Network Security Security in Wireless Ad Hoc Networks 1 Network Security Chapter 8. Security in Wireless Ad Hoc Networks

Network Security Security in Wireless Ad Hoc Networks 2  Introduction  Routing in Multihop Ad Hoc Networks  Key Establishment and Authentication  Confidentiality and Integrity –Loopholes  Bluetooth Objectives

Network Security Security in Wireless Ad Hoc Networks 3 Additional slide for the previous week.

Network Security Security in Wireless Ad Hoc Networks 4 Additional slide for the previous week.

Network Security Security in Wireless Ad Hoc Networks 5 Introduction What is Ad Hoc Network? What is the characteristic?

Network Security Security in Wireless Ad Hoc Networks 6  Ad Hoc Networks –Network formed on-the-fly (ad hoc, or as-needed basis) –Mainly refer to Wireless Ad Hoc network  Mobile Ad Hoc Networks(MANETs) –Nodes forming the network are mobile.  Usage scenario What is Ad Hoc Network?

Network Security Security in Wireless Ad Hoc Networks 7  No dedicated routing devices –Nodes themselves have to act as routers  Network topology may change rapidly and unpredictably as nodes move.  Other things – Battery life, bandwidth. Limitations

Network Security Security in Wireless Ad Hoc Networks 8 Classification  Geographically –Personal area networks(PANs) –Wide area networks(WANs)  Node’s capability of acting as router –Single-hop ad hoc network –Multi-hop ad hoc network – nodes have routing capability.  Normally –PAN – Single hop –Ad hoc LAN & Ad hoc WAN – multi-hop

Network Security Security in Wireless Ad Hoc Networks 9 Routing in Multi-hop Ad Hoc Networks Why routings are problem in a Multi-hop Ad Hoc Network?

Network Security Security in Wireless Ad Hoc Networks 10 Distance Vector Routing Updates(FYI)

Network Security Security in Wireless Ad Hoc Networks 11 Distance Vector Routing Updates(FYI)  RIP – Hop Count  IGRP and EIGRP – Bandwidth, Delay, Reliability, Load No! MTU is never used as a routing metric. Some documentation is incorrect on this item.

Network Security Security in Wireless Ad Hoc Networks 12 Distance Vector Routing Protocols-(FYI) “Routing by rumor” Each router receives a routing table from its directly connected neighbor routers. Router B receives information from Router A. Router B adds a distance vector number (such as a number of hops), which increases the distance vector. Then Router B passes this new routing table to its other neighbor, Router C. This same step-by-step process occurs in all directions between neighbor routers.

Network Security Security in Wireless Ad Hoc Networks 13 Distance Vector Routing Protocols-(FYI)

Network Security Security in Wireless Ad Hoc Networks 14 Distance Vector Network Discovery-(FYI) Routing Update

Network Security Security in Wireless Ad Hoc Networks 15 Distance Vector Network Discovery-(FYI) Routing Update

Network Security Security in Wireless Ad Hoc Networks 16 Distance Vector Network Discovery-(FYI) Convergence!

Network Security Security in Wireless Ad Hoc Networks 17  Modify existing link state or distance-vector routing protocol –Existing link state : OSPF –Existing distance-vector : RIPv2  Periodically distribute routing information.  Based on this information, each router maintains routing table which entries are best paths for a destination network.  Short forwarding delay.  Lots of overhead and battery life – network topology information distribution.  Suitable for a network where the number of nodes is small and nodes have limited mobility. Proactive Routing

Network Security Security in Wireless Ad Hoc Networks 18  Work by computing a route only when it is needed.  To forward a packet. 1) discover the route to the destination 2) sends out the message.  Saving bandwidth and battery life – do not require periodic transmission of messages.  Long forwarding delays.  Most suitable for a network  dynamic topology  A large number of nodes in the network. Reactive Routing

Network Security Security in Wireless Ad Hoc Networks 19 Hybrid Routing  Combine the advantage of proactive routing and reactive routing  Example : Zone Routing Protocol (ZRP)ZRP –Divide the network into zone –Within a zone (tire-1) – run reactive routing protocols. –Inter-zone – run proactive routing, inter zone message – routed via zone gateway. zone gateway forms tire-2 network.

Network Security Security in Wireless Ad Hoc Networks 20  Routing in ad hoc network is based on cooperation among nodes in the network. – inherent trust relationship among nodes –Attractive target for attacks.  Attacking source –External attacks – attack from external nodes (not part of the network) –Internal attacks – compromised node  Attacking type –Injecting erroneous routing information –Replying old routing information –Distorting routing information  Results –Unintended network partitioning, excessive traffic load, loops in the network, insufficient routing, total collapse of the network Routing Attacks

Network Security Security in Wireless Ad Hoc Networks 21 Routing Attacks  Internal attacks are more harder to detect – challenging field –Information is invalid ? Network topology change? Sending node compromised? Compromised node even can generate valid signature.- hard to detect.

Network Security Security in Wireless Ad Hoc Networks 22  Multiple path with sufficient valid nodes –Bypass the compromised nodes.  ARAN (Authenticated Routing for Ad Hoc Networks) –On-demand routing –PKI-based – signing routing massage using private key. –Heavy processing overhead –Does not protect against internal attack from compromised nodes.  SAR (Security-aware Ad Hoc Routing) –Use Symmetric Key Cryptography. – assign a trust level to each node. – Nodes at the same trust level shares symmetric key. – routing message is encrypted/decrypted Secure routing

Network Security Security in Wireless Ad Hoc Networks 23 Secure Routing  Non cryptographic approach – Sergio Marti et al. –Watchdogs Per-link encryption is not applied. listen to the next node’s transmission to find out it forwards the packet correctly. –Pathraters Combines the information collected from the watchdogs with the routing table information to select the most robust routing links. –Weakness Hidden node problem – possibility of collision at the watchdog (hidden node) or the receiver.  corrupt the information collected by watchdog. Does not prevent against internal routing attack (aim to network partition) Network partition – break a link between two nodes in the same network in some way.

Network Security Security in Wireless Ad Hoc Networks 24 Key Establishment and Authentication

Network Security Security in Wireless Ad Hoc Networks 25  Basis of most key establishment and authentication schemes for multi-hop ad networks.  PKC & PKI –use certificate to provide cryptographic service (confidentiality, authentication, data integrity, non-repudiation) –every node trust a third party (Certificate authority)  Roles of CA in PKI 1.Bob  CA : request Alice’s Public key. 2.CA  Bob: Certificate K iCA { Alice’s Public key is K WA } 3.Bob : decrypt the certificate (verify the CA’s signature) with CA’s public key and obtain Alice’s public key. 4.Now Bob trust Alice’s public key.  In Ad Hoc network −distribute CA’s functionality −Define virtual CA. −Use threshold cryptography – threshold secret sharing. Threshold Secret Sharing

Network Security Security in Wireless Ad Hoc Networks 26  Threshold cryptography –Divide the system secret into Q parts –Any S(< Q) of these parts are enough to carry out a cryptographic operation. – Q nodes poses shares of the system secret and any S of the node can work in coalition. –Ex) the concept of threshold cryptography f(x) = ax 2 + bx + c. f(x) : cryptographic function. a, b, c : secret parameter. each 5 nodes have a different valid point for a given secret a, b, c if 3 nodes points is enough to reconstruct the cryptographic function. Threshold Secret Sharing

Network Security Security in Wireless Ad Hoc Networks 27  Server in virtual –Initialize securely its share of the system secret. –A server knows the public key of all nodes which can join the ad hoc network.  Authentication in PKC 1.A  B : rand 2.B  A : E iB (rand) 3.A : decrypt B’s response and compare two rand value.  Authentication in threshold PKC 1.A  * : request B’s certificate 2.CA server  combiner : partial certificate for B 3.Combiner : generate complete certificate with S partial certificate. 4.Combiner  A : B’s certificate. Threshold Secret Sharing

Network Security Security in Wireless Ad Hoc Networks 28 Threshold Secret Sharing (TSS)  How to verify the validity of complete key. –Public key of the virtual CA is known to all nodes. –Combiner can verify the complete certificate by decrypting the complete certificate. –If verifying fails, combiner can use another partial certificate.  What if the combiner is compromised? –Assign the role of combiner to a server which is more secure. –Use multiple combiners. To protect against attack over long term period – periodically update the shared secrets.  What was the assumption in the TSS? –Secure initialization of shares secrets on Q servers. –Each server can be configured securely with the public keys of all nodes which can potentially join the ad hoc network. –How to reduce the dependency of the system on this assumption? – see text p.209.

Network Security Security in Wireless Ad Hoc Networks 29  After Authentication, perform a suitable key establishment protocol to establish a session key for the confidentiality and integrity service.  Because of limited processing power, most ad hoc would prefer to use stream cipher for encryption and an integrity algorithm. But be careful to use stream cipher in wireless environment. Confidentiality and Integrity

Network Security Security in Wireless Ad Hoc Networks 30 Bluetooth

Network Security Security in Wireless Ad Hoc Networks 31  Wireless ad hoc networking technology  Operates in the unlicensed 2.4GHz frequency range (Industrial Scientific and Medical (ISM) band).  Geographical coverage limited to personal areas networks (PAN)  Point-to-point and point-to-multipoint links  Support synchronous and asynchronous traffic  Concentrate on single-hop traffic.  FHSS with GFSK modulation  Low power and low cost given important consideration  Adopted as the IEEE PHY and MAC standard. (Wireless Personal Area Network standard ) Features of Bluetooth

Network Security Security in Wireless Ad Hoc Networks 32 Applications of Bluetooth  Cell phone  Interconnecting the various components (keyboard, mouse, monitor, ….) of PC.  Imagine your application?

Network Security Security in Wireless Ad Hoc Networks 33 Bluetooth Basics  Piconet concept –one master and up to seven active slaves (8 devices in a cell) –A device may participate in more than one piconet simultaneously.  Scatternet – joining more than two piconets. – rare in commercial deployments : routing and timing issue.

Network Security Security in Wireless Ad Hoc Networks 34 Security Modes  Only focus on Single-hop piconets in this study  Bluetooth define layer 1 & 2 protocol.  For the wide range application, tried to solve the problem of interoperability. –Defines application profiles (pf).  Application pf –Defines an unambiguous description of the communication interface between two Bluetooth devices or one particular service or application. –Basic pf - Fundamental procedure for Bluetooth communication. –Special pf – defined for distinct service or applications –Build new pf with existing pf  allowing hierarchical pf.

Network Security Security in Wireless Ad Hoc Networks 35 Profiles in Bluetooth  Each service or application selects the appropriate pf depending on its needs.  Each application may have different security requirements  Each pf may define different security modes.  GAP (Generic Access profile) – Discover Bluetooth device – Link management

Network Security Security in Wireless Ad Hoc Networks 36 Bluetooth Protocol stack

Network Security Security in Wireless Ad Hoc Networks 37 Security Modes  Security mechanism – implemented in Layer 2 link level.  Bluetooth security does not provide end-to-end security.  Dose not deal with application layer security  Implementation –Authentication procedure – must –Encryption procedure – may or may not  But usages are different aspect –master and slaver decide the use of each procedures

Network Security Security in Wireless Ad Hoc Networks 38 Security Modes  Modes 1 : Unsecured mode –If peer wish to auth. – another peer must respond to the challenge. –If peer with to enc.- another peer most use enc if it supports it.  Modes 3 : always on security mode –Always initiate authentication –Encryption is not compulsory term. –If peer want encryption  left to higher layer  Modes 2 : intermediate –All things are left to higher layer security manager.

Network Security Security in Wireless Ad Hoc Networks 39 Security levels  Device level : "trusted device" and "untrusted device.“ –Trusted device have unlimited service access  Services security levels: – Services that require authorization and authentication. – Services that require authentication only. – Services that are open to all devices

Network Security Security in Wireless Ad Hoc Networks 40 Key Establishment

Network Security Security in Wireless Ad Hoc Networks 41 Pass Key  Top level key = Pass-Key (PKEY), –Variable PKEYs – chosen at the time of pairing chosen at the time of pairing user enters during pairing process Usage scenario : conference room Bluetooth network with notebook. –Fixed PKEYs Preconfigured into the Bluetooth device. Usage scenario : network between the headset and cell phone. – can be as long as 127bits (not specify the exact length) – PKEY  Link Key If PKEY is small the dictionary attack is possible.

Network Security Security in Wireless Ad Hoc Networks 42 Initialization Key( K INIT )  Short-lived temporary key.  Used only during the pairing process.

Network Security Security in Wireless Ad Hoc Networks 43 Link Key( LK )  Shed secret when the pairing sequences ends.  Unit link key –Deprecated because of the security holes.  Combination link key –Derived from existing link key When devices are repeatedly communicate, store this link key to reuse. Maintain pairs –Derived from initialization key( K INIT )  3 source of link key –Use an existing link key. –Use an existing link key to generate a fresh link key. –Use the initialization key K INIT to generate a link key.

Network Security Security in Wireless Ad Hoc Networks 44 Combination Link Key Generation  K START : existing LK or K INIT

Network Security Security in Wireless Ad Hoc Networks 45 Encryption Key( CK of K C )

Network Security Security in Wireless Ad Hoc Networks 46  Because of export restriction( key size limitation ) Implemented in hardware using linear feedback and feed forward registers.  Payload Key (K P ) Constraint Key( K c ’ ) & Payload Key

Network Security Security in Wireless Ad Hoc Networks 47 Broadcast Key Hierarchy  Unicast : a master  a slave  Broadcast : a Master  * (with special address) overlay key can then be used for conveying the Master Key to each of the slaves.  Temporary key, never reused

Network Security Security in Wireless Ad Hoc Networks 48  E0 : stream cipher  E1,E3, E21, E22 : 128bit block cipher SAFER+ (was a candidate of AES) The Algorithms

Network Security Security in Wireless Ad Hoc Networks 49  Two party : –Claimant (claims a certain identity), verifier –Master and slave can acts as verifier depends on the upper layer. Who is the verifier depends on higher layers Authentication

Network Security Security in Wireless Ad Hoc Networks 50  ACO : used to generate KC (encryption key). –Serves to link authentication process to rest of the session. –For mutual authentication two ACOs – last ACO is used in KC gen. Authentication

Network Security Security in Wireless Ad Hoc Networks 51 Confidentiality

Network Security Security in Wireless Ad Hoc Networks 52  Access code - unencrypted –derived from masters MAC address of a piconet. –Uniquely identifies a piconet. - Identify the packet for the piconet. –Used by slave to synchronize their clock to the master’s closk.  Header : not encrypted  Payload : encrypted –CRC is appended before encryption. –Stream cipher – in a wireless medium, a security loophole. Changing the key per packet. – CK-VAL (changes every 625 usec) Bluetooth Packet Format

Network Security Security in Wireless Ad Hoc Networks 53  CRC – same loopholes as WEP (Chapter 7).  Some Attacks on Bluetooth –Algebraic attack and correlation attack on E0 frequent payload key change protect correlation attack. –Packet header no protection – Link Layer Attack. –Snarf attack – possible to connect to a cell without the knowledge of the owner. Can access phone book, calender, clock, IMEI (clone) –Ericsson, Nokia –Backdoor attack –BlueBug Integrity Protection

Network Security Security in Wireless Ad Hoc Networks 54  Bluetooth – IEEE Potentials Bluetooth – IEEE Potentials  Bluetooth Security White paper – IEEE Bluetooth expert Group. Bluetooth Security White paper  Security in Bluetooth, WLAN and IrDA: a comparison Security in Bluetooth, WLAN and IrDA: a comparison  Bluetooth Security – with some summary on the attacks Bluetooth Security – with some summary on the attacks Resources