topic 7: lightweight security primitives for manet & wsn power conscious security measures...

1

Topic 7: Lightweight Security Primitives for MANET & WSN

Power conscious security measures

EE4723

2

Security Requirements

• Introduction to MANET/WSN Security• MANET Assumptions• Problem Statement• Secure MANET design philosophy• Use of hashes in MANET security• Symmetric Key Encryption in MANET• Active security measures• Specific Power-Aware Approaches• Summary

3

Introduction to MANET/WSN security

• World is growing increasingly ‘digital’

• 1980’s:– Computers in cars

• 1990’s:– Computers in door locks, watches, cellphones, etc

• 2000’s:– Computers everywhere! – Must tweet, facebook, communicate with other devices

4

Introduction to MANET/WSN security

• Welcome to 2010– Not just facebook– Banking, auto insurance apps on iPhone– Miniature UAVs, ground combat robots in military use

• Some mounted with weapons!

• Mobile network/internet devices are the new way to do business– Not just toys anymore– They keep getting smaller!

5

MANET Assumptions

Some assumptions throughout this presentation• Key exchange/distribution has already been

taken care of– Eschenauer/Gligor (or other probabilistic

approach) a likely candidate

• Operation in a hostile environment– This has not been assumed in the past, hence the

problems with many in-place network schemes

6

MANET Assumptions• Vulnerabilities exist at every layer in MANET

Goals for an all-encompassing secure MANET protocolSource: Security in Mobile Ad Hoc Networks: Challenges and Solutions [3]

• Currently, no single mechanism eliminates the security issues in every layer

• An all-encompassing protocol will include both active and passive protection

7

Problem Statement

The Challenge:• How do we reasonably secure

communications?

• On a device with limited– CPU/RAM resources– Battery power

• Continuously changing network conditions

8

Problem Statement

• Require the standard 4 security provisions

• Security evaluation criteria for proposed solutions:– Authentication– Privacy– Integrity– Freshness

9

Secure MANET design philosophy

Typical devices involved in MANET/WSNs:• Mote (WSN data collection)– 8-bit CPU, 4 Mhz, 4 KB RAM– 128 KB program memory– Powered by 2 AA batteries

• Ranging to more powerful MIPS R4400 or similar

10


• Public key encryption – out of the question!

• Symmetric key encryption is possible

• Hash-based security functions are preferred

11


Computation Time and Energy Consumption for 128-bit MultiplySource: Constraints and Approaches for Distributed Network Security [4]

• This is a basic operation required for public key cryptography

• Thousands or millions of these operations for encrypt/decrypt/verify

12


AES(Symmetric) and SHA-1 Computational Energy Consumption EstimatesSource: Constraints and Approaches for Distributed Network Security [4]

• Symmetric key encryption is ideal, when encryption is required

• Hash functions still preferred– 20% power savings with MIPS R4000– 60% power savings with DragonBall

13

Use of hashes in MANET security

Hash Message Authentication Codes (HMAC)

• Two nodes communicating and sharing a private key can use a one-way hash algorithm to verify sender

• This is ok between 2 parties– HMAC can only be verified by the intended receiver

• Unless all keys shared across network, not reasonable

– Not ideal for authenticating broadcast messages

• HMACs can be chained to verify a message path– Used in TESLA and Ariadne

14


Pitfalls of message hashing

• For hash chaining, clock synchronization of some kind will be required– Significant infrastructure to do this may be required

• TESLA and SEAD send hashes and then send the key– Entire message must be buffered and then wait on

key distribution before message can be verified– Can introduce large routing delays

15


Hashing summary

• Hashing is useful for verifying identity of a sender• Not impervious to replay attacks• Fast, but cannot be used to encrypt data

• For Data encryption, we need to look at lightweight symmetric key encryption– Let’s examine MANET requirements again

16

Symmetric Key Encryption in MANET

More design pitfalls of MANET devices:

• Depending on application, RF data transmission will be the other primary drain on battery

• Require our algorithm to have low CPU and data overhead– Size of plaintext = size of ciphertext

17


• Stream cipher is an obvious choice for to keep data overhead low

• Block mode encryption is not effective for cleartext < block size– Stream ciphers do not suffer this downfall

• Can maintain fairly high security while keeping processing and bit overhead quite low– XOR/Bitwise add operations cheap to implement

18


• Stream ciphers have been chosen for a number of proposed and actual wireless network implementations

• IEEE 802.11 WEP uses RC4 stream cipher• SPINS (based on TESLA/SNEP) uses RC5 block cipher using counter mode

Cipher operating in Output Feedback ModeSource: Secret Key Cryptography [1]

19


The catch:

• Care must be taken in design to avoid keystream reuse– WEP prefixes each packet with a pre-encryption

IV, but IV space is too small– WEP is susceptible to a number of attacks because

of this• SPINS gets around this by having each party

maintain IV separately

20


• SPINS’ approach causes new problems and special considerations– Lossy wireless links can cause IV to become

unsynchronized– Network is not protected from replay attacks

without additional measures

21


Symmetric Encryption Summary

• With proper design and advanced techniques, symmetric-key encryption can provide adequate security measures for today’s networks.

22

Active security measures

Active security measures in MANET

• What can be done?

23


Active security measures in MANET

• Operation on battery power/minimum processing power makes active security measure implementation that much more difficult

• At the same time, limited operating power gives us a need for active security measures– Deep packet inspection essentially impossible

24


• In any MANET network, malicious nodes can simply DoS another node with packets it has to respond to

• This is especially effective/detrimental if the MANET implements some kind of security signature– Hacker can spam the network with bogus and bad

digests– Good nodes spend processing power to verify,

only to find that the message is a fraud

25

Active security measures: OpenLIDS

Enter OpenLIDS (Lightweight Intrusion Detection System)

• A mechanism for detecting hosts that are abusing the network

• Works on the basis of anomaly detection• Lightweight enough to run on medium-power

nodes• Able to keep up with high data throughput• Aims to specifically detect port scanning and

DoS attacks

26


Utilizes failed connection attempt analysis• Initially perform very broad packet monitoring• Increase cost and depth of analysis as

suspicion rises

27


3 States• DST_NONE• DST_HOST• DST_PORT

OpenLIDS State Machine Diagram: Failed connection attemptsSource: OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks [8]

28

• DST_NONE – >50 failed attempts per minute– Host is flagged as suspicious

• DST_HOST– Nodes now begin to track destination IP of failing

requests– >400 at a single host?

• Targeted DoS attacker

– >100 distinct destination hosts?• DST_PORT– >100 failed attempts, same port, different hosts?

• Attacker determined to be port scanning

OpenLIDS State Machine Diagram: Failed connection attemptsSource: OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks [8]


29

• After host is located– Specific actions are not defined by the protocol– Can be customized per implementation

• How effective is it?


OpenLIDS Time to detect Conficker wormSource: OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks [8]

30

Summary• OpenLIDS is fairly minimal– Linux implementation program size 85 KiB– Occupies 836 KiB RAM when started– Grows to 4,128 KiB RAM tracking 1000 hosts

• OpenLIDS is suitable for medium to high powered MANET devices– Mote type devices are not powerful enough


31

Specific Power-Aware Approaches

Approaches we’ll talk about:

• DVS (Dynamic Voltage Scaling)• MDR (Minimum Drain Rate)

32

Specific Power-Aware Approaches: DVS

What is Dynamic Voltage Scaling?

• The idea behind DVS is to take advantage of the of speed-scaling processors in a way to save energy

• Many processors are capable of running at different voltages– MIPS R4000– Pretty much any ARM chip

33


• When running at lower voltage:– Processor runs slower– Works more efficiently

• Running at a lower voltage is not good all the time– Some processors will be pathetically slow when

scaled back– For data in a MANET that is time critical, deadlines

can be missed– Energy is not only lost in the processor

34


• To implement DVS w/o missing deadlines, we need to add another layer to the protocol

• This DVS Layer sits outside of the encrypted payload– Tells the receiver (or middle node in link-to-link

encryption) various bits of information about the packet

35


• Message_info provides the decrypting node with the information it needs to select the proper voltage

• Info should be encrypted or at least signed if the hardware allows– Tamper proof

• Decrypted/verified at full speed

First packet of DVS enabled messageSource: Design Space Exploration for Energy-Efficient Secure Sensor Network [5]

36


Message_info includes:• Size of message• Origin time and latency requirement• Estimated computation load of message.• Message destination

First packet of DVS enabled messageSource: Design Space Exploration for Energy-Efficient Secure Sensor Network [5]

37


So how much energy can be saved?

MIPS R4000 Energy usage at different supply voltagesSource: Design Space Exploration for Energy-Efficient Secure Sensor Network [5]

38


DVS Simulation results

DVS Simulation run against a fixed-voltage simulation runSource: Design Space Exploration for Energy-Efficient Secure Sensor Network [5]

• The DVS approach does the same work• 2.64 times slower, but uses only 38% of the

energy of the fixed voltage approach!

39


DVS Summary• As always, actual power savings will depend

on network traffic conditions and other factors– High volume of low latency traffic will cut savings

• If packet #1 has missed the message deadline, entire message will be dropped

• A very novel approach to saving energy in MANET

40

Specific Power-Aware Approaches: MDR

Minimum Drain Rate• The idea of Minimum Drain Rate– Based on the idea of drain rate, which is an

estimation on how long a node can continue operating at current traffic levels

• With this information, the routing protocol can modify paths to keep certain nodes online longer

41

Specific Power-Aware Approaches: MDR

• Routes with nodes having the highest remaining battery will be utilized as much as possible

• Keep low battery nodes online as long as possible

• MDR optimizes for the good of the network• Other schemes can be selfish– Useful in WSNs, keep own node online and

collecting data as long as possible

42

Summary

• A good security approach is hard to design because of all the limitations of the devices

• Designs should be passively secure to protect against unforeseen attacks

• Implement active security measures to limit abuse/DoS

43

Summary

• Power-aware security measures – Promise to go a long way in keeping battery

powered devices online– Are needed because processing power is

advancing faster than battery technology

44

Summary

MANET Power-conscious security mechanisms

• MANETs themselves are a relatively new area of research

• MANET security even more so• MANET power-conscious or power aware

security is pretty much cutting edge!• Market for these devices grows every day

45

Questions?

46

References[1] Secret-Key Cryptography-Introduction,IDEA,ECB,CBC,OFB, CFB . Dr. Tricia Chigan, Michigan

Technological University.[2] LiSP: A lightweigh Security Protocol for Wireless Sensor Networks. Taejoon Park and Kang G.

Shin, University of Michigan.[3] Security in Mobile Ad Hoc Networks: Challenges and Solutions. Hao Yang, Haiyun Luo, Fan Ye,

Songwu Lu and Lixia Zhang, UCLA Computer Science Department[4] Constraints and Approaches for Distributed Network Security. David Carman, Peter Kruus and

Brian Matt. NAI Labs, Network Associates Inc.[5] Design Space Exploration for Energy-Efficient Secure Sensor Network. Lin Yuan and Gang Qu,

University of Maryland Electrical and Computer Engineering Department.[6] Power-Aware Routing Based on The Energy Drain Rate for Mobile Ad Hoc Networks. Javier

Gomez, Andrew T. Campbell Dept. of Electrical Engineering and Center for Telecommunications Research. Columbia University, NY, USA.

[7] Power-saving protocols for IEEE 802.11-based multi-hop ad hoc networks. Yu-Chee Tseng, Chih-Shun Hsu, Ten-Yueng Hsieh. Department of Computer Science and Information Engineering, National Chiao Tung University, Taiwan

[8] OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks. Fabian Hugelshofer, et al. Computing Department Lancaster University, Lancaster, United Kingdom

topic 7: lightweight security primitives for manet & wsn power conscious security measures...

Documents

security issues

distributed network

dragonball slide

manetwsn security welcome

manetwsn security world

secure manet protocol

secure communications

private key