Upcoming Wireless Networks and New Challenges...Upcoming Wireless Networks and New Challenges Georg-August University Göttingen Sensor networks Collecting data about physical phenomena

Security and Cooperation in Wireless Networks Georg-August University Göttingen

Upcoming Wireless Networks and New Challenges

Generalities

Mesh networks

Vehicular networks

Georg-August University Göttingen Upcoming Wireless Networks and New Challenges

Introduction

Upcoming wireless networks:

– Personal communications:

• Wireless mesh networks

• Hybrid ad hoc networks

• Mobile ad hoc networks

– Vehicular networks

– Sensor networks

– RFID (Radio Frequency IDentification)

– Mobility in the Internet

2


Wireless mesh networks

Mesh network:

– One Wireless Hot Spot (WHS): connected to the Internet

– Several Transit Access Points (TAPs): functioning as relay stations

Between WHS and MSs

– Mobile Stations

3


Wireless mesh networks

Easy to deploy:

– Single connection point to the Internet

Providing internet connectivity in a sizable geographic area:

– Much lower cost than classic WiFi networks

Interesting to us because they contain some features and vulnerabilities of future networks (such as multi-hopping wireless) and are still in their early deployment phase

Performance (in this case fairness) and security are closely related

Not yet ready for wide-scale deployment:

– Severe capacity and delay constraints

• Due to being wireless and multi-hop are prone to interference

– But technology will be able to overcome: Multi-radio and multi-channel

– Lack of security guarantees

4


Hybrid ad hoc networks

Hybrid ad hoc networks or multi-hop cellular networks:

– No relay stations: assigning the relay task to other mobile stations

– Other mobile stations relay the traffic

Problem of power management: as no priori planning is possible

5


Mobile ad hoc networks

Mobile ad hoc networks (MANETs):

– One step further: removing completely the infrastructure

– Mobile ad hoc networks in hostile environments

– In self-organized mobile ad hoc networks the mobile stations relay each other’s traffic

– Mobile ad hoc networks: a very active research field

6


Mobile ad hoc networks

It is important to distinguish between two kinds of Ad Hoc Networks:

Mobile ad hoc networks in hostile environments:

– Presence of a strong attacker is likely: military networks

– Security challenges:

• Secure routing

• Prevention of traffic analysis

• Resistance of a captured device to reverse engineering and key retrieval.

Self-organized mobile ad hoc networks:

– Small scale applications, e.g. a group of people can establish a network using their PDAs or laptops where no infrastructure is available

– No authority in the initialization phase

– Nodes have to figure out how to secure the communications

– Selfishness can be a serious issue:

• Nodes may selfishly refuse to forward packets

• Greedily overuse the common channel

7


Sensor networks

Collecting data about physical phenomena (light, temperature, humidity, acceleration, etc.) in addition to communication and computing capabilities

Large number of sensor nodes, a few base stations

– Base stations much more powerful than sensor nodes

Sensors are usually battery powered:

– Main design criteria: reduce the energy consumption

Multi-hop communication reduces

energy consumption:

– Overall energy consumption can be

reduced if packets are sent in several

smaller hops instead of one long hop

• Smaller range of transmission

• Less interference -> Fewer

re-transmissions are needed due to collisions

8


Sensor networks

Security requirements:

– Integrity (data packets from sensor nodes to the sink and control packets from the sink to the nodes)

– Confidentiality

– Availability (specially in life critical applications such as people’s health monitoring)

Special conditions:

– Energy consumption (limited power)

– Computing and storage capacity of sensors is limited

– Access to the sensors cannot be monitored and therefore they can be corrupted by the adversary: then the adversary can learn the content of the memory the cryptographic keys or modify the behavior of the nodes.

9


RFID

A wireless technology to enable identification of objects and people

Current applications: management of books at libraries, toll-payment at highways, access control to buildings, etc.

RFID systems:

– RFID tags

– RFID readers

– Back-end databases

RFID tag: microchip and antenna

– Active: have battery

– Passive: harvest energy from the reader's signal (reflecting its signal)

RFID reader:

– Reads the identifying information out from nearby RFID tags

10


Mobility in the Internet

The growing mobility of hosts has led the Internet community to reconsider the overall organization of the network (Mobile IPv6)

When a node changes its location: its address changes

Mobile IP: solves this problem at the IP layer

11



The home agent is a router permanently aware of the current location of the nodes that are away from home

Care-of address: Address used by the mobile node while it is attached to a

foreign link

Binding: Association of a care-of address with a home address (stored at home

agents and correspondent nodes)

Two modes of mobility supported by IPv6:

– Bidirectional tunneling:

• Mobile node tunnels the packets for the correspondent node through its home agent

• Home agent tunnels the packets to the mobile node via its care-of address

– Route optimization:

• Mobile node registers its current address binding with the correspondent node

• Packets are sent directly to the mobile node's care-of address

• Use the optimal route between the mobile and correspondent node

12



Attacks:

– Address stealing: • If binding updates were not authenticated: an attacker could send

spoofed binding updates: A is sending packets to B, then the attacker sends a malicious binding update to A with the care-of-address of C to redirect the packet flow to C.

– DoS attacks exploiting binding update protocols:

• Exhausting the resources of the mobile node or the correspondent node by sending spoofed IP packets that trigger a large number of binding update protocol instances

13



Protection mechanism against address stealing: Return Routability (RR)

– Non-cryptographic solution

– Makes the attack much more difficult

– Assumption of an uncorrupted routing infrastructure

14

• Mobile Node MN checks the routability to the Correspondent Node CN: (a) via the Home Agent HA (HoTI) (b) directly (CoTI)

• CN replies to both of them: HoT and CoT


Return Routability

Once MN has received both HoT and CoT:

– MN sends a Binding Update to CN

Protection mechanism against DoS attacks: – Each node can set a limit on the amount of resources (time, memory,

bandwidth) devoted to processing binding updates

15


Wireless Mesh Networks

16

Wired Access

Point (WAP)

(a) A WiFi Network

WMNs allow a fast, easy and inexpensive network deployment.

However, the lack of security guarantees slows down the deployment of WMNs

Transit Access

Point (TAP)

(b) A Mesh Network


A Typical Communication in WMNs

Several verifications need to be performed:

– WHS has to authenticate the MS.

– MS has also to authenticate the TAPs

– Each TAP has to authenticate the other TAPs in the WHS

– The data sent or received by MS has to be protected (e.g., to ensure data integrity, non-repudiation and/or confidentiality).

Performing these verifications has to be efficient and lightweight, especially for the MS.

WHSTAP3 TAP2 TAP1MS

17


Securing a Communication in WMNs: Example

18

EK_3(SReq)

EK_2(SReq)

EK_1(SReq)

EK_WHS(SReq)

SRep

EK_3(SRep)

EK_2(SRep)

EK_1(SRep)

Example: SReq = EK_WHS (ReqID, roamingInfo, K, Nonce) - SReq: Session Request; SRep: Session Reply; K_3: TAP_3’s public Key - Each TPA decrypts the SReq and encrypts it with the next TAP’s public Key - SRep generated by WHS and protected in the same way - Nonce: to prevent replay attacks; K_WHS: WHS’s public Key - K: will be used as a key by WHS to encrypt the reply - roamingInfo: information used by WHS to authenticate the MS - The information contained in SRep let MS to generate the session key which will be used for ensuring integrity of exchanged data packets and for confidentiality

WHSTAP3 TAP2 TAP1MS


Characteristics of WMNs

The session key will be used to check the integrity of the messages (using MACs) and also for the confidentiality if required

The TAPs are not physically protected:

Capture

Cloning

Tampering

19


Three fundamental security operations:

Detection of corrupt nodes:

An attacker may compromise TAPs

Accessing the internal state (the attacker retrieves the secret data stored in the device and will analyze the traffic going through it)

Modifying the internal state (the attacker modifies the configuration parameters, secret data, etc. For example modifying the routing algorithm)

Secure routing

Attacker may force the traffic through a specific TAP; or lengthen the routes between the WHS and the TAPs

DoS: for example the adversary may jam the communication between TAPs in a given area and force the reconfiguration of the network.

Fairness

20


Fundamental Security Operations

Attack example: TAP2 is compromised by the attacker and the link between TAP5 and TAP6 is jammed

Countermeasures: The detection of these attacks leads to the reconfiguration: TAP2 is replaced by an uncorrupted equipment and routing is updated.

- Result: Much longer routes for some TAPs (e.g. TAP6 was 2-hops away from WHS and now is 7-hops away)

21

WHS

TAP7 TAP6 TAP5

TAP3 TAP2 TAP1

TAP4

TAP8

Jamming attack

Compromised

WHS

TAP7 TAP6 TAP5

TAP3 TAP2 TAP1

TAP4

TAP8

Jamming attack

Replaced

Attacks:

Countermeasures:


Three Fundamental Security Operations

Fairness: Starvation problem

All TAPs use the same WHS as a relay to and from the infrastructure

Per TAP fairness: 1=3=2 (i= share of the bandwidth for flow i) : is not necessarily the best bandwidth sharing solution

Per-client fairness: 1=3=2*2 (because TAP2 serves one client)

TAP3 TAP2 TAP1 WAP

flow1

flow2

flow3

M4

M5 M3 M2

M1

22


VANETs (Vehicular Ad hoc NETwork)

Roadside

base station

Inter-vehicle

communications

Vehicle-to-roadside

communications

Emergency

event

23

• To create safer and more efficient driving conditions: e.g. warning for

environmental hazards

• Allows vehicles and road-side infrastructures to communicate to each other

• Example of protocol: IEEE 802.11p


Vehicular communications: why?

Combat the awful side-effects of road traffic

– In the EU, around 40’000 people die yearly on the roads; more than 1.5 millions are injured

– Traffic jams generate a tremendous waste of time and of fuel

Most of these problems can be solved by providing appropriate information to the driver or to the vehicle

24


Why is VANET security important?

Large projects have explored vehicular communications: Fleetnet, PATH (UC Berkeley),…

No solution can be deployed if not properly secured

The problem is non-trivial

– Specific requirements (speed, real-time constraints)

– Contradictory expectations

Industry front: standards are still under development and suffer from serious weaknesses

– IEEE P1609.2: Standard for Wireless Access in Vehicular Environments - Security Services for Applications and Management Messages

Research front

– Very few papers

25


Threat model

Attacks can be mounted on:

– Safety-related applications

– Traffic optimization applications

– Payment-based applications

– Privacy

An attacker can be:

– Insider / Outsider

– Malicious / Rational

– Active / Passive

– Local / Extended

26


Attacks

27

Traffic

jam

ahead

Bogus traffic information: Attacker sends false information (e.g. false hazard warning) to a number of vehicles


Attacks

In-transit traffic tampering: the attacker disrupts communication of other nodes

– It may drop, corrupt or modify messages; it can manipulate the reception of traffic notifications or safety messages

– The attacker may also replay messages, e.g. to illegitimately obtain services such as traversing a toll check point

– Tampering with in-transit messages can be simpler and more powerful than forgery attacks

28


Attacks

Impersonation: The attacker may alter or replay messages to impersonate other users

– E.g. the attacker may impersonate an emergency vehicle to mislead other vehicles to slow down

Privacy violation: Collection of vehicle-specified information from overheard communication

– Inference on a driver’s personal data to violate its privacy

– The vulnerability lies in the periodic or frequent messages generated by a vehicle: safety and traffic management messages, transaction-based communication such as automated payment, etc.

– Such messages include information such as time, location, vehicle identifier, trip details

– The vehicle can be tracked through overhearing its messages

29


Attacks

30

A

* A at (x1,y1,z1)

at time t1

* A communicates

with B

* A refuels at time

t2 and location

(x2,y2,z2)

1

2

AB

A

* A enters the

parking lot at time

t3

* A downloads

from server X

3

Example of privacy

violation issue:


Attacks

On-board tampering: The attacker selects to tinker with data (e.g. velocity, location, …) at their source, tampering with the on-board sensing and other hardware

– It is easier to replace or by-pass the real-time clock or the wiring of a sensor rather than modifying the binary code implementation of the data collection and communication protocols

31


Attacks

Roadside

base station

Jammer

Jamming: Attacker generates interfering transmissions that prevents communication within their reception range

The attacker relatively easily and without compromising cryptographic mechanisms partition the network

32


Challenges

Network volatility: The connectivity among nodes in VANETs can be highly transient and very short-lived due to the fast movements; two vehicles may remain in each other’s transceiver range for only few seconds

– Consequently password-based secure communication or gradual trust development will not be practical.

Liability vs. privacy: Identification of the vehicles as the source of messages should be possible to be used as hard-to-refute data in legal investigations (e.g. in the case of accidents). On the other hand, information useful for such purposes (coordinates, time intervals or biometric information of the drivers, etc.) would raise strong privacy concerns.

33


Challenges

Delay sensitive applications: Most safety and driver-assistant applications of VANETs require low delay in message processing and delivery. The security protocols must consider this requirement.

Network scale: With roughly a billion vehicles around the globe and the multitude of authorities governing transportation systems makes the design of a facility to provide security keys a big challenge.

Slow penetration: Penetration will be progressive (over 2 decades or so), this means that any deployed architecture must be able to cope with the presence of not yet equipped vehicles.

34


Security Architecture

Certificate Authority

≈ 100 bytes ≈ 140 bytes

Safety

message

Cryptographic

material

{Position, speed,

acceleration, direction,

time, safety events}

{Signer’s digital signature,

Signer’s public key PK,

CA’s certificate of PK}

Authenticated

message

Data verification

Secure positioning

Tamper-

proof device

Event data

recorder

Secure multihop routing

Services (e.g., toll

payment or

infotainment)

35

?


Security Architecture

Presents the components needed to provide security in VANETs

regarding the threats described before

The field is still immature

Security hardware: Two logical blocks are needed for security

– Event Data Recorder (EDR): responsible for recording vehicle’s critical

data such as position, speed, time, etc.

• During emergency events EDR is used as an airplane’s black box

– Tamper-Proof Device (TPD): A proper hardware to protect the

cryptographic keys and performing cryptographic operations specially

signing and verifying safety messages

36


Tamper-proof device

Each vehicle carries a tamper-proof device

– Contains the secrets of the vehicle itself

– Has its own battery

– Has its own clock (notably in order to be able to sign timestamps)

– Is in charge of all security operations

– Is accessible only by authorized personnel

37

Tamper-proof

device

Vehicle sensors

(GPS, speed and

acceleration,…)

On-board

CPU

Transmission

system

((( )))

Vehicular networks


Vehicular Public Key Infrastructure (VPKI)

Symmetric cryptography is not suitable: does not provide the

non-repudiation property that allows the accountability of

driver’s actions (e.g. for accident reconstruction or to find the

originator of forgery attacks)

Therefore, a VPKI (public key infrastructure) is required where

CAs (Certificate Authorities) issue certified public/private key-

pairs to vehicles

38


The CA hierarchy: two options

Country 1

Region 1 Region 2

District 1 District 2

39

Car A Car B Car A Car B

Manuf. 1 Manuf. 2

1. Region based CAs 2. Manufacturers as CAs

The governments control certification

Keys should be recertified by the foreign authority when the car enters the foreign region

Vehicle manufacturers issue keys

Each car has to store the keys of all vehicle manufacturers

In both cases authorities are cross-certified so that vehicles from different authorities can authenticate each other


Authentication

40

A

B

To authenticate each other vehicles sign each message with their private key and attach the corresponding certificate

When another vehicle receives the message it verifies the key used to sign the message; once it is done successfully it verifies the message

To reduce the cryptographic overhead only critical messages can be signed or one in every few messages

Certificate of A’s key

(signed by the CA)

Georg-August University Göttingen Upcoming Wireless Networks and New Challenges 41

At 3:00

- Vehicle A

spotted at

position P1

At 3:15

- Vehicle A

spotted at

position P2

To Preserve identity and location privacy keys change over time

Keys renewed according to vehicle speed (e.g., ≈ 1 min at 100 km/h)

Anonymity is conditional on the scenario

Liability has to be enforced: Only law enforcement agencies should be allowed to retrieve the real identities of vehicles (and drivers)

Each key can be tracked back to the real identity of the vehicle (the Electronic License Plate (ELP))

What about privacy: using anonymous keys?


Conclusion on the security of vehicular communications

The security of vehicular communications is a difficult and highly relevant problem

Car manufacturers seem to be poised to massively invest in this area

Slow penetration makes connectivity more difficult

Security leads to a substantial overhead and must be taken into account from the beginning of the design process

The field offers plenty of novel research challenges

42

Upcoming Wireless Networks and New Challenges...Upcoming Wireless Networks and New Challenges Georg-August University Göttingen Sensor networks Collecting data about physical phenomena

Documents