Mobile Security 2010 - #14 - Carnegie Mellon...

©2011 Patrick Tague

Mobile Security14-829 – Fall 2011

Patrick Tague

Class #19 – Mobile ad-hoc and

mesh network security


Agenda• Ad hoc & mesh network security

– Overview of ad hoc & mesh networking– Comparison between network types– Unique security concerns

• Reminder– HW #4 posted, due 11/21


Ad hoc Networks• What is an ad hoc network?

– Definition: self-configuring wireless network of mobile devices

– Definition: decentralized wireless network with no preexisting infrastructure (e.g., routers, APs)

– Definition: temporary wireless network for a specific purpose


Examples


Characteristics / Challenges


ComparisonMobile Cellular WLAN MANET

AccessControl

Infra-structure

Towers, operator network, Internet

Mutual auth., sub. based access

Voice, SMS, MMS, web/email/data

Access points, Internet

Optional link enc/auth

Services Web/email/data

Conf. & Integrity

None

Data, control, coordination

?

Mandated link enc/auth Mixed

Trust(Some) users trust the operators

(Some) users trust APs/ops

Behavioral trust in others

Payment or sub. based access


Mesh Network• Pure ad-hoc network

– No infrastructure, completely flat architecture

• Hybrid ad-hoc network– Adding dedicated nodes which connect ad-hoc

network to a wireless backbone– Hierarchical architecture

• Mesh network - multi-hop hybrid ad-hoc network• However, there’s no strict boundary between

the ad-hoc network and the mesh network.


Standards for Mesh Network

Type of mesh networks Corresponding standards

WMAN mesh (WiMAX)IEEE 802.16a (mesh option), IEEE 802.16j (multihop relay)

WLAN mesh (Wi-Fi) IEEE 802.11s

LR-WPAN mesh (ZigBee) IEEE 802.15.5


WMAN Mesh

(a) point-to-multipoint mode

(b) mesh mode

[Lee et. al, 06]


WLAN Mesh

[Lee et. al, 06]


Security in MANETs• What aspects of information, network, and

system security are harder in MANETs?– Addressing/naming/identity management issues

– Device/user authentication

– Routing/discovery

– Accountability

– Access / entry to network

– Intrusion detection/prevention system

– Trusted information management


Lack of Infrastructure• Implies that security mechanisms are

decentralized / distributed

• Who do you trust?

• What if you don't trust anyone?

• What services are no longer secure?


Mobility• Network is fluid

– Security associations are dynamic or short-lived

– Members can join and leave network or groups

– Observing behaviors over a long period (e.g., for monitoring or intrusion detection) is not possible

– Dynamic connectivity and reachability


Resource Constraints• Harder security problems have to be solved with

less resource availability/certainty

• Attackers are legitimately as-or-more powerful and capable than defenders


Coordination• Shared wireless, but not single-collision (e.g.,

trying to access a single WLAN AP)

• When is coordination required?

• Who is the coordinator?


Opportunities for Misbehavior• With no authority, controller, or coordinator,

attackers can misbehave arbitrarily!– Layered attackers

• Targeted misbehavior at the PHY, MAC, NET, TRANS, or APP layers

– Cross-Layer attackers• Can incorporate information from multiple network layers

for various attack gains


PHY Misbehavior• Highly-efficient, distributed, collaborative

jamming attacks

• Distributed establishment and management of control channels (very easy in centralized)– Any greedy or malicious user can prevent or degrade

channel allocation or setup


MAC Misbehavior• Very similar to what we talked about in WLAN,

but now there's no base station– Who does detection?– Who is in control?– Who does the enforcement?– What can they enforce?


NET Misbehavior• Routing and forwarding

– How to establish a trusted/trustworthy path?• Avoid black/gray/worm-holes, forced loops, etc.

– How to react to trust changes or attack detection?

– How to detect forwarding faults? Natural or malice?

– How to enforce forwarding correctness?


TRANS Misbehavior• Transport protocols are very sensitive to the

wireless multihop domain

• Malicious or greedy users can have significant impact with very little resource expense– E.g., drop a few packets and impact rate control for

quite a while


APP Misbehavior• Greedy users can demand/impose an unfair

resource usage whenever they have a high-demand application running

• How to dictate who gets what resources?• Performance guarantees may depend highly on

the structure/function of the network– Multi-function networks become very difficult to

design for– How to include various QoS types/classes, security

types/classes, and detection capabilities?


Cross-Layer Approaches• Many of the issues are implicitly cross-layer

– They involve various parameters from across the protocol stack

– Jamming is at the PHY, but impacts everything above

– Defending against PHY jamming may require monitoring/detection at all layers above it


Cross-Layer Attacks

How can attackers leverage higher/lower-layer information to formulate new attacks

or vastly increase performance?


Cross-Layer Defenses

How can communicating systems increase awareness of lower/higher-layer operations

to (efficiently) improve robustness to attack?


MANET Realities• Recently claimed that true MANETs have very

few good applications– Most practical systems end up being hybrids (e.g.,

mesh or sensor networks)• Adding base stations to a MANET provides shared cloud

access

• Multihop networking among Internet devices allows local communication without cloud services


Tethering to the Cloud• Extension of the ad hoc vision

– Leveraging occasional connections to the Internet through mesh or DTN may have advantages and disadvantages

– Sensor networks are connected through base stations to relay sensed information, but typically operate independent of the cloud

– What are the opportunities for leveraging that possible connection?


Detaching from the Cloud• Convergence of the WLAN/cell/MANET domains

can also move the other way– Cell services don't always require the cloud, so why

not take those services off?• Save bandwidth, reduces risk of information leakage, etc.

– e.g. home energy management systems• Why is all my private home and energy use/management

information stored on the cloud when I access it from my couch?

• Billing issues?


Current Research• Understanding MANETs

– How to achieve secure operation in a distributed, resource-limited system without relying on the cloud?

• Understanding adversaries– What are practical, intelligent, and motivated

attackers capable of doing?

• Understanding opportunities– What types of applications/services can be supported

in a MANET system with limited/no cloud access?– In a hybrid/mesh system, what opportunities are

introduced? What are the risks?


What's Next?• 11/16: MANET security issues in smartphones

• 11/21: Emerging mobile scenarios: Disaster communication

Mobile Security 2010 - #14 - Carnegie Mellon...

Documents

Transcript of Mobile Security 2010 - #14 - Carnegie Mellon...