New Challenges in Securing our Communication Infrastructure - PowerPoint PPT Presentation

About This Presentation
Title:

New Challenges in Securing our Communication Infrastructure

Description:

Security in Ad Hoc Networks. Biologically-Inspired Self-Healing Frameworks ... Ad hoc networks are being deployed for a broad variety of applications, and are ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 18
Provided by: wadet
Category:

less

Transcript and Presenter's Notes

Title: New Challenges in Securing our Communication Infrastructure


1
New Challenges in Securing our Communication
Infrastructure
  • Wade Trappe

2
Agenda
  • Wireless Overview
  • State of the Wireless Union Where are we?
  • Vision for 4G
  • Security Challenges for Future Wireless Networks
  • 3G Multicast Security
  • Authentication in Broadcast Environments
  • Security in Ad Hoc Networks
  • Biologically-Inspired Self-Healing Frameworks
  • Networks of Networks Security Issues

3
State of the Wireless Union
  • We are still waiting for third generation (3G)
    wireless.
  • WLAN (Wi-Fi) technologies are rapidly growing
  • Estimated 800 Million in US sales for 2004
  • Prices for Wi-Fi equipment plummeting
  • 100 access point, 70 WLAN card
  • New, unregulated networks popping up everywhere
  • Its not just Starbucks T-Mobile
  • Open-access hotspots
  • Warchalking is now a common hobby

Source Allied Business Intelligence
4
Vision for the Fourth Generation
  • Wireless devices will continue to drop in price
  • Wireless sensors will be deployed everywhere
  • Ability to monitor everything, from temperature
    to traffic
  • Remote sensing and autonomic living applications
  • Next generation wireless systems (4G) will seek
    to facilitate mass market services with new
    network architecture
  • Self-organizing, ad-hoc wireless access networks
    Ad-hoc wireless network protocols which support
    multihop and peer-to-peer service models,
    particularly for low-tier uses (in-home, sensors,
    etc.)
  • Networks of networks Future wireless networks
    will support co-existence of multiple types of
    networks
  • Security will be a critical issue
  • Unregulated networks will provide an untraceable
    platform to launch network attacks
  • Mobility and power-efficiency are still concerns

5
3G Multicast Security
  • Keys must be shared by multicast group
    participants
  • As users join and leave, keys must be changed
  • 3GPP has proposed a new entity, the BMSC for
    managing broadcast and multicast services
  • The BMSC can perform key management

6
3G Multicast Security
  • 3GPP currently is investigating several multicast
    frameworks
  • To optimize key management, one should match the
    key tree to underlying multicast topology
  • 3GPP has not decided on a multicast topology
  • We are examining the performance of multicast key
    management at the BMSC for different 3G multicast
    scenarios
  • Examine the issue of key management during
    handoff between node-Bs and RNCs
  • Prototype Secure Chat Application has been
    developed
  • Server is implemented in J2SE
  • Clients are implemented in J2ME

7
Broadcast/Multicast Authentication
  • Important challenge facing secure multicast
    communication is data authentication
  • Ensures data is from trusted source
  • Ensures data was not modified en route
  • Unicast Data Authentication uses standard
    cryptographic techniques
  • Digital Signatures (RSA, DSA)
  • Drawbacks Inefficient due to
  • Large per packet computation
  • Large communication overhead
  • Note Drawbacks are not critical in many
    applications.
  • Message Authentication Codes (MAC) (HMAC-MD5)
  • Class of symmetric keyed one-way hash function
  • Advantages
  • Computationally efficient
  • Compressed code
  • Computationally non-invertible

8
Multicast Authentication
  • Multicast source authentication is more complex
    than unicast
  • Symmetric Key Cryptography cannot be used
  • Key is known to all receivers
  • Packets can be forged by any receivers
  • Asymmetric key cryptography is required
  • Lost packets are not retransmitted
  • Digital signature schemes provide good
    authentication
  • Each message is signed by appending digital
    signature
  • Significant drawbacks for realtime, low-power
    multicast applications
  • Time-to-sign and time-to-verify
  • Bandwidth and overhead.
  • We want a technique that will take advantage of
    both
  • One approach Delayed key disclosure

9
Multicast Authentication
  • Delayed Key Disclosure (e.g. TESLA)
  • Weakness
  • Use of buffers allows for a simple denial of
    service (DoS) attack
  • Since there is no way to check packets until key
    is disclosed, buffer will overflow
  • How to protect against DoS attacks?

Keys
Time
K1
K2
K3
K4
K5
10
DoS Resistant TESLA
  • Idea Use multiple keys and stagger the delayed
    key disclosure scheme.

Keys
Time
Ki
Ki2
Ki4
Ki1
Ki3
P1
P1
  • End result
  • Provides a filter to remove packets from buffer
    before the maximum network delay is achieved

P1
11
Ad-Hoc Network Security
  • Ad-hoc networks introduce new security challenges
  • Evolving authentication Nodes are moving, and
    clusters are constantly being redefined.
  • Secure routing New types of attacks (e.g.
    wormhole attacks) exist.
  • Service non-repudiation No proof that a service
    (QoS) was provided.
  • WINLAB approach Develop a hierarchical,
    self-organizing network
  • Can nodes develop an evolving trust model?
    Elected nodes give trust certificates.

Internet
BTS
Access Point
AP
WLAN micro-cell
Forwarding node
FN
3G cell
personal-area pico-cell
low-tier (e.g. sensor) user nodes
12
Authentication in Hierarchical Ad Hoc Sensor
Networks
  • Public key certificates are not suitable for flat
    ad hoc networks
  • To check certificate requires expensive public
    key operations
  • Three tier architecture
  • Varying levels of computational power within the
    sensor network
  • Sensors do not communicate with each other
  • Forwarding nodes are radio-relay
  • TESLA Certificates
  • Alternative to PK certificates
  • Uses symmetric key cryptography
  • Delayed key disclosure
  • Authentication framework
  • Access points provide filter to application
  • TESLA certificates provide efficient sensor node
    handoff
  • Weak and assured data authentication provided

13
Self-Healing Wireless Networks
  • Ad hoc networks are being deployed for a broad
    variety of applications, and are a key platform
    for
  • Remote sensing applications (Homeland Security)
  • Military battlefield networks
  • Mesh networks and ubiquitous content distribution
  • Challenge These networks are not tolerant to
    active or passive faults
  • Nodes are cheap and will often malfunction
  • Nodes are in an open environment and vulnerable
    to being captured by adversaries

Network Node
Corrupted Network Node
14
Self-healing framework
  • In nature, we have many cases where systems get
    infected and must repair themselves
  • Ad hoc networks should emulate nature and heal
    themselves!
  • Model Human immune system
  • Leuocytes (white blood cells) There are two
    types, those that develop in lymph nodes and
    those that develop in bone marrow
  • Killer T-cells Destroy antigens either by
    themselves, or by recruiting other white blood
    cells
  • Lymphocytes Produce antibodies, that seek to
    surround and cover an antigen, rendering it
    harmless until a phage can arrive to destroy the
    neutralized antigen
  • Chemotaxis Leuocytes find their way to an
    antigen by following a chemical trail of bread
    crumbs

15
Mobile Agent Framework
  • Biologically-inspired self-healing security
    framework
  • Mobile Code will launch from network lymph nodes
    to patrol network
  • Mobile Code will leave behind tags allowing for
    the process of network chemotaxis
  • In response, Repair and Destroy Agents will be
    launched to reboot, or shut down malfunctioning
    nodes via secure OS environment

Network Node
Network Lymph Node
Corrupted Network Node
16
Enabling Technologies
  • Enabling Technologies to be Researched
  • Smart Messages (SMs) Migratory execution units
    that execute on ad hoc nodes, and will form the
    different types of mobile agents involved in a
    network immune system
  • Trajectory Routing Self-routing mechanisms for
    mobile code capable of finding fast and efficient
    route to faulty node
  • Anomaly Detection Statistical and policy-based
    detection mechanisms for identifying faulty
    network nodes
  • Flexible Security Policies Describe how the
    network immune system responds to different types
    of corruptions or threats
  • Authorization and Secure OS Each node must have
    a secure environment from which mobile agents
    perform their functions

17
Network of Wireless Networks Security
  • Security Needs
  • Certification across networks
  • Security must scale to multiple simultaneous
    platforms!

Global Internet
Internet-like architecture that promotes organic
growth...
Mobility supporting Internet
wired links
Radio Access Network (cellular)
high-tier devices (mobile terminals)
radio link
microcell
med-tier devices (laptops, PDAs)
picocell
low-tier devices (home, sensors)
Write a Comment
User Comments (0)
About PowerShow.com