Securing Nomads: The Case For Quarantine, Examination, Decontamination Kevin Eustice, Shane Markstrum, V. Ramakrishna, Dr. Peter Reiher, Dr. Leonard Kleinrock,

Securing Nomads:The Case For Quarantine,

Examination, Decontamination

Kevin Eustice, Shane Markstrum, V. Ramakrishna,

Dr. Peter Reiher, Dr. Leonard Kleinrock, Dr. Gerald PopekLaboratory for Advanced Systems Research

UCLA Computer Science

Annual Computer Security Applications Conference 2003

In a Nutshell

• Problem summary– Networks do little to monitor or control entry– Exploited or vulnerable nomadic devices freely

move around– Other devices may victimize or fall victim to these

devices

• A proposed model: QED– Quarantine devices upon entrance– Examine devices as required by environment– Decontaminate devices to repair or update

Introduction – Challenges – The Paradigm – Conclusion

New Trends In Nomadicity

Users:• Frequently change networks, taking their devices

with them• Carry misconfigured and vulnerable software with

them from locale to locale• Pick up electronic hitchhikers (viruses, malicious

agents, other malcode) from other nomads they encounter


Local Café

Scenario: nomadic blaster

propagation

Bob

Alice

Carol

Xavier

http://www.fremontfair.com/images/spons/starbucks.gif

http://images.google.com/imgres?imgurl=www.library.njit.edu/archlib/apps/reservations/laptop.gif&imgrefurl=http://www.library.njit.edu/archlib/apps/reservations/index.cfm&h=183&w=197&prev=/images%3Fq%3Dlaptop%26svnum%3D10%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26safe%3Doff%26sa%3DN




Bob’s Office

Scenario: nomadic blaster

propagation

Worker

Worker

Worker

Worker

Bob






Traditional Security Ignores Nomadic Devices

• Wireless focus has been on better– Authentication– Encryption

• Wired and wireless devices promiscuously enter and leave networks– Little accountability in existing paradigm– Reactive security, not proactive


Life will only get worse…

• Pervasive Computing is coming• Pervasive paradigm implies many more

attack vectors and potential attackers• Abundant confidential and important

personal information• Some possibilities:

– Trojan horses in consumer electronics– PDA-carried viruses– Wireless parasites


Characteristics of the Environment

• Many, many affected users and devices• Heterogeneous OS/application space• Dynamic, often short-lived network

membership• Mostly benevolent but non-technical users• Minimal system administration available

Where do we go from here?


Bob’s Office

QED

Bob

Worker

Worker

Worker

Worker

Quarantine device upon entry into network, and authenticate.

Examine device for vulnerabilities or undesirable services.

Decontaminate: Work with device to repair vulnerabilities!






QuarantineTypically, there are two immediate

types of desired quarantine:

• Isolation from outside world– Many networks partially do this– Often imperfectly

• Isolation from peers– Few networks do this– Just as important


Quarantine

Some mechanisms to quarantine devices include:

• Routing restrictions at gateway• Voluntary isolation by device• DENY firewall rules on peers• MAC address-based forwarding restrictions

in Access Point• Quarantine wireless network outside

firewall


ExaminationMany possible alternatives:

• Software package analysis• Network profiling• Configuration analysis• File checksum examination• Virus scan


DecontaminationAssist device in complying with local

policy:

• Work with device to fix problems• Update software packages, configurations• Ask device to disable certain services

while in this network, etc.


Work in Progress:QED Prototype


UCLA CS

Scenario:

QED Prototype design

Client

Worker

Security Manager

IPsec tunnel

Worker

IPse

c tu

nnel

Worker

Authenticated DHCP,

w/IPsec key insertion

IPsec tunnel

IPsec tunnel

Default drop rules on Worker nodes have

already isolated them from the untrusted Client.

RPM Exam

ination

Package Update



Open Issues

• Overhead management• Privacy• Leveraging trust relationships• Heterogeneity


Big Picture

• QED is a component of Panoply, UCLA’s pervasive computing project

• We think QED is a step towards more secure pervasive environments


Conclusions

• Existing security mechanisms are insufficient for emerging pervasive computing paradigm

• Security needs to be proactive• QED is the first system to address

these issues


References

For more info:

Contact: [email protected]

• Kevin Eustice, Leonard Kleinrock, Shane Markstrum, Gerald Popek, Venkatraman Ramakrishna, Peter Reiher . “Enabling Secure Ubiquitous Interactions ”. In the proceedings of the 1st International Workshop on Middleware for Pervasive and Ad-Hoc Computing.

• Kevin Eustice, Leonard Kleinrock, Shane Markstrum, Gerald Popek, Venkatraman Ramakrishna, Peter Reiher . “Wi-Fi Nomads: The Case for Quarantine, Examination and Decontamination ”. To appear in the proceedings of the New Security Paradigms Workshop 2003.

Documents

Securing Nomads: The Case For Quarantine, Examination, Decontamination Kevin Eustice, Shane Markstrum, V. Ramakrishna, Dr. Peter Reiher, Dr. Leonard Kleinrock,