Mobile Security 2010 - #14 - Carnegie Mellon...
Transcript of Mobile Security 2010 - #14 - Carnegie Mellon...
©2011 Patrick Tague
Mobile Security14-829 – Fall 2011
Patrick Tague
Class #19 – Mobile ad-hoc and
mesh network security
©2011 Patrick Tague
Agenda• Ad hoc & mesh network security
– Overview of ad hoc & mesh networking– Comparison between network types– Unique security concerns
• Reminder– HW #4 posted, due 11/21
©2011 Patrick Tague
Ad hoc Networks• What is an ad hoc network?
– Definition: self-configuring wireless network of mobile devices
– Definition: decentralized wireless network with no preexisting infrastructure (e.g., routers, APs)
– Definition: temporary wireless network for a specific purpose
©2011 Patrick Tague
Examples
©2011 Patrick Tague
Characteristics / Challenges
©2011 Patrick Tague
ComparisonMobile Cellular WLAN MANET
AccessControl
Infra-structure
Towers, operator network, Internet
Mutual auth., sub. based access
Voice, SMS, MMS, web/email/data
Access points, Internet
Optional link enc/auth
Services Web/email/data
Conf. & Integrity
None
Data, control, coordination
?
Mandated link enc/auth Mixed
Trust(Some) users trust the operators
(Some) users trust APs/ops
Behavioral trust in others
Payment or sub. based access
©2011 Patrick Tague
Mesh Network• Pure ad-hoc network
– No infrastructure, completely flat architecture
• Hybrid ad-hoc network– Adding dedicated nodes which connect ad-hoc
network to a wireless backbone– Hierarchical architecture
• Mesh network - multi-hop hybrid ad-hoc network• However, there’s no strict boundary between
the ad-hoc network and the mesh network.
©2011 Patrick Tague
Standards for Mesh Network
Type of mesh networks Corresponding standards
WMAN mesh (WiMAX)IEEE 802.16a (mesh option), IEEE 802.16j (multihop relay)
WLAN mesh (Wi-Fi) IEEE 802.11s
LR-WPAN mesh (ZigBee) IEEE 802.15.5
©2011 Patrick Tague
WMAN Mesh
(a) point-to-multipoint mode
(b) mesh mode
[Lee et. al, 06]
©2011 Patrick Tague
WLAN Mesh
[Lee et. al, 06]
©2011 Patrick Tague
Security in MANETs• What aspects of information, network, and
system security are harder in MANETs?– Addressing/naming/identity management issues
– Device/user authentication
– Routing/discovery
– Accountability
– Access / entry to network
– Intrusion detection/prevention system
– Trusted information management
©2011 Patrick Tague
Lack of Infrastructure• Implies that security mechanisms are
decentralized / distributed
• Who do you trust?
• What if you don't trust anyone?
• What services are no longer secure?
©2011 Patrick Tague
Mobility• Network is fluid
– Security associations are dynamic or short-lived
– Members can join and leave network or groups
– Observing behaviors over a long period (e.g., for monitoring or intrusion detection) is not possible
– Dynamic connectivity and reachability
©2011 Patrick Tague
Resource Constraints• Harder security problems have to be solved with
less resource availability/certainty
• Attackers are legitimately as-or-more powerful and capable than defenders
©2011 Patrick Tague
Coordination• Shared wireless, but not single-collision (e.g.,
trying to access a single WLAN AP)
• When is coordination required?
• Who is the coordinator?
©2011 Patrick Tague
Opportunities for Misbehavior• With no authority, controller, or coordinator,
attackers can misbehave arbitrarily!– Layered attackers
• Targeted misbehavior at the PHY, MAC, NET, TRANS, or APP layers
– Cross-Layer attackers• Can incorporate information from multiple network layers
for various attack gains
©2011 Patrick Tague
PHY Misbehavior• Highly-efficient, distributed, collaborative
jamming attacks
• Distributed establishment and management of control channels (very easy in centralized)– Any greedy or malicious user can prevent or degrade
channel allocation or setup
©2011 Patrick Tague
MAC Misbehavior• Very similar to what we talked about in WLAN,
but now there's no base station– Who does detection?– Who is in control?– Who does the enforcement?– What can they enforce?
©2011 Patrick Tague
NET Misbehavior• Routing and forwarding
– How to establish a trusted/trustworthy path?• Avoid black/gray/worm-holes, forced loops, etc.
– How to react to trust changes or attack detection?
– How to detect forwarding faults? Natural or malice?
– How to enforce forwarding correctness?
©2011 Patrick Tague
TRANS Misbehavior• Transport protocols are very sensitive to the
wireless multihop domain
• Malicious or greedy users can have significant impact with very little resource expense– E.g., drop a few packets and impact rate control for
quite a while
©2011 Patrick Tague
APP Misbehavior• Greedy users can demand/impose an unfair
resource usage whenever they have a high-demand application running
• How to dictate who gets what resources?• Performance guarantees may depend highly on
the structure/function of the network– Multi-function networks become very difficult to
design for– How to include various QoS types/classes, security
types/classes, and detection capabilities?
©2011 Patrick Tague
Cross-Layer Approaches• Many of the issues are implicitly cross-layer
– They involve various parameters from across the protocol stack
– Jamming is at the PHY, but impacts everything above
– Defending against PHY jamming may require monitoring/detection at all layers above it
©2011 Patrick Tague
Cross-Layer Attacks
How can attackers leverage higher/lower-layer information to formulate new attacks
or vastly increase performance?
©2011 Patrick Tague
Cross-Layer Defenses
How can communicating systems increase awareness of lower/higher-layer operations
to (efficiently) improve robustness to attack?
©2011 Patrick Tague
MANET Realities• Recently claimed that true MANETs have very
few good applications– Most practical systems end up being hybrids (e.g.,
mesh or sensor networks)• Adding base stations to a MANET provides shared cloud
access
• Multihop networking among Internet devices allows local communication without cloud services
©2011 Patrick Tague
Tethering to the Cloud• Extension of the ad hoc vision
– Leveraging occasional connections to the Internet through mesh or DTN may have advantages and disadvantages
– Sensor networks are connected through base stations to relay sensed information, but typically operate independent of the cloud
– What are the opportunities for leveraging that possible connection?
©2011 Patrick Tague
Detaching from the Cloud• Convergence of the WLAN/cell/MANET domains
can also move the other way– Cell services don't always require the cloud, so why
not take those services off?• Save bandwidth, reduces risk of information leakage, etc.
– e.g. home energy management systems• Why is all my private home and energy use/management
information stored on the cloud when I access it from my couch?
• Billing issues?
©2011 Patrick Tague
Current Research• Understanding MANETs
– How to achieve secure operation in a distributed, resource-limited system without relying on the cloud?
• Understanding adversaries– What are practical, intelligent, and motivated
attackers capable of doing?
• Understanding opportunities– What types of applications/services can be supported
in a MANET system with limited/no cloud access?– In a hybrid/mesh system, what opportunities are
introduced? What are the risks?
©2011 Patrick Tague
What's Next?• 11/16: MANET security issues in smartphones
• 11/21: Emerging mobile scenarios: Disaster communication