• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
422
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
30
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Another commonly used model for wireless networks is the so called Packet radio network. Here, two nodes can communicate directly with each other if they are within the transmission range. So as shown in the figure, nodes u and v are neighbors. So are u and u'. However the main drawback of this model is that it does not handle the case where the interference range of messages is larger than the transmission range.
  • A main drawback of this model is that it does not handle the case where the interference range of messages is bigger then the transmission range. For example in the above network, it could happen that simultaneous transmissions of nodes v' and w can interfere at u even though w is not a neighbor of u.
  • Not handling larger interference could lead to several problems. Consider the above network where broadcasting is to be performed. In the situation that all nodes in U interfere at t but t cannot receive messages from any node except u, then existing protocols fail.
  • To address this phenomenon of bigger interference range, people have also looked at the case where the model allows for the interference range being a constant times bigger than the transmission range. The problem with this model is that the values for r_t and r_i are independent of node positions. In our model, we address all these limitation.
  • Given a set of nodes in a 2-dim Euclidean plane, with Euclidean distance function d, consider any cost function c. We require that c be symmetric and be within a delta of the actual distance d. As shown in the figure then u has nodes v and a as neighbors whereas nodes b and w are not neighbors of u. Our model thus allows the transmission range to even have holes and islands.
  • Explaining now what are the transmission and interference ranges.
  • Carrier sensing is need in the absence of any information about the network. Another feature of our model is the ability of nodes to perform carrier sensing. Physical Carrier sensing refers to the ability of nodes to sense the medium via special circuitry. Physical carrier sensing is provided by a clear channel assessment circuit. CCA monitors the physical medium as a function of the RSSI. If the received energy is above a certain threshold then a ED bit is set. This threshold can be adjusted in a register.
  • To model physical carrier sensing, we introduce two values. r si and rst. Both grow monotonically with T and P. For a given threshold T, if transmission occur with a power P, then any node v transmitting within a distance of rst(T,P), i.e., c(v,w) ≤ rst(T,P) will be sensed by node w, whp. The range rsi has the property that if a node w senses a transmission while using threshold T then there is at least one node v' with c(v',w) ≤ rsi(T, P) that transmitted a message with power P. For the values T and P, transmission of nodes outside of r_si(T,P) cannot be sensed any time by node w.

Transcript

  • 1. Security Issues and Challenges in Wireless Networks Kishore Kothapalli Bruhadeshwar Bezawada Center for Security, Theory, and Algorithmic Research (CSTAR) International Institute of Information Technology Hyderabad, INDIA
  • 2. Introduction
    • Wireless stations, or nodes, communicate over a wireless medium
      • Networks operating under infrastructure mode e.g., 802.11, 802.16, Cellular networks
      • Networks operating with limited or no infrastructural support e.g., ad hoc networks in AODV mode
    • Security threats are imminent due to the open nature of communication
      • Two main issues: authentication and privacy
      • Other serious issues: denial-of-service
    • A categorization is required to understand the issues in each situation.
  • 3. Introduction – Wireless Technologies
    • Different technologies have been developed for different scenarios and requirements
    • WiFi is technology for Wireless LANs and short range mobile access networks
    • WiMAX is technology for last mile broadband connectivity
    • Wireless USB is technology for Internet connectivity on the go
    • Other technologies like Infrared (TV remotes etc), Bluetooth (soon to be obsolete) etc are short range
    • Extreme bandwidth but short range technologies are Gigabit wireless etc
  • 4. Introduction
    • Fixed Infrastructure
      • Base stations that are typically not resource constrained.
      • Examples: sensor networks, and cellular networks.
      • Mobility of nodes but not of base stations.
  • 5. Introduction
    • Ad hoc wireless networks
      • No infrastructural support.
      • Nodes also double up as routers.
      • Mobility of nodes.
      • Examples laptops/cellphones operating in ad hoc mode.
    Image from www.microsoft.com
  • 6. Introduction
    • Mixed mode
      • In between the two modes.
      • Some nodes exhibit ad hoc capability.
  • 7. Introduction
    • To formalize study and solutions, need good models for these networks.
      • Formal model to characterize the properties and solutions
      • Models that are close to reality
      • Still allow for solution design and analysis.
  • 8. Introduction
    • Solution properties
      • Light-weight
        • Have to use battery power wisely.
        • Other resources, such as storage, are also limited.
      • Local control
        • Many cases, only neighbours are known.
        • Any additional information gathering is expensive.
  • 9. Introduction
    • Difficulty of modeling wireless networks as opposed to wired networks:
      • Transmission
      • Interference
      • Resource constraints
      • Mobility
      • Physical carrier sensing
  • 10. Outline
    • Introduction
    • Models of Wireless Networks
    • Various Layers and Current Solutions for each Layer
    • Security Issues and Threats at each Layer
    • Security Solutions
    • Open Problems
  • 11. Models of Wireless Networks
    • Unit disk graph model
      • Given a transmission radius R , nodes u , v are connected if d ( u , v ) ≤ R
    u R v u'
  • 12. Models of W ireless Networks
    • Unit disk graph model
      • Given a transmission radius R , nodes u , v are connected if d ( u , v ) ≤ R.
      • Too simple model – transmission range could be of arbitrary shape.
    R R u u R v u'
  • 13.
    • Packet Radio Network (PRN)
    • Can handle arbitrary shapes
      • Widely used
      • Nodes u , v can communicate directly if they are within each other's transmission range, r t .
    Models of Wireless Networks u v w v'
  • 14. What is the problem?
      • Model for interference too simplistic
    u v w v'
  • 15.
      • w can still interfere at u
      • PRN model fails to address certain interference problems in practice
    v n – 2 s t ≤ r t ≤ r t ≥ r i ≥ r t What is the problem? u v w v'
  • 16.
    • Transmission Range, Interference Range
      • Separate values for transmission range, interference range.
      • Interference range constant times bigger than transmission range.
      • Used in e.g., [Adler and Scheideler '98], [Kuhn et. al., '04]
    Models of Wireless Networks u r t v w u' r i
  • 17.
    • Transmission Range, Interference Range
      • Separate values for transmission range, interference range.
      • Interference range constant times bigger than transmission range.
      • Used in e.g., [Adler and Scheideler '98], [Kuhn et. al., '04]
    • What is the problem?
      • Extension of unit disk model to handle interference
    Models of Wireless Networks u r t v w u' r i
  • 18. Model Based on Cost Function
    • G r = (V, E r ), set of nodes V, Euclidean distance d ( u , v )
    • c is a cost function on nodes
      • symmetric: c ( u , v ) = c ( v , u )
      •    [0,1) , depends on the environment
      • c ( u , v )  [(1 –  ) • d ( u , v ), (1 +  ) • d ( u , v )]
    w u v a b
      • Edge ( u , v )  E r if and only if c ( u,v ) ≤ r
  • 19. Transmission and Interference Range
    • Transmission range r t ( P ) , Interference range, r i ( P )
      • If c ( v , w )  r i ( P ) , node v can cause interference at node w .
      • If c ( v , w )  r t ( P ) then v is guaranteed to receive the message from w provided no other node v' with c ( v , v ' ) ≤  r i ( P ) also transmits at the same time.
    c ( v , w )  r t ( P ) c ( v , v' )  r i ( P ) w r t ( P )‏ v' r i ( P )‏ u v
  • 20. Carrier Sensing
    • Virtual carrier sensing using RTS/CTS.
    • Physical Carrier Sensing
      • Provided by Clear Channel Assessment (CCA) circuit.
      • Monitor the medium as a function of Received Signal Strength Indicator (RSSI)
      • Energy Detection (ED) bit set to 1 if RSSI exceeds a certain threshold
      • Has a register to set the threshold in dB
  • 21. Physical Carrier Sensing
    • Carrier sense transmission (CST) range, r st ( T , P )
    • Carrier sense interference (CSI) range, r si ( T , P )
      • Beyond the CSI range, sensing is not possible.
    • Both the ranges grow monotonically in T and P .
    w v r st ( T,P ) v' v'' r si ( T,P ) c ( w , v )  r st ( T , P ) c ( w , v' )  r si ( T , P ) c ( w , v'' )  r si ( T , P )
  • 22. Outline
    • Introduction
    • Models of Wireless Networks
    • Various Layers and Current Solutions at each layer
    • Security Issues and Threats at each Layer
    • Security Solutions
    • Open Problems
  • 23. Various Layers of Interest – Physical Layer
    • Physical Layer
      • 802.11 standard supports several data rates between 11 Mbps and 54 Mbps
      • 802.16 support multiple data rates from 2Mbps to 300 Mbps
      • Several modulation schemes in use and support different conditions and data rates
        • AM, FM, PSK, BPSK, QPSK, FDM, OFDM, OFDMA, ...
  • 24. Physical Layer – WiFi
    • Stands for Wireless Fidelity Range of Technologies
      • Technology that uses IEEE 802.11 protocol standards
      • 802.11b operates at 2.4 Ghz using DSSS
        • Has three non-overlapping channels with 11mbps max
      • 802.11g operates at 2.4 Ghz resp, with 20 Mhz, OFDM
        • Achieves 54 Mbps and inter-operable to 802.11b
      • 802.11a operates at 5GHz using OFDM
        • About 4-8 (depending on country) non-overlapping channels
        • Bandwidth achieved is 54 Mbps
  • 25. Various Layers of Interest – MAC Layer
    • MAC Layer
      • Medium access control is an important requirement.
      • Collision detection (CSMA/CD) not possible unlike wired networks.
        • Hence using Collision avoidance (CSMA/CA)
      • Functions of MAC
        • Scanning, Authentication, Association, WEP, RTS/CTS, Power Save options, Fragmentation
  • 26. Various Layers of Interest – MAC Layer
    • 802.11 MAC
      • Use Physical Carrier Sensing to sense for a free medium.
      • Explicit ACKs to indicate reception of packet.
      • Results in the problem of hidden node.
      • Use Virtual Carrier Sensing using RTS/CTS.
    DATA DATA
  • 27. Various Layers of Interest – MAC Layer
    • Virtual Carrier Sensing cannot solve the exposed node problem.
      • A and D cannot succeed simultaneously.
    DATA DATA A B C D
  • 28. Other MAC Techniques
    • Cell phone networks
      • Node to base station and vice-versa.
      • Fixed frequency for communication pair (FDD).
      • Separate frequencies for each pair.
      • Different technologies Analog/CDMA/GSM support different number of simultaneous communications per band.
    • 802.16 has a Receive/Grant model which is basically TDD (Time-Division Duplexing)
      • More efficient than FDD.
  • 29. MAC Layer
    • More recent solutions address issues such as, especially with respect to ad hoc networks
      • self-stabilization
      • Dynamism
      • Efficiency
      • Fairness
  • 30. Various Layers – Network Layer
    • Route packets in the network.
    • Routing in infrastructure based networks is similar to IP routing
    • All the base stations have a wired IP interface which is used by the routers/switches to forward data
    • Issues like handoffs are handled through techniques like Mobile IP or Cellular Handoffs or Soft-handoffs as done in Mobile WiMAX
    • Now, for network without infrastructure the problem is difficult as the routes are transient
  • 31. Various Layers – Network Layer
    • Ad hoc networks
      • No easy solutions but different proposals exist.
      • Two kinds: proactive and reactive
      • Proactive: Maintain lot of state, proactive updates.
        • Example: DSDV, DSR
      • Reactive: Minimal state, react to changes.
        • Example: AODV
  • 32. Other Important Layers
    • Transport layer
      • This is important layer especially since the wireless medium suffers from high bit-error rate and collisions.
      • To offset this wireless technologies rely less on TCP’s reliability mechanism
      • This is mostly handled at physical layer through techniques like FEC and other error correcting codes
    • Application Layer
      • Notion of an application layer protocol
      • Email/Web/Games/SMS/MMS
  • 33. Outline
    • Introduction
    • Models of Wireless Networks
    • Various Layers and Current Solutions for each Layer
    • Security Issues and Threats at each Layer
    • Security Solutions
    • Open Problems
  • 34. Threats in Present Solutions – MAC Layer
    • Denial of Service
      • Can hog the medium by sending noise continuously.
      • Can be done without draining the power of the adversary.
      • Depends on physical carrier sensing threshold.
    z A
  • 35. Threats in Present Solutions – MAC Layer
    • 802.11 standard uses Access Control Lists for admission control.
    • If MAC address not in the list, then the node is denied access.
      • But easy to spoof MAC addresses.
    00:1A:A0:FD:FF:2E 00:0C:76:7F:DF:49 00:13:D3:07:2F:A8 00:2F:B8:77:EA:B5
  • 36. Threats in Present Solutions – Network Layer
    • Ad hoc networks
      • Network layer
        • Denial-of-service attacks
        • Broadcast nature of communication
        • Packet dropping
        • Route discovery failure in ad hoc network
        • Packet rerouting
  • 37. Threats in Present Solutions – Network Layer
    • Denial-of-service
      • Easy to mount in wireless network protocols.
      • One strategically adversary can generally disable a dense part of the network.
    z A Nodes Disrupting Routes Source Source Destination
  • 38.
    • Can simply engage in conversation and drain battery power of other nodes – power exhaustion attack
      • Send lot of RREQ messages but never use the routes.
    Threats in Present Solutions – Network Layer z A RREQ(a) RREQ(b) RREQ(c) … .
  • 39. Threats in Present Solutions – Network Layer
    • Broadcast nature of communication
      • Each message can be received by all nodes in the transmission range
      • Packet sniffing is a lot easier than in wired networks.
      • Poses a data privacy issue
    s t A
  • 40. Threats in Present Solutions – Network Layer
    • Route discovery in ad hoc networks
      • AODV discovers route by RREQ/RREP.
      • Few adversarial nodes can fail route discovery.
      • Difficult to detect route discovery failures.
      • Also vulnerable to RREP replays.
    RREQ RREQ
  • 41. Threats in Present Solutions – Network Layer
    • Packet dropping
      • Wired networks can monitor packet drops reasonably
      • Such mechanisms are resource intensive for wireless networks
      • AODV has timeouts but no theoretical solutions
        • Difficult to distinguish packet drops, say RREQs, from non-existence of route itself
      • Nodes some times behave selfishly to preserve resources
  • 42. Threats in Present Solutions – Network Layer
    • Packet rerouting – also known as data plane attacks .
    • Attacker reveals paths but does not forward data along these paths.
    • Control plane measures do not suffice.
    • Difficult to trace in wired networks also [Gouda, 2007].
    s t
  • 43.
    • Application Layer
      • Easy to infect mobile devices.
      • Rerouting content through the base station poses privacy issues.
        • Bluetooth networks and ad hoc networks do not have a base station facility.
      • Contrast with wired networks with firewalls, filters, sandboxes.
    Threats in Present Solutions – Network Layer
  • 44. Outline
    • Introduction
    • Models of Wireless Networks
    • Various Layers and Current Solutions for each Layer
    • Security Issues and Threats at each Layer
    • Security Solutions
    • Open Problems
  • 45. Security Solutions
    • Requirements
      • Need solutions that do not add any perceivable burden
      • Cryptography can help
      • Public key solutions
        • Public key operations about 1000 times slow compared to symmetric key operations.
        • Cost of SHA-1 = 2 microseconds
        • Cost of RSA signature verification = order of millisec
      • Symmetric key solutions for privacy and authentication
        • Issue: How to distribute and manage keys?
  • 46. Security Solutions for 802.11 Networks
    • Previous WEP (Wired Equivalent Privacy) based on RC4 is prone to attacks
      • Privacy is not guaranteed as the key streams could be easily recovered
        • Weaknesses in RC4 are well documented
      • Authentication is weak as well due to weak encryption technique
        • Challenge-response using pre-shared keys is prone to attacks if encryption is weak
  • 47. Previous WEP Solution using RC4
    • RC4 is a Vernam Cipher meaning primary operations are XOR with pseudo-random bytes
    • Per-packet encryption key is 24-bit IV concatenated to a pre-shared key
    • Integrity Check Vector (ICV) is CRC-32 over plain-text (used as Message Authentication Code)
    • Data and ICV are encrypted using per-packet encryption key
    • Problem
      • RC4 is weak (as the IV is reused) and can allow an attacker to get the key stream used
      • The ICV can enable one to check the validity of the key stream recovered
    802.11 Hdr Data 802.11 Hdr Data IV ICV Encapsulate Decapsulate
  • 48. WEP Authentication Model
    • WEP Authentication Based on RC4
      • Authentication key is distributed out-of-band
      • Access Point generates a randomly generated challenge
      • Station encrypts challenge using pre-shared secret
    • Problem : Challenge-responses of valid users can be recorded and key stream can be recovered due to RC4 working
      • Attacker can use the keys to encrypt any future challenges
    Wireless Node AP Decrypted nonce OK? Challenge (Nonce) Response (Nonce RC4 encrypted under shared key) Shared secret distributed out of band
  • 49. Security Solution for 802.11 Networks: 802.11i Model
    • Solution Requirements
      • Mutual authentication
      • Scalable key management for large networks
      • Central authorization and accounting
      • Support for extended authentication like smart cards
      • Key Management Issues
        • Need to dynamically manage keys to avoid manual reconfiguration difficulties especially for large networks
  • 50. Current Standard: 802.11i or WPA2
    • 802.1X for Authentication Based on EAP (Extensible Authentication Protocol)
      • Port based authentication
      • Access denied if port authentication fails
      • CCMP (Counter Mode CBC-MAC Protocol) using AES for confidentiality, integrity and origin authentication
    • Dynamic Key Management
  • 51. 802.1X Authentication
  • 52. 802.1X Authentication
  • 53. 802.1X Key Management
    • LEAP use dynamically generated WEP keys to secure authentication data
    • EAP-TLS –Station and Access Point use public-key certificates through a TLS tunnel
      • Session key can be exchanged
      • Mutual-authentication as both parties have digital certificates
    • EAP-TTLS and PEAP –Only server-side certificate is needed
      • Simplifies implementation where certificate management is difficult
    • EAP-GSS where the authenticator is required to be in contact with a KDC
  • 54. Key Derivation in 802.11i
  • 55. Key Derivation in 802.11i
    • At the end of EAPOL: Station and Server share a Master Key: MK (E.g., Using EAP-TLS)
      • Both the Station and the AP derive a new key, called the Pairwise Master Key (PMK) , from the Master Key.
    • Radius Server moves PMK to AP
    • A 4−way handshake between the station and the AP to derive, bind, and verify a Pairwise Transient Key (PTK) .
      • Key Confirmation Key (KCK) , as the name implies, is used to prove the posession of the PMK
      • Key Encryption Key (KEK) is used to distributed the Group Transient Key (GTK)
      • Temporal Key 1 & 2 (TK1/TK2) are used for encryption.
    • The KEK is used to send the Group Transient Key (GTK) from AP to the station
      • The GTK is a shared key among all stations connected to the same authenticator (AP), to secure multicast/broadcast traffic
  • 56. 802.16 Authentication
  • 57. Security Solutions for 802.16 Networks
    • 802.16 or popularly WiMAX use X.509 certificates for authentication
      • Subscriber Station authentication using X.509 certificate
      • Establish security association (SAID)
      • Authentication Key (AK) exchange
      • AK is encrypted using public key of SS
      • Authentication is completed when both SS and BS verify possession AK
    • AK is used to exchange the TEK (Traffic encryption key)
      • Base station generates TEK randomly and encrypts using KEK generated from AK
    • 802.16 uses AES in CCM mode for privacy
    • Mutual authentication is possible through EAP-TLS etc (802.16e)
  • 58. Security in Ad Hoc Mode
    • Ad hoc networks cannot use RADIUS type authentication
    • Problem: if RADIUS type authentication is used, every station will need to store every other station’s credentials
      • Moreover, authentication will have to be using EAP-TLS which is computationally intensive
    • Problem: mutual authentication is trouble some
    • Other Security Requirements
      • Cryptographic mechanisms for confidentiality
        • Key establishment for confidentiality
        • Public-key management to prevent replacement of keys
        • Symmetric key management to protect from compromise
      • Denial-of-service resistance in contention mechanisms at MAC layer
  • 59. Security in Ad Hoc Networks
    • Security Mechanisms
      • Pro-active : Prevents an attacker from launching an attack say by using cryptographic mechanisms
        • Requirement is establishment of necessary cryptographic material
        • E.g., Routing Attacks
      • Reactive : Relies on detection and mitigation of attacks
        • Benign behaviour is defined and behaviour analysis is done to detect malicious behaviour
        • E.g., Packet Forwarding attacks
  • 60. Key Management in Ad Hoc Networks- An Overview
    • Key management – Manage a set of secure communication channels so that
      • Use as few keys as possible
      • Avoid centralized infrastructure during sessions
      • Minimal cryptographic/message overhead
      • Ensure “reasonable” security
    • Two scenarios
      • Broadcast security
      • Peer-to-peer security
  • 61. Security Solutions – Broadcast Security
    • Base station and a set of nodes.
    • Base station sends updates to all the nodes using broadcast.
    • N = number of satellite nodes
    • Authentication and privacy is required
  • 62. Trivial Solution
    • Each node shares a key with the base station.
    • Storage is O(N) for sender and does not scale well
    • Authentication is expensive especially if messages need to be broadcast
    K6 K8 K1 K7 K4 K2 K5 K3 K1, K2, K3, K4, K5, K6, K7, K8
  • 63. Broadcast Security
    • Maintain a set O(log N)
      • Each satellite node gets a subset of log n keys of S.
    • Privacy: use XOR of keys to communicate with the user
    • Authentication: sender adds MAC using all its keys
      • Each node verifies signatures that can be generated using its subset of keys
    K1, K2, K3, K4, K5 MAC K1 (M)‏ MAC K2 (M)‏ MAC K5 (M)‏ MAC K4 (M)‏ MAC K3 (M)‏ Message K1, K3, K5 K1, K2, K4 K1, K3, K4 K2, K5, K4 K1, K2, K5 K1, K2, K3 K1, K5, K4 K2, K5, K3
  • 64. Broadcast Security
    • Collusion is an issue
    • A larger pool of keys can be selected
    • For N users O(log N) keys can give good results
    • Scales well as the sender only needs to give a new subset of keys to a new user
    K1, K3, K5 K1, K2, K4 K1, K3, K4 K2, K5, K4 K1, K2, K5 K1, K2, K3 K1, K5, K4 K2, K5, K3 K1, K2, K3 K4, K5, K6, K7, K8
  • 65. Security Solutions
    • Privacy in a Peer-to-peer situation
      • Public-key cryptography can be of use but expensive
      • Key distribution is a major hurdle given that communicating parties are not known in advance
        • Anyone can communicate with any one
      • Trivial Solution: one unique key per pair of users work
        • Expensive
        • Not scalable if new user gets added
        • Revocation is little more tricky
      • Scalable approach : key pre-distribution
  • 66. Point-to-Point Security
    • Point-to-Point security
      • Need a key for every pair of nodes in an n node network.
      • Trivial solution requires storing n – 1 keys at every node.
        • Not scalable on the space usage.
    A B C D K AB K AD K AC K BC K CD K BD K CD C-D K BD B-D K BC B-C K AD A-D K AC A-C K AB A-B
  • 67. Point-to-Point Security
    • Random Key Pre-distribution
    A B C D Pool of Keys K1, K2, K3, K4, K5, K6, K7, K8, K9, K10, K11, K12, K13, K14, K15 K1, K2, K5, K6 K3, K9, K5, K11 K12, K11, K13, K15 K1, K15, K9, K13 K5 K11 K1+K15+K13 K1 E F G K1, K5, K9, K13 G K3, K5, K7, K9, K15 F K10, K4, K5, K8, K7 E K1, K15, K9, K13 D K12, K11, K13, K15 C K3, K9, K5, K11 B K1, K2, K5, K6 A
  • 68. Point-to-Point Security
    • Issues in Random Key Pre-Distribution
      • May need Intermediaries for key establishment
      • Storage is High
        • Experimental: 250 keys out of 10,000 keys may be necessary
      • An active adversary is dangerous
      • Collusion effect is unknown due to the randomness of key distribution
      • Might require privacy mechanisms to hide key sharing patterns
      • Revocation issues exist
      • Probabilistic arguments for size of key storage and connectivity possible
        • Practice proves otherwise, especially for sparse graphs
  • 69. Some Solutions –Key Establishment
    • Multi-path Key Establishment
    A B C D Pool of Keys K1, K2, K3, K4, K5, K6, K7, K8, K9, K10, K11, K12, K13, K14, K15 K1, K2, K5, K6 K3, K9, K5, K11 K12, K11, K13, K15 K1, K15, K9, K13 K5 K11 K1+K15+K13 K1 E F G K1, K5, K9, K13 G K3, K5, K7, K9, K15 F K10, K4, K5, K8, K7 E K1, K15, K9, K13 D K12, K11, K13, K15 C K3, K9, K5, K11 B K1, K2, K5, K6 A
  • 70. Some Solutions –Key Establishment
    • Deterministic Solution –Square Grid [Ref. 4]
    [0,0] [0,1] [0,2] [0,3] [1,0] [1,1] [1,2] [1,3] [2,0] [3,0] [2,1] [2,2] [2,3] [3,1] [3,2] [3,3] User Placement Some Solutions –Key Establishment
  • 71. Some Solutions –Key Establishment
    • Deterministic Solution –Square Grid
    [0,0] [0,1] [0,2] [0,3] [1,0] [1,2] [2,0] [3,0] [2,2] [3,2] Kg(0,0) Kg(2,2) [2,3] [2,1] Grid Secrets Some Solutions –Key Establishment
  • 72. Some Solutions –Key Establishment
    • Deterministic Solution –Square Grid
    [0,0] [0,1] [0,2] [0,3] [1,0] [2,0] [3,0] Direct Secrets Some Solutions –Key Establishment
  • 73. Some Solutions –Key Establishment
    • Deterministic Solution –Square Grid
    [0,0] [0,1] [0,2] [0,3] [1,0] [1,2] [2,0] [3,0] [2,2] [3,2] [2,3] [2,1] Communication Along Same Row/Column Some Solutions –Key Establishment
  • 74. Some Solutions –Key Establishment
    • Deterministic Solution –Square Grid
    [0,0] [0,1] [0,2] [0,3] [1,0] [1,2] [2,0] [3,0] [2,2] [3,2] Kg(0,2) Kg(2,0) [2,3] [2,1] Communication Among Users of Different Rows/Columns Some Solutions –Key Establishment
  • 75. Some Solutions –Key Establishment
    • Square Grid Features and Issues
      • Mobility has no effect on key establishment –always guaranteed by design
        • Failure tolerant –failure of links hardly matters
      • Storage is high, but comparable to random KPS
      • Collusion resistance is slightly weak
        • Two users are sufficient to compromise session key
      • Scalability is weak as the grid size is fixed before hand
        • Optimizations possible, by choosing higher grid size and allowing for some additional users
    Some Solutions –Key Establishment
  • 76. Security Solutions
    • Can reduce storage further by considering a k – dimensional grid
      • User belongs to multiple grids with lower dimension: n 1/k
      • number of keys stored per node decreases to kn 1/k .
      • At k = log n, this reduces to log n.
    • But collusion resistance decreases with increasing k
    • Best case storage is around: 12log 2 n
      • Lower values are possible but multiplication constant is higher
  • 77. Security Solutions-Hierarchical Solution B D A C
    • Stands for any P2P key distribution
    • E.g. (A,C) could be given a unique shared key
    • Better key distributions are possible
  • 78. Security Solutions-Hierarchical Solution for Reducing Storage A B C D E F G H Nodes Treated as Single Entity
    • E.g. (A,B) and (C,D) could share a common key
    • If B, needs to communicate with C, this key can be used
    • Collusion resistance is an issue
  • 79. Outline
    • Introduction
    • Models of Wireless Networks
    • Various Layers and Current Solutions for each Layer
    • Security Issues and Threats at each Layer
    • Security Solutions
    • Open Problems
  • 80. Open Problems
    • Problem 1: Secure Admission Control
      • For fixed infrastructure networks, how to decide admitting a new node into the network?
      • EAP-TLS, EAP-TTLS are expensive in terms of computation and do not work well in ad hoc mode
      • Access points should be able to handle more decisions to enable easy roaming
        • Need for a scalable but practical solution for admission control especially for roaming accessibility
        • If key management is used dynamics and storage become issues
  • 81. Open Problems
    • Problem 2 : Application Layer Security for fixed infrastructure networks
      • Equivalent notions of wired networks.
      • Require Light-weight sand boxing mechanisms
      • Privacy-preserving light-weight content filtering techniques
      • Existing solutions: J2ME KVM, DownloadFun, QualComm BREW
  • 82. Open Problems
    • Problem 3: Real-time Cell Communication Security
      • Key management solutions may not work due to real-time voice data
      • Hacking/tapping cell phones is possible depending on the encoding scheme used
  • 83. Open Problems 4
    • Certificate mechanisms for nodes
      • Certificates in wired networks are well understood.
      • Users typically have better user interfaces e.g., PC Monitor, allowing them to examine things like certificates
      • Certificate verification/validation is tolerable on desktops and even laptops.
  • 84. Open Problem 4
    • Problem: Not the same for mobile users say, cell phones
      • Integrating such features into a cell-phone is difficult
      • Expensive to verify certificates due long certification path.
    • Solution more difficult for devices with no display or limited display or regular monitoring of the device, such as sensors.
    • Need a different way of handling certificates.
  • 85. Conclusions
    • Situations are more complex in wireless networks, even with infrastructural support.
    • Threats exist at various layers of operation.
    • Present solutions to address these threats are not scalable or not strong enough.
    • Simple key management solutions can help.
      • But not always.
    • Still, lots of interesting and open issues to be solved.
  • 86. Thank You!
  • 87. References
    • Jean-Pierre Hubaux, Levente, Buttyan and Srdan Capkun “ The Quest for Security in Mobile Ad Hoc Networks ”, ACM MobiHOC 2001
    • Laurent Eschenauer and Virgil D. Gligor “ A Key Management Scheme for Distributed Sensor Networks ” ACM CCS 2002
    • Haowen Chan, Adrian Perrig and Dawn Song “ Random Key Predistribution Schemes for Sensor Networks ” IEEE Symposium on Security and Privacy 2003
    • S.S.Kulkarni, M.G.Gouda and A.Arora “ Secret Instantiation in Ad Hoc Networks ” Special Issue of Elsevier Journal of Computer Communication on Dependable Wireless Sensor Networks, 2006
    • Amitanand S. Aiyer, Lorenzo Alvisi, Mohamed G. Gouda “ Key Grids: A Protocol Family for Assigning Symmetric Keys ” IEEE International Conference on Network Protocols, 2006
    • B.Bruhadeshwar and Sandeep Kulkarni “An Optimal Symmetric Secret Distribution for Secure Communication” Michigan State University Technical Report 2008 MSU-TR-08-196
  • 88. References
    • Bezawada Bruhadeshwar, Kishore Kothapalli: A Family of Collusion Resistant Symmetric Key Protocols for Authentication . ICDCN 2008: 387-392
    • Kishore Kothapalli, Christian Scheideler, Melih Onus, Andréa W. Richa: Constant density spanners for wireless ad-hoc networks. SPAA 2005: 116-125
    • Edmund L. Wong, Praveen Balasubramanian, Lorenzo Alvisi, Mohamed G. Gouda, Vitaly Shmatikov: Truth in advertising: lightweight verification of route integrity. PODC 2007 : 147-156
    • Ran Canetti, Adrian Perrig, Dawn Song and Doug Tygar “ The TESLA Broadcast Authenitcation Protocol ” RSA Cryptobytes 2002
    • Chalermek Intanagonwiwat, Ramesh Govindan, Deborah Estrin, John S. Heidemann, Fabio Silva: Directed diffusion for wireless sensor networking . IEEE/ACM Trans. Netw. 11(1): 2-16 (2003)
    • Arshad Jhumka, Sandeep S. Kulkarni: On the Design of Mobility-Tolerant TDMA-Based Media Access Control (MAC) Protocol for Mobile Sensor Networks . ICDCIT 2007:
    • General: Wikipedia, WiFi Forum, WiMAX Forum, IETF Website