1. 1 Some Security Challenges for Mesh Networks Jean-Pierre Hubaux EPFL Switzerland Joint work with Imad Aad, Naouel Ben Salem, Levente Buttyan, Srdjan Capkun, Markus Jakobsson, and Maxim Raya Funded by the MICS/Terminodes project, www.mics.org

2. 2 Some Security Challenges for Mesh Networks Outline 1. Preventing greedy behavior at the MAC layer 2. Secure positioning 3. Cooperation between nodes

3. 3 1. Preventing greedy behavior at the MAC layer Well-behaved node Cheater Well-behaved node

4. 4 IEEE 802.11 MAC – Brief reminder

5. 5 Misbehavior techniques – NAV

6. 6 Misbehavior techniques – DIFS

7. 7 Misbehavior techniques – Frame scrambling

8. 8 Misbehavior techniques – Backoff

9. 9 Solution 1  Detection and handling of MAC layer misbehavior in wireless networks (Kyasanur and Vaidya, DSN 2003)  Idea: the receiver assigns backoff values to the sender  Detection: compares expected and observed backoffs  Correction: assigns penalty to the cheater

10. 10 Solution 2  DOMINO (Raya, Hubaux, and Aad, MobiSys 2004)  Idea: monitor the traffic and detect deviations by comparing average values of observed users  Detection tests: number of retransmissions, backoff, …  Features: Full standard compliance Needs to be implemented only at the Access Point Applicable to all CSMA/CA-based protocols Simple and efficient  The operator decides the amount of evidence required before taking action (in order e.g. to prevent false positives)  http://domino.epfl.ch Game-theoretic study: M. Cagalj, S. Ganeriwal, I. Aad and J.-P. Hubaux "On Cheating in CSMA/CA Networks" Technical report No. IC/2004/27, February 2004

11. 11 Components of DOMINO Consecutive backoff Actual backoff Maximum backoff: the maximum should be close to CWmin - 1 Backoff manipulation Comparison of the idle time after the last ACK with DIFS Transmission before DIFS Comparison of the declared and actual NAV values Oversized NAV Number of retransmissions Frame scrambling Detection testCheating method

12. 12 DOMINO performance (ns-2 simulation) Setting: uplink UDP traffic; 7 well-behaved stations + 1 cheating station; each point corresponds to 100 simulations of 10s each; confidence int: 95%

13. 13 2. Secure positioning Being able to securely verify positions of devices can enable: - Location-based access control - Detection of displacement of valuables - Detection of stealing - Monitoring and enforcement of policies (e.g., traffic monitoring) - Location-based charging - … In multi-hop networks - Secure routing - Secure positioning - Secure data harvesting (sensor networks) - …

14. 14 Distance measurement by Time of Flight (ToF) - Based on the speed of light (RF, Ir) ts A B (A and B are synchronized - ToF) tr d ABm =(tr-ts)c ts - Based on the speed of sound (Ultrasound) (A and B are NOT synchronized – Round trip ToF) tr d ABm =(tr-ts-t procB )c/2 ts A B tr(RF) d ABm =(tr(RF)-tr(US))s ts tr(US)

15. 15 Attacks on RF and US ToF-based techniques - Dishonest device: cheat on the time of sending (ts) or time of reception (tr) ts 1. Overhear and jam 2. Replay with a delay Δt A B (A and B are assumed to be synchronised) tr d ABm =(tr-ts)c ts B tr+Δt d ABm =(tr+Δt-ts)c ts+Δt M => d ABm >d AB - Malicious attacker: 2 steps: M

16. 16 Summary of possible attacks on distance measurement Malicious attackers RSS (Received Signal Strength) Distance enlargement and reduction Distance enlargement and reduction Ultrasound Time of Flight Distance enlargement and reduction Distance enlargement and reduction Radio Time of Flight Distance enlargement and reduction Distance enlargement only Dishonest nodes

17. 17 Secure positioning - Goals: - preventing a dishonest node from cheating about its own position - preventing a malicious attacker from spoofing the position of an honest node - Our proposal: Verifiable Multilateration

18. 18 Distance Bounding (RF) ts BS A N BS tr - Introduced in 1993 by Brands and Chaum to prevent the Mafia fraud attack d real ≤ db = (tr-ts)c/2 (db=distance bound)

19. 19 Distance bounding characteristics RSS Distance enlargement and reduction US ToF Distance enlargement and reduction Distance enlargement and reduction RF ToF Distance enlargement and reduction Distance enlargement only RF Distance Bounding Distance enlargement only US Distance Bounding Distance enlargement only Distance enlargement and reduction Malicious attackers Dishonest nodes - RF distance bounding: - nanosecond precision required, 1ns ~ 30cm - UWB enables clock precision up to 2ns and 1m positioning indoor and outdoor (up to 2km) with RF ToF - US distance bounding: - millisecond precision required,1ms ~ 35cm - distance bounding can be enabled with 802.11 and US

20. 20 Verifiable Multilateration (Trilateration) x y (x,y) BS1 BS2 BS3 Verification triangle Distance bounding A

21. 21 Verifiable Multilateration (properties 1/2) - a malicious attacker cannot spoof the position of a node such that it seems that the node is at a position different from its real position within the triangle - a node located within the triangle cannot prove to be at another position within the triangle except at its true position. - a node located outside the triangle formed by the verifiers cannot prove to be at any position within the triangle - a malicious attacker cannot spoof the position of a node such that it seems that it is located at a position within the triangle, if the node is outside the triangle

22. 22 Verifiable Multilateration (properties 2/2) - a node can show (by distance enlargement) that it is positioned outside the triangle - an attacker can always show that the node is positioned outside the triangle Srdjan Capkun and Jean-Pierre Hubaux Securing position and distance verification in wireless networks Technical report EPFL/IC/2004-43, May 2004 Srdjan Capkun and Jean-Pierre Hubaux Secure Positioning in Sensor Networks Technical report EPFL/IC/2004-44, May 2004 The same holds in 3-D, with a triangular pyramid instead of a triangle

23. 23 Multi-hop mesh networks represent a new and promising paradigm, but … No incentive  the network does not work : V. Srinivasan, P. Nuggehalli, C. Chiasserini, and R. Rao, Infocom 2003 M. Felegyhazi, L. Buttyan, and J. P. Hubaux, PWC 2003 Why would intermediate nodes bother to relay packets for the benefit of other nodes? 3. Cooperation between nodes Autonomous multi-hop networks R. Mahajan, M. Rodrig, D. Wetherhall, and J. Zahorjan, “Encouraging Cooperation in Multi-Hop Wireless Networks,” Technical Report CSE-04-06-01, Univ. of Washington, June 2004

24. 24 Incentive techniques: other scenarios Multi-hop networks with permanent access to the backbone Solution based on lottery tickets: M. Jakobsson, J.-P. Hubaux and L. Buttyan, "A Micro-Payment Scheme Encouraging Collaboration in Multi-Hop Cellular Networks", Financial Crypto 2003 Systematic payment: N. Ben Salem, L. Buttyán, J.-P. Hubaux and M. Jakobsson, "A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop Cellular Networks", MobiHoc 2003 Multi-hop networks with sporadic access to the backbone S. Zhong, Y. R. Yang, and J. Chen, “Sprite: A Simple, Cheat-Proof, Credit-Based System for Mobile Ad Hoc Networks,” INFOCOM 2003 A i 1 BS A B j 1 BS B InitiatorCorrespondent Backbone

25. 25 Conclusion  Mesh networks must be secured prior to any commercial deployment  A number of research results from the security of wireless (ad hoc) networks can be used or adapted, notably:  To prevent greedy behavior  To secure positioning  To stimulate cooperation between nodes  There are more challenges, in particular:  Preventing denial of service attacks  Stimulation of the network deployment