370 likes | 497 Views
An Overview of the Security and Pervasive Computing Initiatives at WINLAB. Rutgers, The State University of New Jersey www.winlab.rutgers.edu. Talk Overview. Overview of the Security and Pervasive Computing Group Security Initiatives: ORBIT: 3G Multicast Security
E N D
An Overview of the Security and Pervasive Computing Initiatives at WINLAB Rutgers, The State University of New Jersey www.winlab.rutgers.edu
Talk Overview • Overview of the Security and Pervasive Computing Group • Security Initiatives: • ORBIT: • 3G Multicast Security • Multicast Authentication: Staggered TESLA • Authentication in Hierarchical Ad Hoc Networks • Attack Tolerant, DoS Resistant Wireless Networks • Privacy Preservation in Wireless Networks • Secure Localization: Defense and Identification • Collusion-Resistant Fingerprinting for Multimedia • Pervasive Computing Initiatives: • Congestion Control in Sensor Networks • Lifetime Extension in Sensor Networks • Mobility Emulation
WINLAB’s Security and Computing Initiatives • WINLAB has a growing initiative in wireless network security and mobile/pervasive computing • Currently the Security Group consists of • 3 Faculty Members: • Wade Trappe (University of Maryland): Wireless Security, Multimedia Security, Physical/MAC Layer Security, Multicast, Coding and Cryptography • Yanyong Zhang (Penn. State University): Distributed Computing, Sensor Networking, Pervasive Computing, Fault Tolerant Computing Architectures, Wireless Security • Marco Gruteser (University of Colorado): Ubiquitous Computing, Secure Software Engineering, Privacy in Location Services • 14 Students (W. Xu, Q. Li, P. Kamat, Z. Li, Y. Zhang, T. Wood, S. Chao, A. Chincholi, B. Xue, S. Raj, K. Ma, S. Swami, B. Hoh, K. Ramchandran) • Collaboration: Princeton (H. Kobayashi), Columbia (H. Schulzrinne), Bell Labs (S. Paul), IBM Watson, UMD (KJR Liu, M. Wu), Rutgers CS (B. Nath), UColorado (Grunwald), URI (Y. Sun), UBC (Z. Wang), U. Texas (IAT) • Funding: • NSF: ORBIT (joint with Princeton, Columbia, Bell Labs, IBM, Thomson), PARIS • Air Force: Multimedia Fingerprinting (joint with UMD) (complete) • NICT Japan: Secure Future Wireless Networks (B3G)
ORBIT Testbed: Radio Grid Front-end Servers Gigabit backbone VPN Gateway to Wide-Area Testbed 80 ft ( 20 nodes ) Data switch Application Servers (User applications/ Delay nodes/ Mobility Controllers / Mobile Nodes) 70 ft ( 20 nodes ) Control switch ISQ IS2 IS1 SAP SA2 SA1 RF/Spectrum Measurements Interference Sources Back-end servers Internet VPN Gateway / Firewall
ORBIT EWP6: Wireless Security Plans • The Princeton EWP6 Security group (led by Prof. Kobayashi) and the WINLAB Security group (led by Prof. Trappe) have alternated monthly meetings between Princeton and WINLAB • WINLAB collaboration with Lucent on MBMS Security • Plans for ORBIT: • Secure Flooding Protocols (Princeton) • Fast Authenticated Key Establishment Protocols for Self-Organizing Sensor Networks (develop ECC for ORBIT Crypto Toolbox) (Princeton) • Mobility and Basic Authenticated Handoff Experiments (WINLAB) • Development of Basic Cryptographic Toolbox (WINLAB) 1 2 3 Mobility Experiments (9/04-12/04) Secure Flooding Protocols (9/04-1/05) Construct Crypto Toolbox (8/04-12/04) …
UMTS Core Network Radio Network Subsystem (RNS) RNC SGSN Node B GGSN BMSC Internet UMTS Terrestrial Radio Access Network Node B Node B 3G Multicast Security • Keys must be shared by multicast group participants • As users join and leave, keys must be changed • 3GPP has proposed a new entity, the BMSC for managing broadcast and multicast services • The BMSC can perform key management
3G Multicast Security • 3GPP currently is investigating several multicast frameworks • To optimize key management, one should match the key tree to underlying multicast topology • 3GPP has not decided on a multicast topology • We are examining the performance of multicast key management at the BMSC for different 3G multicast scenarios • We have proposed modifications to Qualcomm’s MBMS security scheme that improves communication efficiency • Secure Prototype Multicast Chatting Application has been developed: • Server is implemented in J2SE • Clients are implemented in J2ME W. Xu, W. Trappe and S. Paul, “Key Management for 3G MBMS Security,” to appear Proceedings of 2004 IEEE ICC.
Reveal K1 Reveal K2 All Packets Authenticated with K1 have arrived to all group members Auth Packets with K4 Auth Packets with K3 Auth Packets with K2 Auth Packets with K5 Auth Packets with K1 Multicast Authentication • Delayed Key Disclosure: (e.g. TESLA) • Weakness: • Use of buffers allows for a simple denial of service (DoS) attack • Since there is no way to check packets until key is disclosed, buffer will overflow • How to protect against DoS attacks? Keys Time K1 K3 K5 K2 K4 Q. Li and W. Trappe, “Staggered TESLA: A Scheme for Reduced-Delay Multi-Grade Multicast Authentication,” submitted to IEEE Infocom 2005.
>i+d A i+d A d-t S R i+d i+t Definition of Trust in Delayed Key Disclosure • Assumptions: • Adversary has 0 Forge time • Adversary has 0-delay link to receiver • Disclosure delay is d • Security Condition • Packets sent at interval i will be discarded if received after i+d • Key released at time i+t: • Adversaries within delay radius d-t can forge packets • Adversaries outside radius d-t will cause violation of security condition • Trust:
Staggered TESLA: Sender Setup • The sender attaches d MACs computed by K'i, …,K'i-d+1 Disclose Ki-d+1 Disclose Ki-d-1 Disclose Ki-d Ki-1 Ki Ki+1 Time Interval i-1 Interval i Interval i+1 Mj-1 Mj Mj+1 MAC(Mj-1,K'i-1) MAC(Mj,K'i) MAC(Mj+1,K'i+1) … … … MAC(Mj,K'i-d+1) MAC(Mj-1,K'i-d) MAC(Mj+1,K'i-d+2) Ki-d-1 Ki-d Ki-d+1
Staggered TESLA: Authentication at Receiver Disclose Ki Disclose Ki-2 Disclose Ki-1 • Receivers have a chained buffer • As keys arrive, MACs are verified • If matches, it puts the packet into the next layer. If not, the packet is dropped. • As the packets move to lower buffer layers, the trustworthiness of the packets increases Ki+d-2 Ki+d-1 Ki+d Time Interval i+d-2 Interval i+d-1 Interval i+d P No Yes Drop P No Yes Drop P No Yes Drop Save
TESLA & Staggered TESLA • Packet sent in interval i, key Ki, Delay d • Staggered TESLA • Attach d MAC • Keys: Ki, …, Ki-d+1 • Authenticate: Each interval has a chance • Compute: d MAC • Communicate: d MAC • TESLA • Attach 1 MAC • Key: Ki • Authenticate: d intervals • Compute: 1 MAC • Communicate: 1 MAC
AP FN SN Authentication in Hierarchical Ad Hoc Sensor Networks • Public key certificates are not suitable for flat ad hoc networks • To check certificate requires expensive public key operations • Three tier architecture: • Varying levels of computational power within the sensor network • Sensors do not communicate with each other • Forwarding nodes are radio-relay • TESLA Certificates • Alternative to PK certificates • Uses symmetric key cryptography • Delayed key disclosure • Authentication framework: • Access points provide filter to application • TESLA certificates provide efficient sensor node handoff • Weak and assured data authentication provided M. Bohge and W. Trappe, “An Authentication Framework for hierarchical ad hoc sensor networks,” Proceedings of 2003 ACM Workshop on Wireless Security.
DoS Resistant Wireless Networks • Broadcast radio signals at the same frequency as the wireless Ethernet transmitters - 2.4 GHz for 802.11b/g! • To jam, you just need to broadcast a radio signal at the same frequency but at a higher power. • Waveform Generators and the Microwave Oven! • Yes, heating up your lunch aggravates your system administrator! • What can one do? • WINLAB’s solution, from Sun Tze’s Art of War: “He who can’t defeat his enemy should retreat!” • Answers: • Change your channel allocation • Move your location! W. Xu, T. Wood, W. Trappe and Y. Zhang, “Channel Surfing and Spatial Retreats: Defenses against Wireless Denial o f Service,” Proceedings of 2004 ACM Workshop on Wireless Security.
Privacy Issues in Wireless Networks • Content-Oriented Security and Privacy: • Issues that arise because an adversary can observe and manipulate the exact content in a sensor message. • Best addressed through cryptography and network security. • Context-Oriented Privacy: • Issues that arise because an adversary observes the context surrounding creation and transmission of a sensor message. • Examples: • Source-Location Privacy: The physical location of communication participants may be sensitive. • Traffic Privacy: The size and amount of messages originating from a sensor may be sensitive. • For sensor networks, Source-Location Privacy focuses on protecting the monitored asset from traceback. • For tactical networks, Source-Location Privacy focuses on protecting the networked soldier from traceback attacks by adversaries! C. Ozturk, Y. Zhang, and W. Trappe, “Source Location Privacy in Sensor Networks,” Proceedings of 2004 ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN).
Panda-Hunter Game Model Scenario Game Over! • We propose the Panda-Hunter Game as an example sensor scenario • Panda-Hunter Game: • A sensor network has been deployed to monitor a panda habitat. • Sensors send Panda_Here messages • Messages are forwarded to a data sink. • The hunter observes packets and traces his way back to the panda. • Privacy Goal: Increase the time needed for an adversary to track and capture the panda. • Safety Period: The number of messages transmitted by the source sensor. • Longer safety periods mean more privacy! Data Sink Sensor Node
Flooding Strategies for Privacy, pg. 1 • Flooding is a popular technique for delivering sensor data • Involves each node forwarding a packet it receives • Although many simultaneous paths to the sink, flooding does not increase the safety period! • Explanation: • Flooding contains the shortest path. • Hunter will always follow shortest path to the panda. Data Sink Sensor Node
Flooding Strategies for Privacy, pg. 2 • Probabilistic Flooding: • An alternative strategy to baseline flooding • Reduces the amount of energy consumed in the sensor network • Each node forwards a received sensor packet with probability Pforward • Small Pforward reduces energy at tradeoff of lower network connectivity • Probabilistic flooding increases the safety period • There is a chance that shortest path will not exist • Adversary may thus follow non-shortest path • Experimental Observations: • Lower Pforward increases safety period • Lower Pforward also increases the sink miss ratio • Fundamental tradeoff • Other Strategies have been proposed: • Randomized Multipath Routing • Phantom Routing
Privacy-observant Location Tracking • Location Information useful for • Calibrating the tracking system • Location-based applications • Can we perturb time-series information? • Individual paths are not identifiable • Aggregate information from multiple users is useful
Secure Localization in Wireless Networks • Already, many techniques have emerged to localize a wireless device • Enforcement of location-aware security policies (e.g., this laptop should not be taken out of this building, or this file should not be opened outside of a secure room) requires trusted location information. • As more of these location-dependent services get deployed, the very mechanisms that provide location information will become the target of misuse and attacks. • Two efforts to address this problem: • Integrate resilience into localization methods (Z. Li) • Modulation of AP transmission powers (Yu Zhang) Z. Li, Y. Zhang, W. Trappe and B. Nath, “Securing Wireless Localization: Living with Bad Guys,” submitted to 2004 DIMACS Workshop on Wireless and Mobile Security.
Collusion-Resistant Traitor Tracing for Multimedia DoD Research: Joint Collaboration with UMD W. Trappe, M. Wu, Z. Wang, K.J.R. Liu, “Anti-Collusion Fingerprinting for Multimedia,” IEEE Trans. on Signal Processing, Special issue on Signal Processing for Data Hiding in Digital Media & Secure Content Delivery, vol. 51, no. 4, pp.1069-1087, April 2003. Z. Wang, M. Wu, W. Trappe, and K.J.R. Liu: "Group-Oriented Fingerprinting for Multimedia Forensics", EURASIP Journal on Applied Signal Processing, Special Issue on Multimedia Security and Rights Management, to appear 2004.
Recent Leak: UAV Surveillance Video on bin Laden • High-tech surveillance provide around-the-clock monitoring of terrorist base • Highly classified video captured in 2000 by Unmanned Aerial Vehicle Predator • Video shows a tall man wearing a white robe over Tarnak Farm in Afghanistan • Analysts thought the man as bin Laden Pentagon & CIA officials have copies of the tape Video leaked to the press in March 2004, aired in NBC and CNN CIA investigates the leak of the tape http://www.cnn.com/2004/WORLD/asiapcf/03/17/predator.video/
Alice Sell studio w1 w2 The Lord ofthe Ring Bob w3 Carl Digital Fingerprinting and Tracing Traitors • Leak of information as well as alteration and repackaging poses serious threats to government operations and commercial markets • e.g., pirated content or classified document • Promising countermeasure:robustly embed digital fingerprints • Insert ID or “fingerprint” (often through conventional watermarking) to identify each user • Purpose: deter information leakage; digital rights management(DRM) • Challenge: imperceptibility, robustness, tracing capability
Embedded Finger-printing Multi-user Attacks Traitor Tracing Embedded Fingerprinting for Multimedia
Group-Oriented Forensics • Overcome the limitations of orthogonal fingerprinting • Recall: orthogonal FP treats everybody equally • Orthogonal strategy has to suspect more to accurately find a colluder • Colluders often come together in some foreseeable groups • Due to their geographic, social, or other connections • Our approach: design users’ FP in a correlated way • Cluster users into groups based on prior knowledge • Intra-group collusion is more likely than inter-group • Revise orthogonal FP and add correlation to the same group to help narrow down the suspicion group
Group Fingerprinting Problem: determine the number of colluders ki’s and the Sci’s Solution: construct intra-group FP in two parts, and use threshold detector (at desired intra-group false alarm) to avoid estimating ki Can be viewed as a real-valued fingerprint code
Two-Stage Detection Scheme • Basic idea: first identify groups containing colluders, then identify colluders within each possible guilty group • ROC Curves Pd vs. Pfp under different collusion settings Constraint: equal energy
Similarity between Collusion and MU Comm. • The Fingerprint Collusion Problem is similar to Multiuser Communication • The colluded signal is simply the host signal plus a mixture of watermarks • For good communication performance: CDMA sequences should have minimum interference between each other. Low Cross-Correlation is Good! • The similarity between Collusion and MU Comm. suggests that good CDMA sequences would be good fingerprints! Collusion Fingerprint Problem Synchronous CDMA Channel Z. Li and W. Trappe, “Collusion-resistant Fingerprints from WBE Sequence Sets,” to appear Proceedings of 2005 IEEE ICC.
ACC built from Interference Avoidance Question: How to assign M fingerprints in N dimensions to facilitate colluder detection? • M<N: assign orthogonal fingerprints because they are uncorrelated • M>N: the fingerprints are correlated. How do we find the least correlated set S of size N by M? • Minimize Total Squared Correlation (TSC): • Welch Bound: TSC is lower bounded by M2/N • WBE sequence set: • WBE sequence set is known to be optimal in terms of user capacity in synchronous code-division multiple access (CDMA) • One approach to get WBE sequence set: Eigen-algorithm
Detection of WBE Fingerprints F: collusion indicator, M х 1 S: fingerprint matrix, N х M (M>N) T: detection statistics, N х 1K: number of colluders S+: Moore-Penrose generalized inverse of S • Iterative Generalized Inverse Algorithm 1. Initialize Ss= S, i.e. all users are initially under suspicion 2. Fa =Ss+T 3. Choose a threshold g: We choose g = 0 when min(Fa)<0, and g = 0.4max(Fa) when min(Fa)>0. 4. The users whose corresponding entries in Fa are smaller than g are identified as innocent. Their fingerprints are removed from Ss. 5. Repeat the steps from 2 to 4 with the new Ss until Ss does not change any more. 6. The users whose fingerprints remain in Ss are the final accused users.
Performance Comparison with BIBD ACC Probability of Detection Probability of false accusation Probability of Error Probability of not capturing any colluder
Future Security Topics? • Detecting and Containing Wireless Worms • Securing “Networks of Networks” in 4G: • Interoperability and translation of security policies • Securing Multimedia over MANETS
Congestion control in sensor networks • Why resource control instead of traffic control? • The data during a congestion is valuable and cannot be dropped • Sensor network deployments have a large degree of redundancy, so there is available resources • Research questions to answer: • How do you measure congestion level? (channel utilization, queue occupation, drop rate, etc) • How do you measure aggregated traffic volume? • If 40% more resources are needed, how can you increase resource accordingly? • How can you design a distributed yet low-weight protocol?
Coverage, Connectivity, and Lifetime • Sensor network deployments have a large degree of redundancy, so there exists overlapping for both coverage and connectivity • In order to extend lifetime, at any time, we keep a minimal set of active nodes (with radio on), so that the others can sleep • How do you provide coverage/connectivity in case of node failures? • In addition to active nodes, leave a small set of nodes always on, like satellites • All the other sleeping nodes coordinate their schedules so that every active node is constantly protected by one or more nodes.
Mobility Emulation • Goal: Support experiments that require mobile nodes on the Orbit testbed • 802.11 hand-over • Ad-hoc routing • Location tracking • Idea: Emulate mobility by mapping moving nodes onto changing grid nodes • More reliable, reproducible, and cost-effective than robots (or students)