secure communication a view from the transport layer manet and wsn 1
TRANSCRIPT
1
Secure CommunicationA View From The Transport LayerMANET and WSN
2
Overview
•Transport Layer and Security Issues•Anonymity
▫E-mail▫WSN and MANET
•Traffic Analysis•DOS Attacks
▫flooding▫de-synchronization
•Summary•References
3
Transport Layer and Security Issues
4
Transport Layer Basics
5
Transport Layer - Security
•Securing end-to-end communication•Keys distribution and use for secure
communication•Anonymous communication•Preventing traffic analysis•Preventing DOS attacks
6
Mobile Sensor Networks - Basics•Security Constraints
▫Low Power▫Limited processing power▫Limited memory▫Limited bandwidth
7
Keys
•Base Station assigns keys▫Symmetric Key Algorithms
Saves computation resources▫Establishes trust with sensor nodes
Saves computation and power Computing and exchanging keys
▫Base station transmits the keys directly to the node Saves power
8
Anonymity E-mail
9
E-mail Anonymity
•Untraceable E-mail
•Untraceable Return Addresses
•Digital Pseudonyms
10
E-Mail Anonymity - Untraceable
•Using Public Key encryption
•Uses▫Elections▫Part of an organization, but want identity
kept secret (CIA)
11
E-Mail Anonymity - Untraceable
•Additional computer called the “Mix”•Bob wants to send Alice an untraceable
message.•Bob sends the message encrypted with
Alice’s public key, encrypted again with the Mix’s public key:▫Km(R1, Ka(R0, M), A) Ka(R0,M),A
•Mix decrypts, eliminates R1, and forwards the message to Alice.
12
E-Mail Anonymity - Untraceable
•Mix hides the correspondences between items in its input and output.▫Outputs in uniformly sized items in
lexicographically ordered batches.▫Ensures no duplicate output (would show a
pattern to an eavesdropper) make R a timestamp change Mix’s keys
13
E-Mail Anonymity - Untraceable
•Multiple Mix’s▫Cascade encryptions▫First Mix’s (M2) input:
Km2(R2,Km1(R1,Ka(R0, M),A),Am1) ▫First Mix’s output:
Km1(R1,Ka(R0, M),A)) ▫Final Result:
Ka(R0, M),A)
14
E-Mail Anonymity – Return Address
•What if Alice wants to respond to Bob? He is anonymous!
•Bob can sends his address, encrypted so that only the Mix can read, and deliver it.▫Km(R1,Ab), Kb(R0,M) Ab, R1(Kb(R0, M))
15
E-Mail Anonymity – Return Address
•Mix can verify recipient received the message▫Certified Mail Service▫Last Mix sends back to Bob:
Alice’s address Message itself Each Mix may sign the receipt
16
E-Mail Anonymity
•Preventing Traffic Analysis▫Send same number of messages per each
batch Pro - Hides number of messages sent from
Bob Con - Uses resources (power, bandwidth)
▫Send same number of messages to subsets of participants Pro - Hides number of messages Bob sends to
Alice, and minimizes dummy messages Con - Still uses resources for dummy
messages
17
E-Mail Anonymity - Pseudonyms•Digital Pseudonym:
▫A public key used to verify signatures made by the anonymous holder of the corresponding private key.
•Roster:▫List of pseudonyms kept by a trusted
authority•Uses:
▫Elections – Roster of eligible voters
18
E-mail Anonymity – Pros & Cons•Pros:
▫Ability to be anonymous▫Verified message delivery
•Cons:▫Additional hardware (mix)▫What if you want to know the addressee (threat)▫Trusted Authority
who and what determines this▫Lots of additional encryption (time and
resources)
19
Anonymity –MANET and WNS
20
Anonymity – Why
•If an attacker can ID a node, and eavesdrop on traffic, they may be able to identify actual network traffic patterns.
•Track a moving node•Identify what network a node belongs in
21
Anonymity – Cont.
Wired connections with dedicated links Wireless connections with shared media
• Wireless communication broadcast property makes it hard to see where where a node is, but makes it easier to eavesdrop. [picture - 11]
22
Anonymity – How
•We will analyze how to achieve anonymity in both:▫MANET
Mix-net▫WNS
Anonymity done through preventing traffic analysis attacks
23
Anonymity - MANET•Similar to e-mail, uses Mix’s
A Mix-Net example in MANET [2]
24
Anonymity - MANET•Encryption and decryption of messages is
the same as used with Mix’s in e-mail:•Multiple Mix’s
▫Cascade encryptions▫First Mix’s (M2) input:
Km2(R2,Km1(R1,Ka(R0, M),A),Am1) ▫First Mix’s output:
Km1(R1,Ka(R0, M),A)) ▫Final Result:
Ka(R0, M),A)
25
Anonymity - MANET•Mix Advertisement
▫Sends message “I’m here”▫Non-Mix node hears this and determine a
dominant Mix-node If it doesn’t hear an advertisement message
from it’s Mix in some interval of time, it finds another Mix.
•Mix Route Discovery and Update▫Sender node (S) sends RREQ message to
destination node (D)
26
Anonymity - MANET•Mix Route Discovery and Update
▫RREQ Phase: Sender node (S) sends RREQ message to destination node (D)
▫DREG Phase: D knows it is part of end-to-end communication, registers with it’s closest Dominator Mix
▫RUPD Phase: Mix broadcasts RUPD messages to nodes with a list of nodes registered to the Mix
27
Anonymity - MANET
Broadcasted RUPD Messages [2]
28
Anonymity - MANET•Potential security problem:
▫An attacker could hear S send a RREQ message, then hear D send a DREG message shortly after.
•Solution: S can send dummy RREQ messages to itself,
to hide the real RREQ message to D
29
Anonymity - MANET•Pros:
▫Compromised node in the middle of the route does not reveal source or destination nodes
▫Dominant Mix could hide identity of S▫Mix can also aide in preventing traffic
analysis•Cons:
▫Additional hardware: Mix’s▫Additional encryption
30
Anonymity – MANET - PPCS•PPCS – Privacy Preserving
Communication•Three mechanisms:
▫Dynamic Flow Identification▫Random Node Identification▫Resilient Packet Forwarding
31
Anonymity – MANET - PPCS•Dynamic Flow Identification
▫Two flow pseudonyms, Pdi, Psi are defined for the forward and backward flows Replaces the source and destination
addresses Source broadcasts RREQ packet containing
these pseudonyms <RREQ, Psi, Pdi, Ksd(m)>▫Intermediate nodes receive and try to
decrypt Psd “Trap door check”
32
Anonymity – MANET - PPCS•Random Node Identification
▫Dissociates a real node identifier from location information
▫RNI – random node identifiers
33
Anonymity – MANET - PPCS•Resilient Packet Forwarding
▫Multi-path random forwarding (MPRF) Provides protection against traffic analysis Helps avoid traffic congestion Intermediate nodes randomly selects the next
hop by it’s local list of possible next hop nodes.
34
Anonymity – MANET - PPCS•Potential problems:
▫Message could be followed from end-to-end Solution: Encrypt again between
intermediate nodes•Pros:
▫Node anonymity established•Cons:
▫More difficult to implement▫Each intermediate node must look at the
Psd of a RREQ message
35
Anonymity - WSN▫Base Station ID hidden
Could take out entire network▫How:
Hide which node is the base station by limiting traffic analysis
36
Anonymity - Summary
•Some situations may require node anonymity▫Ex: Election, CIA
•E-mail anonymity▫Mix
•MANET and WSN anonymity▫Mix and routing▫Traffic Analysis
37
Preventing Traffic Analysis
38
Preventing Traffic Analysis – Why
•High traffic and/or traffic patterns could indicate a base node/station▫Base Node/Station
Entire network depends on it▫Ex: Military
Determine critical nodes , chain of command Forthcoming action State change or network alertness
39
Traffic Analysis – Example
Data traffic patterns using shortest path routing [7]
40
Traffic Analysis – Two Classes
•Two classes of traffic analysis
1.) Rate Monitoring Attack– monitor packet sending rate
2.) Time Correlation Attack – deduce path by listening to nodes forward packets
41
Preventing Traffic Analysis – How
•Multiple parent routing▫Rate monitoring attacks
•Controlled random walk▫Rate monitoring attacks
•Random fake paths▫Time correlation attacks
•Multiple, random areas of high communication activity ▫Rate Monitoring Attacks
42
Multi-Parent Routing
•Reduces effectiveness of rate-monitoring attacks
•Each node has multiple parents•Randomly select one parent each time it
forwards a packet▫Any level higher is a parent or▫Record beacons as parents
•Problems:▫Does not eliminate rate-monitoring attacks▫Still subject to time-correlation attacks
43
Multi-Parent Routing
Multi-parent routing for node “u”
44
Random Walk
•Reduces rate monitoring attack effectiveness
•Forwarding packets:▫To parent with probability of p▫To neighbor with probability of (1-p)
•Problems:▫Still vulnerable to time correlation attack▫Longer route consumes more energy (more
hops to base station)
45
Random Fake Paths
•AKA Fractal Propagation•Makes time-correlation attacks less
effective•Fake packets are created and propagated
through the network▫Fake packets have a TTL parameter, K
46
Random Fake Paths Cont.
•When a node receives a fake packet, it▫decrements TTL (if zero, it drops the
packet)▫forwards the packet to a neighbor node
•If a node hears it’s neighbor transmitting a fake packet with a TTL of k :▫generates and forwards another fake
packet TTL = k-1 probability
47
Random Fake Paths Cont.
•Problems:▫Already limited power is used on fake
transmissions▫Does not completely eliminate time
correlation attacks▫Generates a large amount of traffic by base
station If transmitting real packets more frequently,
reduce the probability of sending a fake packet
48
Multiple, random areas of high communication activity
•AKA Hot Spots•Makes rate monitoring more difficult•Node keeps track of which neighbors it
sends fake messages to. •All neighbors start with the same
probability of receiving a fake message from me
•If I send a fake message to neighbor A, I increase the probability I send another fake message to it
49
Multiple, random areas of high communication activity – Cont.
•Ability to create and destroy hotspots
•Problems:▫Does not eliminate rate monitoring, but
does make an attacker waist time with a hotspot
50
Traffic Analysis - Summary
51
Traffic Analysis – Summary Cont.•Pros:
▫Only a limited time delay of real packets▫Applicable to large scale WSN’s
•Cons:▫Does not eliminate traffic analysis▫Uses already limited power
52
DOS Attacks
53
DOS Attack - Flooding
•Attacker repeatedly makes new connection requests
•Uses nodes resources•Proposed Solution:
▫puzzle▫limit connections to a node (or connection
requests)
54
DOS Attack – De-Synchronization•Attacker repeatedly forges messages to
one (or both) end points, asking for packet retransmission.
•Uses nodes resources•Proposed solution:
▫Authenticate packet headers
55
Conclusion
•E-mail anonymity is desired for some people/organization▫Can be achieved using
Mix Trusted Authority
•MANET and WSN▫Limited resources make security difficult
Let the Base Station do the work
56
Conclusion Cont.
•Preventing Traffic Analysis▫Hide which node is base station
•DOS▫Flooding▫De-synchronization Attack
•Future work
57
Questions
58
References• [1] D. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital
Pseudonyms”,• Communications of the ACM, 1981.• [2] S. Jiang, N. H. Vaidya and W. Zhao, A Mix Route Algorithm for Mix-Net in
Wireless Ad• Hoc Networks, IEEE International Conference on Mobile Ad-hoc and Sensor
Systems (MASS),• October 2004.• [3] B. R. Venkatraman and N. E. Newman-Wolfe, Transmission schedules to prevent
traffic• analysis, Ninth Annual Computer Security and Applications Conferences, 1993.• [4] B. Radosavljevic, B. Hajek, Hiding traffic flow in communication networks,
MILCOM 1992.• [5] S. Jiang, N. H. Vaidya, W. Zhao, Preventing traffic analysis in packet radio
networks,• DISCEX 2001.• [6] SPINS: Security Protocols for Sensor Networks (Perrig)• [7] J. Deng, R Han, S. Mishra; Countermeasures Against Traffic Analysis Attacks in
Wireless Sensor Networks; University of CO; 2005
59
References• [8] Sk. Md. Mizanur Rahman, Nidal Nasser, Atsue Inomata, Takeski Okamoto, M
Mambo, E Okamoto; Anonymous authentication and secure communication protocol for wireless mobile ad hoc networks; Wiley InterScience; 2008; p. 179-189
• [9] S. Tilak, N. Abu-Ghazaleh, W. Heinzelman; A Taxonomy of Wireless Micro-Sensor Network Models; Mobile COmuting and Communications Review, Vol. 6, No. 2; 2004
• [10] Y. Zhang, W. Liu, W. Lou, Y. Fang; MASK: Anonymous On-Demand Routing in Mobile Ad Hoc Networks; IEEE Transactions on Wireless Communications, Vol. 5, No. 9, 2006
• [11] Dijiang Huang; On An Information Theoretic Approach to Model Anonymous MANET Communications; ISIT 2009, Seoul, Korea; June 28-July 3, 2009
• [12] H. Choi, P. McDaniel, T. F. La Porta; Privacy Preserving Communications in MANETs; The Pennsylvania State University; 2007
• [13] S. Kaplantzis and N. Mani, ”Classification Techniques for Network Intrusion Detection”, in NCS’06 - Proceedings of the IASTED International Conference on Networks and Communications Systems, March 2006
• [14] T. Kevitha, D. Sridharan; Security Vulnerabilities In Wireless Sensor Networks: A survey; Journal of Information Assurance and Security 5, 031-044; 2010