topic 7: lightweight security primitives for manet & wsn power conscious security measures...
TRANSCRIPT
2
Security Requirements
• Introduction to MANET/WSN Security• MANET Assumptions• Problem Statement• Secure MANET design philosophy• Use of hashes in MANET security• Symmetric Key Encryption in MANET• Active security measures• Specific Power-Aware Approaches• Summary
3
Introduction to MANET/WSN security
• World is growing increasingly ‘digital’
• 1980’s:– Computers in cars
• 1990’s:– Computers in door locks, watches, cellphones, etc
• 2000’s:– Computers everywhere! – Must tweet, facebook, communicate with other devices
4
Introduction to MANET/WSN security
• Welcome to 2010– Not just facebook– Banking, auto insurance apps on iPhone– Miniature UAVs, ground combat robots in military use
• Some mounted with weapons!
• Mobile network/internet devices are the new way to do business– Not just toys anymore– They keep getting smaller!
5
MANET Assumptions
Some assumptions throughout this presentation• Key exchange/distribution has already been
taken care of– Eschenauer/Gligor (or other probabilistic
approach) a likely candidate
• Operation in a hostile environment– This has not been assumed in the past, hence the
problems with many in-place network schemes
6
MANET Assumptions• Vulnerabilities exist at every layer in MANET
Goals for an all-encompassing secure MANET protocolSource: Security in Mobile Ad Hoc Networks: Challenges and Solutions [3]
• Currently, no single mechanism eliminates the security issues in every layer
• An all-encompassing protocol will include both active and passive protection
7
Problem Statement
The Challenge:• How do we reasonably secure
communications?
• On a device with limited– CPU/RAM resources– Battery power
• Continuously changing network conditions
8
Problem Statement
• Require the standard 4 security provisions
• Security evaluation criteria for proposed solutions:– Authentication– Privacy– Integrity– Freshness
9
Secure MANET design philosophy
Typical devices involved in MANET/WSNs:• Mote (WSN data collection)– 8-bit CPU, 4 Mhz, 4 KB RAM– 128 KB program memory– Powered by 2 AA batteries
• Ranging to more powerful MIPS R4400 or similar
10
Secure MANET design philosophy
• Public key encryption – out of the question!
• Symmetric key encryption is possible
• Hash-based security functions are preferred
11
Secure MANET design philosophy
Computation Time and Energy Consumption for 128-bit MultiplySource: Constraints and Approaches for Distributed Network Security [4]
• This is a basic operation required for public key cryptography
• Thousands or millions of these operations for encrypt/decrypt/verify
12
Secure MANET design philosophy
AES(Symmetric) and SHA-1 Computational Energy Consumption EstimatesSource: Constraints and Approaches for Distributed Network Security [4]
• Symmetric key encryption is ideal, when encryption is required
• Hash functions still preferred– 20% power savings with MIPS R4000– 60% power savings with DragonBall
13
Use of hashes in MANET security
Hash Message Authentication Codes (HMAC)
• Two nodes communicating and sharing a private key can use a one-way hash algorithm to verify sender
• This is ok between 2 parties– HMAC can only be verified by the intended receiver
• Unless all keys shared across network, not reasonable
– Not ideal for authenticating broadcast messages
• HMACs can be chained to verify a message path– Used in TESLA and Ariadne
14
Use of hashes in MANET security
Pitfalls of message hashing
• For hash chaining, clock synchronization of some kind will be required– Significant infrastructure to do this may be required
• TESLA and SEAD send hashes and then send the key– Entire message must be buffered and then wait on
key distribution before message can be verified– Can introduce large routing delays
15
Use of hashes in MANET security
Hashing summary
• Hashing is useful for verifying identity of a sender• Not impervious to replay attacks• Fast, but cannot be used to encrypt data
• For Data encryption, we need to look at lightweight symmetric key encryption– Let’s examine MANET requirements again
16
Symmetric Key Encryption in MANET
More design pitfalls of MANET devices:
• Depending on application, RF data transmission will be the other primary drain on battery
• Require our algorithm to have low CPU and data overhead– Size of plaintext = size of ciphertext
17
Symmetric Key Encryption in MANET
• Stream cipher is an obvious choice for to keep data overhead low
• Block mode encryption is not effective for cleartext < block size– Stream ciphers do not suffer this downfall
• Can maintain fairly high security while keeping processing and bit overhead quite low– XOR/Bitwise add operations cheap to implement
18
Symmetric Key Encryption in MANET
• Stream ciphers have been chosen for a number of proposed and actual wireless network implementations
• IEEE 802.11 WEP uses RC4 stream cipher• SPINS (based on TESLA/SNEP) uses RC5 block cipher using counter mode
Cipher operating in Output Feedback ModeSource: Secret Key Cryptography [1]
19
Symmetric Key Encryption in MANET
The catch:
• Care must be taken in design to avoid keystream reuse– WEP prefixes each packet with a pre-encryption
IV, but IV space is too small– WEP is susceptible to a number of attacks because
of this• SPINS gets around this by having each party
maintain IV separately
20
Symmetric Key Encryption in MANET
• SPINS’ approach causes new problems and special considerations– Lossy wireless links can cause IV to become
unsynchronized– Network is not protected from replay attacks
without additional measures
21
Symmetric Key Encryption in MANET
Symmetric Encryption Summary
• With proper design and advanced techniques, symmetric-key encryption can provide adequate security measures for today’s networks.
23
Active security measures
Active security measures in MANET
• Operation on battery power/minimum processing power makes active security measure implementation that much more difficult
• At the same time, limited operating power gives us a need for active security measures– Deep packet inspection essentially impossible
24
Active security measures
• In any MANET network, malicious nodes can simply DoS another node with packets it has to respond to
• This is especially effective/detrimental if the MANET implements some kind of security signature– Hacker can spam the network with bogus and bad
digests– Good nodes spend processing power to verify,
only to find that the message is a fraud
25
Active security measures: OpenLIDS
Enter OpenLIDS (Lightweight Intrusion Detection System)
• A mechanism for detecting hosts that are abusing the network
• Works on the basis of anomaly detection• Lightweight enough to run on medium-power
nodes• Able to keep up with high data throughput• Aims to specifically detect port scanning and
DoS attacks
26
Active security measures: OpenLIDS
Utilizes failed connection attempt analysis• Initially perform very broad packet monitoring• Increase cost and depth of analysis as
suspicion rises
27
Active security measures: OpenLIDS
3 States• DST_NONE• DST_HOST• DST_PORT
OpenLIDS State Machine Diagram: Failed connection attemptsSource: OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks [8]
28
• DST_NONE – >50 failed attempts per minute– Host is flagged as suspicious
• DST_HOST– Nodes now begin to track destination IP of failing
requests– >400 at a single host?
• Targeted DoS attacker
– >100 distinct destination hosts?• DST_PORT– >100 failed attempts, same port, different hosts?
• Attacker determined to be port scanning
OpenLIDS State Machine Diagram: Failed connection attemptsSource: OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks [8]
Active security measures: OpenLIDS
29
• After host is located– Specific actions are not defined by the protocol– Can be customized per implementation
• How effective is it?
Active security measures: OpenLIDS
OpenLIDS Time to detect Conficker wormSource: OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks [8]
30
Summary• OpenLIDS is fairly minimal– Linux implementation program size 85 KiB– Occupies 836 KiB RAM when started– Grows to 4,128 KiB RAM tracking 1000 hosts
• OpenLIDS is suitable for medium to high powered MANET devices– Mote type devices are not powerful enough
Active security measures: OpenLIDS
31
Specific Power-Aware Approaches
Approaches we’ll talk about:
• DVS (Dynamic Voltage Scaling)• MDR (Minimum Drain Rate)
32
Specific Power-Aware Approaches: DVS
What is Dynamic Voltage Scaling?
• The idea behind DVS is to take advantage of the of speed-scaling processors in a way to save energy
• Many processors are capable of running at different voltages– MIPS R4000– Pretty much any ARM chip
33
Specific Power-Aware Approaches: DVS
• When running at lower voltage:– Processor runs slower– Works more efficiently
• Running at a lower voltage is not good all the time– Some processors will be pathetically slow when
scaled back– For data in a MANET that is time critical, deadlines
can be missed– Energy is not only lost in the processor
34
Specific Power-Aware Approaches: DVS
• To implement DVS w/o missing deadlines, we need to add another layer to the protocol
• This DVS Layer sits outside of the encrypted payload– Tells the receiver (or middle node in link-to-link
encryption) various bits of information about the packet
35
Specific Power-Aware Approaches: DVS
• Message_info provides the decrypting node with the information it needs to select the proper voltage
• Info should be encrypted or at least signed if the hardware allows– Tamper proof
• Decrypted/verified at full speed
First packet of DVS enabled messageSource: Design Space Exploration for Energy-Efficient Secure Sensor Network [5]
36
Specific Power-Aware Approaches: DVS
Message_info includes:• Size of message• Origin time and latency requirement• Estimated computation load of message.• Message destination
First packet of DVS enabled messageSource: Design Space Exploration for Energy-Efficient Secure Sensor Network [5]
37
Specific Power-Aware Approaches: DVS
So how much energy can be saved?
MIPS R4000 Energy usage at different supply voltagesSource: Design Space Exploration for Energy-Efficient Secure Sensor Network [5]
38
Specific Power-Aware Approaches: DVS
DVS Simulation results
DVS Simulation run against a fixed-voltage simulation runSource: Design Space Exploration for Energy-Efficient Secure Sensor Network [5]
• The DVS approach does the same work• 2.64 times slower, but uses only 38% of the
energy of the fixed voltage approach!
39
Specific Power-Aware Approaches: DVS
DVS Summary• As always, actual power savings will depend
on network traffic conditions and other factors– High volume of low latency traffic will cut savings
• If packet #1 has missed the message deadline, entire message will be dropped
• A very novel approach to saving energy in MANET
40
Specific Power-Aware Approaches: MDR
Minimum Drain Rate• The idea of Minimum Drain Rate– Based on the idea of drain rate, which is an
estimation on how long a node can continue operating at current traffic levels
• With this information, the routing protocol can modify paths to keep certain nodes online longer
41
Specific Power-Aware Approaches: MDR
• Routes with nodes having the highest remaining battery will be utilized as much as possible
• Keep low battery nodes online as long as possible
• MDR optimizes for the good of the network• Other schemes can be selfish– Useful in WSNs, keep own node online and
collecting data as long as possible
42
Summary
• A good security approach is hard to design because of all the limitations of the devices
• Designs should be passively secure to protect against unforeseen attacks
• Implement active security measures to limit abuse/DoS
43
Summary
• Power-aware security measures – Promise to go a long way in keeping battery
powered devices online– Are needed because processing power is
advancing faster than battery technology
44
Summary
MANET Power-conscious security mechanisms
• MANETs themselves are a relatively new area of research
• MANET security even more so• MANET power-conscious or power aware
security is pretty much cutting edge!• Market for these devices grows every day
46
References[1] Secret-Key Cryptography-Introduction,IDEA,ECB,CBC,OFB, CFB . Dr. Tricia Chigan, Michigan
Technological University.[2] LiSP: A lightweigh Security Protocol for Wireless Sensor Networks. Taejoon Park and Kang G.
Shin, University of Michigan.[3] Security in Mobile Ad Hoc Networks: Challenges and Solutions. Hao Yang, Haiyun Luo, Fan Ye,
Songwu Lu and Lixia Zhang, UCLA Computer Science Department[4] Constraints and Approaches for Distributed Network Security. David Carman, Peter Kruus and
Brian Matt. NAI Labs, Network Associates Inc.[5] Design Space Exploration for Energy-Efficient Secure Sensor Network. Lin Yuan and Gang Qu,
University of Maryland Electrical and Computer Engineering Department.[6] Power-Aware Routing Based on The Energy Drain Rate for Mobile Ad Hoc Networks. Javier
Gomez, Andrew T. Campbell Dept. of Electrical Engineering and Center for Telecommunications Research. Columbia University, NY, USA.
[7] Power-saving protocols for IEEE 802.11-based multi-hop ad hoc networks. Yu-Chee Tseng, Chih-Shun Hsu, Ten-Yueng Hsieh. Department of Computer Science and Information Engineering, National Chiao Tung University, Taiwan
[8] OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks. Fabian Hugelshofer, et al. Computing Department Lancaster University, Lancaster, United Kingdom