Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice) Wormhole Attack What is it? An attacker receives packets at one point in the network, “tunnels” them to a different point in the network and then replays them from this point. Note: the attacker can create a wormhole for packets not addressed to itself so long as it is within hearing range Why is this bad? A node is misled to believe it is within transmission range of the sending node Wormhole Attack Gives the attacker many advantages of power over the network: Example 1: When used against DSR, each ROUTE REQUEST packet is tunneled directly to the destination target note of the REQUEST. All of the destination neighbors following normal routing protocol rebroadcast the REQUEST copy but discard without processing all other received ROUTE REQUEST packets originating from the same Route Discovery essentially, routes greater than two hops are never discovered. The attacker can then discard rather than forward all data packets leading to DOS attack since no other route to the destination can be discovered as long as the attacker maintains the wormhole for ROUTE REQUEST. The attacker can also selectively modify or drop random bits of a data packet Example 2 Wireless Access Control system based on physical proximity: such as wireless keys, or proximity and token based access control systems for PCs - an attacker could relay the authentication exchanges to gain access Partial prevention techniques Secret method for modulating bits RF watermarking - authenticates wireless transmission by by modulating RF waveform in a way known only to authorized nodes. Knowledge of which RF parameters are modulated is kept secret. Shortcoming: If waveform is exactly captured and replayed at the end of the wormhole, the signal level of the watermark is independent of the distance traveled hence watermark may still be intact even if it traveled beyond normal wireless transmission range Intrusion Detection - may work in some cases but difficult in general since packets sent by attacker are indistinguishable from packets sent by legitimate nodes Packet Leash Author defined general mechanism for detecting and defending against wormhole attacks. A Leash is any information that is added to a packet for the purpose of restricting the packet’s maximum allowed transmission distance. Two types: Geographical Leashes Temporal Leashes Geographical Leashes I Requirements: each node must know its location and all nodes must have loosely synchronized clocks The sender includes in the packet, its own location, ps, and the time it sent the packet, ts, The receiver compares these values to its location pr, and the time it receives the packet tr, If the clocks of both sender and receiver are synchronized within ,and v is an upper bound on the velocity of any node, the receiver can compute an upper bound on the distance between itself and the sender, dsr Geographical Leashes II A digital signature could be used to authenticate the the location and timestamp in the received packet Sometimes, bounding the distance between sender and receiver does not prevent wormhole attacks: e.g when obstacles prevent communication between two nodes who are otherwise within allowed transmission range. Solution: Each node has a propagation model. There is a defined radius around both the sender and the receiver such that the receiver verifies that every possible location of the sender radius around ps can send to every possible location of the receiver radius around pr Temporal Leashes Requirements: All nodes must have tightly synchronized clocks s.t. max difference between any two nodes’ clocks is and must be known by all network nodes Process: Option I: The sending node includes in the packet the time at which it sent the packet, ts, and this value is compared by the receiving node to the time it receives the packet tr. The receiver can determine whether the packet traveled further based on the supposed transmission time and the speed of light. Option II: The sender could include an expiration time in the packet so that the receiver does not accept the packet after this time Note: Could also use signatures for authentication Potential Problems Time synchronization subject to attacks, and hence restricts applicability of temporal leashes In contention-based MAC protocol, sender may not know exact time packet will be transmitted Receiver needs to be able to authenticate expiration time in temporal leashes, option II, otherwise, attacker could change the time and still wormhole the packet Solution: TESLA with Instant Key disclosure (TIK) protocol TIK Protocol I Why was TIK developed? To resolve the problem of attacker accessing and modifying the expiration time of a temporal leash. The current methods for preventing this have several drawbacks: Message Authentication Codes: n(n-1)/2 keys need to be set up in a network of n nodes - key set up expensive, impractical in large networks.For a broadcast packet, the sender would need to add a separate MAC for each receiver - increases packet size, possibly greater than maximum packet size. One could have multiple users share keys but this allows a subset of colluding receivers to impersonate attacker Digital Signatures: based on computationally expensive asymmetric cryptography. TIK Protocol II TIK is an extension of TESLA broadcast authentication protocol which uses time as a source of authentication asymmetry to ensure that a receiver can verify but not create valid authentication information. TIK basically includes the key in the packet. TIK requires accurate time synchronization between all nodes and each node only needs to know one public value for each sender node. TIK Protocol III - Stages Sender Setup Receiver Bootstrapping Sending and verifying Authenticated Packets Security Analysis of Packet Leashes Provide means of verifying that signal is not propagating farther than normal transmission distance Using geographic leashes, nodes can detect tunneling across obstacles otherwise impenetrable by radio A malicious receiver could refuse to check the leash - an attacker could tunnel to another attacker without detection but this second attacker cannot forward the packet without being detected Geographic leashes less efficient than temporal since they require broadcast authentication Conclusion Wormhole attacks - tunneling of packets by the attacker providing several advantages which could result in misleading route information as well as Denial-of-Service attacks Packet leashes (additional information added to packets to restrict maximum transmission distance of a packet) - as a detection and defense mechanism against wormhole attacks: Geographical and Temporal Leashes TIK designed to implement temporal leashes - needed to provide authentication of received packets - requires n public keys in a network of size n