1 / 59

Secure Communication A View From The Transport Layer MANET and WSN

Secure Communication A View From The Transport Layer MANET and WSN. Overview. Transport Layer and Security Issues Anonymity E-mail WSN and MANET Traffic Analysis DOS Attacks flooding de-synchronization Summary References. Transport Layer and Security Issues. Transport Layer Basics .

colton
Download Presentation

Secure Communication A View From The Transport Layer MANET and WSN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure CommunicationA View From The Transport LayerMANET and WSN

  2. Overview • Transport Layer and Security Issues • Anonymity • E-mail • WSN and MANET • Traffic Analysis • DOS Attacks • flooding • de-synchronization • Summary • References

  3. Transport Layer and Security Issues

  4. Transport Layer Basics

  5. Transport Layer - Security • Securing end-to-end communication • Keys distribution and use for secure communication • Anonymous communication • Preventing traffic analysis • Preventing DOS attacks

  6. Mobile Sensor Networks - Basics • Security Constraints • Low Power • Limited processing power • Limited memory • Limited bandwidth

  7. Keys • Base Station assigns keys • Symmetric Key Algorithms • Saves computation resources • Establishes trust with sensor nodes • Saves computation and power • Computing and exchanging keys • Base station transmits the keys directly to the node • Saves power

  8. Anonymity E-mail

  9. E-mail Anonymity • Untraceable E-mail • Untraceable Return Addresses • Digital Pseudonyms

  10. E-Mail Anonymity - Untraceable • Using Public Key encryption • Uses • Elections • Part of an organization, but want identity kept secret (CIA)

  11. E-Mail Anonymity - Untraceable • Additional computer called the “Mix” • Bob wants to send Alice an untraceable message. • Bob sends the message encrypted with Alice’s public key, encrypted again with the Mix’s public key: • Km(R1, Ka(R0, M), A)  Ka(R0,M),A • Mix decrypts, eliminates R1, and forwards the message to Alice.

  12. E-Mail Anonymity - Untraceable • Mix hides the correspondences between items in its input and output. • Outputs in uniformly sized items in lexicographically ordered batches. • Ensures no duplicate output (would show a pattern to an eavesdropper) • make R a timestamp • change Mix’s keys

  13. E-Mail Anonymity - Untraceable • Multiple Mix’s • Cascade encryptions • First Mix’s (M2) input: Km2(R2,Km1(R1,Ka(R0, M),A),Am1)  • First Mix’s output: Km1(R1,Ka(R0, M),A))  • Final Result: Ka(R0, M),A)

  14. E-Mail Anonymity – Return Address • What if Alice wants to respond to Bob? He is anonymous! • Bob can sends his address, encrypted so that only the Mix can read, and deliver it. • Km(R1,Ab), Kb(R0,M)  Ab, R1(Kb(R0, M))

  15. E-Mail Anonymity – Return Address • Mix can verify recipient received the message • Certified Mail Service • Last Mix sends back to Bob: • Alice’s address • Message itself • Each Mix may sign the receipt

  16. E-Mail Anonymity • Preventing Traffic Analysis • Send same number of messages per each batch • Pro - Hides number of messages sent from Bob • Con - Uses resources (power, bandwidth) • Send same number of messages to subsets of participants • Pro - Hides number of messages Bob sends to Alice, and minimizes dummy messages • Con - Still uses resources for dummy messages

  17. E-Mail Anonymity - Pseudonyms • Digital Pseudonym: • A public key used to verify signatures made by the anonymous holder of the corresponding private key. • Roster: • List of pseudonyms kept by a trusted authority • Uses: • Elections – Roster of eligible voters

  18. E-mail Anonymity – Pros & Cons • Pros: • Ability to be anonymous • Verified message delivery • Cons: • Additional hardware (mix) • What if you want to know the addressee (threat) • Trusted Authority • who and what determines this • Lots of additional encryption (time and resources)

  19. Anonymity –MANET and WNS

  20. Anonymity – Why • If an attacker can ID a node, and eavesdrop on traffic, they may be able to identify actual network traffic patterns. • Track a moving node • Identify what network a node belongs in

  21. Anonymity – Cont. Wired connections with dedicated links Wireless connections with shared media • Wireless communication broadcast property makes it hard to see where where a node is, but makes it easier to eavesdrop. [picture - 11]

  22. Anonymity – How • We will analyze how to achieve anonymity in both: • MANET • Mix-net • WNS • Anonymity done through preventing traffic analysis attacks

  23. Anonymity - MANET • Similar to e-mail, uses Mix’s • A Mix-Net example in MANET [2]

  24. Anonymity - MANET • Encryption and decryption of messages is the same as used with Mix’s in e-mail: • Multiple Mix’s • Cascade encryptions • First Mix’s (M2) input: Km2(R2,Km1(R1,Ka(R0, M),A),Am1)  • First Mix’s output: Km1(R1,Ka(R0, M),A))  • Final Result: Ka(R0, M),A)

  25. Anonymity - MANET • Mix Advertisement • Sends message “I’m here” • Non-Mix node hears this and determine a dominant Mix-node • If it doesn’t hear an advertisement message from it’s Mix in some interval of time, it finds another Mix. • Mix Route Discovery and Update • Sender node (S) sends RREQ message to destination node (D)

  26. Anonymity - MANET • Mix Route Discovery and Update • RREQ Phase: Sender node (S) sends RREQ message to destination node (D) • DREG Phase: D knows it is part of end-to-end communication, registers with it’s closest Dominator Mix • RUPD Phase: Mix broadcasts RUPD messages to nodes with a list of nodes registered to the Mix

  27. Anonymity - MANET • Broadcasted RUPD Messages [2]

  28. Anonymity - MANET • Potential security problem: • An attacker could hear S send a RREQ message, then hear D send a DREG message shortly after. • Solution: • S can send dummy RREQ messages to itself, to hide the real RREQ message to D

  29. Anonymity - MANET • Pros: • Compromised node in the middle of the route does not reveal source or destination nodes • Dominant Mix could hide identity of S • Mix can also aide in preventing traffic analysis • Cons: • Additional hardware: Mix’s • Additional encryption

  30. Anonymity – MANET - PPCS • PPCS – Privacy Preserving Communication • Three mechanisms: • Dynamic Flow Identification • Random Node Identification • Resilient Packet Forwarding

  31. Anonymity – MANET - PPCS • Dynamic Flow Identification • Two flow pseudonyms, Pdi, Psi are defined for the forward and backward flows • Replaces the source and destination addresses • Source broadcasts RREQ packet containing these pseudonyms <RREQ, Psi, Pdi, Ksd(m)> • Intermediate nodes receive and try to decrypt Psd • “Trap door check”

  32. Anonymity – MANET - PPCS • Random Node Identification • Dissociates a real node identifier from location information • RNI – random node identifiers

  33. Anonymity – MANET - PPCS • Resilient Packet Forwarding • Multi-path random forwarding (MPRF) • Provides protection against traffic analysis • Helps avoid traffic congestion • Intermediate nodes randomly selects the next hop by it’s local list of possible next hop nodes.

  34. Anonymity – MANET - PPCS • Potential problems: • Message could be followed from end-to-end • Solution: Encrypt again between intermediate nodes • Pros: • Node anonymity established • Cons: • More difficult to implement • Each intermediate node must look at the Psd of a RREQ message

  35. Anonymity - WSN • Base Station ID hidden • Could take out entire network • How: • Hide which node is the base station by limiting traffic analysis

  36. Anonymity - Summary • Some situations may require node anonymity • Ex: Election, CIA • E-mail anonymity • Mix • MANET and WSN anonymity • Mix and routing • Traffic Analysis

  37. Preventing Traffic Analysis

  38. Preventing Traffic Analysis – Why • High traffic and/or traffic patterns could indicate a base node/station • Base Node/Station • Entire network depends on it • Ex: Military • Determine critical nodes , chain of command • Forthcoming action • State change or network alertness

  39. Traffic Analysis – Example Data traffic patterns using shortest path routing [7]

  40. Traffic Analysis – Two Classes • Two classes of traffic analysis 1.) Rate Monitoring Attack– monitor packet sending rate 2.) Time Correlation Attack – deduce path by listening to nodes forward packets

  41. Preventing Traffic Analysis – How • Multiple parent routing • Rate monitoring attacks • Controlled random walk • Rate monitoring attacks • Random fake paths • Time correlation attacks • Multiple, random areas of high communication activity • Rate Monitoring Attacks

  42. Multi-Parent Routing • Reduces effectiveness of rate-monitoring attacks • Each node has multiple parents • Randomly select one parent each time it forwards a packet • Any level higher is a parent or • Record beacons as parents • Problems: • Does not eliminate rate-monitoring attacks • Still subject to time-correlation attacks

  43. Multi-Parent Routing Multi-parent routing for node “u”

  44. Random Walk • Reduces rate monitoring attack effectiveness • Forwarding packets: • To parent with probability of p • To neighbor with probability of (1-p) • Problems: • Still vulnerable to time correlation attack • Longer route consumes more energy (more hops to base station)

  45. Random Fake Paths • AKA Fractal Propagation • Makes time-correlation attacks less effective • Fake packets are created and propagated through the network • Fake packets have a TTL parameter, K

  46. Random Fake Paths Cont. • When a node receives a fake packet, it • decrements TTL (if zero, it drops the packet) • forwards the packet to a neighbor node • If a node hears it’s neighbor transmitting a fake packet with a TTL of k : • generates and forwards another fake packet • TTL = k-1 • probability

  47. Random Fake Paths Cont. • Problems: • Already limited power is used on fake transmissions • Does not completely eliminate time correlation attacks • Generates a large amount of traffic by base station • If transmitting real packets more frequently, reduce the probability of sending a fake packet

  48. Multiple, random areas of high communication activity • AKA Hot Spots • Makes rate monitoring more difficult • Node keeps track of which neighbors it sends fake messages to. • All neighbors start with the same probability of receiving a fake message from me • If I send a fake message to neighbor A, I increase the probability I send another fake message to it

  49. Multiple, random areas of high communication activity – Cont. • Ability to create and destroy hotspots • Problems: • Does not eliminate rate monitoring, but does make an attacker waist time with a hotspot

  50. Traffic Analysis - Summary

More Related