Your SlideShare is downloading. ×
0
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007

765

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
765
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • 25 Minuten für alles, d.h. 20 Minuten Vortrag
  • Add example of organic growth
  • Technical Aspects: Requirements and challenges: Joining/Security Bootstrapping, Secure Routing, Misbehaviour detection, MItigation of colluding attackers that hide their misbehavior, Security solutions provided by the standard -> per hop encryption
  • Technical Aspects: Requirements and challenges: Joining/Security Bootstrapping, Secure Routing, Misbehaviour detection, MItigation of colluding attackers that hide their misbehavior, Security solutions provided by the standard -> per hop encryption
  • Technical Aspects: Requirements and challenges: Joining/Security Bootstrapping, Secure Routing, Misbehaviour detection, MItigation of colluding attackers that hide their misbehavior, Security solutions provided by the standard -> per hop encryptionbitte
  • Transcript

    • 1. A Security Framework for Organic Mesh Networks Dipl.-Math., Dipl.-Inform. Kalman Graffi Technische Universität Darmstadt KOM - Multimedia Communications Lab Dept. of Electrical Engineering and Information Technology, Dept. of Computer Science Merckstr. 25, D-64283 Darmstadt, Germany, Kalman.Graffi@KOM.tu-darmstadt.de Tel.+49 6151 164959, Fax. +49 6151 166152
    • 2. Wireless Mesh Network: What’s a Mesh? <ul><li>Mesh - scenario: </li></ul><ul><ul><li>Presence of a trusted third-party (network provider) </li></ul></ul><ul><ul><li>Organic: Open , subscription-based participation of static nodes </li></ul></ul><ul><li>Proof-of-concept </li></ul><ul><ul><li>Using IEEE 802.16 (WiMAX) MeSH mode (“the Standard”) as MAC layer </li></ul></ul><ul><ul><li>Challenging security issues ahead! </li></ul></ul>source: http://www.washoetribe.us
    • 3. Outline <ul><li>Background: (Organic) Wireless Mesh Networks </li></ul><ul><li>Security Issues in Wireless Mesh Networks </li></ul><ul><li>Contribution Overview </li></ul><ul><li>Selected Protocols and Evaluation </li></ul><ul><ul><li>AntSec: Secure Routing Protocol </li></ul></ul><ul><ul><li>WatchAnt: One-Hop Forwarding Misbehavior Detector </li></ul></ul><ul><li>Conclusion and Impact </li></ul>
    • 4. Requirement/Challenge: Authenticity <ul><li>Authenticity: Node-to-node authentication required </li></ul><ul><ul><li>Only node-to-base station authentication defined </li></ul></ul><ul><ul><li>Required: </li></ul></ul><ul><ul><ul><li>Node-to-node cooperation </li></ul></ul></ul><ul><ul><ul><li>Distributed solution (no bottlenecks) </li></ul></ul></ul><ul><ul><li>How to bootstrap authentication and key infrastructure ? </li></ul></ul>
    • 5. Requirement/Challenge: Secure Routing <ul><li>Secure routing: Guaranteeing authenticity , integrity and availability </li></ul><ul><ul><li>Many solutions for MANETs inhibited </li></ul></ul><ul><ul><ul><li>Regular broadcasting not possible </li></ul></ul></ul><ul><ul><ul><li>Due to optimized medium access </li></ul></ul></ul><ul><ul><li>Security sublayer in the Standard useful? </li></ul></ul><ul><ul><ul><li>Per-hop encryption, no end-to-end security  not useful </li></ul></ul></ul><ul><ul><li>How to check authenticity and integrity efficiently ? </li></ul></ul><ul><ul><li>How to provide flexible robust routing? </li></ul></ul>F C D H E I G J L K N R M O P Q S T S D A B
    • 6. Requirement/Challenge: Misbehavior Detection <ul><li>One-hop misbehavior detection </li></ul><ul><ul><li>Neighborhood overhearing hindered by per-hop encryption (J!=M) </li></ul></ul><ul><ul><ul><li>Watchdog [Marti, 2000]: Examine neighbor’s traffic </li></ul></ul></ul><ul><ul><li>How can a “deaf” detect misbehavior? </li></ul></ul><ul><li>Colluding misbehavior detection </li></ul><ul><ul><li>Misbehavior detected by colluding attacker </li></ul></ul><ul><ul><ul><li>No punishment, mischievous cooperation </li></ul></ul></ul><ul><ul><li>How to detect “cloud” of malicious stealthy nodes? </li></ul></ul>F J M Q S D
    • 7. Outline <ul><li>Background: (Organic) Wireless Mesh Networks </li></ul><ul><li>Security Issues in Wireless Mesh Networks </li></ul><ul><li>Contribution Overview </li></ul><ul><li>Selected Protocols and Evaluation </li></ul><ul><ul><li>AntSec: Secure Routing Protocol </li></ul></ul><ul><ul><li>WatchAnt: One-Hop Forwarding Misbehavior Detector </li></ul></ul><ul><li>Conclusion and Impact </li></ul>
    • 8. Contribution of the Thesis <ul><li>Security Bootstrapping: Joining the net </li></ul><ul><ul><li>Authorize valid nodes to participate (  Authorization Token ) </li></ul></ul><ul><ul><li>Hinder attacks like spoofing, man-in-middle attacks, wormholes </li></ul></ul><ul><li>AntSec: Secure routing algorithm </li></ul><ul><ul><li>Provides routing functionality, checks authenticity of nodes </li></ul></ul><ul><ul><li>Guarantees authenticity and integrity of routing messages </li></ul></ul><ul><ul><li>Effective attack has to be repeated often, easier to detect </li></ul></ul><ul><li>WatchAnt: One-hop monitoring </li></ul><ul><ul><li>Detects forwarding misbehavior of neighboring nodes </li></ul></ul><ul><ul><li>Copes with encrypted links. Detection sensitivity tunable . </li></ul></ul><ul><ul><li>Passes observations to the Reputation Management System </li></ul></ul><ul><li>Reputation Management System </li></ul><ul><ul><li>Judge observations and manages reputations of direct neighbors </li></ul></ul><ul><ul><li>Decides on behavior strategies related to neighbors </li></ul></ul><ul><ul><li>Gossips reputations / observations to neighbors </li></ul></ul><ul><li>LeakDetector: Route monitoring </li></ul><ul><ul><li>Detects traffic loss caused by colluding malicious nodes on the route </li></ul></ul>AntSec Routing Algorithm Reputation Management System WatchAnt Misbehavior Detector LeakDetector Bootstrapping
    • 9. Outline <ul><li>Background: (Organic) Wireless Mesh Networks </li></ul><ul><li>Security Issues in Wireless Mesh Networks </li></ul><ul><li>Contribution Overview </li></ul><ul><li>Selected Protocols and Evaluation </li></ul><ul><ul><li>AntSec: Secure Routing Protocol </li></ul></ul><ul><ul><li>WatchAnt: One-Hop Forwarding Misbehavior Detector </li></ul></ul><ul><li>Conclusion and Impact </li></ul>
    • 10. Principles of Ant Routing <ul><li>Principle: Stigmergic routing in ant colonies </li></ul><ul><ul><li>Ants communicate via environment (pheromones) </li></ul></ul><ul><ul><li>Periodic actions: random walk, try to find destination </li></ul></ul><ul><ul><li>On finding destination: return, leave “pheromone” trail </li></ul></ul><ul><ul><li>Ants use trail with higher pheromone value more often </li></ul></ul>Source: [Dorigo98] Route discovery: Results:
    • 11. <ul><li>Goal: Secure routing protocol for auth. nodes </li></ul><ul><li>Integrity and authenticity of routing msgs. </li></ul><ul><li>We use 3 types of ants: </li></ul><ul><ul><li>Discovery Forward Ant (DFAnt) </li></ul></ul><ul><ul><li>Maintenance Forward Ant </li></ul></ul><ul><ul><ul><li>Same structure, smaller packets </li></ul></ul></ul><ul><ul><li>Backward Ant (BAnt) </li></ul></ul><ul><ul><ul><li>Sames structure, signed </li></ul></ul></ul><ul><li>Route Discovery Example </li></ul><ul><ul><li>Send periodically Forward Ants </li></ul></ul><ul><ul><ul><li>to random destination (here: D) </li></ul></ul></ul><ul><ul><ul><li>probabilistic, random walk </li></ul></ul></ul><ul><ul><li>Intermediate nodes: </li></ul></ul><ul><ul><ul><li>append net address and QualityInfo </li></ul></ul></ul><ul><ul><ul><li>store hash of immutable parts </li></ul></ul></ul><ul><li>Only BAnts modify routing table </li></ul><ul><ul><li>According to QualityInfo: </li></ul></ul><ul><ul><li>Adapt routing probabilities </li></ul></ul>AntSec: Routing Protocol Need AuthToken of D = 0 Need PubKey of D = 1 Need AuthToken of D = 0 Need PubKey of D = 0 Timestamp of creation Public Key of D . A B C D F G E S Discovery FANT Authorization Token of S G, QualityInfo_G E, QualityInfo_E C, QualityInfo_C D, QualityInfo_D Backward Ant Signed by D Source Dest. { Needed for Ant Routing
    • 12. <ul><li>Only authenticated nodes can communicate </li></ul><ul><li>Integrity provided by </li></ul><ul><ul><li>Signature (  BAnt) </li></ul></ul><ul><ul><li>Cross check immutable parts: Process BAnts only when corresp. FAnt (  FAnt) </li></ul></ul><ul><li>Availability : </li></ul><ul><ul><li>Probabilistic routing: reputation can be considered </li></ul></ul><ul><ul><li>Routing decision made where errors can happen </li></ul></ul><ul><li>Efficiency : </li></ul><ul><ul><li>Small cryptography overhead </li></ul></ul><ul><li>AntSec fulfills the requirements for secure routing! </li></ul><ul><li>Evaluation with attacker models and attack tree as well </li></ul>AntSec: Security Features
    • 13. WatchAnt: Main Principles <ul><li>Main Goal : Detect forwarding misbehavior in one-hop neighborhood </li></ul><ul><ul><li>Check if neighboring node forwards packets it should </li></ul></ul><ul><ul><li>But: encrypted links </li></ul></ul><ul><ul><li>Solution: challenge / response mechanism </li></ul></ul><ul><ul><li>Complex data structures </li></ul></ul><ul><li>WatchAnt Algorithm - Principles: </li></ul><ul><ul><li>WatchAnt Request : (K checks behavior of U) </li></ul></ul><ul><ul><ul><li>Ask neighbor where last n packets were forwarded to </li></ul></ul></ul><ul><ul><li>WatchAnt Reply : </li></ul></ul><ul><ul><ul><li>Broadcast list using Control Subframe (rarely): “packet IDs” and neighbor IDs to which packets were sent </li></ul></ul></ul><ul><ul><li>Listed neighbors + requestor check validity of answer </li></ul></ul><ul><li>For merging of “packet IDs” : “ Hashsum ”-function </li></ul><ul><ul><li>commutative, associative, linear (for example: XOR) </li></ul></ul>Broadcast answer Packets ? A B C K L U X Y
    • 14. Outline <ul><li>Background: (Organic) Wireless Mesh Networks </li></ul><ul><li>Security Issues in Wireless Mesh Networks </li></ul><ul><li>Contribution Overview </li></ul><ul><li>Selected Protocols and Evaluation </li></ul><ul><ul><li>AntSec: Secure Routing Protocol </li></ul></ul><ul><ul><li>WatchAnt: One-Hop Forwarding Misbehavior Detector </li></ul></ul><ul><li>Conclusion and Impact </li></ul>
    • 15. Simulation Results: Detection Quality Setup: 6 nodes , 2 flows, fixed topology, protocol: AntSec Varying: drop ratio of single malicious node Metrics: detection time, reputation of malicious node Reputation table: <ul><li>Conclusion: </li></ul><ul><ul><li>WatchAnt is robust against „selective droppers“, fast detection </li></ul></ul><ul><ul><li>Throughput saved as AntSec switches path </li></ul></ul><ul><ul><li>Forgiveness mechanism tunable: tradeoff </li></ul></ul>-40 to -60 -25 to -40 0 to -25 25 to 0 considered malicious no reput. gain slower recovery normal behavior
    • 16. Simulation Results: Throughput Mean delivery ratio: Mean delivery ratio over time: <ul><li>Conclusion: </li></ul><ul><ul><li>AntSec provides up to 20% higher throughput than DSR </li></ul></ul><ul><ul><li>Throughput increases over time (!) </li></ul></ul><ul><ul><li>Can be increased by tuning </li></ul></ul><ul><ul><ul><li>forgiveness strategy </li></ul></ul></ul><ul><ul><ul><li>reputation modifications </li></ul></ul></ul><ul><ul><li>Further metrics and evaluation exist, e.g. attack tree (not shown) </li></ul></ul>Setup: 50 nodes, 25 flows, random topology, protocols: Ant(Sec),DSR Varying: fraction of malicious nodes Metrics: throughput, overhead
    • 17. Conclusion to AntSec and WatchAnt <ul><li>AntSec: </li></ul><ul><ul><li>Only authenticated nodes participate </li></ul></ul><ul><ul><li>Bootstrapping key infrastructure included </li></ul></ul><ul><ul><li>Routing messages cannot be forged/modified </li></ul></ul><ul><li>WatchAnt: </li></ul><ul><ul><li>Enables monitoring of neighboring nodes </li></ul></ul><ul><ul><li>No cryptography, copes with encrypted links </li></ul></ul><ul><ul><li>Tunable detection sensitivity (threshold-based) </li></ul></ul><ul><li>Improvement comes at a cost: Overhead </li></ul><ul><ul><li>DSR 3%, AntNet 20%, AntSec 35% </li></ul></ul><ul><ul><li>The overhead can be optimized by tuning parameters </li></ul></ul><ul><ul><ul><li>E.g. frequency of emission of ants </li></ul></ul></ul>
    • 18. Outline <ul><li>Background: (Organic) Wireless Mesh Networks </li></ul><ul><li>Security Issues in Wireless Mesh Networks </li></ul><ul><li>Contribution Overview </li></ul><ul><li>Selected Protocols and Evaluation </li></ul><ul><ul><li>AntSec: Secure Routing Protocol </li></ul></ul><ul><ul><li>WatchAnt: One-Hop Forwarding Misbehavior Detector </li></ul></ul><ul><li>Conclusion and Impact </li></ul>
    • 19. Contribution and Impact of the Thesis <ul><li>Contribution : </li></ul><ul><li>Security Bootstrapping: First mechanism for IEEE 802.16 Mesh (full compliant) </li></ul><ul><li>AntSec: Secure Routing [1] </li></ul><ul><ul><li>First secure routing algorithm in the Ant routing family (>10 protocols) </li></ul></ul><ul><li>WatchAnt: Misbehavior monitoring for wireless links [1] </li></ul><ul><ul><li>First mechanism to cope with encrypted links (& no cryptography used) </li></ul></ul><ul><li>Reputation Management System: Full, efficient integration in the Standard </li></ul><ul><li>LeakDetector: Detects misbehavior of colluding attackers [2] </li></ul><ul><ul><li>First mechanism for multipath routing protocols (& no cryptography used) </li></ul></ul><ul><li>Papers: </li></ul><ul><ul><li>[1] P. Mogre, K. Graffi, M. Hollick, and R. Steinmetz, “ AntSec, WatchAnt and AntRep: Innovative Security Mechanisms for Wireless Mesh Networks ,” in Proc. of IEEE LCN ’07 : Local Computer Networks, 2007 </li></ul></ul><ul><ul><li>[2] K. Graffi, P. Mogre, M. Hollick, and R. Steinmetz, “ Detection of Colluding Misbehaving Nodes in Mobile Ad Hoc and Mesh Networks ,” in Proc. of IEEE GLOBECOM ‘07 , 2007. </li></ul></ul><ul><li>Patents application (with industry partner): </li></ul><ul><li>Misbehavior Detection in Wireless Mesh Networks without promiscuous Overhearing </li></ul><ul><li>Detection of Colluding Misbehaving Nodes in Mobile Ad-Hoc and Wireless Mesh Networks </li></ul>AntSec Routing Algorithm Reputation Management System WatchAnt Misbehavior Detector Leak Detector Bootstrapping
    • 20. Questions? Kalman Graffi Peer-to-Peer Research Group Dept. of Electrical Engineering and Information Technology Multimedia Communications Lab · KOM Merckstr. 25 · 64283 Darmstadt · Germany Phone (+49) 6151 – 16 49 59 Fax (+49) 6151 – 16 61 52 [email_address] Further information: http://www.KOM.tu-darmstadt.de/ Publications: http://www.KOM.tu-darmstadt.de/Research/Publications/publications.html
    • 21. Example for WatchAnt <ul><li>Per node: </li></ul><ul><ul><li>In_Stack: msgs from (pre pre X pre) </li></ul></ul><ul><ul><li>Out_Stack: msgs from/to (pre X next) </li></ul></ul><ul><li>Request : Node K  Node U, 5, H7 </li></ul><ul><li>Expected Reply: Hashsum(h) packets: h( H7, H6, H5, H4, H3 ) = HK </li></ul><ul><li>Reply of Node U (using Control Sublayer): </li></ul><ul><ul><li>Node X, 3, H6, h( H3, H4, H6 ) = HX </li></ul></ul><ul><ul><li>Node Y, 2, H7, h( H5, H7 ) = HY </li></ul></ul><ul><li>Node K checks auth. of nodes X and Y </li></ul><ul><ul><li>then calculates: h( HX, HY ) = HK ? </li></ul></ul><ul><li>Node X calculates: </li></ul><ul><ul><li>h(last 3 packets before H6) = HX ? </li></ul></ul><ul><li>Node Y calculates: </li></ul><ul><ul><li>h(last 2 packets before H7) = HY ? </li></ul></ul>Out_Stack: K A/B  K  U Out_Stack: U K  U  X/Y In_Stack: X A  U  X In_Stack: Y A  U  Y K L X Y U A B C 1. Packets ? 2. Broadcast answer Example : Node K checks behavior of node U H9 H8 H7 H6 H5 H4 H3 H2 H1 Hash B B B B B A A A A Prev. U U U U U U U U U Next H9 H8 H7 H6 H5 H4 H3 H2 H1 Hash K K K K K K K K K Prev. X X Y X Y X X Y X Next H6 U K U U U U Pre K K K K Pre Pre H9 H4 H3 H1 Hash H8 U K U U U Pre K K K Pre Pre H7 H5 H2 Hash

    ×