Topic 7: Lightweight Security Primitives for MANET & WSN Power conscious security measures EE4723 1 Security Requirements • • • • • • • • • Introduction to MANET/WSN Security MANET Assumptions Problem Statement Secure MANET design philosophy Use of hashes in MANET security Symmetric Key Encryption in MANET Active security measures Specific Power-Aware Approaches Summary 2 Introduction to MANET/WSN security • World is growing increasingly ‘digital’ • 1980’s: – Computers in cars • 1990’s: – Computers in door locks, watches, cellphones, etc • 2000’s: – Computers everywhere! – Must tweet, facebook, communicate with other devices 3 Introduction to MANET/WSN security • Welcome to 2010 – Not just facebook – Banking, auto insurance apps on iPhone – Miniature UAVs, ground combat robots in military use • Some mounted with weapons! • Mobile network/internet devices are the new way to do business – Not just toys anymore – They keep getting smaller! 4 MANET Assumptions Some assumptions throughout this presentation • Key exchange/distribution has already been taken care of – Eschenauer/Gligor (or other probabilistic approach) a likely candidate • Operation in a hostile environment – This has not been assumed in the past, hence the problems with many in-place network schemes 5 MANET Assumptions • Vulnerabilities exist at every layer in MANET Goals for an all-encompassing secure MANET protocol Source: Security in Mobile Ad Hoc Networks: Challenges and Solutions [3] • Currently, no single mechanism eliminates the security issues in every layer • An all-encompassing protocol will include both active and passive protection 6 Problem Statement The Challenge: • How do we reasonably secure communications? • On a device with limited – CPU/RAM resources – Battery power • Continuously changing network conditions 7 Problem Statement • Require the standard 4 security provisions • Security evaluation criteria for proposed solutions: – Authentication – Privacy – Integrity – Freshness 8 Secure MANET design philosophy Typical devices involved in MANET/WSNs: • Mote (WSN data collection) – 8-bit CPU, 4 Mhz, 4 KB RAM – 128 KB program memory – Powered by 2 AA batteries • Ranging to more powerful MIPS R4400 or similar 9 Secure MANET design philosophy • Public key encryption – out of the question! • Symmetric key encryption is possible • Hash-based security functions are preferred 10 Secure MANET design philosophy Computation Time and Energy Consumption for 128-bit Multiply Source: Constraints and Approaches for Distributed Network Security [4] • This is a basic operation required for public key cryptography • Thousands or millions of these operations for encrypt/decrypt/verify 11 Secure MANET design philosophy AES(Symmetric) and SHA-1 Computational Energy Consumption Estimates Source: Constraints and Approaches for Distributed Network Security [4] • Symmetric key encryption is ideal, when encryption is required • Hash functions still preferred – 20% power savings with MIPS R4000 – 60% power savings with DragonBall 12 Use of hashes in MANET security Hash Message Authentication Codes (HMAC) • Two nodes communicating and sharing a private key can use a one-way hash algorithm to verify sender • This is ok between 2 parties – HMAC can only be verified by the intended receiver • Unless all keys shared across network, not reasonable – Not ideal for authenticating broadcast messages • HMACs can be chained to verify a message path – Used in TESLA and Ariadne 13 Use of hashes in MANET security Pitfalls of message hashing • For hash chaining, clock synchronization of some kind will be required – Significant infrastructure to do this may be required • TESLA and SEAD send hashes and then send the key – Entire message must be buffered and then wait on key distribution before message can be verified – Can introduce large routing delays 14 Use of hashes in MANET security Hashing summary • Hashing is useful for verifying identity of a sender • Not impervious to replay attacks • Fast, but cannot be used to encrypt data • For Data encryption, we need to look at lightweight symmetric key encryption – Let’s examine MANET requirements again 15 Symmetric Key Encryption in MANET More design pitfalls of MANET devices: • Depending on application, RF data transmission will be the other primary drain on battery • Require our algorithm to have low CPU and data overhead – Size of plaintext = size of ciphertext 16 Symmetric Key Encryption in MANET • Stream cipher is an obvious choice for to keep data overhead low • Block mode encryption is not effective for cleartext < block size – Stream ciphers do not suffer this downfall • Can maintain fairly high security while keeping processing and bit overhead quite low – XOR/Bitwise add operations cheap to implement 17 Symmetric Key Encryption in MANET • Stream ciphers have been chosen for a number of proposed and actual wireless network implementations Cipher operating in Output Feedback Mode Source: Secret Key Cryptography [1] • IEEE 802.11 WEP uses RC4 stream cipher • SPINS (based on TESLA/SNEP) uses RC5 block cipher using counter mode 18 Symmetric Key Encryption in MANET The catch: • Care must be taken in design to avoid keystream reuse – WEP prefixes each packet with a pre-encryption IV, but IV space is too small – WEP is susceptible to a number of attacks because of this • SPINS gets around this by having each party maintain IV separately 19 Symmetric Key Encryption in MANET • SPINS’ approach causes new problems and special considerations – Lossy wireless links can cause IV to become unsynchronized – Network is not protected from replay attacks without additional measures 20 Symmetric Key Encryption in MANET Symmetric Encryption Summary • With proper design and advanced techniques, symmetric-key encryption can provide adequate security measures for today’s networks. 21 Active security measures Active security measures in MANET • What can be done? 22 Active security measures Active security measures in MANET • Operation on battery power/minimum processing power makes active security measure implementation that much more difficult • At the same time, limited operating power gives us a need for active security measures – Deep packet inspection essentially impossible 23 Active security measures • In any MANET network, malicious nodes can simply DoS another node with packets it has to respond to • This is especially effective/detrimental if the MANET implements some kind of security signature – Hacker can spam the network with bogus and bad digests – Good nodes spend processing power to verify, only to find that the message is a fraud 24 Active security measures: OpenLIDS Enter OpenLIDS (Lightweight Intrusion Detection System) • A mechanism for detecting hosts that are abusing the network • Works on the basis of anomaly detection • Lightweight enough to run on medium-power nodes • Able to keep up with high data throughput • Aims to specifically detect port scanning and DoS attacks 25 Active security measures: OpenLIDS Utilizes failed connection attempt analysis • Initially perform very broad packet monitoring • Increase cost and depth of analysis as suspicion rises 26 Active security measures: OpenLIDS 3 States • DST_NONE • DST_HOST • DST_PORT OpenLIDS State Machine Diagram: Failed connection attempts Source: OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks [8] 27 Active security measures: OpenLIDS • DST_NONE – >50 failed attempts per minute – Host is flagged as suspicious • DST_HOST OpenLIDS State Machine Diagram: Failed connection attempts Source: OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks [8] – Nodes now begin to track destination IP of failing requests – >400 at a single host? • Targeted DoS attacker – >100 distinct destination hosts? • DST_PORT – >100 failed attempts, same port, different hosts? • Attacker determined to be port scanning 28 Active security measures: OpenLIDS • After host is located – Specific actions are not defined by the protocol – Can be customized per implementation • How effective is it? OpenLIDS Time to detect Conficker worm Source: OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks [8] 29 Active security measures: OpenLIDS Summary • OpenLIDS is fairly minimal – Linux implementation program size 85 KiB – Occupies 836 KiB RAM when started – Grows to 4,128 KiB RAM tracking 1000 hosts • OpenLIDS is suitable for medium to high powered MANET devices – Mote type devices are not powerful enough 30 Specific Power-Aware Approaches Approaches we’ll talk about: • DVS (Dynamic Voltage Scaling) • MDR (Minimum Drain Rate) 31 Specific Power-Aware Approaches: DVS What is Dynamic Voltage Scaling? • The idea behind DVS is to take advantage of the of speed-scaling processors in a way to save energy • Many processors are capable of running at different voltages – MIPS R4000 – Pretty much any ARM chip 32 Specific Power-Aware Approaches: DVS • When running at lower voltage: – Processor runs slower – Works more efficiently • Running at a lower voltage is not good all the time – Some processors will be pathetically slow when scaled back – For data in a MANET that is time critical, deadlines can be missed – Energy is not only lost in the processor 33 Specific Power-Aware Approaches: DVS • To implement DVS w/o missing deadlines, we need to add another layer to the protocol • This DVS Layer sits outside of the encrypted payload – Tells the receiver (or middle node in link-to-link encryption) various bits of information about the packet 34 Specific Power-Aware Approaches: DVS First packet of DVS enabled message Source: Design Space Exploration for Energy-Efficient Secure Sensor Network [5] • Message_info provides the decrypting node with the information it needs to select the proper voltage • Info should be encrypted or at least signed if the hardware allows – Tamper proof • Decrypted/verified at full speed 35 Specific Power-Aware Approaches: DVS First packet of DVS enabled message Source: Design Space Exploration for Energy-Efficient Secure Sensor Network [5] Message_info includes: • Size of message • Origin time and latency requirement • Estimated computation load of message. • Message destination 36 Specific Power-Aware Approaches: DVS So how much energy can be saved? MIPS R4000 Energy usage at different supply voltages Source: Design Space Exploration for Energy-Efficient Secure Sensor Network [5] 37 Specific Power-Aware Approaches: DVS DVS Simulation results DVS Simulation run against a fixed-voltage simulation run Source: Design Space Exploration for Energy-Efficient Secure Sensor Network [5] • The DVS approach does the same work • 2.64 times slower, but uses only 38% of the energy of the fixed voltage approach! 38 Specific Power-Aware Approaches: DVS DVS Summary • As always, actual power savings will depend on network traffic conditions and other factors – High volume of low latency traffic will cut savings • If packet #1 has missed the message deadline, entire message will be dropped • A very novel approach to saving energy in MANET 39 Specific Power-Aware Approaches: MDR Minimum Drain Rate • The idea of Minimum Drain Rate – Based on the idea of drain rate, which is an estimation on how long a node can continue operating at current traffic levels • With this information, the routing protocol can modify paths to keep certain nodes online longer 40 Specific Power-Aware Approaches: MDR • Routes with nodes having the highest remaining battery will be utilized as much as possible • Keep low battery nodes online as long as possible • MDR optimizes for the good of the network • Other schemes can be selfish – Useful in WSNs, keep own node online and collecting data as long as possible 41 Summary • A good security approach is hard to design because of all the limitations of the devices • Designs should be passively secure to protect against unforeseen attacks • Implement active security measures to limit abuse/DoS 42 Summary • Power-aware security measures – Promise to go a long way in keeping battery powered devices online – Are needed because processing power is advancing faster than battery technology 43 Summary MANET Power-conscious security mechanisms • MANETs themselves are a relatively new area of research • MANET security even more so • MANET power-conscious or power aware security is pretty much cutting edge! • Market for these devices grows every day 44 Questions? 45 References [1] Secret-Key Cryptography-Introduction,IDEA,ECB,CBC,OFB, CFB . Dr. Tricia Chigan, Michigan Technological University. [2] LiSP: A lightweigh Security Protocol for Wireless Sensor Networks. Taejoon Park and Kang G. Shin, University of Michigan. [3] Security in Mobile Ad Hoc Networks: Challenges and Solutions. Hao Yang, Haiyun Luo, Fan Ye, Songwu Lu and Lixia Zhang, UCLA Computer Science Department [4] Constraints and Approaches for Distributed Network Security. David Carman, Peter Kruus and Brian Matt. NAI Labs, Network Associates Inc. [5] Design Space Exploration for Energy-Efficient Secure Sensor Network. Lin Yuan and Gang Qu, University of Maryland Electrical and Computer Engineering Department. [6] Power-Aware Routing Based on The Energy Drain Rate for Mobile Ad Hoc Networks. Javier Gomez, Andrew T. Campbell Dept. of Electrical Engineering and Center for Telecommunications Research. Columbia University, NY, USA. [7] Power-saving protocols for IEEE 802.11-based multi-hop ad hoc networks. Yu-Chee Tseng, Chih-Shun Hsu, Ten-Yueng Hsieh. Department of Computer Science and Information Engineering, National Chiao Tung University, Taiwan [8] OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks. Fabian Hugelshofer, et al. Computing Department Lancaster University, Lancaster, United Kingdom 46