Computer Science 4/26/20071 Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks...
-
Upload
leonard-green -
Category
Documents
-
view
218 -
download
0
Transcript of Computer Science 4/26/20071 Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks...
4/26/2007 1
Computer Science
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Presented by : Varagur Karthik Iyer
Adapted from the slides by: Qiao Xu, CSC774 Spring04
4/26/2007 2Computer Science
Outline
• Introduction
• Temporal Leashes
• TIK Protocol
• Performance & Security Analysis
• Future Work & Conclusion
4/26/2007 3Computer Science
Introduction
• Problem: Wormhole Attack– An attacker records packets at one location of the
network, tunnel them to another location, and retransmits them there into the network
– Wormhole attack allows attackers to:• Gain unauthorized access• Disrupt routing• Perform DOS attacks
• Solution: Packet Leash– Add information into the packet to restrict its
maximum allowed transmission distance
4/26/2007 4Computer Science
Illustration of a wormhole attack
• A mobile wireless ad hoc network
• Nodes S and D communicate through wireless multi hop routing
Normal Operation
S
D
4/26/2007 5Computer Science
Illustration of a wormhole attack
• A mobile wireless ad hoc network
• Nodes S and D communicate through wireless multi hop routing
Under Attack
S
DWormhole
ColludingAttackers
4/26/2007 6Computer Science
Packet Leashes
• Goal– Limit the distance traveled by
a packet in a network
• Approaches– Two approaches to the
achieve the goal
• Space : geographical leashesLimit the range of the packet using the distance it can travel
• Time : Temporal LeashesLimit the range of the packet using the time it remains valid
S
DWormhole
ColludingAttackers
4/26/2007 7Computer Science
Geographical Leashes (Overview)
• Definition: a geographical leash establishes an upper bound on the distance that a packet can travel
• Requirements– Every node must have knowledge of its location– Loose time synchronization– Nodes can be relatively mobile
• Geographical leashes also enable multiple location detection
4/26/2007 8Computer Science
Temporal Leashes
• Definition: a temporal leash establishes an upper bound on a packet’s lifetime, which restricts the maximum travel distance
• Key Requirement: all nodes must have tightly synchronized clocks– Maximum clock difference (Δ) between any two
nodes must be within a few microseconds
4/26/2007 9Computer Science
Temporal Leashes
• Implementation with a packet expiration time
• Sender calculates a packet expiration time to be sent with each packet:
te = ts + L/c – Δ– te: packet expiration time
– ts: packet sent time
– c: propagation speed of wireless signal
– L: maximum allowed travel distance; L > Lmin = Δ*c– Δ: maximum clock difference between 2 nodes
4/26/2007 10Computer Science
Temporal Leashes
• Receiver will accept and process a received packet if and only if the time when the packet is received (tr) is less than the packet expiration time (te)
• What’s missing?– Need an efficient way for the receiver to
authenticate te
4/26/2007 11Computer Science
TIK Protocol - Overview
• TIK – TESLA with Instant Key disclosure– TIK implements a temporal leash and provides efficient
instant authentication for broadcast communication in wireless networks
– Based on the observation that a receiver can verify the TESLA security condition, that the corresponding key hasn’t been disclosed, as it receives the packet, this allows sender to disclose the key in the same packet
– Assume sender can precisely predict ts and receiver can record tr as soon as the packet arrives
– Requires accurate time synchronization between all the nodes
4/26/2007 12Computer Science
TIK Protocol – Sender Setup
• Sender generates a series of keys, K0, K1,…, Kw-
1, using a PRF F and a secret master key X:
Ki = Fx(i)
• Sender selects a key expiration interval I and determines the expiration time (Ti) for its keys:
Ti = T0 + i*I, where T0 is the expiration time for K0
• Sender constructs a Merkle hash tree to commit to keys: K0, K1,…, Kw-1
4/26/2007 13Computer Science
TIK Protocol – Merkle Hash Tree
m03
m01
K0’
K0
K1’
K1
m23
K2’
K2 K3
K3’
m47
m45
K4’
K4
K5’
K5
m67
K6’
K6 K7
K7’
m07
4/26/2007 14Computer Science
TIK Protocol – Merkle Hash Tree
• How is it constructed?– For every leaf node, Ki’ = H(Ki); i.e. K0’ = H(K0)– For every parent node, mp = H(ml || mr); i.e. m01 = H(K0’ || K1’),
m03 = H(m01 || m23);
• The root value (m07) is signed by the sender and sent to the receivers, where it can be authenticated with sender’s public key
• To authenticate K2, for example:– Sender must include K3’, m01, m47 in the packet– Receiver computes m07’ and compare to the pre-distributed m07
m07’ = H[ H[ m01 || H[ H[K2] || K3’]] || m47 ]
4/26/2007 15Computer Science
TIK Protocol – Receiver Bootstrapping
• Assume all nodes are synchronized with a maximum clock difference of Δ
• Assume each receiver knows every sender’s hash tree root value and the associated parameter T0 and I
4/26/2007 16Computer Science
TIK Protocol – Sending and Verifying Packets
HMAC M T Ki
HMAC M T Ki
Sender
Receiver
Time at Sender
•Time at Receiver
ts Ti
•tr ≤ (ts + т - Δ) •≤ (Ti - Δ)
4/26/2007 17Computer Science
TIK Protocol – Sending and Verifying Packets
• S → R: (HMACKi(M), M, T, Ki)– M: message payload– HMACKi(M): message authentication code for M– Ki: key used to generate the HMAC for M– T: tree authentication values used to authenticate Ki
• Receiver:– Verifies if the sender has started sending Ki after receiving
HMAC, based on Ti
– Verifies if Ki is authentic based on the hash root value and T– Verifies the HMAC, using authenticated Ki
– Accept the packet as authentic only if all those verifications are successful
4/26/2007 18Computer Science
Security & Performance Analysis
• Security Analysis– Temporal leash with TIK protocol can detect and prevent
wormhole attacks if all nodes are good nodes– Can’t deal with a malicious sender that claims a false
timestamp– Can’t deal with a malicious receiver that refuses to check
the leash• Performance Analysis
– Requires only n public keys in a network with n nodes– Efficient hash tree authentication of keys– Efficient instant authentication of packet because the key is
disclosed in the same packet– Modest storage requirement for the Merkle hash tree
4/26/2007 19Computer Science
Related Work
• RF-Watermarking– Modulating the RF waveform in a way known only to
authorized nodes
– Vulnerable to node capture
• Intrusion Detection– Hard to isolate attacker using a software only approach,
since it is hard to distinguish malicious traffic from legitimate traffic
4/26/2007 20Computer Science
Future Work & Conclusion
• Future Work– An efficient implementation of Geographical leashes
– Securing TIK against node misbehavior (sender/receiver)
– Achieving accurate time synchronization among the nodes
• Conclusion– Wormhole attack is a powerful and disruptive attack against
wireless networks
– With precise timestamps and tight clock synchronization, TIK can prevent wormhole attacks
4/26/2007 21Computer Science
Thank You!
• Questions and Comments