formal methods and security models for wireless network protocols l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Formal Methods and Security Models for Wireless Network Protocols PowerPoint Presentation
Download Presentation
Formal Methods and Security Models for Wireless Network Protocols

Loading in 2 Seconds...

play fullscreen
1 / 21

Formal Methods and Security Models for Wireless Network Protocols - PowerPoint PPT Presentation


  • 225 Views
  • Uploaded on

Formal Methods and Security Models for Wireless Network Protocols. Calvin Ko SPARTA, Inc. April 11, 2008. Formal Methods for Security. A precise specification of “security properties” A formal model of the system

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Formal Methods and Security Models for Wireless Network Protocols' - elina


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
formal methods and security models for wireless network protocols

Formal Methods and Security Models for Wireless Network Protocols

Calvin Ko

SPARTA, Inc.

April 11, 2008

formal methods for security
Formal Methods for Security
  • A precise specification of “security properties”
  • A formal model of the system
  • A mathematically rigorous approach to verify that the model of the system satisfies the security properties
    • Theorem proving
    • Model checking
some notes on formal verification
Some Notes on Formal Verification
  • You cannot prove that a system is secure in any absolute sense
  • You can only prove that a model of a system does or does not have certain specific security properties
  • It requires human judgment to conclude whether having or not having those security properties constitutes 'a secure system'
  • Getting the properties (requirements) right is as important as getting the (model of the) system right
  • There is no magic wand, no blind test that could automatically prove an arbitrary given system is secure
routing in ad hoc networks
Routing in Ad Hoc Networks
  • Routing is a critical service in MANET
    • Multi-hop communication without base station
  • Fully distributed routing
    • Each node is a router
    • No centralized point
    • Topology is dynamic
    • Link failure and message loss occur frequently
  • Routing security in MANET is a very challenging problem
current state
Current State
  • Many ad hoc routing protocols
    • General: AODV, OLSR, DSR, TORA, ZRP, TBRPF, …
    • Security-aware: SAODV, ARAN, SRP, SEAD, Ariande, SLSP, OSRP, Ednaira, SOLSR…
    • Other add-on solution: WATCHDOG, Pathrater, Confidant, SAR, TIARA, IDS, …
  • We don’t fully understand how secure they are?
what we need
What we need?
  • Not only a single data point
    • Protocol  Mobility  Adversary  Security-Property
our recent work
Our Recent Work
  • Provide high assurance of the security of tactical networks – via mathematically rigorous reasoning
    • Develop a formal proof – the specification-based IDS can enforce the given secure routing requirement of the OLSR protocol

Formal Tactical Network model

ACL2 Prover

Tactical network protocol (OLSR)

Formal Security Requirements

……..

……..

………

……..

Formal Protocol Specification

Specification-based IDS

Formal Adversary Model

Formal Model of IDS (constraint, detection algorithm)

security modeling for routing with byzantine nodes
Security Modeling for Routing with Byzantine nodes
  • Protect the network from bad wireless nodes
  • A small number of Byzantine nodes could cause huge problem, e.g.,
    • How to misuse AODV: a case study of insider attacks against mobile ad hoc networks, Peng Ning
    • Attack against OLSR, Cédric Adjih
    • Rushing attacks, wormhole attacks, Sybil attacks
security analysis of ad hoc routing protocols
Security Analysis of Ad Hoc Routing Protocols
  • Define what “secure routing” mean
    • Limit the disruption by Byzantine nodes
    • Routing performance gradually degraded as the number of Byzantine nodes increase
  • Existing security properties
    • Access control – (Secure states / Safety Properties)
    • Information flow – (Noninterference)
    • Data Integrity
    • Availability
types of misbehavior
Types of misbehavior
  • Misbehavior in route-control traffic (distributed computation of routing tables)
    • Routing integrity
  • Misbehavior in forwarding data traffic
tactical network model

A

C

B

G

E

F

D

Tactical Network Model
  • A set of MANET nodes with some malicious nodes.
  • Good nodes follow the protocol
  • Bad nodes can do anything
  • Changing topology and wireless links
  • An events
    • Send / receive packets
    • Protocol-specific events
wireless ad hoc network

A

C

B

G

E

F

D

Wireless Ad Hoc Network
  • Consider a particular execution (or run) of a MANET, producing a trace s
    • The best case is that the bad nodes all behave in a way that conform to the protocol. We denote the resulting trace by s+
    • The best we can do in the worst case is that other nodes treat the bad nodes as non-existence. We denote the trace by s-
original execution trace s

t5

t12

A

A

A

G

G

C

B

C

B

C

B

G

E

D

E

F

F

D

E

F

D

Original Execution Trace - S

t0

Send event

Recv event

An execution trace

C send P1 to D at t1

A send P2 to B at t2

B recv P2 at t5

all bad nodes behave well s

t5

t12

A

A

G

G

C

B

C

B

E

D

E

F

F

D

All bad nodes behave well – S+

t0

A

C

B

G

E

F

D

Send event

Recv event

An execution trace

C send P1 to D at t1

A send P2 to B at t2

B recv P2 at t5

all bad nodes removed s

t0

A

C

B

G

E

F

D

All bad nodes removed: S-

t5

t12

A

A

G

G

C

B

C

B

E

D

E

F

F

D

Send event

Recv event

An execution trace

C send P1 to D at t1

A send P2 to B at t2

B recv P2 at t5

s s s
S, S+, S-

Given a trace of the network

S

Malicious nodes are well behaved

Malicious nodes are removed from the network

S+

S-

security routing requirements
Security Routing Requirements
  • No route degradation - At any time t, the route from x to y in S is at least as good as (no of hops) the route from x to y in either S- or S+.
  • No route being diverted - At any time t, if the route from x to y in S will go through an intermediate node z, then the route from x to y in S or S+ will go through z.
no route degradation

A

A

C

C

B

B

G

G

E

E

F

F

D

D

No route degradation

A to E - 2 hops

A to F - 3 hops

S

A to E - 2 hops

A to F - 2 hops

A to E - 2 hops

A to F - 2 hops

S+

A

S-

B

E

F

D

a formal analysis framework
A Formal Analysis framework

Common Security Properties

Formal Protocol

Specification

Mobility conditions

Adversary model

Highly automated Verification

building blocks for secure ad hoc routing protocol
Building blocks for Secure Ad hoc Routing Protocol

OLSR

  • Building blocks
    • Secure neighbor discovery
    • Secure 2-hop neighbor association

Secure Neighbor Discovery

(1-hop)

2-hop Neighbor Discovery

(2-hop)

MPR Selector

Routing Table

research challenges
Research Challenges
  • Security properties for protocols
  • Fundamental understanding of basic building block for protocol security
  • Support for incremental and reusable proof for proving result with ranges of assumptions
  • Composing protocols in large network
  • Systematic identification of vulnerabilities in protocol specification