Lightweight Security Primitives for MANET & WSN

advertisement
Topic 7: Lightweight Security Primitives for MANET & WSN
Power conscious security measures
EE4723
1
Security Requirements
•
•
•
•
•
•
•
•
•
Introduction to MANET/WSN Security
MANET Assumptions
Problem Statement
Secure MANET design philosophy
Use of hashes in MANET security
Symmetric Key Encryption in MANET
Active security measures
Specific Power-Aware Approaches
Summary
2
Introduction to MANET/WSN security
• World is growing increasingly ‘digital’
• 1980’s:
– Computers in cars
• 1990’s:
– Computers in door locks, watches, cellphones, etc
• 2000’s:
– Computers everywhere!
– Must tweet, facebook, communicate with other
devices
3
Introduction to MANET/WSN security
• Welcome to 2010
– Not just facebook
– Banking, auto insurance apps on iPhone
– Miniature UAVs, ground combat robots in military use
• Some mounted with weapons!
• Mobile network/internet devices are the new
way to do business
– Not just toys anymore
– They keep getting smaller!
4
MANET Assumptions
Some assumptions throughout this presentation
• Key exchange/distribution has already been
taken care of
– Eschenauer/Gligor (or other probabilistic
approach) a likely candidate
• Operation in a hostile environment
– This has not been assumed in the past, hence the
problems with many in-place network schemes
5
MANET Assumptions
• Vulnerabilities exist at every layer in MANET
Goals for an all-encompassing secure MANET protocol
Source: Security in Mobile Ad Hoc Networks: Challenges and Solutions [3]
• Currently, no single mechanism eliminates the
security issues in every layer
• An all-encompassing protocol will include both
active and passive protection
6
Problem Statement
The Challenge:
• How do we reasonably secure
communications?
• On a device with limited
– CPU/RAM resources
– Battery power
• Continuously changing network conditions
7
Problem Statement
• Require the standard 4 security provisions
• Security evaluation criteria for proposed
solutions:
– Authentication
– Privacy
– Integrity
– Freshness
8
Secure MANET design philosophy
Typical devices involved in MANET/WSNs:
• Mote (WSN data collection)
– 8-bit CPU, 4 Mhz, 4 KB RAM
– 128 KB program memory
– Powered by 2 AA batteries
• Ranging to more powerful MIPS R4400 or
similar
9
Secure MANET design philosophy
• Public key encryption – out of the question!
• Symmetric key encryption is possible
• Hash-based security functions are preferred
10
Secure MANET design philosophy
Computation Time and Energy Consumption for 128-bit Multiply
Source: Constraints and Approaches for Distributed Network Security [4]
• This is a basic operation required for public
key cryptography
• Thousands or millions of these operations for
encrypt/decrypt/verify
11
Secure MANET design philosophy
AES(Symmetric) and SHA-1 Computational Energy Consumption Estimates
Source: Constraints and Approaches for Distributed Network Security [4]
• Symmetric key encryption is ideal, when
encryption is required
• Hash functions still preferred
– 20% power savings with MIPS R4000
– 60% power savings with DragonBall
12
Use of hashes in MANET security
Hash Message Authentication Codes (HMAC)
• Two nodes communicating and sharing a private key can
use a one-way hash algorithm to verify sender
• This is ok between 2 parties
– HMAC can only be verified by the intended receiver
• Unless all keys shared across network, not reasonable
– Not ideal for authenticating broadcast messages
• HMACs can be chained to verify a message path
– Used in TESLA and Ariadne
13
Use of hashes in MANET security
Pitfalls of message hashing
• For hash chaining, clock synchronization of some
kind will be required
– Significant infrastructure to do this may be required
• TESLA and SEAD send hashes and then send
the key
– Entire message must be buffered and then wait on
key distribution before message can be verified
– Can introduce large routing delays
14
Use of hashes in MANET security
Hashing summary
• Hashing is useful for verifying identity of a sender
• Not impervious to replay attacks
• Fast, but cannot be used to encrypt data
• For Data encryption, we need to look at lightweight
symmetric key encryption
– Let’s examine MANET requirements again
15
Symmetric Key Encryption in MANET
More design pitfalls of MANET devices:
• Depending on application, RF data
transmission will be the other primary drain
on battery
• Require our algorithm to have low CPU and
data overhead
– Size of plaintext = size of ciphertext
16
Symmetric Key Encryption in MANET
• Stream cipher is an obvious choice for to keep
data overhead low
• Block mode encryption is not effective for
cleartext < block size
– Stream ciphers do not suffer this downfall
• Can maintain fairly high security while keeping
processing and bit overhead quite low
– XOR/Bitwise add operations cheap to implement
17
Symmetric Key Encryption in MANET
• Stream ciphers have been chosen for a number of proposed and actual
wireless network implementations
Cipher operating in Output Feedback Mode
Source: Secret Key Cryptography [1]
• IEEE 802.11 WEP uses RC4 stream cipher
• SPINS (based on TESLA/SNEP) uses RC5 block cipher using counter mode
18
Symmetric Key Encryption in MANET
The catch:
• Care must be taken in design to avoid
keystream reuse
– WEP prefixes each packet with a pre-encryption
IV, but IV space is too small
– WEP is susceptible to a number of attacks because
of this
• SPINS gets around this by having each party
maintain IV separately
19
Symmetric Key Encryption in MANET
• SPINS’ approach causes new problems and
special considerations
– Lossy wireless links can cause IV to become
unsynchronized
– Network is not protected from replay attacks
without additional measures
20
Symmetric Key Encryption in MANET
Symmetric Encryption Summary
• With proper design and advanced techniques,
symmetric-key encryption can provide
adequate security measures for today’s
networks.
21
Active security measures
Active security measures in MANET
• What can be done?
22
Active security measures
Active security measures in MANET
• Operation on battery power/minimum
processing power makes active security
measure implementation that much more
difficult
• At the same time, limited operating power
gives us a need for active security measures
– Deep packet inspection essentially impossible
23
Active security measures
• In any MANET network, malicious nodes can
simply DoS another node with packets it has
to respond to
• This is especially effective/detrimental if the
MANET implements some kind of security
signature
– Hacker can spam the network with bogus and bad
digests
– Good nodes spend processing power to verify,
only to find that the message is a fraud
24
Active security measures: OpenLIDS
Enter OpenLIDS (Lightweight Intrusion Detection
System)
• A mechanism for detecting hosts that are
abusing the network
• Works on the basis of anomaly detection
• Lightweight enough to run on medium-power
nodes
• Able to keep up with high data throughput
• Aims to specifically detect port scanning and
DoS attacks
25
Active security measures: OpenLIDS
Utilizes failed connection attempt analysis
• Initially perform very broad packet monitoring
• Increase cost and depth of analysis as
suspicion rises
26
Active security measures: OpenLIDS
3 States
• DST_NONE
• DST_HOST
• DST_PORT
OpenLIDS State Machine Diagram: Failed connection attempts
Source: OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks [8]
27
Active security measures: OpenLIDS
• DST_NONE
– >50 failed attempts per minute
– Host is flagged as suspicious
• DST_HOST
OpenLIDS State Machine Diagram: Failed connection attempts
Source: OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks [8]
– Nodes now begin to track destination IP of failing
requests
– >400 at a single host?
• Targeted DoS attacker
– >100 distinct destination hosts?
• DST_PORT
– >100 failed attempts, same port, different hosts?
• Attacker determined to be port scanning
28
Active security measures: OpenLIDS
• After host is located
– Specific actions are not defined by the protocol
– Can be customized per implementation
• How effective is it?
OpenLIDS Time to detect Conficker worm
Source: OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks [8]
29
Active security measures: OpenLIDS
Summary
• OpenLIDS is fairly minimal
– Linux implementation program size 85 KiB
– Occupies 836 KiB RAM when started
– Grows to 4,128 KiB RAM tracking 1000 hosts
• OpenLIDS is suitable for medium to high
powered MANET devices
– Mote type devices are not powerful enough
30
Specific Power-Aware Approaches
Approaches we’ll talk about:
• DVS (Dynamic Voltage Scaling)
• MDR (Minimum Drain Rate)
31
Specific Power-Aware Approaches: DVS
What is Dynamic Voltage Scaling?
• The idea behind DVS is to take advantage of
the of speed-scaling processors in a way to
save energy
• Many processors are capable of running at
different voltages
– MIPS R4000
– Pretty much any ARM chip
32
Specific Power-Aware Approaches: DVS
• When running at lower voltage:
– Processor runs slower
– Works more efficiently
• Running at a lower voltage is not good all the
time
– Some processors will be pathetically slow when
scaled back
– For data in a MANET that is time critical, deadlines
can be missed
– Energy is not only lost in the processor
33
Specific Power-Aware Approaches: DVS
• To implement DVS w/o missing deadlines, we
need to add another layer to the protocol
• This DVS Layer sits outside of the encrypted
payload
– Tells the receiver (or middle node in link-to-link
encryption) various bits of information about the
packet
34
Specific Power-Aware Approaches: DVS
First packet of DVS enabled message
Source: Design Space Exploration for Energy-Efficient Secure Sensor Network [5]
• Message_info provides the decrypting node
with the information it needs to select the
proper voltage
• Info should be encrypted or at least signed if
the hardware allows
– Tamper proof
• Decrypted/verified at full speed
35
Specific Power-Aware Approaches: DVS
First packet of DVS enabled message
Source: Design Space Exploration for Energy-Efficient Secure Sensor Network [5]
Message_info includes:
• Size of message
• Origin time and latency requirement
• Estimated computation load of message.
• Message destination
36
Specific Power-Aware Approaches: DVS
So how much energy can be saved?
MIPS R4000 Energy usage at different supply voltages
Source: Design Space Exploration for Energy-Efficient Secure Sensor Network [5]
37
Specific Power-Aware Approaches: DVS
DVS Simulation results
DVS Simulation run against a fixed-voltage simulation run
Source: Design Space Exploration for Energy-Efficient Secure Sensor Network [5]
• The DVS approach does the same work
• 2.64 times slower, but uses only 38% of the
energy of the fixed voltage approach!
38
Specific Power-Aware Approaches: DVS
DVS Summary
• As always, actual power savings will depend
on network traffic conditions and other
factors
– High volume of low latency traffic will cut savings
• If packet #1 has missed the message deadline,
entire message will be dropped
• A very novel approach to saving energy in
MANET
39
Specific Power-Aware Approaches: MDR
Minimum Drain Rate
• The idea of Minimum Drain Rate
– Based on the idea of drain rate, which is an
estimation on how long a node can continue
operating at current traffic levels
• With this information, the routing protocol
can modify paths to keep certain nodes online
longer
40
Specific Power-Aware Approaches: MDR
• Routes with nodes having the highest
remaining battery will be utilized as much as
possible
• Keep low battery nodes online as long as
possible
• MDR optimizes for the good of the network
• Other schemes can be selfish
– Useful in WSNs, keep own node online and
collecting data as long as possible
41
Summary
• A good security approach is hard to design
because of all the limitations of the devices
• Designs should be passively secure to protect
against unforeseen attacks
• Implement active security measures to limit
abuse/DoS
42
Summary
• Power-aware security measures
– Promise to go a long way in keeping battery
powered devices online
– Are needed because processing power is
advancing faster than battery technology
43
Summary
MANET Power-conscious security mechanisms
• MANETs themselves are a relatively new area
of research
• MANET security even more so
• MANET power-conscious or power aware
security is pretty much cutting edge!
• Market for these devices grows every day
44
Questions?
45
References
[1] Secret-Key Cryptography-Introduction,IDEA,ECB,CBC,OFB, CFB . Dr. Tricia Chigan, Michigan
Technological University.
[2] LiSP: A lightweigh Security Protocol for Wireless Sensor Networks. Taejoon Park and Kang G.
Shin, University of Michigan.
[3] Security in Mobile Ad Hoc Networks: Challenges and Solutions. Hao Yang, Haiyun Luo, Fan Ye,
Songwu Lu and Lixia Zhang, UCLA Computer Science Department
[4] Constraints and Approaches for Distributed Network Security. David Carman, Peter Kruus and
Brian Matt. NAI Labs, Network Associates Inc.
[5] Design Space Exploration for Energy-Efficient Secure Sensor Network. Lin Yuan and Gang Qu,
University of Maryland Electrical and Computer Engineering Department.
[6] Power-Aware Routing Based on The Energy Drain Rate for Mobile Ad Hoc Networks. Javier
Gomez, Andrew T. Campbell Dept. of Electrical Engineering and Center for
Telecommunications Research. Columbia University, NY, USA.
[7] Power-saving protocols for IEEE 802.11-based multi-hop ad hoc networks. Yu-Chee Tseng,
Chih-Shun Hsu, Ten-Yueng Hsieh. Department of Computer Science and Information
Engineering, National Chiao Tung University, Taiwan
[8] OpenLIDS: A Lightweight Intrusion Detection System for Wireless Mesh Networks. Fabian
Hugelshofer, et al. Computing Department Lancaster University, Lancaster, United Kingdom
46
Download