Lab 8 - Security

Background: 

Since using multi-hop routing necessarily involves trusting other computers with your data, security is an issue.  Developing secure protocols is hard because there are many goals to be design towards, and it only takes one hole in a protocol for it to go from secure to insecure.  An additional element that adds difficulty is the ballance between security and usability.  Imagine if everyone who wanted to use the network needed to personally get approval from the Global Network Security Guru.  There would be a long line and lots of unhappy people or no one would want to use the network, even though it might be really secure. 

We will again be working with AODV in this lab.  There are a number of known attacks on AODV.  We will be exploring the effects of two of them.  The first attack exploits the fact that AODV uses advertised routes that have a cost associated with them.  We can exploit this fact and affect other users' ability to use the network by falsly advertising route costs.  We will specifically insert an attacker node into the network that simply tells the other nodes it has the best route to every other node in the network. 

The second attack is a denial of service (DoS) attack along with a route poisoning attack.  It works based on the insecurity of the sequence numbers again and the lack of authentication of the sources of route request messages in AODV.  The attacking code sends route requests with high sequence numbers, impersonating alternately two nodes on the network. 

The nodes are refered to as in lab 4: 

Node
 MAC Address
 IP Address
A
 AA:AA:AA:AA:AA:AA
 192.168.0.1
B
 BB:BB:BB:BB:BB:BB
 192.168.0.2
C
 CC:CC:CC:CC:CC:CC
 192.168.0.3
D
 DD:DD:DD:DD:DD:DD
 192.168.0.4

AODV Node Link Setup Arrangement

Attack 1 Setup: 

Setup the nodes as shown in the graphic above.  Start the aodvd process at each node except at node B.  At node B, start the malicous AODV routing daemon by assuming the wireless interface at node B is wlan0 and running: 

aodvd-aa -l -r 30 -i wlan0

Wait about 30 seconds for the nodes to find each other again.  Start iperf at node D with:

iperf -s

At node A run:

iperf -c 192.168.0.4

Attack 2 Setup: 

Kill the aodvd-aa process running on node B.  Then start a different malicious AODV daemon aodvd-dos by entering the following at the command line: 

aodvd-dos 192.168.0.2 192.168.0.1 192.168.0.4

The structure of this command is:  aodvd-dos <wlan0_ip_addr> <other_node_wireless_ip_addr> <destination_ip_addr>

Try running iperf again as in attack 1.  Record your results. 

Analysis: 

Propose a methods for fixing these flaws in AODV.  For each attack, how much was traffic on the network decreased as compared to that in previous labs?  Which attack was worse?  Why?  Imagine a larger network with multiple paths to a given destination.  What would the effects of this attack look like in that situation?  How would the placement of the attacker node relative to a given source and destination change the effects?