How Does Topology Affect Security in Wireless Ad Hoc Networks? Ioannis Broustis CS 260 – Seminar on Network Topology
Motivation Wireless networks are more vulnerable to malicious attacks than wireline networks Lack of base station Limited power supply Dynamically changing topology Demand for innovative security algorithms A lot of work has been done with private/public keys and cryptography Only a few studies address topology-related aspects of security
Problems Dynamically changing topology hard to distinguish between legitimate and malicious actions Attackers can cheat on their actual location Intrusion detection must be performed in a distributed manner No base stations exist
Contribution In this work.. We show how can the topological aspects of the network affect its safety from attackers We describe the four location estimation techniques We explain why these methods are vulnerable to attacks We present all current mechanisms that detect intrusions having to do with topological aspects We propose a new topology-related scheme that addresses most of the attacks
Attacks Wormhole / tunnelling Two attackers create a tunnel that can be secretly used to transmit packets. Fake location claim A node advertizes an erroneous location to its neighbours
Attacks
Relation to Topology Fake location claims Mobility allows a modification of the routing table of the victim node Mobility of legitimate nodes may help attackers disperse their malicious information Mobile nodes have power and computation limitations
Location Estimation GPS (Global Positioning System) Satellites provide a 3-D position No information about positions of neighbour devices Nodes must exchange their GPS information (dangerous) Was not designed for security purposes ● Attack: Attacker feeds the GPS receiver with fake GPS messages
Location Estimation Radio (RF) Measure either the received RF signal strength, or the signal's ToF Receiver calculates the distance from the RF sender by measuring the signal strength. The receiver must trust the sender for the power at which the latter sent the RF signal. - RF signals travel at the speed of light attackers cannot decrease the ToF of the signal ToF better
Location Estimation Ultrasound (US) Measure the ToF of the sound signal between two nodes Often used together with the RF Both the US and RF signals are transmitted at the same time. – Cannot be used outdoors – Animal – unfriendly – Attacker may use the RF link to send the US
Location Estimation Infrared (IR) Measure ToF of the IR signal Disadvantage: a direct line-of-sight between the nodes is necessary New links can be established by redirecting the existing light beams – Attacker cannot speed-up the signal from one node to the other: upper-bound distances
Previous studies They are divided into 3 main categories: Private/public key authentication and management (beyond the scope of our study) Secure position-related ad hoc routing (interesting but we don't have time to talk about it now) Secure location verification of a node's claim
N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley. A set of verifiers V wish to verify whether a prover p is in a region R of interest Use of RF and US techniques Time to reach p using RF + the time for the return of the packet using US If elapsed time > threshold, V will reject the claim
N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley. Receiver's processing delay must be considered Attack: submit a position claim at the border of R At the same time, advertise an erroneous value for processing delay V thinks that p is inside R when in fact it is not Solution: V shrinks the allowable area V should reject the claim when the claimed position is within Dp * s of the outside border
N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley. Region of acceptance (ROA)
N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley. Region R is not always a circle Use more verifiers to cover the whole area No key management or cryptography required. No synchronization between V and p is required. Problem: is advertised Dp the actual one?
1. Use of Verifiable Multilateration It is performed by a set of verifiers S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004
2. Use of Verifiable Time Difference of Arrival A set of verifiers is also used S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004
Use of Landmarks S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004
Secure distributed positioning Basic Distance Verification (BDV) S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004
Possible new scheme
Conclusion The security aspects of the wireless network are closely related to its topology Currently there is no optimal solution on many intrusion problems New intelligent attacks are invented all the time Difficult to design a general solution Hot research subject Slide theme: Tom Karygiannis