Securing Ad Hoc Networks

1
Securing Ad Hoc Networks
EECS 600 Advanced Network Research, Spring 2005
Instructor Shudong Jin February 28, 2005
2
Security Goals

• Availability
• Ensures survivability despite DoS attack
• Attack at different layers
• Application layer key management service
• Network layer routing service
• Physical and MAC layer Jamming

3
Security Goals

• Confidentiality
• Ensures information not disclosed to unauthorized
  entities
• Transmission of sensitive information
• Routing information also confidential?
• Integrity
• Message not corrupted
• Q is it a security goal?

4
Security Goals

• Authorization
• Ensures the identity of the peer
• Network should reject routing unauthorized packet
• Transient security associations gt static
  authorization policy is unfeasible
• Non-repudiation
• The origin of a message cannot deny having sent
  the message.
• Useful to detect/isolate compromised nodes

5
Challenges (1)

• The use of wireless links
• Susceptible to link attacks ranging from passive
  eavesdropping to active impersonation, message
  replay, and message distortion.
• violating confidentiality, availability,
  integrity, authentication, and non-repudiation.
• Mobility in hostile environment
• Nodes roaming in a hostile environment (e.g., a
  battlefield) with relatively poor physical
  protection, have non-negligible probability of
  being compromised.
• Need distributed architecture with no central
  entities. Any central authority may lead to
  significant vulnerability

6
Challenges (2)

• Dynamic topology
• Because of frequent changes in both its topology
  and its membership. Trust relationship among
  nodes also changes. Any security solution with a
  static configuration would not suffice. It is
  desirable for our security mechanisms to adapt
  on-the-fly to these changes.
• Scalable secure service
• An ad hoc network may consist of hundreds or even
  thousands of nodes. Security mechanisms should be
  scalable to handle such a large network.

7
This paper

• To provide security mechanisms, further rely on
  two principles
• redundancies in the network topology
• distribution of trust
• DoS attacks towards routing protocols
• How to establish a key management service that is
  appropriate for ad hoc networks.

8
Secure routing (1)

• No previous routing protocol have accommodated
  mechanisms to defend against malicious attacks.
• bad routing info from external attackers
• How to defend against it?
• more severe threats comes from compromised nodes
• How to defend against it?
• More difficult, less effective if nodes are
  compromised
• Dynamic topology adds complexity

9
Secure routing (2)

• We can exploit certain properties of ad hoc
  networks to achieve secure routing
• False routing information generated by
  compromised nodes could be considered outdated
  information.
• If we have enough correct nodes (and alternative
  paths - redundancy), routing around compromised
  nodes
• Mitigating routing misbehavior

10
Key management service

• Cryptographic schemes require a key management
  service.
• Public/private keys
• Public keys can be distributed to other nodes,
  while private keys should be kept confidential to
  individual nodes. There is a trusted entity
  called Certification Authority (CA) for key
  management. The CA has a public/private key pair,
  with its public key known to every node, and
  signs certificates binding public keys to nodes.
• The trusted CA has to stay on-line to reflect the
  current bindings. A public key should be revoked
  if the owner node is no longer trusted.
• A node may refresh its key pair periodically to
  reduce the chance of a successful brute-force
  attack on its private key
• Problems with a single CA
• Standard solution replication

11
Key management models and assumption

• Reliable links at network layer
• Public/private keys
• Query other nodes public key
• Update own private key
• An (n,t1) configuration n servers where
  ngt3t1, among them no more than t servers can be
  compromised.
• Compromised servers unavailable and Byzantine
  behavior, but unable to break cryptographic
  schemes
• Need to provide (1) Robustness and (2)
  confidentiality

12
Threshold cryptography (1)

• The n servers of the key management service share
  the ability to sign certificates. Divide the
  private key k of the service into n shares (s1,
  s2, . . . , sn), assigning one share to each
  server.

13
Threshold cryptography (2)

• Each server generates a partial signature for the
  certificate using its private key share and
  submits the partial signature to a combiner. Need
  t 1 correct partial signatures.

14
Mobile adversaries

• Adversaries that temporarily compromise a server
  and then move on to the next victim
• May gather t shares from more than t shares of
  the private key.

15
Proactive Schemes as Countermeasure (1)

• Proactive threshold cryptography scheme
• Uses share refreshing, which enables servers to
  compute new shares from old ones in collaboration
  without disclosing the service private key to any
  server.
• The new shares constitute a new (n, t 1)
  sharing of the service private key.
• A property exploited (on page 7, in middle)

16
Proactive Schemes as Countermeasure (2)

• Tolerate missing subshares and erroneous
  subshares from compromised servers.
• Just to detect incorrect subshares, use
  verifiable secret sharing schemes - extra public
  information generated using a one-way function.

17
Related work

• Secure routing
• Against external attackers and compromised nodes
• Replicated secure services
• No mechanisms to defeat mobile adversaries and
  achieve scalable adaptability

18
Your thoughts on providing security?

• Hard problem and costly solutions
• The burden on CA
• Peer-to-peer paradigm?
• authentication without infrastructure
• Level of guarantee? Detect and protect against
  most attacks (maybe not all), ok?
• Security in more specifically, sensor network?

19
Plan for Wednesday

• Continue on security or touch transport layer
  issues. Your opinions?
• Quiz, not a midterm exam.