Download presentation
Presentation is loading. Please wait.
Published byEaster Watkins Modified over 9 years ago
1
Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis Patrick Tague, David Slater, and Radha Poovendran Network Security Lab, Dept. of Electrical Engineering, University of Washington, Seattle, WA In collaboration with: Jason Rogers Naval Research Laboratory
2
1/24/2008 Outline Impact of Routing on Security in Ad Hoc Networks Identifying Cross-Layer Vulnerabilities Quantifying Cross-Layer Vulnerabilities Examples/Applications 2 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
3
1/24/2008 Securing Network Assets Network Security Network is Available Network Performs Efficiently Network Provides Service Network Protects Data Denial of Service Attacks Resource Depletion Attacks Performance Degradation Attacks Crypto Attacks How do we understand the impact of these attacks? 3 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
4
1/24/2008 Security is established per-hop (i.e. link security) between neighboring nodes Security is established per-hop (i.e. link security) between neighboring nodes Challenges in Establishing Ad Hoc Network Security Network protocols rely on local information and peer cooperation Network protocols rely on local information and peer cooperation Ad Hoc Networks consist of resource-constrained nodes with no global network view Ad Hoc Networks consist of resource-constrained nodes with no global network view 4 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
5
1/24/2008 Per-hop security properties may not extend globally Data routed over multiple hops may traverse links that are vulnerable to attack 5 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Does the global exchange of data in networks using per-hop security weaken C/I? What vulnerabilities are introduced? How to evaluate confidentiality and/or integrity (C/I) of data traversing numerous links with differing security properties? Impact of Locality Constraints
6
1/24/2008 Goals of this Work Investigate the impact of routing on data security built on per-hop security Characterize & quantify the strength (weakness) of data security in multi-hop networks Provide a basis for joint evaluation of security and routing protocols with respect to cross- layer network vulnerabilities 6 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
7
1/24/2008 Example 1: Fixed single-path routing Binary characterization of data security, i.e. either secure or insecure 7 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Impact of Routing on Security Compromise of a single link leads to recovery of all data. s d
8
1/24/2008 Example 2: Fixed multi-path routing M-ary (fractional) metric for data security 2 M possible values for data security Impact of Routing on Security Fraction (1-f) Fraction f 8 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA 8 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Compromise of a single link leads to recovery of a fraction of data. s d
9
1/24/2008 Example 3: Fixed multi-path routing with dependent packets (threshold sharing, network coding, etc.) 9 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Impact of Routing on Security How to model routing/security interactions and provide a unified characterization of data security for arbitrary topologies and routing protocols? Compromise of a single link leads to no data recovery. s d
10
1/24/2008 Modeling Interactions between Routing and Security G sd – labeled, directed graph representing data flow from s to d LS i – level of security provided by link i Function of node capabilities, crypto protocol, etc. Varies between links Varies over time (e.g. decreases with attack) 10 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA s d G sd LS 1 LS 4 LS 6 LS 5 LS 2 LS 3 LS 8 LS 7
11
1/24/2008 Route Vulnerability Metric Characterize data (in)security V(G sd ) – the route vulnerability of the s-d flow Relative to a reference state G 0 sd (e.g. prior to attack) Varies continuously from V(G 0 sd ) = 0 to V(G sd ) = 1 as attack progresses 11 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
12
1/24/2008 Defining Route Vulnerability Compose the labeled graph G sd to an overall measure of data security Metric units are same as link labels Ex: if link labels represent #shared keys securing the link, data security is equivalent #shared keys Transform data security measure to satisfy requirements of route vulnerability 12 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA How do we define a composition rule for overall data security as a function of G sd ?
13
1/24/2008 Composition: Step I 13 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA s d Claim: All data in an s-d flow is compromised if and only if an edge cut of links in the s-d flow is compromised. Composition - Step I: Map the routing topology to a collection of edge cuts (noting forward- vs. reverse-flow edges).
14
1/24/2008 Composition: Step II 14 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA s d Analogy: Security measures resistance to attack, just as electric resistance measures resistance to current. Composition - Step II: Map each edge cut to a (directed) resistive current path with zero resistance (unrestricted flow) along reverse-flow edges.
15
1/24/2008 Composition: Step III 15 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA Circuit elements combine using the principle of superposition, but… We have directional current path constraints which cannot be combined using superposition. Solution: Construct directed resistors! Composition Step III: Replace each directed current path with a path of directed resistors and combine into an electric circuit E using superposition. R 0 R Ideal diode
16
1/24/2008 Composition: Evaluation 16 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA s d 2 2 1 1 3 2 2 1 2 1 1 1 3 2 Composition Rule: Equivalent security of data is the equivalent resistance R(G sd ) of the circuit E, referred to as the route resistance. Edge mapping to resistors is a 1-to-1 mapping
17
1/24/2008 Mapping to Electric Circuit Circuit construction Efficient: edge cut decomposition not required For planar graphs, the electric circuit is related to the planar dual of the graph G sd For non-planar graphs, circuit duality properties give alternate construction using G sd Properties “Weakest link” property of sequential links is maintained (i.e. parallel), R 1 || R 2 ≤ min{R 1,R 2 } Additive security for disjoint paths (i.e. series) 17 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
18
1/24/2008 Circuit Theoretic Metric To compute V(G sd ): Construct equivalent circuit E Compute equivalent resistance R(G sd ) Define V(G sd ) proportional to R(G sd ) -1 Linear (affine) transformation maps to [0,1] as a function of R(G 0 sd ) 18 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
19
1/24/2008 Application of Route Vulnerability Metric Example: node capture attacks Active adversary eavesdrops, analyzes network traffic, participates in protocols Data flow graph G sd = G sd (C) C = set of captured nodes G 0 sd = G sd (ø) Link labels indicate number of shared keys providing C/I for the link 19 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
20
1/24/2008 Node Capture Attacks using Route Vulnerability Optimal node capture attack: Compute the set of nodes C s.t. V(G sd (C)) = 1 for all target s-d data flows cost(C) is minimized Iterative Heuristic: Given C captured, choose n s.t. Aggregate increase in vulnerability per-unit-cost for all target flows is maximized 20 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
21
1/24/2008 Examples to Illustrate Route Vulnerability Evaluation An adversary can use the route vulnerability metric to improve attacks Allows cross-layer adversary to perform near- optimal attack Examples: Compromise of data integrity in target tracking Compromise of data confidentiality in distributed content dissemination using network coding Simulation: Compromise of data confidentiality in large-scale ad hoc network using random key assignment 21 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
22
1/24/2008 Example: Target Tracking Application Goal: Compromise integrity of alarm data Modify/erase alarm signals to base nodes Attack: Use V(G sd ) for single-path routes to identify vulnerabilities Heuristic algorithm Compromise link integrity using recovered keys 22 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
23
1/24/2008 Example: Data Dissemination using Network Coding Goal of attack: Compromise confidentiality of data E.g. violation of user privacy Attack: Use V(G sd ) for dependent data flow to identify vulnerabilities Heuristic algorithm Compromise link integrity using recovered keys 23 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
24
1/24/2008 Large-Scale Simulation Results Comparison: Node capture attacks using Random capture #Recovered keys #Compromised links Total traffic through captured nodes Route Vulnerability For Single path routing Dependent multi-path routing 24 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
25
1/24/2008 Summary of Contributions Impact of routing on security Route vulnerability metric Provides insight into the impact of cross-layer adversaries Allows for joint evaluation of security and routing protocols Exposes cross-layer vulnerabilities Can help determine suitable protocols for a given application/deployment 25 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA
26
1/24/2008 Thank you for your time & attention! 26 NSA Protocol eXchange Meeting – January 24, 2008 Navy Postgraduate School, Monterey, CA ? ? ? ? ? ? ? Questions?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.