Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Cooperation, Wrap up

Published byKevin Beyer Modified over 6 years ago

Similar presentations

Presentation on theme: "Security and Cooperation, Wrap up"— Presentation transcript:

1 Security and Cooperation, Wrap up
4/20/2011 Richard Yang

2 Admin. Project report and demo due May 9
An interesting study (Dr. William Glasser): we learn 10% of what we read 20% of what we hear 50% of what we read and hear 70% of what we discuss 80% of what we experience personally 95% of what we teach others

3 Big Picture Applications (Adaptation, and support for adaptations)
Application Development Framework Foundational Primitives: Communications, Location, Service Discovery, UI/Media, Power Management, Security

4 Security and Cooperation in Wireless and Mobile Networks

5 Introduction This is a vast and active field, a course by itself
Many references on wireless security A good book on wireless cooperation: Security and Cooperation in Wireless Networks, by Levente Buttyan and Jean-Pierre Hubaux, Cambridge University Press. Available at:

6 Generic Network Security Attack Models
authenticity; incentive-compatibility confidentiality integrity availability

7 Why is Security Challenging in Wireless/Mobile Networks?
No inherent physical protection physical connections between devices are replaced by logical associations sending and receiving messages do not need physical access to the network infrastructure (cables, hubs, routers, etc.) Broadcast communications wireless usually means radio, which has a broadcast nature transmissions can be overheard by anyone in range anyone can generate transmissions, which will be received by other devices in range which will interfere with other nearby transmissions Thus it is easier to implement jamming, eavesdropping, injecting bogus messages, and replaying previously recorded messages

8 Why is Security Challenging in Mobile Networks?
Since mobile devices typically have limited resources (e.g., CPU cycles, battery supply), the designer might want to select simple security mechanisms However, this may lead to serious security flaws bad example: Wired Equivalent Protection (WEP), the original security protocol for

9 WEP: A Bad Example

10 Message Flow data messages protected by WEP

11 Wired Equivalent Privacy (WEP)
WEP was intended to provide comparable confidentiality to a traditional wired network, thus the name WEP implements message confidentiality and integrity WEP encryption is used in authentication

12 WEP Security WEP confidentiality WEP integrity WEP authentication
through encryption using RC4, a stream-based encryption algorithm using a shared key WEP integrity through message check sum using encrypted cyclic redundancy check (CRC) WEP authentication through challenge/response

13 WEP Encryption For each message to be sent:
RC4 is initialized with the shared secret between station STA and access point (AP) WEP allows up to 4 shared keys RC4 produces a pseudo-random byte sequence (key stream) from the shared key This pseudo-random byte sequence is XORed to the message

14 WEP Encryption To avoid using the same key stream, WEP encrypts each message with a different key stream the RC4 generator is initialized with the shared secret plus a 24-bit IV (initial value) shared secret is the same for each message 24-bit IV for each message there is no specification on how to choose the IV; sender picks the IV value

15 WEP Integrity WEP integrity protection is based on computing ICV (integrity check value) using CRC and appended to the message The message and the ICV are encrypted together

16 WEP CRC RC4 RC4 check CRC KS encode decode KS message | ICV IV
secret key encode IV message | ICV decode KS RC4 IV secret key message | ICV check CRC

17 Active Attack on WEP: IV Replay Attacks
A known plain-text message is sent to an observable wireless LAN client (how?) The network attacker will sniff the wireless LAN looking for the predicted cipher-text The network attacker will find the known frame, derive the key stream (corresponds to the give IV+K), and reuse the key stream (e.g., an message)

18 Active Attack on WEP: Bit-Flipping Attack
The attacker sniffs a frame on the wireless LAN The attacker captures the frame and flips random bits in the data payload of the frame The attacker modifies the ICV (detailed later) The attacker transmits the modified frame The access point receives the frame and verifies the ICV based on the frame contents The AP accepts the modified frame The destination receiver de-encapsulates the frame and processes the Layer 3 packet Because bits are flipped in the higher layer packet, the Layer 3 checksum fails The receiver IP stack generates a predictable ICMP error The attacker sniffs the wireless LAN looking for the encrypted error message Upon receiving the error message, the attacker derives the key stream as with the IV replay attack

19 Bit-Flipping Attack

20 Generating Valid CRC The crucial step of the flipping attack is to allow the frame to pass the ICV check of the AP Unfortunately, the CRC algorithm allows generating valid encrypted ICV after bit flipping

21 Bypassing Encrypted ICV
CRC is a linear function wrt to XOR: CRC(X Å Y) = CRC(X) Å CRC(Y) Attacker observes (M | CRC(M)) Å K where K is the key stream output for any DM, the attacker can compute CRC(DM) hence, the attacker can compute: ([M | CRC(M]) Å K) Å [DM | CRC(DM)] = ([M Å DM) | (CRC(M) Å CRC(DM)]) Å K = [M Å DM) | CRC(M Å DM)] Å K

22 WEP Authentication Two authentication modes
open authentication --- means no authentication ! an AP could use SSID authentication and MAC address filtering, e.g., at Yale shared key authentication based on WEP

23 WEP Shared Key Authentication
Shared key authentication is based on a challenge-response protocol: AP  STA: r STA  AP: IV | (r Å K) where K is a 128 bit RC4 output on IV and the shared secret An attacker can compute r Å (r Å K) = K Then it can use K to impersonate STA later: AP  attacker: r’ attacker  AP: IV | (r’ Å K)

24 WEP: Lessons WEP has other problems, e.g., short IV space, weak RC4 keys Engineering security protocols is difficult one can combine otherwise OK building blocks in a wrong way and obtain an insecure system at the end example 1: stream ciphers alone are OK challenge-response protocols for entity authentication are OK but they shouldn’t be combined example 2: encrypting a message digest to obtain an ICV is a good principle but it doesn’t work if the message digest function is linear wrt to the encryption function

25 Fixing WEP After the collapse of WEP, Wi-Fi Protected Access (WPA) was proposed Then the full x standard (also called WPA2) was proposed But WEP is still in use

26 Cooperation in Wireless, Mobile Networks

27 Cooperation in Wireless Networks
A special case of “security attack” is by rational nodes drop packets, mis-represent information Motivation wireless networks have limited capacity wireless nodes have limited resource—battery power unlike the Internet, where commercial relationship is worked out, many mesh network nodes belong to different users and may not have incentive to forward others’ traffic similar free-riding problems in P2P applications

28 Example: Reward-based Routing
The network (authority) rewards the nodes so that they will forward traffic from a source to a destination Each node has a (private energy/transmission) cost of sending one packet to a neighbor The objective of the authority is to choose the lowest cost path assume cost reflects energy thus extending network life time/maximizing capacity—the community benefit

29 Node Utility Assume each node wants to maximize its utility
The utility of being on the path P of a source-destination pair: where - pi is the amount the network rewards node i - 1P(i) is 1 if node i is on the path P; otherwise 0 - ci is the cost of the link used in P, if a link from i is used

30 Discussion How about we reward nodes according to their claimed costs?

31 Payment Using VCG Mechanism
VCG stands for Vickrey, Clarke and Groves Vickrey Yale Math ’35 Nobel Memorial Prize in Econ. 1996

32 Payment Using VCG Mechanism
The VCG mechanism each node sends the costs of its links to the authority the authority computes the lowest cost path from the source S to the destination D the payment to node i: where - LCP(S,D) is the lowest cost path from S to D: {S->R1, R1->R2, …, Rk->D} - LCP(S,D)\{i} is the previous path but does not include the link from i to its next hop, if i is on the path; if i is not on the path, it is just the previous path - LCP(S,D;-i) is the lowest cost path from S to D without using i, i.e. remove node i from the graph and then find path

33 Assume the true cost of N1 to D is 2
Example: N1 Assume the true cost of N1 to D is 2 1 2 3 N2 D N1 S - assume N1 declares the cost as 2, how much will N1 be rewared according to the VCG mechanism? (1+3)-1 = 3 - what is the utility of N1? 3 - 2 = 1 - assume N1 declares the cost as 1, how much will N1 be rewarded according to the VCG mechanism? (1+3)-1 = 3 - what is the utility of N1? 3 - 2 = 1 - assume N1 declares the cost as 4, how much will N1 be rewared according to the VCG mechanism? (1+3)-(1+3) = 0 - what is the utility of N1? 0 - 0 = 0

34 Formal Results Each node reports its link costs truthfully
Thus the network chooses the lowest cost path for each source-destination pair

35 Analysis on Truthfulness
By contradiction Assume node i’s true costs for its links are Ci but reports Wi think of Wi and Ci as vectors of link costs The node decides to declare Wi instead of Ci only if the utility is higher The best scenario a node can be in is that it is given the declared costs of all other nodes’ links and then decides its declarations of the costs of its links in order to maximize its utility action chosen in this way is called dominant strategy

36 VCG Proof Assume the lowest cost path computed is
LCP when the node reports Ci, and LCP’ when reports Wi it must be the case that (1P(i) meant i on path P) Right hand side is LCP we computed; left hand side is one path. Contradiction.

37 Revisit some slides of first class

38 Why is the Field Challenging?

39 Challenge 1: Unreliable and Unpredictable Wireless Coverage
Wireless links are not reliable: they may vary over time and space Reception v. Distance *Cerpa, Busek et. al Asymmetry vs. Power What Robert Poor (Ember) calls “The good, the bad and the ugly”

40 Challenge 2: Open Wireless Medium
Wireless interference Hidden terminals Exposed terminal Wireless security eavesdropping, denial of service, … R1 S1 S2 R1 S1 R1 R2 R1 S1 S2 R2

41 Challenge 3: Mobility Mobility causes poor-quality wireless links
Mobility causes intermittent connection under intermittent connected networks, traditional routing, TCP, applications all break Mobility changes context, e.g., location

42 Challenge 4: Portability
Limited battery power Limited processing, display and storage Smart phone data smaller graphical displays 802.11/3G Sensors, embedded controllers Tablet/Laptop Mobile phones voice, data simple graphical displays GSM/3G Performance/Weight/Power Consumption

43 Power Harvesting

44 Challenge 5: Changing Regulation and Multiple Communication Standards

45 Let’s Take Stock

46 Progress: Enabling Technologies
Development and deployment of infrastructure Communications: in-room, in-building, on-campus, in-the-field, MAN, WAN Location: GPS, Google maps We are getting closer to the goal because of advances in enabling technologies.

47 Infrastructure WiFi WiFi 802.11g/n satellite UWB WiFi bluetooth
cellular bluetooth

48 Progress: Enabling Technologies
Improving device capabilities/mobile applications, e.g., andriod: iphone/ipad: Open, extensible software framework (tinyOS, Android) Adaptive applications (CPU, content, storage) We are getting closer to the goal because of advances in enabling technologies.

49 Topics not Covered There are several topics that are quite interesting but we do not have time to cover in more detail, e.g., Cognitive radio (white space) Virtualization of wireless networks Context-aware applications design Mobile device management Controlled mobility

50 Some Remaining Challenges
Infrastructure We need to continue to make faster networks and ubiquitous location capabilities Software Scientific computing -> procedural software Simulation/GUI: Object-oriented programming Mobile software?

51 The Gadget Trap Every task needs the right tool
But lots of tools are a pain to deal with, so combine But universality often leads to complexity

52 Mobile Computing Vision

53 New-Gen of Mobile Apps? Our lives are more predictable than we think
Can our software learn those patterns anticipate what we are likely to do suggest actions and ask for reinforcement Think of humans as attachment to devices

54 New Mobile Apps? The ubiquitous clerk Who always knows the next step
Understands our patterns Is always ready and available even before we realize we need him

Download ppt "Security and Cooperation, Wrap up"

Similar presentations

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.

16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
COMP4690, HKBU1 Security of 802.11 COMP4690: Advanced Topic.

COMP4690, HKBU1 Security of COMP4690: Advanced Topic.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
& WEP Tzachy Reinman System and Network Security Course

& WEP Tzachy Reinman System and Network Security Course
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Chapter 5 Link Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 20.

Chapter 5 Link Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 20.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
1 Security and Cooperation in Wireless and Mobile Networks Richard Yang.

1 Security and Cooperation in Wireless and Mobile Networks Richard Yang.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.

Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Intercepting Mobile Communications: The Insecurity of 802.11 Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Sys UC Berkeley Presented.

Intercepting Mobile Communications: The Insecurity of Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Sys UC Berkeley Presented.

Similar presentations

Ads by Google