Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
1
Security and Cooperation in Wireless Ad Hoc Networks:
Revisiting Niccolo` Machiavelli
Jean-Pierre HubauxEPFL
With contributions from L. Buttyan, N. Ben Salem, M. Cagalj, S. Capkun, M. Felegyhazi, P. Papadimitratos, and M. Raya
2
Security and Cooperation in Wireless Ad Hoc Networks:
Revisiting Niccolo` Machiavelli
1. Introduction2. Thwarting malicious behavior3. Thwarting selfish behavior
3
Niccolo` Machiavelli (Florence, 1469 – 1527)
"There is nothing more difficult to take in hand, more perilous to conduct, or more uncertain in its success, than to take the lead in the introduction of a new order of things." (from The Prince, 1532)
4
The Internet is the (recently introduced) “new order of things”
“The Internet is Broken”MIT Technology Review,Dec. 2005 – Jan. 2006
Network deploymentNetwork deployment
Observationof new misdeeds
(malicious or selfish)
Observationof new misdeeds
(malicious or selfish)
Install security patches(anti-virus, anti-spam, anti-spyware,
anti-phishing, firewalls,…)
Install security patches(anti-virus, anti-spam, anti-spyware,
anti-phishing, firewalls,…)
What if tomorrow’s wireless networks are even more unsafe than today’s Internet ?What if tomorrow’s wireless networks are even more unsafe than today’s Internet ?
5
Wireless (ad hoc) networks will be the next “new order of things”
• New kinds of networks– Personal communications
• Small operators, community networks• Cellular operators in shared spectrum• Mesh networks• Hybrid ad hoc networks (also called “Multi-hop cellular networks”)• “Autonomous” ad hoc networks• Personal area networks
– Vehicular networks– Sensor and RFID networks– …
• New wireless communication technologies– Cognitive radios– MIMO– Ultra Wide Band– Directional antennas– …
6
Wireless (ad hoc) networks will be the next “new order of things”
• New kinds of networks– Personal communications
• Small operators, community networks• Cellular operators in shared spectrum• Mesh networks• Hybrid ad hoc networks (also called “Multi-hop cellular networks”)• “Autonomous” ad hoc networks• Personal area networks
– Vehicular networks– Sensor and RFID networks– …
• New wireless communication technologies– Cognitive radios– MIMO– Ultra Wide Band– Directional antennas– …
7
Community networks
• Centralized solution: FON, http://en.fon.com/
• Distributed solution:E. Pantelis, A. Frangoudis, and G. PolyzosStimulating Participation in Wireless Community NetworksINFOCOM 2006
• Incentive technique based on proof of contribution
Example: service reciprocation in community networks
8
Mesh Networks
Transit Access Point (TAP)
9
Mesh Networks: node compromise
10
Mesh Networks: jamming
More on mesh networks: • WiMesh: Workshop on Wireless Mesh Networks, September 2005 Santa Clara, USA.• IEEE Wireless Communications, Special Issue on Wireless Mesh Networking,
Vol. 13 No 2, April 2006
11
Vehicular communications: why?
• Combat the awful side-effects of road traffic– In the EU, around 40’000 people die yearly on the roads;
more than 1.5 millions are injured– Traffic jams generate a tremendous waste of time and of fuel
• Most of these problems can be solved by providing appropriate information to the driver or to the vehicle
12
Example of attack : Generate “intelligent collisions”
SLOW DOWN
The way is clear
For more information: http://ivc.epfl.chhttp://www.sevecom.org
• All automakers are working on vehicular comm.• Vehicular networks will probably be the largestincarnation of mobile ad hoc networks
13
Sensor networks
Vulnerabilities:• Theft reverse engineered and compromised, replicated • Limited capabilities risk of DoS attack, restriction on
cryptographic primitives to be used• Deployment can be random pre-configuration is difficult• Unattended some sensors can be maliciously moved around
14
Trends and challenges in wireless networks
• From centralized to distributed to self-organized Security architectures must be redesigned
• Increasing programmability of the devicesincreasing risk of attacks and of greedy behavior
• Growing number of tiny, embbeded devices Growing vulnerability, new attacks
• From single-hopping to multi-hoppingIncreasing “security distance” between devices and
infrastructure, increased temptation for selfish behavior• Miniaturization of devices Limited capabilities• Pervasiveness Growing privacy concerns
… Yet, mobility and wireless can facilitate certain security mechanisms
15
Security and Cooperation in Wireless Ad Hoc Networks
1. Introduction2. Thwarting malice: security mechanisms
2.1 Naming and addressing2.2 Establishment of security associations2.3 Thwarting the wormhole attacks2.4 Secure routing in multi-hop wireless networks2.5 Privacy protection2.6 Secure positioning
3. Thwarting selfishness: behavior enforcement3.0 Brief introduction to game theory3.1 Enforcing packet forwarding3.2 Enforcing fair bandwidth sharing at the MAC layer 3.3 Discouraging greedy behavior of operators
16
Upcoming networks Vs mechanisms
X X X X X
X X X X
X X X X X X X
X X X X X X X X
X X X X X X X
X X X X X ? X ?
X X X X X ? X
X ? X X
Naming and addr.
Discouraging
greedy op.
Security
associa
tions
Thwarting worm
holes
Secure ro
uting
Privac
y
Enforcing PKT FWing
Enforcing fa
ir MAC
Small op., comm. NWs
Cellular operators in shared spectrum
Mesh networks
Hybrid ad hoc networks
Autonomous ad hoc NWs
Vehicular networks
Sensor networks
RFID
17
2.1 Naming and addressing• Typical attacks:
– Sybil: the same node has multiple identities– Replication: the attacker captures a node and replicates it
several nodes share the same identity• Distributed protection technique in IPv6: Cryptographically Generated
Addresses (T. Aura, 2003; RFC 3972))
Public key
Hash function
Interface IDSubnet prefix
64 bits 64 bits
For higher security (hash function outputbeyond 64 bits), hashextension can be used
Detection of node replication attacks in sensor networks: Parno, Perrig, and Gligor, IEEE Symposium on Security and Privacy, 2005
IPv6 address
18
2.2 Establishment of security associations(“Mobility helps peer-to-peer security”)
Infrared link
(Alice, PuKAlice, XYZ)
(Bob, PuKBob , UVW)
☺ ☺Visual recognition, conscious establishment
of a two-way security association
Secure side channel -Typically short distance (a few meters)- Line of sight required- Ensures integrity- Confidentiality not required
Name
Name
NodeId
NodeId
AliceBob
19
Friends mechanism
IR
Colin
Bob(Colin’s friend)
Alice
(Alice, PuKAlice, XYZ)
(Alice, PuKAlice, XYZ)
Colin and Bob are friends:• They have established a Security Association at initialisation• They faithfully share with each other the Security Associations
they have set up with other users
Colin and Bob are friends:• They have established a Security Association at initialisation• They faithfully share with each other the Security Associations
they have set up with other users
20
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
100 1000 10000 100000 1000000time (s)
perc
enta
ge o
f sec
urity
ass
ocia
tions
s=99, f=0, pause=100 s, sr=5 m, v=5 m/s s=99, f=2, pause=100 s, sr=5 m, v=5 m/ss=99, f=0, pause=100 s, sr=5 m, v=20 m/s
5m/s, 2 friends5m/s, 0 friends
20m/s, 0 friends
Establishment pace of security associations
Capkun, Hubaux, Buttyan, IEEE TMC, January 2006
21
Pairwise key establishment in sensor networks
1. Initialization
Keyreservoir(k keys)
m (<<k) keys in each sensor (“key ring of the node”)
2. Deployment
Do we have a common key?
Probability for any 2 nodes to have a common key:
)!2(!))!((1
2
mkkmkp−−
−=
22
Probability for two sensors to have a common key
Eschenauer and Gligor, ACM CCS 2002
23
2.3 Thwarting the wormhole attack
E G
M
H
R
FA
B
C
I
DS
K
N
L
PJ
Q
Hu, Perrig, Johnson,Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks,Infocom 2003
Countermeasure : let each alleged neighbor prove that it is indeed in power range(secure neighbor discovery)
24
2.4 Secure routing in multi-hop networks
F
B
C E
D
A
G
Possible attacks:• routing disruption: routing loop, black hole, gray hole, wormhole, rushing attacks• resource consumption: inject extra data or control packets
Need to secure both route discovery and packet forwarding
25
Secure route discovery with the Secure Routing Protocol (SRP)
Route Reply (RREP): QID, T, V3, V2, V1, S, MAC(KS,T, QID, QSEQ, T, V3, V2, V1, S) (5) T → V3 : RREP; (6) V3 → V2 : RREP; (7) V2 → V1 : RREP; (8) V1 → S : RREP;
S V1 V3 V2 T
1 2 3 4
8 7 6 5
Route Request (RREQ): S, T, QSEQ, QID, MAC(KS,T, S, T, QSEQ, QID) (1) S broadcasts RREQ; (2) V1 broadcasts RREQ, V1; (3) V2 broadcasts RREQ, V1, V2; (4) V3 broadcasts RREQ, V1, V2, V3;
QSEQ: Query Sequence NumberQID : Query Identifier
26
More on secure routing
Secure Data Communication
Secure Route Discovery
Hu, Perrig, and Johnson: Ariadne, Sept. 2002, SEAD, Jun. 2002
Zapata and Asokan: S-AODV, Sept. 2002
Papadimitratos and Haas: Secure Single Path (SSP) and Secure Multi-path (SMT) protocols, Jul./Sept. 2003, Feb. 2006
Papadimitratos and Haas: Secure Routing Protocol (SRP), Jan. 2002
Sangrizi, Dahill, Levine, Shields, and Royer: ARAN, Nov. 2002
G. Ács, L. Buttyán, and I. Vajda,Provably Secure On-demand Source Routingto appear in IEEE Transactions on Mobile Computing
All above proposals (except ARAN) are flawed !Own proposal: endairA
Cross-layerattacks
Aad, Hubaux, Knightly: Jellyfish attacks, 2004
27
2.5 Privacy: the case of RFID• RFID = Radio-Frequency Identification
• RFID system elements– RFID tag + RFID reader + back-end database
• RFID tag = microchip + RF antenna– microchip stores data (few hundred bits)– tags can be active
• have their own battery expensive– or passive
• powered up by the reader’s signal• reflect the RF signal of the reader modulated with stored data
RFID tagRFID reader
back-enddatabase
tagged object
detailedobject
information
readingsignal
IDID
28
RFID privacy problems• RFID tags respond to reader’s query automatically,
without authenticating the readerclandestine scanning of tags is a plausible threat
• two particular problems:1. Inventorying: a reader can silently determine what objects a
person is carrying• books• medicaments • banknotes• underwear• …
2. Tracking: set of readers can determine where a given person is located• tags emit fixed unique identifiers• even if tag response is not unique it is possible
to track a set of particular tags
watch: Casio
book: The Prince,
Machiavelli
shoes: Nike
suitcase: Samsonite
jeans: Lee Cooper
Juels A., RFID Security and Privacy: A Research Survey, RSA Tech Report, Sept. 2005
29
2.6 Secure positioning
m1
v2
v1
v1
vmc
- honest node - malicious node - compromised node
v3
m5
m3
m4
m2
c
c
WormholeNode displacement
a) b)
d) Dissemination of false position and distance information
c) Malicious distance enlargement
Node's actual positionNode's actual
distanceNode's measureddistance
Node's reportedposition
http://lcawww.epfl.ch/capkun/spot/
30
Security and Cooperation in Wireless Ad Hoc Networks
1. Introduction2. Thwarting malice: security mechanisms
2.1 Naming and addressing2.2 Establishment of security associations2.3 Thwarting the wormhole attacks2.4 Secure routing in multi-hop wireless networks2.5 Privacy protection2.6 Secure positioning
3. Thwarting selfishness: behavior enforcement3.0 Brief introduction to game theory3.1 Enforcing packet forwarding3.2 Enforcing fair bandwidth sharing at the MAC layer 3.3 Discouraging greedy behavior of operators
31
3.0 Brief introduction to Game Theory
• Discipline aiming at modeling situations in which actors have to make decisions which have mutual, possibly conflicting, consequences
• Classical applications: economics, but also politics and biology
• Example: should a company invest in a new plant, or enter a new market, considering that the competitionmay make similar moves?
• Most widespread kind of game: non-cooperative(meaning that the players do not attempt to find an agreement about their possible moves)
32
Example 1: The Forwarder’s Dilemma
?Blue Green
?
33
From a problem to a game
• Users controlling the devices are rational (or selfish): they try to maximize their benefit
• Game formulation: G = (P,S,U)– P: set of players– S: set of strategy functions– U: set of utility functions
• Strategic-form representation
• Reward for packet reaching the destination: 1• Cost of packet forwarding: c (0 < c << 1)
(1-c, 1-c) (-c, 1)(1, -c) (0, 0)
BlueGreen
Forward
Drop
Forward Drop
34
Solving the Forwarder’s Dilemma (1/2)
' '( , ) ( , ), ,i i i i i i i i i iu s s u s s s S s S− − − −< ∀ ∈ ∀ ∈
iu U∈i is S− −∈
Strict dominance: strictly best strategy, for any strategy of the other player(s)
where: utility function of player istrategies of all players except player i
In Example 1, strategy Drop strictly dominates strategy Forward
(1-c, 1-c) (-c, 1)(1, -c) (0, 0)
BlueGreen
Forward
Drop
Forward Drop
Strategy strictly dominates ifis
35
Solving the Forwarder’s Dilemma (2/2)
Solution by iterative strict dominance:
(1-c, 1-c) (-c, 1)(1, -c) (0, 0)
BlueGreen
Forward
Drop
Forward Drop
Result: Tragedy of the commons ! (Hardin, 1968)
Drop strictly dominates ForwardDilemma
Forward would result in a better outcomeBUT }
36
Nash equilibrium
Nash Equilibrium: no player can increase his utility by deviating unilaterally
(1-c, 1-c) (-c, 1)(1, -c) (0, 0)
BlueGreen
Forward
Drop
Forward Drop
The Forwarder’s Dilemma
(Drop, Drop) is the only Nash equilibrium of this game(Drop, Drop) is the only Nash equilibrium of this game
37
Example 2: The Multiple Access game
Reward for successfultransmission: 1
Cost of transmission: c(0 < c << 1)
There is no strictly dominating strategy
(0, 0) (0, 1-c)(1-c, 0) (-c, -c)
BlueGreen
Quiet
Transmit
Quiet Transmit
There are two Nash equilibria
Time-division channel
38
More on game theory
Properties of Nash equilibria to be investigated:• uniqueness• efficiency (Pareto-optimality)• emergence (dynamic games, agreements)
Most promising area of application in wireless: cognitive radios
Tutorials on game theory for wireless networks:• A. Mackenzie, L. Da Silva, and W. Tranter (Editor) Game Theory for Wireless EngineersMorgan & Claypool Publishers, 2006
• M. Felegyhazi and J.P. HubauxGame Theory for Wireless Networks: A TutorialLCA-REPORT-2006-002, April 2006
Pareto-optimalityA strategy profile is Pareto-optimal if the payoff of a player cannot be increased without decreasing the payoff of another player
39
Security and Cooperation in Wireless Ad Hoc Networks
1. Introduction2. Thwarting malice: security mechanisms
2.1 Naming and addressing2.2 Establishment of security associations2.3 Thwarting the wormhole attacks2.4 Secure routing in multi-hop wireless networks2.5 Privacy protection2.6 Secure positioning
3. Thwarting selfishness: behavior enforcement3.0 Brief introduction to game theory3.1 Enforcing packet forwarding3.2 Enforcing fair bandwidth sharing at the MAC layer 3.3 Discouraging greedy behavior of operators
40
3.1 Enforcing packet forwarding
• V. Srinivasan, P. Nuggehalli, C. Chiasserini, and R. Rao, Infocom 2003, IEEE TWC 2005
• M. Felegyhazi, JP Hubaux, and L. Buttyan, Personal Wireless Comm. Workshop 2003, IEEE TMC 2006
S1
S2
D1D2
Usually, the devices are assumed to be cooperative. But what if they are not, and there is no incentive to cooperate?
41
Modeling packet forwarding as a game
time0time slot: 1 t
Strategy:cooperationlevel
pC(0) pC(1) pC(t)
Player: node
Payoff of node i: proportion of packets sent by node i reaching their destination
42
Examples of strategies
1)( =ii yσ
iii xy =)(σ
0)( =ii yσ
StrategyFunctionInitial
cooperation level
AllD (always defect)
AllC (always cooperate)
TFT (Tit-For-Tat)
0
1
1
non-reactive strategies: the output of the strategy functionis independent of the input (example: AllD and AllC) reactive strategies: the output of the strategy functiondepends on the input (example: TFT)
where yi stands for the input
iii yy =)(σ
43
Concept of dependency graph
Dependency: the benefit of each source is dependent on the behavior of its forwarders
dependency loop
44
Analytical resultsTheorem 1: If node i does not have any dependency loops, then its best strategy is AllD.
Theorem 2: If node i has only non-reactive dependency loops, then its best strategy is AllD.
Corollary 1: If every node plays AllD, it is a Nash-equilibrium. Corollary 1: If every node plays AllD, it is a Nash-equilibrium.
node i
node playing a non-reactive strategy
other nodes
45
Analytical results (2/2)
Corollary 2: If Theorem 3 holds for every node, it is a Nash-equilibrium.Corollary 2: If Theorem 3 holds for every node, it is a Nash-equilibrium.
Theorem 3 (simplified): Assuming that node i is a forwarder, its behavior will be cooperative only if it has a dependency loop with each of its sources
Theorem 3 (simplified): Assuming that node i is a forwarder, its behavior will be cooperative only if it has a dependency loop with each of its sources
Example in which Corollary 2 holds:
A B
C
A B
C
46
Conclusion on selfish behavior in static multi-hop wireless networks
Analytical results:If everyone drops all packets, it is a Nash-equilibriumIn theory, given some conditions, a cooperative Nash-equilibrium can exist ( i.e., each forwarder forwards all packets )
Simulation results: In practice, the conditions for cooperative Nash-equilibria are very restrictive : the likelihood that the conditions for cooperation hold for every node is extremely small
Possible extensions:Consider a mobile scenario – impact of mobilityTake the battery level of nodes into account
47
3.2 Preventing greedy behavior at the MAC layer in WiFi hotspots
Well-behaved nodeCheater
The access point is trustedThe access point is trusted
• Kyasanur and Vaidya, DSN 2003• http://domino.epfl.ch• Cagalj et al., Infocom 2005 (game theory model for CSMA/CA ad hoc networks)
48
3.3 Discouraging greedy behavior of wireless operators
0
maxi
i iu
Pj ju
j
P gN P g
⎡ ⎤⋅⎢ ⎥
⎢ ⎥+ ⋅⎢ ⎥⎣ ⎦∑
• Game G = (Players, Strategy, Utility function)• Players: operators• Strategy: radio range of base stations• Utility: useful coverage of their pilot signal:
coverage interferencei i i iU γ= − ⋅
2
1iu
iu
gd
=
where the channel gain:
• freely roaming users• power control of the pilot signal• users attach to the base station with the best
pilot signal:
Static game –Pareto-optimal Nash equilibria
Small : Large :
A B MAX
A B MIN
r r Rr r R
γγ
= == =
Repeated game –A Nash equilibrium based on RMIN isenforceable using punishments
: maximum power range (regulator): minimum power range (for coverage)
MAX
MIN
RR
: sensitivit
http://winet-coop.epfl.ch/
y to interferenceiγ
49
Who is malicious? Who is selfish?
Both security and game theory backgrounds are useful in many cases !! Both security and game theory backgrounds are useful in many cases !!
Harm everyone: viruses,…
Selective harm: DoS,… Spammer
Cyber-gangster:phishing attacks,trojan horses,…
Big brother
Greedy operator
Selfish mobile station
50
Conclusion• 500 years ago, Machiavelli analysed the influence of greed and selfishness on
politics• Today, we must elaborate a framework to cope with a similar problem:
Malice and selfishness will be the most important challenges in tomorrow’swireless (ad hoc) networks, as they are in today’s Internet
• Both security and game theory backgrounds are needed to properly tacklemost of these problems
• Possible cause of the immaturity of the field : the belief that conventionalsecurity solutions for networking (IPsec,…) will solve the problem
• Yet the awareness is increasing, notably thanks to several events: – ESAS 2006 : European Workshop on the Security of Ad Hoc and Sensor Networks,
September 20-21, Hamburg– WiSe 2006 : ACM Workshop on Wireless Security, Philadelphia,
September 29, Los Angeles– SASN 2006 : ACM Workshop on Security of Ad Hoc and Sensor Networks,
October 30, Washington DC– escar 2006 : Workshop on Security in Cars, Berlin, November 13 - 15
Slide show available at: http://lcawww.epfl.ch/hubaux/
Textbook in preparation: L. Buttyán and J. P. HubauxSecurity and Cooperation in Wireless NetworksCambridge University Press, 2007http://secowinet.epfl.ch/