Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2007 VDG, Sept 27, 2007 1 Handling New Adversaries in Secure MANETs Virgil D. Gligor Electrical and Computer Engineering University of Maryland.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2007 VDG, Sept 27, 2007 1 Handling New Adversaries in Secure MANETs Virgil D. Gligor Electrical and Computer Engineering University of Maryland."— Presentation transcript:

1 Copyright © 2007 VDG, Sept 27, 2007 1 Handling New Adversaries in Secure MANETs Virgil D. Gligor Electrical and Computer Engineering University of Maryland College Park, MD. 20742 gligor@umd.edu ZISC Wireless Security Workshop Zurich September 27-28, 2007 * based on joint work with S. F. Bahari

2 Copyright © 2007 VDG, Sept 27, 2007 2 Overview 1.New Adversary: Different from DY and Byzantine Models - capabilities: node capture, replication 2. An Approach for Handling Node Capture - example of emergent property 3. Ongoing and Future Research

3 Copyright © 2007 VDG, Sept 27, 2007 3 Approaches for Handling New Adversary 1.Detection and Recovery - Ex. Detection of node-replica attacks [Parno et al 2005] -Cost ? Traditional vs. Emergent Protocols -Advantage: always possible, good enough detection -Disadvantage: “when you’ve been had, you’ve been had by a professional” [S. Lipner, cca. 1985] 2.Avoidance: early detection of node capture - Ex. Periodic monitoring (depending on node protection) - Cost vs. timely detection ? False positives ? Missed detection? - Advantage: avoids damage done by new adversary - Disadvantage: cannot always be used (e.g., disconnected nodes – are these really networked ?) 3. Future: “prevent” attacks - questionable proposition

4 Copyright © 2007 VDG, Sept 27, 2007 4 Avoidance: Periodic Monitoring of Target Nodes Observation: Access to Node State (e.g., keys, memory content) requires the node to be taken “off-line” for time X - X is a random variable depending on - node security; e.g., quality of content obfuscation, physical protection - node overload; e.g., on-line attempts to access Node State - node failure; e.g., tampering with node while on-line leads to failure Idea: Node Status (on-, off-line) Monitoring by Neighbors in time T - T < X, capture (i.e., node offline) is always detected - T >= X, capture is never detected Key Design Parameters - cost (i.e., no. and frequency of messages) - false alarm rate - missed detection rate

5 Copyright © 2007 VDG, Sept 27, 2007 5 3 2 1 8 9 10 4 5 6 7 Communication Neighborhood monitoring target Approach: Periodic Monitoring of Target Nodes 11 12 13 14 propagate status Keying Neighborhood

6 Copyright © 2007 VDG, Sept 27, 2007 6 Pair-wise Monitoring Scheme Continuous network self monitoring in each neighborhood - really bad idea ? Ping message in time Response message in time Interval assignment for pinging based on node’s ID, j d-1 d i 2 1 K >> node degree

7 Copyright © 2007 VDG, Sept 27, 2007 7 Pair-wise Monitoring Scheme Failure to respond appropriately to ping message in next T p interval suggests node capture For example: –delayed response past next T p –inappropriate message content –packet loss, collision, or congestion –physical damage or battery depletion of the node Detection interval T= MxT e helps distinguish node capture from response failures for other reasons Successful capture requires access to node’s internal states within T No response within T (i.e., after M retries) => alarm Larger T (or M) => increased vulnerability to capture Smaller T (or M) => increased false-alarm rate

8 Copyright © 2007 VDG, Sept 27, 2007 8 Design Objectives – normal mode Missed Detection Capture time X (pdf f X (x)) is smaller than detection interval T Minimize the probability of a missed detection P m False Alarms: device did not respond properly in interval T but device is not captured Exchange messages are lost with probability p l Reach end of a T=MxT e interval without monitoring message (“pinging”) Maximize expected residual time-to-false-alarm of nodes L f Cost: neighbor “pinging” rate; p r = probability of sending a pinging message in T e Minimize p r

9 Copyright © 2007 VDG, Sept 27, 2007 9 Markov Chain Model Detection (steady) state S n (0  S n  M) of neighbor i w.r.t neighbor node j at epoch n: no. of successive T e epochs s (1  s  M) in which node i does not ping node j (probability 1-p r ) no. of successive epochs T e in which node i has not received any response »communication errors with probability p l »node j is captured and unable to respond probability of receiving a “ping” response P e = p r (1-p l )

10 Copyright © 2007 VDG, Sept 27, 2007 10 Steady State Analysis Steady state probability of being at each state s (no capture in progress)

11 Copyright © 2007 VDG, Sept 27, 2007 11 Probability of being at each state Increasing p r (and p e ) leads to longer time to false alarm more concentration of mass in higher states, i.e. around the regenerative points but incurs higher energy and communication costs Note: where p l is constant

12 Copyright © 2007 VDG, Sept 27, 2007 12 Missed Detection Probability of missed detection Given a witness node is in state s, the capture time for an adversary’s success on a target node should be X < T= sT e Therefore,

13 Copyright © 2007 VDG, Sept 27, 2007 13 Missed Detection Increasing detection interval T (or M) increases P m longer detection interval => more time to complete node capture for a given detection interval T (or M), higher p r => higher P m - in the limit, the entire detection interval T is available to adversary

14 Copyright © 2007 VDG, Sept 27, 2007 14 False Alarms Expected Residual time-to-false-alarm, L f T s = residual time-to-false-alarm at current state; i.e., time for transition to state 0, given in state s and no capture in progress False alarm rate = Inverse of expected residual time-to-false- alarm

15 Copyright © 2007 VDG, Sept 27, 2007 15 Increasing p r increases L f higher p r maintains nodes in higher states(i.e., longer time for non- captured nodes to reach false alarm state 0) Increasing M increases L f Higher M (or T) => higher chance to go back to regenerative state M False Alarms

16 Copyright © 2007 VDG, Sept 27, 2007 16 Sensitivity of L f to p r  higher p r leads to more concentration of states around higher values with correspondingly larger T s False Alarms

17 Copyright © 2007 VDG, Sept 27, 2007 17 Design Trade-offs Minimizing requires reducing and Maximizing requires increasing and Cost (e.g., energy) efficiency requires reducing Application is more sensitive to than Tradeoffs for Determining and Cost analysis Communication: message RX and TX per node per epoch Computation: MAC verifications and generations, and counter inc. Memory: registers per node (each associated with a neighbor) Probability of collision is upper-bounded by Increase K s.t K>> d

18 Copyright © 2007 VDG, Sept 27, 2007 18 Two Simplistic Examples Case 1: Weak node protection (e.g., obfuscation and physical security) Case 2: Strong node protection (e.g., obfuscation and physical security)

19 Copyright © 2007 VDG, Sept 27, 2007 19 An Emergent Protocol Goals Robustness of capture-detection scheme against faulty/malicious neighbors judgments about a common node Reducing the required energy (e.g., communication) costs for given node security Optimal parameters for given node security measures; e.g., p r, M, p r q-node Probabilistic Pinging Scheme

20 Copyright © 2007 VDG, Sept 27, 2007 20 q-node Probabilistic Pinging Scheme

21 Copyright © 2007 VDG, Sept 27, 2007 21 q-node Probabilistic Pinging Scheme each neighbor runs pair-wise probabilistic pinging protocol with a (target) node independently each received alert flag increments the counter corresponding to the target node kept in all its neighbors counter= q => set revocation flag by q parties (consensus among q neighbors about the target node) commit revocation flag and broadcast it by all q parties to the entire network each revocation flag expires after time T and corresponding Markov chain is reset back to its initial state M

22 Copyright © 2007 VDG, Sept 27, 2007 22 q-node Missed Detection missed detection: - at least d-q+1 witness neighbors do not flag “node capture” or equivalently, at most q-1 neighbors flag “node capture”

23 Copyright © 2007 VDG, Sept 27, 2007 23 q-node Missed Detection - no. of parties, q < d (=20) - lower P m than in pair-wise case below threshold q (e.g., q<=14); higher above Pair-wise case

24 Copyright © 2007 VDG, Sept 27, 2007 24 Expected Residual Time to False Alarm False alarm:  at least q neighbors inaccurately flag a target node as a “captured” Residual time-to-false-alarm  the average time it takes for at least q neighbors to reach false alarm Lower bound on the expected residual time-to-false- alarm  first q alarm flags arrive within time interval T given

25 Copyright © 2007 VDG, Sept 27, 2007 25 Residual time-to-false-alarm T s vs s in q-level consensus note limited number of possibilities for having q-level consensus within time interval T

26 Copyright © 2007 VDG, Sept 27, 2007 26 Probability of False Alarm Probability of False-Alarm = Pr(q alerts come within T)  depends on q almost exponentially; i.e. exp(-q)  threshold values above which the prob. of false alarms is min. e.g., q>= 4

27 Copyright © 2007 VDG, Sept 27, 2007 27 Rule of Thumb for Setting q Set the consensus level q as about 25% to 30% of the node degree in to minimize  probability of a missed-detection  probability of a false-alarm How robust is this “design rule” ? Overall cost ?

28 Copyright © 2007 VDG, Sept 27, 2007 28 Ongoing and Future Research 1. Explore the design space for “pinging” protocol - vary model parameters within all practical values - derive design rules 2. Find semi-synchronous protocols - viz., revocation approach of H. Chan et al IEEE-TDSC 2005 3. Find other tell-tale signs of node capture and compose them with current approach. - other emergent properties 4. Extend approach to other networks; e.g., mesh nets

Download ppt "Copyright © 2007 VDG, Sept 27, 2007 1 Handling New Adversaries in Secure MANETs Virgil D. Gligor Electrical and Computer Engineering University of Maryland."

Similar presentations

Nick Feamster CS 4251 Computer Networking II Spring 2008

Nick Feamster CS 4251 Computer Networking II Spring 2008
Multicasting in Mobile Ad hoc Networks By XIE Jiawei.

Multicasting in Mobile Ad hoc Networks By XIE Jiawei.
Marzieh Parandehgheibi

Marzieh Parandehgheibi
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian Perrig Virgil Gligor Carnegie Mellon UniversityUniversity of Maryland.

Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian Perrig Virgil Gligor Carnegie Mellon UniversityUniversity of Maryland.
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.

Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.
The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.

The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.
An Adaptive Energy-Efficient MAC Protocol for Wireless Sensor Network

An Adaptive Energy-Efficient MAC Protocol for Wireless Sensor Network
Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June 17-19 2002.

Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.

Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Chapter 7 Sampling Distributions

Chapter 7 Sampling Distributions
Exploring timing based side channel attacks against 802.11i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Similar presentations

Ads by Google