Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Security in the Real World: Using Physical Properties to Mitigate Wormhole Attacks SIGNET Seminar University of Delaware 15 September 2004 David.

Published byGinger Boyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Security in the Real World: Using Physical Properties to Mitigate Wormhole Attacks SIGNET Seminar University of Delaware 15 September 2004 David."— Presentation transcript:

1 Wireless Security in the Real World: Using Physical Properties to Mitigate Wormhole Attacks SIGNET Seminar University of Delaware 15 September 2004 David Evans (work with Lingxuan Hu) University of Virginia Computer Science

2 www.cs.virginia.edu/physicrypt 2 Computing is Entering Real World Desktop PC Protected Box Narrow Interface 1 Machine per User- Admin Sensor Network Unprotected Nodes Wide Interface Thousands of Nodes per Admin

3 www.cs.virginia.edu/physicrypt 3 …this Changes Security Desktop PC Access Control Perimeters Authenticity Sensor Network Resource Consumption Integrity, Survivability Resilience

4 www.cs.virginia.edu/physicrypt 4 Challenges in Sensor Networks Vulnerable communication channels Physically vulnerable devices Limited energy No (or little) established infrastructure Depend on other nodes to accomplish anything

5 www.cs.virginia.edu/physicrypt 5 New Opportunities Embedded in an environment –Physical properties of the environment constrain reality (space) –Inertia: it takes time for things to change Quantity –Many redundancies

6 www.cs.virginia.edu/physicrypt 6 This Talk Two protocols for sensor networks: –Secure neighbor discovery protocol that uses space and quantity. –Localization protocol that uses space, time and quantity. L. Hu and D. Evans. Using Directional Antennas to Prevent Wormhole Attacks. NDSS 2004. L. Hu and D. Evans. Localization for Mobile Sensor Networks. MobiCom 2004.

7 www.cs.virginia.edu/physicrypt 7 Wormhole Attacks

8 www.cs.virginia.edu/physicrypt 8 Wormhole Attack S D A B C Attacker needs a transceivers at two locations in the network, connected by a low latency link Attacker replays (selectively) packets heard at one location at the other location X Y Pirate image by Donald Synstelien

9 www.cs.virginia.edu/physicrypt 9 Beacon Routing 0 1 2 3 4 Nodes select parents based on minimum hops to base station

10 www.cs.virginia.edu/physicrypt 10 Wormhole vs. Beacon Routing 0 1 2 X Y 0 1 2 Wormhole attack disrupts network without needing to break any cryptography! [Karlof and Wagner, 2003] [Hu, Perrig, Johnson 2003]

11 www.cs.virginia.edu/physicrypt 11 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 50 100 150 200 250 300 350 400 450 500 Fraction of Routes to Base Station Disrupted Position of Endpoint (x,x) Base Station at Corner Base Station at Center Wormhole Impact 0 500 0 A randomly placed wormhole disrupts ~5% of links A single wormhole can disrupt 40% of links (center)

12 www.cs.virginia.edu/physicrypt 12 Previous Solution: Use Arrival Time “Leashes” constrain distance packet can travel Geographical leashes: nodes know their location –Sender includes its location and send time in packet –Receiver checks distance to sender Temporal leashes: tightly synchronized clocks –Sender sets expiration time when sending packet Drawback: requires clock synchronization or accurate localization Yih-Chun Hu, Perrig and Johnson. INFOCOM 2003

13 www.cs.virginia.edu/physicrypt 13 Our Approach Use directional information –Directional antennas can identify direction of sender Exploit simple physical properties of space Cooperate with neighbors (in different locations) to validate legitimacy of other nodes No clock synchronization or location information required

14 www.cs.virginia.edu/physicrypt 14 Directional Antennas Model based on [Choudhury and Vaidya, 2002] General benefits: power saving, less collisions 1 23 4 56 North Aligned to magnetic North, so zone 1 always faces East Omnidirectional Transmission Directional Transmission from Zone 4

15 www.cs.virginia.edu/physicrypt 15 Assumptions Legitimate nodes can establish secure node-node links (all critical messages are authenticated) Network is fairly dense Nodes are stationary Most links are bidirectional (unidirectional links cannot be established) Transmissions are perfect wedges (relaxed later) Nodes are aligned perfectly (relaxed later)

16 www.cs.virginia.edu/physicrypt 16 Protocol Idea Wormhole attack depends on a node that is not nearby convincing another node it is Verify neighbors are really neighbors –Directional consistency Only accept messages from verified neighbors

17 www.cs.virginia.edu/physicrypt 17 Directional Neighbor Discovery A 1. A  RegionHELLO | ID A Sent by all antenna elements (sweeping) 2. B  AID B | E K BA (ID A | R | zone (B, A)) Sent by zone (B, A) element, R is nonce 3.A  BR Checks zone is opposite, sent by zone (A, B) B zone (B, A) = 4 is the antenna zone in which B hears A 1 23 4 56

18 www.cs.virginia.edu/physicrypt 18 1 23 4 56 A B zone (B, A[Y]) = 1 zone (A, B [X]) = 1 False Neighbor: zone (A, B) should be opposite zone (B, A) Detecting False Neighbors X Y

19 www.cs.virginia.edu/physicrypt 19 A B zone (B, A[Y]) = 4 zone (A, B [X]) = 1 Undetected False Neighbor: zone (A, B) = opposite of zone (B, A) Not Detecting False Neighbors 1 23 4 56 X Y Directional neighbor discovery prevents 1/6 of false direct links…but doesn’t prevent disruption

20 www.cs.virginia.edu/physicrypt 20 Observation: Cooperate! Wormhole can only trick nodes in particular locations Verify neighbors using other nodes Based on the direction from which you hear the verifier node, and it hears the announcer, can distinguish legitimate neighbor

21 www.cs.virginia.edu/physicrypt 21 Verifier Region v zone (B, A) = 4 zone (V, A) = 3 1 23 4 56 A verifier must satisfy these two properties: 1. Be heard by B in a different zone: zone (B, A) ≠ zone (B, V) otherwise V could be through wormhole 2. B and V hear A in different zones: zone (B, A) ≠ zone (V, A) otherwise A could have tricked V too zone (B, A) = 4 zone (B, V) = 5 (one more constraint will be explained soon)

22 www.cs.virginia.edu/physicrypt 22 V Verified Neighbor Discovery 1. A  RegionAnnouncement, done through sequential sweeping 2. B  AInclude nonce and zone information in the message 3. A  BCheck zone information and send back the nonce A B 4. INQUIRY | ID B | ID A | zone (B, A) 5. ID V | E KBV (ID A | zone (V, B)) Same as before 4. B  RegionRequest for verifier to validate A 5. V  BIf V is a valid verifier, sends confirmation 6. B  AAccept A as its neighbor and notify A

23 Verifier Analysis v B A Region 1 Region 2 X Y 1 23 4 56 1 23 4 56 Wormhole cannot trick a valid verifier: zone (V, A [Y]) = 5 zone (A, V [X]) = 1 Not opposites: verification fails

24 www.cs.virginia.edu/physicrypt 24 Connectivity 0 50 100 150 200 250 300 350 400 450 500 0 50 100 150 200 250 300 350 400 450 500 y (meters) x (meters) Established all links Established some links (but not all) Disconnected Verified Protocol, Density = 3 (Directional Density = 9.7)

25 www.cs.virginia.edu/physicrypt 25 Worawannotai Attack v B A Region 1 Region 2 X 1 23 56 23 4 56 V hears A and B directly A and B hear V directly But, A and B hear each other only through repeated X

26 www.cs.virginia.edu/physicrypt 26 Preventing Attack 1. zone (B, A)  zone (B, V) 2. zone (B, A)  zone (V, A) 3. zone (B, V) cannot be both adjacent to zone (B, A) and adjacent to zone (V, A)

27 www.cs.virginia.edu/physicrypt 27 Cost Analysis Communication Overhead –Minimal –Establishing link keys typically requires announcement, challenge and response –Adds messages for inquiry, verification and acceptance Connectivity –How many legitimate links are lost because they cannot be verified?

28 www.cs.virginia.edu/physicrypt 28 Lose Some Legitimate Links 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Link Discovery Probability Node Distance ( r ) Verified Protocol Strict Protocol (Preventing Worawannotai Attack) Network Density = 10 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Node Distance ( r ) 0 Verified Protocol Strict Protocol (Preventing Worawannotai Attack) Network Density = 3

29 www.cs.virginia.edu/physicrypt 29 …but small effect on connectivity and routing 0 1 2 3 4 5 6 7 8 9 10 4 6 8 12 14 16 18 20 Average Path Length Omnidirectional Node Density Strict Protocol Trust All Verified Protocol Network density = 10 Verified protocol: 0.5% links are lost no nodes disconnected Strict protocol: 40% links are lost 0.03% nodes disconnected

30 www.cs.virginia.edu/physicrypt 30 Dealing with Error 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 10 20 30 40 50 60 Ratio Maximum Directional Error Degree Lost Links, Strict Protocol Lost Links, Verified Protocol Disconnected Nodes, Strict Protocol Disconnected Nodes, Verified Protocol 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 10 20 30 40 50 60 Maximum Directional Error Degree Lost Links, Strict Protocol Lost Links, Verified Protocol Disconnected Nodes Network Density = 10 Network Density = 3 Even with no control over antenna alignment, few nodes are disconnected

31 www.cs.virginia.edu/physicrypt 31 Vulnerabilities Attacker with multiple wormhole endpoints –Can create packets coming from different directions to appear neighborly Magnet Attacks –Protocol depends on compass alignment of nodes Antenna, orientation inaccuracies –Real transmissions are not perfect wedges

32 www.cs.virginia.edu/physicrypt 32 Moral An attacker with few resources and no crypto keys can substantially disrupt a network with a wormhole attack Mr. Rogers was right: “Be a good neighbor” –If you know your neighbors, can detect wormhole –Need to cooperate with your neighbors to know who your legitimate neighbors are

33 www.cs.virginia.edu/physicrypt 33 Roadmap Use directional information to defeat wormhole attacks –Simple properties of space –Cooperation of nodes But…most sensor nodes don’t have directional antennas –Rest of the talk: Location Determination

34 www.cs.virginia.edu/physicrypt 34 Location Determination Important for many sensor network applications Approaches: –Nodes can determine their locations directly (GPS) Too expensive for many applications –Nodes determine their locations indirectly by using information received from a few seed nodes that know their locations

35 www.cs.virginia.edu/physicrypt 35 Localization Error and Routing GPSR Routing Slide from Qing Cao. Details in Qing Cao and Tarek Abdelzaher, A Scalable Logical Coordinates Framework for Routing in Wireless Sensor Networks. RTSS 2004 Karp and Kung. MobiCom 2000

36 www.cs.virginia.edu/physicrypt 36 Our Approach: Monte Carlo Localization Take advantage of mobility: –Moving makes things harder…but provides more information –Properties of time and space limit possible locations; cooperation from neighbors Adapts an approach from robotics localization Frank Dellaert, Dieter Fox, Wolfram Burgard and Sebastian Thrun. Monte Carlo Localization for Mobile Robots. ICRA 1999.

37 www.cs.virginia.edu/physicrypt 37 Scenarios NASA Mars Tumbleweed Image by Jeff Antol Nodes moving, seeds stationary Nodes and seeds moving Nodes stationary, seeds moving

38 www.cs.virginia.edu/physicrypt 38 MCL: Initialization Initialization: Node has no knowledge of its location. L 0 = { set of N random locations in the deployment area } Node’s actual position

39 www.cs.virginia.edu/physicrypt 39 MCL Step: Predict Node’s actual position Predict: Node guesses new possible locations based on previous possible locations and maximum velocity, v max Filter Filter: Remove samples that are inconsistent with observations Seed node: knows and transmits location r

40 www.cs.virginia.edu/physicrypt 40 Prediction p(l t | l t-1 ) =c if d(l t, l t-1 ) < v max 0 if d(l t, l t-1 ) ≥ v max Assumes node is equally likely to move in any direction with any speed between 0 and v max.

41 www.cs.virginia.edu/physicrypt 41 Filtering If you don’t hear a seed, but one of your neighbors hears it, must be within distance (r, 2r] of that seed’s location. If you hear a seed, must (likely) be with distance r of the seed’s location

42 www.cs.virginia.edu/physicrypt 42 Resampling Use prediction distribution to create enough sample points that are consistent with the observations.

43 www.cs.virginia.edu/physicrypt 43 Recap: Algorithm Initialization: Node has no knowledge of its location. L 0 = { set of N random locations in the deployment area } Iteration Step: Compute new possible location set L t based on L t-1, the possible location set from the previous time step, and the new observations. L t = { } while (size ( L t ) < N ) do R = { l | l is selected from the prediction distribution } R filtered = { l | l where l  R and filtering condition is met } L t = choose ( L t  R filtered, N )

44 www.cs.virginia.edu/physicrypt 44 Parameters Effect accuracy and convergence time: –Speed of nodes and seeds –Density of nodes and seeds Tradeoff memory and accuracy: –Number of samples maintainted Movement: –Control should help; interdependence hurts

45 www.cs.virginia.edu/physicrypt 45 Convergence Node density n d = 10, seed density s d = 1 The localization error converges in first 10-20 steps 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 05101520253035404550 Estimate Error ( r ) Time (steps) v max =.2r, s max =0 v max =r,s =0 v max =r,s =r

46 www.cs.virginia.edu/physicrypt 46 Speed Helps and Hurts Increasing speed increases location uncertainty ̶ but provides more observations. 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0.10.20.40.60.811.21.41.61.82 Estimate Error ( r ) v max ( r distances per time unit) s d =1,s min =0,s max =v s d =1,s max =s min =r s d =2,s max =v s d =2,s max =s min =r Node density n d = 10

47 www.cs.virginia.edu/physicrypt 47 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 2.2 2.4 2.6 2.8 3 0.10.511.522.533.54 Estimate Error ( r ) Seed Density MCL Centroid Amorphous Seed Density n d = 10, v max = s max =.2r Better accuracy than other localization algorithms Centroid: Bulusu, Heidemann and Estrin. IEEE Personal Communications Magazine. Oct 2000. Amorphous: Nagpal, Shrobe and Bachrach. IPSN 2003.

48 www.cs.virginia.edu/physicrypt 48 Samples Maintained 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 1.2 1251020501002005001000 Estimate Error ( r ) Sample Size ( N ) s d =1,v max =s =.2r s d =1,v max =s =r s d =2,v max =s =.2r s d =2,v max =s =r 1.1 n d = 10 Good accuracy is achieved with only 20 samples (~100 bytes)

49 www.cs.virginia.edu/physicrypt 49 Radio Irregularity n d = 10, s d = 1, v max = s max =.2 r Insensitive to irregular radio pattern 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 0 0.10.20.30.40.5 Estimate Error ( r ) Degree of Irregularity ( r varies ± dr ) MCL Centroid Amorphous

50 www.cs.virginia.edu/physicrypt 50 Motion n d =10, v max = s max = r Adversely affected by consistent group motion 0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 00.51246 0 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 00.51246 Estimate Error ( r ) Maximum Group Motion Speed ( r units per time step) s d =.3 s d =1 s d =2 0 1 2 3 4 020406080100120140160180200 Estimate Error ( r ) Time Random, v max = s max =.2 r Area Scan Random, v max =0, s max =.2 r Scan Stream and Currents Random Waypoint vs. Area Scan Controlled motion of seeds improves accuracy

51 www.cs.virginia.edu/physicrypt 51 Recap MCL: –Maintain set of samples representing possible locations –Filter out impossible locations based on observations from direct and indirect seeds Achieves accurate localization cheaply But…what about security? Caveat: this is the speculative part of the talk!

52 www.cs.virginia.edu/physicrypt 52 Attacks on Localization Interfere with seed locations –Overload GPS signal Inject bogus seed announcements –Need to authenticate announcements Replay attacks (including wormhole) –Ranging information –Physical challenges

53 www.cs.virginia.edu/physicrypt 53 MCL Advantages Filtering –Bogus seeds filter out possible locations Direct –Does not require long range seed-node communication Mobile –Nodes expect to hear announcements from different seeds over time Historical –Current sample set reflects history of previous observations

54 www.cs.virginia.edu/physicrypt 54 Prevent Bogus Announcements Pairwise authentication: assumes nodes preloaded with pairwise keys for each seed 1. S  region ID S Broadcast identity 2. N  S E K NS (R N ) | ID N Send nonce challenge 3. S  N E K NS (R N | L S ) Respond with location Nonce prevents standard replays, but not wormhole attacks

55 www.cs.virginia.edu/physicrypt 55 “Expensive” Defense Distance Bounding –Light travels 1 ft per nanosecond (2-4 cycles on modern PC!) –Need special hardware to instantly respond to received bits Use distance bounding to perform secure multilateration Prove node encounters Brands and Chaum, EUROCRYPT 1993 Capkun and Hubaux, 2004 Capkun, Buttyan and Hubaux, 2003

56 www.cs.virginia.edu/physicrypt 56 “Cheap” Defense: Multiple Location Speculation As long as one legitimate seed announcement is received, worst an attacker can do if filter out all possible locations: denial of service attack Maintain multiple possible locations instead of giving up when observations are inconsistent Current work: –Can we design routing protocols that work well with multiple locations?

57 www.cs.virginia.edu/physicrypt 57 Conclusion Computing is moving into the real world: –Rich interfaces to environment –No perimeters Simple properties of physical world are useful: –Directional consistency can prevent wormhole attacks –Space and time can be used to achieve accurate localization cheaply

58 www.cs.virginia.edu/physicrypt 58 Thanks! Students: Lingxuan Hu, Chalermpong Worawannotai Nathaneal Paul, Jinlin Yang, Joel Winstead Funding: NSF ITR, NSF CAREER, DARPA SRS For more information and paper links: http://www.cs.virginia.edu/physicrypt

Download ppt "Wireless Security in the Real World: Using Physical Properties to Mitigate Wormhole Attacks SIGNET Seminar University of Delaware 15 September 2004 David."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.

Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.

A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.
Trust relationships in sensor networks Ruben Torres October 2004.

Trust relationships in sensor networks Ruben Torres October 2004.
SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.

SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.
1 GPSR: Greedy Perimeter Stateless Routing for Wireless Networks B. Karp, H. T. Kung Borrowed slides from Richard Yang.

1 GPSR: Greedy Perimeter Stateless Routing for Wireless Networks B. Karp, H. T. Kung Borrowed slides from Richard Yang.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Geo – Routing in ad hoc nets References: Brad Karp and H.T. Kung “GPSR: Greedy Perimeter Stateless Routing for Wireless Networks”, Mobicom 2000 M. Zorzi,

Geo – Routing in ad hoc nets References: Brad Karp and H.T. Kung “GPSR: Greedy Perimeter Stateless Routing for Wireless Networks”, Mobicom 2000 M. Zorzi,
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Computer Science 1 CSC 774 Advanced Network Security Enhancing Source-Location Privacy in Sensor Network Routing (ICDCS ’05) Brian Rogers Nov. 21, 2005.

Computer Science 1 CSC 774 Advanced Network Security Enhancing Source-Location Privacy in Sensor Network Routing (ICDCS ’05) Brian Rogers Nov. 21, 2005.
Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.

Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June 17-19 2002.

Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu, David Evans Jason Buckingham CSCI 7143: Secure Sensor Networks November 2, 2004.

Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu, David Evans Jason Buckingham CSCI 7143: Secure Sensor Networks November 2, 2004.
An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.

An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Similar presentations

Ads by Google