Security Challenges in Opportunistic NetworkPreetam Mukherjee

Centre for Distributed ComputingJadavpur University

ON BEHALF OFProf. Chandan Mazumdar

Dept. of Computer Science & EngineeringJadavpur University

PROBLEMS OF ROUTING IN OPPORTUNISTIC NETWORKS • In regular cases connected networks are used

• But in some cases, networks are connected only by opportunistic contacts of different network nodes

• These type of networks are called opportunistically connected networks or opportunistic networks viz.– Inter-planetary network, – disaster area network, – military networks at war time etc.

• Delay and Disruption Tolerant Network (alias DTN) routing schemes are used to route messages in these networks.

DTN ROUTING AND ITS CHARACTERISTICS

• DTN routing scheme overcomes the problems by using – persistent storage– opportunistic use of mobility.

Nodes are too sparse, move quickly, have

different power saving

schemes

Connection intermittent, high packet drops and heterogeneous unpredictable

delay

• Store-carry-forward approach take messages to their destination.

• Message switching is used instead of packet switching

• Persistent Storage is used instead of transient one

DTN ROUTING AND ITS CHARACTERISTICS...

FORWARDING OF THE MESSAGE THROUGH INTERMIDIARIES

APPLYING STORE AND FORWARDING WITHIN A TACTICAL RELAY BETWEEN TWO ARMY BRIGADES

DIFFERENT TYPES OF ROUTING SCHEMES FOR DELAY AND DISRUPTION TOLERANT NETWORK

• In Epidemic Routing Protocol messages will spread like an epidemic of some disease through the network

• Probabilistic routing protocol is given on the basis that real users are not likely to move around randomly but move in a predictable fashion based on repeating behavioral patterns – such that if a node has visited a location several times before, it

is likely that it will visit the location again.

• In Spray and Wait Routing Protocol at first certain copies of the message are spread in the spray phase and after that if the destination is not found then all the nodes getting the message go for direct transmission

• Store-carry-and-forward routing uses two different schemes– first scheme - only one message is forwarded – alternate scheme - when messages are forwarded, they are

replicated

Efficient Routing Protocol

• Specifically, an efficient routing protocol in this context should:– Perform significantly fewer transmissions than epidemic and

other flooding based routing schemes, under all conditions.– Generate low contention, especially under high traffic loads.– Achieve a delivery delay that is better than existing single and

multi-copy schemes, and close to the optimal.– Be highly scalable, that is, maintain the above performance

behavior despite changes in network size or node density.– Be simple and require as little knowledge about the network

as possible, in order to facilitate implementation.

SECURITY in

OPPORTUNISTIC NETWORKS

Threat to DTN

• Use of open networks to transmit dataAll the messages are going to intermediate nodes which can be

malicious or Selfish nodes.

– Malicious nodeshave the objective to attack the proper network operations without considering their own gains.

– Selfish Nodescan be characterized by the intention of maximizing their own gains or collective gains with collusive nodes from the network community while minimizing their contributions to it.

Threat from Malicious nodes

• Messages (or Bundles) Modification: In DTNs, bundles may traverse over underlying heterogeneous networks. Modification of messages (or bundles) in transit for malicious purposes is a big security threat.

• Unauthorized Access: Due to the resource-scarcity characteristics of DTNs, unauthorized access and use of DTN resources can be a serious concern. – For example, if an unauthorized application were able to control

some DTN infrastructure (e.g. by attacking a routing control protocol), the resource consumption could be catastrophic for the networks.

• Bundle Injection Threat: Attackers can try to inject fake bundles to consume precious DTN resources. Further, DTN nodes can unwittingly be used to assist or amplify resource consumption behavior– A malicious or defective node can inject spurious packets into

the network.– Applications can send messages at a rate that they are not

allowed by their policy.– A malicious or defective node can generate additional

management messages for each bundle sent.

Threat from Malicious nodes…

Threat from Malicious nodes…

• General Networking Threats– DTN conforms an overlay network. Because of that, it needs to

cope with traditional networking attacks which can be passive (eavesdropping, traffic analysis) or active (traffic modification, masquerading).

– DTN applications could make use of the security mechanisms provided by the lower networking layers.

DTN Security Requirements

• Authentication– In DTNs, it is essential for every intermediate DTN node to have

the capability to verify • that the data was really sent by an authorized node • the data was sent at a legitimate rate• asking for the class of service for which they are granted.

– Such an authentication requirement depends on different security design goals and can be provided either on • a hop-by-hop• end-to-end basis

• Confidentiality– Confidentiality requirement is to ensure that sensitive

information is not revealed to unauthorized third parties during the bundle propagation process over DTN links.

– objective can be achieved using the end-to-end encryption• Integrity

– Integrity requirement should ensure that the transmitted messages can not be altered during the propagation process.

– Lack of integrity protection could result in many attacks including message modification, falsification, or replay attacks

DTN Security Requirements…

DTN Security Requirements…

• Privacy/Anonymity– The network should not reveal the location of the user, nor the

party with which she communicates.

DTN Security Characteristics

Lack of End-to-end Connectivity

• Lack of end-to-end connectivity not only brings challenge to routing but also makes the existing security solutions unsuitable

• For example, end-to-end confidentiality using traditional encryption mechanisms requires the multiple-round key agreement between the sender and the receiver in advance. – However, in DTNs, such key agreement may not be feasible since

there may be no network connectivity at the time of sending message

– There-fore, one way, non-interactive key distribution is more suitable in DTNs.

• The same is true for authentication.

• Lack of end-to-end connectivity is also a challenge to public key certificate revocation. – In a traditional Public Key Infrastructure (PKI), the most

commonly adopted certificate revocation scheme is through Certificate Revocation List (CRL), which is a list of revoked certificates stored in central repositories prepared by the Certificate Authorities (CAs).

– However, in DTNs, the nodes may suffer from delayed or frequent loss of connectivity to CRL servers.

– Therefore, distributed CRL distribution or periodical public key updating is preferred in DTNs

Lack of End-to-end Connectivity…

• Due to high mobility, each network link becomes available only for a short period of time.

• When a message is large, it may not be possible to send the entire message at once.

• One possible solution - to split the message into smaller pieces and let each become its own bundle, or “fragment bundle”, and send some pieces of a large message through the current link and rest of the message through another link later to make the best use of limited resources.

• Due to fragmentation, traditional authentication scheme, e.g., the sender generates the signature over an entire message, may not work well – since the intermediate receiver cannot authenticate any of the

received fragments if it has not yet received the entire message.

Fragmentation

• To address this problem, one approach called “toilet paper” was proposed. – make each fragment self-authenticating by attaching a signature

to the end of each fragment separately.• serious performance issue

– signatures are typically large– the intermediate nodes have to spend more computational

efforts on verifying a growing number of signatures and take precious bandwidth.

Fragmentation…

Resource-scarcity

• Another major concern• DTN nodes receive, check and forward a large number of bundles in a

limited time – bandwidth restriction and computational consumption are critical

issues• Security operations such as authentication are regarded as a necessity

to protect precious DTN resources from unauthorized access and use• Security mechanisms will themselves inevitably introduce extra

computation and transmission overheads. • The resource consumption to support security can introduce denial of

service (DoS) opportunities for attackers

Bundle Accumulation

• Due to store-carry-and-forward propagation feature, the bundles may be accumulated at some intermediate nodes

• The accumulation of bundles is equivalent to the accumulation of computational, storage and transmission costs– For example, an intermediate bundle forwarder may contemporarily

receive, store and authenticate multiple bundles from different senders before these bundles are forwarded to the next hop

– Authentication operation normally involves computationally expensive operations such as signature verification, the accumulated authentication related security operations may introduce large computational overhead• which makes the conventional security solutions unsuitable for

DTNs

Solution to Security Challenges

Bundle Security Protocol Specification

• The Delay Tolerant Networking Research Group (DTNRG) has proposed an Internet draft on bundle security protocol specification to provide– data authentication, – data integrity and – data confidentiality

services for bundles conveyed in DTNs. • The specification describes three IPsec style security blocks or

headers that can be added to bundles to provide different security services

• Security blocksThe “Bundle Security Protocol Specification” defines three types of

security blocks that may be included in a bundle– the Bundle Authentication block(BAB)– the Payload Integrity block (PIB)– The Payload Confidentiality block (PCB)

Bundle Security Protocol Specification…

Bundle Security Protocol Specification…

• Each security block contains the security-source (which is one that applies the cryptographic operation, protecting the bundle) and the security-destination information and a ciphersuite. – The ciphersuite defines the algorithms that should be used to

process the received security headers. – The security-sender and the ciphersuite information together

determine the keys that should be used– Different combinations of three security blocks can be used

simultaneously.

Bundle Authentication block(BAB)• BAB assure the authenticity and integrity of the bundle along a single hop from

forwarder to intermediate receiver• BAB is computed at every sending bundle agent and checked at every receiving

bundle agent on every hop along the way from the source to the destination.

Hop by Hop Authentication of Bundle Authentication Block

Bundle Authentication block(BAB)…

• BAB can be a message authentication code (MAC) computed with either digital signature scheme (e.g. RSA signature) or symmetric key based hash function.

• If the received hash does not match the hash calculated at the receiver, the bundle is discarded

Bundle Authentication block(BAB)…

• Currently bundle security specification defines only one mandatory ciphersuite for BAB– based on shared secrets using long-term pre-shared-symmetric

keys for the BAB-HMAC ciphersuite

Payload Integrity Block (PIB)

• The PIB is used to assure the authenticity and integrity of the bundle from the PIB security-source, which creates the PIB, to the PIB security-destination, which verifies the PIB authenticator.

• PIB has two operational modes - end-to-end mode and hop-by-hop mode

Two Operation Mode (Hop-by-Hop/End-to-End) for Bundle Integrity Block

Payload Integrity Block (PIB)…

• BAB protects a bundle on a “hop-by-hop” basis but PIB protects on a (sort of) “end-to-end” basis, whenever both are present the BAB must form the “outer” layer of protection

– BAB always be calculated and added to the bundle after the PIB has been calculated and added to the bundle

• In additional to “end-to-end” mode, PIB can also provide “hop-by-hop” security in case that the ciphersuite allows (e.g. using the digital signatures to provide message authentication).

• The MAC can be verified by any node between the PIB security-source and the PIB security-destination that has access to the cryptographic keys and revocation status information

• Currently, there is only a mandatory ciphersuite for PIB defined in the latest bundle security specification, which is based on digital signatures using RSA with SHA256

Payload Confidentiality Block (PCB)

• The PCB indicates that some parts of the bundle have been encrypted at the PCB security-source in order to protect the bundle content while in transit to the PCB security-destination.

• PCB normally provide confidentiality on an end-to-end basis.

Bundle Confidentiality Block

Payload Confidentiality Block (PCB)…

• The only mandatory ciphersuite for PCB defined in bundle security specification is using RSA for key transport and AES for bulk encryption

Use of Policy Based Routing

• All DTN nodes should provide atleast very rudimentary support for policy-based routing

• simple DTN nodes – the policy could be just to forward all received bundles

• computationally more powerful nodes– perform more complicated policy decisions based on the current

resource consumption state of the network• Policy can be applied for

– the authentication of the bundle– the time-to-live information attached to the bundle– the route the bundle has travelled so far etc.

• A security architecture is needed in which security services can be provided both on hop-by-hop and end-to-end basis, and additionally between two intermediary nodes in the middle of a route.

• For example – A gateway of a sensor network could function as a security-

sender by encrypting the bundles sent by the computationally less powerful sensor nodes to Internet residing recipients

– An Internet connected DTN node could function as a security-destination and authenticate all received bundles using its ability to fetch public keys and check certificate revocation lists from the Internet before forwarding the bundles to the real recipient which might not have Internet connectivity

Use of Policy Based Routing…

Solution of Fragmentation Authentication issue

• Partridge presents a few solution proposals for fragment authentication problem

• Cumulative authentication - Each fragment fi is authenticated by calculating a hash over all the previous fragments including the current fragment f1 . . . fi

– The amount of work required from the receiver is less than in toilet paper approach, since only one signature per set of received fragments has to be verified

– does not reduce computational work of sender or the amount of traffic

– assumption: fragments are received in order which might not be the case always

• The second proposal by Partridge is to authenticate fragments using function definitions.

• This approach finds a suitable iv for an authentication function A so that for each fragment f1. . . fn the output value of the authentication function calculated over the iv and the fragment fi is that fragment’s sequence number i:

A(iv, f1) = 1, A(iv, f2) = 2, . . . , A(iv, fn) =n

• If it is possible to find an authentication function which has a small representation and a small iv, then it will become more efficient to sign the representation of the function and iv and send them instead of sending separate signed hashes for each fragment.

• If the iv is large and thus using this function is not more efficient than the toilet paper approach.

Solution of Fragmentation Authentication issue…

Identity-Based Cryptography

• Identity-based cryptography (IBC) is a relatively new cryptographic method that enables message encryption and signature verification using the public identifier, such as email address, of the target as a key.

• Eliminating the need for public-key certificates and their management makes IBC much more appealing for securing DTNs, where the need to transmit and check certificates has been identified as a significant limitation.

Threat from Selfish Nodes

• “Each individual node is ready to forward packets for others” This hypothesis, however, might be easily violated in the presence of selfish nodes or even malicious ones, which may choose to save their precious wireless resources by refusing to serve as bundle relays.

• challenging for researchers in applications of DTNs such as – vehicular DTNs and – social networks,

which are decentralized and distributed over a multitude of devices that are controlled and operated by individuals.

Solution to Selfishness

• This selfishness issue can be limited by adopting an incentive scheme for forwarding of others messages.

• Incentive schemes, fall into two categories: – reputation-based scheme– credit-based scheme

• Reputation-based schemes rely on individual nodes to monitor neighboring nodes’ traffic and keep track of each others’ reputation so that uncooperative nodes are eventually detected and excluded from the networks

• Credit-based schemes introduce some form of virtual currency to regulate the packet-forwarding relationships among different nodes

Problems with utilizing established schemes for the case of DTN

• The previously reported incentive schemes, which were proposed for conventional mobile ad hoc networks, may not be suitable for DTNs

• for the following two reasons– Firstly, a common assumption that a full end-to-end path

between source and destination can be determined before data forwarding occurs.

– Secondly, the schemes are designed mainly for single copy forwarding. However, multi-copy forwarding or even flooding is often adopted to enhance the reliability of DTN communication

Problems with utilizing established schemes for the case of DTN…

• Reputation-based schemes which are working for other kind of network can not work for the case of DTN,– challenge of monitoring the message forwarding, during the

store-carry-and-forward process – challenge to efficiently and effectively propagate the reputation

• Existing credit-based incentive schemes use two different ways to realize such kind of credits: – game theory based schemes– security protocol based schemes.– But most of these schemes always assume that an end-to-end

path exists and is determined before the data forwarding process

End Note

• Providing security for opportunistic routing is really a challenging issue

• Most of the existing security mechanisms used for different other types of networks are not suitable for the case DTN due to its unusual characteristics

• There is a scope for doing plenty of work in this issue especially in the customization of existing security mechanisms for DTN

THANK YOU