Modeling Ad-hoc Rushing Attack in a Negligiblity -based Security Framework Jiejun Kong Mario Gerla Jiejun Kong, * Xiaoyan Hong, # Mario Gerla Scalable Network Technologies *Computer Science Department # Computer Science Department Los Angeles University of Alabama, Tuscaloosa University of California, Los Angeles ACM WiSe’06 September 29, Los Angeles, California ACM WiSe’06 September 29, Los Angeles,

Notion: Security as a “landslide” game Played by the guard and the adversary –Proposal can be found as early as Shannon ’ s 1949 paper –Not a 50%-50% chance game, which is too good for the adversary The notion has been used in modern crypto since 1970s –Based on NP-complexity –The guard wins the game with 1 - negligible probability –The adversary wins the game with negligible probability –The asymptotic notion of “ negligible ” applies to one-way function (encryption, one-way hash), pseudorandom generator, zero-knowledge proof, …… AND this time …… secure routing

The Asymptotic Cryptography Model Security can be achieved by a polynomial-bounded guard against a polynomial-bounded adversary 1 2 # of key bits (key length) 128 Probability of security breach negligible sub-polynomial The “negligible” line (sub-polynomial line) Insecure Secure (Ambiguous area)

Our Asymptotic Network Security Model Conforming to the classic notion of security Network metric (e.g., # of nodes -- network scale) Probability of network security breach negligible sub-polynomial The “negligible” line (sub-polynomial line) exponential The “exponential” line Insecure Secure (Ambiguous area)

Negligible := (Asymptotic) Sub-Polynomial Consistent with computational cryptography ’ s asymptotic notion of “ negligible / sub-polynomial ” is negligible by definition x is key length in computational crypto x is network metric (e.g., # of nodes) in network security Definition Definition: A function  : N  R is negligible, if for every positive integer c and all sufficiently large x’ s (i.e., there exists N c >0, for all x>N c ),

Problem Statement Secure routing problems are not solved –Rushing attacks, wormhole attacks, etc. are threatening mobile wireless networks Secure routing lacks formal modeling –More generally, foundation of network security is unknown The connection between network scale and network security is unknown

Forwarding in Wireless Networks Area defined by intersection of 2 or more transmission circles Node redundancy is common in wireless ad hoc networks E(A forward ) –In the E(A forward ), expectation size of the forwarding area, there are usually more than 1 “ good ” or “ bad ” nodes inside E(A forward )

Rushing Attack [Hu,Perrig,Johnson 2003] RREQ forwarding –Rushing attackers disobey delay (MAC/routing/queuing) requirements & w/ higher prob., are placed on RREP / DATA path Low-cost: feasible as long as capable of intercepting & forwarding source dest RREQ RREP

Mobile network model Divides the entire network area A into large number n of very small tiles (i.e., possible “ positions ” ) –A node ’ s presence probability p at each tile is small  Follows a spatial binomial distribution B(n,p) –When n is large and p is small, B(n,p) is approximately a spatial Poisson point distribution with rate  1 –If there are N mobile nodes, use  1 as the average PDF  N = N·  1 –The probability of exactly k nodes in an area A’

 1 in Random Way Point model [Bettstetter et al.] a=1000

In our stochastic model,  1 is arbitrary No matter what the mobility model is, there is a stochastic PDF for node ’ s probabilistic presence at each position If in certain area the node’s stochastic presence PDF is 0, then this area should not be counted in the entire network area A

Modeling adversarial presence  : percentage of non-cooperative network members (e.g., probability of node selfishness & intrusion) 3 random variables –x : number of nodes in the forwarding community area –y : number of cooperative nodes –z : number of non-cooperative nodes

Rushing Attack is Low-cost & Severe ! Per-hop success prob. of node -to-node routing is negligible with respect to network scale N under rushing attack Per-hop failure prob. of node -to-node ad hoc routing schemes is unfortunately 1 - negligible(N) As illustrated later, this means rushing attack makes legacy node -to-node routing schemes fall into negative RP –Negative RP: success/yes probability is negligible, severe problem! –RP: failure/no probability is negligible Integral and differential not a problem:

…progress … Secure routing problems are not solved –Rushing attacks, wormhole attacks, etc. are threatening mobile wireless networks Secure routing lacks formal modeling –More generally, foundation of network security is unknown The connection between network scale and network security is unknown

Terminology Las Vegas algo.  Always correct, probably fast Monte-Carlo algo.  Always fast, probably correct with 1-side error –Today ’ s focus Atlantic City algo. (or Monte-Carlo w/ 2-side)  Always fast, probably correct with 2-side error

RP : Randomized Polynomial-time RP ( 1 -run): not this one! –Polynomial-time –If correct answer is FAILURE/NO, it always returns FAILURE/NO –If correct answer is SUCCESS/YES, it returns SUCCESS/YES with probability ½+  (x) ; but may return FAILURE/NO otherwise RP ( n -runs): today ’ s pick! –Polynomial-time –If correct answer is FAILURE/NO, it always returns FAILURE/NO –If correct answer is SUCCESS/YES, it returns SUCCESS/YES with probability 1-(½) n ; but may return FAILURE/NO Las Vegas Answer Monte Carlo Answer SUCCESS YES FAILURE NO SUCCESS YES constant p > 0 ( p  ½+  (x)) 1 - p  ½-  (x) FAILURE NO 01 Las Vegas Answer Monte Carlo Answer SUCCESS YES FAILURE NO SUCCESS YES 1 – p n ( p > 1-1/2 n ) p n ( p <1/2 n ) FAILURE NO 01 X

poly(x) the ideal line (can be found by Las Vegas algorithms)  (x) deviation bound A Generic Family of Random Algorithms with Invariant Deviation  (x) (This is proven in Theorem 2)

M q t  Turing Machine (TM) Deterministic TM –At most 1 move for each transition state Non-deterministic TM & Probabilistic TM –Can be represented by DTM + random tape Add a random tape to hold coin-tosses for probabilistic Turing Machines

# # # # # # # # # # # # # M q t  Routing in Probabilistic Turing Machine with GVG oracle # of possible node positions < O(poly(n)) Every node is only a “ puppet ” tape carrier --- The randomized state is maintained by an oracle, the Global Virtual God Node communication, mobility and the environmental randomness are simulated by GVG in random tape M q t  # # # # # # # # # # # # # Old place replaced by blank tape M q t  RREQ On-demand route discovery starts M q t  RREP Route successfully established when RREP is received after poly(N) steps Modeling mobility

Community Based Security (CBS) Community -to-community forwarding (not node -to-node ) Turn the table –Now the forwarding failure becomes negligible  (x) –Rushing attack becomes ineffective Ideally, stay in GVG-RP (i.e., with  (x) forwarding failure) for polynomial routing steps (wrt. network scale N )

…progress … Secure routing problems are not solved –Rushing attacks, wormhole attacks, etc. are threatening mobile wireless networks Secure routing lacks formal modeling –More generally, foundation of network security is unknown The connection between network scale and network security is unknown

Connecting a few Theories Probabilistic Complexity Theory RP & BPP requires discovery of negligibility Stochastic Mobility Analysis & Spatial Poisson Processes

Summary Initiative –Some problems (wrt. foundations of network security) are based on randomized algorithms and probabilistic complexity theory This paper ’ s contributions –Devises the GVG oracle to translate wireless networking problems into randomized algorithms –Algorithms/Protocols in GVG-RP are asymptotically invariant  (x) failure probability at each step   (x) failure probability over polynomial steps –In a closed space A (2-d network area or 3-d network volume) where nodes follow spatial Poisson point distribution and with non-zero PDF Routing protocols based on local community coordination are in RP In contrast, legacy routing protocols based on node-to-node coordination are in negative RP  They are severely vulnerable to low-cost routing attacks (rushing attack) Detailed protocol design is available, though not a perfect implementation –Jiejun Kong, Xiaoyan Hong, Yunjung Yi, Joon-Sang Park, Mario Gerla, “ A Secure Ad- hoc Routing Approach using Localized Self-healing Communities, ” pp , ACM MOBIHOC, May 25-28, Open challenges –Applications in other network security domains –Foundations of network security

This slide is intentionally left blank Backup slides follow

Why does size matter? When competition is about physical power in body (network of cells): right before the “ Cretaceous-Tertiary (K-T) extinction ” event, the dinosaurs were of their largest size ALLOSAURUS ERA: Late Jurassic ( Kimmeridgian Ma ). SIZE: Length m. Weight tonnes. TYRANNOSAURUS ERA: Late Cretaceous ( Campanian - Maastrichtian Ma ). SIZE: Length m. Height 5m. Weight tonnes. PROTOCERATOPS ERA: Late Cretaceous ( Santonian - Campanian Ma ). SIZE: Length 2m. Height 75cm. Weight 1.4 tonnes. TOROSAURUS ERA: Late Cretaceous ( Maastrichtian Ma ). SIZE: Length 7.6 m. Weight tonnes.

Why does size matter? (cont’d) When competition is about intelligence in networks of neuron: cranial capacity and complexity          Taxon Cranial capacity (cc) Age (Megannum) Au. Afarensis400 – —2.9 Au. africanus400 – —2.4 Homo habilis500 – —1.6 Homo rudolfensis600 – —1.6 Homo ergaster750 – —1.2 Homo erectus750 – —0.3 Homo sapiens1400 avg.0.25—present

BPP : Bounded-error Probabilistic Polynomial-time BPP ( 1 -run) –Polynomial-time –On either case, will give correct answer with probability ½+  (x) (i.e., give incorrect answer otherwise) BPP ( n -runs) –Polynomial-time –On either case, will give correct answer with probability 1-e -n/24 (i.e., give incorrect answer otherwise) Prove by Chernoff ’ s bound Las Vegas Answer Monte Carlo Answer YESNO YES p  ½+  (x) 1–p  ½-  (x) NO  ½-  (x)  ½+  (x) Las Vegas Answer Monte Carlo Answer YESNO YES p > 1-e -n/24 1-p < e -n/24 NO < e -n/24 > 1-e -n/24

11 Inspired by Bettstetter et al. ’ s work –For any mobility model (random walk, random way point), Bettstetter et al. have shown that  1 is computable following –For example, in random way point model in a square network area of size a £ a defined by -a/2 · x · a/2 and -a/2 · y · a/2 –  1 is “ location dependent ”, yet computable in NS2 & QualNet given any area A’ (using finite element method)