SecuPAN: A Security Scheme for 6LoWPAN Fragmentation Attacks
1. SECuRE and Trustworthy
Computing Lab
Authors
Mahmud Hossain, Yasser Karim, and Ragib Hasan
SECuRE and Trustworthy computing Lab (SECRETLab)
University of Alabama at Birmingham
Presenter: Mahmud Hossain
http://secret.cis.uab.edu
IoT
SecuPAN: A Security Scheme to Mitigate
Fragmentation-Based Network Attacks in 6LoWPAN
2. SECuRE and Trustworthy
Computing Lab
2
The Internet of Things (IoT)
๏ฎ A programmable world
๏ฎ Everyday objects are
interconnected
๏ฎ Objects are smart enough to
make decision
3. SECuRE and Trustworthy
Computing Lab
Source: Zinnov Zones (2016)
IoT Forecasts and Market Estimates
3
๏ฎ Estimation of connected things by 2020
๏ฎ 20.8 billion (Gartner)
๏ฎ 26.3 billion (Cisco)
๏ฎ 28 billion (Ericson)
๏ฎ 34 billion (Business Insider)
Source: ZStatista (2018)
4. SECuRE and Trustworthy
Computing Lab
Protocols for IoT network
๏ฎ IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN)
๏ฎ Zigbee
๏ฎ Bluetooth
๏ฎ Z-Wave
๏ฎ Sigfox
๏ฎ Wi-Fi
4
6. SECuRE and Trustworthy
Computing Lab
Fragmentation in 6LoWPAN
๏ฎ Maximum Transmission Unit (MTU) size 127 octets(bytes).
๏ฎ IPv6 packets are usually larger than 127 octets. (Maximum 1280
octets)
6
7. SECuRE and Trustworthy
Computing Lab
Vulnerabilities of 6LoWPAN Fragmentation
Mechanism
๏ฎ Fragment authentication
๏ฎ Fragment freshness verification
๏ฎ Payload integrity verification
๏ฎ Source IP-Address validation
7
8. SECuRE and Trustworthy
Computing Lab
Threat Model
๏ฎ Capability of Target and Malicious Devices
๏ฎ Resource Constrained
๏ฎ Location
๏ฎ Within Radio Range (Mallory)
๏ฎ Via Gateway (Eve)
๏ฎ Via Internet (Malice)
๏ฎ Extract key materials
๏ฎ Memory Probing
8
9. SECuRE and Trustworthy
Computing Lab
Threat Model
๏ฎ Network External Attacks
๏ฎ Attackers conduct activity from outside via Internet.
๏ฎ No resource limitation
๏ฎ Attackers can easily send large number of packets which are further
broken into fragments.
๏ฎ Gateway can prevent such attack by employing an
authenticated tunnel, such as IPsec.
๏ฎ Secure rate limiting mechanisms for large packets from
authenticated sources.
9
10. SECuRE and Trustworthy
Computing Lab
Threat Model
๏ฎ Network Internal Attacks
10
Replay
Alteration
Spoofing Duplicate
Buffer exhaustion
11. SECuRE and Trustworthy
Computing Lab
SecuPAN : Proposed Solutions
๏ฎ Nonce field in the FRAG1 header.
๏ฎ MAC-based scheme.
๏ฎ Cryptographic datagram-tag and cryptographically generated
IPv6 address (CGA-IPv6).
๏ฎ Reputation-based buffer management mechanism.
11
12. SECuRE and Trustworthy
Computing Lab
Proposed Datagram Tag, Nonce & MAC fields
12
๏ฎ Crypto Datagram Tag 16 bits.
๏ฎ MAC (N || Hash (Payload added to FRAG1)
๏ฎ Nonce 16 bits.
๏ฎ MAC field 32 bits.
๏ฎ MAC (Hash (Payload added to FRAGN))
๏ฎ Ensures fragments integrity and freshness.
13. SECuRE and Trustworthy
Computing Lab
Cryptographic IPv6 Address Assignment
๏ฎ A CGA is an Internet Protocol Version
6 (IPv6) address that contains a host
identifier computed from a
cryptographic hash function.
๏ฎ In our proposed solution, a Border
Router in a 6LoWPAN network assigns
a CGA-IPv6 address to joining device.
๏ฎ Prevent address spoofing.
13
14. SECuRE and Trustworthy
Computing Lab
Secure Transfer of Packet Fragmentations
๏ฎ Public Key Retrieval
๏ฎ Secure Fragmentation
14
20. SECuRE and Trustworthy
Computing Lab
Security Analysis
๏ฎ Replay
๏ฎ Nonce field
๏ฎ Alteration
๏ฎ MAC field
๏ฎ Spoofing
๏ฎ CGA-IPv6
๏ฎ Duplication
๏ฎ MAC field
๏ฎ Buffer exhaustion
๏ฎ Reputation point based system
20
21. SECuRE and Trustworthy
Computing Lab
Conclusion
๏ฎ Fragmentation mechanism enables vulnerabilities in
6LoWPAN.
๏ฎ Proposed a security mechanism based on Cryptographically
Generated IPv6 Address to mitigate impersonation attacks.
๏ฎ MAC-based fragmentation scheme to verify authenticity and
integrity of packet fragments.
๏ฎ Reputation-based buffer management scheme to protect
resource-limited devices from buffer over๏ฌow.
21
22. SECuRE and Trustworthy
Computing Lab
Thank You
22
SECRETLab@UAB
๏ง Phone: 205.934.8643
๏ง Fax: 205.934.5473
๏ง Web: http://secret.cis.uab.edu/
Mahmud Hossain
๏ง Email: mahmud@uab.edu