An Overview of the Security and Pervasive Computing Initiatives at WINLAB

1
An Overview of the Security and Pervasive
Computing Initiatives at WINLAB

• Rutgers, The State University of New Jersey
• www.winlab.rutgers.edu

2
Talk Overview

• Overview of the Security and Pervasive Computing
  Group
• Security Initiatives
• ORBIT
• 3G Multicast Security
• Multicast Authentication Staggered TESLA
• Authentication in Hierarchical Ad Hoc Networks
• Attack Tolerant, DoS Resistant Wireless Networks
• Privacy Preservation in Wireless Networks
• Secure Localization Defense and Identification
• Collusion-Resistant Fingerprinting for Multimedia
• Pervasive Computing Initiatives
• Congestion Control in Sensor Networks
• Lifetime Extension in Sensor Networks
• Mobility Emulation

3
WINLABs Security and Computing Initiatives

• WINLAB has a growing initiative in wireless
  network security and mobile/pervasive computing
• Currently the Security Group consists of
• 3 Faculty Members
• Wade Trappe (University of Maryland) Wireless
  Security, Multimedia Security, Physical/MAC Layer
  Security, Multicast, Coding and Cryptography
• Yanyong Zhang (Penn. State University)
  Distributed Computing, Sensor Networking,
  Pervasive Computing, Fault Tolerant Computing
  Architectures, Wireless Security
• Marco Gruteser (University of Colorado)
  Ubiquitous Computing, Secure Software
  Engineering, Privacy in Location Services
• 14 Students (W. Xu, Q. Li, P. Kamat, Z. Li, Y.
  Zhang, T. Wood, S. Chao, A. Chincholi, B. Xue, S.
  Raj, K. Ma, S. Swami, B. Hoh, K. Ramchandran)
• Collaboration Princeton (H. Kobayashi), Columbia
  (H. Schulzrinne), Bell Labs (S. Paul), IBM
  Watson, UMD (KJR Liu, M. Wu), Rutgers CS (B.
  Nath), UColorado (Grunwald), URI (Y. Sun), UBC
  (Z. Wang), U. Texas (IAT)
• Funding
• NSF ORBIT (joint with Princeton, Columbia, Bell
  Labs, IBM, Thomson), PARIS
• Air Force Multimedia Fingerprinting (joint with
  UMD) (complete)
• NICT Japan Secure Future Wireless Networks (B3G)

4
Wireless Security
5
ORBIT Testbed Radio Grid
Front-end Servers
Gigabit backbone
VPN Gateway to Wide-Area Testbed
80 ft ( 20 nodes )
Data switch
Application Servers (User applications/ Delay
nodes/ Mobility Controllers / Mobile Nodes)
70 ft ( 20 nodes )
Control switch
SAP
IS1
IS2
ISQ
SA1
SA2
RF/Spectrum Measurements
Interference Sources
Back-end servers
Internet VPN Gateway / Firewall
6
Experiment Patterns
7
ORBIT EWP6 Wireless Security Plans

• The Princeton EWP6 Security group (led by Prof.
  Kobayashi) and the WINLAB Security group (led by
  Prof. Trappe) have alternated monthly meetings
  between Princeton and WINLAB
• WINLAB collaboration with Lucent on MBMS Security
• Plans for ORBIT
• Secure Flooding Protocols (Princeton)
• Fast Authenticated Key Establishment Protocols
  for Self-Organizing Sensor Networks (develop ECC
  for ORBIT Crypto Toolbox) (Princeton)
• Mobility and Basic Authenticated Handoff
  Experiments (WINLAB)
• Development of Basic Cryptographic Toolbox
  (WINLAB)

1
2
3
Mobility Experiments (9/04-12/04)
Secure Flooding Protocols (9/04-1/05)
Construct Crypto Toolbox (8/04-12/04)

8
3G Multicast Security

• Keys must be shared by multicast group
  participants
• As users join and leave, keys must be changed
• 3GPP has proposed a new entity, the BMSC for
  managing broadcast and multicast services
• The BMSC can perform key management

9
3G Multicast Security

• 3GPP currently is investigating several multicast
  frameworks
• To optimize key management, one should match the
  key tree to underlying multicast topology
• 3GPP has not decided on a multicast topology
• We are examining the performance of multicast key
  management at the BMSC for different 3G multicast
  scenarios
• We have proposed modifications to Qualcomms MBMS
  security scheme that improves communication
  efficiency
• Secure Prototype Multicast Chatting Application
  has been developed
• Server is implemented in J2SE
• Clients are implemented in J2ME

W. Xu, W. Trappe and S. Paul, Key Management for
3G MBMS Security, to appear Proceedings of 2004
IEEE ICC.
10
Multicast Authentication

• Delayed Key Disclosure (e.g. TESLA)
• Weakness
• Use of buffers allows for a simple denial of
  service (DoS) attack
• Since there is no way to check packets until key
  is disclosed, buffer will overflow
• How to protect against DoS attacks?

Keys
Time
K1
K2
K3
K4
K5
Q. Li and W. Trappe, Staggered TESLA A Scheme
for Reduced-Delay Multi-Grade Multicast
Authentication, submitted to IEEE Infocom 2005.
11
Definition of Trust in Delayed Key Disclosure

• Assumptions
• Adversary has 0 Forge time
• Adversary has 0-delay link to receiver
• Disclosure delay is d
• Security Condition
• Packets sent at interval i will be discarded if
  received after id

• Key released at time it
• Adversaries within delay radius d-t can forge
  packets
• Adversaries outside radius d-t will cause
  violation of security condition

• Trust

12
Staggered TESLA Sender Setup

• The sender attaches d MACs computed by K'i,
  ,K'i-d1

Disclose Ki-d
Disclose Ki-d1
Disclose Ki-d-1
Ki
Ki1
Ki-1
Time
Interval i
Interval i1
Interval i-1
Mj
Mj1
Mj-1
MAC(Mj,K'i)
MAC(Mj1,K'i1)
MAC(Mj-1,K'i-1)



MAC(Mj,K'i-d1)
MAC(Mj1,K'i-d2)
MAC(Mj-1,K'i-d)
Ki-d
Ki-d1
Ki-d-1
13
Staggered TESLA Authentication at Receiver
Disclose Ki-1
Disclose Ki
Disclose Ki-2

• Receivers have a chained buffer
• As keys arrive, MACs are verified
• If matches, it puts the packet into the next
  layer. If not, the packet is dropped.
• As the packets move to lower buffer layers, the
  trustworthiness of the packets increases

Kid-1
Kid
Kid-2
Time
Interval id-1
Interval id
Interval id-2
P
No
Yes
Drop
P
No
Yes
Drop
P
No
Yes
Drop
Save
14
TESLA Staggered TESLA

• Packet sent in interval i, key Ki, Delay d

• TESLA
• Attach 1 MAC
• Key Ki
• Authenticate d intervals
• Compute 1 MAC
• Communicate 1 MAC

• Staggered TESLA
• Attach d MAC
• Keys Ki, , Ki-d1
• Authenticate Each interval has a chance
• Compute d MAC
• Communicate d MAC

15
Authentication in Hierarchical Ad Hoc Sensor
Networks

• Public key certificates are not suitable for flat
  ad hoc networks
• To check certificate requires expensive public
  key operations
• Three tier architecture
• Varying levels of computational power within the
  sensor network
• Sensors do not communicate with each other
• Forwarding nodes are radio-relay
• TESLA Certificates
• Alternative to PK certificates
• Uses symmetric key cryptography
• Delayed key disclosure

• Authentication framework
• Access points provide filter to application
• TESLA certificates provide efficient sensor node
  handoff
• Weak and assured data authentication provided

M. Bohge and W. Trappe, An Authentication
Framework for hierarchical ad hoc sensor
networks, Proceedings of 2003 ACM Workshop on
Wireless Security.
16
DoS Resistant Wireless Networks

• Broadcast radio signals at the same frequency as
  the wireless Ethernet transmitters - 2.4 GHz for
  802.11b/g!
• To jam, you just need to broadcast a radio signal
  at the same frequency but at a higher power.
• Waveform Generators and the Microwave Oven!
• Yes, heating up your lunch aggravates your system
  administrator!
• What can one do?
• WINLABs solution, from Sun Tzes Art of War He
  who cant defeat his enemy should retreat!
• Answers
• Change your channel allocation
• Move your location!

W. Xu, T. Wood, W. Trappe and Y. Zhang, Channel
Surfing and Spatial Retreats Defenses against
Wireless Denial o f Service, Proceedings of 2004
ACM Workshop on Wireless Security.
17
Privacy Issues in Wireless Networks

• Content-Oriented Security and Privacy
• Issues that arise because an adversary can
  observe and manipulate the exact content in a
  sensor message.
• Best addressed through cryptography and network
  security.
• Context-Oriented Privacy
• Issues that arise because an adversary observes
  the context surrounding creation and transmission
  of a sensor message.
• Examples
• Source-Location Privacy The physical location of
  communication participants may be sensitive.
• Traffic Privacy The size and amount of messages
  originating from a sensor may be sensitive.
• For sensor networks, Source-Location Privacy
  focuses on protecting the monitored asset from
  traceback.
• For tactical networks, Source-Location Privacy
  focuses on protecting the networked soldier from
  traceback attacks by adversaries!

C. Ozturk, Y. Zhang, and W. Trappe, Source
Location Privacy in Sensor Networks, Proceedings
of 2004 ACM Workshop on Security of Ad Hoc and
Sensor Networks (SASN).
18
Panda-Hunter Game Model Scenario

• We propose the Panda-Hunter Game as an example
  sensor scenario
• Panda-Hunter Game
• A sensor network has been deployed to monitor a
  panda habitat.
• Sensors send Panda_Here messages
• Messages are forwarded to a data sink.
• The hunter observes packets and traces his way
  back to the panda.
• Privacy Goal Increase the time needed for an
  adversary to track and capture the panda.
• Safety Period The number of messages transmitted
  by the source sensor.
• Longer safety periods mean more privacy!

Game Over!
Data Sink Sensor Node
19
Flooding Strategies for Privacy, pg. 1

• Flooding is a popular technique for delivering
  sensor data
• Involves each node forwarding a packet it
  receives
• Although many simultaneous paths to the sink,
  flooding does not increase the safety period!
• Explanation
• Flooding contains the shortest path.
• Hunter will always follow shortest path to the
  panda.

Data Sink Sensor Node
20
Flooding Strategies for Privacy, pg. 2

• Probabilistic Flooding
• An alternative strategy to baseline flooding
• Reduces the amount of energy consumed in the
  sensor network
• Each node forwards a received sensor packet with
  probability Pforward
• Small Pforward reduces energy at tradeoff of
  lower network connectivity
• Probabilistic flooding increases the safety
  period
• There is a chance that shortest path will not
  exist
• Adversary may thus follow non-shortest path
• Experimental Observations
• Lower Pforward increases safety period
• Lower Pforward also increases the sink miss ratio
• Fundamental tradeoff
• Other Strategies have been proposed
• Randomized Multipath Routing
• Phantom Routing

21
Privacy-observant Location Tracking

• Location Information useful for
• Calibrating the tracking system
• Location-based applications
• Can we perturb time-series information?
• Individual paths are not identifiable
• Aggregate information from multiple users is
  useful

22
Secure Localization in Wireless Networks

• Already, many techniques have emerged to localize
  a wireless device
• Enforcement of location-aware security policies
  (e.g., this laptop should not be taken out of
  this building, or this file should not be opened
  outside of a secure room) requires trusted
  location information.
• As more of these location-dependent services get
  deployed, the very mechanisms that provide
  location information will become the target of
  misuse and attacks.
• Two efforts to address this problem
• Integrate resilience into localization methods
  (Z. Li)
• Modulation of AP transmission powers (Yu Zhang)

Z. Li, Y. Zhang, W. Trappe and B. Nath, Securing
Wireless Localization Living with Bad Guys,
submitted to 2004 DIMACS Workshop on Wireless and
Mobile Security.
23
Collusion-Resistant Traitor Tracing for Multimedia

• DoD Research Joint Collaboration with UMD

• W. Trappe, M. Wu, Z. Wang, K.J.R. Liu,
  Anti-Collusion Fingerprinting for Multimedia,
  IEEE Trans. on Signal Processing, Special issue
  on Signal Processing for Data Hiding in Digital
  Media Secure Content Delivery, vol. 51, no. 4,
  pp.1069-1087, April 2003.
• Z. Wang, M. Wu, W. Trappe, and K.J.R. Liu
  "Group-Oriented Fingerprinting for Multimedia
  Forensics", EURASIP Journal on Applied Signal
  Processing, Special Issue on Multimedia Security
  and Rights Management, to appear 2004.

24
Recent Leak UAV Surveillance Video on bin Laden

• High-tech surveillance provide around-the-clock
  monitoring of terrorist base
• Highly classified video captured in 2000 by
  Unmanned Aerial Vehicle Predator
• Video shows a tall man wearing a white robe over
  Tarnak Farm in Afghanistan
• Analysts thought the man as bin Laden
• ? Pentagon CIA officials have copies
  of the tape
• ? Video leaked to the press in March
  2004, aired in NBC and CNN
• ? CIA investigates the leak of the
  tape
• http//www.cnn.com/2004/WORLD/asiapcf/03
  /17/predator.video/

25
Digital Fingerprinting and Tracing Traitors

• Leak of information as well as alteration and
  repackaging poses serious threats to government
  operations and commercial markets
• e.g., pirated content or classified document
• Promising countermeasurerobustly embed digital
  fingerprints
• Insert ID or fingerprint (often through
  conventional watermarking) to identify each user
• Purpose deter information leakage digital
  rights management(DRM)
• Challenge imperceptibility, robustness,
  tracing capability

26
Embedded Fingerprinting for Multimedia
27
Group-Oriented Forensics

• Overcome the limitations of orthogonal
  fingerprinting
• Recall orthogonal FP treats everybody equally
• Orthogonal strategy has to suspect more to
  accurately find a colluder
• Colluders often come together in some foreseeable
  groups
• Due to their geographic, social, or other
  connections
• Our approach design users FP in a correlated
  way
• Cluster users into groups based on prior
  knowledge
• Intra-group collusion is more likely than
  inter-group
• Revise orthogonal FP and add correlation to the
  same group to help narrow down the suspicion group

28
Group Fingerprinting

• Problem determine the number of colluders kis
  and the Scis
• Solution construct intra-group FP in two parts,
  and use threshold detector (at desired
  intra-group false alarm) to avoid estimating ki

Can be viewed as a real-valued fingerprint code
29
Two-Stage Detection Scheme

• Basic idea first identify groups containing
  colluders, then identify
  colluders within each possible guilty group
• ROC Curves Pd vs. Pfp under different collusion
  settings
• Constraint equal energy

30
Similarity between Collusion and MU Comm.

• The Fingerprint Collusion Problem is similar to
  Multiuser Communication
• The colluded signal is simply the host signal
  plus a mixture of watermarks
• For good communication performance CDMA
  sequences should have minimum interference
  between each other. Low Cross-Correlation is
  Good!
• The similarity between Collusion and MU Comm.
  suggests that good CDMA sequences would be good
  fingerprints!

Collusion Fingerprint Problem
Synchronous CDMA Channel
Z. Li and W. Trappe, Collusion-resistant
Fingerprints from WBE Sequence Sets, to appear
Proceedings of 2005 IEEE ICC.
31
Question How to assign M fingerprints in N
dimensions to facilitate colluder detection?
ACC built from Interference Avoidance

• MltN assign orthogonal fingerprints because they
  are uncorrelated
• MgtN the fingerprints are correlated. How do we
  find the least correlated set S of size N by M?
• Minimize Total Squared Correlation (TSC)
• Welch Bound TSC is lower bounded by M2/N
• WBE sequence set
• WBE sequence set is known to be optimal in terms
  of user capacity in synchronous code-division
  multiple access (CDMA)
• One approach to get WBE sequence set
  Eigen-algorithm

32
Detection of WBE Fingerprints
F collusion indicator, M ? 1 S
fingerprint matrix, N ? M (MgtN) T detection
statistics, N ? 1 K number of
colluders S Moore-Penrose generalized inverse
of S

• Iterative Generalized Inverse Algorithm

1. Initialize Ss S, i.e. all users are initially
under suspicion 2. Fa SsT 3. Choose a
threshold g We choose g 0 when min(Fa)lt0, and
g 0.4max(Fa) when min(Fa)gt0. 4. The users whose
corresponding entries in Fa are smaller than g
are identified as innocent. Their fingerprints
are removed from Ss. 5. Repeat the steps from 2
to 4 with the new Ss until Ss does not change any
more. 6. The users whose fingerprints remain in
Ss are the final accused users.
33
Performance Comparison with BIBD ACC
Probability of Detection
Probability of false accusation
Probability of Error
Probability of not capturing any colluder
34
Future Security Topics?

• Detecting and Containing Wireless Worms
• Securing Networks of Networks in 4G
• Interoperability and translation of security
  policies
• Securing Multimedia over MANETS

35
Congestion control in sensor networks

• Why resource control instead of traffic control?
• The data during a congestion is valuable and
  cannot be dropped
• Sensor network deployments have a large degree of
  redundancy, so there is available resources
• Research questions to answer
• How do you measure congestion level? (channel
  utilization, queue occupation, drop rate, etc)
• How do you measure aggregated traffic volume?
• If 40 more resources are needed, how can you
  increase resource accordingly?
• How can you design a distributed yet low-weight
  protocol?

36
Coverage, Connectivity, and Lifetime

• Sensor network deployments have a large degree of
  redundancy, so there exists overlapping for both
  coverage and connectivity
• In order to extend lifetime, at any time, we keep
  a minimal set of active nodes (with radio on), so
  that the others can sleep
• How do you provide coverage/connectivity in case
  of node failures?
• In addition to active nodes, leave a small set of
  nodes always on, like satellites
• All the other sleeping nodes coordinate their
  schedules so that every active node is constantly
  protected by one or more nodes.

37
Mobility Emulation

• Goal Support experiments that require mobile
  nodes on the Orbit testbed
• 802.11 hand-over
• Ad-hoc routing
• Location tracking
• Idea Emulate mobility by mapping moving nodes
  onto changing grid nodes
• More reliable, reproducible, and cost-effective
  than robots (or students)