Title: An Overview of the Security and Pervasive Computing Initiatives at WINLAB
1An Overview of the Security and Pervasive
Computing Initiatives at WINLAB
- Rutgers, The State University of New Jersey
- www.winlab.rutgers.edu
2Talk Overview
- Overview of the Security and Pervasive Computing
Group - Security Initiatives
- ORBIT
- 3G Multicast Security
- Multicast Authentication Staggered TESLA
- Authentication in Hierarchical Ad Hoc Networks
- Attack Tolerant, DoS Resistant Wireless Networks
- Privacy Preservation in Wireless Networks
- Secure Localization Defense and Identification
- Collusion-Resistant Fingerprinting for Multimedia
- Pervasive Computing Initiatives
- Congestion Control in Sensor Networks
- Lifetime Extension in Sensor Networks
- Mobility Emulation
3WINLABs Security and Computing Initiatives
- WINLAB has a growing initiative in wireless
network security and mobile/pervasive computing - Currently the Security Group consists of
- 3 Faculty Members
- Wade Trappe (University of Maryland) Wireless
Security, Multimedia Security, Physical/MAC Layer
Security, Multicast, Coding and Cryptography - Yanyong Zhang (Penn. State University)
Distributed Computing, Sensor Networking,
Pervasive Computing, Fault Tolerant Computing
Architectures, Wireless Security - Marco Gruteser (University of Colorado)
Ubiquitous Computing, Secure Software
Engineering, Privacy in Location Services - 14 Students (W. Xu, Q. Li, P. Kamat, Z. Li, Y.
Zhang, T. Wood, S. Chao, A. Chincholi, B. Xue, S.
Raj, K. Ma, S. Swami, B. Hoh, K. Ramchandran) - Collaboration Princeton (H. Kobayashi), Columbia
(H. Schulzrinne), Bell Labs (S. Paul), IBM
Watson, UMD (KJR Liu, M. Wu), Rutgers CS (B.
Nath), UColorado (Grunwald), URI (Y. Sun), UBC
(Z. Wang), U. Texas (IAT) - Funding
- NSF ORBIT (joint with Princeton, Columbia, Bell
Labs, IBM, Thomson), PARIS - Air Force Multimedia Fingerprinting (joint with
UMD) (complete) - NICT Japan Secure Future Wireless Networks (B3G)
4Wireless Security
5ORBIT Testbed Radio Grid
Front-end Servers
Gigabit backbone
VPN Gateway to Wide-Area Testbed
80 ft ( 20 nodes )
Data switch
Application Servers (User applications/ Delay
nodes/ Mobility Controllers / Mobile Nodes)
70 ft ( 20 nodes )
Control switch
SAP
IS1
IS2
ISQ
SA1
SA2
RF/Spectrum Measurements
Interference Sources
Back-end servers
Internet VPN Gateway / Firewall
6Experiment Patterns
7ORBIT EWP6 Wireless Security Plans
- The Princeton EWP6 Security group (led by Prof.
Kobayashi) and the WINLAB Security group (led by
Prof. Trappe) have alternated monthly meetings
between Princeton and WINLAB - WINLAB collaboration with Lucent on MBMS Security
- Plans for ORBIT
- Secure Flooding Protocols (Princeton)
- Fast Authenticated Key Establishment Protocols
for Self-Organizing Sensor Networks (develop ECC
for ORBIT Crypto Toolbox) (Princeton) - Mobility and Basic Authenticated Handoff
Experiments (WINLAB) - Development of Basic Cryptographic Toolbox
(WINLAB)
1
2
3
Mobility Experiments (9/04-12/04)
Secure Flooding Protocols (9/04-1/05)
Construct Crypto Toolbox (8/04-12/04)
83G Multicast Security
- Keys must be shared by multicast group
participants - As users join and leave, keys must be changed
- 3GPP has proposed a new entity, the BMSC for
managing broadcast and multicast services - The BMSC can perform key management
93G Multicast Security
- 3GPP currently is investigating several multicast
frameworks - To optimize key management, one should match the
key tree to underlying multicast topology - 3GPP has not decided on a multicast topology
- We are examining the performance of multicast key
management at the BMSC for different 3G multicast
scenarios - We have proposed modifications to Qualcomms MBMS
security scheme that improves communication
efficiency - Secure Prototype Multicast Chatting Application
has been developed - Server is implemented in J2SE
- Clients are implemented in J2ME
W. Xu, W. Trappe and S. Paul, Key Management for
3G MBMS Security, to appear Proceedings of 2004
IEEE ICC.
10Multicast Authentication
- Delayed Key Disclosure (e.g. TESLA)
- Weakness
- Use of buffers allows for a simple denial of
service (DoS) attack - Since there is no way to check packets until key
is disclosed, buffer will overflow - How to protect against DoS attacks?
Keys
Time
K1
K2
K3
K4
K5
Q. Li and W. Trappe, Staggered TESLA A Scheme
for Reduced-Delay Multi-Grade Multicast
Authentication, submitted to IEEE Infocom 2005.
11Definition of Trust in Delayed Key Disclosure
- Assumptions
- Adversary has 0 Forge time
- Adversary has 0-delay link to receiver
- Disclosure delay is d
- Security Condition
- Packets sent at interval i will be discarded if
received after id
- Key released at time it
- Adversaries within delay radius d-t can forge
packets - Adversaries outside radius d-t will cause
violation of security condition
12Staggered TESLA Sender Setup
- The sender attaches d MACs computed by K'i,
,K'i-d1
Disclose Ki-d
Disclose Ki-d1
Disclose Ki-d-1
Ki
Ki1
Ki-1
Time
Interval i
Interval i1
Interval i-1
Mj
Mj1
Mj-1
MAC(Mj,K'i)
MAC(Mj1,K'i1)
MAC(Mj-1,K'i-1)
MAC(Mj,K'i-d1)
MAC(Mj1,K'i-d2)
MAC(Mj-1,K'i-d)
Ki-d
Ki-d1
Ki-d-1
13Staggered TESLA Authentication at Receiver
Disclose Ki-1
Disclose Ki
Disclose Ki-2
- Receivers have a chained buffer
- As keys arrive, MACs are verified
- If matches, it puts the packet into the next
layer. If not, the packet is dropped. - As the packets move to lower buffer layers, the
trustworthiness of the packets increases
Kid-1
Kid
Kid-2
Time
Interval id-1
Interval id
Interval id-2
P
No
Yes
Drop
P
No
Yes
Drop
P
No
Yes
Drop
Save
14TESLA Staggered TESLA
- Packet sent in interval i, key Ki, Delay d
- TESLA
- Attach 1 MAC
- Key Ki
- Authenticate d intervals
- Compute 1 MAC
- Communicate 1 MAC
- Staggered TESLA
- Attach d MAC
- Keys Ki, , Ki-d1
- Authenticate Each interval has a chance
- Compute d MAC
- Communicate d MAC
15Authentication in Hierarchical Ad Hoc Sensor
Networks
- Public key certificates are not suitable for flat
ad hoc networks - To check certificate requires expensive public
key operations - Three tier architecture
- Varying levels of computational power within the
sensor network - Sensors do not communicate with each other
- Forwarding nodes are radio-relay
- TESLA Certificates
- Alternative to PK certificates
- Uses symmetric key cryptography
- Delayed key disclosure
- Authentication framework
- Access points provide filter to application
- TESLA certificates provide efficient sensor node
handoff - Weak and assured data authentication provided
M. Bohge and W. Trappe, An Authentication
Framework for hierarchical ad hoc sensor
networks, Proceedings of 2003 ACM Workshop on
Wireless Security.
16DoS Resistant Wireless Networks
- Broadcast radio signals at the same frequency as
the wireless Ethernet transmitters - 2.4 GHz for
802.11b/g! - To jam, you just need to broadcast a radio signal
at the same frequency but at a higher power. - Waveform Generators and the Microwave Oven!
- Yes, heating up your lunch aggravates your system
administrator! - What can one do?
- WINLABs solution, from Sun Tzes Art of War He
who cant defeat his enemy should retreat! - Answers
- Change your channel allocation
- Move your location!
W. Xu, T. Wood, W. Trappe and Y. Zhang, Channel
Surfing and Spatial Retreats Defenses against
Wireless Denial o f Service, Proceedings of 2004
ACM Workshop on Wireless Security.
17Privacy Issues in Wireless Networks
- Content-Oriented Security and Privacy
- Issues that arise because an adversary can
observe and manipulate the exact content in a
sensor message. - Best addressed through cryptography and network
security. - Context-Oriented Privacy
- Issues that arise because an adversary observes
the context surrounding creation and transmission
of a sensor message. - Examples
- Source-Location Privacy The physical location of
communication participants may be sensitive. - Traffic Privacy The size and amount of messages
originating from a sensor may be sensitive. - For sensor networks, Source-Location Privacy
focuses on protecting the monitored asset from
traceback. - For tactical networks, Source-Location Privacy
focuses on protecting the networked soldier from
traceback attacks by adversaries!
C. Ozturk, Y. Zhang, and W. Trappe, Source
Location Privacy in Sensor Networks, Proceedings
of 2004 ACM Workshop on Security of Ad Hoc and
Sensor Networks (SASN).
18Panda-Hunter Game Model Scenario
- We propose the Panda-Hunter Game as an example
sensor scenario - Panda-Hunter Game
- A sensor network has been deployed to monitor a
panda habitat. - Sensors send Panda_Here messages
- Messages are forwarded to a data sink.
- The hunter observes packets and traces his way
back to the panda. - Privacy Goal Increase the time needed for an
adversary to track and capture the panda. - Safety Period The number of messages transmitted
by the source sensor. - Longer safety periods mean more privacy!
Game Over!
Data Sink Sensor Node
19Flooding Strategies for Privacy, pg. 1
- Flooding is a popular technique for delivering
sensor data - Involves each node forwarding a packet it
receives - Although many simultaneous paths to the sink,
flooding does not increase the safety period! - Explanation
- Flooding contains the shortest path.
- Hunter will always follow shortest path to the
panda.
Data Sink Sensor Node
20Flooding Strategies for Privacy, pg. 2
- Probabilistic Flooding
- An alternative strategy to baseline flooding
- Reduces the amount of energy consumed in the
sensor network - Each node forwards a received sensor packet with
probability Pforward - Small Pforward reduces energy at tradeoff of
lower network connectivity - Probabilistic flooding increases the safety
period - There is a chance that shortest path will not
exist - Adversary may thus follow non-shortest path
- Experimental Observations
- Lower Pforward increases safety period
- Lower Pforward also increases the sink miss ratio
- Fundamental tradeoff
- Other Strategies have been proposed
- Randomized Multipath Routing
- Phantom Routing
21Privacy-observant Location Tracking
- Location Information useful for
- Calibrating the tracking system
- Location-based applications
- Can we perturb time-series information?
- Individual paths are not identifiable
- Aggregate information from multiple users is
useful
22Secure Localization in Wireless Networks
- Already, many techniques have emerged to localize
a wireless device - Enforcement of location-aware security policies
(e.g., this laptop should not be taken out of
this building, or this file should not be opened
outside of a secure room) requires trusted
location information. - As more of these location-dependent services get
deployed, the very mechanisms that provide
location information will become the target of
misuse and attacks. - Two efforts to address this problem
- Integrate resilience into localization methods
(Z. Li) - Modulation of AP transmission powers (Yu Zhang)
Z. Li, Y. Zhang, W. Trappe and B. Nath, Securing
Wireless Localization Living with Bad Guys,
submitted to 2004 DIMACS Workshop on Wireless and
Mobile Security.
23Collusion-Resistant Traitor Tracing for Multimedia
- DoD Research Joint Collaboration with UMD
- W. Trappe, M. Wu, Z. Wang, K.J.R. Liu,
Anti-Collusion Fingerprinting for Multimedia,
IEEE Trans. on Signal Processing, Special issue
on Signal Processing for Data Hiding in Digital
Media Secure Content Delivery, vol. 51, no. 4,
pp.1069-1087, April 2003. - Z. Wang, M. Wu, W. Trappe, and K.J.R. Liu
"Group-Oriented Fingerprinting for Multimedia
Forensics", EURASIP Journal on Applied Signal
Processing, Special Issue on Multimedia Security
and Rights Management, to appear 2004.
24Recent Leak UAV Surveillance Video on bin Laden
- High-tech surveillance provide around-the-clock
monitoring of terrorist base - Highly classified video captured in 2000 by
Unmanned Aerial Vehicle Predator - Video shows a tall man wearing a white robe over
Tarnak Farm in Afghanistan - Analysts thought the man as bin Laden
- ? Pentagon CIA officials have copies
of the tape - ? Video leaked to the press in March
2004, aired in NBC and CNN - ? CIA investigates the leak of the
tape - http//www.cnn.com/2004/WORLD/asiapcf/03
/17/predator.video/
25Digital Fingerprinting and Tracing Traitors
- Leak of information as well as alteration and
repackaging poses serious threats to government
operations and commercial markets - e.g., pirated content or classified document
- Promising countermeasurerobustly embed digital
fingerprints - Insert ID or fingerprint (often through
conventional watermarking) to identify each user - Purpose deter information leakage digital
rights management(DRM) - Challenge imperceptibility, robustness,
tracing capability
26Embedded Fingerprinting for Multimedia
27Group-Oriented Forensics
- Overcome the limitations of orthogonal
fingerprinting - Recall orthogonal FP treats everybody equally
- Orthogonal strategy has to suspect more to
accurately find a colluder - Colluders often come together in some foreseeable
groups - Due to their geographic, social, or other
connections - Our approach design users FP in a correlated
way - Cluster users into groups based on prior
knowledge - Intra-group collusion is more likely than
inter-group - Revise orthogonal FP and add correlation to the
same group to help narrow down the suspicion group
28Group Fingerprinting
- Problem determine the number of colluders kis
and the Scis - Solution construct intra-group FP in two parts,
and use threshold detector (at desired
intra-group false alarm) to avoid estimating ki
Can be viewed as a real-valued fingerprint code
29Two-Stage Detection Scheme
- Basic idea first identify groups containing
colluders, then identify
colluders within each possible guilty group - ROC Curves Pd vs. Pfp under different collusion
settings - Constraint equal energy
30Similarity between Collusion and MU Comm.
- The Fingerprint Collusion Problem is similar to
Multiuser Communication - The colluded signal is simply the host signal
plus a mixture of watermarks - For good communication performance CDMA
sequences should have minimum interference
between each other. Low Cross-Correlation is
Good! - The similarity between Collusion and MU Comm.
suggests that good CDMA sequences would be good
fingerprints!
Collusion Fingerprint Problem
Synchronous CDMA Channel
Z. Li and W. Trappe, Collusion-resistant
Fingerprints from WBE Sequence Sets, to appear
Proceedings of 2005 IEEE ICC.
31Question How to assign M fingerprints in N
dimensions to facilitate colluder detection?
ACC built from Interference Avoidance
- MltN assign orthogonal fingerprints because they
are uncorrelated - MgtN the fingerprints are correlated. How do we
find the least correlated set S of size N by M? - Minimize Total Squared Correlation (TSC)
- Welch Bound TSC is lower bounded by M2/N
- WBE sequence set
- WBE sequence set is known to be optimal in terms
of user capacity in synchronous code-division
multiple access (CDMA) - One approach to get WBE sequence set
Eigen-algorithm
32Detection of WBE Fingerprints
F collusion indicator, M ? 1 S
fingerprint matrix, N ? M (MgtN) T detection
statistics, N ? 1 K number of
colluders S Moore-Penrose generalized inverse
of S
- Iterative Generalized Inverse Algorithm
1. Initialize Ss S, i.e. all users are initially
under suspicion 2. Fa SsT 3. Choose a
threshold g We choose g 0 when min(Fa)lt0, and
g 0.4max(Fa) when min(Fa)gt0. 4. The users whose
corresponding entries in Fa are smaller than g
are identified as innocent. Their fingerprints
are removed from Ss. 5. Repeat the steps from 2
to 4 with the new Ss until Ss does not change any
more. 6. The users whose fingerprints remain in
Ss are the final accused users.
33Performance Comparison with BIBD ACC
Probability of Detection
Probability of false accusation
Probability of Error
Probability of not capturing any colluder
34Future Security Topics?
- Detecting and Containing Wireless Worms
- Securing Networks of Networks in 4G
- Interoperability and translation of security
policies - Securing Multimedia over MANETS
35Congestion control in sensor networks
- Why resource control instead of traffic control?
- The data during a congestion is valuable and
cannot be dropped - Sensor network deployments have a large degree of
redundancy, so there is available resources - Research questions to answer
- How do you measure congestion level? (channel
utilization, queue occupation, drop rate, etc) - How do you measure aggregated traffic volume?
- If 40 more resources are needed, how can you
increase resource accordingly? - How can you design a distributed yet low-weight
protocol?
36Coverage, Connectivity, and Lifetime
- Sensor network deployments have a large degree of
redundancy, so there exists overlapping for both
coverage and connectivity - In order to extend lifetime, at any time, we keep
a minimal set of active nodes (with radio on), so
that the others can sleep - How do you provide coverage/connectivity in case
of node failures? - In addition to active nodes, leave a small set of
nodes always on, like satellites - All the other sleeping nodes coordinate their
schedules so that every active node is constantly
protected by one or more nodes.
37Mobility Emulation
- Goal Support experiments that require mobile
nodes on the Orbit testbed - 802.11 hand-over
- Ad-hoc routing
- Location tracking
- Idea Emulate mobility by mapping moving nodes
onto changing grid nodes - More reliable, reproducible, and cost-effective
than robots (or students)