M T ASTER'S HESIS Source Authentication for Multicast in Mobile Ad hoc Networks by: Prabha Ramachandran Advisor: John S. Baras MS 2003-6 I R INSTITUTE FOR SYSTEMS RESEARCH ISR develops, applies and teaches advanced methodologies of design and analysis to solve complex, hierarchical, heterogeneous and dynamic problems of engineering technology and systems for industry and government. ISR is a permanent institute of the University of Maryland, within the Glenn L. Martin Institute of Technol- ogy/A. James Clark School of Engineering. It is a National Science Foundation Engineering Research Center. Web site http://www.isr.umd.edu Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE 3. DATES COVERED 2003 2. REPORT TYPE 00-00-2003 to 00-00-2003 4. TITLE AND SUBTITLE 5a. CONTRACT NUMBER Source Authentication for Multicast in Mobile Ad Hoc Networks 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION University of Maryland,The Graduate School,2123 Lee Building,College REPORT NUMBER Park,MD,20742 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR’S ACRONYM(S) 11. SPONSOR/MONITOR’S REPORT NUMBER(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES The original document contains color images. 14. ABSTRACT see report 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF 18. NUMBER 19a. NAME OF ABSTRACT OF PAGES RESPONSIBLE PERSON a. REPORT b. ABSTRACT c. THIS PAGE 107 unclassified unclassified unclassified Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18 ABSTRACT Title of Thesis: SOURCE AUTHENTICATION FOR MULTICAST IN MOBILE AD HOC NETWORKS Degree candidate: Prabha Ramachandran Degree and year: Master of Science, 2003 Thesis directed by: Professor John S. Baras Department of Electrical Engineering Recent emergence and popularity of mobile ad hoc networks in a host of current-day applications has instigated a suite of research challenges, primarily in routing and security issues for such networks. The ease and low cost of deployment make this networking paradigm very convenient for group-oriented applications like battlefield missions, business conference, virtual classroom, etc. Such networks are characterized by wireless “links”, lack of any fixed network infrastructure, rapidly changing topology and mobile hosts. Security for these dynamic ad hoc networks presents many challenges in the area of multicasting for group-oriented tactical missions, operating in a hostile environment. Key-management and secure-routing have been the primary research focus in this area. Source authentication for multicast is also a fundamental problem that needs to be addressed. In this work, we study some of the proposed source authentication schemes for multicast group communication and evaluate one such scheme for a tactical ad hoc set-up. We propose solutions that exploit the hierarchical nature of tactical networks to achieve time synchronization pre-requisites that the proposed schemes have. We define metrics to evaluate the authentication scheme and present simulation results for the authentication scheme evaluated with two different time synchronization techniques. We find that our selected authentication scheme is well suited for a mobile ad hoc network. We show that our solution for time synchronization performs much better than conventional methods suggested for the authentication scheme. We also discuss applications of our overlay architecture for bootstrapping the authentication scheme with reduced communication overhead. SOURCE AUTHENTICATION FOR MULTICAST IN MOBILE AD HOC NETWORKS by Prabha Ramachandran Thesis submitted to the Faculty of the Graduate School of the University of Maryland, College Park in partial fulfillment of the requirements for the degree of Master of Science 2003 Advisory Committee: Professor John S. Baras, Chair Professor Virgil Gligor Assistant Professor Sennur Ulukus (cid:1)c Copyright by Prabha Ramachandran 2003 DEDICATION To my parents and sister. ii ACKNOWLEDGMENTS The work presented in this thesis was initially suggested and continually supported by my advisor, Dr. John Baras. I am grateful for his guidance, support and encouragement. I would like to thank Dr. Virgil Gligor and Dr. Sennur Ulukus for agreeing to serve on my committee and for reviewing my thesis. Sincere thanks to Huigang Chen for helping me with the simulations in the initial stages, and to Karthik Chandrasekar, Dinesh Dharmaraju and Manish Karir for helping me fix bugs in the MAODV code. I owe many thanks to my colleagues Ayan Roy-Chowdhury and Tao Jiang for critiquing and helping me refine many of the ideas presented in this thesis. I would also like to thank Harsh Mehta and Nalini Bharatula for their suggestions and the rest of the SEIL lab and CSHCN for creating a conducive work environment. I am grateful to my parents, sister and Madhavi for their constant support and encouragement. I gratefully acknowledge the financial support for my Masters through a Graduate Research Assistantship from the Institute for Systems Research. The work reported in this thesis was prepared through collaborative participation in the Collaborative Technology Alliance for Communications & Networks iii sponsored by the U.S. Army Research Laboratory under Cooperative Agreement DAAD19-01-2-0011. iv TABLE OF CONTENTS List of Tables viii List of Figures ix 1 Introduction 1 1.1 Ad hoc network security . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1.1 Threats and vulnerabilities . . . . . . . . . . . . . . . . . . . 4 1.1.2 Security-related Requirements . . . . . . . . . . . . . . . . . 5 1.2 Multicast in MANETs . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.2.1 Multicast security . . . . . . . . . . . . . . . . . . . . . . . . 9 1.3 Motivation and Problem Definition . . . . . . . . . . . . . . . . . . 10 1.4 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.5 Organization of Thesis . . . . . . . . . . . . . . . . . . . . . . . . . 12 2 Related Work 14 2.1 Previous Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.2 Tesla . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.3 µTesla . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 v