Скачать презентацию ESAS 2004 New Research Challenges for the Security Скачать презентацию ESAS 2004 New Research Challenges for the Security

29b43fa84d208c94d761e633ca63bbc3.ppt

  • Количество слайдов: 39

ESAS 2004 New Research Challenges for the Security of Ad Hoc and Sensor Networks ESAS 2004 New Research Challenges for the Security of Ad Hoc and Sensor Networks Jean-Pierre Hubaux EPFL 1

New Research Challenges for the Security of Ad Hoc and Sensor Networks g Some New Research Challenges for the Security of Ad Hoc and Sensor Networks g Some current research themes g g New theme 1: Cooperation: the MAC layer perpective New theme 2: Secure positioning g New theme 3: Denial of Service attacks i Key establishment i Secure routing i Provable encounters i Cooperation: the network layer perspective i Verifiable multilateration i Application to vehicle networks i Application to sensor networks 2

Key establishment techniques in ad hoc networks Presence of an authority, at least in Key establishment techniques in ad hoc networks Presence of an authority, at least in the initialization phase No authority: Keys are generated by the nodes Usually based on threshold cryptography Specialized nodes (servers) Centralized secret share dealer Secure Public Key Mgt Similarity with PGP; certificate and trust relationships Mobility helps security Underlying questions: • What is the identity of a node? • What is the relationship between the user and the node? • What does trust mean in such a framework? 3

Establishment of security associations (“Mobility helps security”, Mobihoc 2003) Alice Visual recognition, conscious establishment Establishment of security associations (“Mobility helps security”, Mobihoc 2003) Alice Visual recognition, conscious establishment of a two-way security association Name Node. Id Bob (Alice, Pu. KAlice, XYZ) Infrared link Name Node. Id (Bob, Pu. KBob , UVW) Secure side channel -Typically short distance (a few meters) - Line of sight required - Ensures integrity - Confidentiality not required 4

Pace of establishment of the security associations - Depends on several factors: - Area Pace of establishment of the security associations - Depends on several factors: - Area size - Number of communication partners: s - Number of nodes: n - Number of friends - Mobility model and its parameters (speed, pause times, …) Desired security associations : Established security associations : Convergence : 5

Simulation results, random waypoint Various power ranges (automatic establishment of security associations) 6 Simulation results, random waypoint Various power ranges (automatic establishment of security associations) 6

Key setup in sensor networks (Eschenauer and Gligor, 2002) § Probabilistic key sharing § Key setup in sensor networks (Eschenauer and Gligor, 2002) § Probabilistic key sharing § § § B A § key pre-distribution § § § shared-key discovery § upon initialization every node discovers its neighbors with which it shares keys path-key establishment (- - -) § § assigns a path-key to neighbors w/o shared key multiple disjoint paths exist between two nodes § example (A, B) Consequences § § Courtesy: Virgil Gligor generation of a large pool of P keys random drawing of k keys out of P loading of the key ring into each sensor node-to-node authentication ? key revocation scope ? Re-keying ? § resilience: effect of sensor-node capture ? 7 § network extension

Secure routing in ad hoc networks Attack Routing protocol General DSR AODV Ariadne SRP Secure routing in ad hoc networks Attack Routing protocol General DSR AODV Ariadne SRP SEAD, ARAN, SAODV SECTOR Wormhole Packet leashes Rushing attacks Blackhole … attack RAP I. T. FRESH OLSR I. T. … I. T. : Incentive Techniques (assuming nodes are rational) 8

Provable encounters (“SECTOR”, SASN 2003) - Initial distribution of keys/hash values - Encounter certification Provable encounters (“SECTOR”, SASN 2003) - Initial distribution of keys/hash values - Encounter certification comprised of the following phases: - Authentication - Distance bounding (Cf also Brands and Chaum, 1993) - Issuance of the proof of encounter a) Guaranteeing Encounter Freshness (GEF) b) Guaranteeing the Time of Encounter (GTE) - Encounter verification comprised of the following phases: - Authentication - Verification Encounter certification Encounter verification claimant certifier claimant Solution based on hash chains and on Merkle trees verifier 9

Cooperation in self-organized systems D 2 D 1 S 2 S 1 Question: how Cooperation in self-organized systems D 2 D 1 S 2 S 1 Question: how to enforce cooperation, if each node is its own authority? Solutions: • based typically on game theory, on reputation systems, on micropayments • proposed by NEC, UC Berkeley, Stanford, CMU, Cornell, U. of Washington, Yale, UCSD, Eurécom, EPFL, … • address different scenarios: pure ad hoc, multi-hop access to the backbone, … • consider the problem at the network layer (and focus primarily on packet 10 forwarding)

Cooperation between nodes (a closer look) Routing MAC Routing MAC : Medium Access Control Cooperation between nodes (a closer look) Routing MAC Routing MAC : Medium Access Control : manages the shared transmission medium (the radio link in this case) in a fully distributed way Question 1: How do we prevent greedy behaviour on the MAC layer of multi-hop wireless networks? Question 1’: How is this problem solved today in Wi. Fi hotspots? Answer: It is not solved! 11

Question 1’ : How do we prevent greedy behavior at the MAC layer in Question 1’ : How do we prevent greedy behavior at the MAC layer in Wi. Fi hotspots ? The access point is trusted Well-behaved node The MAC layer is fair: if users have similar needs, they obtain a similar share of the bandwidth 12

Question 1’ : Preventing greedy behavior at the MAC layer in Wi. Fi hotspots Question 1’ : Preventing greedy behavior at the MAC layer in Wi. Fi hotspots The access point is trusted Well-behaved node Cheater 13

IEEE 802. 11 MAC – Brief reminder • IEEE 802. 11 is the MAC IEEE 802. 11 MAC – Brief reminder • IEEE 802. 11 is the MAC protocol used in Wi. Fi • By default, it is the one used in wireless multi-hop networks 14

Greedy technique 1/4: oversized NAV 15 Greedy technique 1/4: oversized NAV 15

Greedy technique 2/4: transmit before DIFS 16 Greedy technique 2/4: transmit before DIFS 16

Greedy technique 3/4 : scramble others’ frames 17 Greedy technique 3/4 : scramble others’ frames 17

Greedy technique 4/4: pick a shorter backoff Implementation of this cheating technique: 3 lines Greedy technique 4/4: pick a shorter backoff Implementation of this cheating technique: 3 lines of code! 18

Proposed solution: DOMINO g DOMINO: System for Detection Of greedy behaviour in the MAC Proposed solution: DOMINO g DOMINO: System for Detection Of greedy behaviour in the MAC layer of Wi. Fi public Netw. Orks (Raya, Hubaux, Aad, Mobisys 2004) i. Idea: monitor the traffic and detect deviations by comparing average values of observed users i. Detection tests: statistical comparison of the observed protocol behaviour i. Features: • Full standard compliance • Needs to be implemented only at the Access Point • Simple and efficient i. The operator decides the amount of evidence required before taking action (in order e. g. to prevent false positives) g Other solution: Kyasanur + Vaidya, DSN 2003 (but not protocol compliant) 19

Detection Tests of DOMINO Cheating method Detection test Oversized NAV Comparison of the declared Detection Tests of DOMINO Cheating method Detection test Oversized NAV Comparison of the declared and actual NAV values Transmission before DIFS Comparison of the idle time after the last ACK with DIFS Frame scrambling Number of retransmissions Maximum backoff: the maximum should be close to CWmin - 1 Backoff manipulation Actual backoff Consecutive backoff 20

Simulation of cheating and detection g Cheating technique: Backoff manipulation g Traffic: i. Constant Simulation of cheating and detection g Cheating technique: Backoff manipulation g Traffic: i. Constant Bit Rate / UDP traffic Cheater i. FTP / TCP traffic g misbehavior coefficient (m): cheater chooses its backoff as (1 - m) x CWmin g Simulation environment: ns-2 21

Simulation results • Each point corresponds to 100 simulations • Confidence intervals: 95% 22 Simulation results • Each point corresponds to 100 simulations • Confidence intervals: 95% 22

Implementation of the demo prototype g Equipment i Adapters based on the Atheros AR Implementation of the demo prototype g Equipment i Adapters based on the Atheros AR 5212 chipset i MADWIFI driver g Misbehavior: backoff i Overwrite the values CWmin and CWmax (in driver) g Monitoring i The driver in MONITOR mode i prism 2 frame header 23

Conclusion on the prevention of greedy behaviour at the MAC layer g g There Conclusion on the prevention of greedy behaviour at the MAC layer g g There exist greedy techniques against hotspots Some of these techniques are straightforward We have proposed, implemented and patented a simple solution, DOMINO, to prevent them (http: //domino. epfl. ch) The same problem in self-organized wireless systems is still unsolved. Can it be solved? i. Game-theoretic study: M. Cagalj, S. Ganeriwal, I. Aad and J. -P. Hubaux "On Cheating in CSMA/CA Networks" Technical report No. IC/2004/27, July 2004 g Many problems still need to be solved in this field 24

Question 2: How to securely locate a node Being able to securely verify the Question 2: How to securely locate a node Being able to securely verify the positions of devices can enable: - Location-based access control (e. g. , prevention of the parking lot attack) - Detection of displacement of valuables - Detection of stealing - Location-based charging -… In multi-hop networks - Secure routing - Secure positioning - Secure data harvesting (sensor networks) -… 25

Attacks against sensor networks positions 26 Attacks against sensor networks positions 26

Positioning systems (and prototypes) - GPS, Galileo, Glonass (Outdoor, Radio Frequency (RF) – Time Positioning systems (and prototypes) - GPS, Galileo, Glonass (Outdoor, Radio Frequency (RF) – Time of Flight (To. F)) - Active Badge (Indoor, Infrared(IR)), Olivetti - Active Bat, Cricket (Indoor, Ultrasound(US)-based), AT&T Lab Cambridge, MIT - RADAR, Spot. ON, Nibble (Indoor/Outdoor, RF- RSS), Microsoft, Univ of Washington, UCLA+Xerox Palo Alto Lab - Ultra Wideband Precision Asset Location System, (Indoor/Outdoor, RF-(UWB)To. F), Multispectral solutions, Inc. Ad Hoc/Sensor Network positioning systems: - Convex position estimation (Centralized), UC Berkeley - Angle of Arrival based positioning (Distributed, Angle of Arrival), Rutgers - Dynamic fine-grained localization (Distributed), UCLA - GPS-less low cost outdoor localization (Distributed, Landmark-based), UCLA - GPS-free positioning (Distributed), EPFL 27

Distance measurement techniques - Based on the speed of light (RF, Ir) d. ABm=(tr-ts-tproc. Distance measurement techniques - Based on the speed of light (RF, Ir) d. ABm=(tr-ts-tproc. B)c/2 tr tr ts ts d. ABm=(tr-ts)c B A (A and B are synchronized - To. F) (A and B are NOT synchronized – Round trip To. F) - Based on the speed of sound (Ultrasound) tr(RF) ts ts A ts B tr(US) d. ABm=(tr(RF)-tr(US))s - Based on Received Signal Strength (RSS) 28

Attacks on RF and US To. F-based techniques - Dishonest device: cheat on the Attacks on RF and US To. F-based techniques - Dishonest device: cheat on the time of sending (ts) or time of reception (tr) - Malicious attacker: 2 steps: 1. Overhear and jam ts tr ts B A d. ABm=(tr-ts)c (A and B are assumed to be synchronised) M 2. Replay with a delay Δt ts ts+Δt M => d. ABm>d. AB tr+Δt B d. ABm=(tr+Δt-ts)c 29

Summary of possible attacks on distance measurement Dishonest nodes Malicious attackers RSS (Received Signal Summary of possible attacks on distance measurement Dishonest nodes Malicious attackers RSS (Received Signal Strength) Distance enlargement and reduction Ultrasound Time of Flight Distance enlargement and reduction Radio Time of Flight Distance enlargement and only reduction 30

The challenge of secure positioning - Goals: - preventing a dishonest node from cheating The challenge of secure positioning - Goals: - preventing a dishonest node from cheating about its own position - preventing a malicious attacker from spoofing the position of an honest node - Our proposal: Verifiable Multilateration 31

Distance Bounding (RF) - Introduced in 1993 by Brands and Chaum (to prevent the Distance Bounding (RF) - Introduced in 1993 by Brands and Chaum (to prevent the Mafia fraud attack) NBS ts tr A BS dreal ≤ db = (tr-ts)c/2 (db=distance bound) 32

Distance bounding characteristics - RF distance bounding: Dishonest nodes Malicious attackers - nanosecond precision Distance bounding characteristics - RF distance bounding: Dishonest nodes Malicious attackers - nanosecond precision required, 1 ns ~ 30 cm - UWB enables clock precision up to 2 ns and 1 m enlargement Distance RSS and reduction Distance enlargement and reduction positioning indoor and outdoor (up to 2 km) - US To. F US distance bounding: - millisecond precision required, 1 ms ~ 35 cm RF To. F Distance enlargement and reduction Distance enlargement only RF Distance Bounding Distance enlargement only US Distance Bounding Distance enlargement only Distance enlargement and reduction 33

Verifiable Multilateration (Trilateration) BS 3 A BS 2 (x, y) Verification triangle y BS Verifiable Multilateration (Trilateration) BS 3 A BS 2 (x, y) Verification triangle y BS 1 x Distance bounding 34

Properties of Verifiable Multilateration - a node located within the triangle cannot prove to Properties of Verifiable Multilateration - a node located within the triangle cannot prove to be at another position within the triangle except at its true position. - a node located outside the triangle formed by the verifiers cannot prove to be at any position within the triangle - a malicious attacker cannot spoof the position of a node such that it seems that the node is at a position different from its real position within the triangle - a malicious attacker cannot spoof the position of a node such that it seems that it is located at a position within the triangle, if the node is outside the triangle The same holds in 3 -D, with a triangular pyramid instead of a triangle 35

Conclusion on secure positioning g New research area Time of flight seems to be Conclusion on secure positioning g New research area Time of flight seems to be the most appropriate technique Initial solutions for: i. Hand-held / automotive devices i. Sensor networks Srdjan Capkun and Jean-Pierre Hubaux Securing position and distance verification in wireless networks Technical report EPFL/IC/2004 -43, May 2004 Srdjan Capkun and Jean-Pierre Hubaux Secure Positioning in Sensor Networks Technical report EPFL/IC/2004 -44, June 2004 (More information available at Srdjan’s home page: Sec. Lo. W) 36

Denial of service attacks TCP can be highly vulnerable to protocol-compliant attacks: • Packet Denial of service attacks TCP can be highly vulnerable to protocol-compliant attacks: • Packet reordering • Packet delaying • Packet dropping Illustration of the « Jelly. Fish » re-order attack • Isolated relay chain • Single JF • Standard 802. 11, 2 Mb/s • TCP-Sack • Simulator: ns-2 Aad, Hubaux, Knightly, Mobicom 2004 37

Conclusion g g g The security of ad hoc and sensor networks is a Conclusion g g g The security of ad hoc and sensor networks is a strategic research topic The kind of considered scenario (nature of the network authority, attacker model, capabilities of the nodes, …) can radically influence the solution to be chosen The study of security problems in the framework of selforganized wireless systems can help identifying problems of and solutions for conventional networks 38

Upcoming Events g Wi. Se 2004 : 3 rd ACM Workshop on Wireless Security, Upcoming Events g Wi. Se 2004 : 3 rd ACM Workshop on Wireless Security, Philadelphia, October 1 g VANET 2004 : 1 st ACM Workshop on Vehicular Ad Hoc Networks, Philadelphia, October 1 g SASN 2004 : ACM Workshop on Security of Ad Hoc and Sensor Networks, October 25, Washington DC g escar 2004 : 2 nd Workshop on Security in Cars, Bochum, November 10 -11 39