Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Security in the Real World: Using Physical Properties to Mitigate Wormhole Attacks SIGNET Seminar University of Delaware 15 September 2004 David.

Published byKory Fisher Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Security in the Real World: Using Physical Properties to Mitigate Wormhole Attacks SIGNET Seminar University of Delaware 15 September 2004 David."— Presentation transcript:

1 Wireless Security in the Real World: Using Physical Properties to Mitigate Wormhole Attacks SIGNET Seminar University of Delaware 15 September 2004 David Evans (work with Lingxuan Hu) University of Virginia Computer Science

2 www.cs.virginia.edu/evans/delaware 2 Computing is Changing Security: Access control Perimeters Cryptography Security: Resource consumption Integrity

3 www.cs.virginia.edu/evans/delaware 3 new threats

4 www.cs.virginia.edu/evans/delaware 4 new opportunities

5 www.cs.virginia.edu/evans/delaware 5 this talk

6 www.cs.virginia.edu/evans/delaware 6 Challenges Thousands of low power sensor devices, interacting with their environments and communicating wirelessly Properties of sensor networks –Vulnerability of radio channels –Unprotected devices –Unprotected network –Absence of infrastructure –Limited resource

7 www.cs.virginia.edu/evans/delaware 7 Opportunities Sensor networks interact with their environment –Embedded in physical space –Require time to change A large number of interchangeable nodes

8 www.cs.virginia.edu/evans/delaware 8 Thesis Statement The special properties of sensor networks (time, space and quantity) can be exploited to enhance security and efficiency of communication.

9 www.cs.virginia.edu/evans/delaware 9 Contributions Development and analysis of three protocols: 1. A secure neighbor discovery protocol that uses space and quantity to mitigate replay (including wormhole) attacks. L. Hu and D. Evans. Using Directional Antennas to Prevent Wormhole Attacks. NDSS 2004, February 2004. 2. The Monte Carlo Localization (MCL) protocol that uses space and time for localization. L. Hu and D. Evans. Localization for Mobile Sensor Networks. To appear in Mobicom 2004, September 2004. 3. A secure localization protocol that exploits space and time to ensure the integrity of localization Submitted paper

10 www.cs.virginia.edu/evans/delaware 10 Wormhole Attacks

11 www.cs.virginia.edu/evans/delaware 11 Wormhole Attack S D A B C Attacker needs a transceivers at two locations in the network, connected by a low latency link Attacker replays (selectively) packets heard at one location at the other location X Y Pirate image by Donald Synstelien

12 www.cs.virginia.edu/evans/delaware 12 Beacon Routing 0 1 2 3 4 Nodes select parents based on minimum hops to base station

13 www.cs.virginia.edu/evans/delaware 13 Wormhole vs. Beacon Routing 0 1 2 X Y 0 1 2 Wormhole attack disrupts network without needing to break any cryptography! [Karlof and Wagner, 2003]; [Hu, Perrig, Johnson 2003]

14 www.cs.virginia.edu/evans/delaware 14 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 50 100 150 200 250 300 350 400 450 500 Fraction of Routes to Base Station Disrupted Position of Endpoint (x,x) Base Station at Corner Base Station at Center Wormhole Impact 0 500 0 A randomly placed wormhole disrupts ~5% of links A single wormhole can disrupt 40% of links (center)

15 www.cs.virginia.edu/evans/delaware 15 Possible Solutions Packet Arrival Time –Packet Leashes [Hu, Perrig, Johnson 2003] –Signal is transmitted at speed of light –Requires tightly synchronized clocks (temporal leashes) or precise location information (geographic leashes) Packet Arrival Direction

16 www.cs.virginia.edu/evans/delaware 16 Full slide on packet leashes

17 www.cs.virginia.edu/evans/delaware 17 Directional Antennas Model based on [Choudhury and Vaidya, 2002] General benefits: power saving, less collisions 1 23 4 56 North Aligned to magnetic North, so zone 1 always faces East Omnidirectional Transmission Directional Transmission from Zone 4

18 www.cs.virginia.edu/evans/delaware 18 Assumptions Legitimate nodes can establish secure node-node links –All critical messages are encrypted Network is fairly dense Nodes are stationary Most links are bidirectional (unidirectional links cannot be established) Transmissions are perfect wedges Nodes are aligned perfectly (relaxed in paper)

19 www.cs.virginia.edu/evans/delaware 19 Protocol Idea Wormhole attack depends on a node that is not nearby convincing another node it is Verify neighbors are really neighbors Only accept messages from verified neighbors

20 www.cs.virginia.edu/evans/delaware 20 Directional Neighbor Discovery A 1. A  RegionHELLO | ID A Sent by all antenna elements (sweeping) 2. B  AID B | E K BA (ID A | R | zone (B, A)) Sent by zone (B, A) element, R is nonce 3.A  BR Checks zone is opposite, sent by zone (A, B) B zone (B, A) = 4 is the antenna zone in which B hears A 1 23 4 56

21 www.cs.virginia.edu/evans/delaware 21 1 23 4 56 A B zone (B, A[Y]) = 1 zone (A, B [X]) = 1 False Neighbor: zone (A, B) should be opposite zone (B, A) Detecting False Neighbors X Y

22 www.cs.virginia.edu/evans/delaware 22 A B zone (B, A[Y]) = 4 zone (A, B [X]) = 1 Undetected False Neighbor: zone (A, B) = opposite of zone (B, A) Not Detecting False Neighbors 1 23 4 56 X Y Directional neighbor discovery prevents 1/6 of false direct links…but doesn’t prevent disruption

23 www.cs.virginia.edu/evans/delaware 23 Observation: Cooperate! Wormhole can only trick nodes in particular locations Verify neighbors using other nodes Based on the direction from which you hear the verifier node, and it hears the announcer, can distinguish legitimate neighbor

24 www.cs.virginia.edu/evans/delaware 24 Verifier Region v zone (B, A) = 4 zone (V, A) = 3 1 23 4 56 A verifier must satisfy these two properties: 1. Be heard by B in a different zone: zone (B, A) ≠ zone (B, V) 2. B and V hear A in different zones: zone (B, A) ≠ zone (V, A) zone (B, A) = 4 zone (B, V) = 5 (one more constraint will be explained soon)

25 www.cs.virginia.edu/evans/delaware 25 V Verified Neighbor Discovery 1. A  RegionAnnouncement, done through sequential sweeping 2. B  AInclude nonce and zone information in the message 3. A  BCheck zone information and send back the nonce A B 4. INQUIRY | ID B | ID A | zone (B, A) 5. ID V | E KBV (ID A | zone (V, B)) Same as before 4. B  RegionRequest for verifier to validate A 5. V  BIf V is a valid verifier, sends confirmation 6. B  AAccept A as its neighbor and notify A

26 Verifier Analysis v B A Region 1 Region 2 X Y 1 23 4 56 1 23 4 56 Wormhole cannot trick a valid verifier: zone (V, A [Y]) = 5 zone (A, V [X]) = 1 Not opposites: verification fails

27 www.cs.virginia.edu/evans/delaware 27 Worawannotai Attack v B A Region 1 Region 2 X 1 23 56 23 4 56 V hears A and B directly A and B hear V directly But, A and B hear each other only through repeated X

28 www.cs.virginia.edu/evans/delaware 28 Preventing Attack 1. zone (B, A)  zone (B, V) 2. zone (B, A)  zone (V, A) 3. zone (B, V) cannot be both adjacent to zone (B, A) and adjacent to zone (V, A)

29 www.cs.virginia.edu/evans/delaware 29 Cost Analysis Communication Overhead –Minimal –Establishing link keys typically requires announcement, challenge and response –Adds messages for inquiry, verification and acceptance Connectivity –How many legitimate links are lost because they cannot be verified?

30 www.cs.virginia.edu/evans/delaware 30 Lose Some Legitimate Links 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Link Disconnection Probability Node Distance (r) Verified Protocol Strict Protocol (Preventing W Attack) Network Density = 10 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Node Distance (r) 0 Verified Protocol Strict Protocol (Preventing W Attack) Network Density = 3

31 www.cs.virginia.edu/evans/delaware 31 …but small effect on connectivity and routing 0 1 2 3 4 5 6 7 8 9 10 4 6 8 12 14 16 18 20 Average Path Length Omnidirectional Node Density Strict Protocol Trust All Verified Protocol Network with density = 10 Verified protocol: 0.5% links are lost no nodes disconnected Strict protocol: 40% links are lost 0.03% nodes disconnected (More details and experiments in paper) [[[[ cite and include more ]]]

32 www.cs.virginia.edu/evans/delaware 32 Dealing with Error

33 www.cs.virginia.edu/evans/delaware 33 Vulnerabilities Attacker with multiple wormhole endpoints –Can create packets coming from different directions to appear neighborly Magnet Attacks –Protocol depends on compass alignment of nodes Antenna, orientation inaccuracies –Real transmissions are not perfect wedges

34 www.cs.virginia.edu/evans/delaware 34 Conclusion/Moral An attacker with few resources and no crypto keys can substantially disrupt a network with a wormhole attack Mr. Rogers was right: “Be a good neighbor” –If you know your neighbors, can detect wormhole –Need to cooperate with your neighbors to know who your legitimate neighbors are

35 www.cs.virginia.edu/evans/delaware 35 http://www.cs.virginia.edu/evans/nds s04

36 www.cs.virginia.edu/evans/delaware 36 Roadmap Use directional information to defeat wormhole attacks But…most sensor nodes don’t have directional antennas –Location Determination

37 www.cs.virginia.edu/evans/delaware 37 Location Determination Important for many sensor network applications Localization allows nodes to estimate their locations using information transmitted by a set of seeds that know their own locations. We exploit mobility to improve the accuracy of localization.

38 www.cs.virginia.edu/evans/delaware 38 Localization Error and Routing GPSR Routing Slide from Qing Cao. Details in Qing Cao and Tarek Abdelzaher, A Scalable Logical Coordinates Framework for Routing in Wireless Sensor Networks. RTSS 2004

39

40 www.cs.virginia.edu/evans/delaware 40 Sequential Monte Carlo Method Sequential Monte Carlo Method: Represent the distribution by a set of N weighted samples, and update them recursively in time. Prediction: A node predicts its possible locations based on previous samples and its movement. Filtering: A node uses new information received to eliminate predicted locations that are inconsistent with observations, and keeps enough samples Adapted from robotics localization [Frank Dellaert et al, 1999]

41 www.cs.virginia.edu/evans/delaware 41 Procedure Prediction Phase p(l t | l t-1 ) =cif d(l t, l t-1 ) < v max 0if d(l t, l t-1 ) ≥ v max Filtering Phase: Uses both direct seed and indirect seed A seed is within distance r if a node hears it directly, and within distance (r, 2r] if a node doesn’t hear itself but one of its neighbors hears.

42 www.cs.virginia.edu/evans/delaware 42 Recap: Algorithm Initialization: Initially the node has no knowledge of its location. L 0 = { set of N random locations in the deployment area } Step: Compute a new possible location set L t based on L t-1, the possible location set from the previous time step, and the new observations, o t. L t = { } while (size (L t ) < N) do R = { l | l is selected from the prediction distribution } R filtered = {l | where l  R and its filtering condition is met } L t = choose (L t  R filtered, N)

43 www.cs.virginia.edu/evans/delaware 43 Impact of Time n d = 10, s d = 1. The localization error decreases fast at the first several tens of steps, and keeps stable after that

44 www.cs.virginia.edu/evans/delaware 44 Impact of Maximum Speed n d = 10 Increasing speed will increase uncertainty as well as get more observations

45 Impact of Seed Density n d = 10, v max = s max =.2r Outperform other localization algorithms in a wide range of applications

46 Impact of Sample Size n d = 10 Good accuracy is achieved with only 50 samples.

47 www.cs.virginia.edu/evans/delaware 47 Other Experimental Results Insensitive to irregular radio pattern –Probabilistic approach Group motion can adversely affect localization accuracy –The relative position is unchanged Deliberate movement can improve localization accuracy –Maximize network coverage

48 www.cs.virginia.edu/evans/delaware 48 Roadmap We developed a range free localization scheme for dynamic network environments that exploits space and time. Next, we address secure localization problem.

49 www.cs.virginia.edu/evans/delaware 49 Attacks on localization Threats –To disrupt the functions of network applications Attacks –Announce wrong seed information –Replay messages to create false ranging information Effects –Multilateration: Affect the estimated location without detection. –Filtering: Cause DoS attacks.

50 www.cs.virginia.edu/evans/delaware 50 Neighbor Coordination A can get consistent seed information B can get consistent seed information through the coordination of A C and D can not get consistent seed information

51 www.cs.virginia.edu/evans/delaware 51 Location History A get consistent seed information B get consistent seed information through location history C can not get consistent seed information

52 www.cs.virginia.edu/evans/delaware 52 Results No defense Neighbor Coordination Neighbor Coordination and Location History

53 www.cs.virginia.edu/evans/delaware 53 Multiple Location Speculation When inconsistent information is received, calculate several possible locations instead of no location. Few nodes get more than one location estimate.

54 www.cs.virginia.edu/evans/delaware 54 Contributions Summary The first general defense against wormhole attacks without location information or clock synchronization [NDSS04]. The first protocol that exploits mobility to improve localization accuracy [MobiCom04]. A secure localization protocol that exploits space and time to eliminate false seed information.

55 www.cs.virginia.edu/evans/delaware 55 Conclusion The special properties of sensor networks (time, space, quantity) provide research opportunities –Improve security and efficiency –Only used simple properties More complex physical properties may be exploited in the future

56 Directional Errors Omni density = 3Omni density = 10 The error is modeled by disorienting nodes by a random angle in [- max, max] The disconnected nodes is little affected

57 Impact of Radio Irregularity n d = 10, s d = 1, v max = s max =.2r Insensitive to irregular radio pattern

58 Impact of Group Motion n d = 10, v max = s max = r Estimate error may be adversely affected by group motion

59 Impact of Motion Control n d = 10, s d = 0.3 Deliberate movement can improve localization accuracy

Download ppt "Wireless Security in the Real World: Using Physical Properties to Mitigate Wormhole Attacks SIGNET Seminar University of Delaware 15 September 2004 David."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.

Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.

A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.
HIERARCHY REFERENCING TIME SYNCHRONIZATION PROTOCOL Prepared by : Sunny Kr. Lohani, Roll – 16 Sem – 7, Dept. of Comp. Sc. & Engg.

HIERARCHY REFERENCING TIME SYNCHRONIZATION PROTOCOL Prepared by : Sunny Kr. Lohani, Roll – 16 Sem – 7, Dept. of Comp. Sc. & Engg.
1 GPSR: Greedy Perimeter Stateless Routing for Wireless Networks B. Karp, H. T. Kung Borrowed slides from Richard Yang.

1 GPSR: Greedy Perimeter Stateless Routing for Wireless Networks B. Karp, H. T. Kung Borrowed slides from Richard Yang.
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
TDMA Scheduling in Wireless Sensor Networks

TDMA Scheduling in Wireless Sensor Networks
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.

Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.
Geo – Routing in ad hoc nets References: Brad Karp and H.T. Kung “GPSR: Greedy Perimeter Stateless Routing for Wireless Networks”, Mobicom 2000 M. Zorzi,

Geo – Routing in ad hoc nets References: Brad Karp and H.T. Kung “GPSR: Greedy Perimeter Stateless Routing for Wireless Networks”, Mobicom 2000 M. Zorzi,
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.

Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June 17-19 2002.

Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu, David Evans Jason Buckingham CSCI 7143: Secure Sensor Networks November 2, 2004.

Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu, David Evans Jason Buckingham CSCI 7143: Secure Sensor Networks November 2, 2004.
A Beacon-Less Location Discovery Scheme for Wireless Sensor Networks Lei Fang (Syracuse) Wenliang (Kevin) Du (Syracuse) Peng Ning (North Carolina State)

A Beacon-Less Location Discovery Scheme for Wireless Sensor Networks Lei Fang (Syracuse) Wenliang (Kevin) Du (Syracuse) Peng Ning (North Carolina State)
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Similar presentations

Ads by Google