Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Computer Science

advertisement 
Computer Science
Packet Leashes: A Defense against
Wormhole Attacks in Wireless Networks
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Presented by : Varagur Karthik Iyer
Adapted from the slides by: Qiao Xu, CSC774 Spring04
4/26/2007
1
Outline
•
•
•
•
•
Introduction
Temporal Leashes
TIK Protocol
Performance & Security Analysis
Future Work & Conclusion
Computer Science
4/26/2007
2
Introduction
• Problem: Wormhole Attack
– An attacker records packets at one location of the
network, tunnel them to another location, and
retransmits them there into the network
– Wormhole attack allows attackers to:
• Gain unauthorized access
• Disrupt routing
• Perform DOS attacks
• Solution: Packet Leash
– Add information into the packet to restrict its
maximum allowed transmission distance
Computer Science
4/26/2007
3
Illustration of a wormhole attack
• A mobile wireless ad hoc network
• Nodes S and D communicate through wireless multi hop routing
Normal Operation
S
D
Computer Science
4/26/2007
4
Illustration of a wormhole attack
• A mobile wireless ad hoc network
• Nodes S and D communicate through wireless multi hop routing
Colluding
Attackers
Under Attack
S
Wormhole
Computer Science
4/26/2007
D
5
Packet Leashes
• Goal
– Limit the distance traveled by
a packet in a network
Colluding
Attackers
• Approaches
– Two approaches to the
achieve the goal
• Space : geographical
leashes
S
Limit the range of the packet
using the distance it can
travel
• Time : Temporal Leashes
Limit the range of the packet
using the time it remains
valid
Computer Science
4/26/2007
Wormhole
D
6
Geographical Leashes (Overview)
• Definition: a geographical leash establishes an
upper bound on the distance that a packet can
travel
• Requirements
– Every node must have knowledge of its location
– Loose time synchronization
– Nodes can be relatively mobile
• Geographical leashes also enable multiple
location detection
Computer Science
4/26/2007
7
Temporal Leashes
• Definition: a temporal leash establishes an
upper bound on a packet’s lifetime, which
restricts the maximum travel distance
• Key Requirement: all nodes must have tightly
synchronized clocks
– Maximum clock difference (Δ) between any two
nodes must be within a few microseconds
Computer Science
4/26/2007
8
Temporal Leashes
• Implementation with a packet expiration time
• Sender calculates a packet expiration time to
be sent with each packet:
te = ts + L/c – Δ
– te: packet expiration time
– ts: packet sent time
– c: propagation speed of wireless signal
– L: maximum allowed travel distance; L > Lmin = Δ*c
– Δ: maximum clock difference between 2 nodes
Computer Science
4/26/2007
9
Temporal Leashes
• Receiver will accept and process a received
packet if and only if the time when the packet
is received (tr) is less than the packet expiration
time (te)
• What’s missing?
– Need an efficient way for the receiver to
authenticate te
Computer Science
4/26/2007
10
TIK Protocol - Overview
• TIK – TESLA with Instant Key disclosure
– TIK implements a temporal leash and provides efficient
instant authentication for broadcast communication in
wireless networks
– Based on the observation that a receiver can verify the
TESLA security condition, that the corresponding key
hasn’t been disclosed, as it receives the packet, this allows
sender to disclose the key in the same packet
– Assume sender can precisely predict ts and receiver can
record tr as soon as the packet arrives
– Requires accurate time synchronization between all the
nodes
Computer Science
4/26/2007
11
TIK Protocol – Sender Setup
• Sender generates a series of keys, K0, K1,…,
Kw-1, using a PRF F and a secret master key X:
Ki = Fx(i)
• Sender selects a key expiration interval I and
determines the expiration time (Ti) for its keys:
Ti = T0 + i*I, where T0 is the expiration time for K0
• Sender constructs a Merkle hash tree to commit
to keys: K0, K1,…, Kw-1
Computer Science
4/26/2007
12
TIK Protocol – Merkle Hash Tree
m07
m03
m01
m47
m23
m45
m67
K 0’
K1’
K2’
K3’ K4’
K 5’
K 6’
K 7’
K0
K1
K2
K3
K5
K6
K7
Computer Science
4/26/2007
K4
13
TIK Protocol – Merkle Hash Tree
• How is it constructed?
– For every leaf node, Ki’ = H(Ki); i.e. K0’ = H(K0)
– For every parent node, mp = H(ml || mr); i.e. m01 = H(K0’||
K1’), m03 = H(m01 || m23);
• The root value (m07) is signed by the sender and sent
to the receivers, where it can be authenticated with
sender’s public key
• To authenticate K2, for example:
– Sender must include K3’, m01, m47 in the packet
– Receiver computes m07’ and compare to the pre-distributed
m07
m07’ = H[ H[ m01 || H[ H[K2] || K3’]] || m47 ]
Computer Science
4/26/2007
14
TIK Protocol – Receiver Bootstrapping
• Assume all nodes are synchronized with a
maximum clock difference of Δ
• Assume each receiver knows every sender’s
hash tree root value and the associated
parameter T0 and I
Computer Science
4/26/2007
15
TIK Protocol – Sending and Verifying Packets
Sender
HMAC
M
Receiver HMAC
Time at Sender
•Time at Receiver
ts
T
Ki
M
T
Ki
Ti
•tr ≤ (ts + т - Δ) •≤ (Ti - Δ)
Computer Science
4/26/2007
16
TIK Protocol – Sending and Verifying Packets
• S → R: (HMACKi(M), M, T, Ki)
– M: message payload
– HMACKi(M): message authentication code for M
– Ki: key used to generate the HMAC for M
– T: tree authentication values used to authenticate Ki
• Receiver:
– Verifies if the sender has started sending Ki after receiving
HMAC, based on Ti
– Verifies if Ki is authentic based on the hash root value and T
– Verifies the HMAC, using authenticated Ki
– Accept the packet as authentic only if all those verifications
are successful
Computer Science
4/26/2007
17
Security & Performance Analysis
• Security Analysis
– Temporal leash with TIK protocol can detect and prevent
wormhole attacks if all nodes are good nodes
– Can’t deal with a malicious sender that claims a false
timestamp
– Can’t deal with a malicious receiver that refuses to check
the leash
• Performance Analysis
– Requires only n public keys in a network with n nodes
– Efficient hash tree authentication of keys
– Efficient instant authentication of packet because the key is
disclosed in the same packet
– Modest storage requirement for the Merkle hash tree
Computer Science
4/26/2007
18
Related Work
• RF-Watermarking
– Modulating the RF waveform in a way known only to
authorized nodes
– Vulnerable to node capture
• Intrusion Detection
– Hard to isolate attacker using a software only approach,
since it is hard to distinguish malicious traffic from
legitimate traffic
Computer Science
4/26/2007
19
Future Work & Conclusion
• Future Work
– An efficient implementation of Geographical leashes
– Securing TIK against node misbehavior (sender/receiver)
– Achieving accurate time synchronization among the nodes
• Conclusion
– Wormhole attack is a powerful and disruptive attack against
wireless networks
– With precise timestamps and tight clock synchronization,
TIK can prevent wormhole attacks
Computer Science
4/26/2007
20
Thank You!
• Questions and Comments
Computer Science
4/26/2007
21
Related documents
Algebra 1 Preparing for Success Packet
Algebra 1 Preparing for Success Packet
Advanced UNIX programming Fall 2002 Instructor: Ashok Srinivasan Lecture 27
Advanced UNIX programming Fall 2002 Instructor: Ashok Srinivasan Lecture 27
AP Biology –
AP Biology –
CSC 774 Advanced Network Security Wireless Networks Presented by: Jinsuk Jun
CSC 774 Advanced Network Security Wireless Networks Presented by: Jinsuk Jun
Summer Review Packet for Students Entering Algebra 1
Summer Review Packet for Students Entering Algebra 1
Sportfolio Criteria - JCB Physical Education
Sportfolio Criteria - JCB Physical Education
Warriors of the net questions 1. What three things are put on the
Warriors of the net questions 1. What three things are put on the
Chapter-1-Packet-Number-1-Packet-Check
Chapter-1-Packet-Number-1-Packet-Check
Download
advertisement