Cross Layer Architectures for Wireless Ad Hoc Networks PIs: Mart Molle, Srikanth V. Krishnamurthy Students: Ioannis Broustis, Arun Saha.

Slides:

Advertisements

Similar presentations

Chris Karlof and David Wagner

Advertisements

Security in Mobile Ad Hoc Networks

AUTHENTICATION AND KEY DISTRIBUTION

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

1 Security in Wireless Protocols Bluetooth, , ZigBee.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

Murat Demirbas Youngwhan Song University at Buffalo, SUNY

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security Awareness: Applying Practical Security in Your World

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

A distributed Search Service for Peer-to-Peer File Sharing in Mobile Applications From U. of Dortmund, Germany.

Authentication Approaches over Internet Jia Li

Chapter 10: Authentication Guide to Computer Network Security.

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.

WIRELESS LAN SECURITY Using

Wireless and Security CSCI 5857: Encoding and Encryption.

1 Secure Cooperative MIMO Communications Under Active Compromised Nodes Liang Hong, McKenzie McNeal III, Wei Chen College of Engineering, Technology, and.

CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.

“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.

How Does Topology Affect Security in Wireless Ad Hoc Networks? Ioannis Broustis CS 260 – Seminar on Network Topology.

Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Description of the monitoring system experimentation on the freight car pSHIELD Demonstrator Testbed Architecture pSHIELD Final Review Meeting, Bruxelles.

Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli

The Cryptographic Sensor FTO Libor Dostálek, Václav Novák.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.

NSRI1 Security of Wireless LAN ’ Seongtaek Chee (NSRI)

Chapter 4 Application Level Security in Cellular Networks.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Chapter 7 – Confidentiality Using Symmetric Encryption.

Based on Bruce Schneier Chapter 8: Key Management Dulal C Kar.

Digital Signatures, Message Digest and Authentication Week-9.

1 KERBEROS: AN AUTHENTICATION SERVICE FOR OPEN NETWORK SYSTEMS J. G. Steiner, C. Neuman, J. I. Schiller MIT.

Overview of cellular system

Grid technology Security issues Andrey Nifatov A hacker.

Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp , “Integrity.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

Wireless Network Security CSIS 5857: Encoding and Encryption.

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.

1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.

Fall 2006CS 395: Computer Security1 Key Management.

Kevin Harrison LTEC 4550 Assignment 3.  Ethernet Hub  An unsophisticated device that is used for connecting multiple Ethernet devices together.  Typically.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Presented by Edith Ngai MPhil Term 3 Presentation

MANAGEMENT AND METHODS OF MOBILE IP SECURITY

Radius, LDAP, Radius used in Authenticating Users

Localization with witnesses

Network Security – Kerberos

Presentation transcript:

Cross Layer Architectures for Wireless Ad Hoc Networks PIs: Mart Molle, Srikanth V. Krishnamurthy Students: Ioannis Broustis, Arun Saha

Specialized capabilities at the physical layer can offer enhanced performance. Layered approaches fail to effectively exploit these capabilities. Goals are to design, simulate and implement cross- layer architectures that exploit these capabilities. In particular, we focus on: Smart antenna-based networking Power heterogeneity, and how it affects protocols UWB-based networking How and why to exploit the physical layer to support message-based protocols for authenticating the location of a node Objectives of this Work

Relation to WHYNET Because our WHYNET funding is limited, we are supporting this work from multiple sources. We are also using some of the technologies developed from those other efforts. We are building a WHYNET testbed with Xbow Motes Plan to integrate testbed with UCLA via CENIC in the next year.

In this Presentation … Brief overview of cross-layer techniques for solving the “proof of location” problem in ad hoc networks Find the physical location of a node, relative to its neighbors, without trusting it Nodes may be lost, broken or malicious

Proof-of-Location Problem: Background Work GPS navigation system –Inverse problem to our question: One node privately calculates its own position –Geometry problem is equivalent to ours Cellular service: –Cell towers find location of mobile handset Towers have perfect time synchronization, known static positions, are all trustworthy…

Previous work on Timed-Echo Protocols for “proof-of-proximity” problem Sastry, et al. combine a radio challenge with an ultrasound reply –Sound is slow enough to measure easily, but easy to cheat –Does not authenticate the identity of the respondent Waters and Felten use radio for all messages, cryptography to secure messages against ID fraud –Users carry an external tamper-resistant, trusted hardware device (i.e.," smart card”) –Processing delay in the smart card is significant, but assumed constant and publicly known to all participants –Timing accuracy requirements seem unrealistic

Previous work related to accurate timing measurements Kennell and Jamieson used timed challenge-response to verify the configuration of a remote computer –How do I guard against being misrouted to an imposter? Brumley and Boneh steal a server’s private encryption key one bit at a time by measuring the response time to a sequence of queries –Decryption algorithm is iterative, like long division –Some iterations are skipped if data and key are related Both schemes assume only millisecond timing accuracy –Equivalent to distance error of LA to Santa Barbara Pasxtor and Veitch developed exotic GPS-enhanced network timing equipment to measure 1-way network delays –Testing showed significant differences between actual and intended transmit time by a host –0.5 ms for real-time OS, >10 ms for standard Linux-based system

Our Work: Use cross-layer support from Physical Layer to resolve problems not fixable at Layer 2 –Man-in-the-Middle attacks: Detect an intruder who inserts himself between nodes –Proxy attacks: Detect a “cheater” who wants to hide his absence from the assigned post by relaying his messages through a dumb relay at that location

Distance/Timing measurements: 2 frequencies, GPS-like geometry A C D B

Principle of inter-linked challenges Challenge K carries data needed to compute an “offline” response to challenge K+1 Response info is cached at the physical layer transceiver before challenge K+1 arrives Actual reply message is generated by the physical layer and transmitted immediately –Simple bit-wise XOR of cached response info with incoming challenge

Principle of partial response Man-in-the-Middle cannot benefit from relaying challenges and responses between bonafide nodes –Each node pair generates a unique session key –Reply message contains a small number of randomly chosen bits from the full response, chosen via the session key –MiM will receive useless bits from response

Challenge-Response Timing Diagram

Cheat-Resistant Features of our Approach Cross-layer generation of response messages prevents a cheater from starting its early, or transmitting at a slightly higher data rate to send the message in less time –Important because time stamps are based on the end-of- message-reception event, not start-of-reception –Can’t be hurried because next bit of the reply cannot be generated until the corresponding bit of new challenge is received Partial-response stops a man-in-the-middle –Even by knowing and relaying the challenge, he gets only a useless (for him) the response

Future Work Implementation using Motes or Robust solution of the geometrical problem –How to handle measurement errors? Kalman filtering –Byzantine algorithms to handle failures