1 / 25

Some Security Challenges for Mesh Networks

Some Security Challenges for Mesh Networks. Jean-Pierre Hubaux EPFL Switzerland Joint work with Imad Aad, Naouel Ben Salem, Levente Buttyan, Srdjan Capkun, Markus Jakobsson, and Maxim Raya Funded by the MICS/Terminodes project, www.mics.org.

maximilian
Download Presentation

Some Security Challenges for Mesh Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Some Security Challenges for Mesh Networks Jean-Pierre Hubaux EPFL Switzerland Joint work with Imad Aad, Naouel Ben Salem, Levente Buttyan, Srdjan Capkun, Markus Jakobsson, and Maxim Raya Funded by the MICS/Terminodes project, www.mics.org

  2. Some Security Challenges for Mesh NetworksOutline • Preventing greedy behavior at the MAC layer • Secure positioning • Cooperation between nodes

  3. 1. Preventing greedy behavior at the MAC layer Cheater Well-behaved node Well-behaved node

  4. IEEE 802.11 MAC – Brief reminder

  5. Misbehavior techniques – NAV

  6. Misbehavior techniques – DIFS

  7. Misbehavior techniques – Frame scrambling

  8. Misbehavior techniques – Backoff

  9. Solution 1 • Detection and handling of MAC layer misbehavior in wireless networks (Kyasanur and Vaidya, DSN 2003) • Idea: the receiver assigns backoff values to the sender • Detection: compares expected and observed backoffs • Correction: assigns penalty to the cheater

  10. Solution 2 • DOMINO (Raya, Hubaux, and Aad, MobiSys 2004) • Idea: monitor the traffic and detect deviations by comparing average values of observed users • Detection tests: number of retransmissions, backoff, … • Features: • Full standard compliance • Needs to be implemented only at the Access Point • Applicable to all CSMA/CA-based protocols • Simple and efficient • The operator decides the amount of evidence required before taking action (in order e.g. to prevent false positives) • http://domino.epfl.ch Game-theoretic study:M. Cagalj, S. Ganeriwal, I. Aad and J.-P. Hubaux"On Cheating in CSMA/CA Networks"Technical report No. IC/2004/27, February 2004

  11. Components of DOMINO Cheating method Detection test Oversized NAV Comparison of the declared and actual NAV values Comparison of the idle time after the last ACK with DIFS Transmission before DIFS Number of retransmissions Frame scrambling Backoff manipulation Maximum backoff: the maximum should be close to CWmin - 1 Actual backoff Consecutive backoff

  12. DOMINO performance (ns-2 simulation) Setting: uplink UDP traffic; 7 well-behaved stations + 1 cheating station; each point corresponds to 100 simulations of 10s each; confidence int: 95%

  13. 2. Secure positioning • Being able to securely verify positions of devices can enable: • Location-based access control • Detection of displacement of valuables • Detection ofstealing • Monitoring and enforcement of policies (e.g., traffic monitoring) • Location-based charging • … • In multi-hop networks • Secure routing • Secure positioning • Secure data harvesting (sensor networks) • …

  14. Distance measurement by Time of Flight (ToF) - Based on the speed of light (RF, Ir) tr ts ts dABm=(tr-ts)c dABm=(tr-ts-tprocB)c/2 tr B A (A and B are synchronized - ToF) (A and B are NOT synchronized – Round trip ToF) - Based on the speed of sound (Ultrasound) tr(RF) ts ts tr(US) B A ts dABm=(tr(RF)-tr(US))s

  15. Attacks on RF and US ToF-based techniques - Dishonest device:cheat on the time of sending (ts) or time of reception (tr) - Malicious attacker: 2 steps: 1. Overhear and jam tr ts ts dABm=(tr-ts)c B A (A and B are assumed to be synchronised) M 2. Replay with a delay Δt tr+Δt ts ts+Δt B dABm=(tr+Δt-ts)c M => dABm>dAB

  16. Summary of possible attacks on distance measurement Dishonest nodes Malicious attackers

  17. Secure positioning • Goals: • preventing a dishonest node from cheating about its own position • preventing a malicious attacker from spoofing the position of an honest node • Our proposal: Verifiable Multilateration

  18. Distance Bounding (RF) • Introduced in 1993 by Brands and Chaum to prevent the Mafia fraud attack NBS ts tr A BS dreal≤ db = (tr-ts)c/2(db=distance bound)

  19. Distance bounding characteristics Dishonest nodes Malicious attackers • RF distance bounding: • nanosecond precision required, 1ns ~ 30cm • UWB enables clock precision up to 2ns and 1m positioning indoor and outdoor (up to 2km) with RF ToF • US distance bounding: • millisecond precision required,1ms ~ 35cm • distance bounding can be enabled with 802.11 and US

  20. Verifiable Multilateration (Trilateration) BS3 A BS2 (x,y) Verification triangle y x BS1 Distancebounding

  21. Verifiable Multilateration (properties 1/2) - a node located within the triangle cannot prove to be at another position within the triangle except at its true position. - a node located outside the triangle formed by the verifiers cannot prove to be at any position within the triangle - a malicious attacker cannot spoof the position of a node such that it seems that the nodeisat a position different from its real position within the triangle - a malicious attacker cannot spoof the position of a node such that it seems that it is located at a position within the triangle, if the node is outside the triangle

  22. Verifiable Multilateration (properties 2/2) - a node can show (by distance enlargement) that it is positioned outside the triangle - an attacker can always show that the node is positioned outside the triangle The same holds in 3-D, with a triangular pyramid instead of a triangle • Srdjan Capkun and Jean-Pierre HubauxSecuring position and distance verification in wireless networks     Technical report EPFL/IC/2004-43, May 2004 • Srdjan Capkun and Jean-Pierre HubauxSecure Positioning in Sensor Networks     Technical report EPFL/IC/2004-44, May 2004

  23. 3. Cooperation between nodes • Multi-hop mesh networks represent a new and promising paradigm, but … Why would intermediate nodes bother to relay packets forthe benefit of other nodes? • No incentive  the network does not work : • V. Srinivasan, P. Nuggehalli, C. Chiasserini, and R. Rao, Infocom 2003 • M. Felegyhazi, L. Buttyan, and J. P. Hubaux, PWC 2003 • Autonomous multi-hop networks R. Mahajan, M. Rodrig, D. Wetherhall, and J. Zahorjan, “Encouraging Cooperation in Multi-Hop Wireless Networks,”Technical Report CSE-04-06-01, Univ. of Washington, June 2004

  24. Incentive techniques: other scenarios Initiator Correspondent BSB BSA j B A 1 i 1 • Multi-hop networks with sporadic access to the backbone S. Zhong, Y. R. Yang, and J. Chen, “Sprite: A Simple, Cheat-Proof, Credit-Based System for Mobile Ad Hoc Networks,” INFOCOM 2003 • Multi-hop networks with permanent access to the backbone Backbone • Systematic payment:N. Ben Salem, L. Buttyán, J.-P. Hubaux and  M. Jakobsson,"A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop CellularNetworks", MobiHoc 2003 • Solution based on lottery tickets:M. Jakobsson, J.-P. Hubaux and L. Buttyan, "A Micro-Payment Scheme Encouraging Collaboration in Multi-HopCellular Networks", Financial Crypto 2003

  25. Conclusion • Mesh networks must be secured prior to any commercial deployment • A number of research results from the security of wireless (ad hoc) networks can be used or adapted, notably: • To prevent greedy behavior • To secure positioning • To stimulate cooperation between nodes • There are more challenges, in particular: • Preventing denial of service attacks • Stimulation of the network deployment

More Related