Some Security Issues Challenges in MANETs and Sensor

  • Slides: 17
Download presentation
Some Security Issues & Challenges in MANETs and Sensor Nets Gene Tsudik SCONCE: Secure

Some Security Issues & Challenges in MANETs and Sensor Nets Gene Tsudik SCONCE: Secure Computing and Networking Center UC Irvine http: //sconce. ics. uci. edu/ 04/30/2004 30/04/2004 Gene Tsudik, UCLA CSD Research Review 1

Outline • Background • Some security issues – – – – Secure Casual Multicast

Outline • Background • Some security issues – – – – Secure Casual Multicast Aided Cryptography Secure Routing Privacy Issues Aggregation and minimization Group Membership: Admission and Eviction Do. S resistance • Some on-going work 30/04/2004 Gene Tsudik, UCLA CSD Research Review 2

Secure Casual Multicast • An important service in MANETs and sensor networks is the

Secure Casual Multicast • An important service in MANETs and sensor networks is the need to communicate to dynamic subsets/clusters of nodes, e. g. , – All routers with x available bw – All nodes close to some location – All nodes with >t% power remaining • This kind of multicast can be one-time • How to distribute a group key to such subsets? • “Broadcast encryption” doesn’t help here 30/04/2004 Gene Tsudik, UCLA CSD Research Review 3

Secure Casual Multicast • If the subset is large (around n) then “broadcast encryption”

Secure Casual Multicast • If the subset is large (around n) then “broadcast encryption” techniques could be used • But what if subset size is much smaller than the total # of nodes, e. g. , n/c for some constant c. • Solutions today are: – encrypt the message as many times as there are receivers or, – use group key establishment protocols • Both solutions are very expensive – Can we do better? ? ? 30/04/2004 Gene Tsudik, UCLA CSD Research Review 4

Aided Cryptographic Computations • Assume nodes have limited computation and communication ability as well

Aided Cryptographic Computations • Assume nodes have limited computation and communication ability as well as limited energy… • Computationally intensive tasks, e. g. , full-blown PK crypto operations are costly • Many setting involve a (small) number of more powerful devices (gw-s, servers, etc. ) • Can be used for off-loading crypto computations… – if power needed for computing is greater than that for communication – if time needed for computing would adversely impact sensor’s other tasks 30/04/2004 Gene Tsudik, UCLA CSD Research Review 5

Aided Cryptographic Computations • “Server-aided” cryptography is applicable but state-of-the-art (2 -party, mediated, serveraided,

Aided Cryptographic Computations • “Server-aided” cryptography is applicable but state-of-the-art (2 -party, mediated, serveraided, etc. . ) still too expensive – Designed to enforce various policies (fine-grained control, revocation, …) not to minimize computation… • Can we design an architecture that off-loads heavy computation to more powerful devices? 30/04/2004 Gene Tsudik, UCLA CSD Research Review 6

Secure Routing/Key distribution • Most MANET routing protocols are vulnerable to attacks that can

Secure Routing/Key distribution • Most MANET routing protocols are vulnerable to attacks that can paralyze the whole network • Existing secure MANET routing protocols (such as Ariadne) authenticate each data and control packet • Proposed authentication solutions are: – Signatures: too costly! – TESLA: needs buffering, synchronization, some complexity – Pair-wise keys: not flexible - all nodes must be updated when a new node joins the MANET. – Shared (common) group key: not secure – one corruption is enough to break the system! • No general solution exists… 30/04/2004 Gene Tsudik, UCLA CSD Research Review 7

Secure Routing/Key distribution • Similarly, state-of the art secure routing in sensor networks: –

Secure Routing/Key distribution • Similarly, state-of the art secure routing in sensor networks: – relies on time synchronization (is this realistic? ) – remains secure only if less that “t” nodes are compromised • Since wholesale re-keying/re-initializing is often impossible, these solutions might not be practical! • Also, it is often difficult to identify compromised nodes in monitoring applications – Ideally we need solutions that work even if some nodes have been compromised … • New key distribution and secure routing protocols are required for these types of networks! 30/04/2004 Gene Tsudik, UCLA CSD Research Review 8

Privacy-Aware Routing • MANET routing is cooperative • Traffic analysis is very easy! •

Privacy-Aware Routing • MANET routing is cooperative • Traffic analysis is very easy! • Some technical solutions exists : onion routing, mixes… very expensive! • Can we build routing protocols that prevent intermediate nodes from performing traffic analysis? • Privacy-aware routing is needed! 30/04/2004 Gene Tsudik, UCLA CSD Research Review 9

Privacy of Associations • MANETs and sensor nets can operate in multi-cultural environment •

Privacy of Associations • MANETs and sensor nets can operate in multi-cultural environment • Need to tell kin from strangers (friend-or-foe) • Need to do so in private manner – no observability! • Secret Handshakes can help – Balfanz, et al. – Castelluccia, et al. – Still need to solve one-time credential issue – Group handshakes? • Sensors operating in hostile settings need to produce signatures that are anonymous/untraceable – Group signatures? Too expensive… 30/04/2004 Gene Tsudik, UCLA CSD Research Review 10

Group Key Management Group Key Distribution (GKD): requires a center, large groups, multicast, wireline

Group Key Management Group Key Distribution (GKD): requires a center, large groups, multicast, wireline Group Key Agreement (GKA): distributed (group-based), expensive, small groups, wireline Current solutions unsuitable for MANETs • GKD: no center, long messages, broadcasts • GKA: multi-round, many messages, broadcasts • GKA: need underlying reliable group comm. • GKA: tries to minimize computation • GKD: tries to minimize bw • Sometimes need to switch priorities • GKA: protocols need to complete even if membership changes in the interim • GKA: center availability (partitions/failures/compromise) • No practical protocol tolerates malicious insiders 30/04/2004 Gene Tsudik, UCLA CSD Research Review 11

Aggregation / Minimization • MACs, signatures are examples of crypto tags • If information

Aggregation / Minimization • MACs, signatures are examples of crypto tags • If information is collected from each node (sensor, router, etc), much bw and storage is “wasted” on tags • Need to minimize tag size; aggregate signatures, MACs, etc. • If multiple nodes report the same data, can aggregate it • Why not aggregate tags too? • Example techniques: Mykletun [NDSS’ 04], Boneh [Euro. Crypt’ 03], Mazieres [IPTPS’ 04] • Much more work needed… 30/04/2004 Gene Tsudik, UCLA CSD Research Review 12

Do. S Resistance • Do. S attacks are here to stay • Worst (best)

Do. S Resistance • Do. S attacks are here to stay • Worst (best) attacks target servers: Web, Time, Name, Authentication, etc. • So-called “Client Puzzles” are touted as an effective solution – Waste of computation – Punishes anemic clients – Powerful adversary can afford fast hw • Other solutions? 30/04/2004 Gene Tsudik, UCLA CSD Research Review 13

Group Membership Control – Goal: secure admission of members to a group while tolerating

Group Membership Control – Goal: secure admission of members to a group while tolerating adversaries both outside and inside – Standard Model: • A “CA” is distributed among n nodes (all or only some) • A new node must gets a partial signature from each of at least k (out of n) nodes • It then computes its membership certificate and becomes a bona fide member – – – Can prove membership by presenting his certificate – Can compute pair-wise keys – Can authenticate to insiders and outsiders TS-RSA, TS-DSA, ID-based All are. TOO expensive! New crypto algorithms/protocols needed Distributed Eviction is harder (need to maintain MRLs) 30/04/2004 Gene Tsudik, UCLA CSD Research Review 14

Membership Control • [KMT 03] Y. Kim, D. Mazzocchi and G. Tsudik, Admission Control

Membership Control • [KMT 03] Y. Kim, D. Mazzocchi and G. Tsudik, Admission Control in Collaborative Groups, I IEEE Symposium on Network Computing and Applications (NCA-03) • [NTY 03] M. Narasimha, G. Tsudik and J. Yi, On the Utility of Distributed Cryptography in P 2 P and MANETs, IEEE International Conference on Network Protocols (ICNP'03) • [STY 03] N. Saxena, G. Tsudik and J. Yi, Admission Control in P 2 P: Design and Performance Evaluation, ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '03) 30/04/2004 Gene Tsudik, UCLA CSD Research Review 15

Key (pre-)distribution • Combine key pre-distribution (Blom scheme) with secret sharing to achieve (pairwise)

Key (pre-)distribution • Combine key pre-distribution (Blom scheme) with secret sharing to achieve (pairwise) key distribution in MANETs • Model: – Each node (a priori) gets a share of its “secrets” from k “servers” – Uses shares to compute a secret – This secret can be used to compute a pair-wise key with any other node • Sometimes more appropriate than the “distributed. CA” model – Members get keys not certificates! – efficient…few modular multiplications per key computation • Extending this to INEXPENSIVE group keying 30/04/2004 Gene Tsudik, UCLA CSD Research Review 16

Aggregation of crypto-tags • “Efficient” Secure Routing • Using DH for securing Route Discovery

Aggregation of crypto-tags • “Efficient” Secure Routing • Using DH for securing Route Discovery (as in DSR) • Constant-size tags • Few (2) exponentiations to verify route integrity • Few (2) exponentiations per route hop • Also, using ID-based cryptography 30/04/2004 Gene Tsudik, UCLA CSD Research Review 17

MANETS An overview 1 MANETs Model and DefinitionsMANETS An overview 1 MANETs Model and Definitions
Infrastructure of MANETs MANETS are without a fixedInfrastructure of MANETs MANETS are without a fixed
Outline Sensor characteristics Sensor selection Sensor comparison SensorOutline Sensor characteristics Sensor selection Sensor comparison Sensor
Security Issues with Mobile adhoc Networks MANETS FredSecurity Issues with Mobile adhoc Networks MANETS Fred
3 Sensor Event values0X Sensor Event values1Y Sensor3 Sensor Event values0X Sensor Event values1Y Sensor
Sensor Otomotif Sensor Posisi Putaran Sukma Firdaus SensorSensor Otomotif Sensor Posisi Putaran Sukma Firdaus Sensor
SENSOR DAN TRANDUSER SENSOR Sensor adalah alat untukSENSOR DAN TRANDUSER SENSOR Sensor adalah alat untuk
Ultrasonic Sensor Proximity sensor A proximity sensor isUltrasonic Sensor Proximity sensor A proximity sensor is
Sensor Data Management In Sensor Networks Towards SensorSensor Data Management In Sensor Networks Towards Sensor
Infrared Sensor Introduction of Infrared Sensor Light sensorInfrared Sensor Introduction of Infrared Sensor Light sensor
SENSOR DAN TRANDUSER Definisi Sensor dan Tranduser SensorSENSOR DAN TRANDUSER Definisi Sensor dan Tranduser Sensor
Sensor Otomotif Sensor Posisi Putaran Sukma Firdaus SensorSensor Otomotif Sensor Posisi Putaran Sukma Firdaus Sensor
Sensor Data Management In Sensor Networks Towards SensorSensor Data Management In Sensor Networks Towards Sensor
Challenges of Secure Routing in MANETs A SimulativeChallenges of Secure Routing in MANETs A Simulative
Issues and Challenges 1 Issues and Challenges AddingIssues and Challenges 1 Issues and Challenges Adding
DenybyDefault Distributed Security Policy Enforcement in MANETs AngelosDenybyDefault Distributed Security Policy Enforcement in MANETs Angelos