1. How Does Topology Affect Security in Wireless Ad Hoc Networks? Ioannis Broustis broustis@cs.ucr.edu CS 260 – Seminar on Network Topology

2. Motivation  Wireless networks are more vulnerable to malicious attacks than wireline networks Lack of base station Limited power supply Dynamically changing topology  Demand for innovative security algorithms A lot of work has been done with private/public keys and cryptography Only a few studies address topology-related aspects of security

3. Problems  Dynamically changing topology  hard to distinguish between legitimate and malicious actions Attackers can cheat on their actual location  Intrusion detection must be performed in a distributed manner No base stations exist

4. Contribution  In this work.. We show how can the topological aspects of the network affect its safety from attackers We describe the four location estimation techniques We explain why these methods are vulnerable to attacks We present all current mechanisms that detect intrusions having to do with topological aspects We propose a new topology-related scheme that addresses most of the attacks

5. Attacks  Wormhole / tunnelling Two attackers create a tunnel that can be secretly used to transmit packets.  Fake location claim A node advertizes an erroneous location to its neighbours

6. Attacks

7. Relation to Topology  Fake location claims  Mobility allows a modification of the routing table of the victim node  Mobility of legitimate nodes may help attackers disperse their malicious information  Mobile nodes have power and computation limitations

8. Location Estimation  GPS (Global Positioning System) Satellites provide a 3-D position No information about positions of neighbour devices  Nodes must exchange their GPS information (dangerous) Was not designed for security purposes ● Attack: Attacker feeds the GPS receiver with fake GPS messages

9. Location Estimation  Radio (RF) Measure either the received RF signal strength, or the signal's ToF Receiver calculates the distance from the RF sender by measuring the signal strength.  The receiver must trust the sender for the power at which the latter sent the RF signal. - RF signals travel at the speed of light  attackers cannot decrease the ToF of the signal  ToF better

10. Location Estimation  Ultrasound (US) Measure the ToF of the sound signal between two nodes Often used together with the RF  Both the US and RF signals are transmitted at the same time. – Cannot be used outdoors – Animal – unfriendly – Attacker may use the RF link to send the US

11. Location Estimation  Infrared (IR) Measure ToF of the IR signal Disadvantage: a direct line-of-sight between the nodes is necessary  New links can be established by redirecting the existing light beams – Attacker cannot speed-up the signal from one node to the other: upper-bound distances

12. Previous studies  They are divided into 3 main categories: Private/public key authentication and management (beyond the scope of our study) Secure position-related ad hoc routing (interesting but we don't have time to talk about it now) Secure location verification of a node's claim

13. N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley.  A set of verifiers V wish to verify whether a prover p is in a region R of interest Use of RF and US techniques  Time to reach p using RF + the time for the return of the packet using US  If elapsed time > threshold, V will reject the claim

14. N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley.  Receiver's processing delay must be considered Attack: submit a position claim at the border of R  At the same time, advertise an erroneous value for processing delay  V thinks that p is inside R when in fact it is not  Solution: V shrinks the allowable area V should reject the claim when the claimed position is within Dp * s of the outside border

15. N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley.  Region of acceptance (ROA)

16. N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley.  Region R is not always a circle Use more verifiers to cover the whole area  No key management or cryptography required.  No synchronization between V and p is required.  Problem: is advertised Dp the actual one?

17.  1. Use of Verifiable Multilateration It is performed by a set of verifiers S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004

18.  2. Use of Verifiable Time Difference of Arrival A set of verifiers is also used S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004

19.  Use of Landmarks S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004

20.  Secure distributed positioning Basic Distance Verification (BDV) S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004

21. Possible new scheme

22. Conclusion  The security aspects of the wireless network are closely related to its topology  Currently there is no optimal solution on many intrusion problems New intelligent attacks are invented all the time Difficult to design a general solution  Hot research subject Slide theme: Tom Karygiannis