How Does Topology Affect Security in Wireless Ad Hoc Networks? Ioannis Broustis [email protected] CS 260 – Seminar on Network Topology.

How Does Topology Affect Security in Wireless Ad Hoc

Networks?

Ioannis [email protected]

CS 260 – Seminar on Network Topology

Motivation

Wireless networks are more vulnerable to malicious attacks than wireline networks• Lack of base station• Limited power supply • Dynamically changing topology

Demand for innovative security algorithms• A lot of work has been done with private/public keys and

cryptography• Only a few studies address topology-related aspects of

security

Problems

Dynamically changing topology hard to distinguish between legitimate and malicious actions• Attackers can cheat on their actual location

Intrusion detection must be performed in a distributed manner• No base stations exist

Contribution

In this work..• We show how can the topological aspects of the network

affect its safety from attackers

• We describe the four location estimation techniques

• We explain why these methods are vulnerable to attacks

• We present all current mechanisms that detect intrusions having to do with topological aspects

• We propose a new topology-related scheme that addresses most of the attacks

Attacks

Wormhole / tunnelling• Two attackers create a tunnel that can be secretly used to

transmit packets.

Fake location claim• A node advertizes an erroneous location to its neighbours

Attacks

Relation to Topology

Fake location claims

Mobility allows a modification of the routing table of the victim node

Mobility of legitimate nodes may help attackers disperse their malicious information

Mobile nodes have power and computation limitations

Location Estimation

GPS(Global Positioning System)• Satellites provide a 3-D position

• No information about positions of neighbour devices Nodes must exchange their GPS information

(dangerous)

Was not designed for security purposes● Attack: Attacker feeds the GPS receiver with fake

GPS messages

Location Estimation

Radio (RF)• Measure either the received RF signal strength, or

the signal's ToF• Receiver calculates the distance from the RF

sender by measuring the signal strength. The receiver must trust the sender for the power at

which the latter sent the RF signal.

- RF signals travel at the speed of light attackers cannot decrease the ToF of the signal ToF better

Location Estimation

Ultrasound (US)• Measure the ToF of the sound signal between two

nodes

• Often used together with the RF Both the US and RF signals are transmitted at the

same time.

– Cannot be used outdoors– Animal – unfriendly– Attacker may use the RF link to send the US

Location Estimation

Infrared (IR)• Measure ToF of the IR signal

• Disadvantage: a direct line-of-sight between the nodes is necessary New links can be established by redirecting the

existing light beams

– Attacker cannot speed-up the signal from one node to the other: upper-bound distances

Previous studies

They are divided into 3 main categories:• Private/public key authentication and management

(beyond the scope of our study)

• Secure position-related ad hoc routing (interesting but we don't have time to talk about it now)

• Secure location verification of a node's claim

N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley.

A set of verifiers V wish to verify whether a prover p is in a region R of interest

• Use of RF and US techniques Time to reach p using RF + the time for the return

of the packet using US If elapsed time > threshold, V will reject the claim

N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley.

Receiver's processing delay must be considered• Attack: submit a position claim at the border of R

At the same time, advertise an erroneous value for processing delay

V thinks that p is inside R when in fact it is not

Solution: V shrinks the allowable area• V should reject the claim when the claimed

position is within Dp * s of the outside border

N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley.

Region of acceptance (ROA)

N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley.

Region R is not always a circleUse more verifiers to

cover the whole area

No key management or cryptography required. No synchronization between V and p is required. Problem: is advertised Dp the actual one?

1. Use of Verifiable Multilateration• It is performed by a set of verifiers

S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004

2. Use of Verifiable Time Difference of Arrival• A set of verifiers is also used

S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004

Use of Landmarks

S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004

Secure distributed positioning• Basic Distance Verification (BDV)

S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004

Possible new scheme

Conclusion

The security aspects of the wireless network are closely related to its topology

Currently there is no optimal solution on many intrusion problems• New intelligent attacks are invented all the time• Difficult to design a general solution

Hot research subject

Slide theme: Tom Karygiannis