1 Some Security Challenges for Mesh Networks Jean-Pierre Hubaux EPFL Switzerland Joint work with Imad Aad, Naouel Ben Salem, Levente Buttyan, Srdjan Capkun,

Slides:



Advertisements
Similar presentations
February 20, Spatio-Temporal Bandwidth Reuse: A Centralized Scheduling Mechanism for Wireless Mesh Networks Mahbub Alam Prof. Choong Seon Hong.
Advertisements

Secure Time Synchronization Service for Sensor Networks S. Ganeriwal, R. Kumar, M. B. Sirvastava Presented by: Kaiqi Xiong 11/28/2005 Computer Science.
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
MAC Layer Misbehavior in Wireless Networks Pradeep Kyasanur Nitin H. Vaidya University of Illinois at Urbana-Champaign.
EPFL, Lausanne, Switzerland Márk Félegyházi Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks – the Static Case Márk Félegyházi.
Dealing with Selfish and Malicious Nodes in Ad Hoc Networks.
Incentive-Compatible Opportunistic Routing for Wireless Networks Fan Wu, Tingting Chen, Sheng Zhong (SUNY Buffalo) Li Erran Li Li Erran Li (Bell Labs)
Stimulation for Cooperation in Ad Hoc Networks: Beyond Nuglets Levente Buttyán, Jean-Pierre Hubaux, and Naouel Ben Salem Swiss Federal Institute of Technology.
GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
Hubaux Ne X tworking’03 June 23-25,2003, Chania, Crete, Greece The First COST-IST(EU)-NSF(USA) Workshop on EXCHANGES & TRENDS IN N ETWORKING 1 Self-organization.
A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop Cellular Networks N. Ben Salem*, L. Buttyán**, J.-P. Hubaux* and M. Jakobsson*** * Laboratory.
Sustaining Cooperation in Multi-Hop Wireless Networks Ratul Mahajan, Maya Rodrig, David Wetherall, John Zahorjan University of Washington.
Marcin Poturalski, Manuel Flury,
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Stimulation for Cooperation in Ad Hoc and Multi-hop Cellular Networks N. Ben Salem*, L. Buttyán*, J.-P. Hubaux* and M. Jakobsson** * Laboratory of Computer.
CS 495 Advanced Networking David R. Choffnes, Spring 2005 Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, Edward W. Knightly.
Chapter 9: Selfish behavior at the MAC layer of CSMA/CA
1 MSWiM 2004 Rational Behaviors in WiFi Hotspots and in Ad Hoc Networks Jean-Pierre Hubaux EPFL.
1 SOWER: Self-Organizing Wireless Network for Messaging Márk Félegyházi {mark.felegyhazi, srdan.capkun, Srdjan Čapkun Jean-Pierre.
MAC Layer (Mis)behaviors Christophe Augier - CSE Summer 2003.
Cooperation between Nodes in Multi-Hop Wireless Networks Jean-Pierre Hubaux 1 Joint work with Naouel Ben Salem 1, Levente Buttyan 2, Srdjan Čapkun 1, Mark.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 3: Trust assumptions and.
A Reputation Based Scheme for Stimulating Cooperation Aruna Balasubramanian, Joy Ghosh and Xin Wang University at Buffalo (SUNY), Buffalo, NY {ab42, joyghosh,
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.
Cyclex An Efficient Cheating-Resistant MAC Protocol Jim Pugh Mentors: Imad Aad, Mario Čagalj, Prof. Jean-Pierre Hubaux.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
1 Jean-Pierre Hubaux EPFL/School of Information and Communication Secure Mobility.
1 ESAS 2004 New Research Challenges for the Security of Ad Hoc and Sensor Networks Jean-Pierre Hubaux EPFL.
Copyright: UC Riverside Alleviating the effects of mobility on TCP Performance Signal Strength based Link Management Fabius Klemm *, Srikanth Krishnamurthy.
1 The Security and Privacy of Smart Vehicles Jean-Pierre Hubaux EPFL Joint work with Srdjan Capkun, Jun Luo, and Maxim Raya
Power saving technique for multi-hop ad hoc wireless networks.
5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.
1 A Practical Secure Neighbor Verification Protocol for Wireless Sensor Networks Reza Shokri, Marcin Poturalski, Gael Ravot, Panos Papadimitratos, and.
Selfish MAC Layer Misbehavior in Wireless Networks Pradeep Kyasanur and Nitin H. Vaidya 2005 IEEE Reviewed by Dean Chiang.
Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.
MAC Protocols and Security in Ad hoc and Sensor Networks
How Does Topology Affect Security in Wireless Ad Hoc Networks? Ioannis Broustis CS 260 – Seminar on Network Topology.
A Survey of Secure Location Schemes in Wireless Networks /5/21.
Secure Protocols for Behavior Enforcement Slides elaborated by Julien Freudiger and adapted by Jean-Pierre Hubaux Note: this chapter.
A Cooperative Diversity- Based Robust MAC Protocol in wireless Ad Hoc Networks Sangman Moh, Chansu Yu Chosun University, Cleveland State University Korea,
Towards Provable Secure Neighbor Discovery in Wireless Networks Marcin Poturalski Panos Papadimitratos Jean-Pierre Hubaux.
Fuzzy Trust Recommendation Based on Collaborative Filtering for Mobile Ad-hoc Networks Junhai Luo 1,2, Xue Liu 1, Yi Zhang 3,Danxia Ye 2,Zhong Xu 1 1 McGill.
Secure Neighbor Discovery in Wireless Networks Marcin Poturalski, Panos Papadimitratos, Jean-Pierre Hubaux 1.
Using Directional Antennas to Prevent Wormhole Attacks Lingxuan HuDavid Evans Department of Computer Science University of Virginia.
1 Core-PC: A Class of Correlative Power Control Algorithms for Single Channel Mobile Ad Hoc Networks Jun Zhang and Brahim Bensaou The Hong Kong University.
Integrity-regions: Authentication Through Presence in Wireless Networks Srdjan Čapkun 1 and Mario Čagalj 2 1 Department of Computer Science, ETH Zurich.
1 Heterogeneity in Multi-Hop Wireless Networks Nitin H. Vaidya University of Illinois at Urbana-Champaign © 2003 Vaidya.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 3: Trust assumptions and.
A Micro-Payment Scheme Encouraging Collaboration in Multi-Hop Cellular Networks Markus Jakobsson 1 Jean- Pierre Hubaux 2 Levente Buttyán 2,3 1 RSA Laboratories.
1 Objective and Secure Reputation-Based Incentive Scheme for Ad-Hoc Networks Dapeng Oliver Wu Electrical and Computer Engineering University of Florida.
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
1 Protocols for the Wireless Paranoid Nitin Vaidya University of Illinois Slightly revised version of slides used for.
1 Exploiting Diversity in Wireless Networks Nitin H. Vaidya University of Illinois at Urbana-Champaign Presentation at Mesh.
Differential Ad Hoc Positioning Systems Presented By: Ramesh Tumati Feb 18, 2004.
SenProbe: Path Capacity Estimation in Wireless Sensor Networks Tony Sun, Ling-Jyh Chen, Guang Yang M. Y. Sanadidi, Mario Gerla.
1/26 Module C - Part 2 DOMINO Detection Of greedy behavior in MAC layer of IEEE public NetwOrks Prof. JP Hubaux Mobile Networks
Stretchable Architectures for Next Generation Cellular Networks Presented By Shashidhar Lakkavalli, Ansuya Negi and Dr. Suresh Singh Portland State University.
Turkmen Canli ± and Ashfaq Khokhar* Electrical and Computer Engineering Department ± Computer Science Department* The University of Illinois at Chicago.
Efficient Geographic Routing in Multihop Wireless Networks Seungjoon Lee*, Bobby Bhattacharjee*, and Suman Banerjee** *Department of Computer Science University.
Secure positioning in Wireless Networks Srdjan Capkun, Jean-Pierre Hubaux IEEE Journal on Selected area in Communication Jeon, Seung.
Selfish MAC Layer Misbehavior in Wireless Networks ECE 299, Karthik Balasubramanian February 8, 2007 Nitin Vaidya and Pradeep Kyasanur.
MAC Protocols for Sensor Networks
-Internet On Road. INTRODUCTION Driving means constantly changing location. This, in turn, means a constant demand for information on the current location.
MAC Protocols for Sensor Networks
Self Organized Networks
DOMINO: A System to Detect Greedy Behavior in IEEE Hotspots
Cross-layer Analysis for detecting Wireless Misbehavior
Presentation transcript:

1 Some Security Challenges for Mesh Networks Jean-Pierre Hubaux EPFL Switzerland Joint work with Imad Aad, Naouel Ben Salem, Levente Buttyan, Srdjan Capkun, Markus Jakobsson, and Maxim Raya Funded by the MICS/Terminodes project,

2 Some Security Challenges for Mesh Networks Outline 1. Preventing greedy behavior at the MAC layer 2. Secure positioning 3. Cooperation between nodes

3 1. Preventing greedy behavior at the MAC layer Well-behaved node Cheater Well-behaved node

4 IEEE MAC – Brief reminder

5 Misbehavior techniques – NAV

6 Misbehavior techniques – DIFS

7 Misbehavior techniques – Frame scrambling

8 Misbehavior techniques – Backoff

9 Solution 1  Detection and handling of MAC layer misbehavior in wireless networks (Kyasanur and Vaidya, DSN 2003)  Idea: the receiver assigns backoff values to the sender  Detection: compares expected and observed backoffs  Correction: assigns penalty to the cheater

10 Solution 2  DOMINO (Raya, Hubaux, and Aad, MobiSys 2004)  Idea: monitor the traffic and detect deviations by comparing average values of observed users  Detection tests: number of retransmissions, backoff, …  Features: Full standard compliance Needs to be implemented only at the Access Point Applicable to all CSMA/CA-based protocols Simple and efficient  The operator decides the amount of evidence required before taking action (in order e.g. to prevent false positives)  Game-theoretic study: M. Cagalj, S. Ganeriwal, I. Aad and J.-P. Hubaux "On Cheating in CSMA/CA Networks" Technical report No. IC/2004/27, February 2004

11 Components of DOMINO Consecutive backoff Actual backoff Maximum backoff: the maximum should be close to CWmin - 1 Backoff manipulation Comparison of the idle time after the last ACK with DIFS Transmission before DIFS Comparison of the declared and actual NAV values Oversized NAV Number of retransmissions Frame scrambling Detection testCheating method

12 DOMINO performance (ns-2 simulation) Setting: uplink UDP traffic; 7 well-behaved stations + 1 cheating station; each point corresponds to 100 simulations of 10s each; confidence int: 95%

13 2. Secure positioning Being able to securely verify positions of devices can enable: - Location-based access control - Detection of displacement of valuables - Detection of stealing - Monitoring and enforcement of policies (e.g., traffic monitoring) - Location-based charging - … In multi-hop networks - Secure routing - Secure positioning - Secure data harvesting (sensor networks) - …

14 Distance measurement by Time of Flight (ToF) - Based on the speed of light (RF, Ir) ts A B (A and B are synchronized - ToF) tr d ABm =(tr-ts)c ts - Based on the speed of sound (Ultrasound) (A and B are NOT synchronized – Round trip ToF) tr d ABm =(tr-ts-t procB )c/2 ts A B tr(RF) d ABm =(tr(RF)-tr(US))s ts tr(US)

15 Attacks on RF and US ToF-based techniques - Dishonest device: cheat on the time of sending (ts) or time of reception (tr) ts 1. Overhear and jam 2. Replay with a delay Δt A B (A and B are assumed to be synchronised) tr d ABm =(tr-ts)c ts B tr+Δt d ABm =(tr+Δt-ts)c ts+Δt M => d ABm >d AB - Malicious attacker: 2 steps: M

16 Summary of possible attacks on distance measurement Malicious attackers RSS (Received Signal Strength) Distance enlargement and reduction Distance enlargement and reduction Ultrasound Time of Flight Distance enlargement and reduction Distance enlargement and reduction Radio Time of Flight Distance enlargement and reduction Distance enlargement only Dishonest nodes

17 Secure positioning - Goals: - preventing a dishonest node from cheating about its own position - preventing a malicious attacker from spoofing the position of an honest node - Our proposal: Verifiable Multilateration

18 Distance Bounding (RF) ts BS A N BS tr - Introduced in 1993 by Brands and Chaum to prevent the Mafia fraud attack d real ≤ db = (tr-ts)c/2 (db=distance bound)

19 Distance bounding characteristics RSS Distance enlargement and reduction US ToF Distance enlargement and reduction Distance enlargement and reduction RF ToF Distance enlargement and reduction Distance enlargement only RF Distance Bounding Distance enlargement only US Distance Bounding Distance enlargement only Distance enlargement and reduction Malicious attackers Dishonest nodes - RF distance bounding: - nanosecond precision required, 1ns ~ 30cm - UWB enables clock precision up to 2ns and 1m positioning indoor and outdoor (up to 2km) with RF ToF - US distance bounding: - millisecond precision required,1ms ~ 35cm - distance bounding can be enabled with and US

20 Verifiable Multilateration (Trilateration) x y (x,y) BS1 BS2 BS3 Verification triangle Distance bounding A

21 Verifiable Multilateration (properties 1/2) - a malicious attacker cannot spoof the position of a node such that it seems that the node is at a position different from its real position within the triangle - a node located within the triangle cannot prove to be at another position within the triangle except at its true position. - a node located outside the triangle formed by the verifiers cannot prove to be at any position within the triangle - a malicious attacker cannot spoof the position of a node such that it seems that it is located at a position within the triangle, if the node is outside the triangle

22 Verifiable Multilateration (properties 2/2) - a node can show (by distance enlargement) that it is positioned outside the triangle - an attacker can always show that the node is positioned outside the triangle Srdjan Capkun and Jean-Pierre Hubaux Securing position and distance verification in wireless networks Technical report EPFL/IC/ , May 2004 Srdjan Capkun and Jean-Pierre Hubaux Secure Positioning in Sensor Networks Technical report EPFL/IC/ , May 2004 The same holds in 3-D, with a triangular pyramid instead of a triangle

23 Multi-hop mesh networks represent a new and promising paradigm, but … No incentive  the network does not work : V. Srinivasan, P. Nuggehalli, C. Chiasserini, and R. Rao, Infocom 2003 M. Felegyhazi, L. Buttyan, and J. P. Hubaux, PWC 2003 Why would intermediate nodes bother to relay packets for the benefit of other nodes? 3. Cooperation between nodes Autonomous multi-hop networks R. Mahajan, M. Rodrig, D. Wetherhall, and J. Zahorjan, “Encouraging Cooperation in Multi-Hop Wireless Networks,” Technical Report CSE , Univ. of Washington, June 2004

24 Incentive techniques: other scenarios Multi-hop networks with permanent access to the backbone Solution based on lottery tickets: M. Jakobsson, J.-P. Hubaux and L. Buttyan, "A Micro-Payment Scheme Encouraging Collaboration in Multi-Hop Cellular Networks", Financial Crypto 2003 Systematic payment: N. Ben Salem, L. Buttyán, J.-P. Hubaux and M. Jakobsson, "A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop Cellular Networks", MobiHoc 2003 Multi-hop networks with sporadic access to the backbone S. Zhong, Y. R. Yang, and J. Chen, “Sprite: A Simple, Cheat-Proof, Credit-Based System for Mobile Ad Hoc Networks,” INFOCOM 2003 A i 1 BS A B j 1 BS B InitiatorCorrespondent Backbone

25 Conclusion  Mesh networks must be secured prior to any commercial deployment  A number of research results from the security of wireless (ad hoc) networks can be used or adapted, notably:  To prevent greedy behavior  To secure positioning  To stimulate cooperation between nodes  There are more challenges, in particular:  Preventing denial of service attacks  Stimulation of the network deployment

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.