Title: Mobile Security
1CS 260 Seminar on Network Topology
How Does Topology Affect Security in Wireless Ad
Hoc Networks?
Ioannis Broustis broustis_at_cs.ucr.edu
2Motivation
- Wireless networks are more vulnerable to
malicious attacks than wireline networks - Lack of base station
- Limited power supply
- Dynamically changing topology
- Demand for innovative security algorithms
- A lot of work has been done with private/public
keys and cryptography - Only a few studies address topology-related
aspects of security
3Problems
- Dynamically changing topology ? hard to
distinguish between legitimate and malicious
actions - Attackers can cheat on their actual location
- Intrusion detection must be performed in a
distributed manner - No base stations exist
4Contribution
- In this work..
- We show how can the topological aspects of the
network affect its safety from attackers - We describe the four location estimation
techniques - We explain why these methods are vulnerable to
attacks - We present all current mechanisms that detect
intrusions having to do with topological aspects - We propose a new topology-related scheme that
addresses most of the attacks
5Attacks
- Wormhole / tunnelling
- Two attackers create a tunnel that can be
secretly used to transmit packets. - Fake location claim
- A node advertizes an erroneous location to its
neighbours
6Attacks
7Relation to Topology
- Fake location claims
- Mobility allows a modification of the routing
table of the victim node - Mobility of legitimate nodes may help attackers
disperse their malicious information - Mobile nodes have power and computation
limitations
8Location Estimation
- GPS(Global Positioning System)
- Satellites provide a 3-D position
- No information about positions of neighbour
devices - Nodes must exchange their GPS information
(dangerous) - Was not designed for security purposes
- Attack Attacker feeds the GPS receiver with fake
GPS messages
9Location Estimation
- Radio (RF)
- Measure either the received RF signal strength,
or the signal's ToF - Receiver calculates the distance from the RF
sender by measuring the signal strength. - The receiver must trust the sender for the power
at which the latter sent the RF signal. - - RF signals travel at the speed of light ?
attackers cannot decrease the ToF of the signal ?
ToF better
10Location Estimation
- Ultrasound (US)
- Measure the ToF of the sound signal between two
nodes - Often used together with the RF
- Both the US and RF signals are transmitted at the
same time. -
- Cannot be used outdoors
- Animal unfriendly
- Attacker may use the RF link to send the US
11Location Estimation
- Infrared (IR)
- Measure ToF of the IR signal
- Disadvantage a direct line-of-sight between the
nodes is necessary - New links can be established by redirecting the
existing light beams - Attacker cannot speed-up the signal from one node
to the other upper-bound distances
12Previous studies
- They are divided into 3 main categories
- Private/public key authentication and management
(beyond the scope of our study) - Secure position-related ad hoc routing
(interesting but we don't have time to talk about
it now) - Secure location verification of a node's claim
13N. Sastry, U. Shankar and D. Wagner, "Secure
Verification of Location Claims", EECS,
University of California, Berkeley.
- A set of verifiers V wish to verify whether a
prover p is in a region R of interest - Use of RF and US techniques
- Time to reach p using RF the time for the
return of the packet using US - If elapsed time gt threshold, V will reject the
claim
14N. Sastry, U. Shankar and D. Wagner, "Secure
Verification of Location Claims", EECS,
University of California, Berkeley.
- Receiver's processing delay must be considered
- Attack submit a position claim at the border of
R - At the same time, advertise an erroneous value
for processing delay - V thinks that p is inside R when in fact it is
not - Solution V shrinks the allowable area
- V should reject the claim when the claimed
position is within Dp s of the outside border
15N. Sastry, U. Shankar and D. Wagner, "Secure
Verification of Location Claims", EECS,
University of California, Berkeley.
- Region of acceptance (ROA)
16N. Sastry, U. Shankar and D. Wagner, "Secure
Verification of Location Claims", EECS,
University of California, Berkeley.
- Region R is not always a circle
- Use more verifiers to
- cover the whole area
- No key management or cryptography required.
- No synchronization between V and p is required.
- Problem is advertised Dp the actual one?
17S. Capkun et. al, "Location Verification And Key
Management In Wireless Networks", MSc thesis,
EPFL 2004
- 1. Use of Verifiable Multilateration
- It is performed by a set of verifiers
18S. Capkun et. al, "Location Verification And Key
Management In Wireless Networks", MSc thesis,
EPFL 2004
- 2. Use of Verifiable Time Difference of Arrival
- A set of verifiers is also used
19S. Capkun et. al, "Location Verification And Key
Management In Wireless Networks", MSc thesis,
EPFL 2004
20S. Capkun et. al, "Location Verification And Key
Management In Wireless Networks", MSc thesis,
EPFL 2004
- Secure distributed positioning
- Basic Distance Verification (BDV)
21Possible new scheme
22Conclusion
- The security aspects of the wireless network are
closely related to its topology - Currently there is no optimal solution on many
intrusion problems - New intelligent attacks are invented all the time
- Difficult to design a general solution
- Hot research subject
Slide theme Tom Karygiannis