Download - Slides Iciss
-
8/2/2019 Slides Iciss
1/88
Security Issues and Challenges inWireless Networks
Kishore Kothapalli
Bruhadeshwar Bezawada
Center for Security, Theory, and Algorithmic Research(CSTAR)
International Institute of Information Technology
Hyderabad, INDIA
-
8/2/2019 Slides Iciss
2/88
Introduction
Wireless stations, or nodes, communicate over a wireless medium
Networks operating under infrastructure mode e.g., 802.11, 802.16,
Cellular networks
Networks operating with limited or no infrastructural support e.g., ad
hoc networks in AODV mode
Security threats are imminent due to the open nature of
communication
Two main issues: authentication and privacy
Other serious issues: denial-of-service
A categorization is required to understand the issues in each
situation.
-
8/2/2019 Slides Iciss
3/88
Introduction Wireless Technologies
Different technologies have been developed fordifferent scenarios and requirements
WiFi is technology for Wireless LANs and short rangemobile access networks
WiMAX is technology for last milebroadbandconnectivity
Wireless USB is technology for Internet connectivityon the go
Other technologies like Infrared (TV remotes etc),Bluetooth (soon to be obsolete) etc are short range
Extreme bandwidth but short range technologies areGigabit wireless etc
-
8/2/2019 Slides Iciss
4/88
Introduction
Fixed Infrastructure
Base stations that are typically not resource constrained.
Examples: sensor networks, and cellular networks.
Mobility of nodes but not of base stations.
-
8/2/2019 Slides Iciss
5/88
Introduction
Ad hoc wireless networks
No infrastructural support.
Nodes also double up as routers.
Mobility of nodes.
Examples laptops/cellphones operating in ad hoc mode.
Image fromwww.microsoft.com
-
8/2/2019 Slides Iciss
6/88
Introduction
Mixed mode
In between the two modes.
Some nodes exhibit ad hoc capability.
-
8/2/2019 Slides Iciss
7/88
Introduction
To formalize study and solutions, need good models
for these networks.
Formal model to characterize the properties and
solutions
Models that are close to reality
Still allow forsolution design and analysis.
-
8/2/2019 Slides Iciss
8/88
Introduction
Solution properties
Light-weight
Have to use battery power wisely.
Other resources, such as storage, are also limited.
Local control
Many cases, only neighbours are known.
Any additional information gathering is expensive.
-
8/2/2019 Slides Iciss
9/88
Introduction
Difficulty of modeling wireless networks as opposed to
wired networks:
Transmission
Interference
Resource constraints
Mobility
Physical carrier sensing
-
8/2/2019 Slides Iciss
10/88
Outline
Introduction
Models of Wireless Networks
Various Layers and Current Solutions for each Layer
Security Issues and Threats at each Layer
Security Solutions
Open Problems
-
8/2/2019 Slides Iciss
11/88
Models of Wireless Networks
Unit disk graph model
Given a transmission radiusR, nodesu,vare connected
if d(u,v) R
u
R
v
u'
-
8/2/2019 Slides Iciss
12/88
Models of W ireless Networks
Unit disk graph model
Given a transmission radiusR, nodesu,vare connected
if d(u,v)R.
Too simple model transmission range could be of
arbitrary shape.
R
R
u
u
R
v
u'
-
8/2/2019 Slides Iciss
13/88
Packet Radio Network (PRN)
Can handle arbitrary shapes Widely used
Nodes u, v can communicate directly if they arewithin each other's transmission range, r
t.
u
v
w
v'
Models of Wireless Networks
-
8/2/2019 Slides Iciss
14/88
What is the problem?
Model for interference too simplistic
u
v
w
v'
-
8/2/2019 Slides Iciss
15/88
wcan still interfere at u
PRN model fails to address certain interference
problems in practice
v
n 2
s
t rt
rt
ri
rt
What is the problem?
u
v
w
v'
-
8/2/2019 Slides Iciss
16/88
Transmission Range, InterferenceRange Separate values for transmission
range, interference range.
Interference range constant timesbigger than transmission range.
Used in e.g., [Adler and
Scheideler '98], [Kuhn et. al., '04]
Models of Wireless Networks
urt
v
w
u'
ri
-
8/2/2019 Slides Iciss
17/88
Transmission Range, InterferenceRange Separate values for transmission
range, interference range.
Interference range constant timesbigger than transmission range.
Used in e.g., [Adler and
Scheideler '98], [Kuhn et. al., '04]
What is the problem? Extension of unit disk model to
handle interference
Models of Wireless Networks
urt
v
w
u'
ri
-
8/2/2019 Slides Iciss
18/88
Model Based on Cost Function
Gr= (V, Er), set of nodes V, Euclidean distanced(u, v)
cis a cost function on nodes symmetric:c(u,v) =c(v,u)
[0,1),depends on the environment
c(u,v) [(1 )d(u, v), (1 + ) d(u, v)]
w
u
va
b
Edge (u,v) Er
if and only if
c(u,v)r
-
8/2/2019 Slides Iciss
19/88
Transmission and Interference Range
Transmission range rt(P), Interference range, r
i(P)
If c(v,w)
ri(P), nodev can cause interference at nodew. If c(v,w)r
t(P)then vis guaranteed to receive the message fromw
provided no other nodev'withc(v, v')ri(P)also transmits at the
same time.
w
rt(P)
v'
ri(P)
u
v c(v,w) rt(P)
c(v, v') ri(P)
-
8/2/2019 Slides Iciss
20/88
Carrier Sensing
Virtual carrier sensing using RTS/CTS.
Physical Carrier Sensing Provided by Clear Channel Assessment (CCA) circuit.
Monitor the medium as a function of Received SignalStrength Indicator (RSSI)
Energy Detection (ED) bit set to 1 if RSSI exceeds acertain threshold
Has a register to set the threshold in dB
-
8/2/2019 Slides Iciss
21/88
Physical Carrier Sensing
Carrier sense transmission (CST) range, rst(T,P)
Carrier sense interference (CSI) range, rsi(T,P)
Beyond the CSI range, sensing is not possible.
Both the ranges grow monotonically in Tand P.
w
v
rst(T,P)v'
v''
rsi(T,P)
c(w,v) rst(T, P)
c(w, v') rsi
(T,P)
c(w, v'') rsi(T,P)
-
8/2/2019 Slides Iciss
22/88
Outline
Introduction
Models of Wireless Networks
Various Layers and Current Solutions at each layer Security Issues and Threats at each Layer
Security Solutions
Open Problems
-
8/2/2019 Slides Iciss
23/88
Various Layers of Interest Physical Layer
Physical Layer
802.11 standard supports several data rates between
11 Mbps and 54 Mbps
802.16 support multiple data rates from 2Mbps to 300
Mbps
Several modulation schemes in use and support
different conditions and data rates
AM, FM, PSK, BPSK, QPSK, FDM, OFDM, OFDMA, ...
-
8/2/2019 Slides Iciss
24/88
-
8/2/2019 Slides Iciss
25/88
Various Layers of Interest MAC Layer
MAC Layer
Medium access control is an important requirement.
Collision detection (CSMA/CD) not possible unlike wired
networks.
Hence using Collision avoidance (CSMA/CA)
Functions of MAC
Scanning, Authentication, Association, WEP, RTS/CTS,
Power Save options, Fragmentation
-
8/2/2019 Slides Iciss
26/88
Various Layers of Interest MAC Layer
802.11 MAC
Use Physical Carrier Sensing to sense for a free
medium. Explicit ACKs to indicate reception of packet.
Results in the problem of hidden node.
Use Virtual Carrier Sensing using RTS/CTS.
DATADATA
-
8/2/2019 Slides Iciss
27/88
Various Layers of Interest MAC Layer
Virtual Carrier Sensing cannot solve the exposed nodeproblem.
A and D cannot succeed simultaneously.
DATADATA
A
BC
D
-
8/2/2019 Slides Iciss
28/88
Other MAC Techniques
Cell phone networks
Node to base station and vice-versa.
Fixed frequency for communication pair (FDD).
Separate frequencies for each pair.
Different technologies Analog/CDMA/GSM support
different number of simultaneous communications per
band.
802.16 has a Receive/Grant model which is basicallyTDD (Time-Division Duplexing)
More efficient than FDD.
-
8/2/2019 Slides Iciss
29/88
MAC Layer
More recent solutions address issues such as,
especially with respect to ad hoc networks
self-stabilization
Dynamism
Efficiency
Fairness
-
8/2/2019 Slides Iciss
30/88
Various Layers Network Layer
Route packets in the network.
Routing in infrastructure based networks is similar to
IP routing
All the base stations have a wired IP interface which isused by the routers/switches to forward data
Issues like handoffs are handled through techniques
like Mobile IP or Cellular Handoffs or Soft-handoffs asdone in Mobile WiMAX
Now, for network without infrastructure the problem is
difficult as the routes are transient
-
8/2/2019 Slides Iciss
31/88
Various Layers Network Layer
Ad hoc networks
No easy solutions but different proposals exist.
Two kinds: proactive and reactive
Proactive: Maintain lot of state, proactive updates.
Example: DSDV, DSR
Reactive: Minimal state, react to changes.
Example: AODV
-
8/2/2019 Slides Iciss
32/88
Other Important Layers
Transport layer
This is important layer especially since the wireless
medium suffers from high bit-error rate and collisions.
To offset this wireless technologies rely less on TCPs
reliability mechanism
This is mostly handled at physical layer through
techniques like FEC and other error correcting codes
Application Layer
Notion of an application layer protocol
Email/Web/Games/SMS/MMS
-
8/2/2019 Slides Iciss
33/88
Outline
Introduction
Models of Wireless Networks
Various Layers and Current Solutions for each Layer
Security Issues and Threats at each Layer
Security Solutions
Open Problems
-
8/2/2019 Slides Iciss
34/88
Threats in Present Solutions MAC Layer
Denial of Service
Can hog the medium by sending noise continuously.
Can be done without draining the power of theadversary.
Depends on physical carrier sensing threshold.
z
A
-
8/2/2019 Slides Iciss
35/88
Threats in Present Solutions MAC Layer
802.11 standard uses Access Control Lists for
admission control.
If MAC address not in the list, then the node is denied
access.
But easy to spoof MAC addresses.
00:1A:A0:FD:FF:2E
00:0C:76:7F:DF:49
00:13:D3:07:2F:A8
00:2F:B8:77:EA:B5
-
8/2/2019 Slides Iciss
36/88
Threats in Present Solutions Network Layer
Ad hoc networks
Network layer
Denial-of-service attacks
Broadcast nature of communication
Packet dropping
Route discovery failure in ad hoc network
Packet rerouting
-
8/2/2019 Slides Iciss
37/88
Threats in Present Solutions Network Layer
Denial-of-service
Easy to mount in wireless network protocols.
One strategically adversary can generally disable adense part of the network.
z
A
Nodes Disrupting Routes
SourceSource
Destination
Th i P S l i N k L
-
8/2/2019 Slides Iciss
38/88
Can simply engage in conversation and drain batterypower of other nodes power exhaustion attack
Send lot of RREQ messages but never use the routes.
z
A
RREQ(a)
RREQ(b)
RREQ(c)
.
Threats in Present Solutions Network Layer
Th i P S l i N k L
-
8/2/2019 Slides Iciss
39/88
Threats in Present Solutions Network Layer
Broadcast nature of communication
Each message can be received by all nodes in the
transmission range
Packet sniffing is a lot easier than in wired networks.
Poses a data privacy issue
s
tA
Th t i P t S l ti N t k L
-
8/2/2019 Slides Iciss
40/88
Threats in Present Solutions Network Layer
Route discovery in ad hoc networks
AODV discovers route by RREQ/RREP.
Few adversarial nodes can fail route discovery.
Difficult to detect route discovery failures.
Also vulnerable to RREP replays.
RREQ
RREQ
Th t i P t S l ti N t k L
-
8/2/2019 Slides Iciss
41/88
Threats in Present Solutions Network Layer
Packet dropping
Wired networks can monitor packet drops reasonably
Such mechanisms are resource intensive for wirelessnetworks
AODV has timeouts but no theoretical solutions
Difficult to distinguish packet drops, say RREQs, fromnon-existence of route itself
Nodes some times behave selfishly to preserveresources
Th t i P t S l ti N t k L
-
8/2/2019 Slides Iciss
42/88
Threats in Present Solutions Network Layer
Packet rerouting also known as data plane attacks.
Attacker reveals paths but does not forward data along
these paths.
Control plane measures do not suffice.
Difficult to trace in wired networks also [Gouda, 2007].
s
t
Threats in Present Solutions Network Layer
-
8/2/2019 Slides Iciss
43/88
Application Layer
Easy to infect mobile devices.
Rerouting content through the base station poses
privacy issues.
Bluetooth networks and ad hoc networks do not have a
base station facility.
Contrast with wired networks with firewalls, filters,sandboxes.
Threats in Present Solutions Network Layer
Outline
-
8/2/2019 Slides Iciss
44/88
Outline
Introduction
Models of Wireless Networks
Various Layers and Current Solutions for each Layer
Security Issues and Threats at each Layer
Security Solutions
Open Problems
Security Solutions
-
8/2/2019 Slides Iciss
45/88
Security Solutions
Requirements
Need solutions that do not add any perceivable burden
Cryptography can help
Public key solutions
Public key operations about 1000 times slow compared to symmetric key
operations.
Cost of SHA-1 = 2 microseconds
Cost of RSA signature verification = order of millisec
Symmetric key solutions for privacy and authentication
Issue: How to distribute and manage keys?
Security Solutions for 802 11 Networks
-
8/2/2019 Slides Iciss
46/88
Security Solutions for 802.11 Networks
Previous WEP (Wired Equivalent Privacy) based onRC4 is prone to attacks
Privacy is not guaranteed as the key streams could beeasily recovered
Weaknesses in RC4 are well documented
Authentication is weak as well due to weak encryptiontechnique
Challenge-response using pre-shared keys is prone toattacks if encryption is weak
Previous WEP Solution using RC4
-
8/2/2019 Slides Iciss
47/88
Previous WEP Solution using RC4
RC4 is a Vernam Cipher meaning primary operations are XOR with pseudo-random bytes
Per-packet encryption key is 24-bit IV concatenated to a pre-shared key
Integrity Check Vector (ICV) is CRC-32 over plain-text (used as Message Authentication Code)
Data and ICV are encrypted using per-packet encryption key
Problem RC4 is weak (as the IV is reused) and can allow an attacker to get the key stream used
The ICV can enable one to check the validity of the key stream recovered
802.11 Hdr Data
802.11 Hdr DataIV ICV
Encapsulate Decapsulate
WEP Authentication Model
-
8/2/2019 Slides Iciss
48/88
WEP Authentication Model
WEP Authentication Based on RC4
Authentication key is distributed out-of-band
Access Point generates a randomly generated challenge
Station encrypts challenge using pre-shared secret
Problem: Challenge-responses of valid users can be recorded and key stream canbe recovered due to RC4 working
Attacker can use the keys to encrypt any future challenges
Challenge (Nonce)
Response (Nonce RC4 encrypted under shared key)
Wireless
Node
AP
Shared secret distributed out of band
Decrypted nonce OK?
Security Solution for 802.11 Networks:
-
8/2/2019 Slides Iciss
49/88
802.11i Model
Solution Requirements Mutual authentication
Scalable key management for large networks
Central authorization and accounting
Support for extended authentication like smart cards
Key Management Issues
Need to dynamically manage keys to avoid manualreconfiguration difficulties especially for large networks
Current Standard: 802 11i or WPA2
-
8/2/2019 Slides Iciss
50/88
Current Standard: 802.11i or WPA2
802.1X for Authentication Based on EAP (ExtensibleAuthentication Protocol)
Port based authentication
Access denied if port authentication fails
CCMP (Counter Mode CBC-MAC Protocol) using AESfor confidentiality, integrity and origin authentication
Dynamic Key Management
802 1X Authentication
-
8/2/2019 Slides Iciss
51/88
802.1X Authentication
802 1X Authentication
-
8/2/2019 Slides Iciss
52/88
802.1X Authentication
802 1X Key Management
-
8/2/2019 Slides Iciss
53/88
802.1X Key Management
LEAP use dynamically generated WEP keys to secure authentication data EAP-TLS Station and Access Point use public-key certificates through a
TLS tunnel
Session key can be exchanged
Mutual-authentication as both parties have digital certificates
EAP-TTLS and PEAP Only server-side certificate is needed
Simplifies implementation where certificate management is difficult
EAP-GSS where the authenticator is required to be in contact with a KDC
Key Derivation in 802.11i
-
8/2/2019 Slides Iciss
54/88
Key Derivation in 802.11i
Key Derivation in 802.11i
-
8/2/2019 Slides Iciss
55/88
Key Derivation in 802.11i
At the end of EAPOL: Station and Server share a Master Key: MK (E.g., Using EAP-TLS)
Both the Station and the AP derive a new key, called the Pairwise Master Key (PMK),from the Master Key.
Radius Server moves PMK to AP
A 4way handshake between the station and the AP to derive, bind, and verify a Pairwise Transient Key (PTK).
Key Confirmation Key (KCK), as the name implies, is used to prove the posession ofthe PMK
Key Encryption Key (KEK) is used to distributed the Group Transient Key (GTK)
Temporal Key 1 & 2 (TK1/TK2) are used for encryption.
The KEK is used to send the Group Transient Key (GTK) from AP to the station
The GTK is a shared key among all stations connected to the same authenticator(AP), to secure multicast/broadcast traffic
802.16 Authentication
-
8/2/2019 Slides Iciss
56/88
80 6 ut e t cat o
Security Solutions for 802.16 Networks
-
8/2/2019 Slides Iciss
57/88
y
802.16 or popularly WiMAX use X.509 certificates for authentication
Subscriber Station authentication using X.509 certificate
Establish security association (SAID)
Authentication Key (AK) exchange
AK is encrypted using public key of SS
Authentication is completed when both SS and BS verify possession AK
AK is used to exchange the TEK (Traffic encryption key)
Base station generates TEK randomly and encrypts using KEKgenerated from AK
802.16 uses AES in CCM mode for privacy
Mutual authentication is possible through EAP-TLS etc (802.16e)
Security in Ad Hoc Mode
-
8/2/2019 Slides Iciss
58/88
y
Ad hoc networks cannot use RADIUS type authentication
Problem: if RADIUS type authentication is used, every station will need tostore every other stations credentials
Moreover, authentication will have to be using EAP-TLS which iscomputationally intensive
Problem: mutual authentication is trouble some
Other Security Requirements
Cryptographic mechanisms for confidentiality
Key establishment for confidentiality
Public-key management to prevent replacement of keys
Symmetric key management to protect from compromise
Denial-of-service resistance in contention mechanisms at MAC layer
Security in Ad Hoc Networks
-
8/2/2019 Slides Iciss
59/88
y
Security Mechanisms
Pro-active : Prevents an attacker from launching an attack say byusing cryptographic mechanisms
Requirement is establishment of necessary cryptographic material
E.g., Routing Attacks
Reactive : Relies on detection and mitigation of attacks
Benign behaviour is defined and behaviour analysis is done to detectmalicious behaviour
E.g., Packet Forwarding attacks
Key Management in Ad Hoc Networks- An
O i
-
8/2/2019 Slides Iciss
60/88
Overview
Key management Manage a set of secure communicationchannels so that
Use as few keys as possible
Avoid centralized infrastructure during sessions
Minimal cryptographic/message overhead
Ensure reasonable security
Two scenarios
Broadcast security Peer-to-peer security
Security Solutions Broadcast Security
-
8/2/2019 Slides Iciss
61/88
y y
Base station and a set of nodes.
Base station sends updates to all the nodes using broadcast.
N = number of satellite nodes
Authentication and privacy is required
Trivial Solution
-
8/2/2019 Slides Iciss
62/88
Each node shares a key with the base station.
Storage is O(N) for sender and does not scale well
Authentication is expensive especially if messages need to bebroadcast
K6
K8
K1
K7
K4
K2
K5
K3
K1, K2, K3, K4,
K5, K6, K7, K8
Broadcast Security
-
8/2/2019 Slides Iciss
63/88
y
Maintain a set O(log N)
Each satellite node gets a subset of log n keys of S. Privacy: use XOR of keys to communicate with the user
Authentication: sender adds MAC using all its keys
Each node verifies signatures that can be generated using its subset ofkeys
K1, K2, K3,
K4, K5
MACK1(M) MACK2(M) MACK5(M)MACK4(M)MACK3(M)Message
K1, K3, K5
K1, K2, K4
K1, K3, K4
K2, K5, K4
K1, K2, K5
K1, K2, K3
K1, K5, K4
K2, K5, K3
Broadcast Security
-
8/2/2019 Slides Iciss
64/88
y
Collusion is an issue
A larger pool of keys can be selected
For N users O(log N) keys can give good results
Scales well as the sender only needs to give a new subset of keys to a new user
K1, K3, K5
K1, K2, K4
K1, K3, K4
K2, K5, K4
K1, K2, K5
K1, K2, K3
K1, K5, K4
K2, K5, K3
K1, K2, K3
K4, K5, K6,
K7, K8
Security Solutions
-
8/2/2019 Slides Iciss
65/88
Privacy in a Peer-to-peer situation
Public-key cryptography can be of use but expensive
Key distribution is a major hurdle given that communicating parties are
not known in advance
Anyone can communicate with any one
Trivial Solution: one unique key per pair of users work
Expensive
Not scalable if new user gets added
Revocation is little more tricky
Scalable approach : key pre-distribution
Point-to-Point Security
-
8/2/2019 Slides Iciss
66/88
Point-to-Point security
Need a key for every pair of nodes in an n node network.
Trivial solution requires storing n 1 keys at every node.
Not scalable on the space usage.
AB
CD
KAB
KAD
KAC
KBC
KCD
KBD
KCDC-DKBDB-D
KBCB-C
KADA-D
KACA-C
KABA-B
Point-to-Point Security
-
8/2/2019 Slides Iciss
67/88
Random Key Pre-distribution
A B
CD
Pool of KeysK1, K2, K3, K4, K5, K6,
K7, K8, K9, K10, K11,K12, K13, K14, K15
K1, K2, K5, K6 K3, K9, K5, K11
K12, K11, K13, K15K1, K15, K9, K13
K5
K11
K1+K15+K13
K1
E
F
G
K1, K5, K9, K13G
K3, K5, K7, K9, K15F
K10, K4, K5, K8, K7E
K1, K15, K9, K13DK12, K11, K13, K15C
K3, K9, K5, K11B
K1, K2, K5, K6A
Point-to-Point Security
-
8/2/2019 Slides Iciss
68/88
Issues in Random Key Pre-Distribution
May need Intermediaries for key establishment
Storage is High
Experimental: 250 keys out of 10,000 keys may be necessary An active adversary is dangerous
Collusion effect is unknown due to the randomness of keydistribution
Might require privacy mechanisms to hide key sharing patterns
Revocation issues exist
Probabilistic arguments for size of key storage and connectivitypossible
Practice proves otherwise, especially for sparse graphs
Some SolutionsKey Establishment
-
8/2/2019 Slides Iciss
69/88
Multi-path Key Establishment
A B
CD
Pool of KeysK1, K2, K3, K4, K5, K6,
K7, K8, K9, K10, K11,K12, K13, K14, K15
K1, K2, K5, K6 K3, K9, K5, K11
K12, K11, K13, K15K1, K15, K9, K13
K5
K11
K1+K15+K13
K1
E
F
G
K1, K5, K9, K13G
K3, K5, K7, K9, K15F
K10, K4, K5, K8, K7E
K1, K15, K9, K13DK12, K11, K13, K15C
K3, K9, K5, K11B
K1, K2, K5, K6A
Some Solutions Key EstablishmentSome SolutionsKey Establishment
-
8/2/2019 Slides Iciss
70/88
Some SolutionsKey Establishment
Deterministic Solution Square Grid [Ref. 4]
[0,0] [0,1] [0,2] [0,3]
[1,0] [1,1] [1,2] [1,3]
[2,0]
[3,0]
[2,1] [2,2] [2,3]
[3,1] [3,2] [3,3]
User Placement
y
Some Solutions Key Establishment
Some SolutionsKey Establishment
-
8/2/2019 Slides Iciss
71/88
Some SolutionsKey Establishment
Deterministic Solution Square Grid
[0,0] [0,1] [0,2] [0,3]
[1,0] [1,2]
[2,0]
[3,0]
[2,2]
[3,2]
Kg(0,0)
Kg(2,2)
[2,3][2,1]
Grid Secrets
y
Some Solutions Key EstablishmentSome SolutionsKey Establishment
-
8/2/2019 Slides Iciss
72/88
Some Solutions Key Establishment
Deterministic Solution Square Grid
[0,0]
[0,1] [0,2] [0,3]
[1,0]
[2,0]
[3,0]
Direct Secrets
y
Some Solutions Key EstablishmentSome SolutionsKey Establishment
-
8/2/2019 Slides Iciss
73/88
Some Solutions Key Establishment
Deterministic Solution Square Grid
[0,0] [0,1] [0,2] [0,3]
[1,0] [1,2]
[2,0]
[3,0]
[2,2]
[3,2]
[2,3][2,1]
Communication
Along SameRow/Column
y
Some Solutions Key EstablishmentSome SolutionsKey Establishment
-
8/2/2019 Slides Iciss
74/88
Some Solutions Key Establishment
Deterministic Solution Square Grid
[0,0] [0,1] [0,2] [0,3]
[1,0] [1,2]
[2,0]
[3,0]
[2,2]
[3,2]
Kg(0,2)
Kg(2,0)[2,3][2,1]
CommunicationAmong Users ofDifferentRows/Columns
Some Solutions Key EstablishmentSome SolutionsKey Establishment
-
8/2/2019 Slides Iciss
75/88
Some Solutions Key Establishment
Square Grid Features and Issues
Mobility has no effect on key establishment always guaranteed bydesign
Failure tolerant failure of links hardly matters
Storage is high, but comparable to random KPS
Collusion resistance is slightly weak
Two users are sufficient to compromise session key
Scalability is weak as the grid size is fixed before hand
Optimizations possible, by choosing higher grid size and allowing forsome additional users
Security Solutions
-
8/2/2019 Slides Iciss
76/88
Can reduce storage further by considering a k dimensional grid
User belongs to multiple grids with lower dimension: n1/k
number of keys stored per node decreases to kn1/k.
At k = log n, this reduces to log n.
But collusion resistance decreases with increasing k
Best case storage is around: 12log2n
Lower values are possible but multiplication constant is higher
Security Solutions-Hierarchical Solution
-
8/2/2019 Slides Iciss
77/88
B D
A C
Stands for any P2P keydistribution
E.g. (A,C) could be
given a unique sharedkey
Better key distributionsare possible
Security Solutions-Hierarchical Solution forReducing Storage
-
8/2/2019 Slides Iciss
78/88
AB
CD
EF
GH
Nodes Treated
as Single Entity
E.g. (A,B) and (C,D) could share a common key
If B, needs to communicate with C, this key can be used
Collusion resistance is an issue
Outline
-
8/2/2019 Slides Iciss
79/88
Introduction
Models of Wireless Networks
Various Layers and Current Solutions for each Layer
Security Issues and Threats at each Layer
Security Solutions
Open Problems
Open Problems
-
8/2/2019 Slides Iciss
80/88
Problem 1: Secure Admission Control
For fixed infrastructure networks, how to decide admitting a new node
into the network?
EAP-TLS, EAP-TTLS are expensive in terms of computation and do not
work well in ad hoc mode
Access points should be able to handle more decisions to enable easy
roaming
Need for a scalable but practical solution for admission control especially for
roaming accessibility If key management is used dynamics and storage become issues
Open Problems
-
8/2/2019 Slides Iciss
81/88
Problem 2 : Application Layer Security for fixed infrastructure networks
Equivalent notions of wired networks.
Require Light-weight sand boxing mechanisms
Privacy-preserving light-weight content filtering techniques
Existing solutions: J2ME KVM, DownloadFun, QualComm
BREW
Open Problems
-
8/2/2019 Slides Iciss
82/88
Problem 3: Real-time Cell Communication Security
Key management solutions may not work due to real-
time voice data
Hacking/tapping cell phones is possible depending on
the encoding scheme used
Open Problems 4
-
8/2/2019 Slides Iciss
83/88
Certificate mechanisms for nodes
Certificates in wired networks are
well understood.
Users typically have better user
interfaces e.g., PC Monitor, allowing
them to examine things likecertificates
Certificate verification/validation istolerable on desktops and evenlaptops.
Open Problem 4
-
8/2/2019 Slides Iciss
84/88
Problem: Not the same for mobile users say, cell phones
Integrating such features into a cell-phone is difficult
Expensive to verify certificates due long certification path.
Solution more difficult for devices with no display or limited display or
regular monitoring of the device, such as sensors.
Need a different way of handling certificates.
Conclusions
-
8/2/2019 Slides Iciss
85/88
Situations are more complex in wireless networks, even withinfrastructural support.
Threats exist at various layers of operation.
Present solutions to address these threats are not scalable or
not strong enough. Simple key management solutions can help.
But not always.
Still, lots of interesting and open issues to be solved.
-
8/2/2019 Slides Iciss
86/88
Thank You!
References
Jean PierreHubaux Levente ButtyanandSrdanCapkun The Quest for
-
8/2/2019 Slides Iciss
87/88
Jean-Pierre Hubaux, Levente, Buttyan and Srdan Capkun The Quest forSecurity in Mobile Ad Hoc Networks, ACM MobiHOC 2001
Laurent Eschenauer and Virgil D. Gligor A Key Management Scheme forDistributed Sensor Networks ACM CCS 2002
Haowen Chan, Adrian Perrig and Dawn Song Random Key PredistributionSchemes for Sensor Networks IEEE Symposium on Security and Privacy 2003
S.S.Kulkarni, M.G.Gouda and A.Arora Secret Instantiation in Ad Hoc Networks Special Issue of Elsevier Journal of Computer Communication on Dependable
Wireless Sensor Networks, 2006
Amitanand S. Aiyer, Lorenzo Alvisi, Mohamed G. Gouda Key Grids: A ProtocolFamily for Assigning Symmetric Keys IEEE International Conference on Network Protocols, 2006
B.Bruhadeshwar and Sandeep Kulkarni An Optimal Symmetric Secret Distribution for Secure Communication Michigan State University Technical Report 2008
MSU-TR-08-196
References
-
8/2/2019 Slides Iciss
88/88
Bezawada Bruhadeshwar, Kishore Kothapalli: A Family of Collusion Resistant Symmetric
Key Protocols for Authentication. ICDCN 2008: 387-392 Kishore Kothapalli, Christian Scheideler, Melih Onus, Andra W. Richa: Constant density
spanners for wireless ad-hoc networks. SPAA 2005: 116-125
Edmund L. Wong, Praveen Balasubramanian, Lorenzo Alvisi, Mohamed G. Gouda, VitalyShmatikov: Truth in advertising: lightweight verification of route integrity. PODC 2007:147-156
Ran Canetti, Adrian Perrig, Dawn Song and Doug Tygar The TESLA Broadcast
Authenitcation Protocol RSA Cryptobytes 2002
Chalermek Intanagonwiwat, Ramesh Govindan, Deborah Estrin, John S. Heidemann, FabioSilva: Directed diffusion for wireless sensor networking. IEEE/ACM Trans. Netw. 11(1): 2-16 (2003)
Arshad Jhumka, Sandeep S. Kulkarni: On the Design of Mobility-Tolerant TDMA-BasedMedia Access Control (MAC) Protocol for Mobile Sensor Networks. ICDCIT 2007:
General: Wikipedia, WiFi Forum, WiMAX Forum, IETF Website