New Challenges in Securing our Communication Infrastructure Wade Trappe Agenda Wireless Overview – State of the Wireless Union: Where are we? – Vision for 4G Security Challenges for Future Wireless Networks: – 3G Multicast Security – Authentication in Broadcast Environments – Security in Ad Hoc Networks – Biologically-Inspired Self-Healing Frameworks – Networks of Networks Security Issues State of the Wireless Union We are still waiting for third generation (3G) wireless. WLAN (Wi-Fi) technologies are rapidly growing: – Estimated $800 Million in US sales for 2004 Prices for Wi-Fi equipment plummeting – $100 access point, $70 WLAN card New, unregulated networks popping up everywhere – Its not just Starbucks & T-Mobile – Open-access hotspots Warchalking is now a common hobby Global Wi-Fi Growth Sales ($ Million) 1000 800 North America 600 Asia 400 Europe 200 0 1 2 3 4 5 6 Year Source: Allied Business Intelligence Vision for the Fourth Generation Wireless devices will continue to drop in price – Wireless sensors will be deployed everywhere – Ability to monitor everything, from temperature to traffic – Remote sensing and autonomic living applications Next generation wireless systems (4G) will seek to facilitate mass market services with new network architecture: – Self-organizing, ad-hoc wireless access networks: Ad-hoc wireless network protocols which support multihop and peer-to-peer service models, particularly for low-tier uses (in-home, sensors, etc.) – Networks of networks: Future wireless networks will support co-existence of multiple types of networks Security will be a critical issue: – Unregulated networks will provide an untraceable platform to launch network attacks – Mobility and power-efficiency are still concerns 3G Multicast Security Radio Network Subsystem (RNS) UMTS Core Network RNC SGSN Node B GGSN Node B BMSC Node B Internet UMTS Terrestrial Radio Access Network Keys must be shared by multicast group participants As users join and leave, keys must be changed 3GPP has proposed a new entity, the BMSC for managing broadcast and multicast services The BMSC can perform key management 3G Multicast Security 3GPP currently is investigating several multicast frameworks To optimize key management, one should match the key tree to underlying multicast topology 3GPP has not decided on a multicast topology We are examining the performance of multicast key management at the BMSC for different 3G multicast scenarios Examine the issue of key management during handoff between node-B’s and RNCs Prototype Secure Chat Application has been developed •Server is implemented in J2SE •Clients are implemented in J2ME Broadcast/Multicast Authentication Important challenge facing secure multicast communication is data authentication: – Ensures data is from trusted source – Ensures data was not modified en route Unicast Data Authentication uses standard cryptographic techniques: – Digital Signatures: (RSA, DSA) Drawbacks: Inefficient due to: Large per packet computation Large communication overhead Note: Drawbacks are not critical in many applications. – Message Authentication Codes (MAC): (HMAC-MD5) Class of symmetric keyed one-way hash function Advantages: Computationally efficient Compressed code Computationally non-invertible Multicast Authentication Multicast source authentication is more complex than unicast: – Symmetric Key Cryptography cannot be used Key is known to all receivers Packets can be forged by any receivers – Asymmetric key cryptography is required – Lost packets are not retransmitted Digital signature schemes provide good authentication: – Each message is signed by appending digital signature – Significant drawbacks for realtime, low-power multicast applications: Time-to-sign and time-to-verify Bandwidth and overhead. We want a technique that will take advantage of both One approach: Delayed key disclosure Multicast Authentication Delayed Key Disclosure: (e.g. TESLA) All Packets Authenticated with K1 have arrived to all group members Keys K1 K2 K3 K4 Reveal K1 Reveal K2 K5 Time Auth PacketsAuth PacketsAuth PacketsAuth Packets Auth Packets with K1 with K2 with K3 with K4 with K5 Weakness: – Use of buffers allows for a simple denial of service (DoS) attack – Since there is no way to check packets until key is disclosed, buffer will overflow How to protect against DoS attacks? DoS Resistant TESLA Idea: Use multiple keys and stagger the delayed key disclosure scheme. Reveal Ki-3 Keys Reveal Ki-1 Reveal Ki-2 Ki Ki+1 Ki+2 M1 M2 M3 MACKi MACKi+1 MACKi+2 MACKi-1 MACKi MACKi+1 MACKi-2 MACKi-1 MACKi End result: • Provides a filter to remove packets from buffer before the maximum network delay is achieved Reveal Ki Ki+3 Reveal Reveal Ki+1 Ki+2 Ki+4 Time Ki-2 P1 Ki-1 P1 P1 Ad-Hoc Network Security Ad-hoc networks introduce new security challenges – Evolving authentication: Nodes are moving, and clusters are constantly being redefined. – Secure routing: New types of attacks (e.g. wormhole attacks) exist. – Service non-repudiation: No proof that a service (QoS) was provided. WINLAB approach: Develop a hierarchical, self-organizing network – Can nodes develop an evolving trust model? Elected nodes give trust certificates. Internet BTS AP WLAN micro-cell Access Point Forwarding node FN 3G cell low-tier (e.g. sensor) user nodes personal-area pico-cell Authentication in Hierarchical Ad Hoc Sensor Networks Public key certificates are not suitable for flat ad hoc networks – To check certificate requires expensive public key operations AP Three tier architecture: – Varying levels of computational FN power within the sensor network – Sensors do not communicate with SN each other – Forwarding nodes are radio-relay Authentication framework: – Access points provide filter to TESLA Certificates application – Alternative to PK certificates – TESLA certificates provide efficient – Uses symmetric key cryptography sensor node handoff – Delayed key disclosure – Weak and assured data authentication provided Self-Healing Wireless Networks Ad hoc networks are being deployed for a broad variety of applications, and are a key platform for: – Remote sensing applications (Homeland Security) – Military battlefield networks – Mesh networks and ubiquitous content distribution Challenge: These networks are not tolerant to active or passive faults: – Nodes are cheap and will often malfunction – Nodes are in an open environment and vulnerable to being captured by adversaries Network Node Corrupted Network Node Self-healing framework In nature, we have many cases where systems get infected and must repair themselves Ad hoc networks should emulate nature and heal themselves! Model: Human immune system – Leuocytes (white blood cells): There are two types, those that develop in lymph nodes and those that develop in bone marrow – Killer T-cells: Destroy antigens either by themselves, or by recruiting other white blood cells – Lymphocytes: Produce antibodies, that seek to surround and cover an antigen, rendering it harmless until a phage can arrive to destroy the neutralized antigen – Chemotaxis: Leuocytes find their way to an antigen by following a chemical trail of “bread crumbs” Mobile Agent Framework Biologically-inspired selfhealing security framework – Mobile Code will launch from network lymph nodes to patrol network – Mobile Code will leave behind tags allowing for the process of network chemotaxis – In response, Repair and Destroy Agents will be launched to reboot, or shut down malfunctioning nodes via secure OS environment Network Node Network Lymph Node Corrupted Network Node Enabling Technologies Enabling Technologies to be Researched: – Smart Messages (SMs): Migratory execution units that execute on ad hoc nodes, and will form the different types of mobile agents involved in a network immune system – Trajectory Routing: Self-routing mechanisms for mobile code capable of finding fast and efficient route to faulty node – Anomaly Detection: Statistical and policy-based detection mechanisms for identifying faulty network nodes – Flexible Security Policies: Describe how the network immune system responds to different types of corruptions or threats – Authorization and Secure OS: Each node must have a secure environment from which mobile agents perform their functions “Network of Wireless Networks” Security Internet-like architecture that promotes organic growth... Global Internet Mobility supporting Internet wired links high-tier devices (mobile terminals) Radio Access Network (cellular) radio link microcell med-tier devices (laptops, PDA’s) picocell low-tier devices (home, sensors) Security Needs: •Certification across networks •Security must scale to multiple simultaneous platforms!