Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon...
-
date post
20-Dec-2015 -
Category
Documents
-
view
214 -
download
1
Transcript of Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon...
![Page 1: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/1.jpg)
Packet Leashes: A Defense against Wormhole Attacks in
Wireless Networks
Yih-Chun Hu (Carnegie Mellon University)
Adrian Perrig (Carnegie Mellon University)
David B. Johnson (Rice University)
Presented by: Jón T. Grétarsson5 April, 2005
CS577: Advanced Computer Networks
![Page 2: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/2.jpg)
Outline
• Introduction• Problem Statement• Related Work• Assumptions and Notation• Detecting Wormhole Attacks• Temporal Leashes and the TIK Protocol• Evaluation• Conclusions
CS577: Advanced Computer Networks
![Page 3: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/3.jpg)
Introduction
CS577: Advanced Computer Networks
![Page 4: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/4.jpg)
The Authors
• Yih-Chun Hu
• Adrian Perrig
• David B. Johnson
CS577: Advanced Computer Networks
![Page 5: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/5.jpg)
Problem Statement
Wormholes!
CS577: Advanced Computer Networks
![Page 6: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/6.jpg)
Wormholes in MANET
• Packets are “tunneled” from one location to another
• If done reliably, no harm no foul
• If done selectively, much damage can be done!
S D
Wormhole
ColludingAttackers
CS577: Advanced Computer Networks
![Page 7: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/7.jpg)
The Threat
• Permanent Denial-of-Service
• Disruption to Routing Protocols
• Unauthorized Access
CS577: Advanced Computer Networks
![Page 8: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/8.jpg)
Related Work
CS577: Advanced Computer Networks
![Page 9: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/9.jpg)
Related Work
• RF Watermarking
• Intrusion Detection
• 802.11i
CS577: Advanced Computer Networks
![Page 10: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/10.jpg)
Assumptions and Notation
CS577: Advanced Computer Networks
![Page 11: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/11.jpg)
Assumptions & Notation
• Resource Constrained Nodes
• Existing key distribution system
• HMAC - a message authentication code used for authentication
• Bidirectional links are not necessary
CS577: Advanced Computer Networks
![Page 12: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/12.jpg)
Detecting Wormhole Attacks
CS577: Advanced Computer Networks
![Page 13: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/13.jpg)
Leashes
• Somehow restrict the transmission distance of the packet
• Geographical Leashes
• Temporal Leashes
CS577: Advanced Computer Networks
![Page 14: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/14.jpg)
Geographical Leashes
• Node Location
• Loosely Synchronized Clocks
• Bounded Velocity of packet
• dsr is distance between two nodes
• ∆ is error in time
CS577: Advanced Computer Networks
![Page 15: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/15.jpg)
Temporal Leashes
• Requires tight synchronization of clocks
• MAC contention issues
• Digital signature scheme can guarantee timestamp
CS577: Advanced Computer Networks
![Page 16: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/16.jpg)
Temporal Leashes and the TIK Protocol
CS577: Advanced Computer Networks
![Page 17: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/17.jpg)
Authentication
• All information (timestamp, expiration, position) must be verified
• Traditional methods of verification are too expensive
• Merkle Hash Trees are the solution!
CS577: Advanced Computer Networks
![Page 18: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/18.jpg)
Merkle Hash Trees
CS577: Advanced Computer Networks
![Page 19: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/19.jpg)
TESLA with Instant Key Disclosure
CS577: Advanced Computer Networks
![Page 20: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/20.jpg)
Evaluation
CS577: Advanced Computer Networks
![Page 21: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/21.jpg)
How it was done
• Calculated required number of Hashes per second for algorithm
• Calculated computational power of portable devices
CS577: Advanced Computer Networks
![Page 22: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/22.jpg)
Results
• Suitable for laptops and PDA’s, but not for resource scarce networks
• Not enough space to store the packet!
CS577: Advanced Computer Networks
![Page 23: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/23.jpg)
Conclusions
CS577: Advanced Computer Networks
![Page 24: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/24.jpg)
Conclusions
• Wormholes are dangerous! They can degrade performance of Mobile Ad Hoc routing algorithms
• Both Geographical and Temporal leashes can detect wormholes
• TIK is an implementation of Temporal leashes that can be used when there is sufficiently tight time synchronization
• TIK is not usable in resource-scarce networks
CS577: Advanced Computer Networks
![Page 25: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/25.jpg)
Questions? Comments?
Donations?
CS577: Advanced Computer Networks
![Page 26: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649d425503460f94a1ce97/html5/thumbnails/26.jpg)
References
• Graphics borrowed from http://www.panda.uvic.ca/seminars/storage/PacketLeashes.ppt, http://www.ece.cmu.edu/~adrian/projects/ secure-routing/infocom2003.pdf
CS577: Advanced Computer Networks