Presentation is loading. Please wait.

Presentation is loading. Please wait.

Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis Patrick Tague, David Slater, and Radha Poovendran Network Security.

Published byEaster Watkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis Patrick Tague, David Slater, and Radha Poovendran Network Security."— Presentation transcript:

1 Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis Patrick Tague, David Slater, and Radha Poovendran Network Security Lab, Dept. of Electrical Engineering, University of Washington, Seattle, WA In collaboration with: Jason Rogers Naval Research Laboratory

2 1/24/2008 Outline Impact of Routing on Security in Ad Hoc Networks  Identifying Cross-Layer Vulnerabilities Quantifying Cross-Layer Vulnerabilities Examples/Applications 2 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

3 1/24/2008 Securing Network Assets Network Security Network is Available Network Performs Efficiently Network Provides Service Network Protects Data Denial of Service Attacks Resource Depletion Attacks Performance Degradation Attacks Crypto Attacks How do we understand the impact of these attacks? 3 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

4 1/24/2008 Security is established per-hop (i.e. link security) between neighboring nodes Security is established per-hop (i.e. link security) between neighboring nodes Challenges in Establishing Ad Hoc Network Security Network protocols rely on local information and peer cooperation Network protocols rely on local information and peer cooperation Ad Hoc Networks consist of resource-constrained nodes with no global network view Ad Hoc Networks consist of resource-constrained nodes with no global network view 4 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

5 1/24/2008 Per-hop security properties may not extend globally Data routed over multiple hops may traverse links that are vulnerable to attack 5 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Does the global exchange of data in networks using per-hop security weaken C/I? What vulnerabilities are introduced? How to evaluate confidentiality and/or integrity (C/I) of data traversing numerous links with differing security properties? Impact of Locality Constraints

6 1/24/2008 Goals of this Work Investigate the impact of routing on data security built on per-hop security Characterize & quantify the strength (weakness) of data security in multi-hop networks Provide a basis for joint evaluation of security and routing protocols with respect to cross- layer network vulnerabilities 6 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

7 1/24/2008 Example 1: Fixed single-path routing  Binary characterization of data security, i.e. either secure or insecure 7 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Impact of Routing on Security Compromise of a single link leads to recovery of all data. s d

8 1/24/2008 Example 2: Fixed multi-path routing  M-ary (fractional) metric for data security 2 M possible values for data security Impact of Routing on Security Fraction (1-f) Fraction f 8 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA 8 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Compromise of a single link leads to recovery of a fraction of data. s d

9 1/24/2008 Example 3: Fixed multi-path routing with dependent packets (threshold sharing, network coding, etc.) 9 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Impact of Routing on Security How to model routing/security interactions and provide a unified characterization of data security for arbitrary topologies and routing protocols? Compromise of a single link leads to no data recovery. s d

10 1/24/2008 Modeling Interactions between Routing and Security G sd – labeled, directed graph representing data flow from s to d  LS i – level of security provided by link i Function of node capabilities, crypto protocol, etc. Varies between links Varies over time (e.g. decreases with attack) 10 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA s d G sd LS 1 LS 4 LS 6 LS 5 LS 2 LS 3 LS 8 LS 7

11 1/24/2008 Route Vulnerability Metric Characterize data (in)security  V(G sd ) – the route vulnerability of the s-d flow Relative to a reference state G 0 sd (e.g. prior to attack) Varies continuously from V(G 0 sd ) = 0 to V(G sd ) = 1 as attack progresses 11 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

12 1/24/2008 Defining Route Vulnerability Compose the labeled graph G sd to an overall measure of data security  Metric units are same as link labels Ex: if link labels represent #shared keys securing the link, data security is equivalent #shared keys Transform data security measure to satisfy requirements of route vulnerability 12 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA How do we define a composition rule for overall data security as a function of G sd ?

13 1/24/2008 Composition: Step I 13 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA s d Claim: All data in an s-d flow is compromised if and only if an edge cut of links in the s-d flow is compromised. Composition - Step I: Map the routing topology to a collection of edge cuts (noting forward- vs. reverse-flow edges).

14 1/24/2008 Composition: Step II 14 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA s d Analogy: Security measures resistance to attack, just as electric resistance measures resistance to current. Composition - Step II: Map each edge cut to a (directed) resistive current path with zero resistance (unrestricted flow) along reverse-flow edges.

15 1/24/2008 Composition: Step III 15 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Circuit elements combine using the principle of superposition, but…  We have directional current path constraints which cannot be combined using superposition.  Solution: Construct directed resistors! Composition Step III: Replace each directed current path with a path of directed resistors and combine into an electric circuit E using superposition. R  0  R  Ideal diode

16 1/24/2008 Composition: Evaluation 16 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA s d 2 2 1 1 3 2 2 1 2 1 1 1 3 2 Composition Rule: Equivalent security of data is the equivalent resistance R(G sd ) of the circuit E, referred to as the route resistance. Edge mapping to resistors is a 1-to-1 mapping

17 1/24/2008 Mapping to Electric Circuit Circuit construction  Efficient: edge cut decomposition not required For planar graphs, the electric circuit is related to the planar dual of the graph G sd For non-planar graphs, circuit duality properties give alternate construction using G sd  Properties “Weakest link” property of sequential links is maintained (i.e. parallel), R 1 || R 2 ≤ min{R 1,R 2 } Additive security for disjoint paths (i.e. series) 17 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

18 1/24/2008 Circuit Theoretic Metric To compute V(G sd ):  Construct equivalent circuit E  Compute equivalent resistance R(G sd )  Define V(G sd ) proportional to R(G sd ) -1  Linear (affine) transformation maps to [0,1] as a function of R(G 0 sd ) 18 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

19 1/24/2008 Application of Route Vulnerability Metric Example: node capture attacks  Active adversary eavesdrops, analyzes network traffic, participates in protocols  Data flow graph G sd = G sd (C) C = set of captured nodes G 0 sd = G sd (ø) Link labels indicate number of shared keys providing C/I for the link 19 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

20 1/24/2008 Node Capture Attacks using Route Vulnerability Optimal node capture attack:  Compute the set of nodes C s.t. V(G sd (C)) = 1 for all target s-d data flows cost(C) is minimized Iterative Heuristic:  Given C captured, choose n s.t. Aggregate increase in vulnerability per-unit-cost for all target flows is maximized 20 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

21 1/24/2008 Examples to Illustrate Route Vulnerability Evaluation An adversary can use the route vulnerability metric to improve attacks  Allows cross-layer adversary to perform near- optimal attack  Examples: Compromise of data integrity in target tracking Compromise of data confidentiality in distributed content dissemination using network coding  Simulation: Compromise of data confidentiality in large-scale ad hoc network using random key assignment 21 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

22 1/24/2008 Example: Target Tracking Application Goal:  Compromise integrity of alarm data  Modify/erase alarm signals to base nodes Attack:  Use V(G sd ) for single-path routes to identify vulnerabilities  Heuristic algorithm  Compromise link integrity using recovered keys 22 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

23 1/24/2008 Example: Data Dissemination using Network Coding Goal of attack:  Compromise confidentiality of data  E.g. violation of user privacy Attack:  Use V(G sd ) for dependent data flow to identify vulnerabilities  Heuristic algorithm  Compromise link integrity using recovered keys 23 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

24 1/24/2008 Large-Scale Simulation Results Comparison:  Node capture attacks using Random capture #Recovered keys #Compromised links Total traffic through captured nodes Route Vulnerability  For Single path routing Dependent multi-path routing 24 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

25 1/24/2008 Summary of Contributions Impact of routing on security Route vulnerability metric  Provides insight into the impact of cross-layer adversaries  Allows for joint evaluation of security and routing protocols Exposes cross-layer vulnerabilities Can help determine suitable protocols for a given application/deployment 25 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA

26 1/24/2008 Thank you for your time & attention! 26 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA ? ? ? ? ? ? ? Questions?

Download ppt "Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis Patrick Tague, David Slater, and Radha Poovendran Network Security."

Similar presentations

Security and Sensor Networks By Andrew Malone and Bryan Absher.

Security and Sensor Networks By Andrew Malone and Bryan Absher.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
S-38.130 Licentiate course on Telecommunications Technology (4+1+3 cr.) Course Topic Spring 2000: Routing Algorithms in the DiffServ MPLS Networks Introduction.

S Licentiate course on Telecommunications Technology (4+1+3 cr.) Course Topic Spring 2000: Routing Algorithms in the DiffServ MPLS Networks Introduction.
Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
Nanxi Kang Princeton University

Nanxi Kang Princeton University
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Data and Computer Communications Ninth Edition by William Stallings Chapter 12 – Routing in Switched Data Networks Data and Computer Communications, Ninth.

Data and Computer Communications Ninth Edition by William Stallings Chapter 12 – Routing in Switched Data Networks Data and Computer Communications, Ninth.
Rumor Routing in Sensor Networks David Braginsky and Deborah Estrin Presented By Tu Tran 1.

Rumor Routing in Sensor Networks David Braginsky and Deborah Estrin Presented By Tu Tran 1.
S I E M E N S C O R P O R A T E R E S E A R C H 1 1 A Seeded Image Segmentation Framework Unifying Graph Cuts and Random Walker Which Yields A New Algorithm.

S I E M E N S C O R P O R A T E R E S E A R C H 1 1 A Seeded Image Segmentation Framework Unifying Graph Cuts and Random Walker Which Yields A New Algorithm.
Corp. Research Princeton, NJ Cut Metrics and Geometry of Grid Graphs Yuri Boykov, Siemens Research, Princeton, NJ joint work with Vladimir Kolmogorov,

Corp. Research Princeton, NJ Cut Metrics and Geometry of Grid Graphs Yuri Boykov, Siemens Research, Princeton, NJ joint work with Vladimir Kolmogorov,
1 Crosslayer Design for Distributed MAC and Network Coding in Wireless Ad Hoc Networks Yalin E. Sagduyu Anthony Ephremides University of Maryland at College.

1 Crosslayer Design for Distributed MAC and Network Coding in Wireless Ad Hoc Networks Yalin E. Sagduyu Anthony Ephremides University of Maryland at College.
1 ENERGY: THE ROOT OF ALL PERVASIVENESS Anthony Ephremides University of Maryland April 29, 2004.

1 ENERGY: THE ROOT OF ALL PERVASIVENESS Anthony Ephremides University of Maryland April 29, 2004.
Distributed Algorithms for Secure Multipath Routing

Distributed Algorithms for Secure Multipath Routing
Localized Techniques for Power Minimization and Information Gathering in Sensor Networks EE249 Final Presentation David Tong Nguyen Abhijit Davare Mentor:

Localized Techniques for Power Minimization and Information Gathering in Sensor Networks EE249 Final Presentation David Tong Nguyen Abhijit Davare Mentor:
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
Yashar Ganjali, and Abtin Keshavarzian Presented by: Isaac Keslassy Computer Systems Laboratory Department of Electrical Engineering Stanford University.

Yashar Ganjali, and Abtin Keshavarzian Presented by: Isaac Keslassy Computer Systems Laboratory Department of Electrical Engineering Stanford University.
December 20, 2004MPLS: TE and Restoration1 MPLS: Traffic Engineering and Restoration Routing Zartash Afzal Uzmi Computer Science and Engineering Lahore.

December 20, 2004MPLS: TE and Restoration1 MPLS: Traffic Engineering and Restoration Routing Zartash Afzal Uzmi Computer Science and Engineering Lahore.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Similar presentations

Ads by Google