Security and Cooperation in Wireless Networks Georg-August University Göttingen Upcoming Wireless Networks and New Challenges Generalities Mesh networks Vehicular networks
Security and Cooperation in Wireless Networks Georg-August University Göttingen
Upcoming Wireless Networks and New Challenges
Generalities
Mesh networks
Vehicular networks
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Introduction
Upcoming wireless networks:
– Personal communications:
• Wireless mesh networks
• Hybrid ad hoc networks
• Mobile ad hoc networks
– Vehicular networks
– Sensor networks
– RFID (Radio Frequency IDentification)
– Mobility in the Internet
2
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Wireless mesh networks
Mesh network:
– One Wireless Hot Spot (WHS): connected to the Internet
– Several Transit Access Points (TAPs): functioning as relay stations
Between WHS and MSs
– Mobile Stations
3
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Wireless mesh networks
Easy to deploy:
– Single connection point to the Internet
Providing internet connectivity in a sizable geographic area:
– Much lower cost than classic WiFi networks
Interesting to us because they contain some features and vulnerabilities of future networks (such as multi-hopping wireless) and are still in their early deployment phase
Performance (in this case fairness) and security are closely related
Not yet ready for wide-scale deployment:
– Severe capacity and delay constraints
• Due to being wireless and multi-hop are prone to interference
– But technology will be able to overcome: Multi-radio and multi-channel
– Lack of security guarantees
4
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Hybrid ad hoc networks
Hybrid ad hoc networks or multi-hop cellular networks:
– No relay stations: assigning the relay task to other mobile stations
– Other mobile stations relay the traffic
Problem of power management: as no priori planning is possible
5
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Mobile ad hoc networks
Mobile ad hoc networks (MANETs):
– One step further: removing completely the infrastructure
– Mobile ad hoc networks in hostile environments
– In self-organized mobile ad hoc networks the mobile stations relay each other’s traffic
– Mobile ad hoc networks: a very active research field
6
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Mobile ad hoc networks
It is important to distinguish between two kinds of Ad Hoc Networks:
Mobile ad hoc networks in hostile environments:
– Presence of a strong attacker is likely: military networks
– Security challenges:
• Secure routing
• Prevention of traffic analysis
• Resistance of a captured device to reverse engineering and key retrieval.
Self-organized mobile ad hoc networks:
– Small scale applications, e.g. a group of people can establish a network using their PDAs or laptops where no infrastructure is available
– No authority in the initialization phase
– Nodes have to figure out how to secure the communications
– Selfishness can be a serious issue:
• Nodes may selfishly refuse to forward packets
• Greedily overuse the common channel
7
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Sensor networks
Collecting data about physical phenomena (light, temperature, humidity, acceleration, etc.) in addition to communication and computing capabilities
Large number of sensor nodes, a few base stations
– Base stations much more powerful than sensor nodes
Sensors are usually battery powered:
– Main design criteria: reduce the energy consumption
Multi-hop communication reduces
energy consumption:
– Overall energy consumption can be
reduced if packets are sent in several
smaller hops instead of one long hop
• Smaller range of transmission
• Less interference -> Fewer
re-transmissions are needed due to collisions
8
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Sensor networks
Security requirements:
– Integrity (data packets from sensor nodes to the sink and control packets from the sink to the nodes)
– Confidentiality
– Availability (specially in life critical applications such as people’s health monitoring)
Special conditions:
– Energy consumption (limited power)
– Computing and storage capacity of sensors is limited
– Access to the sensors cannot be monitored and therefore they can be corrupted by the adversary: then the adversary can learn the content of the memory the cryptographic keys or modify the behavior of the nodes.
9
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
RFID
A wireless technology to enable identification of objects and people
Current applications: management of books at libraries, toll-payment at highways, access control to buildings, etc.
RFID systems:
– RFID tags
– RFID readers
– Back-end databases
RFID tag: microchip and antenna
– Active: have battery
– Passive: harvest energy from the reader's signal (reflecting its signal)
RFID reader:
– Reads the identifying information out from nearby RFID tags
10
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Mobility in the Internet
The growing mobility of hosts has led the Internet community to reconsider the overall organization of the network (Mobile IPv6)
When a node changes its location: its address changes
Mobile IP: solves this problem at the IP layer
11
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Mobility in the Internet
The home agent is a router permanently aware of the current location of the nodes that are away from home
Care-of address: Address used by the mobile node while it is attached to a
foreign link
Binding: Association of a care-of address with a home address (stored at home
agents and correspondent nodes)
Two modes of mobility supported by IPv6:
– Bidirectional tunneling:
• Mobile node tunnels the packets for the correspondent node through its home agent
• Home agent tunnels the packets to the mobile node via its care-of address
– Route optimization:
• Mobile node registers its current address binding with the correspondent node
• Packets are sent directly to the mobile node's care-of address
• Use the optimal route between the mobile and correspondent node
12
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Mobility in the Internet
Attacks:
– Address stealing: • If binding updates were not authenticated: an attacker could send
spoofed binding updates: A is sending packets to B, then the attacker sends a malicious binding update to A with the care-of-address of C to redirect the packet flow to C.
– DoS attacks exploiting binding update protocols:
• Exhausting the resources of the mobile node or the correspondent node by sending spoofed IP packets that trigger a large number of binding update protocol instances
13
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Mobility in the Internet
Protection mechanism against address stealing: Return Routability (RR)
– Non-cryptographic solution
– Makes the attack much more difficult
– Assumption of an uncorrupted routing infrastructure
14
• Mobile Node MN checks the routability to the Correspondent Node CN: (a) via the Home Agent HA (HoTI) (b) directly (CoTI)
• CN replies to both of them: HoT and CoT
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Return Routability
Once MN has received both HoT and CoT:
– MN sends a Binding Update to CN
Protection mechanism against DoS attacks: – Each node can set a limit on the amount of resources (time, memory,
bandwidth) devoted to processing binding updates
15
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Wireless Mesh Networks
16
Wired Access
Point (WAP)
(a) A WiFi Network
WMNs allow a fast, easy and inexpensive network deployment.
However, the lack of security guarantees slows down the deployment of WMNs
Transit Access
Point (TAP)
(b) A Mesh Network
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
A Typical Communication in WMNs
Several verifications need to be performed:
– WHS has to authenticate the MS.
– MS has also to authenticate the TAPs
– Each TAP has to authenticate the other TAPs in the WHS
– The data sent or received by MS has to be protected (e.g., to ensure data integrity, non-repudiation and/or confidentiality).
Performing these verifications has to be efficient and lightweight, especially for the MS.
WHSTAP3 TAP2 TAP1MS
17
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Securing a Communication in WMNs: Example
18
EK_3(SReq)
EK_2(SReq)
EK_1(SReq)
EK_WHS(SReq)
SRep
EK_3(SRep)
EK_2(SRep)
EK_1(SRep)
Example: SReq = EK_WHS (ReqID, roamingInfo, K, Nonce) - SReq: Session Request; SRep: Session Reply; K_3: TAP_3’s public Key - Each TPA decrypts the SReq and encrypts it with the next TAP’s public Key - SRep generated by WHS and protected in the same way - Nonce: to prevent replay attacks; K_WHS: WHS’s public Key - K: will be used as a key by WHS to encrypt the reply - roamingInfo: information used by WHS to authenticate the MS - The information contained in SRep let MS to generate the session key which will be used for ensuring integrity of exchanged data packets and for confidentiality
WHSTAP3 TAP2 TAP1MS
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Characteristics of WMNs
The session key will be used to check the integrity of the messages (using MACs) and also for the confidentiality if required
The TAPs are not physically protected:
Capture
Cloning
Tampering
19
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Three fundamental security operations:
Detection of corrupt nodes:
An attacker may compromise TAPs
Accessing the internal state (the attacker retrieves the secret data stored in the device and will analyze the traffic going through it)
Modifying the internal state (the attacker modifies the configuration parameters, secret data, etc. For example modifying the routing algorithm)
Secure routing
Attacker may force the traffic through a specific TAP; or lengthen the routes between the WHS and the TAPs
DoS: for example the adversary may jam the communication between TAPs in a given area and force the reconfiguration of the network.
Fairness
20
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Fundamental Security Operations
Attack example: TAP2 is compromised by the attacker and the link between TAP5 and TAP6 is jammed
Countermeasures: The detection of these attacks leads to the reconfiguration: TAP2 is replaced by an uncorrupted equipment and routing is updated.
- Result: Much longer routes for some TAPs (e.g. TAP6 was 2-hops away from WHS and now is 7-hops away)
21
WHS
TAP7 TAP6 TAP5
TAP3 TAP2 TAP1
TAP4
TAP8
Jamming attack
Compromised
WHS
TAP7 TAP6 TAP5
TAP3 TAP2 TAP1
TAP4
TAP8
Jamming attack
Replaced
Attacks:
Countermeasures:
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Three Fundamental Security Operations
Fairness: Starvation problem
All TAPs use the same WHS as a relay to and from the infrastructure
Per TAP fairness: 1=3=2 (i= share of the bandwidth for flow i) : is not necessarily the best bandwidth sharing solution
Per-client fairness: 1=3=2*2 (because TAP2 serves one client)
TAP3 TAP2 TAP1 WAP
flow1
flow2
flow3
M4
M5 M3 M2
M1
22
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
VANETs (Vehicular Ad hoc NETwork)
Roadside
base station
Inter-vehicle
communications
Vehicle-to-roadside
communications
Emergency
event
23
• To create safer and more efficient driving conditions: e.g. warning for
environmental hazards
• Allows vehicles and road-side infrastructures to communicate to each other
• Example of protocol: IEEE 802.11p
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Vehicular communications: why?
Combat the awful side-effects of road traffic
– In the EU, around 40’000 people die yearly on the roads; more than 1.5 millions are injured
– Traffic jams generate a tremendous waste of time and of fuel
Most of these problems can be solved by providing appropriate information to the driver or to the vehicle
24
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Why is VANET security important?
Large projects have explored vehicular communications: Fleetnet, PATH (UC Berkeley),…
No solution can be deployed if not properly secured
The problem is non-trivial
– Specific requirements (speed, real-time constraints)
– Contradictory expectations
Industry front: standards are still under development and suffer from serious weaknesses
– IEEE P1609.2: Standard for Wireless Access in Vehicular Environments - Security Services for Applications and Management Messages
Research front
– Very few papers
25
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Threat model
Attacks can be mounted on:
– Safety-related applications
– Traffic optimization applications
– Payment-based applications
– Privacy
An attacker can be:
– Insider / Outsider
– Malicious / Rational
– Active / Passive
– Local / Extended
26
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Attacks
27
Traffic
jam
ahead
Bogus traffic information: Attacker sends false information (e.g. false hazard warning) to a number of vehicles
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Attacks
In-transit traffic tampering: the attacker disrupts communication of other nodes
– It may drop, corrupt or modify messages; it can manipulate the reception of traffic notifications or safety messages
– The attacker may also replay messages, e.g. to illegitimately obtain services such as traversing a toll check point
– Tampering with in-transit messages can be simpler and more powerful than forgery attacks
28
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Attacks
Impersonation: The attacker may alter or replay messages to impersonate other users
– E.g. the attacker may impersonate an emergency vehicle to mislead other vehicles to slow down
Privacy violation: Collection of vehicle-specified information from overheard communication
– Inference on a driver’s personal data to violate its privacy
– The vulnerability lies in the periodic or frequent messages generated by a vehicle: safety and traffic management messages, transaction-based communication such as automated payment, etc.
– Such messages include information such as time, location, vehicle identifier, trip details
– The vehicle can be tracked through overhearing its messages
29
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Attacks
30
A
* A at (x1,y1,z1)
at time t1
* A communicates
with B
* A refuels at time
t2 and location
(x2,y2,z2)
1
2
AB
A
* A enters the
parking lot at time
t3
* A downloads
from server X
3
Example of privacy
violation issue:
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Attacks
On-board tampering: The attacker selects to tinker with data (e.g. velocity, location, …) at their source, tampering with the on-board sensing and other hardware
– It is easier to replace or by-pass the real-time clock or the wiring of a sensor rather than modifying the binary code implementation of the data collection and communication protocols
31
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Attacks
Roadside
base station
Jammer
Jamming: Attacker generates interfering transmissions that prevents communication within their reception range
The attacker relatively easily and without compromising cryptographic mechanisms partition the network
32
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Challenges
Network volatility: The connectivity among nodes in VANETs can be highly transient and very short-lived due to the fast movements; two vehicles may remain in each other’s transceiver range for only few seconds
– Consequently password-based secure communication or gradual trust development will not be practical.
Liability vs. privacy: Identification of the vehicles as the source of messages should be possible to be used as hard-to-refute data in legal investigations (e.g. in the case of accidents). On the other hand, information useful for such purposes (coordinates, time intervals or biometric information of the drivers, etc.) would raise strong privacy concerns.
33
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Challenges
Delay sensitive applications: Most safety and driver-assistant applications of VANETs require low delay in message processing and delivery. The security protocols must consider this requirement.
Network scale: With roughly a billion vehicles around the globe and the multitude of authorities governing transportation systems makes the design of a facility to provide security keys a big challenge.
Slow penetration: Penetration will be progressive (over 2 decades or so), this means that any deployed architecture must be able to cope with the presence of not yet equipped vehicles.
34
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Security Architecture
Certificate Authority
≈ 100 bytes ≈ 140 bytes
Safety
message
Cryptographic
material
{Position, speed,
acceleration, direction,
time, safety events}
{Signer’s digital signature,
Signer’s public key PK,
CA’s certificate of PK}
Authenticated
message
Data verification
Secure positioning
Tamper-
proof device
Event data
recorder
Secure multihop routing
Services (e.g., toll
payment or
infotainment)
35
?
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Security Architecture
Presents the components needed to provide security in VANETs
regarding the threats described before
The field is still immature
Security hardware: Two logical blocks are needed for security
– Event Data Recorder (EDR): responsible for recording vehicle’s critical
data such as position, speed, time, etc.
• During emergency events EDR is used as an airplane’s black box
– Tamper-Proof Device (TPD): A proper hardware to protect the
cryptographic keys and performing cryptographic operations specially
signing and verifying safety messages
36
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Tamper-proof device
Each vehicle carries a tamper-proof device
– Contains the secrets of the vehicle itself
– Has its own battery
– Has its own clock (notably in order to be able to sign timestamps)
– Is in charge of all security operations
– Is accessible only by authorized personnel
37
Tamper-proof
device
Vehicle sensors
(GPS, speed and
acceleration,…)
On-board
CPU
Transmission
system
((( )))
Vehicular networks
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Vehicular Public Key Infrastructure (VPKI)
Symmetric cryptography is not suitable: does not provide the
non-repudiation property that allows the accountability of
driver’s actions (e.g. for accident reconstruction or to find the
originator of forgery attacks)
Therefore, a VPKI (public key infrastructure) is required where
CAs (Certificate Authorities) issue certified public/private key-
pairs to vehicles
38
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
The CA hierarchy: two options
Country 1
Region 1 Region 2
District 1 District 2
39
Car A Car B Car A Car B
Manuf. 1 Manuf. 2
1. Region based CAs 2. Manufacturers as CAs
The governments control certification
Keys should be recertified by the foreign authority when the car enters the foreign region
Vehicle manufacturers issue keys
Each car has to store the keys of all vehicle manufacturers
In both cases authorities are cross-certified so that vehicles from different authorities can authenticate each other
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Authentication
40
A
B
To authenticate each other vehicles sign each message with their private key and attach the corresponding certificate
When another vehicle receives the message it verifies the key used to sign the message; once it is done successfully it verifies the message
To reduce the cryptographic overhead only critical messages can be signed or one in every few messages
Certificate of A’s key
(signed by the CA)
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges 41
At 3:00
- Vehicle A
spotted at
position P1
At 3:15
- Vehicle A
spotted at
position P2
To Preserve identity and location privacy keys change over time
Keys renewed according to vehicle speed (e.g., ≈ 1 min at 100 km/h)
Anonymity is conditional on the scenario
Liability has to be enforced: Only law enforcement agencies should be allowed to retrieve the real identities of vehicles (and drivers)
Each key can be tracked back to the real identity of the vehicle (the Electronic License Plate (ELP))
What about privacy: using anonymous keys?
Georg-August University Göttingen Upcoming Wireless Networks and New Challenges
Conclusion on the security of vehicular communications
The security of vehicular communications is a difficult and highly relevant problem
Car manufacturers seem to be poised to massively invest in this area
Slow penetration makes connectivity more difficult
Security leads to a substantial overhead and must be taken into account from the beginning of the design process
The field offers plenty of novel research challenges
42