Downloads:wireless
advertisement
Wireless Information Networking Group (WING) Securing Wireless Ad Hoc Networks: An ID-Based Cryptographic Approach Yuguang “Michael” Fang, Professor JSPS Visiting Invitation Fellow University of Florida Research Foundation Professor Department of Electrical & Computer Engineering University of Florida Changjiang Scholar Chair Professor Xidian University, China In Collaboration with Xiaoyan Zhu and Yanchao Zhang http://winet.ece.ufl.edu/ Wireless Information Networking Group (WING) Outline • Introduction – Resource-constrained wireless ad hoc networks – Security requirements • Security issues to tackle • Our ID-based public key approach • Conclusion & future work Future Cyberspace: Integrated Wired-Wireless Internet WiMAX Networks Wireless Sensor Networks NSF GENI Vision www.geni.net Wi-Fi Networks Current Internet Cellular Networks Mobile Ad-Hoc Networks Wireless Mesh Networks Wireless Information Networking Group (WING) Wireless Movement • There are many interesting applications – – – – – – – – – Cellular phones PDAs or iPods Bluetooth earphones Wi-Fi (hot-spot technologies) Tactical radios (missions for war or peace keeping)) Smart phones (healthcare monitoring) iPhone Wireless sensors (tagging the environments) Digital cameras or camcorder (wireless connections) You are being watched!!! Wireless Information Networking Group (WING) Wireless Advantage • There are many good things wireless can offer – Frees us from physical attachment – Provides freedom of movement while engaging in communications – Can be self-configured with rapid setup – Could be made high speed (broadband) – Could be made small and be embedded in everything (everything goes wireless) Wireless Information Networking Group (WING) Wireless Disadvantage • There are many design challenges – – – – – – – – – Poor channel conditions (e.g., fading) Time-varying links Failure due to mobility/power depletion Susceptible to interference Limited bandwidth Limited power Limited computing resources (memory and CPU) Open access (subject to interception or eavesdropping) Lack of trusted infrastructure (sometimes)! Wireless Information Networking Group (WING) Design Challenges • Resource constraints pose many secure design challenges – Security schemes for wired networks may NOT be feasible for wireless networks – Computationally intensive scheme will not work well – Power hungry operations should be avoided (due to either computation or communications) – Trust model should be re-evaluated – Non-conventional attacks should be investigated and appropriate strategy should be designed Wireless Information Networking Group (WING) Design Challenges • PKI or not PKI? This is the question! • Public (asymmetric) key approach: PKI – Pros: scalable, easier key establishment, better authentication and embedded digital signature – Cons: computationally intensive, larger key size, demand trusted infrastructure (certificate management) and more overhead due to certificate management, and subject to DoS attacks • Secret (symmetric) key approach: not PKI – Pros: low computational overhead, no certificate is necessary – Cons: not scalable, more communication overhead, no support of digital signature • …dilemma indeed!!! Wireless Information Networking Group (WING) ID-based Public Key Cryptography (PKC) • ID-based Signature (Shamir 1984) • ID-based PKC (Non-interactive PKC) – Joux (2000): pairing does some magic—three-party key agreement – Boneh and Franklin (2001): alternative PKI (encryption) – Any string (or ID) such as email, telephone number, or any string can be used as the public key – No certificate is necessary: does not need to maintain (ID,PublicKey) binding because the public key is directly derivable from the ID – Elliptic curve cryptography can be easily incorporated Wireless Information Networking Group (WING) Why ID-based PKC • Advantages – Non-interactive key establishment: shared secret without exchanging information—conserving energy! – No certificate: saving memory space! No need of trusted infrastructure! – The fact that any string can be a part of public key offers the flexibility of adding specialized property to a user: instead of Michael, we can use Michael @UF – Scalable: as long as private key is given from the same master secret, secure communication can be enabled Wireless Information Networking Group (WING) Why ID-based PKC • Disadvantages – The master secret holder (Trusted Authority or TA) knows everything: somebody is watching! – Computational complexity of pairing: more complex than exponentiation! • Fitting Wireless Ad Hoc Networks (WANETs) – WANETs is designed for a single mission, hence collaborative in nature and TA is the network owner! – Pairing computational efficiency is progressing: • Hardware implementation: Tate pairing needs 6ms to compute • Platform implementation: sub-second implementation on sensor platform has been proposed lately (Wisec’2009) Wireless Information Networking Group (WING) Notation IDA : node A ' s ID LA : node A ' s physical location q : a large prime ( 160 bits) G1 , G2 : two cyclic groups of order q s : a network master secret, 1 s q 1 W : an arbitrary generator of G1 W p : W p sW G1 H1 : hash function mapping inputs to non-zero elements in G1 H 2 : hash function mapping inputs to fixed-length outputs Wireless Information Networking Group (WING) Pairing Technique f : G1 G1 G2 (pairing), such that, U , V , S , T G1 , f (U V , S T ) f (U , S ) f (U , T ) f (V , S ) f (V , T ) (bilinear) a , b [1, q 1] f ( aU , bV ) f ( aU , V ) b f (U , bV ) a f (U , V ) ab (bilinear) f (U , V ) f (V , U ) (symmetric) Similar to the exponentiation function in RSA Modified Weil pairing or Tate pairing can be used Wireless Information Networking Group (WING) Key Generation and Establishment • Key Generation: Public key: ID Private key: K sH1 ( ID) G1 • Given (ID, K), it is infeasible to derive s, as the Discrete Logarithm Problem is computationally hard in G1. • Key establishment: node A (IDA,KA) and node B (IDB,KB) k A, B f ( K A , H1 ( IDB )) f ( sH1 ( IDA ), H1 ( IDB )) f ( H1 ( IDA ), sH1 ( IDB )) f is bilinear f ( H1 ( IDA ), K B ) f ( K B , H1 ( IDA )) f is symmetric kB , A A shared key is established without exchanging any information!!! Wireless Information Networking Group (WING) Wireless Sensor Networks • A wireless sensor network (WSN) is composed of a large number of low-cost sensor nodes randomly deployed to sense/monitor the field of interest, collect and process information, and make intelligent decision (actuation) • Sensor nodes – – – – – Limited in energy, computation, and storage Sense/monitor their local environment Perform limited data processing Communicate over short distances Actuate/control (decision making) • E.g., sink model – Gather data from sensor nodes and connect the WSN to the outside world Wireless Information Networking Group (WING) Wireless Sensor Networks sink Wireless Information Networking Group (WING) Security Requirements Message confidentiality Message authenticity & integrity An attacker at (20,18) A An attacker at (20,18) B Node mutual authentication U More … sink Wireless Information Networking Group (WING) Security Issues • • • • • • • • • • Authentication Key agreement Mitigating specific serious attacks Secure location discovery Broadcast authentication Secure data aggregation Secure clock synchronization Secure routing and MAC protocols Intrusion detection … Wireless Information Networking Group (WING) #1 Pair-wise Authentication • Two neighboring nodes verify that the other party is who it claims to be – Chan et al. (IEEE SP’03) • Otherwise, attackers can – Inject false data reports via good nodes – Distribute wrong routing information – Impersonate good nodes to misbehave “Show me you are B” A “Show me you are A” B Wireless Information Networking Group (WING) #2 Key Agreement • Two neighboring nodes establish a shared secret key known only to themselves – Eschenauer and Gligor (CCS’03), Chan et al. (SP’03), Liu and Ning (IEEE CCS’03), … • The shared key is a prerequisite for – Message encryption/decryption – Message authentication A B encrypt/ authenticate Wireless Information Networking Group (WING) #3 Sybil Attack • Sybil (1976) staring Sally Field: a girl with at least 13 personalities • A malicious node claims multiple identities – Severely interrupt routing, fair resource allocation, distributed storage, misbehavior detection … – Douceur (IPTPS’02), Newsome et al. (IPSN’04) E “I am V” “I am W” “I am U” A “I am F” D Correct path wrong path B C F Wireless Information Networking Group (WING) #4 Node Duplication Attack • The attacker put clones of a captured node at random or strategic locations in the network – Parno et al. (IEEE SP’05) A sink Wireless Information Networking Group (WING) #5 Random Walk Attack • The attacker uses secret information of a captured node to roam in the network A sink Wireless Information Networking Group (WING) #6 Wormhole Attack • Attackers tunnel packets received at one location to another distant network location – Hu et al. (INFOCOM’03), Karlof et al. (SNPA’03) • Allowing the attacker to – Disrupt routing, selectively drop packets, … A B secret Wormhole link Wireless Information Networking Group (WING) Previous Research • Many separate solutions exist, but – Difficult to combine due to different or even conflicting underlying assumptions – Even if possible, far too complex a solution stack – Most prior solutions do not work when a small number of nodes are captured by attackers – Many schemes address one problem but create other problems – Most schemes apply the symmetric key approach. Many do reduce the computational cost; however, they tend to dramatically increase the communications cost (often ignored by many) Wireless Information Networking Group (WING) Observation • Almost all WSN applications are locationdependent and require a sensor node to know its own location – E.g., military sensing and tracking • Most sensor nodes are stationary once deployed – Can be identified by their IDs plus locations • Most sensor nodes have a limited comm. range – Can only directly communicate with others inside their communication range Wireless Information Networking Group (WING) Location-based Security Solution • Location-based authentication – – – – – – Neighbor-to-neighbor authentication Key agreement Sybil attack Node duplication attack Random walk attack Wormhole attack Wireless Information Networking Group (WING) Location-based Keys • Conventional way: ID-based keys – Name a node merely with its ID – Bind sensor nodes’ keys only to their IDs – Vulnerable to many attacks, e.g., node duplication • Our method: location-based keys (LBKs) – Name a node with both its ID and location • Michael@UF is more specific than Michael! – Bind sensor nodes’ keys to both IDs and locations Wireless Information Networking Group (WING) Location-based Keys • Assume a secure way to decide node locations – Zhang et al., IEEE JSAC’06 • Node A’s LBKs: Public key: IDA @ LA Private key: K A sH1 ( IDA @ LA ) G1 – Given (IDA@LA, KA), it is infeasible to derive s, as the Discrete Logarithm Problem is hard in G1. • Each node only knows its unique LBK pair, and has no knowledge of s – Use a key pre-distribution model Wireless Information Networking Group (WING) Neighbor-to-Neighbor Authentication • Purpose – Discover and perform mutual authentication with neighboring sensor nodes • Idea – Check if the candidate is within the comm. range and has the correct location-based private key Neighbor-to-Neighbor Authentication Node A: K A sH1 ( ID A @ LA ) IDA @ LA , nA broadcast Node B: K B sH 1 ( IDB @ LB ) ? LB LA R k B , A f ( K B , H1 ( ID A @ LA )) IDB @ LB , nB , H 2 ( nA || nB ||1|| kB , A ) unicast ? LA LB R k A,B f ( K A , H1 ( IDB @ LB )) ? H 2 ( n A || nB ||1|| k A,B ) H 2 ( n A || nB || 1|| k B , A ) H 2 ( nA || nB|| 2 || k A,B ) unicast ? H 2 ( n A || nB || 2 || k B , A ) H 2 ( n A || nB || 2 || k A,B ) Neighbor-to-Neighbor Authentication Node A: K A sH1 ( IDA @ LA ) Node B: K B sH1 ( IDB @ LB ) k A,B f ( K A , H1 ( IDB @ LB )) k B , A f ( K B , H 1 ( ID A @ LA )) k A, B f ( K A , H1 ( IDB @ LB )) f ( sH1 ( IDA @ LA ), H1 ( IDB @ LB )) f ( H1 ( IDA @ LA ), sH1 ( IDB @ LB )) f is bilinear f ( H1 ( IDA @ LA ), K B ) f ( K B , H1 ( IDA @ LA )) f is symmetric kB, A ? H 2 (n A || nB ||1|| k A,B ) H 2 (n A || nB ||1|| k B , A ) ? H 2 (n A || nB || 2 || k B , A ) H 2 (n A || nB || 2 || k A,B ) Wireless Information Networking Group (WING) Resilience to Sybil Attack D “I am IDW@LW” E “I am IDF@LF” “I am IDV@LV” A B “I am IDU@LU” C • The captured node does not have the correct location-based private keys of the nodes it claims to be • Comparison to Newsome et al. (IPSN’04) – Our solution has much higher network scalability (Random key predistribution with limited network size) Wireless Information Networking Group (WING) Resilience to Node Duplication Attack K A sH1 ( IDA @ LA ) R A IDA @ LA , nA B || LB LA || R • A duplicate will be detected if talking to good nodes outside the communication range of node A • The impact range of a captured node is reduced from the whole network to a small circle of radius < R • Comparison to Parno et al. (IEEE SP’05) – Our solution is much more efficient in both communication and computation (periodic report on location and witness nodes help) Wireless Information Networking Group (WING) Resilience to Random Walk Attack A R sink • The impact range of a capture node is reduced from the whole network to a small circle of radius < R Wireless Information Networking Group (WING) Resilience to Wormhole Attack K A sH1 ( IDA @ LA ) K B sH1 ( IDB @ LB ) A B R || LB LA || R R IDA @ LA , nA Wormhole link • The wormhole attack is completely defeated • Comparison to Hu et al. (INFOCOM’03) – Our solution has no stringent requirement on sensor hardware and time synchronization (restrict the maximum transmission distance of any packet) Wireless Information Networking Group (WING) Comparison to Prior Solutions Our scheme Eschenauer’02, Chan’03, Du’03, Liu’03 … Key agreement Deterministic Probabilistic Neighborhood authentication Yes No or very limited Support for digital signatures Yes No Storage cost Low High Network scalability High Poor Attack resilience High Poor Communication overhead Low High Computation overhead High Low Comm.+Computation overhead Low High Wireless Information Networking Group (WING) ID-based Certificateless Key Management • Propose a novel construction method of ID-based public/private keys, in which each public or private key consists of a node-specific element and a network-wide common element • Design an efficient protocol to update public & private keys of all non-compromised nodes with one broadcast message & threshold cryptography Y. Zhang, W. Liu, W. Lou and Yuguang Fang, “Securing mobile ad hoc networks with certificateless public keys,” IEEE Transactions on Dependable and Secure Computing, 3(4): 386-399, 2006. Wireless Information Networking Group (WING) Anonymity in MANETs • ID-based approach can be used to generate multiple pseudonyms, which then generate dynamic link identifiers to hide real IDs – Anonymous MAC • Use pseudonyms instead of MAC addresses – Anonymous routing • Dynamic pseudo link ID management (dynamic link identifiers) to hide both source and destination Y. Zhang, W. Liu, W. Lou and Yuguang Fang, “MASK: anonymous ondemand routing in mobile ad hoc networks,” IEEE Transactions on Wireless Communications, 5(9): 2376-2385, 2006 Wireless Information Networking Group (WING) Security & Billing in Wireless Mesh Networks • ID-based authentication schemes among mesh routers and mobile clients – Authentication for mesh router-mesh router, mesh router-mesh client, and client-client – Countermeasure against DoS attacks • Micro-payment schemes Y. Zhang and Y. Fang, “A secure authentication and billing architecture for wireless mesh networks,'' Accepted for publication in ACM Wireless Networks Y. Zhang and Y. Fang, “ARSA: an attack-resilient security architecture for multihop wireless mesh networks,” IEEE Journal on Selected Areas in Communications, 24(10): 1916-1928, 2006. Wireless Information Networking Group (WING) Conclusions • Discuss challenges for information insurance • Demonstrate the innovative applications of IDbased cryptography – Minimize communication overhead (no certificate, establishing session keys without exchanging keying materials) • Exemplary application: a location-based unified solution for wireless sensor networks to address – Neighbor-to-neighbor authentication, key agreement, Sybil attack, node duplication attack, random walk attack, wormhole attack, data injection attack Wireless Information Networking Group (WING) Future Research Directions • There are many research challenges ahead – How to reduce the pairing computational complexity (hardware?) – How to deal with heterogeneous ad hoc networks (more powerful nodes can be better used to our advantage) – How to take advantage of mobile nodes – Mission-dependent, light-weight and adaptive security schemes – How to harness the cooperative nature, if any. – How to proactively detect intrusion – How to secure distributed storage – How to secure routing protocol in the light-weight fashion – How to carry out secure target tracking – How to integrate the security schemes over resource-constrained networks with those over fixed infrastructure – …
