Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 1 Threat Assessment to Primary and Secondary Users in a Centralized.

Published bySydney Monroe Modified over 10 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 1 Threat Assessment to Primary and Secondary Users in a Centralized."— Presentation transcript:

1 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 1 Threat Assessment to Primary and Secondary Users in a Centralized Cognitive Radio Network IEEE P802.22 Wireless RANs Date: 2008-07-17 Authors: Notice: This document has been prepared to assist IEEE 802.22. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEEs name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEEs sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.22. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures http://standards.ieee.org/guides/bylaws/sb-bylaws.pdf including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chairhttp://standards.ieee.org/guides/bylaws/sb-bylaws.pdf Carl R. StevensonCarl R. Stevenson as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.22 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at patcom@iee.org.patcom@iee.org >

2 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 2 Abstract Cognitive radios require special considerations of security. We describe why this is true and describe our analysis of potential denial of service attacks.

3 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 3 Threat Assessment to Primary and Secondary Users in a Centralized Cognitive Radio Network derived from on going research related to The Potential Denial-of-Service Threat Assessment to Cognitive Radios Timothy X Brown Amita Sethi Siddharth Maru Interdisciplinary Telecommunications University of Colorado, Boulder

4 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 4 Cognitive vs. Traditional Radios Radio Cognitive Engine Geo locator Sensor Policy Input Operating System A CR does more than a traditional radio User Interaction Via

5 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 5 Similar to other wireless devices Vulnerable to Denial of Service The Big Question Can cognitive radios be made secure? Confidentiality Integrity Availability New functions = new exposure

6 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 6 Denial-of-Service (DoS) Attacks DoS is the prevention of authorized access to a system resource or the delaying of system operations and functions [RFC2828].

7 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 7 Outline CR DoS attacks: Why should we care? Attack Analysis Summary

8 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 8 Why we should care? Take 1 More types of attacks

9 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 9 DoS Attack Categories – Denial / Induce Deny Communication When Could (Total or Partial) Induce Communication When Should Not Immediate DoS Long term DoS

10 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 10 CR Detect Range CR Example Denial Attack – Sensors Attacker Emulates Primary User Attacker Denies Access Attacker

11 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 11 Example Denial/Induce Attacks – Policy Failure in Beaconing System Jams Beacon Spoofs Beacon Intercepts Misuses Operational Frequency Information to launch Denial/Induce attacks CR Transmitter Range

12 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 12 More Types of Attacks Possible Attack Methods Considered –Constant or Direct Jamming –Intelligent Jamming –Intercept or Eavesdropping –Spoofing –Replay –Relay –Cryptanalysis

13 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 13 Why we should care? Take 2 Attacks from more places

14 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 14 Traditional DoS Attack Receiver Transmitter Communications Receiver Jamming

15 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 15 CR Detection Range Jam Received Signal Replay/Spoof/Relay Packet Spoof Signal CR Attack Locations CR Detection Range Receiver CR Jam Received Signal Replay/Spoof/Relay Packet Spoof Signal CR Jamming Range CR Receive Range CR Detect Range Transmitter CR Transmitter also a target

16 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 16 Why we should care? Take 3 Cant we borrow established security from say 802.16? No!

17 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 17 802.16 has its own vulnerabilities Network entry & initialization: –Brittle –Jam few key packets user resets Doesnt solve CR exposure (802.16 not subject of this talk) DL Channel Scan SS Waits for DL-MAP and DCD SS Waits for UL-MAP and UCD SS Waits for RNG-RSP after sending RNG_REQ SS Waits for SBC-RSP after sending SBC-REQ Key refresh not carried out in time. Authorization fails. No SBC-RSP for interval T18 No RNG-RSP for interval T3 No UCD for interval T12 No DL-MAP for interval LOST-DL-MAP No UL-MAP for interval LOST-UL-MAP Count Retries Too many retries No DCD for interval T1 Wait for key authorization or key refresh i.e. wait for PKM_REQ and PKM-RSP SS Waits for REG-RSP after sending REG-REQ Count Retries Too many retries No REG-RSP for interval T6 SS associates with the BS. Secure communication begins.

18 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 18 Risk of Unlicensed Operation Licensed operator – legal recourse vs. attacker Unlicensed operator – may be no recourse

19 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 19 Attack Risk Analysis Combination of –standard likelihood/impact risk analysis (Barbeau) –aviation risk analysis techniques (Hammer) Two Analysis –Open: e.g. no encryption –Hardened

20 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 20 Research Methodology

21 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 21 Attack Analysis: Risk Assessment (1/3) 1.Attack Likelihood Technical Problems to AttackerLikelihood CaseRank InsolvableImpossible0 StrongLow1 SolvableMedium2 NoneHigh3

22 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 22 Attack Analysis: Risk Assessment (2/3) Rationale: Impact on Victim Impact Case Rank Denial AttacksInduce Attacks None 0 Perceptible but insignificant degradation in CR communication. Perceptible but infrequent interference to active primary users Low1 Significant degradation but still operational CR communication. Perceptible frequent interference to active primary users Medium2 Non-operational CR communication Continuous interference to active primary users High3 2.Attack Impact

23 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 23 Attack Analysis: Risk Assessment (3/3) 3.Risk Level = f(Likelihood, Impact) Risk CaseRisk Mitigation Action MinorNo Countermeasures Required MajorThreat cannot be Ignored CriticalMandates High Priority Handling

24 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 24 Multi-Dimensional CR Configurations 802.22

25 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 25 DoS Attacks Identified Against.. Policy, Sensor, Geo-location and Other Networked Information exchanged Networked CR Network Entities such as –Elements in a Distributed CR. –Networked CRs in a Distributed Cooperative Setup. –Entities in a Centralized Cooperative Setup. Spectrum Information Sensed by CR CR Transmission/Reception

26 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 26 Example Attack Analysis: General Hammer Model for Primary User Emulation Attack

27 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 27 Open system attack analysis summary Assumes open system with no encryption on any link

28 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 28 System Hardening Devise Countermeasures – Primary User Emulation Attack Mitigation: CR uses Feature-based Primary User Detection Technique Modify CR System: –Policy Injection Attack Mitigation: Authenticate all policy messages …

29 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 29 Hardened system attack analysis summary Assumes strongest mitigation technique identified

30 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 30 Risk Assessment Results Beacon Geolocation Database Detection Sensing Unprotected 3, 15, 23, 1 Hardened 0, 3 Critical risks Major risks Hardening can eliminate critical risks

31 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 31 Conclusion CRs are susceptible to attacks. CRs open new avenues of attack. A Formal Risk Analysis and Assessment Process can help guide mitigation strategies NOW is the best time to devise countermeasures to reduce CR-specific vulnerabilities.

32 doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 32 References Brown, T.X, Sethi, A., Potential Cognitive Radio Denial-of-Service Vulnerabilities and Protection Countermeasures: a Multi-dimensional Analysis and Assessment, to appear in Mobile Networks and Applications 2008. (also in Proc. Second Int. Conf. on Cognitive Radio Oriented Wireless Networks and Communications (CrownCom), Orlando, FL, Aug 1–3. 2007. 10pp) M. Barbeau, WiMax/802.16 Threat Analysis in Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks, Quebec, Canada, 2005. U. S. Department of Transportation, Federal Aviation Administration. (2005, Jan). System safety process steps. [Online]. Available: http://www.faa.gov/library/manuals/aviation/risk_management/media/ss procdscrp.pdf (accessed Jun 1, 2007). http://www.faa.gov/library/manuals/aviation/risk_management/media/ss procdscrp.pdf

Download ppt "Doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 1 Threat Assessment to Primary and Secondary Users in a Centralized."

Similar presentations

Sg-whitespace-09/0019r0 Submission January 2009 Steve Shellhammer, QualcommSlide 1 Impact of FCC R&O on IEEE 802 Date: 2009-01-22 Authors: Notice: This.

Sg-whitespace-09/0019r0 Submission January 2009 Steve Shellhammer, QualcommSlide 1 Impact of FCC R&O on IEEE 802 Date: Authors: Notice: This.
Spectrum Sensing for DVB-T OFDM Systems Using Pilot Tones

Spectrum Sensing for DVB-T OFDM Systems Using Pilot Tones
Doc.: IEEE 802.11-06/1116r0 Submission July 2006 Harry Worstell, AT&T.Slide 1 TGp Closing Report Notice: This document has been prepared to assist IEEE.

Doc.: IEEE /1116r0 Submission July 2006 Harry Worstell, AT&T.Slide 1 TGp Closing Report Notice: This document has been prepared to assist IEEE.
Doc.:1900.7-11/0008r0 SubmissionSlide 1 08/02/2014 Slide 1 IEEE 1900.7 White Space Radio P&P Discussion Notice: This document has been prepared to assist.

Doc.: /0008r0 SubmissionSlide 1 08/02/2014 Slide 1 IEEE White Space Radio P&P Discussion Notice: This document has been prepared to assist.
Doc.: IEEE 802.11-07/2163r0 Submission July 2007 Cam-Winget, Smith, WalkerSlide 1 A-MPDU Security Issues Notice: This document has been prepared to assist.

Doc.: IEEE /2163r0 Submission July 2007 Cam-Winget, Smith, WalkerSlide 1 A-MPDU Security Issues Notice: This document has been prepared to assist.
Doc.: IEEE 802.19-05/0006r0 Submission March 2005 Steve Shellhammer, Intel CorporationSlide 1 What is a CA document? Notice: This document has been prepared.

Doc.: IEEE /0006r0 Submission March 2005 Steve Shellhammer, Intel CorporationSlide 1 What is a CA document? Notice: This document has been prepared.
Doc.: IEEE 802.22-07/0206r0 Submission April 2007 Baowei Ji, SamsungSlide 1 Improper to Limit Long Quiet Period at the end of a Superframe IEEE P802.22.

Doc.: IEEE /0206r0 Submission April 2007 Baowei Ji, SamsungSlide 1 Improper to Limit Long Quiet Period at the end of a Superframe IEEE P
Doc.: IEEE 802.19-05/0018r0 Submission June 2005 Tom Siep, Cambridge Silicon Radio PlcSlide 1 802.15.1a Coexistence Characteristics Notice: This document.

Doc.: IEEE /0018r0 Submission June 2005 Tom Siep, Cambridge Silicon Radio PlcSlide a Coexistence Characteristics Notice: This document.
Doc.: IEEE 802.22-07/0206r1 Submission April 2007 Baowei Ji, SamsungSlide 1 Improper to Limit Long Quiet Period at the end of a Superframe IEEE P802.22.

Doc.: IEEE /0206r1 Submission April 2007 Baowei Ji, SamsungSlide 1 Improper to Limit Long Quiet Period at the end of a Superframe IEEE P
Doc.: IEEE 802.22-07/0267r0 Submission June 2007 Wendong Hu, STMicroelectronicsSlide 1 The Spectrum Manager in a Proposed Reference Architecture IEEE P802.22.

Doc.: IEEE /0267r0 Submission June 2007 Wendong Hu, STMicroelectronicsSlide 1 The Spectrum Manager in a Proposed Reference Architecture IEEE P
Doc.: IEEE 802.19-06/0028r0 Submission July 2006 Steve Shellhammer, QualcommSlide 1 Coexistence Scenario – A Pair of Unlicensed Wireless Networks Notice:

Doc.: IEEE /0028r0 Submission July 2006 Steve Shellhammer, QualcommSlide 1 Coexistence Scenario – A Pair of Unlicensed Wireless Networks Notice:
Doc.: IEEE 802.19-06/0029r0 Submission July 2006 Steve Shellhammer, QualcommSlide 1 Coexistence Scenario – A Pair of Unlicensed Wireless Networks, one.

Doc.: IEEE /0029r0 Submission July 2006 Steve Shellhammer, QualcommSlide 1 Coexistence Scenario – A Pair of Unlicensed Wireless Networks, one.
Doc.: IEEE 802.22-08/xxxxr0 Submission May. 2008 Cheng Shan, Samsung Electronics Slide 1 CBP PHY Design IEEE P802.22 Wireless RANs Date: 2008-05-11 Authors:

Doc.: IEEE /xxxxr0 Submission May Cheng Shan, Samsung Electronics Slide 1 CBP PHY Design IEEE P Wireless RANs Date: Authors:
Doc.: IEEE 802.11-08/0026r0 Submission Dec. 2007 Luke Qian, Doug Smith Cisco Systems, IncSlide 1 BA Reordering for A-MPDU Notice: This document has been.

Doc.: IEEE /0026r0 Submission Dec Luke Qian, Doug Smith Cisco Systems, IncSlide 1 BA Reordering for A-MPDU Notice: This document has been.
1Runcom Technologies Ltd. Submission Eli Sofer, Runcom March 2007 Doc.: IEEE802.22-07/0202r0 Slide 1 Runcom Preamble vs. Phillips Proposed Sequences IEEE.

1Runcom Technologies Ltd. Submission Eli Sofer, Runcom March 2007 Doc.: IEEE /0202r0 Slide 1 Runcom Preamble vs. Phillips Proposed Sequences IEEE.
1Runcom Technologies Ltd. Submission Eli Sofer, Runcom April 2007 Doc.: IEEE802.22-07/0164r0 Slide 1 Runcom Preamble vs. Phillips Proposed Sequences IEEE.

1Runcom Technologies Ltd. Submission Eli Sofer, Runcom April 2007 Doc.: IEEE /0164r0 Slide 1 Runcom Preamble vs. Phillips Proposed Sequences IEEE.
Doc.: IEEE 802.19-06/xxxxr0 Submission July 2006 Tom Siep, Cambridge Silicon Radio PlcSlide 1 Discussion of Definitions in 0023r2 Notice: This document.

Doc.: IEEE /xxxxr0 Submission July 2006 Tom Siep, Cambridge Silicon Radio PlcSlide 1 Discussion of Definitions in 0023r2 Notice: This document.
Doc.: IEEE 802.22-08/0104r0 Submission March 2008 Stephen Kuffner, MotorolaSlide 1 IEEE 802.22.1 Packet Error Rates for MSF1 and MSF2 IEEE P802.22 Wireless.

Doc.: IEEE /0104r0 Submission March 2008 Stephen Kuffner, MotorolaSlide 1 IEEE Packet Error Rates for MSF1 and MSF2 IEEE P Wireless.
Doc.: IEEE 802.19-06/0004r0 Submission Jan 2006 Tom Siep, Cambridge Silicon Radio PlcSlide 1 Coexistence issue in 802.11 VoIP in the presence of 802.15.1.

Doc.: IEEE /0004r0 Submission Jan 2006 Tom Siep, Cambridge Silicon Radio PlcSlide 1 Coexistence issue in VoIP in the presence of
Doc.: IEEE 802.22-06/0156r0 Submission August 2006 Carlos Cordeiro, PhilipsSlide 1 Superframe Structure IEEE P802.22 Wireless RANs Date: 2006-08-15 Authors:

Doc.: IEEE /0156r0 Submission August 2006 Carlos Cordeiro, PhilipsSlide 1 Superframe Structure IEEE P Wireless RANs Date: Authors:

Similar presentations

Ads by Google