Security and Cooperation in Wireless Ad Hoc Networks ...lca · More on secure routing Secure Data Communication Secure Route Discovery Hu, Perrig, and Johnson: Ariadne, Sept. 2002,

1

Security and Cooperation in Wireless Ad Hoc Networks:

Revisiting Niccolo` Machiavelli

Jean-Pierre HubauxEPFL

With contributions from L. Buttyan, N. Ben Salem, M. Cagalj, S. Capkun, M. Felegyhazi, P. Papadimitratos, and M. Raya

2

Security and Cooperation in Wireless Ad Hoc Networks:

Revisiting Niccolo` Machiavelli

1. Introduction2. Thwarting malicious behavior3. Thwarting selfish behavior

3

Niccolo` Machiavelli (Florence, 1469 – 1527)

"There is nothing more difficult to take in hand, more perilous to conduct, or more uncertain in its success, than to take the lead in the introduction of a new order of things." (from The Prince, 1532)

4

The Internet is the (recently introduced) “new order of things”

“The Internet is Broken”MIT Technology Review,Dec. 2005 – Jan. 2006

Network deploymentNetwork deployment

Observationof new misdeeds

(malicious or selfish)

Observationof new misdeeds

(malicious or selfish)

Install security patches(anti-virus, anti-spam, anti-spyware,

anti-phishing, firewalls,…)

Install security patches(anti-virus, anti-spam, anti-spyware,

anti-phishing, firewalls,…)

What if tomorrow’s wireless networks are even more unsafe than today’s Internet ?What if tomorrow’s wireless networks are even more unsafe than today’s Internet ?

5

Wireless (ad hoc) networks will be the next “new order of things”

• New kinds of networks– Personal communications

• Small operators, community networks• Cellular operators in shared spectrum• Mesh networks• Hybrid ad hoc networks (also called “Multi-hop cellular networks”)• “Autonomous” ad hoc networks• Personal area networks

– Vehicular networks– Sensor and RFID networks– …

• New wireless communication technologies– Cognitive radios– MIMO– Ultra Wide Band– Directional antennas– …

6

Wireless (ad hoc) networks will be the next “new order of things”

• New kinds of networks– Personal communications

• Small operators, community networks• Cellular operators in shared spectrum• Mesh networks• Hybrid ad hoc networks (also called “Multi-hop cellular networks”)• “Autonomous” ad hoc networks• Personal area networks

– Vehicular networks– Sensor and RFID networks– …

• New wireless communication technologies– Cognitive radios– MIMO– Ultra Wide Band– Directional antennas– …

7

Community networks

• Centralized solution: FON, http://en.fon.com/

• Distributed solution:E. Pantelis, A. Frangoudis, and G. PolyzosStimulating Participation in Wireless Community NetworksINFOCOM 2006

• Incentive technique based on proof of contribution

Example: service reciprocation in community networks

8

Mesh Networks

Transit Access Point (TAP)

9

Mesh Networks: node compromise

10

Mesh Networks: jamming

More on mesh networks: • WiMesh: Workshop on Wireless Mesh Networks, September 2005 Santa Clara, USA.• IEEE Wireless Communications, Special Issue on Wireless Mesh Networking,

Vol. 13 No 2, April 2006

11

Vehicular communications: why?

• Combat the awful side-effects of road traffic– In the EU, around 40’000 people die yearly on the roads;

more than 1.5 millions are injured– Traffic jams generate a tremendous waste of time and of fuel

• Most of these problems can be solved by providing appropriate information to the driver or to the vehicle

12

Example of attack : Generate “intelligent collisions”

SLOW DOWN

The way is clear

For more information: http://ivc.epfl.chhttp://www.sevecom.org

• All automakers are working on vehicular comm.• Vehicular networks will probably be the largestincarnation of mobile ad hoc networks

13

Sensor networks

Vulnerabilities:• Theft reverse engineered and compromised, replicated • Limited capabilities risk of DoS attack, restriction on

cryptographic primitives to be used• Deployment can be random pre-configuration is difficult• Unattended some sensors can be maliciously moved around

14

Trends and challenges in wireless networks

• From centralized to distributed to self-organized Security architectures must be redesigned

• Increasing programmability of the devicesincreasing risk of attacks and of greedy behavior

• Growing number of tiny, embbeded devices Growing vulnerability, new attacks

• From single-hopping to multi-hoppingIncreasing “security distance” between devices and

infrastructure, increased temptation for selfish behavior• Miniaturization of devices Limited capabilities• Pervasiveness Growing privacy concerns

… Yet, mobility and wireless can facilitate certain security mechanisms

15

Security and Cooperation in Wireless Ad Hoc Networks

1. Introduction2. Thwarting malice: security mechanisms

2.1 Naming and addressing2.2 Establishment of security associations2.3 Thwarting the wormhole attacks2.4 Secure routing in multi-hop wireless networks2.5 Privacy protection2.6 Secure positioning

3. Thwarting selfishness: behavior enforcement3.0 Brief introduction to game theory3.1 Enforcing packet forwarding3.2 Enforcing fair bandwidth sharing at the MAC layer 3.3 Discouraging greedy behavior of operators

16

Upcoming networks Vs mechanisms

X X X X X

X X X X

X X X X X X X

X X X X X X X X

X X X X X X X

X X X X X ? X ?

X X X X X ? X

X ? X X

Naming and addr.

Discouraging

greedy op.

Security

associa

tions

Thwarting worm

holes

Secure ro

uting

Privac

y

Enforcing PKT FWing

Enforcing fa

ir MAC

Small op., comm. NWs

Cellular operators in shared spectrum

Mesh networks

Hybrid ad hoc networks

Autonomous ad hoc NWs

Vehicular networks

Sensor networks

RFID

17

2.1 Naming and addressing• Typical attacks:

– Sybil: the same node has multiple identities– Replication: the attacker captures a node and replicates it

several nodes share the same identity• Distributed protection technique in IPv6: Cryptographically Generated

Addresses (T. Aura, 2003; RFC 3972))

Public key

Hash function

Interface IDSubnet prefix

64 bits 64 bits

For higher security (hash function outputbeyond 64 bits), hashextension can be used

Detection of node replication attacks in sensor networks: Parno, Perrig, and Gligor, IEEE Symposium on Security and Privacy, 2005

IPv6 address

18

2.2 Establishment of security associations(“Mobility helps peer-to-peer security”)

Infrared link

(Alice, PuKAlice, XYZ)

(Bob, PuKBob , UVW)

☺ ☺Visual recognition, conscious establishment

of a two-way security association

Secure side channel -Typically short distance (a few meters)- Line of sight required- Ensures integrity- Confidentiality not required

Name

Name

NodeId

NodeId

AliceBob

19

Friends mechanism

IR

Colin

Bob(Colin’s friend)

Alice



Colin and Bob are friends:• They have established a Security Association at initialisation• They faithfully share with each other the Security Associations

they have set up with other users

Colin and Bob are friends:• They have established a Security Association at initialisation• They faithfully share with each other the Security Associations

they have set up with other users

20

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

100 1000 10000 100000 1000000time (s)

perc

enta

ge o

f sec

urity

ass

ocia

tions

s=99, f=0, pause=100 s, sr=5 m, v=5 m/s s=99, f=2, pause=100 s, sr=5 m, v=5 m/ss=99, f=0, pause=100 s, sr=5 m, v=20 m/s

5m/s, 2 friends5m/s, 0 friends

20m/s, 0 friends

Establishment pace of security associations

Capkun, Hubaux, Buttyan, IEEE TMC, January 2006

21

Pairwise key establishment in sensor networks

1. Initialization

Keyreservoir(k keys)

m (<<k) keys in each sensor (“key ring of the node”)

2. Deployment

Do we have a common key?

Probability for any 2 nodes to have a common key:

)!2(!))!((1

2

mkkmkp−−

−=

22

Probability for two sensors to have a common key

Eschenauer and Gligor, ACM CCS 2002

23

2.3 Thwarting the wormhole attack

E G

M

H

R

FA

B

C

I

DS

K

N

L

PJ

Q

Hu, Perrig, Johnson,Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks,Infocom 2003

Countermeasure : let each alleged neighbor prove that it is indeed in power range(secure neighbor discovery)

24

2.4 Secure routing in multi-hop networks

F

B

C E

D

A

G

Possible attacks:• routing disruption: routing loop, black hole, gray hole, wormhole, rushing attacks• resource consumption: inject extra data or control packets

Need to secure both route discovery and packet forwarding

25

Secure route discovery with the Secure Routing Protocol (SRP)

Route Reply (RREP): QID, T, V3, V2, V1, S, MAC(KS,T, QID, QSEQ, T, V3, V2, V1, S) (5) T → V3 : RREP; (6) V3 → V2 : RREP; (7) V2 → V1 : RREP; (8) V1 → S : RREP;

S V1 V3 V2 T

1 2 3 4

8 7 6 5

Route Request (RREQ): S, T, QSEQ, QID, MAC(KS,T, S, T, QSEQ, QID) (1) S broadcasts RREQ; (2) V1 broadcasts RREQ, V1; (3) V2 broadcasts RREQ, V1, V2; (4) V3 broadcasts RREQ, V1, V2, V3;

QSEQ: Query Sequence NumberQID : Query Identifier

26

More on secure routing

Secure Data Communication

Secure Route Discovery

Hu, Perrig, and Johnson: Ariadne, Sept. 2002, SEAD, Jun. 2002

Zapata and Asokan: S-AODV, Sept. 2002

Papadimitratos and Haas: Secure Single Path (SSP) and Secure Multi-path (SMT) protocols, Jul./Sept. 2003, Feb. 2006

Papadimitratos and Haas: Secure Routing Protocol (SRP), Jan. 2002

Sangrizi, Dahill, Levine, Shields, and Royer: ARAN, Nov. 2002

G. Ács, L. Buttyán, and I. Vajda,Provably Secure On-demand Source Routingto appear in IEEE Transactions on Mobile Computing

All above proposals (except ARAN) are flawed !Own proposal: endairA

Cross-layerattacks

Aad, Hubaux, Knightly: Jellyfish attacks, 2004

27

2.5 Privacy: the case of RFID• RFID = Radio-Frequency Identification

• RFID system elements– RFID tag + RFID reader + back-end database

• RFID tag = microchip + RF antenna– microchip stores data (few hundred bits)– tags can be active

• have their own battery expensive– or passive

• powered up by the reader’s signal• reflect the RF signal of the reader modulated with stored data

RFID tagRFID reader

back-enddatabase

tagged object

detailedobject

information

readingsignal

IDID

28

RFID privacy problems• RFID tags respond to reader’s query automatically,

without authenticating the readerclandestine scanning of tags is a plausible threat

• two particular problems:1. Inventorying: a reader can silently determine what objects a

person is carrying• books• medicaments • banknotes• underwear• …

2. Tracking: set of readers can determine where a given person is located• tags emit fixed unique identifiers• even if tag response is not unique it is possible

to track a set of particular tags

watch: Casio

book: The Prince,

Machiavelli

shoes: Nike

suitcase: Samsonite

jeans: Lee Cooper

Juels A., RFID Security and Privacy: A Research Survey, RSA Tech Report, Sept. 2005

29

2.6 Secure positioning

m1

v2

v1

v1

vmc

- honest node - malicious node - compromised node

v3

m5

m3

m4

m2

c

c

WormholeNode displacement

a) b)

d) Dissemination of false position and distance information

c) Malicious distance enlargement

Node's actual positionNode's actual

distanceNode's measureddistance

Node's reportedposition

http://lcawww.epfl.ch/capkun/spot/

30





31

3.0 Brief introduction to Game Theory

• Discipline aiming at modeling situations in which actors have to make decisions which have mutual, possibly conflicting, consequences

• Classical applications: economics, but also politics and biology

• Example: should a company invest in a new plant, or enter a new market, considering that the competitionmay make similar moves?

• Most widespread kind of game: non-cooperative(meaning that the players do not attempt to find an agreement about their possible moves)

32

Example 1: The Forwarder’s Dilemma

?Blue Green

?

33

From a problem to a game

• Users controlling the devices are rational (or selfish): they try to maximize their benefit

• Game formulation: G = (P,S,U)– P: set of players– S: set of strategy functions– U: set of utility functions

• Strategic-form representation

• Reward for packet reaching the destination: 1• Cost of packet forwarding: c (0 < c << 1)

(1-c, 1-c) (-c, 1)(1, -c) (0, 0)

BlueGreen

Forward

Drop

Forward Drop

34

Solving the Forwarder’s Dilemma (1/2)

' '( , ) ( , ), ,i i i i i i i i i iu s s u s s s S s S− − − −< ∀ ∈ ∀ ∈

iu U∈i is S− −∈

Strict dominance: strictly best strategy, for any strategy of the other player(s)

where: utility function of player istrategies of all players except player i

In Example 1, strategy Drop strictly dominates strategy Forward

(1-c, 1-c) (-c, 1)(1, -c) (0, 0)

BlueGreen

Forward

Drop

Forward Drop

Strategy strictly dominates ifis

35

Solving the Forwarder’s Dilemma (2/2)

Solution by iterative strict dominance:

(1-c, 1-c) (-c, 1)(1, -c) (0, 0)

BlueGreen

Forward

Drop

Forward Drop

Result: Tragedy of the commons ! (Hardin, 1968)

Drop strictly dominates ForwardDilemma

Forward would result in a better outcomeBUT }

36

Nash equilibrium

Nash Equilibrium: no player can increase his utility by deviating unilaterally

(1-c, 1-c) (-c, 1)(1, -c) (0, 0)

BlueGreen

Forward

Drop

Forward Drop

The Forwarder’s Dilemma

(Drop, Drop) is the only Nash equilibrium of this game(Drop, Drop) is the only Nash equilibrium of this game

37

Example 2: The Multiple Access game

Reward for successfultransmission: 1

Cost of transmission: c(0 < c << 1)

There is no strictly dominating strategy

(0, 0) (0, 1-c)(1-c, 0) (-c, -c)

BlueGreen

Quiet

Transmit

Quiet Transmit

There are two Nash equilibria

Time-division channel

38

More on game theory

Properties of Nash equilibria to be investigated:• uniqueness• efficiency (Pareto-optimality)• emergence (dynamic games, agreements)

Most promising area of application in wireless: cognitive radios

Tutorials on game theory for wireless networks:• A. Mackenzie, L. Da Silva, and W. Tranter (Editor) Game Theory for Wireless EngineersMorgan & Claypool Publishers, 2006

• M. Felegyhazi and J.P. HubauxGame Theory for Wireless Networks: A TutorialLCA-REPORT-2006-002, April 2006

Pareto-optimalityA strategy profile is Pareto-optimal if the payoff of a player cannot be increased without decreasing the payoff of another player

39





40

3.1 Enforcing packet forwarding

• V. Srinivasan, P. Nuggehalli, C. Chiasserini, and R. Rao, Infocom 2003, IEEE TWC 2005

• M. Felegyhazi, JP Hubaux, and L. Buttyan, Personal Wireless Comm. Workshop 2003, IEEE TMC 2006

S1

S2

D1D2

Usually, the devices are assumed to be cooperative. But what if they are not, and there is no incentive to cooperate?

41

Modeling packet forwarding as a game

time0time slot: 1 t

Strategy:cooperationlevel

pC(0) pC(1) pC(t)

Player: node

Payoff of node i: proportion of packets sent by node i reaching their destination

42

Examples of strategies

1)( =ii yσ

iii xy =)(σ

0)( =ii yσ

StrategyFunctionInitial

cooperation level

AllD (always defect)

AllC (always cooperate)

TFT (Tit-For-Tat)

0

1

1

non-reactive strategies: the output of the strategy functionis independent of the input (example: AllD and AllC) reactive strategies: the output of the strategy functiondepends on the input (example: TFT)

where yi stands for the input

iii yy =)(σ

43

Concept of dependency graph

Dependency: the benefit of each source is dependent on the behavior of its forwarders

dependency loop

44

Analytical resultsTheorem 1: If node i does not have any dependency loops, then its best strategy is AllD.

Theorem 2: If node i has only non-reactive dependency loops, then its best strategy is AllD.

Corollary 1: If every node plays AllD, it is a Nash-equilibrium. Corollary 1: If every node plays AllD, it is a Nash-equilibrium.

node i

node playing a non-reactive strategy

other nodes

45

Analytical results (2/2)

Corollary 2: If Theorem 3 holds for every node, it is a Nash-equilibrium.Corollary 2: If Theorem 3 holds for every node, it is a Nash-equilibrium.

Theorem 3 (simplified): Assuming that node i is a forwarder, its behavior will be cooperative only if it has a dependency loop with each of its sources

Theorem 3 (simplified): Assuming that node i is a forwarder, its behavior will be cooperative only if it has a dependency loop with each of its sources

Example in which Corollary 2 holds:

A B

C

A B

C

46

Conclusion on selfish behavior in static multi-hop wireless networks

Analytical results:If everyone drops all packets, it is a Nash-equilibriumIn theory, given some conditions, a cooperative Nash-equilibrium can exist ( i.e., each forwarder forwards all packets )

Simulation results: In practice, the conditions for cooperative Nash-equilibria are very restrictive : the likelihood that the conditions for cooperation hold for every node is extremely small

Possible extensions:Consider a mobile scenario – impact of mobilityTake the battery level of nodes into account

47

3.2 Preventing greedy behavior at the MAC layer in WiFi hotspots

Well-behaved nodeCheater

The access point is trustedThe access point is trusted

• Kyasanur and Vaidya, DSN 2003• http://domino.epfl.ch• Cagalj et al., Infocom 2005 (game theory model for CSMA/CA ad hoc networks)

48

3.3 Discouraging greedy behavior of wireless operators

0

maxi

i iu

Pj ju

j

P gN P g

⎡ ⎤⋅⎢ ⎥

⎢ ⎥+ ⋅⎢ ⎥⎣ ⎦∑

• Game G = (Players, Strategy, Utility function)• Players: operators• Strategy: radio range of base stations• Utility: useful coverage of their pilot signal:

coverage interferencei i i iU γ= − ⋅

2

1iu

iu

gd

=

where the channel gain:

• freely roaming users• power control of the pilot signal• users attach to the base station with the best

pilot signal:

Static game –Pareto-optimal Nash equilibria

Small : Large :

A B MAX

A B MIN

r r Rr r R

γγ

= == =

Repeated game –A Nash equilibrium based on RMIN isenforceable using punishments

: maximum power range (regulator): minimum power range (for coverage)

MAX

MIN

RR

: sensitivit

http://winet-coop.epfl.ch/

y to interferenceiγ

49

Who is malicious? Who is selfish?

Both security and game theory backgrounds are useful in many cases !! Both security and game theory backgrounds are useful in many cases !!

Harm everyone: viruses,…

Selective harm: DoS,… Spammer

Cyber-gangster:phishing attacks,trojan horses,…

Big brother

Greedy operator

Selfish mobile station

50

Conclusion• 500 years ago, Machiavelli analysed the influence of greed and selfishness on

politics• Today, we must elaborate a framework to cope with a similar problem:

Malice and selfishness will be the most important challenges in tomorrow’swireless (ad hoc) networks, as they are in today’s Internet

• Both security and game theory backgrounds are needed to properly tacklemost of these problems

• Possible cause of the immaturity of the field : the belief that conventionalsecurity solutions for networking (IPsec,…) will solve the problem

• Yet the awareness is increasing, notably thanks to several events: – ESAS 2006 : European Workshop on the Security of Ad Hoc and Sensor Networks,

September 20-21, Hamburg– WiSe 2006 : ACM Workshop on Wireless Security, Philadelphia,

September 29, Los Angeles– SASN 2006 : ACM Workshop on Security of Ad Hoc and Sensor Networks,

October 30, Washington DC– escar 2006 : Workshop on Security in Cars, Berlin, November 13 - 15

Slide show available at: http://lcawww.epfl.ch/hubaux/

Textbook in preparation: L. Buttyán and J. P. HubauxSecurity and Cooperation in Wireless NetworksCambridge University Press, 2007http://secowinet.epfl.ch/

http://lcawww.epfl.ch/hubaux/

Documents

Security and Cooperation in Wireless Ad Hoc Networks ...lca · More on secure routing Secure Data Communication Secure Route Discovery Hu, Perrig, and Johnson: Ariadne, Sept. 2002,