Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis Patrick Tague, David Slater, and Radha Poovendran Network Security.

Slides:

Advertisements

Similar presentations

Security and Sensor Networks By Andrew Malone and Bryan Absher.

Advertisements

Chris Karlof and David Wagner

S Licentiate course on Telecommunications Technology (4+1+3 cr.) Course Topic Spring 2000: Routing Algorithms in the DiffServ MPLS Networks Introduction.

Internetworking II: MPLS, Security, and Traffic Engineering

Nanxi Kang Princeton University

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Data and Computer Communications Ninth Edition by William Stallings Chapter 12 – Routing in Switched Data Networks Data and Computer Communications, Ninth.

Rumor Routing in Sensor Networks David Braginsky and Deborah Estrin Presented By Tu Tran 1.

S I E M E N S C O R P O R A T E R E S E A R C H 1 1 A Seeded Image Segmentation Framework Unifying Graph Cuts and Random Walker Which Yields A New Algorithm.

Corp. Research Princeton, NJ Cut Metrics and Geometry of Grid Graphs Yuri Boykov, Siemens Research, Princeton, NJ joint work with Vladimir Kolmogorov,

1 Crosslayer Design for Distributed MAC and Network Coding in Wireless Ad Hoc Networks Yalin E. Sagduyu Anthony Ephremides University of Maryland at College.

1 ENERGY: THE ROOT OF ALL PERVASIVENESS Anthony Ephremides University of Maryland April 29, 2004.

Distributed Algorithms for Secure Multipath Routing

Localized Techniques for Power Minimization and Information Gathering in Sensor Networks EE249 Final Presentation David Tong Nguyen Abhijit Davare Mentor:

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Yashar Ganjali, and Abtin Keshavarzian Presented by: Isaac Keslassy Computer Systems Laboratory Department of Electrical Engineering Stanford University.

December 20, 2004MPLS: TE and Restoration1 MPLS: Traffic Engineering and Restoration Routing Zartash Afzal Uzmi Computer Science and Engineering Lahore.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

The Maryland Optics Group Multi-Hop View: Interfaces not available between (s, d): Try to create multi-hop path. Link Selection: Local Optimization: Select.

Challenge: Securing Routing Protocols Adrian Perrig

PROFITABLE CONNECTION ASSIGNMENT IN ALL OPTICAL WDM NETWORKS VISHAL ANAND LANDER (Lab. for Advanced Network Design, Evaluation and Research) In collaboration.

LCN 2007, Dublin 1 Non-bifurcated Routing in Wireless Multi- hop Mesh Networks by Abdullah-Al Mahmood and Ehab S. Elmallah Department of Computing Science.

A General approach to MPLS Path Protection using Segments Ashish Gupta Ashish Gupta.

Yashar Ganjali Joint work with: Abtin Keshavarzian June 4, 2003 Single-Path vs. Multi-Path Routing in Ad Hoc Networks.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Jerry Chou and Bill Lin University of California, San Diego

1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Rethinking Internet Traffic Management: From Multiple Decompositions to a Practical Protocol Jiayue He Princeton University Joint work with Martin Suchara,

A General approach to MPLS Path Protection using Segments Ashish Gupta Ashish Gupta.

SMUCSE 8344 Constraint-Based Routing in MPLS. SMUCSE 8344 Constraint Based Routing (CBR) What is CBR –Each link a collection of attributes (performance,

Electrical Circuits Dr. Sarika Khushalani Solanki

Special Topics on Algorithmic Aspects of Wireless Networking Donghyun (David) Kim Department of Mathematics and Computer Science North Carolina Central.

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 2007 (TPDS 2007)

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

QoS-Aware In-Network Processing for Mission-Critical Wireless Cyber-Physical Systems Qiao Xiang Advisor: Hongwei Zhang Department of Computer Science Wayne.

A Simple and Effective Cross Layer Networking System for Mobile Ad Hoc Networks Wing Ho Yuen, Heung-no Lee and Timothy Andersen.

Network Aware Resource Allocation in Distributed Clouds.

Adaptive CSMA under the SINR Model: Fast convergence using the Bethe Approximation Krishna Jagannathan IIT Madras (Joint work with) Peruru Subrahmanya.

June 21, 2007 Minimum Interference Channel Assignment in Multi-Radio Wireless Mesh Networks Anand Prabhu Subramanian, Himanshu Gupta.

Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

1 MANETS – An overview. 2 MANETs Model and Definitions Simulatability – mobility models Routing algorithms Security issues with routing algorithms Tracing.

H AZY S IGHTED L INK S TATE R OUTING P ROTOCOL Eleonora Borgia Pervasive Computing & Networking Lab. PerLab IIT – CNR MobileMAN.

Secure and Energy-Efficient Disjoint Multi-Path Routing for WSNs Presented by Zhongming Zheng.

TCP with Variance Control for Multihop IEEE Wireless Networks Jiwei Chen, Mario Gerla, Yeng-zhong Lee.

Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.

Symbiotic Routing in Future Data Centers Hussam Abu-Libdeh Paolo Costa Antony Rowstron Greg O’Shea Austin Donnelly MICROSOFT RESEARCH Presented By Deng.

Tufts Wireless Laboratory School Of Engineering Tufts University Paper Review “An Energy Efficient Multipath Routing Protocol for Wireless Sensor Networks”,

1 An Arc-Path Model for OSPF Weight Setting Problem Dr.Jeffery Kennington Anusha Madhavan.

به نام خدا سيد عليرضا كارداني مجتبي اميرخاني Path Set Selection in Mobile Ad Hoc Networks زمستان 1382.

November 4, 2003Applied Research Laboratory, Washington University in St. Louis APOC 2003 Wuhan, China Cost Efficient Routing in Ad Hoc Mobile Wireless.

MITRE 7 April 2009 CS 5214 Presenter: Phu-Gui Feng Performance Analysis of Distributed IDS Protocols for Mobile GCS Dr. Jin-Hee Cho, Dr. Ing-Ray Chen MITRE.

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

Adversary Models in Wireless Networks: Research Challenges Radha Poovendran Network Security Lab (NSL) University of Washington.

Optimization-based Cross-Layer Design in Networked Control Systems Jia Bai, Emeka P. Eyisi Yuan Xue and Xenofon D. Koutsoukos.

A Security Framework for ROLL draft-tsao-roll-security-framework-00.txt T. Tsao R. Alexander M. Dohler V. Daza A. Lozano.

The Inherent Security of Routing Protocols in Ad Hoc and Sensor Networks Tanya Roosta (EECS, Berkeley) In Collaboration With: Sameer Pai (ECE, Cornell)

Presented by Edith Ngai MPhil Term 3 Presentation

A Study of Group-Tree Matching in Large Scale Group Communications

Resource Allocation in Non-fading and Fading Multiple Access Channel

Lei Chen and Wendi B. Heinzelman , University of Rochester

Mobile ad hoc networking: imperatives and challenges

Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li University of Pittsburgh, Pittsburgh, PA Hui Ling.

Graph-based Security and Privacy Analytics via Collective Classification with Joint Weight Learning and Propagation Binghui Wang, Jinyuan Jia, and Neil.

2019/9/14 The Deep Learning Vision for Heterogeneous Network Traffic Control Proposal, Challenges, and Future Perspective Author: Nei Kato, Zubair Md.

Information Sciences and Systems Lab

Presentation transcript:

Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis Patrick Tague, David Slater, and Radha Poovendran Network Security Lab, Dept. of Electrical Engineering, University of Washington, Seattle, WA In collaboration with: Jason Rogers Naval Research Laboratory

1/24/2008 Outline Impact of Routing on Security in Ad Hoc Networks  Identifying Cross-Layer Vulnerabilities Quantifying Cross-Layer Vulnerabilities Examples/Applications 2 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Securing Network Assets Network Security Network is Available Network Performs Efficiently Network Provides Service Network Protects Data Denial of Service Attacks Resource Depletion Attacks Performance Degradation Attacks Crypto Attacks How do we understand the impact of these attacks? 3 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Security is established per-hop (i.e. link security) between neighboring nodes Security is established per-hop (i.e. link security) between neighboring nodes Challenges in Establishing Ad Hoc Network Security Network protocols rely on local information and peer cooperation Network protocols rely on local information and peer cooperation Ad Hoc Networks consist of resource-constrained nodes with no global network view Ad Hoc Networks consist of resource-constrained nodes with no global network view 4 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Per-hop security properties may not extend globally Data routed over multiple hops may traverse links that are vulnerable to attack 5 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Does the global exchange of data in networks using per-hop security weaken C/I? What vulnerabilities are introduced? How to evaluate confidentiality and/or integrity (C/I) of data traversing numerous links with differing security properties? Impact of Locality Constraints

1/24/2008 Goals of this Work Investigate the impact of routing on data security built on per-hop security Characterize & quantify the strength (weakness) of data security in multi-hop networks Provide a basis for joint evaluation of security and routing protocols with respect to cross- layer network vulnerabilities 6 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Example 1: Fixed single-path routing  Binary characterization of data security, i.e. either secure or insecure 7 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Impact of Routing on Security Compromise of a single link leads to recovery of all data. s d

1/24/2008 Example 2: Fixed multi-path routing  M-ary (fractional) metric for data security 2 M possible values for data security Impact of Routing on Security Fraction (1-f) Fraction f 8 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA 8 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Compromise of a single link leads to recovery of a fraction of data. s d

1/24/2008 Example 3: Fixed multi-path routing with dependent packets (threshold sharing, network coding, etc.) 9 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Impact of Routing on Security How to model routing/security interactions and provide a unified characterization of data security for arbitrary topologies and routing protocols? Compromise of a single link leads to no data recovery. s d

1/24/2008 Modeling Interactions between Routing and Security G sd – labeled, directed graph representing data flow from s to d  LS i – level of security provided by link i Function of node capabilities, crypto protocol, etc. Varies between links Varies over time (e.g. decreases with attack) 10 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA s d G sd LS 1 LS 4 LS 6 LS 5 LS 2 LS 3 LS 8 LS 7

1/24/2008 Route Vulnerability Metric Characterize data (in)security  V(G sd ) – the route vulnerability of the s-d flow Relative to a reference state G 0 sd (e.g. prior to attack) Varies continuously from V(G 0 sd ) = 0 to V(G sd ) = 1 as attack progresses 11 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Defining Route Vulnerability Compose the labeled graph G sd to an overall measure of data security  Metric units are same as link labels Ex: if link labels represent #shared keys securing the link, data security is equivalent #shared keys Transform data security measure to satisfy requirements of route vulnerability 12 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA How do we define a composition rule for overall data security as a function of G sd ?

1/24/2008 Composition: Step I 13 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA s d Claim: All data in an s-d flow is compromised if and only if an edge cut of links in the s-d flow is compromised. Composition - Step I: Map the routing topology to a collection of edge cuts (noting forward- vs. reverse-flow edges).

1/24/2008 Composition: Step II 14 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA s d Analogy: Security measures resistance to attack, just as electric resistance measures resistance to current. Composition - Step II: Map each edge cut to a (directed) resistive current path with zero resistance (unrestricted flow) along reverse-flow edges.

1/24/2008 Composition: Step III 15 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Circuit elements combine using the principle of superposition, but…  We have directional current path constraints which cannot be combined using superposition.  Solution: Construct directed resistors! Composition Step III: Replace each directed current path with a path of directed resistors and combine into an electric circuit E using superposition. R  0  R  Ideal diode

1/24/2008 Composition: Evaluation 16 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA s d Composition Rule: Equivalent security of data is the equivalent resistance R(G sd ) of the circuit E, referred to as the route resistance. Edge mapping to resistors is a 1-to-1 mapping

1/24/2008 Mapping to Electric Circuit Circuit construction  Efficient: edge cut decomposition not required For planar graphs, the electric circuit is related to the planar dual of the graph G sd For non-planar graphs, circuit duality properties give alternate construction using G sd  Properties “Weakest link” property of sequential links is maintained (i.e. parallel), R 1 || R 2 ≤ min{R 1,R 2 } Additive security for disjoint paths (i.e. series) 17 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Circuit Theoretic Metric To compute V(G sd ):  Construct equivalent circuit E  Compute equivalent resistance R(G sd )  Define V(G sd ) proportional to R(G sd ) -1  Linear (affine) transformation maps to [0,1] as a function of R(G 0 sd ) 18 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Application of Route Vulnerability Metric Example: node capture attacks  Active adversary eavesdrops, analyzes network traffic, participates in protocols  Data flow graph G sd = G sd (C) C = set of captured nodes G 0 sd = G sd (ø) Link labels indicate number of shared keys providing C/I for the link 19 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Node Capture Attacks using Route Vulnerability Optimal node capture attack:  Compute the set of nodes C s.t. V(G sd (C)) = 1 for all target s-d data flows cost(C) is minimized Iterative Heuristic:  Given C captured, choose n s.t. Aggregate increase in vulnerability per-unit-cost for all target flows is maximized 20 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Examples to Illustrate Route Vulnerability Evaluation An adversary can use the route vulnerability metric to improve attacks  Allows cross-layer adversary to perform near- optimal attack  Examples: Compromise of data integrity in target tracking Compromise of data confidentiality in distributed content dissemination using network coding  Simulation: Compromise of data confidentiality in large-scale ad hoc network using random key assignment 21 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Example: Target Tracking Application Goal:  Compromise integrity of alarm data  Modify/erase alarm signals to base nodes Attack:  Use V(G sd ) for single-path routes to identify vulnerabilities  Heuristic algorithm  Compromise link integrity using recovered keys 22 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Example: Data Dissemination using Network Coding Goal of attack:  Compromise confidentiality of data  E.g. violation of user privacy Attack:  Use V(G sd ) for dependent data flow to identify vulnerabilities  Heuristic algorithm  Compromise link integrity using recovered keys 23 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Large-Scale Simulation Results Comparison:  Node capture attacks using Random capture #Recovered keys #Compromised links Total traffic through captured nodes Route Vulnerability  For Single path routing Dependent multi-path routing 24 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Summary of Contributions Impact of routing on security Route vulnerability metric  Provides insight into the impact of cross-layer adversaries  Allows for joint evaluation of security and routing protocols Exposes cross-layer vulnerabilities Can help determine suitable protocols for a given application/deployment 25 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

1/24/2008 Thank you for your time & attention! 26 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA ? ? ? ? ? ? ? Questions?