Wilderness Survival Skills for Multihop Wireless Networks · Effects of Node Misbehavior in Mobile...
Transcript of Wilderness Survival Skills for Multihop Wireless Networks · Effects of Node Misbehavior in Mobile...
1
Prof. Dr.-Ing. Matthias HollickSecurity in Mobile Networks and Wireless Mesh Networks
Universidad Carlos III de MadridDepartamento de Ingeniería Telemática
Phone +34.91.624.8794Fax +34.91.624.8749
[email protected] or [email protected]. de la Universidad, 30
E-28912 Leganés (Madrid), Spainhttp://www.it.uc3m.es/
02-Jul-2009
Wilderness Survival Skills for Multihop Wireless Networks
tubs.CITYTechnische Universität Carolo-Wilhelmina zu Braunschweig
02-Jul-2009
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 2 –
The Wilderness
[Sources: wikimedia commons]
2
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 3 –
Predators
Wild animalsLionsTigersCrocodilesWolves…
[Sources: www.sxc.hu]
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 4 –
Other Threats
Wild animals“Smaller animals actually present more of a threat to the survivor than large animals.” (Source www.wilderness-survivor.net)Insects such as mosquitosArachnids…
[Sources: www.sxc.hu]
3
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 5 –
Outline
The WildernessThreats for Multihop Wireless Networks in the Wild Effects of Node Misbehaviorin Mobile Ad hoc Networks
Survival SkillsA Short Guide to SurvivalMitigating Misbehavior using Geographically Secure Routing
[Sources: www.sxc.hu]
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 6 –
Threats & Attacks against Multihop Wireless Networks
Security goalsAuthenticity, confidentiality, integrity, non-repudiation, availability
Passive and active attacksWireless channel simplifies attacks
Attacks take place on all layers (examples)Jamming on PHY layer, physical securityof small devices typically weakSelfishness on MAC layerMalicious behavior during routing and/or forwarding on NET layerTRANSPORT layer of the Internet has notbeen designed for multihop wireless networks, is weak even without attackAttacks are scenario/application dependent
Layer 1 – PHY
Layer 2 – LINK
Layer 3 – NET
Layer 4 – TRANS
Layer 5 – APP
4
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 7 –
Wireless Multihop Networks in the Wild
Heterogeneous multihop wireless networks, different application needs, etc.
Heart Rate
Building Automation
Location
Temperature
Health Monitoring
Tracking of Goods
Network Data & ServicesData & Things
[Sources: sunsportworld.com, gumstix.com, nokia.com, apple.com, motive.com, xbow.com, meshcube.org, meraki.com, tropos.com]
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 8 –
Heterogeneity of Scenarios, Network Characteristics, Threats, and Security Goals
Industrial WSNHarsh environmental conditionsPhysical protection vs. intruders possibleData integrity to be protectedAvailability to be protectedQoS provisioning under attack
Participatory (Ambient) SensingOpen network susceptible to attackIntegrity & privacy (however protecting privacy might challenge integrity)Confidentiality for some data
MANET/WMNVANET: integrity of warning messages, fast exclusion of errant devices, location privacyMANET: availability of service, protect cooperation of nodes, “classical” network security depending on applicationProvider WMN: closed network (nodes authenticated), QoS provisioning and availability to be protectedCommunity WMN: open network, distributed mechanisms, cooperation necessary
5
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 9 –
Effects of Node Misbehavior in Multihop Wireless Networks
Scenario
ChallengeQualify and quantify the effects of node misbehavior on the overall performance of the routing system
XX
Vulnerability of multihop route
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 10 –
Experimental Analysis: Simulation Study
Performance Evaluation by Extensive Simulation StudyStarting from a well performing MANET in normal operationStudied variants of AODV routingStudied various degrees of mobilityStudied scale of the networkStudied type/degree of misbehavior
Malicious Nodes - Black HolesActively attract routes by injectingfalse routing information Remove packets from network
Selfish Nodes Optimize their own gain, neglect welfare of other nodesDiscard other node‘s packets
6
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 12 –
Simulation Study: Selected Results
Setup250 nodes, low node mobility (1-2m/s), AODV with expanding ring search
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 13 –
Observations for Maliciousness/Black Holes
ResultsSuccessful communication is possible only in close proximityPacket loss is extremely high, even for few black holesPacket loss further increases with node mobility
49%78%
i.e. 10 out of 250 nodes
Increase in malicious nodes
7
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 14 –
Wireless Survival Skills
[Image Source “www.sxc.hu“]
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 15 –
Survival Actions
[Sources: www.sxc.hu, "Survival FM 3-05.70" US Army Handbook]
8
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 16 –
Exploiting Space & Time: Complementing Contemporary Security Solutions
Challenge:Inherent vulnerability of multihop wireless networksMitigating misbehavior in networks without well-defined boundaries
(I) Intrusion PreventionMostly secure routing protocols (leveraging cryptography)
How to prevent intrusions on other layers than network layerE.g. SAODV and Ariadne as secure versions of AODV and DSR
New attack vectors identified by Acs et al. and Hu et al.
(II) Intrusion ResponseE.g. Watchdog & Pathrater by Marti et al.E.g. CONFIDANT by Buchegger et al.E.g. CORE by Michiardi et al.E.g. OCEAN by Bansal et al.
Today, intrusion response is based mostly on addresses, which can easily be attacked in open networks
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 17 –
Exploiting Space: GeoSecGeographically Secure Routing
Approach: Exclude Misbehaving Nodes Based on LocationSetting up ‘quarantine zones’ void of communicationResults in cross-layer and attack-independent defense
Implementation(1) Establish quarantine zones
Interrupt affected routesExclude attacker from network
(2) Establish new routesBy restricting broadcastEvading quarantine zones
(3) Maintain quarantine zonesReset zones periodicallyTracking of attacker not necessary
9
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 18 –
Address-based IRS GeoSec
Performance Evaluation GeoSec vs.Address-based Intrusion Response
MetricPacket drop rates
Attacker vs. IRS
Setup1000 nodes, low node mobility, AODV with expanding ring search
No IRS
Address-based IRS GeoSec
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 19 –
Exploiting Time: GeoSec+Geographical & Delay-tolerant Secure Routing
Approach: Buffer Packets During Attack and Retransmit LaterTransparent operation, i.e. sender is informed about IRS event Non-transparent operation, i.e. “silent” or “localized” operation of IRS
Late buffering strategy, i.e. packets are buffered as IDS detects misbehaviorHowever, packet loss during time IDS needs to detect misbehavior
Early buffering strategy, i.e. packets also buffered in detection interval
Transparent Non-transparent
10
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 20 –
Summary of Results for GeoSec+Avg. Packet Delivery Ratio
Tran
spar
ent,
Late
Buf
ferin
g
Non
-tran
spar
ent,
Late
Buf
ferin
g
Tran
spar
ent,
Early
buf
ferin
g
Non
-tran
spar
ent,
Early
Buf
ferin
g
In studied scenario up to~80% delivery ratio
Performance independentof number of
retransmissions
In studied scenario up to~75% delivery ratio
Performance dependentof number of
retransmissions
In studied scenario up to~95% delivery ratio
Performance dependentof number and scheduling
of retransmissions
In studied scenario up to~90% delivery ratio
Performance independentof number of retransmissions
(but congestion observed)
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 21 –
Summary of Results for GeoSec+Avg. End-to-End Delay
Tran
spar
ent,
Late
Buf
ferin
g
Non
-tran
spar
ent,
Late
Buf
ferin
g
Tran
spar
ent,
Early
buf
ferin
g
Non
-tran
spar
ent,
Early
Buf
ferin
g
11
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 22 –
Summary & Conclusion
The WildernessThreats for Multihop Wireless Networks in the Wild Effects of Node Misbehaviorin Mobile Ad hoc Networks
Selected Survival SkillsA Short Guide to SurvivalMitigating Misbehavior using Geographically Secure Routing
[Sources: www.sxc.hu]
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 23 –
Thank You Very Much for Your Attention
12
Making Multihop Wireless Networks Secure and Quality of Service Aware
Matthias Hollick, tubs.CITY Workshop, 02-Jul-2009– 24 –
Acknowledgements, Copyright Notice
Copyright NoticeThis document has been distributed by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
Acknowledgements To André König, Technische Universität Darmstadt, for his work in the area of innovative security mechanisms for Mobile Ad hoc Networks