Yih-Chun HuAdrian Perrig David B. Johnson - PowerPoint PPT Presentation

About This Presentation
Title:

Yih-Chun HuAdrian Perrig David B. Johnson

Description:

Title: No Slide Title Author: LYelovich Last modified by: LYelovich Created Date: 7/8/2003 4:52:39 PM Document presentation format: On-screen Show Company – PowerPoint PPT presentation

Number of Views:98
Avg rating:3.0/5.0
Slides: 63
Provided by: LYelo
Learn more at: http://web.cs.wpi.edu
Category:

less

Transcript and Presenter's Notes

Title: Yih-Chun HuAdrian Perrig David B. Johnson


1
Packet Leashes A Defense against Wormhole
Attacks in Wireless Networks
  • Yih-Chun HuAdrian Perrig David B.
    Johnson
  • Carnegie Mellon University Carnegie Mellon
    University Rice University
  • yihchun_at_cs.cmu.edu perrig_at_cs.cmu.edu
    dbj_at_cs.rice.edu
  • presented by Luba Yelovich-Sakharuk

packet
1of 62
2
Outline
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

3
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

4
Introduction
What is a wormhole attack? Attacker records a
packet at one location in the network,
tunnels the packet to another location, and
replays it there.
What is a leash? Any information added to a
packet designed to restrict the packets
maximum allowed transmission distance
What is a packet leash? A general mechanism to
detect a wormhole attack.
What are geographic and Two types of leashes
presented in temporal leashes? this paper.
What is TIK ? An efficient authentication
protocol designed for use with temporal
leashes
5
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

6
Problem Statement
  • The wormhole attack is particularly dangerous
    against
  • ad hoc network routing protocols in which the
    nodes that hear a packet transmission directly
    from some node consider themselves to be a
    neighbor of that node
  • DSR, AODV - use Route Request for route
    discovery
  • DSDV, OLSR, TBRPF - rely on the reception of
    broadcast packets for neighbor detection
  • OLSR and TBRPF use HELLO packets to detect
    neighbors
  • any wireless access control system
  • - an attacker could relay the authentication
  • exchanges to gain unauthorized access

7
Example of Route Discovery Mechanism
8
DSR - Dynamic Source Routing AODV - Ad Hoc
On-Demand Distance Vector
Route Discovery 1) flood Route request message
through network 2) request answered with route
reply by -destination -some other node
that knows a path to destination
reply A,B,C,D,E
A,B
A,B, C
A,B, C,D
A
D
A
B
C
E
Wormhole attack
A
O
E
D
A
C
B
reply A,O
attacker
A,O
9
OLSR - Optimized Link State Routing
  • Each node in the network selects a set of nodes
    (MPRs) in its neighborhood to retransmit its
    packets
  • The set of selected neighbor nodes are called
    multipoint relays (MPRs)
  • The neighbors of any Node N which are not in its
    MPR set, read and process the packet but do not
    retransmit the broadcast packet received from
    node N.
  • Each node periodically broadcasts its HELLO
    messages, containing the information about its
    neighbors and their link status.
  • HELLO messages received by all one-hop neighbors,
    but they are not relayed to further nodes.

N
10
MRP selection in OLSR
Node 1 Hop Neighbors 2 Hop Neighbors MPR(s) B A,C
,F,G D,E C
Multipoint relays (MPRs) are selected to
broadcast messages during the flooding process
10 of 62
11
TBRPF - Topology Broadcast Based on Reverse-Path
Forwarding
  • TBRPF is a proactive routing protocol like OLSR
    and DSDV
  • Each node computes a source tree to all reachable
    nodes
  • Each node reports only part of its source tree to
    neighbors
  • TBRPF uses differential HELLO messages which
    report only changes in the status of neighbors

12
OLSR and TBRPF use HELLO packets to detect
neighbors
HELLO
A
O
HELLO
attacker
A and B will believe they are neighbors, which
will cause the routing protocol to fail to find
routes.
HELLO
HELLO
HELLO
O
B
HELLO
attacker
13
DSDV - Destination-Sequenced Distanced Vector
If (best existing route gt 2n 2 hops) Then
any node within n hops of A, would be unable to
communicate with B and vise versa.
routing advertisement
A
O
attacker
routing advertisement
(for n2, 6 hops),
2
Nodes O and 2 are within 2 hops of A
routing advertisement
routing advertisement
3
Nodes O and 4 are within 2 hops of B
  • A and B believe they are neighbors

4
  • if A and B were not within wireless transmission
    range of each other, they would be unable to
    communicate

routing advertisement
O
B
attacker
routing advertisement
14
DSDV - Destination-Sequenced Distanced Vector
(B, 1)
A
Contradicts the premise that the best REAL route
from A to B is at least 2n 2 hops long
O
attacker
(B, 2)
C
Hear n1 to B
3
3 hops is better than 4, will use A to get to B
4
O
B
attacker
15
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

16
Assumption and Notation
  • Beyond the scope of this paper
  • Security attacks on the wireless networks
    physical layer
  • Denial-of-Service attacks against MAC layer
    protocols
  • Assumptions
  • The wireless network may drop, corrupt,
    duplicate, or reorder packets
  • MAC layer contains level of redundancy to detect
    randomly corrupted packets
  • Nodes in the network may be resource constrained
  • Node can obtain an authenticated key for the
    other node
  • TIK - TESLA with Instant Key Disclosure
  • Uses only efficient symmetric cryptography (block
    ciphers and hash functions)
  • Like public keys in systems using asymmetric
    cryptography (digital signatures), these keys in
    TIK are public values(once disclosed).

17
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

18
Detecting Wormhole Attacks
  • Packet leash is general mechanism to detect a
    wormhole attack.
  • Leash is any information added to a packet
    designed to restrict the packets maximum allowed
    transmission distance
  • Geographical leash insures that the recipient of
    the packet is within a certain distance from the
    sender.
  • Temporal leash ensures that the packet has an
    upper bound of its lifetime (restricts the
    maximum travel distance).

Not allowed further
BUSTED
packet
19
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

20
Geographical Leashes
Sender
Receiver
tr
ts
- - - - - - - - - - - - - - -
Ps
Pr
Ps ts
Ps ts
dsr ? Ps - Pr 2v(tr - ts ? ) ?
Ps - location of the Sender Pr - location of the
Receiver ts - time at which Sender sent the
packet tr - time at which Receiver received the
packet v - velocity of any node ? - maximum
relative error in location information ??-error
in the clocks synchronization
Note Any authentication technique can be used to
allow a receiver to authenticate the location and
timestamp in the received packets
20 of 62
21
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

22
Temporal Leashes
?
minus
maximum
Based on T and the speed of light, I can detect
if the packet traveled too far
senders
receivers
? - must be known by all nodes in the network
tr - ts T
Receiver
Sender
- - - - - - - - - - - - - - -
ts
ts
Note As with geographical leashes, a regular
digital signature or other authentication
technique can be used to allow a receiver to
authenticate a timestamp or expiration time in
the received packets
23
Temporal Leashes
?
If te expired, I will not except the
packet!
minus
maximum
senders
receivers
? - must be known by all nodes in the network
Sender
Receiver
- - - - - - - - - - - - - - -
te
te
  • te is Expiration time, after which the Receiver
    should not accept the packet
  • te is set as an offset from the time at which
    packet is send.
  • te is based on the allowed maximum transmission
    distance and the speed of light

24
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

25
Discussion
  • An advantage of geographical leashes over
    temporal leashes
  • time synchronization can be much looser
  • attacker can be caught if it pretends to reside
    at multiple locations
  • A potential problem with leashes using a
    timestamp in a packet, the sender may not know
    the precise time at which it will transmit the
    packet
  • The sender will know the time one slot (20?s)
    prior to transmission
  • Generating a digital signature, could take 10 ms
    (RSA with 1024-bit key)
  • Two approaches to hide the signature generation
    latency
  • increase minimum transmission unit to allow
    computation to overlap with transmission
  • use more efficient signature scheme such as
    Schnorrs signature

26
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

27
Temporal Leashes and the TIK Protocol
TIK
Discussion of temporal leashes in more detail
Design and operation of TIK protocol that
implements temporal leashes
te or ts
28
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

29
Temporal Leash Construction Details
tr lt te? If so, I will process the
packet. If not, I will drop it!
Sender
Receiver
te ts L/ c - ?
- - - - - - - - - - - - - - -
te
te
c - propagation speed of our wireless signal L -
temporal leash prevents the packet from
travelling further than distance L, L gt Lmin ?
c ts - time at which Sender sent the packet tr
- time at which Receiver received the packet te -
expiration timer ??-error in the clocks
synchronization
  • Receiver needs to authenticate the expiration
    time
  • Sender S and Receiver R must share a secret key K
  • To send a message M to a receiver R, S sends
  • S? R ? M, HMACK (M) ?,
  • where HMACK (M) represents the message
    authentication code computed over message M with
    key K

30
30 of 62
Two major drawbacks in using message
authentication codes in the standard
  • 1
  • Key setup is an expensive operation
  • n(n-1)/2 keys in network with n nodes
  • 2
  • This approach can not efficiently authenticate
    broadcast packets
  • To secure a broadcast packet, add to the packet
    separate message authentication code - makes
    packet extremely large
  • Separate HMAC can be avoided by multiple
    receivers sharing the same key, BUT it might
    allow colluding receivers to impersonate the
    sender

31
SOLUTION to the two major drawbacks
  • Attach a digital signature to each packet
  • Each node needs to have only one public-private
    key pair
  • Each node needs to know only the public key for
    every other node
  • Only n public keys need to be distributed in a
    network with n nodes
  • A digital signature provides non-repudiation and
    authentication for broadcast packet the same way
    as for unicast packets

32
Several drawbacks in using digital signatures
  • Usually digital signature are based on
    computationally expensive asymmetric cryptography
  • Computationally expensive for the verifier
    (receiver)
  • Overwhelmingly expensive for the signer (sender)


Solution Designed TIK protocol, based on a new
protocol for efficient broadcast authentication
that simultaneously provides the functionality
of a temporal leash
33
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

34
Tree-Authenticated Values
  • TIK requires an efficient mechanism for
    authenticating keys
  • Values from a one-way hash chain are very
    efficient to verify, but only if values in
    sequence
  • For the TIK, values used very sparsely
  • One-way hash function is efficient to compute,
    but computation requires overhead
  • Tree structure is used for more efficient
    authentication of values

35
  • To authenticate v0, v1, vw-1, place them a leaf
    nodes of a binary tree
  • blind all the values with a one-way hash
    function H, vi H(vi)
  • Use Merkle hash tree construction to commit to
    the values v0, ... vw-1
  • Each internal node of the binary tree is derived
    from its two child nodes
  • m_parent H(m_left m_right)
  • Example
  • Sender want to authenticate key v2
  • It includes values v3, m01, m47
  • Receiver with an authentic
  • root value m07 verify that
  • H Hm01 HHv2 v3 m47 stored
    m07

m07
m03
m23
v'2
H m47
H m01
H v3
Hv2
36
Hash Tree Optimization
  • In TIK, the depth of the hash tree can be large
  • Storing the entire tree is impractical
  • Store only the upper layers of the tree,
    recompute lower layer on demand
  • Node keeps two trees of depth d,
  • one fully computed and being used
  • one being filled in

37
Compute calculation and storage cost for the hash
tree used in TIK
D depth of the tree 4 d depth of part of
the tree recomputed on demand
1
2
3
4
  • The initial computation of the tree requires
  • 2(D-1) evaluations of the RPF 8
  • 2D -1 evaluations of the hash functions 15
  • Total storage is given by 2(D-d1) -1 2(2d
    -1)
  • Value of d that minimizes the total storage is
    D/2 2

38
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

39
TIK Protocol Description
TIK - TESLA with Instant Key Disclosure
(extension of the TESLA broadcast authentication
protocol)
  • TIK implements a temporal leash and enables the
    receiver to detect a wormhole attack
  • TIK is based on efficient symmetric cryptographic
    primitives
  • TIK requires accurate time synchronization
    between all communicating parties
  • TIK requires each communicating node to know just
    one public value for each sender
  • FOUR stages in TIK protocol
  • Sender setup
  • Receiver bootstrapping
  • Sending and Verifying Authenticated packets

40
Sender Setup
  • To derive a series of keys K0, K1, , Kw
  • Ki Fx (i), where F is a pseudo-random
    function,
  • x is a secret master key
  • Advantage of this method, sender can efficiently
    access key in any order
  • Computationally intractable for an attacker to
  • find the master secret key x
  • derive a Ki without x
  • To construct F, can use
  • pseudo-random permutation (block cipher)
  • message authentication code

40 of 62
41
More on Sender Setup
  • Sender selects a key expiration interval I
  • Determines a schedule for each of its keys to
    expire
  • K0 expires at T0,
  • K1 expires at T1 T0 I,
  • Ki expires at Ti Ti-1 I T0 iI
  • Sender constructs the Merkle hash tree to commit
    K0, K1, , Kw-1
  • The root of the resulting hash tree is m0,w-1, or
    simply m
  • The value m commits to all keys and is used to
    authenticate any leaf key efficiently!

42
Receiver Bootstrapping
  • Assume all nodes have synchronized clocks with
    max synch error ?
  • Assume each receiver knows every senders
  • hash tree root m
  • associated parameters To and I
  • This info is sufficient for the receiver to
    authenticate any packets from the sender

?
minus
maximum
senders
receivers
43
Sending and Verifying Authentication Packets
  • Sender sends a Packet P
  • Estimates upper bound tr on the arrival time of
    the HMAC at the receiver
  • Based on tr, sender picks a key Ki, Ti gt tr ?

Sender
Receiver
- - - - - - -
- -key expired - -
Ki , v3, m01, m47
HMAC
  • Sender discloses the key only after it expires
  • No attacker can know Ki
  • Once the receiver gets the authentic key Ki, it
    can authenticate all packets that carry a message
    authentication code computed with Ki

44
Drawback
  • Message authentication is delayed
  • Receiver must wait for the key before it can
    authenticate the packet
  • If nodes are tightly time synchronized, possible
    to remove authentication delay
  • Sender can disclose the key in the same packet
    that carries the corresponding message
    authentication code

45
Sending and Receiving of a TIK packet
M - message payload T - tree authentication
values Ki - key used to generate the HMAC The
TIK packet is transmitted by S as S? R
?HMACKi (M),M,T,Ki ?
46
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

47
MAC Layer Considerations
  • TDMA MAC protocol may be able to choose the time
    at which
  • a frame begins transmission
  • The HMAC is sent by Ti -r/c -2?
  • Minimum payload length is r/c 2? times the bit
    rate of transmission
  • If MAC protocol uses Request-to-Send/Clear-to-Send
    (RTS/CTS) handshake, minimum packet size can be
    reduced by carrying HMAC inside RTC frame.
  • A?B (RTC, HMACKi (M))
  • B?A (CTS)
  • A?B (DSTS, M, tree values, Ki)
  • Minimum message size is just (2? I 2tturn)
    transmission data rate, instead of r/c 2? I (I
    is the duration of a time interval, tturn is
    minimum allowed time between receiving a control
    frame)

48
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

49
Evaluation
Is TIK good?
50
50 of 62
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

51
TIK Performance
  • Measured computational power and memory currently
    available in mobile devices
  • Optimized MD5 hash code from ISI to achieve
    maximum performance for hashing

hashes/second
Pentium III 1GHz 1.3 million Compaq iPaq
Linux 222,000 3870 PocketPC
  • Can also be efficiently implemented in hardware

20k gate ASIC (1/3 complexity 1.9 million of
Bluetooth, lt1/3 IEEE 802.11 Xilinx FPGA using
1650 LUTs 1.0 million
  • In terms of memory consumption

iPaq 3870 32MB Flash, 64 MB of RAM Modern
notebooks 100s of Mbytes of RAM
52
  • IEEE 802.11a card
  • transmission data rate of 108 Mbps
  • range of 250 m
  • To authenticate a received packet, a node needs
    to perform 33 hashes
  • To keep up wit link speed, a node needs to verify
    pack at most 25.9 ?s
  • Requiring 1,273,000 hashes per second
  • For a total computational requirement of
    1,516,000 hashes per second
  • Can be achieved today in hardware by
  • placing two MD5 units on a singe FPGA board
  • with an ASIC

Many laptops today are equipped with at least 1.2
GHz Pentium III CPUs which should be able to
perform 1.5 million hash operation per second
53
  • IEEE 802.11b cards
  • transmission data rate of 11Mbps
  • range of 250 m
  • Assuming node generates each new tree while using
    its current tree, it requires just 2.6 Mbytes of
    storage and needs to perform just 26,500
    operations per sec
  • To authenticate a received packet, a node needs
    to performs 30 hash functions
  • TIK would take at least 232 ?s to transmit
  • TIK can authenticate packets using 13,000 hashes
    per second for a total of 39,500 hash function
    per second.
  • 39,500 hash function per second is well within
    the capability of an iPaq, with 82 of its CPU
    time to spare!!!

54
  • In a sensor network (Hollar et als weC mote),
    nodes may only be
  • able to achieve
  • time synchronization accurate to 1s
  • have a 19.6 kbps link speed
  • 20m range
  • In this case, the smallest packet that can be
    authenticated is 4900 bytes
  • weC mote does not have sufficient memory to store
    this packet
  • TIK is unusable in such a resource-scarce system
  • The level of time synchronization in this system
    is such that TIK could not provide a usable
    wormhole detection system

55
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

56
Security Analysis
  • A malicious receiver can refuse to check
  • leash
  • authentication on a packet
  • This may allow an attacker to tunnel a packet to
    another attacker without detection
  • Second attacker cannot retransmit the packet
    without getting caught
  • A malicious sender can claim a false timestamp or
    location
  • When geographic leashes are used in conjunction
    with digital signatures, nodes may be able to
    detect a malicious node and spread that
    information to other nodes.

This attack is equivalent to the malicious sender
sharing its keys with the wormhole attacker
57
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

58
Comparison Between Geographic and Temporal Leashes
Temporal Leashes pros cons highly
efficient, especially when used with TIK tight
time synchronization can not be used if max
range lt c ? (c is the speed of
light, ? is max clock sync error)
Geographical Leashes pros cons can be
used in conjunction with radio require more
general broadcast propagation model, allowing
them to detect authentication mechanism tunnels
through obstacles increasing computation,
overhead do not require tight time
synchronization location info increases
overhead can be used until maximum range is lt
2v? (v is the max movement speed of any node)
59
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

60
Related Work
60 of 62
  • Radio Frequency (RF) water marking (difficult to
    assess its security)
  • No work has been published regarding possibility
    of using intrusion detection to detect wormhole
    attacks
  • TIK provides advantage over hop-by-hop
    authentication with TESLA
  • (latency and packet overhead, but byte overhead
    suffers)
  • IEEE 802.11i Task Group is designing
    modifications to IEEE 802.11 to improve security
    (proposals dont address wormhole attack)
  • Other Medium Access Control protocols specify
    privacy and authenticity mechanisms (none protect
    against wormhole attacks)

61
  • Introduction
  • Problem Statement
  • Assumption and Notation
  • Detecting Wormhole Attacks
  • Geographical Leashes
  • Temporal Leashes
  • Discussion
  • Temporal Leashes and the TIK Protocol
  • Temporal Leash Construction Details
  • Tree-Authenticated Values
  • TIK Protocol Description
  • MAC Layer Considerations
  • Evaluation
  • TIK Performance
  • Security Analysis
  • Comparison Between Geographic and Temporal
    Leashes
  • Related Work
  • Conclusions

62
Conclusions
  • Wormhole attack
  • Packet leashes
  • Geographic and Temporal leashes
  • TIK

62
Write a Comment
User Comments (0)
About PowerShow.com