Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Network tap wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Distributed firewall wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Wireless Network Security and Sensor Networks 1 Advance Security CS692 Fall 2004 Topics Brief review of wireless security Sensor networks: Architecture and Issues of Security of SNs SNEP Tesla 2 Advance Security CS692 Fall 2004 802.11 802.11 a, b, … Components Wireless station A desktop or laptop PC or PDA with a wireless NIC. Access point A bridge between wireless and wired networks Radio Wired network interface (usually 802.3) Bridging software Aggregates access for multiple wireless stations to wired network. 3 Advance Security CS692 Fall 2004 802.11 modes Infrastructure mode Basic Service Set Extended Service Set One access point Two or more BSSs forming a single subnet. Most corporate LANs in this mode. Ad-hoc mode (peer-to-peer) Independent Basic Service Set Set of 802.11 wireless stations that communicate directly without an access point. Useful for quick & easy wireless networks. 4 Advance Security CS692 Fall 2004 Infrastructure mode Access Point Basic Service Set (BSS) – Single cell Station Extended Service Set (ESS) – Multiple cells 5 Advance Security CS692 Fall 2004 Ad-hoc mode Independent Basic Service Set (IBSS) 6 Advance Security CS692 Fall 2004 802.11b Security Services Two security services provided: Authentication Shared Key Authentication Encryption Wired Equivalence Privacy 7 Advance Security CS692 Fall 2004 Wired Equivalence Privacy Shared key between Extended Service Set Stations. An Access Point. All Access Points will have same shared key. No key management Shared key entered manually into Stations Access points Key management a problem in large wireless LANs 8 Advance Security CS692 Fall 2004 WEP – Sending Compute Integrity Check Vector (ICV). Provides integrity 32 bit Cyclic Redundancy Check. Appended to message to create plaintext. Plaintext encrypted via RC4 Provides confidentiality. Plaintext XORed with long key stream of pseudo random bits. Key stream is function of 40-bit secret key 24 bit initialisation vector Ciphertext is transmitted. 9 Advance Security CS692 Fall 2004 WEP Encryption IV Initialisation Vector (IV) Secret key || Seed PRNG Key Stream Cipher text Plaintext || 32 bit CRC ICV Message 10 Advance Security CS692 Fall 2004 WEP – Receiving Ciphertext is received. Ciphertext decrypted via RC4 Ciphertext XORed with long key stream of pseudo random bits. Check ICV Separate ICV from message. Compute ICV for message Compare with received ICV 11 Advance Security CS692 Fall 2004 Shared Key Authentication When station requests association with Access Point AP sends random number to station Station encrypts random number Encrypted random number sent to AP AP decrypts received message Uses RC4, 40 bit shared secret key & 24 bit IV Uses RC4, 40 bit shared secret key & 24 bit IV AP compares decrypted random number to transmitted random number 12 Advance Security CS692 Fall 2004 Wepcrack First tool to demonstrate attack using IV weakness. Open source Three components Weaker IV generator. Search sniffer output for weaker IVs & record 1st byte. Cracker to combine weaker IVs and selected 1st bytes. 13 Advance Security CS692 Fall 2004 Airsnort Automated tool Does it all! Sniffs Searches for weaker IVs Records encrypted data Until key is derived. 14 Advance Security CS692 Fall 2004 Safeguards Security Policy & Architecture Design Treat as untrusted LAN Discover unauthorised use Access point audits Station protection Access point location Antenna design 15 Advance Security CS692 Fall 2004 Bluetooth Security Mode 1 – non-secure. Mode 2 – service level enforced security. Initiated after the channel is established. Mode 3 – link level enforced security Initiated before the channel is established. Trusted Devices Unrestricted access to all services. Untrusted Devices Services requiring Authorisation and Authentication. Services requiring Authentication. Open services. 16 Advance Security CS692 Fall 2004 Link Layer services Link Layer Authentication of Peers Encryption of information Unique public device address BD_ADDR 48 bits, allocated by IEEE 17 Advance Security CS692 Fall 2004 Connecting Two Devices Two devices with no prior connection For low security connections 128 bit Unit link key from one device used. Created when device is manufactured. For higher security connections 128 bit Combination link key generated Provides Confidentiality Integrity Authentication 18 Advance Security CS692 Fall 2004 Combination Key Identical PIN code entered into both devices. 128 bit initialisation link key generated. PIN code Device Address Random number Combination key now generated. Combination key stored for future use. 19 Advance Security CS692 Fall 2004 Wireless Transport Layer Security (WTLS) Provides security services between the mobile device (client) and the WAP gateway Data integrity Privacy (through encryption) Authentication (through certificates) Denial-of-service protection (detects and rejects messages that are replayed) 20 Advance Security CS692 Fall 2004 WAP Gateway Architecture Application Servers Wireless Gateway HTTP/SSL WTLS HTTP/SSL 21 Advance Security CS692 Fall 2004 WAP Stack Configuration 22 Advance Security CS692 Fall 2004 WTLS Protocol Stack 23 Advance Security CS692 Fall 2004 WTLS Record Protocol Takes info from the next higher level and encapsulates them into a PDU Payload is compressed A MAC is computed Compressed message plus MAC code are encrypted using symmetric encryption Record protocol adds a header to the beginning to encrypted payload 24 Advance Security CS692 Fall 2004 Record Protocol Operation 25 Advance Security CS692 Fall 2004 26 Advance Security CS692 Fall 2004 Alert Protocol Convey WTLS-related alerts to the peer entity Alert messages are compressed and encrypted A fatal warning terminates the connection (i.e. incorrect MAC, unacceptable set of security parameters in the handshake Certificate problems usually cause a non-fatal error 27 Advance Security CS692 Fall 2004 SSL vs. WTLS Datagram support ( UDP) Expanded set of alerts Optimized handshake – 3 levels of client/server authentication New Certificate Format – WTLS certificates are small in size and simple to parse Support client identities Additional cipher suites – RC5, short hashes Explicit shared secret mode 28 Advance Security CS692 Fall 2004 Sensor Network What is it? 29 Advance Security CS692 Fall 2004 What and Where/When What? Low cost, low power, multi-functional sensor nodes Communicates within short distances Enabled by MEMS, wireless, and digital electronics Where: Military, health, environmental 30 Advance Security CS692 Fall 2004 Ad hoc Networks vs. SNs Number of nodes several orders larger Densely deployed More prone to failures Dynamic topology (frequent changes) SNs use broadcasts instead of PP Power, CPU, and memory limitations No global IDS 31 Advance Security CS692 Fall 2004 Applications Military Environmental Forest fire, bio-complexity analysis, flood detection Health c4ISRT, NBC detection etc. Tele-monitoring, tracking, drug admin. Commercial Environmental control of office buildings Potential for $55B/year saving &, reduction of 35 mmt of CO2 emission Detection of vehicle thefts (Not Really SensorNets..) Inventory control (Mostly RFIDs not nets) 32 Advance Security CS692 Fall 2004 Design Goals Fault tolerance Scalability Cost ~= $1/node (what do batteries cost? ) Hardware constraints Transmission constraints Power constraints SWAP (Size Weight and Power) critical for military apps 33 Advance Security CS692 Fall 2004 Sensor Networks Overview • Sensor Nodes – Sensor networks are made up of large number of ad hoc sensor nodes • • • • • Power supply Memory Sensing hardware Data processing Communication components 34 Advance Security CS692 Fall 2004 Sensor Networks Overview (cont.) • Sensor networks communication architecture – Sensor nodes and sink node (Monitoring Station) – Each of these scattered sensor nodes has the capabilities to collect data and route data back to the Monitoring Station 35 Advance Security CS692 Fall 2004 Sensor Networks Overview (cont.) Self-organizing sensor networks topology Alberto Cerpa and Deborah Estrin 2002 • Procedure – The source starts transmitting data packets toward the sink (a) – When a node joins the network it starts transmitting and receiving packets and sending a neighbor announcement message (b) – When the process completes, the group of newly active neighbors that have joined the network make the delivery of data from source to sink more reliable (c) 36 Advance Security CS692 Fall 2004 Sensor Networks (cont.) • 4 State transitions of sensor nodes When a node starts, it initializes in the test state; it sets up a timer Tt. When Tt expires, the node enters the active state; Before Tt expire, the number of active neighbors > the neighbor threshold (NT), the node moves to passive state; When a node enters the passive state, it sets up a timer Tp. When Tp expires, the node enters the sleep state. Before Tp expire, , the number of neighbours is < NT(…), the node moves to test state; When a node enter the sleep turns the radio off, sets a timer Ts and goes to sleep. 37 When Ts expires, the node moves into passive state. Advance Security CS692 Fall 2004 Area Monitoring • Jean Carle et al paper, 2003 • 3 sub problems for area monitoring – Select sensors that are needed for area coverage, other sensors to sleep mode - to reduce the number of sensor needed to monitor the area to extend network life; – Construct broadcasting tree from monitoring station to all active sensors: minimum energy broadcasting or dominating set based; – Sensors report events to monitoring station using reverse broadcast tree. 38 Advance Security CS692 Fall 2004 Area Coverage - Algorithm 1 Ye, Zhong,Chen, Lu, Zhang 2003 A sensor sleeps for a while, then decides to be active iff there is no active sensor closer than a threshold distance Once active, it remains active until life ends Non-active periodically reevaluates decision High probability of full coverage if threshold < ≈ 0.3 sensing radius The disadvantage Probabilistic not ensure the full coverage 39 Advance Security CS692 Fall 2004 Area Coverage - Algorithm 2 Tian 2002 Each sensor knows position of all neighbors If neighbors cover its sensing area then sensor sends withdrawal message after timeout = negative acknowledgement (goes to sleep mode) Otherwise, remain active Repeats periodically Neighbor sensors may disappear without notice Covering sensors may not be connected Require priori knowledge of all neighboring nodes 40 Advance Security CS692 Fall 2004 Area Coverage - Algorithm 3 • Carle, Simplot, Stojmenovic, 2003 – Area dominating set algorithm – Covered = active neighbors are connected and together cover its sensing area Central node decides to be non-dominant (sleep) – If not covered at end of timeout then send positive ack, otherwise send negative ack – Positive and negative ack variant – Positive only acks variant (shorter network life) 41 Central node decides to be dominant (active) (area is covered by active neighbors but these neighbors are not connected) Advance Security CS692 Fall 2004 Area Coverage - Algorithm 3 (Cont.) • The Election of Covering Nodes E.g. Nodes 0,1,2,3,4 are active, Node 5 decides to be inactive – If node 5 does not announce its deactivation, • Node 6 decides to be active – Else, node 5 announce its status • Node 6 decides to be inactive • Negative ack may reduce the number of active sensors (prolong network life) 42 • Experiments show that “positive and negative ack” leads to four times smaller area dominating sets than “positive only ack” for dense networks. Advance Security CS692 Fall 2004 Broadcasting - Monitoring Station to Sensors • Distribute requests from monitoring station to the whole sensor nodes • Broadcasting is a common and important operation for route finding, information dissemination or request diffusion • Research on energy efficient broadcast protocols • Aim at reducing the number of sensors which participate in broadcasting 43 Advance Security CS692 Fall 2004 Broadcasting Tree (I)- Monitoring Station to Sensors • F.Dai and J.Wu, 2003 – Dominant punning scheme – Applied on area dominant set – The dominant punning method is the same process as constructing area dominant set – 20% reduction with most of saving the border of monitored area according to the experimental data 44 Advance Security CS692 Fall 2004 Broadcasting Tree (II)- Monitoring Station to Sensors A.Qayyum, et al. Multipoint Relay (MPR) Protocols Select a minimal set of one-hop neighbors that cover the same network as the complete set of neighbors Each node find its relay set Repeats periodically, add to the relay subset the neighboring node which covers The list of relay nodes are attached to the retransmitted packet Applied on area dominating sets, MPR constructs relay subsets which contain nearly all nodes 45 Advance Security CS692 Fall 2004 Reporting Events – Sensors to Monitoring Station • Sensor measurements – sensors report only important information (data aggregation) • Spanning tree induced by flooding over area dominating set (reduce the number of sensors and energy saving) 46 Advance Security CS692 Fall 2004 Management • Ruiz, L.B, et al, 2003 • Three-layer sensor networks management architecture 47 • Service - Executed by a set of function; • Management functions - Five possible states: ready, not-ready, executing, done, and failed; • Wireless sensor networks Models – Dynamic in time Advance Security CS692 Fall 2004 Management (cont.) Sensor nodes differ in their hardware physical capabilities • Manager – Collects and distribute information from all agents and controls the entire networks • Sink node – Host an intermediate manager • Agent – Raise some questions related to the location nodes 48 Advance Security CS692 Fall 2004 Management (cont.) Agents in hierarchical homogeneous Manager - Collects and distribute Agent - Raise some questions Cluster-head - Response for Base Station- Connect, information from all agents and controls the entire networks related to the location nodes sending data to a base station; execute correlation of management data (no sink node) communicate and secure networks 49 Advance Security CS692 Fall 2004 Sensor Network Security What do we mean by sensor network security? Conventional view of security from cryptography community: cryptographically unbreakable design in practical sense Network Reality: very few security breaches in practice are to exploit flaws in cryptographic algorithms; side channel attacks Malicious versus selfish (DoS vs. resource gobbler) Security v.s. robustness, fault tolerance, resiliency Security is not a black/white world, it is progressive We must secure entire networked system, not just an individual component Solutions must be robust/adapt to new threats as much as possible 50 Advance Security CS692 Fall 2004 How is it Different? Wireless Sensor networks have NO clear line of defense Each node is a host as well as a “router” Security solutions in wired or cellular networks may leverage the networking infrastructure Secure Network/service “infrastructure” has to be collaboratively established Wireless channel is easily accessible by both good citizens and attackers Resource constraints on portable devices Energy, computation, memory, etc. Some devices may be compromised Heterogeneity prevents a single security solution 51 Advance Security CS692 Fall 2004 Capability based Abstraction of a Heterogeneous Network Capability-based Abstraction Processing Capabilities BN-Backbone node RN-Regular Node Network Granularity BN BN RN BN RN RN RN RN RN A B 52 Advance Security CS692 Fall 2004 Incomplete list of challenges Resource-Efficient Secure Network Services Cryptographic services Network Initialization, single/multihop neighbor discovery Multihop path establishment & Routing Supporting application services Broadcast authentication Key management Security mechanisms for fundamental services Clock synchronization Secure location discovery and verification of claims Location privacy Secure aggregation and in-network processing Cluster formation/cluster head election Middleware (will not discuss further) 53 Advance Security CS692 Fall 2004 Incomplete list of challenges Modeling vulnerabilities VERY POOR state of understanding Needed by services and applications Cross-layer design techniques Routing/location-aware protocols that are also robust! Incorporating semantics such as geometry, radio model and range for context-based security Functionality instead of optimality 54 Advance Security CS692 Fall 2004 Problem #1: Robust Designs Attacks and compromise of network are reality Misconfiguration cannot be fully eliminated Maybe we can never enumerate Software bugs are #1 cause for all possible attacks Not every device can implement maximum-strength solutions Shift from prevention to tolerance Building trustworthy system out of untrustworthy components Ability to detect, and function, even in the presence of problems Similar analogy to IP building reliable system out of unreliable components How? Can be application specific 55 Advance Security CS692 Fall 2004 Problem #2: Adaptive Security Adaptation to handle many dimensions of dynamics: Adaptive to user requirements Adaptive to user devices Adaptive to channel dynamics: Partial connectivity, disconnectivity, full connectivity Adaptive to mobility Differential security services used in government and military Cross-domain service for roaming users Adaptive to dynamic membership Node join, leave, fail 56 Advance Security CS692 Fall 2004 Problem #3: Joint Design of QoS and Security Incorporating network metrics and security: scalability, communication overhead, computation complexity, energy efficiency, device capability, … Different performance metrics may be in (partial) conflict Probably the most secure system is of minimal usability Example: energy efficiency/computation complexity versus cryptography strength Many conventional security solutions take a centralized approach 57 Advance Security CS692 Fall 2004 Problem #4: Evaluation of Design • Current designs have an explicit threat model in mind • NOT Realistic – Real trace analysis for practical attacks? • Benchmarking ? – Other areas in computer systems have well defined benchmarks: SPEC CPU, TPC-C • Analytical tools • Current effort: game theory, graph theory 58 Advance Security CS692 Fall 2004 Problem #5: Securing the Chain The system is only as secure as the weakest link How to secure these supporting components Often ignored Secure the entire system chain Build multiple fences 59 Many supporting components: DNS, ARP, DHCP,… Other supporting protocols: bootstrapping, discovery, time synchronization Each fence is built based on a component’s resource constraint Advance Security CS692 Fall 2004 Security in Sensor Networks To provide Confidentiality Authenticity, integrity Timeliness – freshness With minimum power consumption Minimize communication – key exchanges Private key encryption 60 Advance Security CS692 Fall 2004 Trust Model Sensor Nodes are not trusted Sink node part of the trusted network Sink node and the sensor nodes share secret Node trusts its own resources Clock, memory etc. 61 Advance Security CS692 Fall 2004 SPIN – Two Protocols Secure Network Encryption Protocol (SNEP) Provides confidentiality, authentication, freshness between endpoints µTESLA - Micro Timed Efficient Stream Losstolerant Authentication Provides broadcast authentication 62 Advance Security CS692 Fall 2004 SNEP Basics Private key encryption DES-CBC Derive subsequent keys from the original shared key using RC5 Use counter mechanism for freshness {Msg}<Kencr, Counter>, MAC(KMAC, Counter | {Msg}<Kencr, Counter>) Confidentiality with authentication MAC 63 Advance Security CS692 Fall 2004 µTESLA Provides authentication for broadcast In general needs public-key system to avoid forgery Public-key not suitable for SNs Emulate public-key using delayed private key disclosure (see details in SPIN paper) 64 Advance Security CS692 Fall 2004 Wireless/Sensor Network References Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J. D. Tygar. SPINS: Security Protocols for Sensor Networks. Mobile Computing and Networking, 2001. Jiejun Kong, Petros Zerfos, Haiyun Luo, Songwu Lu, Lixia Zhang. Providing Robust and Ubiqitous Security Support for Mobile Ad-Hoc Networks. 9th International Conference on Network Protocols, Nov. 2001. Haiyun Luo, Songwu Lu. Ubiquitous and Robust Authentication Services for Ad Hoc Wireless Networks. Technical Report UCLACSD-TR-200030, University of California, Los Angeles. October 2000 Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., and Cayirci, E., ``A Survey on Sensor Networks,” IEEE Communications Magazine, Vol. 40, No. 8, pp. 102-116, August 2002 65 Advance Security CS692 Fall 2004