Embed Size (px)
Citation preview
1
ESAS 2004
New Research Challenges for the Security of Ad Hoc and
Sensor Networks
Jean-Pierre Hubaux
EPFL
2
New Research Challenges for the Security of Ad Hoc and Sensor
Networks
Some current research themes Key establishment Secure routing Provable encounters Cooperation: the network layer perspective
New theme 1: Cooperation: the MAC layer perpective New theme 2: Secure positioning
Verifiable multilateration Application to vehicle networks Application to sensor networks
New theme 3: Denial of Service attacks
3
Key establishment techniques in ad hoc networks
Underlying questions:
• What is the identity of a node?
• What is the relationship between the user and the node?
• What does trust mean in such a framework?
Underlying questions:
• What is the identity of a node?
• What is the relationship between the user and the node?
• What does trust mean in such a framework?
Presence of an authority, at leastin the initialization phase
Usually based on threshold cryptography
Presence of an authority, at leastin the initialization phase
Usually based on threshold cryptography
No authority:Keys are generated
by the nodes
No authority:Keys are generated
by the nodes
Specializednodes (servers)
Specializednodes (servers)
Centralized secretshare dealer
Centralized secretshare dealer
Secure Public Key MgtSimilarity with PGP;certificate and trust
relationships
Secure Public Key MgtSimilarity with PGP;certificate and trust
relationships
Mobility helpssecurity
Mobility helpssecurity
4
Establishment of security associations(“Mobility helps security”, Mobihoc 2003)
Infrared link
(Alice, PuKAlice, XYZ)
(Bob, PuKBob , UVW)
Visual recognition, conscious establishment
of a two-way security association
Secure side channel -Typically short distance (a few meters)- Line of sight required- Ensures integrity- Confidentiality not required
Name
Name
NodeId
NodeId
AliceBob
5
Pace of establishment of the security associations- Depends on several factors:
- Area size- Number of communication partners: s- Number of nodes: n- Number of friends- Mobility model and its parameters (speed, pause times, …)
Established security associations :Desired security associations :
Convergence :
6
Simulation results, random waypoint
Various power ranges (automatic establishment of security associations)
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
10 100 1000 10000 100000 1000000time (s)
rnxs (t
)
power range 5m power range 50m power range 100m
random waypointsimulation area: 1000 x 1000 m rect.number of nodes: n=100pause time: 100sconfidence intervals: 95%
7
Probabilistic key sharing
Key setup in sensor networks(Eschenauer and Gligor, 2002)
key pre-distribution generation of a large pool of P keys random drawing of k keys out of P loading of the key ring into each sensor
shared-key discovery upon initialization every node discovers its neighbors
with which it shares keys path-key establishment (- - -)
assigns a path-key to neighbors w/o shared key multiple disjoint paths exist between two nodes
example (A,B)
Consequences
node-to-node authentication ? key revocation scope ? Re-keying ? resilience: effect of sensor-node capture ? network extension
A
B
Courtesy: Virgil Gligor
8
Secure routing in ad hoc networks
Ariadne
SRP
Packet leashes
RAP I.T.
SEAD, ARAN,
SAODVRAP I.T.
SECTOR I.T.
I.T.
DSR
AODV
FRESH
OLSR
General Wormhole Rushingattacks
Ro
uti
ng
pro
t oco
lAttack
Blackholeattack
…
…
I.T. : Incentive Techniques (assuming nodes are rational)
9
Provable encounters (“SECTOR”, SASN 2003)
- Initial distribution of keys/hash values
- Encounter certification comprised of the following phases:
- Authentication
- Distance bounding (Cf also Brands and Chaum, 1993)
- Issuance of the proof of encounter
a) Guaranteeing Encounter Freshness (GEF)
b) Guaranteeing the Time of Encounter (GTE)
- Encounter verification comprised of the following phases:
- Authentication
- Verification
claimant certifier
Encounter certification
claimant verifier
Encounter verification
Solution based on hash chains and on Merkle trees
10
Cooperation in self-organized systems
Question: how to enforce cooperation, if each node is its own authority?
Solutions:• based typically on game theory, on reputation systems, on micropayments• proposed by NEC, UC Berkeley, Stanford, CMU, Cornell, U. of Washington,Yale, UCSD, Eurécom, EPFL,…• address different scenarios: pure ad hoc, multi-hop access to the backbone,…• consider the problem at the network layer (and focus primarily on packet forwarding)
S1
S2
D1D2
11
Cooperation between nodes (a closer look)
Routing
Routing
Routing
Routing
Routing
MAC
MAC
MAC
MAC
MAC
MAC : Medium Access Control : manages the shared transmission medium (the radio link in this case) in a fully distributed wayQuestion 1: How do we prevent greedy behaviour on the MAC layer of multi-hop
wireless networks?
Question 1’: How is this problem solved today in WiFi hotspots?Answer: It is not solved!
12
Question 1’ : How do we prevent greedy behavior at the MAC layer in WiFi hotspots ?
Well-behaved node Well-behaved node
The access point is trustedThe access point is trusted
The MAC layer is fair: if users have similar needs, they obtain a similar share of the bandwidth
The MAC layer is fair: if users have similar needs, they obtain a similar share of the bandwidth
13
Question 1’ : Preventing greedy behavior at the MAC layer in WiFi hotspots
Well-behaved node Cheater
The access point is trustedThe access point is trusted
14
IEEE 802.11 MAC – Brief reminder
• IEEE 802.11 is the MAC protocol used in WiFi• By default, it is the one used in wireless multi-hop networks
• IEEE 802.11 is the MAC protocol used in WiFi• By default, it is the one used in wireless multi-hop networks
15
Greedy technique 1/4:oversized NAV
16
Greedy technique 2/4: transmit before DIFS
17
Greedy technique 3/4 : scramble others’ frames
18
Greedy technique 4/4: pick a shorter backoff
Implementation of this cheating technique: 3 lines of code!Implementation of this cheating technique: 3 lines of code!
19
Proposed solution: DOMINO DOMINO: System for Detection Of greedy behaviour in the MAC layer of
WiFi public NetwOrks (Raya, Hubaux, Aad, Mobisys 2004) Idea: monitor the traffic and detect deviations by comparing average values of
observed users
Detection tests: statistical comparison of the observed protocol behaviour
Features:
• Full standard compliance
• Needs to be implemented only at the Access Point
• Simple and efficient
The operator decides the amount of evidence required before taking action (in order e.g. to prevent false positives)
Other solution: Kyasanur + Vaidya, DSN 2003 (but not protocol compliant)
20
Detection Tests of DOMINO
Consecutive backoff
Actual backoff
Maximum backoff: the maximum should
be close to CWmin - 1
Backoff manipulation
Comparison of the idle time after the last
ACK with DIFSTransmission before DIFS
Comparison of the declared and actual
NAV valuesOversized NAV
Number of retransmissionsFrame scrambling
Detection testCheating method
21
Simulation of cheating and detection
Cheating technique: Backoff manipulation
Traffic:
Constant Bit Rate / UDP traffic
FTP / TCP traffic
misbehavior coefficient (m): cheater chooses its
backoff as (1 - m) x CWmin
Simulation environment: ns-2
Cheater
22
Simulation results
• Each point corresponds to 100 simulations• Confidence intervals: 95%
• Each point corresponds to 100 simulations• Confidence intervals: 95%
23
Implementation of the demo prototype
Equipment
Adapters based on the Atheros
AR5212 chipset
MADWIFI driver
Misbehavior: backoff
Overwrite the values CWmin and
CWmax (in driver)
Monitoring
The driver in MONITOR mode
prism2 frame header
AP DOMINO
Cheater Well-behaved
24
Conclusion on the prevention of greedy behaviour at the MAC layer
There exist greedy techniques against hotspots Some of these techniques are straightforward We have proposed, implemented and patented a simple
solution, DOMINO, to prevent them (http://domino.epfl.ch) The same problem in self-organized wireless systems is still
unsolved. Can it be solved? Game-theoretic study:
M. Cagalj, S. Ganeriwal, I. Aad and J.-P. Hubaux"On Cheating in CSMA/CA Networks" Technical report No. IC/2004/27, July 2004
Many problems still need to be solved in this field
25
Question 2: How to securely locate a node
Being able to securely verify the positions of devices can enable:
- Location-based access control (e.g., prevention of the parking lot attack)- Detection of displacement of valuables- Detection of stealing- Location-based charging - …
In multi-hop networks- Secure routing- Secure positioning- Secure data harvesting (sensor networks)- …
Comm. Tower
v1
v3v4
v5
26
m1
v 2
v1
v1
v - honest nodem - malicious nodec - compromised node
v3
m5
m3
m4
m 2
c
c
Wormhole
Node displacement
a)
b)
d) Dissemination of false location and distance information
c) Malicious distance enlargement
Node's actual lo cationNode's actual
distanceNode's measureddistance
Node's reportedlocation
Attacks against sensor networks positions
27
Positioning systems (and prototypes)
- GPS, Galileo, Glonass (Outdoor, Radio Frequency (RF) – Time of Flight (ToF))
- Active Badge (Indoor, Infrared(IR)), Olivetti
- Active Bat, Cricket (Indoor, Ultrasound(US)-based), AT&T Lab Cambridge, MIT
- RADAR, SpotON, Nibble (Indoor/Outdoor, RF- RSS), Microsoft, Univ of
Washington, UCLA+Xerox Palo Alto Lab
- Ultra Wideband Precision Asset Location System, (Indoor/Outdoor, RF-(UWB)-
ToF), Multispectral solutions, Inc.
Ad Hoc/Sensor Network positioning systems:
- Convex position estimation (Centralized), UC Berkeley
- Angle of Arrival based positioning (Distributed, Angle of Arrival), Rutgers
- Dynamic fine-grained localization (Distributed), UCLA
- GPS-less low cost outdoor localization (Distributed, Landmark-based), UCLA
- GPS-free positioning (Distributed), EPFL
28
Distance measurement techniques
- Based on the speed of light (RF, Ir)
ts
A B(A and B are synchronized - ToF)
tr dABm=(tr-ts)c
ts
- Based on the speed of sound (Ultrasound)
(A and B are NOT synchronized – Round trip ToF)
tr dABm=(tr-ts-tprocB)c/2
ts
A B
tr(RF)
dABm=(tr(RF)-tr(US))s
ts
tstr(US)
- Based on Received Signal Strength (RSS)
29
Attacks on RF and US ToF-based techniques
- Dishonest device: cheat on the time of sending (ts) or
time of reception (tr)
ts1. Overhear and jam
2. Replay with a delay Δt
A B(A and B are assumed
to be synchronised)
tr dABm=(tr-ts)c
ts
ts
B
tr+Δt
dABm=(tr+Δt-ts)cts+Δt
M
=> dABm>dAB
- Malicious attacker: 2 steps:
M
30
Summary of possible attacks on distance measurement
Malicious attackers
RSS (Received Signal Strength)
Distance enlargement and
reduction
Distance enlargement and
reduction
Ultrasound Time of Flight
Distance enlargement and
reduction
Distance enlargement and
reduction
Radio Time of Flight
Distance enlargement and
reduction
Distance enlargement only
Dishonest nodes
31
The challenge of secure positioning
- Goals:
- preventing a dishonest node from cheating about its own position
- preventing a malicious attacker from spoofing the position of an
honest node
- Our proposal: Verifiable Multilateration
32
Distance Bounding (RF)
ts
BS A
NBS
tr
- Introduced in 1993 by Brands and Chaum (to prevent the Mafia fraud attack)
ABS NN εt procA
dreal ≤ db = (tr-ts)c/2 (db=distance bound)
33
Distance bounding characteristics
RSSDistance enlargement
and reduction Distance enlargement
and reduction
US ToFDistance enlargement
and reduction
Distance enlargement and
reduction
RF ToFDistance enlargement
and reductionDistance enlargement
only
RF Distance BoundingDistance enlargement
onlyDistance enlargement
only
US Distance BoundingDistance enlargement
onlyDistance enlargement
and reduction
Malicious attackersDishonest nodes- RF distance bounding:
- nanosecond precision required, 1ns ~ 30cm
- UWB enables clock precision up to 2ns and 1m
positioning indoor and outdoor (up to 2km)
- US distance bounding:
- millisecond precision required,1ms ~ 35cm
34
Verifiable Multilateration (Trilateration)
x
y
(x,y)
BS1
BS2
BS3
Verification triangle
Distancebounding
A
35
Properties of Verifiable Multilateration
- a malicious attacker cannot spoof the position of a node such that it seems that the node is at a position different from its real position within the triangle
- a node located within the triangle cannot prove to be at another position within the triangle except at its true position.
- a node located outside the triangle formed by the verifiers cannot prove to be at any position within the triangle
- a malicious attacker cannot spoof the position of a node such that it seems that it is located at a position within the triangle, if the node is outside the triangle
The same holds in 3-D, with a triangular pyramid instead of a triangleThe same holds in 3-D, with a triangular pyramid instead of a triangle
36
Conclusion on secure positioning
New research area Time of flight seems to be the most appropriate technique Initial solutions for:
Hand-held / automotive devices Sensor networks
Srdjan Capkun and Jean-Pierre HubauxSecuring position and distance verification in wireless networks Technical report EPFL/IC/2004-43, May 2004
Srdjan Capkun and Jean-Pierre HubauxSecure Positioning in Sensor Networks Technical report EPFL/IC/2004-44, June 2004
(More information available at Srdjan’s home page: SecLoW)
37
Denial of service attacks
TCP can be highly vulnerable to protocol-compliant attacks:• Packet reordering• Packet delaying• Packet dropping
Aad, Hubaux, Knightly, Mobicom 2004
Illustration of the« JellyFish »re-order attack
• Isolated relay chain• Single JF• Standard 802.11, 2Mb/s• TCP-Sack• Simulator: ns-2
38
Conclusion
The security of ad hoc and sensor networks is a strategic research topic
The kind of considered scenario (nature of the network authority, attacker model, capabilities of the nodes,…) can radically influence the solution to be chosen
The study of security problems in the framework of self-organized wireless systems can help identifying problems of and solutions for conventional networks
39
Upcoming Events
WiSe 2004 : 3rd ACM Workshop on Wireless Security, Philadelphia, October 1
VANET 2004 : 1st ACM Workshop on Vehicular Ad Hoc Networks, Philadelphia, October 1
SASN 2004 : ACM Workshop on Security of Ad Hoc and Sensor Networks, October 25, Washington DC
escar 2004 : 2nd Workshop on Security in Cars, Bochum, November 10-11
