Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D....
-
Upload
elinor-matthews -
Category
Documents
-
view
216 -
download
3
Transcript of Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D....
![Page 1: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/1.jpg)
Secure Multi-Hop Infrastructure Access
presented by Reza Curtmola(joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens)
600.647 – Advanced Topics in Wireless Networks
![Page 2: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/2.jpg)
Wireless Infrastructure Access
• Few pure wireless peer to peer apps yet(primarily emergency deployments)
• Un-tethered infrastructure access has been the wireless killer app (countless variations)– Voice communication– Internet access– Local area network access– Data gathering sensor networks– Peripherals (headphones, mice, keyboards)
![Page 3: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/3.jpg)
Single-Hop vs. Multi-Hop• Advantages
– Well established– Lower Complexity
• Issues– Limited coverage
• Range• Quality (gaps)
• Advantages– Increased Coverage– Enhanced performance– Reduced Deployment
Cost– Overall Flexibility
• Challenges– Routing protocol– Mobility– Scalability
![Page 4: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/4.jpg)
Infrastructure Access Security
• Single-Hop– Many years to develop current state of the art
• 1997 – WEP• 2003 – WPA• 2004 – 802.11i / WPA2
– Still outstanding issues? (see NDSS 2004 paper)
• Multi-Hop– Introduces a set of additional security concerns– Existing work focuses only on the security of
the ad hoc scenario
![Page 5: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/5.jpg)
Network Model
Gateway
Authorized Node
Adversary
Revoked Node
![Page 6: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/6.jpg)
Protocol Design Goals• Security comparable to single-hop state of
the art protocols• Additional protection against multi-hop
routing attacks– Black Hole– Flood Rushing– Wormhole
• Efficient protocol operation– Symmetric cryptography– Scalable user management
![Page 7: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/7.jpg)
Adversarial Model• Access Point
– is trusted– able to establish trust relationships with
authorized nodes
• Authenticated nodes are trusted to perform the protocol correctly
• Adversaries are unauthenticated nodes– Perform arbitrary attacks
(e.g. drop, inject or modify packets)– May collude to perform stronger attacks
(e.g. tunnel packets)
![Page 8: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/8.jpg)
Our Solution
• Take an existing solution: Pulse protocol[Infocom ‘04, Milcom ‘04, WONS ‘05]– Multi-hop routing protocol– Optimized for many-to-one communication
pattern– High Scalability
• Mobility• Number of nodes• Number of flows
• Build security mechanisms into it
![Page 9: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/9.jpg)
Pulse Protocol Example
![Page 10: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/10.jpg)
Pro-active Spanning Tree
![Page 11: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/11.jpg)
Node Wishes to Communicate
![Page 12: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/12.jpg)
Sends Packet to Gateway
![Page 13: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/13.jpg)
Cryptographic Protection
• Participating nodes share a network wide symmetric key NSK– Used to secure the routing service– Established and maintained using a broadcast
encryption scheme (BES)
• Source and destination use per flow unicast key (UK) to protect data payload
routingheaders
data payloadseq
numberHMACNSK
ENSK EUK
![Page 14: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/14.jpg)
Secure Reliability Metric
• Secure ACKs are required for each data packet traversing a link
• Protocol gathers history of ACK failures
• Link weights inversely proportional to reliability
• Strategy is similar to ODSBR [WiSe ’02]
![Page 15: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/15.jpg)
Network Model
Gateway
Authorized Node
Adversary
Revoked Node
![Page 16: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/16.jpg)
Adversarial Avoidance Example
Gateway
112
2
1
1
222
2
3
2
3
33
2
![Page 17: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/17.jpg)
Adversarial Avoidance Example
Gateway
112
2
1
1
222
2
3
2
3
33
2
![Page 18: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/18.jpg)
Adversarial Avoidance Example
Gateway
112
2
1
1
222
2
3
2
3
33
21
![Page 19: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/19.jpg)
Adversarial Avoidance Example
Gateway
112
2
1
1
222
2
3
2
3
33
21
![Page 20: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/20.jpg)
Adversarial Avoidance Example
Gateway
112
2
1
1
222
2
3
2
33
21.1
3
![Page 21: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/21.jpg)
Adversarial Avoidance Example
Gateway
112
2
1
1
222
2
3
2
3
33
21.1 1
![Page 22: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/22.jpg)
Wormhole Avoidance Example
Gateway
112
2
1
1
222
2
3
2
33
2
3
![Page 23: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/23.jpg)
Wormhole Avoidance Example
Gateway
112
2
1
1
222
2
3
2
21
2
3
1
![Page 24: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/24.jpg)
Wormhole Avoidance Example
Gateway
112
2
1
1
222
2
3
2
21
2
3
1.1 …
![Page 25: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/25.jpg)
Wormhole Avoidance Example
Gateway
112
2
1
1
222
2
3
2
21
2
3
3.1
![Page 26: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/26.jpg)
Wormhole Avoidance Example
Gateway
112
2
1
1
222
2
3
2
33
2
3
3.1
![Page 27: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/27.jpg)
Attack mitigation
• Injecting, modifying packets – use of NSK
• Replay attack – use of nonces
• Flood rushing – protocol relies on the metric, and not on timing information
• Black hole – unreliable links are avoided using metric
• Wormhole – creation is not prevented, but it is avoided using metric
![Page 28: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/28.jpg)
Key Management• Assumption: each node has a unique
pre-established shared key PSK with the gateway
• Goal: to efficiently manage the Network Shared Key (NSK)– Selected and maintained by the gateway– Add/revoke users– Periodically refreshed
Manually entered as in WEP or WPA / WPA2 personal mode
Automatically generated by interaction with an authentication server as in 802.1x / EAP
or
![Page 29: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/29.jpg)
Broadcast Encryption Scheme
• Center broadcasts a message
• Only a subset of privileged (non-revoked) users can decrypt it
• Our requirements:– Allows unbounded number of broadcasts– Any subset of users can be defined as
privileged– A coalition of all revoked users cannot decrypt
the broadcast
![Page 30: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/30.jpg)
Subset Cover Framework• CS or SD [Crypto ’01], LSD [Crypto ’02]• The set of privileged users is represented as the
union of s subsets of users• A long-term key is associated with each subset• A user knows a long-term key only if he belongs
to the corresponding subset• Center encrypts message s times under all the
keys associated with subsets in the union• LSD Properties
– Each node stores O(log3/2(n)) keys– O(r) message size– O(log(n)) computation at each node
![Page 31: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/31.jpg)
Node Management
• Node addition– Using PSK, a node obtains from the gateway
the current NSK and the set of secrets for the BES
• Node revocation / NSK refresh– Gateway generates a new NSK– Gateway broadcasts encrypted NSK such that
only non-revoked nodes are able to decrypt it– Scalability advantage over Group Key
management in 802.11i which is O(n)
![Page 32: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/32.jpg)
1
3
6
Complete Subtree
1
32
7654
15141312111098
• Broadcast: EK2(KEK), EK7(KEK), EK12(KEK), EKEK(NSK’)
U1 U2 U3 U4 U5 U6 U7 U8
12
2
7
![Page 33: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/33.jpg)
Conclusion
• Protocol provides multi-hop infrastructure access
• Efficient, lightweight security– Entirely based on symmetric cryptography– Prevents a wide variety of attacks– Leverages infrastructure for trust establishment
![Page 34: Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 – Advanced.](https://reader034.fdocuments.us/reader034/viewer/2022042822/56649eab5503460f94bb182b/html5/thumbnails/34.jpg)
Real World Implementation• Completed Features
– Linux Kernel Module with 2.4 and 2.6 compatibility• Operates at layer 2• Distributed virtual switch architecture provides seamless bridging
– Pulse Protocol• Shortcuts and gratuitous reply• Instantaneous loop freedom• Fast parent switching (with loop freedom)• Medium Time Metric route selection metric (WONS 2004)
– 50 Nodes deployed across JHU Campus• Tested with Internet Access, Ad hoc Access Points, Voice over IP• Mobility tested at automobile speeds
• In Progress– Security – (NDSS Workshop 2005)
• Flood Rushing, Wormholes, Black holes, any NON-Byzantine attack• In kernel crypto implementation
– Leader Election Algorithm• Fault tolerance, switches pulse source to most accessed destination• Handle merge and partition
– Efficient Tree Flooding• Similar to expanding ring search but with no duplicates