Dynamic Security in Wireless Communications Sheng Xiao, Weibo Gong and Don Towsley University of Massachusetts, Amherst

Outline Motivation Dynamic Secrets in Wireless Communications security and the time scales of network activities Dynamic Secrets in Wireless Communications Algorithms for Dynamic Security Adversarial Models A Simple ON-OFF Model for Dynamic Security

Motivation: Randomness in Communication is a Resource for Security “LRD is all about time scales” – [Anatharam 09] “network dynamics depend on operations at different layers and time scales” – [Resnick et, al 03] Hierarchical ON-OFF models for communication activities – [many authors] Randomness of wireless channels at various time scales is a great resource for secrecy Information loss in wireless channels could be used for security. [Wyner 75, Maurer 95, 02, Rabin 01] Dynamic Secrets - frequently update the security key using channel randomness Parity code for security purpose: easy to detect error but hard to correct – Gallager’s HDPC Dynamic secrets as an improvement, not a replacement: it can be used to compliment the current security technologies - [Xiao et, al 10]

Motivation : Time Scales in Network Activities human activities application layer network layer link layer physical layer Network traffic can be modeled as a product of hierarchical ON-OFF processes at different time scales. [Misra et al 98, Resnick et al 03, etc.]

Time Scales of Security Schemes Time scale of a security scheme is defined as the life span of a master key (root secret). digital certificate wireless network secret key (typically change when hardware upgrade) password (could be obliged to change every several months) faster key updates? decades years months Note: Session keys are derived from a master key (root secret). Whether or not use session key has no effect on time scale of a security scheme. Security measures at large time scales allow adversary to have sufficient time to attack.

Time Scales of Attacks factorize large number (~1000 bits) exhaustive search for keys < 64 bits (such as DES) social engineering attacks Trojan and Botnet exploit algorithm design and implementation flaws decades years months days hours Technology advancement help accelerate attacks. Frequent key updates are desired to defend against fast attacks.

Dynamic Secrets in Wireless Communications Motivation Dynamic Secrets in Wireless Communications adversary’s information loss is user’s secret Algorithms for Dynamic Security Adversarial Models A Simple ON-OFF Model for Dynamic Security

Explore the Key Space Alice Bob conventional k is only a small, static portion of all freely available secret information. k could be updated frequently since communication between Alice and Bob can occur very often. Eve’s information loss to Alice and Bob’s communication helps security. An error-prone communication phase is favorable for security. Eve

A Wireless, Packet Level Example Alice 1 2 3 4 5 6 7 8 9 Bob 4 5 7 8 Eve 2 3 4 6 7 8 9 Independent, lossy wireless channels. Eve could miss s even with better receiver. Alice-Bob communication generates dynamic secrets s1, s2, s3,… Starting from initial key k0, key k iteratively updated by XOR with dynamic secrets. Eve defeated if misses any dynamic secret. Adversary’s information loss provides secrecy to k.

Dynamic Secrets in Wireless Communications Motivation Dynamic Secrets in Wireless Communications Algorithms for Dynamic Security exploit true randomness in wireless channels Adversarial Models A Simple ON-OFF Model for Dynamic Security

Capture the Transmission Randomness 1 2 timeout 3 4 ………… Alice Bob OTF (One Time Frame) – frame only transmitted once : 1 and 4 Non-OTF – retransmitted frame : 2 and 3 Alice, Bob synchronously classify frames as OTFs / non-OTFs using local information. Classification extracts randomness from wireless channels.

Generate Dynamic Secrets and Dynamic Key 1 – bit strings in collected OTFs 2 – bit strings in collected non-OTFs if | 1 |  nts or|2|  nts threshold nts determines how often k updated value of k, update time contain true randomness

Dynamic Security Experiment in Office WLAN Even in an ideal anechoic chamber environment with multiple colluding adversaries, information loss still non-negligible after several minutes [Serrano et, al. 2009].

Mobility can Help Security Mobility is another layer of randomness in wireless communications. Alice Bob Eve’s error-free eavesdropping region Alice and Bob’s mobility is an unpredictable factor that can cause Eve’s information loss. Mobility greatly increases difficulty for Eve to track k. Similarly, multi-channel communication Eve must fight against all possible information loss factors to track dynamic key k. Eve suffers from single point of failure.

Dynamic Secrets in Wireless Communications Motivation Dynamic Secrets in Wireless Communications Algorithms for Dynamic Security Adversarial Models security improvements against various adversaries A Simple ON-OFF Model for Dynamic Security

Adversary I: Eavesdropping Attack Alice Bob Eve allowed to passively eavesdrop wireless signals. Eve Eve needs to maintain error-free eavesdropping in order to succeed.

Adversary II: Trojan Attack Alice Bob Eve allowed to plant Trojan program on Bob. Eve Trojan program forced to be always be active to track k and constantly report k back to Eve. Eve will have limited time to exploit k because k changes frequently.

Adversary III: Man-In-The-Middle (MITM) Alice Bob Eve allowed to know everything communicated between Alice and Bob. Eve Dynamic security forces Eve to always be present as MITM from the very beginning of Alice-Bob communication.

Adversary IV: Spoofing Attack Alice Bob Eve learns k. She impersonates as Alice to send requests to Bob. k Eve Alice and Bob immediately detect this attack when they communicate, i.e. inherent intrusion detection.

Dynamic Secrets in Wireless Communications Motivation Dynamic Secrets in Wireless Communications Algorithms for Dynamic Security Adversarial Models A Simple ON-OFF Model for Dynamic Security compare time scales of security schemes

ON-OFF Security Model: Periodic Key Updates Eve obtains k secure not secure Alice and Bob use key k to secure communication. Eve attempts to crack key k. k updates The events that Eve successfully obtains k are modeled as independent arrivals in a Poisson stream with rate λ. An administrator manually update k for every T time. Current time scale of security is too large to control damage of key cracking attacks. 21

ON-OFF Security Model : Dynamic Key Updates Eve obtains k secure not secure Alice and Bob use dynamic key k to secure communication. Eve attempts to crack key k. Eve loses track of k Assuming Eve’s frame error probability is p. Sojourn time in “not secure” state follows geometric distribution. Alice and Bob communicate with frame rate R. “Typical frame error rate (FER) for IEEE 802.11 and TCP/IP protocol suite is 2-3% but mobility of station increases FER by about 30%.” Xylomenos G., Polyzos G.C., Mahonen P. and Saaranen M.: TCP Performance Issues over Wireless Links. IEEE Communications Magazine, April 2001 Alice and Bob can improve security by increasing R or artificially jam the wireless environment to limit p. Time scale of dynamic security can defend many practical attacks. 22

Summary and Future Works Fine time scale security is needed to defend against fast attacks Inherent errors in wireless communications enables cost-efficient, frequent key updates, e.g. small time scale security Security improvements possible in various adversarial models Future Works Model and analyze key secrecy in different traffic distributions, e.g. independent vs. LRD Investigate the system security over multi-scale security mechanisms