Professional Documents
Culture Documents
UCLA EE
Chris Kurpinski
Sungha Kim
Outline
Introduction
Security Requirements of Wireless
Ad-Hoc Networks
Typical attacks on Wireless Ad-Hoc
Networks
Security protocols and methods for
ad-hoc networks
Motivation
Security is the most often cited
concern with wireless networks
Wireless networks pose unique
security problems
Power and computation constraints
are often higher in wireless
networks, making security
requirements different
Requirements for network
security
Data confidentiality: keep data secret (usually
accomplished by encryption)
Data integrity: prevent data from being altered
(usually accomplished by encryption)
Data freshness: data is recent
Weak freshness: provides partial ordering of msgs
Strong freshness: provides total ordering and
allows for delay estimation
Data availability: data should be available on
request
Data authentication: verification that the data or
request came from a specific, valid sender
Why security on sensors is
hard
Constrains
Peanut CPU (slow computation rate)
Battery power: trade-off between security
and battery life
Limited memory
High latency: conserve power, turn on
periodically
Nature of wireless ad-hoc network
Every node can be a target
No trusted peer
Decentralized and cooperative participation
of all nodes
Encryption and authentication cannot
eliminate threats
No matter how many intrusion prevention
measures are inserted in a network, there
are always some weak links that one could
exploit to break in
Wireless Ad-Hoc Network
Security Methods
Public-key cryptography overview
Public-key cryptography for wireless:
Key distribution :Certification Authorities,
PGP(Pretty Good Privacy)
Imprinting
SPINS
SNEP
µ TESLA
Intrusion Detection
Public-key cryptography
overview
Alice chooses a random large integer a and
sends Bob X = g a
mod n
a X Y b
?
K KEY K’
µ TESLA Description
Each MAC key is a key (K) of a key chain, generated by a public
one-way function F, where Kj =F(Kj+1)
All blocks sent in a specific time period use the same key
Received blocks are stored in a buffer until the associated key
is released and verified
Any valid key can be used to derive earlier keys, or validate
later keys, but cannot be used to derive later keys.
µ TESLA(Contd.)
Sender Setup
The sender generates a chain of secret keys by choosing
the last key (Kn) randomly, and applying a one-way
function F, such that: Kj =F(Kj +1)
Broadcasting Authenticated Packets
Time intervals are set, and each key of the key-chain is
associated with an interval.
During interval t, the sender uses key Kt to compute the
MAC of all packets.
The sender waits for a delay of δ before revealing Kt,
where δ is greater than any reasonable packet round trip
time.
µ TESLA(Contd.)
M -> S : NM
S -> M : Ts| Ki |Ti |Tint |δ , MAC(KMS, NM | Ts| Ki |Ti |Tint |δ )
µ TESLA(Contd.)
#{(u , v) ∈ V × V : u → G
v}
Infrastructure
Improvements
Shortcut hunter
algorithm: finds the
path with the most
shortcuts for all out-
going and incoming
edges of a given node
Intrusion Detection
Assumptions
User and program activities are
observable
Misuse and anomaly detections
are possible locally and in a
distributed manner
Problems of IDS (intrusion
detection system)
Intrusion Detection (contd)
Misuse detection
Uses patterns of well-known attacks to match and identify
known intrusions
Accurate and effective
Only works against known attacks
Anomaly detection
Uses established normal usage profiles to detect
deviation from the norm
Able to detect new types of attacks
Cannot always describe the nature of an attack
May have a high false positive rate
Intrusion Detection (contd.)
SAR
Embed security metric
into the RREQ packet
Ensure intermediate nodes
can provide required
security
Authenticated users
belonging to same trust
level share a secret key
References
SPINS: Security Protocols for Sensor Networks. A Perrig, R.
Szewczyk, V. Wen, D. Culler, J.D. Tyger
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless
Networks. Frank Stajano, Ross Anderson
Intrusion Detection in Wireless Ad-Hoc Networks. Yongguang
Zhang, Wenke Lee.
The Quest for Security in Mobile Ad-Hoc Networks. Jean-Pierre
Hubaux, Levente Buttyan, Srdan Capkun.
Ad Hoc Networking Critical Features and Performance Metrics.
Madhavi W.Subbarao.
Lowering Security Overhead in Link State Routing. Ralf Hauser,
Tony Przygienda, Gene Tsudik.
References (Contd)
Mitigating Routing Misbehavior in Mobile Ad Hoc Networks.
Sergio Marti, T.J.Giuli, Kevin Lai, and Mary Baker.
Secure Routing for Mobile Ad Hoc Networks. Panagiotis
Papadimitratos and Zygmunt J. Hass.
Securing Ad Hoc Networks. Lidong Zhou and Zygmunt J. Haas.
Securing-Aware Ad hoc Routing for Wireless Networks. Seung Yi,
Prasad Naldurg, and Robin Kravets.
RFC2137 Secure Domain Name System Dynamic Update