Secure MultiHop Infrastructure Access - PowerPoint PPT Presentation

About This Presentation
Title:

Secure MultiHop Infrastructure Access

Description:

Multi-hop routing protocol. Optimized for many-to-one communication ... Protocol provides multi-hop infrastructure access. Efficient, lightweight security ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 35
Provided by: Ace51
Learn more at: https://www.cs.jhu.edu
Category:

less

Transcript and Presenter's Notes

Title: Secure MultiHop Infrastructure Access


1
Secure Multi-Hop Infrastructure Access
presented by Reza Curtmola(joint work with B.
Awerbuch, D. Holmer, C. Nita-Rotaru and H.
Rubens) 600.647 Advanced Topics in Wireless
Networks
2
Wireless Infrastructure Access
  • Few pure wireless peer to peer apps
    yet(primarily emergency deployments)
  • Un-tethered infrastructure access has been the
    wireless killer app (countless variations)
  • Voice communication
  • Internet access
  • Local area network access
  • Data gathering sensor networks
  • Peripherals (headphones, mice, keyboards)

3
Single-Hop vs. Multi-Hop
  • Advantages
  • Well established
  • Lower Complexity
  • Issues
  • Limited coverage
  • Range
  • Quality (gaps)
  • Advantages
  • Increased Coverage
  • Enhanced performance
  • Reduced Deployment Cost
  • Overall Flexibility
  • Challenges
  • Routing protocol
  • Mobility
  • Scalability

4
Infrastructure Access Security
  • Single-Hop
  • Many years to develop current state of the art
  • 1997 WEP
  • 2003 WPA
  • 2004 802.11i / WPA2
  • Still outstanding issues? (see NDSS 2004 paper)
  • Multi-Hop
  • Introduces a set of additional security concerns
  • Existing work focuses only on the security of the
    ad hoc scenario

5
Network Model
Gateway
Authorized Node
Adversary
Revoked Node
6
Protocol Design Goals
  • Security comparable to single-hop state of the
    art protocols
  • Additional protection against multi-hop routing
    attacks
  • Black Hole
  • Flood Rushing
  • Wormhole
  • Efficient protocol operation
  • Symmetric cryptography
  • Scalable user management

7
Adversarial Model
  • Access Point
  • is trusted
  • able to establish trust relationships with
    authorized nodes
  • Authenticated nodes are trusted to perform the
    protocol correctly
  • Adversaries are unauthenticated nodes
  • Perform arbitrary attacks (e.g. drop, inject or
    modify packets)
  • May collude to perform stronger attacks(e.g.
    tunnel packets)

8
Our Solution
  • Take an existing solution Pulse
    protocolInfocom 04, Milcom 04, WONS 05
  • Multi-hop routing protocol
  • Optimized for many-to-one communication pattern
  • High Scalability
  • Mobility
  • Number of nodes
  • Number of flows
  • Build security mechanisms into it

9
Pulse Protocol Example
10
Pro-active Spanning Tree
11
Node Wishes to Communicate
12
Sends Packet to Gateway
13
Cryptographic Protection
  • Participating nodes share a network wide
    symmetric key NSK
  • Used to secure the routing service
  • Established and maintained using a broadcast
    encryption scheme (BES)
  • Source and destination use per flow unicast key
    (UK) to protect data payload

routing headers
data payload
seq number
HMACNSK
ENSK
EUK
14
Secure Reliability Metric
  • Secure ACKs are required for each data packet
    traversing a link
  • Protocol gathers history of ACK failures
  • Link weights inversely proportional to
    reliability
  • Strategy is similar to ODSBR WiSe 02

15
Network Model
Gateway
Authorized Node
Adversary
Revoked Node
16
Adversarial Avoidance Example
17
Adversarial Avoidance Example
2
2
2
1
Gateway
1
2
1
1
2
3
2
2
2
3
3
3
18
Adversarial Avoidance Example
2
2
2
1
Gateway
1
2
1
1
2
3
1
2
2
2
3
3
3
19
Adversarial Avoidance Example
2
2
2
1
Gateway
1
2
1
1
2
3
1
2
2
2
3
3
3
20
Adversarial Avoidance Example
2
2
2
1
Gateway
1
2
1
1
2
3
1.1
2
2
2
3
3
3
21
Adversarial Avoidance Example
2
2
2
1
Gateway
1
2
1
1
2
3
1
1.1
2
2
2
3
3
3
22
Wormhole Avoidance Example
2
2
2
1
Gateway
1
2
1
1
2
3
2
2
2
3
3
3
23
Wormhole Avoidance Example
2
2
2
1
Gateway
1
2
1
1
2
1
3
2
2
2
1
2
3
24
Wormhole Avoidance Example
2
2
2
1
Gateway
1
2
1
1
2
1.1
3
2
2
2
1
2
3
25
Wormhole Avoidance Example
2
2
2
1
Gateway
1
2
1
1
2
3.1
3
2
2
2
1
2
3
26
Wormhole Avoidance Example
2
2
2
1
Gateway
1
2
1
1
2
3.1
3
2
2
2
3
3
3
27
Attack mitigation
  • Injecting, modifying packets use of NSK
  • Replay attack use of nonces
  • Flood rushing protocol relies on the metric,
    and not on timing information
  • Black hole unreliable links are avoided using
    metric
  • Wormhole creation is not prevented, but it is
    avoided using metric

28
Key Management
  • Assumption each node has a unique
    pre-established shared key PSK with the gateway
  • Goal to efficiently manage the Network Shared
    Key (NSK)
  • Selected and maintained by the gateway
  • Add/revoke users
  • Periodically refreshed

Manually entered as in WEP or WPA / WPA2 personal
mode
Automatically generated by interaction with an
authentication server as in 802.1x / EAP
or
29
Broadcast Encryption Scheme
  • Center broadcasts a message
  • Only a subset of privileged (non-revoked) users
    can decrypt it
  • Our requirements
  • Allows unbounded number of broadcasts
  • Any subset of users can be defined as privileged
  • A coalition of all revoked users cannot decrypt
    the broadcast

30
Subset Cover Framework
  • CS or SD Crypto 01, LSD Crypto 02
  • The set of privileged users is represented as the
    union of s subsets of users
  • A long-term key is associated with each subset
  • A user knows a long-term key only if he belongs
    to the corresponding subset
  • Center encrypts message s times under all the
    keys associated with subsets in the union
  • LSD Properties
  • Each node stores O(log3/2(n)) keys
  • O(r) message size
  • O(log(n)) computation at each node

31
Node Management
  • Node addition
  • Using PSK, a node obtains from the gateway the
    current NSK and the set of secrets for the BES
  • Node revocation / NSK refresh
  • Gateway generates a new NSK
  • Gateway broadcasts encrypted NSK such that only
    non-revoked nodes are able to decrypt it
  • Scalability advantage over Group Key management
    in 802.11i which is O(n)

32
Complete Subtree
1
1
3
3
2
2
6
6
5
7
4
7
11
10
9
8
12
15
14
13
12
U4
U1
U2
U3
U5
U6
U7
U8
  • Broadcast EK2(KEK), EK7(KEK), EK12(KEK),
    EKEK(NSK)

33
Conclusion
  • Protocol provides multi-hop infrastructure access
  • Efficient, lightweight security
  • Entirely based on symmetric cryptography
  • Prevents a wide variety of attacks
  • Leverages infrastructure for trust establishment

34
Real World Implementation
  • Completed Features
  • Linux Kernel Module with 2.4 and 2.6
    compatibility
  • Operates at layer 2
  • Distributed virtual switch architecture provides
    seamless bridging
  • Pulse Protocol
  • Shortcuts and gratuitous reply
  • Instantaneous loop freedom
  • Fast parent switching (with loop freedom)
  • Medium Time Metric route selection metric (WONS
    2004)
  • 50 Nodes deployed across JHU Campus
  • Tested with Internet Access, Ad hoc Access
    Points, Voice over IP
  • Mobility tested at automobile speeds
  • In Progress
  • Security (NDSS Workshop 2005)
  • Flood Rushing, Wormholes, Black holes, any
    NON-Byzantine attack
  • In kernel crypto implementation
  • Leader Election Algorithm
  • Fault tolerance, switches pulse source to most
    accessed destination
  • Handle merge and partition
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Secure MultiHop Infrastructure Access" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!