SybilCast: Broadcast on the Open Airwaves SETH GILBERT, CHAODONG ZHENG National University of Singapore.

Slides:



Advertisements
Similar presentations
A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,
Advertisements

Chris Karlof and David Wagner
Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Min Song 1, Yanxiao Zhao 1, Jun Wang 1, E. K. Park 2 1 Old Dominion University, USA 2 University of Missouri at Kansas City, USA IEEE ICC 2009 A High Throughput.
Fine-grained Channel Access in Wireless LAN SIGCOMM 2010 Kun Tan, Ji Fang, Yuanyang Zhang,Shouyuan Chen, Lixin Shi, Jiansong Zhang, Yongguang Zhang.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys
The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.
Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.
Explicit and Implicit Pipelining in Wireless MAC Nitin Vaidya University of Illinois at Urbana-Champaign Joint work with Xue Yang, UIUC.
Multiple Access Methods. When nodes or stations are connected and use a common link (cable or air), called a multipoint or broadcast link, we need a.
LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
1 Sustaining Cooperation in Multi-Hop Wireless Networks Ratul Mahajan, Maya Rodrig, David Wetherall and John Zahorjan University of Washington Presented.
Cooperation in Wireless Networks Andrea G. Forte Henning Schulzrinne November 14, 2005.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
TiZo-MAC The TIME-ZONE PROTOCOL for mobile wireless sensor networks by Antonio G. Ruzzelli Supervisor : Paul Havinga This work is performed as part of.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
The Sybil Attack in Sensor Networks: Analysis & Defenses James Newsome, Elaine Shi, Dawn Song, Adrian Perrig Presenter: Yi Xian.
ITIS 6010/8010: Wireless Network Security Weichao Wang.
LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks By: Sencun Zhu, Sanjeev Setia, and Sushil Jajodia Presented By: Daryl Lonnon.
Semester EEE449 Computer Networks The Data Link Layer Part 2: Media Access Control En. Mohd Nazri Mahmud MPhil (Cambridge, UK) BEng (Essex,
Computer Science Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks Presented by Akshay Lal.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
Unwanted Link Layer Traffic in Large IEEE Wireless Network By Naga V K Akkineni.
Analysis of Ethernet-like protocols Andrey Lukyanenko University of Kuopio.
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.
Wireless Access Research Congestion Avoidance in Source Routed Ad-Hoc Networks Bryan Hogan, Michael Barry, Ronan Skehill, Sean McGrath
DRAND: Distributed Randomized TDMA Scheduling for Wireless Ad- Hoc Networks Injong Rhee (with Ajit Warrier, Jeongki Min, Lisong Xu) Department of Computer.
Terminodes and Sybil: Public-key management in MANET Dave MacCallum (Brendon Stanton) Apr. 9, 2004.
 Leaf test codes are secure sine they would not be jammed by jammers.  When few normal users are present, many leaf code tests are wasted since absent.
MAC Protocols In Sensor Networks.  MAC allows multiple users to share a common channel.  Conflict-free protocols ensure successful transmission. Channel.
F ACULTY OF C OMPUTER S CIENCE & E NGINEERING Chapter 05. MAC and Physical Layers.
Demand Based Bandwidth Assignment MAC Protocol for Wireless LANs K.Murugan, B.Dushyanth, E.Gunasekaran S.Arivuthokai, RS.Bhuvaneswaran, S.Shanmugavel.
The Sybil Attack in Sensor Networks: Analysis & Defenses
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
SIA: Secure Information Aggregation in Sensor Networks B. Przydatek, D. Song, and A. Perrig. In Proc. of ACM SenSys 2003 Natalia Stakhanova cs610.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
S Master’s thesis seminar 8th August 2006 QUALITY OF SERVICE AWARE ROUTING PROTOCOLS IN MOBILE AD HOC NETWORKS Thesis Author: Shan Gong Supervisor:Sven-Gustav.
Attacks in Sensor Networks Team Members: Subramanian Madhanagopal Sivasankaran Rahul Poondy Mukundan.
Chapter 6 Multiple Radio Access
An Adaptive Energy-Efficient and Low- Latency MAC for Data Gathering in Wireless Sensor Networks Gang Lu, Bhaskar Krishnamachari, and Cauligi S. Raghavendra.
Eclipse Attacks on Overlay Networks: Threats and Defenses By Atul Singh, et. al Presented by Samuel Petreski March 31, 2009.
Group-based Source Authentication in VANETs You Lu, Biao Zhou, Fei Jia, Mario Gerla UCLA {youlu, zhb, feijia,
Authentication protocol providing user anonymity and untraceability in wireless mobile communication systems Computer Networks Volume: 44, Issue: 2, February.
Multi-channel Wireless Sensor Network MAC protocol based on dynamic route.
5: DataLink Layer 5a-1 Multiple Access protocol. 5: DataLink Layer 5a-2 Multiple Access Links and Protocols Three types of “links”: r point-to-point (single.
User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:
Explicit and Implicit Pipelining in Wireless MAC Nitin Vaidya University of Illinois at Urbana-Champaign Joint work with Xue Yang, UIUC.
SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
DRAND: Distributed Randomized TDMA Scheduling for Wireless Ad-Hoc Networks Injong Rhee (with Ajit Warrier, Jeongki Min, Lisong Xu) Department of Computer.
Wireless Networks: Physical and Link Layers Wired Typically point-to- point connections Interference effects are not significant Not power constrained.
PAC: Perceptive Admission Control for Mobile Wireless Networks Ian D. Chakeres Elizabeth M. Belding-Royer.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
MAC Protocols for Sensor Networks
Introduction Wireless devices offering IP connectivity
A Novel Correlated Attributes Model for Malicious Detection in Wireless Sensor Networks Name: Patrick Zwane University: National Taipei University of.
MACAW: A Media Access Protocol for Wireless LAN’s
Multiple Access Methods
Goal Control the amount of traffic in the network
Mobi-Herald: Alert Propagation for MANETs*
An Overview of Security Issues in Sensor Network
Presentation transcript:

SybilCast: Broadcast on the Open Airwaves SETH GILBERT, CHAODONG ZHENG National University of Singapore

Base Station u u v v Sunday afternoon in Starbucks  v2 v3 v1 v4 v7 v8 v6 v9 v5 We have a Sybil attack!  Sybil identities: AliceSean B/2 B/10 …

Radios can access many channels u u msgAck for msg x x  msg  channel one channel two Honest users: always pass the test! Malicious users: lose (fake) id with 50% chance! Use radio resource testing! [1] N. James, E. Shi, D. Song, and A. Perrig. The sybil attack in sensor networks: Analysis & defenses. [2] D. Mónica, J. Leitão, L. Rodrigues, and C. Ribeiro. On the use of radio resource tests in wireless ad-hoc networks. Base Station v v y y !ALERT!

Challenges  Colluding:  Malicious users can cover more than one channel  Other malicious behavior:  Malicious user jam channels, and/or spoof messages  Continuous nature of the system:  Cannot run a set of tests and then stick to normal data deliver protocols  Efficiency of detection:  Overhead for detecting sybil identities must be low

Overview 1. Introducing sybil attacks 2. Model and problem 3. The SybilCast protocol:  Structure  Why it works

Model Base Station v v w w Channel two Channel c … Channel one

Channel two Channel c … Channel one Malicious users Base Station v v w w Sean Shirley x x y y q q r r Quit

Channel two Channel c … Channel one Problem: fair bandwidth access u u Sean Shirley data Base Station

Introducing SybilCast  Three phases per epoch:  Registration phase: new users join the network  Data phase: registered users receive data and authentication information  Verification phase: base station checks registered users time … d registered identities registration phase: at most d new ids registered data phase: at most 2d ids present verification phase: s ids removed 2d-s registered identities … one epoch

Why those lengths?  Balance sybil identities’ admission rate and honest identities’ admission rate:  Fast admission → Low registration overhead  However: Fast admission → More sybil identities → Low throughput  Registered identities at most double! time … d registered identities registration phase: at most d new ids registered data phase: at most 2d ids present verification phase: s ids removed 2d-s registered identities … one epoch

Registration phase … …

Challenges and Tools  Avoid jamming  Random uncoordinated frequency hopping  Authenticating nodes (to counter spoofing):  Hash chain  Avoid contention among nodes:  Backoff protocol (ensures delivery of single partial seed)  Registration list (ensures enough partial seeds)

Structure of SybilCast  Three phases per epoch:  Registration phase: new users join the network  Data phase: registered users receive data and authentication information  Verification phase: base station checks registered users time … d registered identities registration phase: at most d new ids registered data phase: at most 2d ids present verification phase: s ids removed 2d-s registered identities … one epoch

Channel one Channel two Channel three Data phase  Goal: deliver data and nonces to registered identities  Procedure for each round:  Base station chooses a random registered identity  Send a packet on the pre-agreed channel with data and nonce  Intended receiver get the data  All nodes on that channel record the nonce! Base Station u u v v w w random binary string datanonce

The Power of the Nonce TM

Verification phase

p finishes registration Putting everything together time … p initiate a request … epoch iepoch i+1epoch i+2epoch j p obtains first partial seed

Putting everything together

SybilCast’s key property

THIS IS IT!  SybilCast solves fair bandwidth allocation despite:  Sybil attacks! Jamming! Spoofing!  Combination of existing tools:  Radio resource testing, frequency hopping, hash chain, …  And innovations:  Admission rate control, deferred verification, …  Distri-SybilCast?  If you have questions, now is the time! Conclusion