1. Secure Communication A View From The Transport Layer MANET and WSN 1

2. Overview Transport Layer and Security Issues Anonymity ▫E-mail ▫WSN and MANET Traffic Analysis DOS Attacks ▫flooding ▫de-synchronization Summary References 2

3. Transport Layer and Security Issues 3

4. Transport Layer Basics 4

5. Transport Layer - Security Securing end-to-end communication Keys distribution and use for secure communication Anonymous communication Preventing traffic analysis Preventing DOS attacks 5

6. Mobile Sensor Networks - Basics Security Constraints ▫Low Power ▫Limited processing power ▫Limited memory ▫Limited bandwidth 6

7. Keys Base Station assigns keys ▫Symmetric Key Algorithms  Saves computation resources ▫Establishes trust with sensor nodes  Saves computation and power  Computing and exchanging keys ▫Base station transmits the keys directly to the node  Saves power 7

8. Anonymity E-mail 8

9. E-mail Anonymity Untraceable E-mail Untraceable Return Addresses Digital Pseudonyms 9

10. E-Mail Anonymity - Untraceable Using Public Key encryption Uses ▫Elections ▫Part of an organization, but want identity kept secret (CIA) 10

11. E-Mail Anonymity - Untraceable Additional computer called the “Mix” Bob wants to send Alice an untraceable message. Bob sends the message encrypted with Alice’s public key, encrypted again with the Mix’s public key: ▫Km(R1, Ka(R0, M), A)  Ka(R0,M),A Mix decrypts, eliminates R1, and forwards the message to Alice. 11

12. E-Mail Anonymity - Untraceable Mix hides the correspondences between items in its input and output. ▫Outputs in uniformly sized items in lexicographically ordered batches. ▫Ensures no duplicate output (would show a pattern to an eavesdropper)  make R a timestamp  change Mix’s keys 12

13. E-Mail Anonymity - Untraceable Multiple Mix’s ▫Cascade encryptions ▫First Mix’s (M2) input: Km2(R2,Km1(R1,Ka(R0, M),A),Am1)  ▫First Mix’s output: Km1(R1,Ka(R0, M),A))  ▫Final Result: Ka(R0, M),A) 13

14. E-Mail Anonymity – Return Address What if Alice wants to respond to Bob? He is anonymous! Bob can sends his address, encrypted so that only the Mix can read, and deliver it. ▫Km(R1,Ab), Kb(R0,M)  Ab, R1(Kb(R0, M)) 14

15. E-Mail Anonymity – Return Address Mix can verify recipient received the message ▫Certified Mail Service ▫Last Mix sends back to Bob:  Alice’s address  Message itself  Each Mix may sign the receipt 15

16. E-Mail Anonymity Preventing Traffic Analysis ▫Send same number of messages per each batch  Pro - Hides number of messages sent from Bob  Con - Uses resources (power, bandwidth) ▫Send same number of messages to subsets of participants  Pro - Hides number of messages Bob sends to Alice, and minimizes dummy messages  Con - Still uses resources for dummy messages 16

17. E-Mail Anonymity - Pseudonyms Digital Pseudonym: ▫A public key used to verify signatures made by the anonymous holder of the corresponding private key. Roster: ▫List of pseudonyms kept by a trusted authority Uses: ▫Elections – Roster of eligible voters 17

18. E-mail Anonymity – Pros & Cons Pros: ▫Ability to be anonymous ▫Verified message delivery Cons: ▫Additional hardware (mix) ▫What if you want to know the addressee (threat) ▫Trusted Authority  who and what determines this ▫Lots of additional encryption (time and resources) 18

19. Anonymity –MANET and WNS 19

20. Anonymity – Why If an attacker can ID a node, and eavesdrop on traffic, they may be able to identify actual network traffic patterns. Track a moving node Identify what network a node belongs in 20

21. Anonymity – Cont. Wired connections with dedicated links Wireless connections with shared media Wireless communication broadcast property makes it hard to see where where a node is, but makes it easier to eavesdrop. [picture - 11] 21

22. Anonymity – How We will analyze how to achieve anonymity in both: ▫MANET  Mix-net ▫WNS  Anonymity done through preventing traffic analysis attacks 22

23. Anonymity - MANET Similar to e-mail, uses Mix’s 23 A Mix-Net example in MANET [2]

24. Anonymity - MANET Encryption and decryption of messages is the same as used with Mix’s in e-mail: Multiple Mix’s ▫Cascade encryptions ▫First Mix’s (M2) input: Km2(R2,Km1(R1,Ka(R0, M),A),Am1)  ▫First Mix’s output: Km1(R1,Ka(R0, M),A))  ▫Final Result: Ka(R0, M),A) 24

25. Anonymity - MANET Mix Advertisement ▫Sends message “I’m here” ▫Non-Mix node hears this and determine a dominant Mix-node  If it doesn’t hear an advertisement message from it’s Mix in some interval of time, it finds another Mix. Mix Route Discovery and Update ▫Sender node (S) sends RREQ message to destination node (D) 25

26. Anonymity - MANET Mix Route Discovery and Update ▫RREQ Phase: Sender node (S) sends RREQ message to destination node (D) ▫DREG Phase: D knows it is part of end-to-end communication, registers with it’s closest Dominator Mix ▫RUPD Phase: Mix broadcasts RUPD messages to nodes with a list of nodes registered to the Mix 26

27. Anonymity - MANET 27 Broadcasted RUPD Messages [2]

28. Anonymity - MANET Potential security problem: ▫An attacker could hear S send a RREQ message, then hear D send a DREG message shortly after. Solution:  S can send dummy RREQ messages to itself, to hide the real RREQ message to D 28

29. Anonymity - MANET Pros: ▫Compromised node in the middle of the route does not reveal source or destination nodes ▫Dominant Mix could hide identity of S ▫Mix can also aide in preventing traffic analysis Cons: ▫Additional hardware: Mix’s ▫Additional encryption 29

30. Anonymity – MANET - PPCS PPCS – Privacy Preserving Communication Three mechanisms: ▫Dynamic Flow Identification ▫Random Node Identification ▫Resilient Packet Forwarding 30

31. Anonymity – MANET - PPCS Dynamic Flow Identification ▫Two flow pseudonyms, Pdi, Psi are defined for the forward and backward flows  Replaces the source and destination addresses  Source broadcasts RREQ packet containing these pseudonyms ▫Intermediate nodes receive and try to decrypt Psd  “Trap door check” 31

32. Anonymity – MANET - PPCS Random Node Identification ▫Dissociates a real node identifier from location information ▫RNI – random node identifiers 32

33. Anonymity – MANET - PPCS Resilient Packet Forwarding ▫Multi-path random forwarding (MPRF)  Provides protection against traffic analysis  Helps avoid traffic congestion  Intermediate nodes randomly selects the next hop by it’s local list of possible next hop nodes. 33

34. Anonymity – MANET - PPCS Potential problems: ▫Message could be followed from end-to-end  Solution: Encrypt again between intermediate nodes Pros: ▫Node anonymity established Cons: ▫More difficult to implement ▫Each intermediate node must look at the Psd of a RREQ message 34

35. Anonymity - WSN ▫Base Station ID hidden  Could take out entire network ▫How:  Hide which node is the base station by limiting traffic analysis 35

36. Anonymity - Summary Some situations may require node anonymity ▫Ex: Election, CIA E-mail anonymity ▫Mix MANET and WSN anonymity ▫Mix and routing ▫Traffic Analysis 36

37. Preventing Traffic Analysis 37

38. Preventing Traffic Analysis – Why High traffic and/or traffic patterns could indicate a base node/station ▫Base Node/Station  Entire network depends on it ▫Ex: Military  Determine critical nodes, chain of command  Forthcoming action  State change or network alertness 38

39. Traffic Analysis – Example Data traffic patterns using shortest path routing [7] 39

40. Traffic Analysis – Two Classes Two classes of traffic analysis 1.) Rate Monitoring Attack– monitor packet sending rate 2.) Time Correlation Attack – deduce path by listening to nodes forward packets 40

41. Preventing Traffic Analysis – How Multiple parent routing ▫Rate monitoring attacks Controlled random walk ▫Rate monitoring attacks Random fake paths ▫Time correlation attacks Multiple, random areas of high communication activity ▫Rate Monitoring Attacks 41

42. Multi-Parent Routing Reduces effectiveness of rate-monitoring attacks Each node has multiple parents Randomly select one parent each time it forwards a packet ▫Any level higher is a parent or ▫Record beacons as parents Problems: ▫Does not eliminate rate-monitoring attacks ▫Still subject to time-correlation attacks 42

43. Multi-Parent Routing Multi-parent routing for node “u” 43

44. Random Walk Reduces rate monitoring attack effectiveness Forwarding packets: ▫To parent with probability of p ▫To neighbor with probability of (1-p) Problems: ▫Still vulnerable to time correlation attack ▫Longer route consumes more energy (more hops to base station) 44

45. Random Fake Paths AKA Fractal Propagation Makes time-correlation attacks less effective Fake packets are created and propagated through the network ▫Fake packets have a TTL parameter, K 45

46. Random Fake Paths Cont. When a node receives a fake packet, it ▫decrements TTL (if zero, it drops the packet) ▫forwards the packet to a neighbor node If a node hears it’s neighbor transmitting a fake packet with a TTL of k : ▫generates and forwards another fake packet  TTL = k-1  probability 46

47. Random Fake Paths Cont. Problems: ▫Already limited power is used on fake transmissions ▫Does not completely eliminate time correlation attacks ▫Generates a large amount of traffic by base station  If transmitting real packets more frequently, reduce the probability of sending a fake packet 47

48. Multiple, random areas of high communication activity AKA Hot Spots Makes rate monitoring more difficult Node keeps track of which neighbors it sends fake messages to. All neighbors start with the same probability of receiving a fake message from me If I send a fake message to neighbor A, I increase the probability I send another fake message to it 48

49. Multiple, random areas of high communication activity – Cont. Ability to create and destroy hotspots Problems: ▫Does not eliminate rate monitoring, but does make an attacker waist time with a hotspot 49

50. Traffic Analysis - Summary 50

51. Traffic Analysis – Summary Cont. Pros: ▫Only a limited time delay of real packets ▫Applicable to large scale WSN’s Cons: ▫Does not eliminate traffic analysis ▫Uses already limited power 51

52. DOS Attacks 52

53. DOS Attack - Flooding Attacker repeatedly makes new connection requests Uses nodes resources Proposed Solution: ▫puzzle ▫limit connections to a node (or connection requests) 53

54. DOS Attack – De-Synchronization Attacker repeatedly forges messages to one (or both) end points, asking for packet retransmission. Uses nodes resources Proposed solution: ▫Authenticate packet headers 54

55. Conclusion E-mail anonymity is desired for some people/organization ▫Can be achieved using  Mix  Trusted Authority MANET and WSN ▫Limited resources make security difficult  Let the Base Station do the work 55

56. Conclusion Cont. Preventing Traffic Analysis ▫Hide which node is base station DOS ▫Flooding ▫De-synchronization Attack Future work 56

57. Questions 57

58. References [1] D. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms”, Communications of the ACM, 1981. [2] S. Jiang, N. H. Vaidya and W. Zhao, A Mix Route Algorithm for Mix-Net in Wireless Ad Hoc Networks, IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS), October 2004. [3] B. R. Venkatraman and N. E. Newman-Wolfe, Transmission schedules to prevent traffic analysis, Ninth Annual Computer Security and Applications Conferences, 1993. [4] B. Radosavljevic, B. Hajek, Hiding traffic flow in communication networks, MILCOM 1992. [5] S. Jiang, N. H. Vaidya, W. Zhao, Preventing traffic analysis in packet radio networks, DISCEX 2001. [6] SPINS: Security Protocols for Sensor Networks (Perrig) [7] J. Deng, R Han, S. Mishra; Countermeasures Against Traffic Analysis Attacks in Wireless Sensor Networks; University of CO; 2005 58

59. References [8] Sk. Md. Mizanur Rahman, Nidal Nasser, Atsue Inomata, Takeski Okamoto, M Mambo, E Okamoto; Anonymous authentication and secure communication protocol for wireless mobile ad hoc networks; Wiley InterScience; 2008; p. 179-189 [9] S. Tilak, N. Abu-Ghazaleh, W. Heinzelman; A Taxonomy of Wireless Micro- Sensor Network Models; Mobile COmuting and Communications Review, Vol. 6, No. 2; 2004 [10] Y. Zhang, W. Liu, W. Lou, Y. Fang; MASK: Anonymous On-Demand Routing in Mobile Ad Hoc Networks; IEEE Transactions on Wireless Communications, Vol. 5, No. 9, 2006 [11] Dijiang Huang; On An Information Theoretic Approach to Model Anonymous MANET Communications; ISIT 2009, Seoul, Korea; June 28-July 3, 2009 [12] H. Choi, P. McDaniel, T. F. La Porta; Privacy Preserving Communications in MANETs; The Pennsylvania State University; 2007 [13] S. Kaplantzis and N. Mani, ”Classification Techniques for Network Intrusion Detection”, in NCS’06 - Proceedings of the IASTED International Conference on Networks and Communications Systems, March 2006 [14] T. Kevitha, D. Sridharan; Security Vulnerabilities In Wireless Sensor Networks: A survey; Journal of Information Assurance and Security 5, 031-044; 2010 59