Security for Ubiquitous and Adhoc Networks

1
Security for Ubiquitous and Adhoc Networks
2
Mobile Adhoc Networks

• Collection of nodes that do not rely on a
  predefined infrastructure
• Adhoc networks
• can be formed
• merged together
• partitioned to separate networks
• Not necessarily but often mobile
• There may exist static and wired nodes

3
Examples

• Computer science classroom
• adhoc network between student PDAs and
  workstation of the instructor
• Large IT campus
• Employees of a company moving within a large
  campus with PDAs, laptops, and cellphones
• Moving soldiers with wearable computers
• Eavesdropping, denial-of-service and
  impersonation attacks can be launched
• Shopping mall, restaurant, coffee shops
• Customers spend part of the day in a networked
  mall of specialty shops, coffee shops, and
  restaurants

4
Examples
A trust relationship among 3 different adhoc
groups
5
Networking Infrastructure

• Networking topologies
• Flat infrastructure (zero-tier)
• All nodes have equivalent routing roles
• No hierarchy
• Hierarchical infrastructure (N-tier)
• Cluster nodes have different routing roles
• Control the traffic between cluster and other
  clusters

6
Routing Protocols

• Proactive table-driven and distance vector
  protocols
• Nodes periodically refresh the existing routing
  info, every node can operate with consistent and
  up-to-date tables
• Reactive (on-demand) updates the routing
  information only when necessary
• Most routing protocols are reactive
• Hybrid uses both reactive and proactive
  protocols
• For example, proactive protocol between networks,
  reactive protocol inside of networks

7
Networking Constraints

• Mobility
• Due to mobility, topology of network can change
  frequently
• Nodes can be temporarily off-line or unreachable
• Resource constraints
• Energy constraints
• Memory and CPU constraints
• Bandwidth constraints
• Prior trust relationship
• Availability of Internet connection
• Central trust authority, base station
• Pre-distributed symmetric keys
• Pre-defined certificates and certificate
  revocation lists

8
Trust Management

• Trust model
• Node-to-node trust
• Node-to-central authority trust
• Cryptosystems
• Public-key cryptosystem
• More convenience
• Digital signature possibility
• Secret-key cryptosystem
• Less functionality
• Key distribution problem

9
Trust Models
Web of Trust Model
Hierarchical Model
10
Key Management

• Key creation
• Central key creation
• Distributed key creation
• Key storage
• Centralized
• Replicated storage for fault tolerance
• Distributed, on each node
• Partial key storage (shared secrets)
• Full key storage
• Key distribution
• Symmetric and private keys Confidentiality,
  authenticity and integrity should not be violated
• Public keys Integrity and authenticity should be
  preserved

11
Availability

• Network services should operate properly
• Network services should tolerate failures even
  when DoS attack threats
• Several availability attacks
• Network layer the attacker can modify the
  routing protocol (divert the traffic to invalid
  addresses)
• Network layer adversary can shut down the
  network
• Session layer adversary can remove encryption in
  the session-level secure channel
• Application layer availability of essential
  services may be threatened

12
Physical Security

• Nodes are assumed to have low physical security
• Nodes can easily be stolen or compromised by an
  adversary
• Fewer than 1/3 of the principals at the time of
  network formation are corrupted or malicious
• Single or distributed point of failure

13
Identification and Authentication

• Only authorized nodes (subjects) can have access
  to data (objects)
• Only authorized nodes may form, destroy, join or
  leave groups
• Identification can be satisfied by
• User ID-Password based authentication systems
• Presented adequate credentials
• Delegate certificates

14
Network Operations

• Link layer protections
• Protects confidentiality
• Protects authenticity
• Network layer protections
• IPSec in case of IP-based routing
• Confidentiality of routing info
• Authenticity and integrity of routing info
• Against impersonation attacks
• Against destruction and manipulation of messages
• Against false traffic due to hardware or network
  failure

15
Network Operations

• Non-repudiation of routing info
• Routing traffic must leave traces
• Management of network
• Must be protected from disclosure
• Must be protected against tampering
• Must be protected against modified configuration
  tables by adversary (for reactive routing
  protocols)

16
Key Management Security

• Environment-specific and efficient key management
  system
• Nodes must have made a mutual agreement on a
  shared secret or exchanged public keys
• In more dynamic environments
• Exchange of encryption keys may be addressed
  on-demand
• In less dynamic environments
• Keys are mutually agreed proactively or
  configured manually

17
Key Management Security

• Private keys have to be stored in the nodes
  confidentially
• Encrypted with the system key
• With proper hardware protection (smart cards)
• By distributing the key in parts to several nodes
• Centralized approaches are vulnerable as single
  point of failures

18
Adhoc Keying Mechanisms

• ID-based cryptography
• Master public key/secret key is generated by
  private-key generation service (PKG)
• Master keys known to everyone
• Arbitrary identities are public keys
• Identity A1
• Public key MasterPublicKey A1
• Private keys should be delivered to nodes by PKG

19
Adhoc Keying Mechanisms

• ID-based encryption schemes
• Setup input a security parameter, return master
  public/secret keys
• Extract input master secret key and identity,
  return the personal secret key corresponding to
  identity
• Encrypt input master public key, the identity of
  the recipient and message, return ciphertext
• Decrypt input master public key, ciphertext and
  a personal secret key, return plaintext

20
Adhoc Keying Mechanisms

• Threshold cryptography
• Allows operations to be split among multiple
  users
• In t-out-of-n threshold scheme, any set of t
  users can compute function while any set of t-1
  users cannot
• If adversary compromises even t-1 users, he
  cannot perform crypto operation
• Honest user who needs to perform crypto operation
  should contact t of users
• Secure against Byzantine adversaries exist for t
  lt n/2, secure against passive adversaries can
  support t lt n

21
Resurrecting Duckling Security Model

• Two state principle (duckling)
• Imprintable
• Imprinted
• Imprinting principle
• Transition from imprintable to imprinted
• Mother node sends imprinting key

22
Resurrecting Duckling Security Policy

• New node identifies and authenticates itself to
  the nearest active node (mother) in the group
  imprinting
• A shared secret key is established between mother
  and the new node bootstrapping is generally
  accomplished by physical contact
• This key provides privacy of computations between
  the node and the mother
• A node may die, returning to its imprintable mode
• A new imprinting by another mother is possible
  reverse metempsychosis

23
Resurrecting Duckling Principles

• Death principle
• Transition from imprinted to imprintable (death)
• Death by order of the mother
• Death by old age after predefined time interval
• Death on completion of a specific transaction/job
• Assassination principle
• Assassination by attacker may be uneconomical
• Some suitable level of tamper resistance should
  be provided
• Broken is different from death
• A node can be broken by an adversary, but it
  cannot be made imprintable (it can be smashed,
  but it will not die)

24
Resurrecting Duckling Principles

• If the shared secret key is lost and beyond
  recovery, we may want/need to regain control of
  the node
• The manufacturer may order the device to commit
  suicide (escrowed seppuku)
• Shogun role by the manufacturer however, this
  will cause centralization
• If the mother keeps a copy of the imprinting key,
  localization can be achieved
• Multilevel souls
• The same node can serve to many mothers
  establishing different keys
• Each soul in the node will have imprinted and
  imprintable states, souls would be functioning in
  parallel

25
Research at Oregon State University

• Information Security Laboratory at Oregon State
  University is working towards developing a
  distributed Kerberos system for mobile adhoc
  network of devices
• Devices with different computing power, memory
  (code RAM) space, and power consumption
  properties
• Initial group formation (authentication) is
  accomplished by physical contact, touching
  (imprinting)
• Symmetric cryptography based hierarchical trust
  model
• Key list Trust list data structures
• Nodes may join and may gracefully leave the group
• Ungraceful (abrupt) leaving requires new touching

26
Group Formation
a
KLa
KLc
b
c
d
KLb
KLd
27
Node-to-node Key Agreement
Ancestor Sets ASba AShb,
a ASda ASid, a
28
Graceful Leave
Node j wants to leave the group
Node f generates new branch key and sends to b, b
forwards new branch key to root node a, node a
changes the group key and begins the group
re-keying with refreshed branch keys
29
Abrupt Leave
Node d leaves the group abruptly
Node a generates new branch key for this branch,
but since node i lost its mother, i should touch
contact to any node in the group in order to
re-join and re-authenticate