Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Protocols for the Wireless Paranoid Nitin Vaidya University of Illinois Slightly revised version of slides used for.

Published byPatience Evans Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Protocols for the Wireless Paranoid Nitin Vaidya University of Illinois Slightly revised version of slides used for."— Presentation transcript:

1 1 Protocols for the Wireless Paranoid Nitin Vaidya University of Illinois http://www.crhc.uiuc.edu/wireless Slightly revised version of slides used for a 2005 INFOCOM (Miami) panel on Paranoid Protocol Design for Wireless Networks March 16, 2005 Other panelists: Jean-Pierre Hubaux (Moderator), Bill Arbaugh, Ed Knightly, Adrian Perrig

2 2 Disclaimer If you review my research proposals, ignore everything I say here

3 3 Panel’s Premise  Wireless networks need more paranoid protocols than wired networks

4 4 Wireless Networks  Greater paranoia may be desirable in wireless networks  Easier to “tap” into  Limited resources  Incentive to cheat  Programmable devices provide means to cheat  But …

5 5 What are Paranoid Protocols Anyway?

6 6 Department of NetLand Security (DNS) Low Severe High Elevated Guarded Paranoid Threat Assessment Characterized by extreme and irrational distrust

7 7 Paranoid Design Principles  Everything that can go wrong, will - Murphy’s Law  Protect against everything

8 8 Research Community’s Response  Enumerate all possible ways things can go wrong  Separate solution for each of the ills Not quite the right approach   Proof by Example  3 Mistakes often made

9 9 Mistake 1: Assuming Extreme Scenario as the Common Case Ad hoc network are coming ! Ad hoc networks are coming !!

10 10 “Extreme” Ad Hoc Networking Large Isolated Networks  No infrastructure A B C E

11 11 Extreme Scenario  “Extreme” ad hoc networks: No infrastructure  No certification authority  No DHCP server  Long-lived partitions Why build networks this way, if you don’t have to? Not all networks are for the battlefield !!

12 12 Extreme Ad Hoc Networks  Model acceptable when exploring design space for MAC and routing  Assuming same model for “security” can lead to unnecessary complexity

13 13 More Likely Ad Hoc Networks Access to Infrastructure or Small A B C E internet

14 14 More Likely Ad Hoc Networks Access to Infrastructure or Small

15 15 More Realistic Multi-Hop Wireless Mesh Networks Wireless channel Mesh node A Wireless channel Mesh node B C Wireless “backbone” internet

16 16 More Realistic Multi-Hop Wireless Hybrid Networks Wireless channel Access Point A Wireless channel Access Point B C D E internet

17 17 Even Vehicles Can Have Intermittent Infrastructure Access Picture courtesy Prof. Jean-Pierre Hubaux (somewhat modified from Prof. Hubaux’s version)

18 18 Multi-Hop Wireless is Here (Summary)  Multi-hop wireless, but “infrastructure” can be accessed selectively  Not all enumerable scenarios are relevant  Design protocols for the likely scenarios

19 19 Mistake 2: “In-Band” Solutions  “In-band” solutions  Solution tied closely to attack

20 20 Mistake 2: “In-Band” Solutions  Example attack: Node refuses to forward packets  In-band solution: Watch each other for the misbehavior A B C Discard P

21 21 Out-of-Band Solutions Often More Practical 1. Disincentives for not forwarding packets 2. Misbehavior translates to poor performance  Re-route around “bad” parts of the network Single out-of-band solution can help with many attacks

22 22 Mistake 2: “In-Band” Solutions  Example Attack: MAC Layer selfish misbehavior for performance gains  In-band solution: Detect whether a node follows protocol faithfully  Out-of-band solution: Determine whether a node receives unfair share Wireless channel Access Point

23 23 Out-of-Band Solutions (Summary)  Out-of-band solutions often superior, and easier to implement

24 24 Mistake 3 Wireless = Wired Equivalent  Many protocols work correctly only when nodes see identical wireless channel status

25 25 Mistake 3 Wireless = Wired Equivalent  Many protocols work correctly only when nodes see identical wireless channel status  Protocols cannot perform as advertised Wireless channel Access Point A B C When C transmits, A and B may see different channel status

26 26 Mistake 3 Wireless = Wired Equivalent  Under realistic channel conditions, some of the attacks also difficult to launch undetected  Example: Certain “wormhole” attacks Ignore such attacks?

27 27 Mistake 3 (Summary)  Pay attention to the physical layer  Wired equivalent for wireless not always reasonable  Use solutions that do not rely on such assumptions Out-of-band solutions, removed from the cause, may be less prone

28 28 Conclusion  Not everything that can go wrong is worth the cost of protection  Develop small set of solutions for a large problem space  Know the wireless channel Need to protect wireless networks … but

29 29 Conclusion Wireless networks are complex Focus on the real problems, ignore the imaginary

30 30 Thanks ! nhv@uiuc.edu

Download ppt "1 Protocols for the Wireless Paranoid Nitin Vaidya University of Illinois Slightly revised version of slides used for."

Similar presentations

Security in Mobile Ad Hoc Networks

Security in Mobile Ad Hoc Networks
Stimulation for Cooperation in Ad Hoc Networks: Beyond Nuglets Levente Buttyán, Jean-Pierre Hubaux, and Naouel Ben Salem Swiss Federal Institute of Technology.

Stimulation for Cooperation in Ad Hoc Networks: Beyond Nuglets Levente Buttyán, Jean-Pierre Hubaux, and Naouel Ben Salem Swiss Federal Institute of Technology.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
How to Design Wireless Security Mechanisms Manel Guerrero Zapata Mobile Networks Laboratory Nokia Research Center.

How to Design Wireless Security Mechanisms Manel Guerrero Zapata Mobile Networks Laboratory Nokia Research Center.
CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.

CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.
David B. Johnson Rice University Department of Computer Science DSR Status Update Monarch Project 55th.

David B. Johnson Rice University Department of Computer Science DSR Status Update Monarch Project 55th.
Duke Selfish MAC Layer Misbehavior in Wireless Networks Author: Pradeep Kyasanur and Nitin H. Vaidya Some slides are borrowed from the author and others.

Duke Selfish MAC Layer Misbehavior in Wireless Networks Author: Pradeep Kyasanur and Nitin H. Vaidya Some slides are borrowed from the author and others.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
CS 495 Advanced Networking David R. Choffnes, Spring 2005 Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, Edward W. Knightly.

CS 495 Advanced Networking David R. Choffnes, Spring 2005 Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, Edward W. Knightly.
Analysis of a SuperSEAD Aaron Staple Mukund Sundararajan.

Analysis of a SuperSEAD Aaron Staple Mukund Sundararajan.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
The Dangers of Mitigating Security Design Flaws: A Wireless Case Study Nick Petroni Jr., William Arbaugh University of Maryland Presented by: Abe Murray.

The Dangers of Mitigating Security Design Flaws: A Wireless Case Study Nick Petroni Jr., William Arbaugh University of Maryland Presented by: Abe Murray.
1 Next-Generation Secure Internet: Security Overview and Context Adrian Perrig in collaboration with Steven Bellovin, David Clark, Dawn Song.

1 Next-Generation Secure Internet: Security Overview and Context Adrian Perrig in collaboration with Steven Bellovin, David Clark, Dawn Song.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)
Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.

Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 3: Trust assumptions and.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 3: Trust assumptions and.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Secure Routing in Ad Hoc Wireless Networks 11.03.2005.

Secure Routing in Ad Hoc Wireless Networks
1 Secure Zero Configuration in a Ubiquitous Computing Environment Shenglan Hu and Chris J. Mitchell Information Security Group Royal Holloway, University.

1 Secure Zero Configuration in a Ubiquitous Computing Environment Shenglan Hu and Chris J. Mitchell Information Security Group Royal Holloway, University.

Similar presentations

Ads by Google