1 / 14

Reliable Telemetry in White Spaces using Remote Attestation

Reliable Telemetry in White Spaces using Remote Attestation. Omid Fatemieh , Michael D. LeMay, Carl A. Gunter University of Illinois at Urbana-Champaign Annual Computer Security Applications Conference (ACSAC) Dec 9, 2011. Opportunistic Spectrum Access. Spectrum crunch Increased demand

abigail-jacobson
Download Presentation

Reliable Telemetry in White Spaces using Remote Attestation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reliable Telemetry in White Spaces usingRemote Attestation Omid Fatemieh, Michael D. LeMay, Carl A. Gunter University of Illinois at Urbana-Champaign Annual Computer Security Applications Conference (ACSAC) Dec 9, 2011

  2. Opportunistic Spectrum Access • Spectrum crunch • Increased demand • Limited supply • Inefficiencies of fixed and long term spectrum assignment (licenses) • Emerging solution: opportunistic access to unused portions of licensed bands

  3. Opportunistic Spectrum Access • Spectrum crunch • Increased demand • Limited supply • Inefficiencies of fixed and long term spectrum assignment (licenses) • Emerging solution: opportunistic access to WHITE SPACES • Cognitive Radio: A radio that interacts with the environment and changes its transmitter parameters accordingly Primary Transmitter Primary Receiver Secondary Transmitter/Receiver(Cognitive Radio)

  4. White Space Networks • Allowed by FCC in Nov 2008 (and Sep 2010) • TV White Spaces: unused TV channels 2-51 (54 MHz-698MHz) • Much spectrum freed up in transition to Digital Television (DTV) in 2009 • Excellent penetration and range properties • Applications • Super Wi-Fi • Campus-wide Internet • Rural broadband(e.g. Claudville, VA) • Advanced Meter Infrastructure (AMI) [FatemiehCG – ISRCS ‘10]

  5. How to Identify Unused Spectrum? • Spectrum Sensing – Energy Detection • Requires sensing-capable devices -> cognitive radios • Signal is variable due to terrain, shadowing and fading • Sensing is challenging at low thresholds • Central aggregation of spectrum measurement data • Base station (e.g. IEEE 802.22) • Spectrum availability database (required by the FCC) No-talk Region for Primary Transmitter Collaborative Sensing

  6. Malicious Misreporting Attacks • Malicious misreporting attacks • Exploitation: falsely declare a frequency occupied • Vandalism: falsely declare a frequency free • Why challenging to detect? • Spatial variations of primary signal due to signal attenuation • Natural differences due toshadow-fading, etc. • Temporal variations of primary • Compromised nodes may colludeand employ smart strategies to hide under legitimate variations • How to defend against such coordinated/omniscient attackers? Compromised Secondary – Vandalism Compromised Secondary – Exploitation

  7. Limitations of Previous Work • Initially assume all sensors are equal • Rely only on comparing measurements • Shadow-fading correlation filters for abnormality detection [MinSH – ICNP ‘09] • Model-based (statistical) outlier detection [FatemiehCG – DySPAN ‘10] • Data-based (classification) attacker detection [FatemiehFCG – NDSS ‘11] • Resulting drawback: attacker penetration has to be significantly limited for solutions to work • What if we can have a subset of “super-nodes"?

  8. A Subset of Trusted Nodes • Remote attestation: A technique to provide certified information about software, firmware, or configuration to a remote party • Detect compromise • Establish trust • Root of trust for remote attestation • Trusted hardware: TPM on PCs or MTM on mobile devices • Software on chip [LeMayG - ESORICS ‘09] • Why a subset? • Low penetration among volunteer nodes • Cost: manufacturing, energy, time, bandwidth (see paper for numbers) Nonce Attestation-Capable System Remote Server Signed[Nonce || System State]

  9. Key Observations • Goal: obtain an estimate of signal power in any cell to compare to threshold • Cell A: Safety or precision? • Cells B and C: How many regular nodes to include? Which ones? • Steps • A systematic strategy to determine when there is enough data • If we need additional data, which ones to add to aggregation pool? • Ensure pool not attacker-dominated Regular Node Attested Node A C B

  10. Intra-cell Node Selection • Sequential intra-cell node selection • Include all attested nodes • Include regular nodes until a precision goal is met • Precision goal: Ensure margin of errorfor aggregate smaller than requirements (e.g. 3dB) with high confidence (e.g. 95%) (unknown distribution) • Mean: Asymptotically efficient Chow-Robbins sequential procedure: • Median: Find a and b (order statistics):

  11. Classification-based inter-cell detection • Last step: Classification-basedinter-cell attacker detection • If detected: only use attested data in E • Median as aggregate: • (+) Less vulnerable to legitimate variations or minority attackers • (-) Achieving the required precisionrequires more data • (-) Majority attackers can move median while being less ‘abnormal’ • Aggregate: median when attested majority, and mean otherwise

  12. Evaluation • Hilly Southwest Pennsylvania • TV transmitter data from FCC • Terrain data from NASA • Ground truth: predicted signal propagation using empirical Longley-Rice model • Takes into account: • Transmitter power, location, height, frequency • Terrain and distance • Added aggressive log-normal shadow-fading variations • Used data to build classifier and evaluate protection against attacks

  13. Results Attack Deterrence Rate(Attested fraction ≈ .25) False Outcome Rate

  14. Conclusions and Future Work • Showed how to use a small subset attestation-capable nodes to improve trustworthiness of distributed sensing results. • Proposed methods: • Provide quantifiably precise results. • Provide effective protection against attacks with small fraction of attested nodes. • Can lower attestation costs for real deployment. • Future direction: Developing a framework for formulating costs associated with including regular and attested nodes, and systematically striking a balance between the costs (from spectrum data aggregation and remote attestation) and obtaining precise aggregation results.

More Related