Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download information
Document related concepts
Deep packet inspection wikipedia , lookup
Backpressure routing wikipedia , lookup
Distributed operating system wikipedia , lookup
Airborne Networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Transcript
Tema 5.Seguridad Problemas Soluciones Redes Inalámbricas y Computación Ubicua/2006-2007 Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Routing security vulnerabilities Wireless medium is easy to snoop on Due to ad hoc connectivity and mobility, it is hard to guarantee access to any particular node (for instance, to obtain a secret key) Easier for trouble-makers to insert themselves into a mobile ad hoc network (as compared to a wired network) Open medium Dynamic topology Distributed cooperation (absence of central authorities) Constrained capability (energy) Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Securing Ad Hoc Networks Definition of “Attack” from the RFC 2828 — Internet Security Glossary : ¾ “ An assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of the system.” Goals ¾ ¾ ¾ ¾ ¾ Availability: ensure survivability of the network despite denial of service attacks. The DoS can be targeted at any layer Confidentiality: ensures that certain information is not disclosed to unauthorized entities. Eg Routing information information should not be leaked out because it can help to identify and locate the targets Integrity: guarantee that a message being transferred is never corrupted. Authentication: enables a node to ensure the identity of the nodes communicating. Non-Repudiation: ensures that the origin of the message cannot deny having sent the message Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Routing attacks Classification: External attack vs. Internal attack ¾ ¾ External: Intruder nodes can pose to be a part of the network injecting erroneous routes, replaying old information or introduce excessive traffic to partition the network Internal: The nodes themselves could be compromised. Detection of such nodes is difficult since compromised nodes can generate valid signatures. Passive attack vs. Active attack ¾ ¾ Passive attack: “Attempts to learn or make use of information from the system but does not affect system resources” (RFC 2828) Active attack: “Attempts to alter system resources or affect their operation” (RFC 2828) Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Normal Flow Information source Information destination Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Passive Attacks Sniffer Passive attacks Interception (confidentiality) Release of message contents Traffic analysis Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Sniffers All machines on a network can “hear” ongoing traffic A machine will respond only to data addressed specifically to it Network interface: “promiscuous mode” – able to capture all frames transmitted on the local area network segment Risks of Sniffers: ¾ ¾ Serious security threat Capture confidential information Authentication information Private data ¾ Capture network traffic information Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Interception Information source Information destination Unauthorized party gains access to the asset – Confidentiality Example: wiretapping, unauthorized copying of files Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Passive attacks Release of message contents ¾ ¾ Intruder is able to interpret and extract information being transmitted Highest risk: authentication information Can be used to compromise additional system resources Traffic analysis ¾ ¾ Intruder is not able to interpret and extract the transmitted information Intruder is able to derive (infer) information from the traffic characteristics Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Protection against passive attacks Shield confidential data from sniffers: cryptography Disturb traffic pattern: ¾ ¾ Traffic padding Onion routing Modern switch technology: network traffic is directed to the destination interfaces Detect and eliminate sniffers Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Active attacks Active attacks Interruption (availability) Modification (integrity) Fabrication (integrity) Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Interruption Information source Information destination Asset is destroyed or becomes unavailable - Availability Example: destruction of hardware, cutting communication line, disabling file management system, etc. Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Denial of service attack Adversary floods irrelevant data Consume network bandwidth Consume resource of a particular node E-mail bombing attack: floods victim’s mail with large bogus messages ¾ ¾ Popular Free tools available Smurf attack: ¾ ¾ ¾ Attacker multicast or broadcast an Internet Control Message Protocol (ICMP) with spoofed IP address of the victim system Each receiving system sends a respond to the victim Victim’s system is flooded Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes TCP SYN flooding Server: limited number of allowed half-open connections Backlog queue: ¾ ¾ ¾ Attack: ¾ ¾ ¾ ¾ Existing half-open connections Full: no new connections can be established Time-out, reset Attacker: send SYN requests to server with IP source that unable to response to SYN-ACK Server’s backlog queue filled No new connections can be established Keep sending SYN requests Does not affect ¾ ¾ Existing or open incoming connections Outgoing connections Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Protection against DoS, DDoS Hard to provide full protection Some of the attacks can be prevented ¾ ¾ Filter out incoming traffic with local IP address as source Avoid established state until confirmation of client’s identity Internet trace back: determine the source of an attack Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Modification Information source Information destination Unauthorized party tampers with the asset – Integrity Example: changing values of data, altering programs, modify content of a message, etc. Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Attacks using modification Attacks using modification Idea: ¾ Malicious node announces better routes than the other nodes in order to be inserted in the ad-hoc network How ? ¾ ¾ ¾ ¾ ¾ ¾ Redirection by changing the route sequence number Redirection with modified hop count Denial Of Service (DOS) attacks Modify the protocol fields of control messages Compromise the integrity of routing computation Cause network traffic to be dropped, redirected to a different destination or take a longer route Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Attacks using modification Redirection with modified hop count: - The node C announces to B a path with a metric value of one - The intruder announces to B a path with a metric value of one too - B decides which path is the best by looking into the hop count value of each route Node C Metric 1 and 3 hops Node A Node B Node D Metric 1 and 1 hop Intruder Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Attacks using modification Denial Of Service (DOS) attacks with modified source routes: ¾ ¾ ¾ ¾ A malicious node is inserted in the network The malicious node changes packet headers it receives The packets will not reach the destination: The transmission is aborted Node A sends packets with header: (route cache to reach node E) Intruder I decapsulates packets, change the header: A-B-I-C-D-E A-B-I-C-E Node A Node B Intruder I Node C has no direct route with E, also the packets are dropped Node C Node D Node E Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Fabrication Information source Information destination Unauthorized party insets counterfeit object into the system – Authenticity Example: insertion of offending messages, addition of records to a file, etc. Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Attacks using fabrication Attacks using fabrication ¾ Idea: Generates traffic to disturb the good operation of an ad-hoc network ¾ How ? Falsifying route error messages Corrupting routing state Routing table overflow attack Replay attack Black hole attack Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Attacks using fabrication Falsifying route error messages: ¾ ¾ ¾ ¾ When a node moves, the closest node sends “error” message to the others A malicious node can usurp the identity of another node (e.g. By using spoofing) and sends error messages to the others The other nodes update their routing tables with these bad information The “victim” node is isolated Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Attacks using fabrication Corrupting routing state: ¾ ¾ ¾ ¾ In DSR, routes can be learned from promiscuously received packets A node should add the routing information contained in each packet’s header it overhears A hacker can easily broadcast a message with a spoofed IP address such as the other nodes add this new route to reach a special node S It’s the malicious node which will receive the packets intended to S. Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Attacks using fabrication Routing table overflow attack: ¾ ¾ ¾ Available in “pro-active” protocols. These protocols try to find routing information before they are needed A hacker can send in the network a lot of route to non-existent nodes until overwhelm the protocol Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Attacks using fabrication Replay attack: ¾ ¾ A hacker sends old advertisements to a node The node updates its routing table with stale routes Black hole attack: ¾ ¾ A hacker advertises a zero metric route for all destinations All the nodes around it will route packets towards it Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Attacks using impersonation Attacks using impersonation ¾ Idea : Usurpates the identity of another node to perform changes ¾ How ? Spoofing MAC address of other nodes Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Attacks using impersonation Forming loops by spoofing MAC address: ¾ ¾ ¾ ¾ A malicious node M can listen all the nodes when the others nodes can only listen their closest neighbors Node M first changes its MAC address to the MAC address of the node A Node M moves closer to node B than node A is, and stays out of range of node A Node M announces node B a shorter path to reach X than the node D gives A C M B D E X Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Attacks using impersonation Forming loops by spoofing MAC address: ¾ ¾ ¾ ¾ Node B changes its path to reach X Packets will be sent first to node A Node M moves closer to node D than node B is, and stays out of range of node B Node M announces node D a shorter path to reach X than the node E gives A C M B D E X Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Attacks using impersonation Forming loops by spoofing MAC address: ¾ ¾ ¾ Node D changes its path to reach X Packets will be sent first to node B X is now unreachable because of the loop formed A C M B D E X Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Other Routing attacks Attacks for routing: ¾ ¾ ¾ ¾ ¾ Wormhole attack (tunneling) Invisible node attack The Sybil attack Rushing attack Non-cooperation Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Wormhole attack Colluding attackers uses “tunnels” between them to forward packets Place the attacker in a very powerful position The attackers take control of the route by claiming a shorter path tunnel M ……..…. N D C S A B Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Invisible node attack Attack on DSR Malicious does not append its IP address M becomes “invisible” on the path S B M C D Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes The Sybil attack Represents multiple identities Disrupt geographic and multi-path routing B M1 M5 M2 M3 M4 Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Rushing attack Directed against on-demand routing protocols The attacker hurries route request packet to the next node to increase the probability of being included in a route Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Non-cooperation Node lack of cooperation, not participate in routing or packet forwarding Node selfishness, save energy for itself Tema 5.Seguridad Problemas Soluciones Redes Inalámbricas y Computación Ubicua/2006-2007 Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Ariadne Overview Authenticate routing messages using one of: ¾ Shared secrets between each pair of nodes Avoids need for synchronization ¾ Shared secrets between communicating nodes combined with broadcast authentication Requires loose time synchronization Allows additional protocol optimizations ¾ Digital signatures Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes TESLA Overview Broadcast authentication protocol used here for authenticating routing messages ¾ ¾ Efficient and adds only a single message authentication code (MAC) to a message Requires asymmetric primitive to prevent others from forging MAC TESLA achieves asymmetry through clock synchronization and delayed key disclosure Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes TESLA Overview (cont.) 1. 2. 3. 4. Each sender splits the time into intervals It then chooses random initial key (KN) Generates one-way key chain through repeated use of a one-way hash function (generating one key per time interval) KN-1=H[KN], KN-2=H[KN-1]… These keys are used in reverse order of generation The sender discloses the keys based on the time intervals Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes TESLA Overview (cont.) Sender attaches MAC to each packet ¾ ¾ ¾ Computed over the packet’s contents Sender determines time interval and uses corresponding value from oneway key chain With the packet, the sender also sends the most recent disclosable oneway chain value Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes TESLA Overview (cont.) Receiver knows the key disclosing schedule Checks that the key used to compute the MAC is still secret by determining that the sender could not have disclosed it yet ¾ As long as the key is still secret, the receiver buffers the packet ¾ When the key is disclosed, receiver checks its correctness (through self-authentication) and authenticates the buffered packets Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Network Assumptions Network links are bidirectional The network may drop, corrupt, reorder or duplicate packets Each node must be able to estimate the end-to-end transmission time to any other node in the network Disregard physical attacks and Medium Access Control attacks Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Node Assumptions Resources of nodes may vary greatly, so Ariadne assumes constrained nodes All nodes have loosely synchronized clocks Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Security Assumptions Three authentication mechanism possibilities: ¾ ¾ ¾ Pairwise secret keys (requires n(n+1)/2 keys) TESLA (shared keys between all source-destination pairs) Digital signatures (requires powerful nodes) Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Key Setup Shared secret keys Key distribution center ¾ Bootstrapping from a Public Key Infrastructure ¾ Pre-loading at initialization ¾ Initial TESLA keys Embed at initialization ¾ Assume PKI and embed Certifications Authority’s public key at each node ¾ Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Ariadne Notation A and B are principals (e.g., communicating nodes) KAB and KBA are secret MAC keys shared between A and B MACKAB(M) is computation of MAC of message M using key KAB Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Route Discovery Assume sender and receiver share secret (non-TESLA) keys for message authentication Target authenticates ROUTE REQUESTS ¾ ¾ Initiator includes a MAC computed with end-to-end key Target verifies authenticity and freshness of request using shared key Data authentication using TESLA keys ¾ ¾ Each hop authenticates new information in the REQUEST Target buffers REPLY until intermediate nodes release TESLA keys TESLA security condition is verified at the target Target includes a MAC in the REPLY to certify the condition was met Attacker can remove a node from node list in a REQUEST One-way hash functions verify that no hop was omitted (per-hop hashing) Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Route Discovery (cont.) Assume all nodes know an authentic key of the TESLA one-way key chain of every other node Securing ROUTE REQUEST Target can authenticate the sender (using their additional shared key) ¾ Initiator can authenticate each path entry using intermediate TESLA keys ¾ No intermediate node can remove any other node in the REQUEST or REPLY ¾ Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Route Discovery (cont.) ROUTE REQUEST packet contains eight fields: ¾ ¾ ¾ ¾ ¾ ¾ ¾ ¾ ROUTE REQUEST: label initiator: address of the sender target: address of the recipient id: unique identifier time interval: TESLA time interval of the pessimistic arrival time hash chain: sequence of MAC hashes node list: sequence of nodes on the path MAC list: MACs of the message using TESLA keys Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Route Discovery (cont.) Upon receiving ROUTE REQUEST, a node: 1. 2. 3. Processes the request only if it is new Processes the request only if the time interval is valid (not too far in the future, but not for an already disclosed TESLA key) Modifies the request and rebroadcasts it – Appends its address to the node list, replaces the hash chain with H[A, hash chain], appends MAC of entire REQUEST to MAC list using KAi where i is the index for the time interval specified in the REQUEST Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Route Discovery (cont.) When the target receives the route request: 1. 2. Checks the validity of the REQUEST (determining that the keys from the time interval have not been disclosed yet and that hash chain is correct) Returns ROUTE REPLY containing eight fields – – – ROUTE REPLY, target, initiator, time interval, node list, MAC list target MAC: MAC computed over above fields with key shared between target and initiator key list: disclosable MAC keys of nodes along the path Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Route Discovery (cont.) Node forwarding ROUTE REPLY ¾ Waits until it can disclose TESLA key from specified interval Appends that key to the key list This waiting does delay the return of the ROUTE REPLY but does not consume extra computational power Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Route Discovery (cont.) When initiator receives ROUTE REPLY 1. 2. 3. Verifies each key in the key list is valid Verifies that the target MAC is valid Verifies that each MAC in the MAC list is valid using the TESLA keys Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Route Maintenance Based on DSR ¾ Node forwarding a packet to the next hop returns a ROUTE ERROR to the original sender Prevent unauthorized nodes from sending errors, we require errors to be authenticated by the sender Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Route Maintenance (cont.) ROUTE ERROR contains six fields ¾ ¾ ¾ ¾ ¾ ¾ ROUTE ERROR: label sending address: node encountering error receiving address: intended next hop time interval: pessimistic arrival time of error at destination error MAC: MAC of the preceding fields of the error (computed using sender’s TESLA key) recent TESLA key: most recent disclosable TESLA key Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Route Maintenance Errors are propagated just as regular data packets ¾ Intermediate nodes remove routes that use the bad link Sending node continues to send data packets along the route until error is validated ¾ Generates additional errors, which are all cleaned up when the error is finally validated Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Anonymous Communication Sometimes security requirement may include anonymity Availability of an authentic key is not enough to prevent traffic analysis We may want to hide the source or the destination of a packet, or simply the amount of traffic between a given pair of nodes Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Traffic Analysis Traditional approaches for anonymous communication, for instance, based on MIX nodes or dummy traffic insertion, can be used in wireless ad hoc networks as well However, it is possible to develop new approaches considering the broadcast nature of the wireless channel Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Mix Nodes [Chaum] Mix nodes can reorder packets from different flows, insert dummy packets, or delay packets, to reduce correlation between packets in and packets out G D C M1 B A M3 M2 E F Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Mix Nodes Node A wants to send message M to node G. Node A chooses 2 Mix nodes (in general n mix nodes), say, M1 and M2 G D C M1 B A M3 M2 E F Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Mix Nodes Node A transmits to M1 message K1(R1, K2(R2, M)) where Ki() denotes encryption using public key Ki of Mix i, and Ri is a random number G D C M1 B A M3 M2 E F Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Mix Nodes M1 recovers K2(R2,M) and send to M2 G D C M1 B A M3 M2 E F Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Mix Nodes M2 recovers M and sends to G G D C M1 B A M3 M2 E F Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Mix Nodes If M is encrypted by a secret key, no one other than G or A can know M Since M1 and M2 “mix” traffic, observers cannot determine the source-destination pair without compromising M1 and M2 both Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Alternative Mix Nodes Suppose A uses M2 and M3 Î Need to take fewer hops (not M1 and M2) Choice of mix nodes affects overhead G D C M1 B A M3 M2 E F Redes Inalámbricas Inalámbricas yy Computación Computación Ubicua/2006-2007 Ubicua/2006-2007 Redes Mix Node Selection Intelligent selection of mix nodes can reduce overhead [Jiang04] With mobility, the choice of mix nodes may have to be modified to reduce cost However, change of mix selection has the potential for divulging more information
