Presentation on theme: "How to Design Wireless Security Mechanisms Manel Guerrero Zapata Mobile Networks Laboratory Nokia Research Center."— Presentation transcript:
How to Design Wireless Security Mechanisms Manel Guerrero Zapata Mobile Networks Laboratory Nokia Research Center
Introduction Problems in our research area: – Not much to be implemented in the near future. – Researchers do not have enough background (routing protocols and security in wired networks). – Too many people needing to publish papers in order to get a PhD. – Too much simulation, not much analysis.
Tamper resistant devices ● There is no such thing as a tamper resistant device. (See Anderson & Kuhn "Tamper Resistance - a Cautionary Note" & "Low Cost Attacks on Tamper Resistant Devices") ● Trying to combine symmetric cryptography solutions with tamper resistant devices to create the same result provided by alternatives that use asymmetric cryptography does not make sense.
Misbehaving detection schemes ● It is quite likely that it will be not feasible to detect several kind of misbehaving (specially because it is very hard to distinguish misbehaving from transmission failures and other kind of failures). ● It has no real means to guarantee the integrity and authentication of the routing messages! ● With all this being common knowledge, it is amazing that there are some people writing papers on top of this idea (like the guys from EPFL Lausane).
Systems with unrealistic requirements ● MAC addresses identify unquely a node. ● Every node should have some means to know its geographic position. ● There is a central server that is available by all the nodes. ● There is a tight time synchronization between all the nodes of the network (the latest craze using TESLA by Dave Johnson, Perrig and Hu).
Complex systems that use fancy mathematics ● With mathematics you can hide the fact that, actualy, your system does not work at all. Just use a lot of formulas. ● My favourite example is 'Securing Ad hoc Networks' by Zhou & Haas. A distributed CA that does not work if there are only two nodes in a network partition. (Although is good in that recognizes the non-feasibility of the central server approaches).
So what's the right way? ● Securing routing messages vs data messages. ● The scenario that is going to protect. ● The security features that this scenario requires. ● The security mechanisms that will fulfill those security features.
Analisis ● The analysis of requirements: Whether the security features are enough for the targeted scenario. ● The analysis of mechanisms: Whether the security mechanisms are indeed fulfilling all the security requirements. When doing this, it will be found that there are still some attacks that can be performed against your system. Some of them, typically, aren't avoid because a trade off between security and feasibility. ● The analysis of feasibility: Whether the security mechanisms have requirements that are not feasible in the targeted scenario.
That's all Thank you for your atention. More info about SAODV in: http://ant.eupvg.upc.es/~tarom/saodv.html