Doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 1...
30
July 20 08 Timot hy X Brown Slide 1 doc.: IEEE 802.22-08/0217r0 Submission Threat Assessment to Primary and Secondary Users in a Centralized Cognitive Radio Network IEEE P802.22 Wireless RANs Date: 2008-07-17 N am e C om pany A ddress Phone em ail Tim othy X Brow n U . ofColorado CB530 Boulder, CO 80309 303-492-1630 timxb@ colorado.edu Authors: Notice: This document has been prepared to assist IEEE 802.22. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.22. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures http://standards.ieee.org/guides/bylaws/sb-bylaws.pdf including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair Carl R. Stevenson as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.22 Working Group. If you have
-
Upload
sydney-monroe -
Category
Documents
-
view
215 -
download
1
Transcript of Doc.: IEEE 802.22-08/0217r0 Submission July 2008 Timothy X Brown, University of ColoradoSlide 1...
July 2008
Timothy X Brown, University of Colorado
Slide 1
doc.: IEEE 802.22-08/0217r0
Submission
Threat Assessment to Primary and Secondary Users in a Centralized Cognitive Radio Network
IEEE P802.22 Wireless RANs Date: 2008-07-17
Name Company Address Phone email Timothy X Brown
U. of Colorado CB530 Boulder, CO 80309
303-492-1630 [email protected]
Authors:
Notice: This document has been prepared to assist IEEE 802.22. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.22.
Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures http://standards.ieee.org/guides/bylaws/sb-bylaws.pdf including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair Carl R. Stevenson as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.22 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at [email protected].>
July 2008
Timothy X Brown, University of Colorado
Slide 2
doc.: IEEE 802.22-08/0217r0
Submission
Abstract
Cognitive radios require special considerations of security. We describe why this is true and describe our analysis of potential denial of service attacks.
July 2008
Timothy X Brown, University of Colorado
Slide 3
doc.: IEEE 802.22-08/0217r0
Submission
Threat Assessment to Primary and Secondary Users in a Centralized Cognitive Radio Network
derived from on going research related to
The Potential Denial-of-Service Threat Assessment to Cognitive Radios
Timothy X BrownAmita Sethi
Siddharth Maru
Interdisciplinary Telecommunications
University of Colorado, Boulder
July 2008
Timothy X Brown, University of Colorado
Slide 4
doc.: IEEE 802.22-08/0217r0
Submission
Cognitive vs. Traditional Radios
Radio
Cognitive Engine
Geolocator
Sensor
Policy Input
OperatingSystem
A CR does more than a traditional radio
User Interaction Via
July 2008
Timothy X Brown, University of Colorado
Slide 5
doc.: IEEE 802.22-08/0217r0
Submission
Similar to other wireless devicesSimilar to other wireless devices
Vulnerable to Denial of ServiceVulnerable to Denial of Service
The Big Question
Can cognitive radios be made secure?Confidentiality
Integrity
Availability
New functions = new exposureNew functions = new exposure
July 2008
Timothy X Brown, University of Colorado
Slide 7
doc.: IEEE 802.22-08/0217r0
Submission
Outline
• CR DoS attacks: Why should we care?
• Attack Analysis Summary
July 2008
Timothy X Brown, University of Colorado
Slide 8
doc.: IEEE 802.22-08/0217r0
Submission
Why we should care?
Take 1
More types of attacks
July 2008
Timothy X Brown, University of Colorado
Slide 9
doc.: IEEE 802.22-08/0217r0
Submission
DoS Attack Categories – Denial / Induce
Deny Communication When Could
(Total or Partial)
Induce Communication When Should Not
Immediate DoS
Long term DoS
July 2008
Timothy X Brown, University of Colorado
Slide 10
doc.: IEEE 802.22-08/0217r0
Submission
CR Detect Range
CR
Example Denial Attack – Sensors
Attacker Emulates Primary User
Attacker “Denies” Access
Attacker
July 2008
Timothy X Brown, University of Colorado
Slide 11
doc.: IEEE 802.22-08/0217r0
Submission
Example Denial/Induce Attacks – Policy Failure in Beaconing System
Jams Beacon
Spoofs Beacon
Intercepts
Misuses Operational FrequencyInformation to launch Denial/Induce attacks
CR Transmitter Range
July 2008
Timothy X Brown, University of Colorado
Slide 12
doc.: IEEE 802.22-08/0217r0
Submission
More Types of Attacks
• Possible Attack Methods Considered– Constant or Direct Jamming
– Intelligent Jamming
– Intercept or Eavesdropping
– Spoofing
– Replay
– Relay
– Cryptanalysis
July 2008
Timothy X Brown, University of Colorado
Slide 13
doc.: IEEE 802.22-08/0217r0
Submission
Why we should care?
Take 2
Attacks from more places
July 2008
Timothy X Brown, University of Colorado
Slide 14
doc.: IEEE 802.22-08/0217r0
Submission
Traditional DoS Attack
ReceiverTransmitter
Communications Receiver Jamming
July 2008
Timothy X Brown, University of Colorado
Slide 15
doc.: IEEE 802.22-08/0217r0
Submission
CR Detection RangeJam Received Signal
Replay/Spoof/Relay Packet
Spoof Signal
CR Attack Locations
CR Detection Range
Receiver CR
Jam Received Signal
Replay/Spoof/Relay Packet
Spoof Signal
CR Jamming RangeCR Receive RangeCR Detect Range
Transmitter CR
Transmitter also a target
July 2008
Timothy X Brown, University of Colorado
Slide 16
doc.: IEEE 802.22-08/0217r0
Submission
Why we should care?
Take 3
Can’t we borrow established security from say 802.16?
No!
July 2008
Timothy X Brown, University of Colorado
Slide 17
doc.: IEEE 802.22-08/0217r0
Submission
802.16 has its own vulnerabilities
Network entry & initialization:– Brittle
– Jam few key packets user resets
Doesn’t solve CR exposure
(802.16 not subject of this talk)
DL Channel Scan
SS Waits for DL-MAP and DCD
SS Waits for UL-MAP and UCD
SS Waits for RNG-RSP after sending RNG_REQ
SS Waits for SBC-RSP after sending SBC-REQ
Key refresh not carried out in time. Authorization fails.
No SBC-RSP for interval T18
No RNG-RSP for interval T3
No UCD for interval T12
No DL-MAP for interval LOST-DL-MAP
No UL-MAP for interval LOST-UL-MAP
Count Retries
Too many retries
No DCD for interval T1
Wait for key authorization or key refresh i.e. wait for PKM_REQ and PKM-RSP
SS Waits for REG-RSP after sending REG-REQ
Count Retries
Too many retries
No REG-RSP for interval T6
SS associates with the BS. Secure communication
begins.
July 2008
Timothy X Brown, University of Colorado
Slide 18
doc.: IEEE 802.22-08/0217r0
Submission
Risk of Unlicensed Operation
• Licensed operator – legal recourse vs. attacker
• Unlicensed operator – may be no recourse
July 2008
Timothy X Brown, University of Colorado
Slide 19
doc.: IEEE 802.22-08/0217r0
Submission
Attack Risk Analysis
• Combination of – standard likelihood/impact risk analysis (Barbeau)
– aviation risk analysis techniques (Hammer)
• Two Analysis– Open: e.g. no encryption
– Hardened
Tim X Brown
Hammer asses complex factor interaction
July 2008
Timothy X Brown, University of Colorado
Slide 20
doc.: IEEE 802.22-08/0217r0
Submission
Research Methodology
System Description
Risk Assessment: Consolidate and Prioritize Risks
Risk Mitigation: Identify Countermeasures for high priority
risks
DoS Attack Identification: Identify DoS Attacks and Consequences
Risk Analysis: Analyze Attacks and Identify Risks
Modify System
RiskManagement
Define Acceptable Risk Levels
Risks Above Acceptable Risk
Levels?
Yes
No
Recommend SystemDesign
July 2008
Timothy X Brown, University of Colorado
Slide 21
doc.: IEEE 802.22-08/0217r0
Submission
Attack Analysis: Risk Assessment (1/3)
1. Attack Likelihood
Technical Problems to Attacker Likelihood Case Rank
Insolvable Impossible 0
Strong Low 1
Solvable Medium 2
None High 3
July 2008
Timothy X Brown, University of Colorado
Slide 22
doc.: IEEE 802.22-08/0217r0
Submission
Attack Analysis: Risk Assessment (2/3)
Rationale: Impact on VictimImpact
CaseRank
Denial Attacks Induce Attacks
None None None 0
Perceptible but insignificant degradation in CR
communication.
Perceptible but infrequent interference to active
primary usersLow 1
Significant degradation but still operational CR
communication.
Perceptible frequent interference to active
primary usersMedium 2
Non-operational CR communication
Continuous interference to active primary users
High 3
2. Attack Impact
July 2008
Timothy X Brown, University of Colorado
Slide 23
doc.: IEEE 802.22-08/0217r0
Submission
Attack Analysis: Risk Assessment (3/3)
3. Risk Level = f(Likelihood, Impact)
Risk Case Risk Mitigation Action
Minor No Countermeasures Required
Major Threat cannot be Ignored
Critical Mandates High Priority Handling
Low
Medium
High
Low Medium HighNone
None MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR MINOR
MAJOR
MAJOR
MAJOR
CRIT. CRIT.
CRIT.
Impact
Lik
elih
ood
July 2008
Timothy X Brown, University of Colorado
Slide 24
doc.: IEEE 802.22-08/0217r0
Submission
Multi-Dimensional CR Configurations
Spec
trum
Acce
ss M
etho
d
CR Network Architecture
Non-cooperative
Centralized Cooperative
DistributedCooperative
Overlay
Underlay
802.22
July 2008
Timothy X Brown, University of Colorado
Slide 25
doc.: IEEE 802.22-08/0217r0
Submission
DoS Attacks Identified Against..
• Policy, Sensor, Geo-location and Other Networked Information exchanged
• Networked CR Network Entities such as– Elements in a Distributed CR.
– Networked CRs in a Distributed Cooperative Setup.
– Entities in a Centralized Cooperative Setup.
• Spectrum Information Sensed by CR
• CR Transmission/Reception
July 2008
Timothy X Brown, University of Colorado
Slide 27
doc.: IEEE 802.22-08/0217r0
Submission
Open system attack analysis summary
Assumes open system with no encryption on
any link
July 2008
Timothy X Brown, University of Colorado
Slide 28
doc.: IEEE 802.22-08/0217r0
Submission
System Hardening
• Devise Countermeasures– Primary User Emulation Attack Mitigation:
CR uses Feature-based Primary User Detection Technique
• Modify CR System: – Policy Injection Attack Mitigation:
Authenticate all policy messages
• …
July 2008
Timothy X Brown, University of Colorado
Slide 29
doc.: IEEE 802.22-08/0217r0
Submission
Hardened system attack analysis summary
Assumes strongest mitigation technique
identified
July 2008
Timothy X Brown, University of Colorado
Slide 30
doc.: IEEE 802.22-08/0217r0
Submission
Risk Assessment Results
BeaconGeolocation
DatabaseDetection Sensing
Unprotected 3, 1 5, 2 3, 1
Hardened 0, 3 0, 3 0, 3
Critical risks
Major risks
Hardening can eliminate critical risks
July 2008
Timothy X Brown, University of Colorado
Slide 31
doc.: IEEE 802.22-08/0217r0
Submission
Conclusion
• CRs are susceptible to attacks.
• CRs open new avenues of attack.
• A Formal Risk Analysis and Assessment Process can help guide mitigation strategies
• NOW is the best time to devise countermeasures to reduce CR-specific vulnerabilities.
July 2008
Timothy X Brown, University of Colorado
Slide 32
doc.: IEEE 802.22-08/0217r0
Submission
References
• Brown, T.X, Sethi, A., “Potential Cognitive Radio Denial-of-Service Vulnerabilities and Protection Countermeasures: a Multi-dimensional Analysis and Assessment,” to appear in Mobile Networks and Applications 2008. (also in Proc. Second Int. Conf. on Cognitive Radio Oriented Wireless Networks and Communications (CrownCom), Orlando, FL, Aug 1–3. 2007. 10pp)
• M. Barbeau, “WiMax/802.16 Threat Analysis” in Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks, Quebec, Canada, 2005.
• U. S. Department of Transportation, Federal Aviation Administration. (2005, Jan). System safety process steps. [Online]. Available: http://www.faa.gov/library/manuals/aviation/risk_management/media/ssprocdscrp.pdf (accessed Jun 1, 2007).
