Reliable Telemetry in White Spaces using Remote Attestation - PowerPoint PPT Presentation

abigail-jacobson
reliable telemetry in white spaces using remote attestation n.
Skip this Video
Loading SlideShow in 5 Seconds..
Reliable Telemetry in White Spaces using Remote Attestation PowerPoint Presentation
Download Presentation
Reliable Telemetry in White Spaces using Remote Attestation

play fullscreen
1 / 14
Download Presentation
Reliable Telemetry in White Spaces using Remote Attestation
132 Views
Download Presentation

Reliable Telemetry in White Spaces using Remote Attestation

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Reliable Telemetry in White Spaces usingRemote Attestation Omid Fatemieh, Michael D. LeMay, Carl A. Gunter University of Illinois at Urbana-Champaign Annual Computer Security Applications Conference (ACSAC) Dec 9, 2011

  2. Opportunistic Spectrum Access • Spectrum crunch • Increased demand • Limited supply • Inefficiencies of fixed and long term spectrum assignment (licenses) • Emerging solution: opportunistic access to unused portions of licensed bands

  3. Opportunistic Spectrum Access • Spectrum crunch • Increased demand • Limited supply • Inefficiencies of fixed and long term spectrum assignment (licenses) • Emerging solution: opportunistic access to WHITE SPACES • Cognitive Radio: A radio that interacts with the environment and changes its transmitter parameters accordingly Primary Transmitter Primary Receiver Secondary Transmitter/Receiver(Cognitive Radio)

  4. White Space Networks • Allowed by FCC in Nov 2008 (and Sep 2010) • TV White Spaces: unused TV channels 2-51 (54 MHz-698MHz) • Much spectrum freed up in transition to Digital Television (DTV) in 2009 • Excellent penetration and range properties • Applications • Super Wi-Fi • Campus-wide Internet • Rural broadband(e.g. Claudville, VA) • Advanced Meter Infrastructure (AMI) [FatemiehCG – ISRCS ‘10]

  5. How to Identify Unused Spectrum? • Spectrum Sensing – Energy Detection • Requires sensing-capable devices -> cognitive radios • Signal is variable due to terrain, shadowing and fading • Sensing is challenging at low thresholds • Central aggregation of spectrum measurement data • Base station (e.g. IEEE 802.22) • Spectrum availability database (required by the FCC) No-talk Region for Primary Transmitter Collaborative Sensing

  6. Malicious Misreporting Attacks • Malicious misreporting attacks • Exploitation: falsely declare a frequency occupied • Vandalism: falsely declare a frequency free • Why challenging to detect? • Spatial variations of primary signal due to signal attenuation • Natural differences due toshadow-fading, etc. • Temporal variations of primary • Compromised nodes may colludeand employ smart strategies to hide under legitimate variations • How to defend against such coordinated/omniscient attackers? Compromised Secondary – Vandalism Compromised Secondary – Exploitation

  7. Limitations of Previous Work • Initially assume all sensors are equal • Rely only on comparing measurements • Shadow-fading correlation filters for abnormality detection [MinSH – ICNP ‘09] • Model-based (statistical) outlier detection [FatemiehCG – DySPAN ‘10] • Data-based (classification) attacker detection [FatemiehFCG – NDSS ‘11] • Resulting drawback: attacker penetration has to be significantly limited for solutions to work • What if we can have a subset of “super-nodes"?

  8. A Subset of Trusted Nodes • Remote attestation: A technique to provide certified information about software, firmware, or configuration to a remote party • Detect compromise • Establish trust • Root of trust for remote attestation • Trusted hardware: TPM on PCs or MTM on mobile devices • Software on chip [LeMayG - ESORICS ‘09] • Why a subset? • Low penetration among volunteer nodes • Cost: manufacturing, energy, time, bandwidth (see paper for numbers) Nonce Attestation-Capable System Remote Server Signed[Nonce || System State]

  9. Key Observations • Goal: obtain an estimate of signal power in any cell to compare to threshold • Cell A: Safety or precision? • Cells B and C: How many regular nodes to include? Which ones? • Steps • A systematic strategy to determine when there is enough data • If we need additional data, which ones to add to aggregation pool? • Ensure pool not attacker-dominated Regular Node Attested Node A C B

  10. Intra-cell Node Selection • Sequential intra-cell node selection • Include all attested nodes • Include regular nodes until a precision goal is met • Precision goal: Ensure margin of errorfor aggregate smaller than requirements (e.g. 3dB) with high confidence (e.g. 95%) (unknown distribution) • Mean: Asymptotically efficient Chow-Robbins sequential procedure: • Median: Find a and b (order statistics):

  11. Classification-based inter-cell detection • Last step: Classification-basedinter-cell attacker detection • If detected: only use attested data in E • Median as aggregate: • (+) Less vulnerable to legitimate variations or minority attackers • (-) Achieving the required precisionrequires more data • (-) Majority attackers can move median while being less ‘abnormal’ • Aggregate: median when attested majority, and mean otherwise

  12. Evaluation • Hilly Southwest Pennsylvania • TV transmitter data from FCC • Terrain data from NASA • Ground truth: predicted signal propagation using empirical Longley-Rice model • Takes into account: • Transmitter power, location, height, frequency • Terrain and distance • Added aggressive log-normal shadow-fading variations • Used data to build classifier and evaluate protection against attacks

  13. Results Attack Deterrence Rate(Attested fraction ≈ .25) False Outcome Rate

  14. Conclusions and Future Work • Showed how to use a small subset attestation-capable nodes to improve trustworthiness of distributed sensing results. • Proposed methods: • Provide quantifiably precise results. • Provide effective protection against attacks with small fraction of attested nodes. • Can lower attestation costs for real deployment. • Future direction: Developing a framework for formulating costs associated with including regular and attested nodes, and systematically striking a balance between the costs (from spectrum data aggregation and remote attestation) and obtaining precise aggregation results.