Presentation is loading. Please wait.

Presentation is loading. Please wait.

Motion-MIX Mobile Traffic Sensor Network vs. Motion-MIX : Tracing & Protecting Mobile Wireless Nodes # Jiejun Kong, # # Jiejun Kong, * Dapeng Wu, + Xiaoyan.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Motion-MIX Mobile Traffic Sensor Network vs. Motion-MIX : Tracing & Protecting Mobile Wireless Nodes # Jiejun Kong, # # Jiejun Kong, * Dapeng Wu, + Xiaoyan."— Presentation transcript:

1

2 Motion-MIX Mobile Traffic Sensor Network vs. Motion-MIX : Tracing & Protecting Mobile Wireless Nodes # Jiejun Kong, # # Jiejun Kong, * Dapeng Wu, + Xiaoyan Hong, # Mario Gerla # Dept of Computer Science *Dept of Computer Science + Dept of EE UCLA University of Florida University of Alabama November 7, 2005 @ACM SASN ’ 05

3 Problem: Mobile Anonymity Fixed Anonymity: Identity (net addr) Mobile Anonymity: Identity  Location –Identity (net addr/identity) –Location (positioned by the adversary) –Motion pattern –Motion pattern (deduced by the adversary) Significance of anonymous wireless communication General Dzhokhar Dudayev –1996 A.D.: Chechnya rebel leader, General Dzhokhar Dudayev, always on the move, but killed during a traceable wireless call

4 Mobile Traffic Sensor Network Mobile traffic analyst –Unmanned aerial vehicle (UAV) –Coordinated positioning (tri-lateration / tri-angulation) can reduce location uncertainty If moving faster than the transmitter, can always trace the victim

5 Outline Background Proposed solution –In theory: Asymptotic network security model –In practice: Motion-MIX Security analysis –Motion-MIX satisfies the asymptotic network security model Summary

6 Notion: Security as a “landslide” game Played by the guard and the adversary –Proposal can be found as early as Shannon ’ s 1949 paper –Not a 50%-50% chance game, which is too good for the adversary The notion has been used in modern crypto since 1970s –Based on NP-complexity –The guard wins the game with 1 - negligible probability –The adversary wins the game with negligible probability –The asymptotic notion of “ negligible ” applies to one-way function (encryption, one-way hash), pseudorandom generator, zero-knowledge proof, …… AND this time ……

7 Our Asymptotic Network Security Model Concept: the probability of security breach decreases exponentially toward 0 when network metric increases linearly / polynomially Consistent with computational cryptography ’ s asymptotic notion of “ negligible / sub-polynomial ” is negligible by definition x is key length in computational crypto x is network metric (e.g., # of nodes) in network security Definition Definition: A function  : N  R is negligible, if for every positive integer c and all sufficiently large x’ s (i.e., there exists N c >0, for all x>N c ),

8 The Asymptotic Cryptography Model Security can be achieved by a polynomial-bounded guard against a polynomial-bounded adversary 1 2 # of key bits (key length) 128 Probability of security breach negligible sub-polynomial The “negligible” line (sub-polynomial line) Insecure Secure (Ambiguous area) See Lenstra’s analysis for proper key length (given adversary’s brute-force computational power) There are approximately 2 268 atoms in the entire universe

9 Our Asymptotic Network Security Model Conforming to the classic notion of security used in modern cryptography ! We ’ ve used the same security notion Network metric (e.g., # of nodes -- network scale) Probability of network security breach negligible sub-polynomial The “negligible” line (sub-polynomial line) exponential memory-less The “exponential” line (memory-less line) Insecure Secure (Ambiguous area)

10 Design Assumptions Adversary model –Passive –Few insiders (captured & compromised nodes), –Global (or equivalently, mobile and capable of scanning the entire network area in short time) –Honest-but-curious (protocol-compliant) –External: polynomially-bounded by key length –Internal: fraction  of N (which is # of network nodes) Network model –Loquor ergo sum (I speak, so I exist) : nodes must transmit upon application demand, cannot shut up –Pairwise key sharing (via Diffie-Hellman, KPS, or “ mobility helps security ” )

11 Venue  The VIP node being traced “ Venue ” is the smallest area that the adversary can “ pinpoint ” a wireless transmitter via its wireless transmission

12 Assumption: Imperfect Wireless Positioning D. Niculescu, B. Nath, “VOR Base Stations for Indoor 802.11 Positioning,” ACM MOBICOM’04, pp.58—69.

13 Motion Pattern Tracing (1 node) 1 transmitting node in the network No way to protect it –Just like a cryptographic case using 1-bit key

14 Motion Pattern Tracing (2 nodes) 2 transmitting nodes in the network; Better security protection What ’ s the network-based analytic model behind this phenomenon? What happens if there are many nodes in a scalable network? We need Motion-MIX

15   Motion-MIX: Design Goal k incoming mobile nodes or wireless packet flows get fully mixed in the Motion-MIX  k -anonymity: the adversary cannot differentiate these k nodes

16 Motion-MIX vs. Chaumian MIX Effectiveness determined by the adversary ’ s capability & the guard ’ s capability 1.Privacy model: like Chaumian MIX processor, the internal state of Motion-MIX is private  The adversarial side cannot position any transmitting node inside the area quantified by  2.Temporal-spatial model: like Chaumian MIX (e.g., pool mix), the guarding side can delay and gather the protected items in a Motion-MIX  Motion-MIX ’ s size is determined bi-laterally (the adversary & the guard) in terms of time and space

17 Size of Motion-MIX Adversary determines inner circle Guard determines outer ring –  t is the minimum delay between any 2 transmissions from a single node –v avg is the average/expected node mobility speed Motion-MIX ’ s size is a bilaterally-determined quantity  ’ = (  + v avg *  t) Adversary’s capability  ’’

18 Wireless Traffic Mixing Per Venue Algorithm D -- Wireless traffic mixing: (Each venue transmits approximately k packets per  t in a fully distributed manner) Prerequisite: Pre-defined system parameter k and unit time  t. 1 Divide current unit time  t into k slices. 2 FOR ( each time slice i ) DO 3 IF ( I have only heard x<i transmissions so far during the current unit time interval ) 4 In the next time slice, transmit a decoy packet with probability (i-x)/i. 5 END IF 6 END FOR Ensures: Greater-than-zero effect 1. If at least a “good” node is in a venue, the adversary can only estimate there are averagely E(k  ’ ) nodes inside. Actually # of nodes inside the venue can be from minimally 1 to maximally (N - #_of_non-empty_venues). 2. Otherwise, the venue is empty. Motion-MIX is not functional.

19 Necessary Conditions of Motion-MIX MIX-Zone Protocol-stack-wise concerns, not limited to application/middleware layer (unlike MIX-Zone) Building blocks 1.Identity-free routing  ANODR (MOBIHOC ’ 03) Anonymous even against any insider 2.One-time packet contents  XOR-tree (TISS ’ 00) 1 sender to 1 recipient & 100 different senders to 100 different recipientsE.g., for 100 packets, the 2 extreme cases (1 sender to 1 recipient & 100 different senders to 100 different recipients) and all cases in-between are equally probable  looks truly random / independent 3.Radio interface calibration to remove RF signatures  “ Shake them up ” (MOBISYS ’ 05)

20 Identity-free Routing: ANODR (MOBIHOC’03)  ANODR : destination E receives  RREQ, global_trap, onion  where Route-REQuest Route-REPly A E K A (hello) K B ( K A (hello)) K C ( K B ( K A (hello))) onion = K D ( K C ( K B ( K A (hello))))   RREP, global_proof, onion  B C D #E #D#D #C#C #B#B K C ( K B ( K A (hello))) K B ( K A (hello)) K A (hello)   RREP, global_proof, onion, # X  # X is a random packet stamp selected by X and shared on the hop K X (m) K X (m) denotes using symmetric key K (only known by X) to encrypt a message m global_trap global_trap denotes an encryption of a well- known tag (“You are the destination”) using a key only known by destination E

21 Identity-free Data Forwarding Table driven virtual circuit: stores mapping of a pair of packet stamps Packet marked with # –Matched incoming # is replaced by corresponding outgoing # –IP address, 802.11 MAC address not used in ANODR #1#1 #2#2 #2#2 #3#3 #3#3 #4#4 A B C #1#1 payload #2#2 #3#3 #4#4

22 One-time Packet Contents (cont’d) “ Unpredictable ” pseudorandom packet contents –In secular term, looks truly random to the adversary –Key management & distribution needed 1 Key 56a35d537fe 3 e53410957fa 2 198573f8d5b...

23 Identity-free Packet Flow (ANODR) 4342747 5422819 5452343 1745634 9746411 6175747 8543358

24 Mobile network model Divides the network into large number n of very small tiles (i.e., possible “ positions ” ) –A node ’ s presence probability p at each tile is small  Follows a spatial binomial distribution B(n,p) –When n is large and p is small, B(n,p) is approximately a spatial Poisson distribution with rate  1 –If there are N mobile nodes roaming i.i.d.  N = N·  1 –The probability of exactly k nodes in an area A’

25 Venue ’’

26 Average Venue Publicity assumption (Kerckhoff’s Desiderata) : the adversary knows the entire identity set and the network area, it can estimate that expectation of # of nodes in each venue is –Thus, nodes in each venue transmit k = E(k  ' ) real/decoy packets in a fully distributed manner A motion-MIX is min(k, E(k  ' ))– anonymous where  '=(  +v avg *  t) is the bi-lateral Motion-MIX size –In each non-empty venue, min(k, E(k  ' )) - anonymous –In the entire network, ubiquitously min(k, E(k  ' )) - anonymous due to identity-free routing, one-time packet contents and RF signature hiding

27 Untraceable Mobile Nodes (or Packet Flows) The VIP node being traced non-empty All motion patterns equally likely if contiguous venues are non-empty (in the previous time slot  t )  Untraceable (per Shannon’s information theoretic notion )

28 Security Analysis: Impact of N ( # of nodes ) Probability of having less than k good nodes is negligible with respect to network scale N Probability of tracing a mobile node is negligible with respect to N and motion time | T| Probability of tracing a packet flow is negligible with respect to N and # of traveled venues | X|

29 Summary Anonymous communication in mobile networks has its own idiosyncrasy –Motion pattern of mobile nodes can be traced  Motion-MIX needed We propose a novel asymptotic network security model that is consistent with classic security notions –Identity-free routing, one-time packet contents, and radio signature hiding are necessary conditions to implement Motion-MIX –Motion-MIX + ANODR is practical Work-in-progress: Currently, doing real-world experiments on Motion-MIX and ANODR –Related to MANET localization/positioning, QualNet simulation, ANODR Linux implementation, UAV experiment –More rigorous formalization & proofs

30 UCLA E-mail contacts: Jiejun Kong: jkong@cs.ucla.edu Mario Gerla: gerla@cs.ucla.edu

31 Notion: Perfect Secrecy (C.E.Shannon) 00011011 01001110 110001 11100100 m  k = e XOR m  k = e A triangluar relation: plaintext M, ciphertext E, key K Given ciphertext E, adversary gains no information H(M|E) = H(M) a posteriori = a priori Not scalable

32 Notion: Perfect Anonymity (IACR ePrint TR2005-132) Route-driven connection 1 s 2 s 3 s 4 s anonymity set 4 r 3 r 2 r 1 r anonymity set Route-driven connection 1 s 2 s 3 s 4 s anonymity set 4 r 3 r 2 r 1 r anonymity set synchronized flooding indistinguishable Sender Anonymity Recipient Anonymity Not Scalable

33 Message Secrecy & Anonymity (information theoretic notion) Security degradation can be defined as the ratio between H(X AS |C) and H(X AS ), as demonstrated in 2 PET ’ 02 papers [Serjantov&Danezis,PET ’ 02] and [Diaz et al., PET ’ 02] This non-scalable solution is not our answer ! Perfect Secrecy H(M|E) = H(M) Perfect Anonymity H(X AS |C) = H(X AS )

34 11 Inspired by Bettstetter et al. ’ s work –For any mobility model (random walk, random way point), Bettstetter et al. have shown that  1 is computable following –For example, in random way point model in a square network area of size a £ a defined by -a/2 · x · a/2 and -a/2 · y · a/2 –  1 is “ location independent ”, yet computable in NS2 & QualNet given any area A’ (using finite element method)

35  1 in Random Way Point model [Bettstetter et al.] a=1000

36 WASP Micro-Aerial Vehicle (MAV) Wingspan: 13 inches Combined wing structure (Lithium-Ion battery pack): 4.25 ounces (120 gm) Total weight of the vehicle: 6 ounces (170 gm) Power: 9 Watts during the flight. Flying time: 1 hour and 47 min Good enough to trace a mobile soldier or a few soliders per MAV

Download ppt "Motion-MIX Mobile Traffic Sensor Network vs. Motion-MIX : Tracing & Protecting Mobile Wireless Nodes # Jiejun Kong, # # Jiejun Kong, * Dapeng Wu, + Xiaoyan."

Similar presentations

Mobility Increase the Capacity of Ad-hoc Wireless Network Matthias Gossglauser / David Tse Infocom 2001.

Mobility Increase the Capacity of Ad-hoc Wireless Network Matthias Gossglauser / David Tse Infocom 2001.
Winter 2004 UCSC CMPE252B1 CMPE 257: Wireless and Mobile Networking SET 3f: Medium Access Control Protocols.

Winter 2004 UCSC CMPE252B1 CMPE 257: Wireless and Mobile Networking SET 3f: Medium Access Control Protocols.
Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.

Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.

CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
How Bad is Selfish Routing? By Tim Roughgarden Eva Tardos Presented by Alex Kogan.

How Bad is Selfish Routing? By Tim Roughgarden Eva Tardos Presented by Alex Kogan.
Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.

Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.
Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.

Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.
Chapter 4: Network Layer

Chapter 4: Network Layer
1 Crosslayer Design for Distributed MAC and Network Coding in Wireless Ad Hoc Networks Yalin E. Sagduyu Anthony Ephremides University of Maryland at College.

1 Crosslayer Design for Distributed MAC and Network Coding in Wireless Ad Hoc Networks Yalin E. Sagduyu Anthony Ephremides University of Maryland at College.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
A Secure Ad-hoc Routing Approach using Localized Self-healing Communities Jiejun Kong Mario Gerla Jiejun Kong, * Xiaoyan Hong, Yunjung Yi, Joon-Sang Park,

A Secure Ad-hoc Routing Approach using Localized Self-healing Communities Jiejun Kong Mario Gerla Jiejun Kong, * Xiaoyan Hong, Yunjung Yi, Joon-Sang Park,
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099

Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
Modeling Ad-hoc Rushing Attack in a Negligiblity -based Security Framework Jiejun Kong Mario Gerla Jiejun Kong, * Xiaoyan Hong, # Mario Gerla Scalable.

Modeling Ad-hoc Rushing Attack in a Negligiblity -based Security Framework Jiejun Kong Mario Gerla Jiejun Kong, * Xiaoyan Hong, # Mario Gerla Scalable.
Dynamic Tuning of the IEEE 802.11 Protocol to Achieve a Theoretical Throughput Limit Frederico Calì, Marco Conti, and Enrico Gregori IEEE/ACM TRANSACTIONS.

Dynamic Tuning of the IEEE Protocol to Achieve a Theoretical Throughput Limit Frederico Calì, Marco Conti, and Enrico Gregori IEEE/ACM TRANSACTIONS.

Similar presentations

Ads by Google