing protocols are subject to attacks against the multicast routing infrastructure that can isolate receivers or domains or introduce loops into the structure of the multicast routing tree. KHIP changes the multicast routing model so that only trusted members are able to join the multicast tree. This protects the multicast routing against attacks that could form branches to unauthorized receivers, prevents replay attacks and limits the effects of flooding attacks. Untrusted routers that are present on the path between trusted routers cannot change the routing and can mount no denialof -service attack stronger than simply dropping control messages. KHIP also provides a simple mechanism for distributing data encryption keys while adding little overhead to the protocol. 1 Introduction A multicast routing protocol provides efficient many-tomany delivery across a net...

The law of Conservation of Flow, which states that an input must either be absorbed or sent on as an output (possibly with modification), is' an attractive tool with which to analyze network protocols' for security properties. One of its' uses is to detect disruptive network elements' that launch Denial of Service attacks' by absorbing or discarding packets'. Its' use requires several assumptions about the protocols' being analyzed. In this' paper, we examine the WATCHERS algorithm to detect misbehaving routers'. We show that it uses Conservation of Flow without sufficient verification of its' assumptions, and can consequently be defeated. We suggest improvements' to make the use of Conservation of Flow valid.

Security and intrusion detection for routing protocols are two closely related topics in the protection of network infrastructure. The former focuses on secure network control protocols, while the latter is in the area of network security management. In this paper, we study the integration of these two areas: control and management. We take OSPF, a link-state routing protocol, as a target example to demonstrate the advantages for this integrated architecture. We will also show some preliminary implementation results. 1 Introduction Security and intrusion detection for routing protocols are two closely related topics in the protection of network infrastructure. The former focuses on secure network control protocols (control plane), while the latter is in the area of network security management (management plane). In most cases, we have considered these two issues independently. For example, while developing the security mechanism for the MobileIP protocol, we have hardly worried about ...

Ah hoc networks offer increased coverage by using multi-hop communication. This architecture makes services more vulnerable to internal attacks coming from compromised nodes that behave arbitrarily to disrupt the network, also referred to as Byzantine attacks. In this work we examine the impact of several Byzantine attacks performed by individual or colluding attackers. We propose ODSBR, the first on-demand routing protocol for ad hoc wireless networks that provides resilience to Byzantine attacks caused by individual or colluding nodes. The protocol uses an adaptive probing technique that detects a malicious link after log n faults have occurred, where n is the length of the path. Problematic links are avoided by using a route discovery mechanism that relies on a new metric that captures adversarial behavior. Our protocol never partitions the network and bounds the amount of damage caused by attackers. We demonstrate through simulations ODSBR’s effectiveness in mitigating Byzantine attacks. Our analysis of the impact of these attacks versus the adversary’s effort gives insights into their relative strengths, their interaction and their importance when designing multi-hop wireless routing protocols.

Attacks where adversaries have full control of a number of authenticated devices and behave arbitrarily to disrupt the network are referred to as Byzantine attacks. Traditional secure routing protocols are vulnerable to this class of attacks since they usually assume that once authenticated, a node can be trusted to execute the protocol correctly. We present a detailed description of several Byzantine attacks (black hole, flood rushing, wormhole and overlay network wormhole), analyze their mechanisms and describe the major mitigation techniques. Through simulation, we perform a quantitative evaluation of the impact of these attacks on an insecure on-demand routing protocol. The relative strength of the attacks is analyzed in terms of the magnitude of disruption caused per adversary. An implementation of the On-Demand Secure Byzantine Routing protocol (ODSBR) was created in order to quantify its ability to mitigate the considered attacks. ODSBR was chosen because its design addresses a wide range of Byzantine attacks. 1

Abstract Detection of routing-based attacks is difficult because malicious routing behavior can be identified only in specific network locations. In addition, the configuration of the signatures used by intrusion detection sensors is a time-consuming and error-prone task because it has to take into account both the network topology and the characteristics of the particular routing protocol in use. We propose an intrusion detection technique that uses information about both the network topology and the positioning of sensors to determine what can be considered malicious in a particular place of the network. The technique relies on an algorithm that automatically generates the appropriate sensor signatures. This paper presents a description of the approach, applies it to an intra-domain distance-vector protocol, and reports the results of its evaluation. Keywords: Routing Security, Intrusion Detection, Network Topology. 1 Introduction Attacks against the IP routing infrastructure can be used to perform substantial denial-of-service attacks or as a basis for more sophisticated attacks, such as man-in-the-middle schemes and non-blind spoofing. Given the insecure nature of the routing protocols currently in use, preventing these attacks requires modifications to the routing protocols, the routing software, and, possibly, the network topology itself. Because of the critical role of routing, there is a considerable inertia to this process. As a consequence, insecure protocols are still widely in use throughout the Internet.

. After many years, cryptography is coming to the Internet. Some protocols are in common use; more are being developed and deployed. The major issue has been one of cryptographic engineering : turning academic papers into a secure, implementable specification. But there is missing science as well, especially when it comes to efficient implementation techniques. 1 Introduction In early 1994, CERT announced 1 that widespread password monitoring was occuring on the Internet. In 1995, Joncheray published a paper explaining how an eavesdropper could hijack a TCP connection [Jon95]. In mid-1998, there is still very little use of cryptography. Finally, though, there is some reason for optimism. A number of factors have combined to change people's behavior. First, of course, there is the rise of the Internet as a mass medium, and along with it the rise of Internet commerce. Consider the following quote from a popular Web site: How does ------.com protect my credit card if I order online? --...