Security Issues in Mobile and Wireless Networks

1
Security Issuesin Mobile and Wireless Networks

• Gene Tsudik
• gts_at_ics.uci.edu

2
Are there any novel issues?

• Wireless-ness
• Does not create new security problems
• Only exacerbates them
• Mobility
• Location varies (new security attribute)
• Neighbors vary
• Node Characteristics
• No truly new security problems
• Greater incentive to minimize costs
• e.g., fast encryption, short/fast signatures

3
Network Types

• One-hop wireless/mobile
• E.g., cell phone or mobile-IP model
• Much prior work mature topic (GSM, CDPD, etc.)
• One-hop ad hoc
• E.g., infrared LAN or point-to-point
• Not popular security issues simple (IP sec?)
• Multi-hop ad hoc
• More recent, not much research

4
New Issues

• Location-based access control
• If Alice is in country P, she can do X
• If Alice is in country Q, she can do Y
• Easy to implement but,
• How to (securely) establish current location?
• GPS? Need tamper-resistant hw
• Someones corroboration?
• Base station? Neighbors?

5
New Issues

• Secure Communication in Constantly Changing
  Groups (Ad Hoc Networks)
• Group needs common key key distribution/agreement
  
• Authentication of membership (e.g., Alice is in
  this ad hoc net cluster at this time)
• No access to trusted servers or CAs
• Hard to implement
• Must have reliable group communication COST!!!
• Security protocols fragile lost messages cause
  trouble

6
New Issues

• Group-based or Group-centric Security
• How can one speak as a group or a fraction
  thereof?
• Admitting new or expelling existing members
• Issuing, re-issuing credentials
• Hard to implement
• Must have reliable group communication
• Protocols are computation and round-intensive

7
Some Relevant Work at UCI/ICS
8
SUCSES Survivability Using Controlled Security
Services

• Efficient and secure mediated decryption and
  digital signature services.
• Secure identity-based encryption (IBE) public
  key encryption without cumbersome certificate
  management.
• Tight control over access to critical security
  services. Fast revocation of compromised
  components and end-users.
• Techniques for off-loading computation from
  low-end devices to semi-trusted servers resulting
  in efficient public key generation and digital
  signatures.
• Funding DARPA

9
SEM partially-trustedSecurity Mediator
10
SECURE SPREAD High-performance Robust and
Secure GroupCommunication

• First practical secure lan- and wan-based group
  communication system with strong message ordering
  and membership semantics
• First robust contributory key agreement with PFS,
  group authentication and resilience to active
  attacks
• Integrated architecture for security and
  reliability protocols
• Funding DARPA

11
IMAHN Integrated Multicast for Ad Hoc Networks

• Reliable multicast in high-speed multi-hop ad hoc
  networks
• Traditional multicast routing breaks down
• No use establishing state multicast?broadcast
• Only flooding variations provide reasonable
  service
• Integrated architecture supporting different
  multicast methods, depending on speed and
  mobility frequency
• Funding NSF

12
Pointers
SCONCE Secure Computing and Networking Center
web page http//sconce.ics.uci.edu