Formal Methods and Security Models for Wireless Network Protocols

1 / 21

# Formal Methods and Security Models for Wireless Network Protocols - PowerPoint PPT Presentation

Formal Methods and Security Models for Wireless Network Protocols. Calvin Ko SPARTA, Inc. April 11, 2008. Formal Methods for Security. A precise specification of “security properties” A formal model of the system

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about 'Formal Methods and Security Models for Wireless Network Protocols' - elina

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Formal Methods and Security Models for Wireless Network Protocols

Calvin Ko

SPARTA, Inc.

April 11, 2008

Formal Methods for Security
• A precise specification of “security properties”
• A formal model of the system
• A mathematically rigorous approach to verify that the model of the system satisfies the security properties
• Theorem proving
• Model checking
Some Notes on Formal Verification
• You cannot prove that a system is secure in any absolute sense
• You can only prove that a model of a system does or does not have certain specific security properties
• It requires human judgment to conclude whether having or not having those security properties constitutes 'a secure system'
• Getting the properties (requirements) right is as important as getting the (model of the) system right
• There is no magic wand, no blind test that could automatically prove an arbitrary given system is secure
• Routing is a critical service in MANET
• Multi-hop communication without base station
• Fully distributed routing
• Each node is a router
• No centralized point
• Topology is dynamic
• Link failure and message loss occur frequently
• Routing security in MANET is a very challenging problem
Current State
• Many ad hoc routing protocols
• General: AODV, OLSR, DSR, TORA, ZRP, TBRPF, …
• Security-aware: SAODV, ARAN, SRP, SEAD, Ariande, SLSP, OSRP, Ednaira, SOLSR…
• Other add-on solution: WATCHDOG, Pathrater, Confidant, SAR, TIARA, IDS, …
• We don’t fully understand how secure they are?
What we need?
• Not only a single data point
• Protocol  Mobility  Adversary  Security-Property
Our Recent Work
• Provide high assurance of the security of tactical networks – via mathematically rigorous reasoning
• Develop a formal proof – the specification-based IDS can enforce the given secure routing requirement of the OLSR protocol

Formal Tactical Network model

ACL2 Prover

Tactical network protocol (OLSR)

Formal Security Requirements

……..

……..

………

……..

Formal Protocol Specification

Specification-based IDS

Formal Model of IDS (constraint, detection algorithm)

Security Modeling for Routing with Byzantine nodes
• Protect the network from bad wireless nodes
• A small number of Byzantine nodes could cause huge problem, e.g.,
• How to misuse AODV: a case study of insider attacks against mobile ad hoc networks, Peng Ning
• Attack against OLSR, Cédric Adjih
• Rushing attacks, wormhole attacks, Sybil attacks
Security Analysis of Ad Hoc Routing Protocols
• Define what “secure routing” mean
• Limit the disruption by Byzantine nodes
• Routing performance gradually degraded as the number of Byzantine nodes increase
• Existing security properties
• Access control – (Secure states / Safety Properties)
• Information flow – (Noninterference)
• Data Integrity
• Availability
Types of misbehavior
• Misbehavior in route-control traffic (distributed computation of routing tables)
• Routing integrity
• Misbehavior in forwarding data traffic

A

C

B

G

E

F

D

Tactical Network Model
• A set of MANET nodes with some malicious nodes.
• Good nodes follow the protocol
• Bad nodes can do anything
• Changing topology and wireless links
• An events
• Protocol-specific events

A

C

B

G

E

F

D

• Consider a particular execution (or run) of a MANET, producing a trace s
• The best case is that the bad nodes all behave in a way that conform to the protocol. We denote the resulting trace by s+
• The best we can do in the worst case is that other nodes treat the bad nodes as non-existence. We denote the trace by s-

t5

t12

A

A

A

G

G

C

B

C

B

C

B

G

E

D

E

F

F

D

E

F

D

Original Execution Trace - S

t0

Send event

Recv event

An execution trace

C send P1 to D at t1

A send P2 to B at t2

B recv P2 at t5

t5

t12

A

A

G

G

C

B

C

B

E

D

E

F

F

D

All bad nodes behave well – S+

t0

A

C

B

G

E

F

D

Send event

Recv event

An execution trace

C send P1 to D at t1

A send P2 to B at t2

B recv P2 at t5

t0

A

C

B

G

E

F

D

t5

t12

A

A

G

G

C

B

C

B

E

D

E

F

F

D

Send event

Recv event

An execution trace

C send P1 to D at t1

A send P2 to B at t2

B recv P2 at t5

S, S+, S-

Given a trace of the network

S

Malicious nodes are well behaved

Malicious nodes are removed from the network

S+

S-

Security Routing Requirements
• No route degradation - At any time t, the route from x to y in S is at least as good as (no of hops) the route from x to y in either S- or S+.
• No route being diverted - At any time t, if the route from x to y in S will go through an intermediate node z, then the route from x to y in S or S+ will go through z.

A

A

C

C

B

B

G

G

E

E

F

F

D

D

A to E - 2 hops

A to F - 3 hops

S

A to E - 2 hops

A to F - 2 hops

A to E - 2 hops

A to F - 2 hops

S+

A

S-

B

E

F

D

A Formal Analysis framework

Common Security Properties

Formal Protocol

Specification

Mobility conditions

Highly automated Verification

Building blocks for Secure Ad hoc Routing Protocol

OLSR

• Building blocks
• Secure neighbor discovery
• Secure 2-hop neighbor association

Secure Neighbor Discovery

(1-hop)

2-hop Neighbor Discovery

(2-hop)

MPR Selector

Routing Table

Research Challenges
• Security properties for protocols
• Fundamental understanding of basic building block for protocol security
• Support for incremental and reusable proof for proving result with ranges of assumptions
• Composing protocols in large network
• Systematic identification of vulnerabilities in protocol specification