Vulnerability Analysis of the Optimized Link State Routing Protocol version 2 (OLSRv2)

Mobile Ad hoc NETworks (MANETs) are leaving the confines of research laboratories, to find place in real-world deployments. Outside specialized domains (military, vehicular, etc.), city-wide community-networks are emerging, connecting regular Internet users with each other, and with the Internet, via MANETs. Growing to encompass more than a handful of ``trusted participants'', the question of preserving the MANET network connectivity, even when faced with careless or malicious participants, arises, and must be addressed. A first step towards protecting a MANET is to analyze the vulnerabilities of the routing protocol, managing the connectivity. By understanding how the algorithms of the routing protocol operate, and how these can be exploited by those with ill intent, countermeasures can be developed, readying MANETs for wider deployment and use. This paper takes an abstract look at the algorithms that constitute the Optimized Link State Routing Protocol version 2 (OLSRv2), and identifies for each protocol element the possible vulnerabilities and attacks -- in a certain way, provides a ``cookbook'' for how to best attack an operational OLSRv2 network, or for how to proceed with developing protective countermeasures against these attacks

Security Issues in the Optimized Link State Routing Protocol version 2 (OLSRv2)

Mobile Ad hoc NETworks (MANETs) are leaving the confines of research laboratories, to find place in real-world deployments. Outside specialized domains (military, vehicular, etc.), city-wide community-networks are emerging, connecting regular Internet users with each other, and with the Internet, via MANETs. Growing to encompass more than a handful of ``trusted participants'', the question of preserving the MANET network connectivity, even when faced with careless or malicious participants, arises, and must be addressed. A first step towards protecting a MANET is to analyze the vulnerabilities of the routing protocol, managing the connectivity. By understanding how the algorithms of the routing protocol operate, and how these can be exploited by those with ill intent, countermeasures can be developed, readying MANETs for wider deployment and use. This memorandum takes an abstract look at the algorithms that constitute the Optimized Link State Routing Protocol version 2 (OLSRv2), and identifies for each protocol element the possible vulnerabilities and attacks -- in a certain way, provides a ``cookbook'' for how to best attack an operational OLSRv2 network, or for how to proceed with developing protective countermeasures against these attacks

Vulnerability Analysis of the Simple Multicast Forwarding (SMF) Protocol for Mobile Ad Hoc Networks

If deployments of Mobile Ad Hoc Networks (MANETs) are to become common outside of purely experimental settings, protocols operating such MANETs must be able to preserve network integrity, even when faced with careless or malicious participants. A first step towards protecting a MANET is to analyze the vulnerabilities of the routing protocol(s), managing the connectivity. Understanding how these routing protocols can be exploited by those with ill intent, countermeasures can be developed, readying MANETs for wider deployment and use. One routing protocol for MANETs, developed by the Internet Engineering Task Force (IETF) as a multicast routing protocol for efficient data dissemination, is denoted "Simplified Multicast Forwarding" (SMF). This protocol is analyzed, and its vulnerabilities described, in this memorandum. SMF consists of two independent components: (i) duplicate packet detection and (ii) relay set selection, each of which presents its own set of vulnerabilities that an attacker may exploit to compromise network integrity. This memorandum explores vulnerabilities in each of these, with the aim of identifying attack vectors and thus enabling development of countermeasures.Afin d'augmenter le nombre de déploiements de réseaux ad hoc dehors des "testbeds" purement expérimentals, des protocoles de routage des réseaux ad hoc doivent être en mesure de préserver l'intégrité du réseau, même lorsqu'ils sont confrontés avec des participants imprudents ou malicieux. Un premier pas vers la protection d'un réseau ad hoc est d'analyser les vulnérabilités du protocole de routage qui gère la connectivité du réseau. En comprenant comment ces protocoles de routage peuvent être exploités par des personnes ayant de mauvaises intentions, des contre-mesures peuvent être développées. Un protocole de routage pour des réseaux ad hoc, développé par l'Internet Engineering Task Force (IETF) comme protocole de routage de multicast pour la diffusion efficace des données, est appelé "Simplified Multicast Forwarding" (SMF). Ce protocole est analysé, et ses vulnérabilités décrites dans ce rapport. SMF est constitué de deux composantes indépendantes: (i) la détection des paquets dupliqués et (ii) la sélection des relais, dont chacun présente son propre ensemble de vulnérabilités qu'un attaquant peut exploiter pour compromettre l'intégrité du réseau. Ce rapport explore des vulnérabilités dans chacune des deux composantes, afin d'identifier les vecteurs d'attaque, ainsi de permettre de développer des contre-mesures

MBMQA: A Multicriteria-Aware Routing Approach for the IoT 5G Network Based on D2D Communication

With the rapid development of future wireless networks, device-to-device (D2D) technology is widely used as the communication system in the Internet of Things (IoT) fifth generation (5G) network. The IoT 5G network based on D2D communication technology provides pervasive intelligent applications. However, to realize this reliable technology, several issues need to be critically addressed. Firstly, the device’s energy is constrained during its vital operations due to limited battery power; thereby, the connectivity will suffer from link failures when the device’s energy is exhausted. Similarly, the device’s mobility alters the network topology in an arbitrary manner, which affects the stability of established routes. Meanwhile, traffic congestion occurs in the network due to the backlog packet in the queue of devices. This paper presents a Mobility, Battery, and Queue length Multipath-Aware (MBMQA) routing scheme for the IoT 5G network based on D2D communication to cope with these key challenges. The back-pressure algorithm strategy is employed to divert packet flow and illuminate the device selection’s estimated value. Furthermore, a Multiple-Attributes Route Selection (MARS) metric is applied for the optimal route selection with load balancing in the D2D-based IoT 5G network. Overall, the obtained simulation results demonstrate that the proposed MBMQA routing scheme significantly improves the network performance and quality of service (QoS) as compared with the other existing routing schemes

Improving The Fault Tolerance of Ad Hoc Routing Protocols using Aspect-oriented Programming

[ES] Las redes ad hoc son redes inalámbricas distribuidas formadas por nodos móviles que se ubican libremente y dinámicamente, capaces de organizarse de manera propia en topologías arbitrarias y temporales, a través de la actuación de los protocolos de encaminamiento. Estas redes permiten a las personas y dispositivos conectarse sin problemas rápidamente, en áreas sin una infraestructura de comunicaciones previa y con un bajo coste. Muchos estudios demuestran que los protocolos de encaminamiento ad hoc se ven amenazados por una variedad de fallos accidentales y maliciosos, como la saturación de vecinos, que puede afectar a cualquier tipo de red ad hoc, y el ruido ambiental, que puede afectar en general a todas las redes inalámbricas. Por lo tanto, el desarrollo y la implementación de estrategias de tolerancia a fallos para mitigar el efecto de las fallos, es esencial para el uso práctico de este tipo de redes. Sin embargo, los mecanismos de tolerancia a fallos suelen estar implementados de manera específica, dentro del código fuente de los protocolos de encaminamiento que hace que i) ser reescrito y reorganizado cada vez que una nueva versión de un protocolo se libera, y ii) tener un carácter completamente remodelado y adaptado a las nuevas versiones de los protocolos. Esta tesis de máster explora la viabilidad de utilizar programación orientada a aspectos (AOP), para desarrollar e implementar los mecanismos de tolerancia a fallos adecuados para toda una familia de protocolos de encaminamiento, es decir, las versiones actuales y futuras de un protocolo determinado (OLSR en este caso). Por otra parte, se propone una nueva metodología para ampliar estos mecanismos a diferentes familias de protocolos proactivos (OLSR, BATMAN y Babel) con un nuevo concepto de AOP, el metaaspecto. La viabilidad y efectividad de la propuesta se ha evaluado experimentalmente, estableciendo así un nuevo método para mejorar la implementación de la portabilidad y facilidad de mantenimiento de los mecanismos de tolerancia a fallos en los protocolos de enrutamiento ad hoc y, por lo tanto, la fiabilidad de las redes ad hoc.[EN] Ad hoc networks are distributed networks consisting of wireless mobile nodes that can freely and dynamically self-organize into arbitrary and temporary topologies, through the operation of routing protocols. These networks allow people and devices to seamlessly interconnect rapidly in areas with no pre-existing communication infrastructure and with a low cost. Many studies show that ad hoc routing protocols are threatened by a variety of accidental and malicious faults, like neighbour saturation, which may affect any kind of ad hoc network, and ambient noise, which may impact all wireless networks in general. Therefore, developing and deploying fault tolerance strategies to mitigate the effect of such faults is essential for the practical use of this kind of networks. However, those fault tolerance mechanisms are usually embedded into the source code of routing protocols which causes that i) they must be rewritten and redeployed whenever a new version of a protocol is released, and ii) they must be completely redeveloped and adapted to new routing protocols. This master thesis explores the feasibility of using Aspect-Oriented Programming (AOP) to develop and deploy fault tolerance mechanisms suitable for a whole family of routing protocols, i.e. existing and future versions of a given protocol (OLSR in this case). Furthermore, a new methodology is proposed to extend these mechanisms to different families of proactive protocols (OLSR, B.A.T.M.A.N and Babel) using a new concept in AOP, the meta-aspect. The feasibility and effectiveness of the proposal is experimentally assessed, thus establishing a new method to improve the deployment, portability, and maintainability of fault tolerance mechanisms for ad hoc routing protocols and, therefore, the dependability of ad hoc networks.Bustos Rodríguez, AJ. (2012). Improving The Fault Tolerance of Ad Hoc Routing Protocols using Aspect-oriented Programming. http://hdl.handle.net/10251/18421Archivo delegad

Protocole de routage à chemins multiples pour des réseaux ad hoc

Ad hoc networks consist of a collection of wireless mobile nodes which dynamically exchange data without reliance on any fixed based station or a wired backbone network. They are by definition self-organized. The frequent topological changes make multi-hops routing a crucial issue for these networks. In this PhD thesis, we propose a multipath routing protocol named Multipath Optimized Link State Routing (MP-OLSR). It is a multipath extension of OLSR, and can be regarded as a hybrid routing scheme because it combines the proactive nature of topology sensing and reactive nature of multipath computation. The auxiliary functions as route recovery and loop detection are introduced to improve the performance of the network. The usage of queue length metric for link quality criteria is studied and the compatibility between single path and multipath routing is discussed to facilitate the deployment of the protocol. The simulations based on NS2 and Qualnet softwares are performed in different scenarios. A testbed is also set up in the campus of Polytech’Nantes. The results from the simulator and testbed reveal that MP-OLSR is particularly suitable for mobile, large and dense networks with heavy network load thanks to its ability to distribute the traffic into different paths and effective auxiliary functions. The H.264/SVC video service is applied to ad hoc networks with MP-OLSR. By exploiting the scalable characteristic of H.264/SVC, we propose to use Priority Forward Error Correction coding based on Finite Radon Transform (FRT) to improve the received video quality. An evaluation framework called SVCEval is built to simulate the SVC video transmission over different kinds of networks in Qualnet. This second study highlights the interest of multiple path routing to improve quality of experience over self-organized networks.Les réseaux ad hoc sont constitués d’un ensemble de nœuds mobiles qui échangent des données sans infrastructure de type point d’accès ou artère filaire. Ils sont par définition auto-organisés. Les changements fréquents de topologie des réseaux ad hoc rendent le routage multi-sauts très problématique. Dans cette thèse, nous proposons un protocole de routage à chemins multiples appelé Multipath Optimized Link State Routing (MP-OLSR). C’est une extension d’OLSR à chemins multiples qui peut être considérée comme une méthode de routage hybride. En effet, MP-OLSR combine la caractéristique proactive de la détection de topologie et la caractéristique réactive du calcul de chemins multiples qui est effectué à la demande. Les fonctions auxiliaires comme la récupération de routes ou la détection de boucles sont introduites pour améliorer la performance du réseau. L’utilisation de la longueur des files d’attente des nœuds intermédiaires comme critère de qualité de lien est étudiée et la compatibilité entre routage à chemins multiples et chemin unique est discutée pour faciliter le déploiement du protocole. Les simulations basées sur les logiciels NS2 et Qualnet sont effectuées pour tester le routage MP-OLSR dans des scénarios variés. Une mise en œuvre a également été réalisée au cours de cette thèse avec une expérimentation sur le campus de Polytech’Nantes. Les résultats de la simulation et de l’expérimentation révèlent que MP-OLSR est particulièrement adapté pour les réseaux mobiles et denses avec des trafics élevés grâce à sa capacité à distribuer le trafic dans des chemins différents et à des fonctions auxiliaires efficaces. Au niveau application, le service vidéo H.264/SVC est appliqué à des réseaux ad hoc MP-OLSR. En exploitant la hiérarchie naturelle délivrée par le format H.264/SVC, nous proposons d’utiliser un codage à protection inégale (PFEC) basé sur la Transformation de Radon Finie (FRT) pour améliorer la qualité de la vidéo à la réception. Un outil appelé SVCEval est développé pour simuler la transmission de vidéo SVC sur différents types de réseaux dans le logiciel Qualnet. Cette deuxième étude témoigne de l’intérêt du codage à protection inégale dans un routage à chemins multiples pour améliorer une qualité d’usage sur des réseaux auto-organisés

Enabling individually entrusted routing security for open and decentralized community networks

Routing in open and decentralized networks relies on cooperation. However, the participation of unknown nodes and node administrators pursuing heterogeneous trust and security goals is a challenge. Community-mesh networks are good examples of such environments due to their open structure, decentralized management, and ownership. As a result, existing community networks are vulnerable to various attacks and are seriously challenged by the obligation to find consensus on the trustability of participants within an increasing user size and diversity. We propose a practical and novel solution enabling a secured but decentralized trust management. This work presents the design and analysis of securely-entrusted multi-topology routing (SEMTOR), a set of routing-protocol mechanisms that enable the cryptographically secured negotiation and establishment of concurrent and individually trusted routing topologies for infrastructure-less networks without relying on any central management. The proposed mechanisms have been implemented, tested, and evaluated for their correctness and performance to exclude non-trusted nodes from the network. Respective safety and liveness properties that are guaranteed by our protocol have been identified and proven with formal reasoning. Benchmarking results, based on our implementation as part of the BMX7 routing protocol and tested on real and minimal (OpenWRT, 10 Euro) routers, qualify the behaviour, performance, and scalability of our approach, supporting networks with hundreds of nodes despite the use of strong asymmetric cryptography.Peer ReviewedPostprint (author's final draft

Scattered Dropping Attack on TCP-Based Mobile Ad-Hoc Networks

Scattered Dropping Attack (SDA) is a simple yet very powerful denial of service (DoS) attack that is effective on both TCP and UDP based MANETs. The simulation results clearly show the impact of proposed attack on the network throughput, bandwidth wastage and received data quality. It has also been observed that even though the TCP congestion control is adaptable to the packet losses but in case of the dropping attack it is fully unable to detect whether the packet drop is the result of the attacker misbehaving or it is due to the congestion or other wireless environmental problem