Network Security Security in Wireless Ad Hoc Networks 1 Network Security Chapter 8. Security in...
-
Upload
lester-mcdonald -
Category
Documents
-
view
224 -
download
1
Transcript of Network Security Security in Wireless Ad Hoc Networks 1 Network Security Chapter 8. Security in...
Network Security Security in Wireless Ad Hoc Networks 1
Network Security
Chapter 8. Security in Wireless Ad Hoc Networks
Network Security Security in Wireless Ad Hoc Networks 2
Introduction
Routing in Multihop Ad Hoc Networks
Key Establishment and Authentication
Confidentiality and Integrity
–Loopholes
Bluetooth
Objectives
Network Security Security in Wireless Ad Hoc Networks 3
Additional slide for the previous week.
Network Security Security in Wireless Ad Hoc Networks 4
Additional slide for the previous week.
Network Security Security in Wireless Ad Hoc Networks 5
IntroductionWhat is Ad Hoc Network?
What is the characteristic?
Network Security Security in Wireless Ad Hoc Networks 6
Ad Hoc Networks– Network formed on-the-fly (ad hoc, or as-needed basis)
– Mainly refer to Wireless Ad Hoc network
Mobile Ad Hoc Networks(MANETs)– Nodes forming the network are mobile.
Usage scenario
What is Ad Hoc Network?
Network Security Security in Wireless Ad Hoc Networks 7
No dedicated routing devices–Nodes themselves have to act as routers
Network topology may change rapidly and unpredictably as nodes move.
Other things – Battery life, bandwidth.
Limitations
Network Security Security in Wireless Ad Hoc Networks 8
Classification
Geographically–Personal area networks(PANs)
–Wide area networks(WANs)
Node’s capability of acting as router–Single-hop ad hoc network
–Multi-hop ad hoc network – nodes have routing capability.
Normally–PAN – Single hop
–Ad hoc LAN & Ad hoc WAN – multi-hop
Network Security Security in Wireless Ad Hoc Networks 9
Routing in Multi-hop Ad Hoc Networks
Why routings are problem in a Multi-hop Ad Hoc Network?
Network Security Security in Wireless Ad Hoc Networks 10
Distance Vector Routing Updates(FYI)
Network Security Security in Wireless Ad Hoc Networks 11
Distance Vector Routing Updates(FYI)
RIP – Hop Count
IGRP and EIGRP – Bandwidth, Delay, Reliability, Load
No! MTU is never used as a routing
metric. Some documentation is incorrect on this
item.
Network Security Security in Wireless Ad Hoc Networks 12
Distance Vector Routing Protocols-(FYI)
• “Routing by rumor”• Each router receives a routing table from its directly connected
neighbor routers.
• Router B receives information from Router A.
• Router B adds a distance vector number (such as a number of hops), which increases the distance vector.
• Then Router B passes this new routing table to its other neighbor, Router C.
• This same step-by-step process occurs in all directions between neighbor routers.
Network Security Security in Wireless Ad Hoc Networks 13
Distance Vector Routing Protocols-(FYI)
Network Security Security in Wireless Ad Hoc Networks 14
RTA RTB RTCNetwork W Network X Network Y Network Z
Routing Table (Distance) (Vector)Net. Hops Exit-int.W 0 <--X 0 -->
Routing Table (Distance) (Vector)Net. Hops Exit-int.X 0 <--Y 0 -->
Routing Table (Distance) (Vector)Net. Hops Exit-int.Y 0 <--Z 0 -->
Distance Vector Network Discovery-(FYI)
RTA RTB RTCNetwork W Network X Network Y Network Z
Routing UpdateNet. Hops Next-hop-addW 1 RTAX 1 RTA
Routing UpdateNet. Hops Next-hop-addX 1 RTBY 1 RTB
Routing UpdateNet. Hops Next-hop-addY 1 RTCZ 1 RTC
Routing Update
Network Security Security in Wireless Ad Hoc Networks 15
RTA RTB RTCNetwork W Network X Network Y Network Z
Routing UpdateNet. Hops Next-hop-addW 1 RTAX 1 RTAY 2 RTA
Routing UpdateNet. Hops Next-hop-addX 1 RTBY 1 RTBW 2 RTBZ 2 RTB
Routing UpdateNet. Hops Next-hop-addY 1 RTCZ 1 RTCX 2 RTC
Routing Table (Distance) (Vector)Net. Hops Exit-int.W 0 <--X 0 -->Y 1 RTBZ 2 RTB
Routing Table (Distance) (Vector)Net. Hops Exit-int.X 0 <--Y 0 -->W 1 RTAZ 1 RTC
Routing Table (Distance) (Vector)Net. Hops Exit-int.Y 0 <--Z 0 -->X 1 RTBW 2 RTB
Routing Table (Distance) (Vector)Net. Hops Exit-int.W 0 <--X 0 -->Y 1 RTB
Routing Table (Distance) (Vector)Net. Hops Exit-int.X 0 <--Y 0 -->W 1 RTAZ 1 RTC
Routing Table (Distance) (Vector)Net. Hops Exit-int.Y 0 <--Z 0 -->X 1 RTB
ExistingRoutingTables
NewRoutingTables
Distance Vector Network Discovery-(FYI)
Routing Update
Network Security Security in Wireless Ad Hoc Networks 16
RTA RTB RTCNetwork W Network X Network Y Network Z
Routing Table (Distance) (Vector)Net. Hops Exit-int.W 0 <--X 0 -->Y 1 RTBZ 2 RTB
Routing Table (Distance) (Vector)Net. Hops Exit-int.X 0 <--Y 0 -->W 1 RTAZ 1 RTC
Routing Table (Distance) (Vector)Net. Hops Exit-int.Y 0 <--Z 0 -->X 1 RTBW 2 RTB
RoutingTables
Distance Vector Network Discovery-(FYI)
Convergence!
Network Security Security in Wireless Ad Hoc Networks 17
Modify existing link state or distance-vector routing protocol– Existing link state : OSPF
– Existing distance-vector : RIPv2
Periodically distribute routing information.
Based on this information, each router maintains routing table which entries are best paths for a destination network.
Short forwarding delay.
Lots of overhead and battery life – network topology information distribution.
Suitable for a network where the number of nodes is small and nodes have limited mobility.
Proactive Routing
Network Security Security in Wireless Ad Hoc Networks 18
Work by computing a route only when it is needed.
To forward a packet.
1) discover the route to the destination
2) sends out the message.
Saving bandwidth and battery life – do not require periodic transmission of messages.
Long forwarding delays.
Most suitable for a network dynamic topology
A large number of nodes in the network.
Reactive Routing
Network Security Security in Wireless Ad Hoc Networks 19
Hybrid Routing
Combine the advantage of proactive routing and reactive routing
Example : Zone Routing Protocol (ZRP)–Divide the network into zone
–Within a zone (tire-1) – run reactive routing protocols.
–Inter-zone – run proactive routing,
inter zone message – routed via zone gateway.
zone gateway forms tire-2 network.
Network Security Security in Wireless Ad Hoc Networks 20
Routing in ad hoc network is based on cooperation among nodes in the network.
– inherent trust relationship among nodes
–Attractive target for attacks.
Attacking source –External attacks – attack from external nodes (not part of the network)
–Internal attacks – compromised node
Attacking type
–Injecting erroneous routing information
–Replying old routing information
–Distorting routing information
Results–Unintended network partitioning, excessive traffic load, loops in the network, insufficient routing, total collapse of the network
Routing Attacks
Network Security Security in Wireless Ad Hoc Networks 21
Routing Attacks
Internal attacks are more harder to detect – challenging field
–Information is invalid ?
•Network topology change?
•Sending node compromised?
•Compromised node even can generate valid signature.- hard to detect.
Network Security Security in Wireless Ad Hoc Networks 22
Multiple path with sufficient valid nodes–Bypass the compromised nodes.
ARAN (Authenticated Routing for Ad Hoc Networks)–On-demand routing
–PKI-based – signing routing massage using private key.
–Heavy processing overhead
–Does not protect against internal attack from compromised nodes.
SAR (Security-aware Ad Hoc Routing)–Use Symmetric Key Cryptography.
– assign a trust level to each node.
– Nodes at the same trust level shares symmetric key.
– routing message is encrypted/decrypted
Secure routing
Network Security Security in Wireless Ad Hoc Networks 23
Secure Routing Non cryptographic approach – Sergio Marti et al.
–Watchdogs
•Per-link encryption is not applied.
• listen to the next node’s transmission to find out it forwards the packet correctly.
–Pathraters
•Combines the information collected from the watchdogs with the routing table information to select the most robust routing links.
–Weakness
•Hidden node problem – possibility of collision at the watchdog (hidden node) or the receiver. corrupt the information collected by watchdog.
•Does not prevent against internal routing attack (aim to network partition)
•Network partition – break a link between two nodes in the same network in some way.
Network Security Security in Wireless Ad Hoc Networks 24
Key Establishment and Authentication
Network Security Security in Wireless Ad Hoc Networks 25
Basis of most key establishment and authentication schemes for
multi-hop ad networks. PKC & PKI
–use certificate to provide cryptographic service (confidentiality, authentication, data
integrity, non-repudiation)–every node trust a third party (Certificate authority)
Roles of CA in PKI1.Bob CA : request Alice’s Public key.
2.CA Bob: Certificate KiCA{ Alice’s Public key is KWA}
3.Bob : decrypt the certificate (verify the CA’s signature) with CA’s public
key and obtain Alice’s public key.
4.Now Bob trust Alice’s public key.
In Ad Hoc network − distribute CA’s functionality − Define virtual CA.− Use threshold cryptography – threshold secret sharing.
Threshold Secret Sharing
Network Security Security in Wireless Ad Hoc Networks 26
Threshold cryptography
–Divide the system secret into Q parts
–Any S(< Q) of these parts are enough to carry out a cryptographic
operation.
– Q nodes poses shares of the system secret and any S of the
node can work in coalition.
–Ex) the concept of threshold cryptography
• f(x) = ax2 + bx + c.
• f(x) : cryptographic function.
• a, b, c : secret parameter.
• each 5 nodes have a different valid point for a given secret a, b, c
• if 3 nodes points is enough to reconstruct the cryptographic function.
Threshold Secret Sharing
Network Security Security in Wireless Ad Hoc Networks 27
Server in virtual–Initialize securely its share of the system secret.
–A server knows the public key of all nodes which can join the ad hoc network.
Authentication in PKC1.A B : rand
2.B A : EiB(rand)
3.A : decrypt B’s response and compare two rand value.
Authentication in threshold PKC1.A * : request B’s certificate
2.CA server combiner : partial certificate for B
3.Combiner : generate complete certificate with S partial certificate.
4.Combiner A : B’s certificate.
Threshold Secret Sharing
Network Security Security in Wireless Ad Hoc Networks 28
Threshold Secret Sharing (TSS)
How to verify the validity of complete key.–Public key of the virtual CA is known to all nodes.
–Combiner can verify the complete certificate by decrypting the complete certificate.
–If verifying fails, combiner can use another partial certificate.
What if the combiner is compromised?–Assign the role of combiner to a server which is more secure.
–Use multiple combiners.
• To protect against attack over long term period – periodically update the shared secrets.
What was the assumption in the TSS?–Secure initialization of shares secrets on Q servers.
–Each server can be configured securely with the public keys of all nodes which can potentially join the ad hoc network.
–How to reduce the dependency of the system on this assumption? – see text p.209.
Network Security Security in Wireless Ad Hoc Networks 29
After Authentication, perform a suitable key establishment protocol to establish a session key for the confidentiality and integrity service.
Because of limited processing power, most ad hoc would prefer to use stream cipher for encryption and an integrity algorithm. But be careful to use stream cipher in wireless environment.
Confidentiality and Integrity
Network Security Security in Wireless Ad Hoc Networks 30
Bluetooth
Network Security Security in Wireless Ad Hoc Networks 31
Wireless ad hoc networking technology
Operates in the unlicensed 2.4GHz frequency range (Industrial
Scientific and Medical (ISM) band).
Geographical coverage limited to personal areas networks (PAN)
Point-to-point and point-to-multipoint links
Support synchronous and asynchronous traffic
Concentrate on single-hop traffic.
FHSS with GFSK modulation
Low power and low cost given important consideration
Adopted as the IEEE 802.5.1 PHY and MAC standard.
(Wireless Personal Area Network standard )
Features of Bluetooth
Network Security Security in Wireless Ad Hoc Networks 32
Applications of Bluetooth Cell phone
Interconnecting the various components (keyboard, mouse, monitor, ….) of PC.
Imagine your application?
Network Security Security in Wireless Ad Hoc Networks 33
Bluetooth Basics Piconet concept
–one master and up to seven active slaves (8 devices in a cell)
–A device may participate in more than one piconet simultaneously.
Scatternet – joining more than two piconets.
– rare in commercial deployments : routing and timing issue.
Network Security Security in Wireless Ad Hoc Networks 34
Security Modes Only focus on Single-hop piconets in this study
Bluetooth define layer 1 & 2 protocol.
For the wide range application, tried to solve the problem of interoperability.
–Defines application profiles (pf).
Application pf–Defines an unambiguous description of the communication interface between two Bluetooth devices or one particular service or application.
–Basic pf - Fundamental procedure for Bluetooth communication.
–Special pf – defined for distinct service or applications
–Build new pf with existing pf allowing hierarchical pf.
Network Security Security in Wireless Ad Hoc Networks 35
Profiles in Bluetooth Each service or application selects the appropriate pf depending on
its needs.
Each application may have different security requirements
Each pf may define different security modes.
GAP (Generic Access profile)– Discover Bluetooth device
– Link management
Network Security Security in Wireless Ad Hoc Networks 36
Bluetooth Protocol stack
Network Security Security in Wireless Ad Hoc Networks 37
Security Modes
Security mechanism – implemented in Layer 2 link level.
Bluetooth security does not provide end-to-end security.
Dose not deal with application layer security
Implementation–Authentication procedure – must
–Encryption procedure – may or may not
But usages are different aspect–master and slaver decide the use of each procedures
Network Security Security in Wireless Ad Hoc Networks 38
Security Modes
Modes 1 : Unsecured mode–If peer wish to auth. – another peer must respond to the challenge.
–If peer with to enc.- another peer most use enc if it supports it.
Modes 3 : always on security mode–Always initiate authentication
–Encryption is not compulsory term.
–If peer want encryption left to higher layer
Modes 2 : intermediate–All things are left to higher layer security manager.
Network Security Security in Wireless Ad Hoc Networks 39
Security levels Device level : "trusted device" and "untrusted device.“
–Trusted device have unlimited service access
Services security levels:– Services that require authorization and authentication.
– Services that require authentication only.
– Services that are open to all devices
Network Security Security in Wireless Ad Hoc Networks 40
Key Establishment
Network Security Security in Wireless Ad Hoc Networks 41
Pass Key
Top level key = Pass-Key (PKEY), –Variable PKEYs – chosen at the time of pairing
• chosen at the time of pairing
•user enters during pairing process
•Usage scenario : conference room Bluetooth network with notebook.
–Fixed PKEYs
•Preconfigured into the Bluetooth device.
• Usage scenario : network between the headset and cell phone.
– can be as long as 127bits (not specify the exact length)
– PKEY Link Key
• If PKEY is small the dictionary attack is possible.
Network Security Security in Wireless Ad Hoc Networks 42
Initialization Key( KINIT )
Short-lived temporary key.
Used only during the pairing process.
Network Security Security in Wireless Ad Hoc Networks 43
Link Key( LK )
Shed secret when the pairing sequences ends.
Unit link key
–Deprecated because of the security holes.
Combination link key
–Derived from existing link key
• When devices are repeatedly communicate, store this link key to reuse.
• Maintain <remote_device_address, link_key> pairs
–Derived from initialization key( KINIT)
3 source of link key–Use an existing link key.
–Use an existing link key to generate a fresh link key.
–Use the initialization key KINIT to generate a link key.
Network Security Security in Wireless Ad Hoc Networks 44
Combination Link Key Generation
KSTART : existing LK or KINIT
Network Security Security in Wireless Ad Hoc Networks 45
Encryption Key( CK of KC )
Network Security Security in Wireless Ad Hoc Networks 46
Because of export restriction( key size limitation )
• Implemented in hardware using linear feedback andfeed forward registers.
Payload Key (KP)
Constraint Key( Kc’) & Payload Key
Network Security Security in Wireless Ad Hoc Networks 47
Broadcast Key Hierarchy
Unicast : a master a slave
Broadcast : a Master * (with special address)
• overlay key can then be used for conveying the Master Key to each of the slaves.
Temporary key, never reused
Network Security Security in Wireless Ad Hoc Networks 48
E0 : stream cipher
E1,E3, E21, E22 : 128bit block cipher SAFER+ (was a candidate of AES)
The Algorithms
Network Security Security in Wireless Ad Hoc Networks 49
Two party : –Claimant (claims a certain identity), verifier
–Master and slave can acts as verifier depends on the upper layer.
Who is the verifier depends on higher layers
Authentication
Network Security Security in Wireless Ad Hoc Networks 50
ACO : used to generate KC (encryption key).–Serves to link authentication process to rest of the session.
–For mutual authentication two ACOs – last ACO is used in KC gen.
Authentication
Network Security Security in Wireless Ad Hoc Networks 51
Confidentiality
Network Security Security in Wireless Ad Hoc Networks 52
Access code - unencrypted–derived from masters MAC address of a piconet.
–Uniquely identifies a piconet. - Identify the packet for the piconet.
–Used by slave to synchronize their clock to the master’s closk.
Header : not encrypted
Payload : encrypted–CRC is appended before encryption.
–Stream cipher – in a wireless medium, a security loophole.
•Changing the key per packet. – CK-VAL (changes every 625 usec)
Bluetooth Packet Format
Network Security Security in Wireless Ad Hoc Networks 53
CRC – same loopholes as WEP (Chapter 7).
Some Attacks on Bluetooth–Algebraic attack and correlation attack on E0
• frequent payload key change protect correlation attack.
–Packet header no protection – Link Layer Attack.
–Snarf attack – possible to connect to a cell without the knowledge of the owner.
•Can access phone book, calender, clock, IMEI (clone)
–Ericsson, Nokia
–Backdoor attack
–BlueBug
Integrity Protection
Network Security Security in Wireless Ad Hoc Networks 54
Bluetooth – IEEE Potentials
Bluetooth Security White paper – IEEE Bluetooth expert Group.
Security in Bluetooth, WLAN and IrDA: a comparison
Bluetooth Security – with some summary on the attacks
Resources