300 likes | 415 Views
CS 6910: Advanced Computer and Information Security Lecture 2b Opportunistic Networks: The Concept and Research Challenges in Privacy and Security. Leszek Lilien, Zille Huma Kamal , Vijay Bhuse and Ajay Gupta WiSe (Wi reless Sensornet s) Lab http://www.cs.wmich.edu/wsn
E N D
CS 6910: Advanced Computer and Information SecurityLecture 2bOpportunistic Networks:The Concept and Research Challenges in Privacy and Security Leszek Lilien, Zille Huma Kamal, Vijay Bhuse and Ajay Gupta WiSe (Wireless Sensornets) Lab http://www.cs.wmich.edu/wsn Department of Computer Science Western Michigan University Kalamazoo, MI 49008
> CS 6910: Go to Slide 15 <Basic Concepts for Opportunistic Networks • New paradigm and technology: opportunistic networks or oppnets • Innovative • Facing thechallenge ofpervasivecomputing • Advancing leading-edge pervasive computing and networking know-how • Oppnet deployed as a seed oppnet • Localizes its nodes • Configures itself • Adapts to environment 2
Link to the World Seed Nodes Controller (distributed) Startup: Seed Oppnet • Oppnet starts as a seedoppnet • Seed oppnet grows into an expandedoppnet 3
Satellite Link to the World Appliance (refrigerator) Cellphone Tower Seed Nodes Controller (distributed) Micro- wave Relay Overturned Vehicle with OnStar Computer Network Growth: Expanded Oppnet • Heterogenous helpers join oppnet • Add communication, computing, sensing, storage, other resources 4
Oppnet Growth Activities • Detecting & identifying candidate helpers • Contacting & inviting selected candidates • Admitting & integrating helpers that join oppnet • Offloading tasks to helpers • Determining useful colaborative functionalities • Managing offloaded tasks • Clean up and release each helper when no longer needed 5
Basic Oppnet Categories • 2 major oppnet categories: • Benevolent oppnets • Malevolent oppnets • Corresponding oppnets scenarios: • Benevolent oppnet scenario: „Citizens Called to Arms” • Malevolent oppnet scenario: „Bad Guys Gang Up” 6
7 BenevolentOppnetScenario: „Citizens Called to Arms” (1) • Seed oppnet deployed after an earthquake(un- predictable emergency) • Seed is ad hoc wireless network with very powerful nodes • More energy, computing and communication resources • Seed tries to detect candidate helpers • For help in damage assessment and disaster recovery • Uses any available detection method — including: • Celphone- or radio-based detection • Searching for nodes using the IP address range for the affected geographic area • AI-based visual detection(next) 7
8 BenevolentOppnetScenario: „Citizens Called to Arms” (2) • Example: • Helper 1 monitoring a surveillance net detects an overturned car • Helper 2 asked to recognize its license plate • Helper 3 finds that the cars has OnStarlink • Helper 4contacts BANs (Body Area Network) on or within bodies of car occupants via OnStar infrastructure • Helper 5 evaluates obtained info and dispatches rescuers 8
9 BenevolentOppnetScenario: „Citizens Called to Arms” (3) • Oppnet selects optimalsubset of detected nodes • Inviting devices, clusters & entire networks • Helpers for communicating, sensing, computing • Using „hidden” capabilities, e.g. for sensing: • Desktop can „sense” presence of a potential victim at its keyboard • Cellphones can „sense” location • Even ones w/o GPS can be triangulated 9
10 Benevolent OppnetScenario: „Citizens Called to Arms” (4) • Using „hidden” emergency functionalities • Oppnet contacts 2 independent sensornets (SNs): water infrastructure control SN / public space surveillance SN • SNs ordered to abandon normal functions& help inrescue & recovery operations • Water infrastructure SN(with multisensor capabilities, under road surfaces) — ordered to sense vehicular movement and traffic jams • Public space surveillance SN — ordered to search for images of human victims 10
MalevolentOppnetScenario: „Bad Guys Gang Up” (1) 11 • Scenario 1 — Terrorists createapparently harmless weather monito- ring sensornet (SN): • SN becomes a seed of a malevolent opportunistic SN • SN exploits other nodes from many other networks(w/o revealing its true goals) • “Critical mass” of the opportunistic SN is reached (in terms of geographical spread and sensing capabilities) • SN waits for wind patterns that can speed up spread of poisonous chemicals • Collected data used to decide when to start chemicalattack 11
MalevolentOppnet Scenario:„Bad Guys Gang Up” (2) • Scenario 2 — network at home starts spying on you: • Becomes a seed oppnet • Exploits other devices/nets to collect all info on you: • From your fridge(& RFID-equipped food packaging): what/when you eat • From your computer: keylogs your passwords, sensitive data • From your cellphone: who you call & when • From your networked camera: what photos you take • From your home security surveillance system: your private images • Cyberfly with camera eyes and microphone ears • ... • Huge privacy problem! / Huge security problem! • Controls to counteract malevolent oppnets badly needed 12
RelatedResearch • Interoperability • Among wireless networks: WANs, MANs, LANs, PANs (personal) • Much less research on interoperability between wired & wireless nets • Ambient networks (big European Union project, next-generation Internet—for 2015/2020, smaller networks able to compose themselves into bigger ones) • Growth in P2Psystems • Searching for peers in unstructured systems • Grid Systems • Integrating and managing heterogeneous systems • Trojan Horses • Mimic their spread capabilities in search for helpers • Other 13
Research Challenges in Basic Operations • Bypassed in this presentation • Include: • Challenges in Seed Oppnet Deployment • E.g., localization, self-configuration, adatptability • Challenges inDetectingHelper Systems • E.g., primitivesto detect candidates, identify and categorize them, evaluate and classify them (e.g., based on dependability and usefulness) • Challenges inInviting & Admitting Candidate Helpers • E.g., select candidates to invite, develop protocols for candidates to accept or reject invitation, devise primitives/methods to manage expanded oppnet • Etc., etc. for remaining operations 14
> CS 6910: Start here <Research Challenges inSecurity and Privacy 1) Major privacy challenges in oppnets 2) Securitychallenges in oppnets • With secondary privacy challenges 15
Major Privacy Challenges (1) • Privacy challenges in oppnets • Oppnets are and use pervasive systems • Must face all privacy challenges inherent to pervasive computing • „Make it or break it” issue for oppnets (and perv. comp) • Major privacy goals • Assure privacy of communications and data storage • Protect helper resources from the host oppnet • Protect oppnet from its helpers • Protect environment from privacy violations by oppnet • Also from malevolent oppnets 16
Major Privacy Challenges (2) • Classes of solutions to achieve the privacy goals • Provide protected private areas within seed nodes/helpers • Anonymize or pseudonimize entities within oppnet range • Detect and neutralize malevolent oppnets • Detect and neutralize exploiting oppnets for privacy violations • Special solutions for emergency oppnet applications • Strict privacy protection relaxed in life-or-death situations • Must follow law and ethics • Basic assumptions: • Entity gives up only as much privacy as indispensable for becoming a helper • Entity’s privacy disclosure is proportional to: • Benefits for the entity, or • A broader common good 17
Security Challenges (1) • Sources of security challenges • Dependable authentication cannotbe performed when helpers join oppnet • Not possible to guarantee that malicious devices will not join • Can detect notorius behavior after entity becomes a helper • If available, reputation can be used beforehand • Delivering secret keys securely to all and only non-malicious devices is very difficult • Relying alone on cryptoauthentication mechanisms (e.g., Kerberos) not sufficient =>security challengesin oppnets are bigger • Incl. MITM, packet dropping, ID spoofing (masquerading), DoS 18
Security Challenges (2) • The major security (and privacy) challenges: • Secure routing via increasing trust • Routing through more trusted systems • Shared secrets for each communicating pair • Using shared secrets with broadcast authentication • Using digital signatures • … • Helper privacy and oppnet privacy via intrusion detection (also above) • Protecting data privacy and data integrity • Identifying and preventing most dangerous attacks • Intrusion detection • All discussed next 19
Secure Routing via Increased Trust • Secure routing via increased trust • Maintain list of “more trusted”entitiesand list of „less trusted” entities • Secure routing can use both lists • Secure wireless ad hoc routing protocol most relevant for opnets: Ariadne[Hu, Perrig, and Johnson, 2002] • On-demand protocol • Works in the presence of compromised nodes • Uses symmetric cryptography • Authenticates routing messages • Still, cannot use directly • More heterogeneous (esp. w.r.t. wired/wireless transmission media) • Can look for less energy-efficient oppnet solutions • Can rely on growth to amass needed resources (even with a big safety margin) 20
Helper Privacy and Oppnet Privacyvia Intrusion Detection • Protect privacy via detecting intrusions, illegal resource accesses • Helper privacysupported via: • Access control (authentication and authorization) • Intrusion detection • 2nd line of privacy defense • Meant to work by scaring away attackers • More difficult than in many other nets • Bec. of heterogeneity, spontaneous growth • Oppnet privacy supported via: • Intrusion detection • Catches helpers that become attackers 21
Protecting Data Privacy and Data Integrity • Data privacy challenges • Capture of even a single oppnet entity(especially in crisis when providing physical protection is even more difficult)cripples whole symmetric key cryptography scheme • Attacker masquerading as controller (or cluster head) can distribute its own crypto keys • Data integrity challenges • Digital signatures are expensive computationally for lightweight devices (cellphone, PDA, etc.) • Packet format convesrsions can be attacked • Heterogeneous entities/media fragment/aggregate packets 22
Identifying and Preventing MostDangerous Attacks- Examples • MITM: e.g., malicious device becomes a MITM on the communication line between a victim and first responders • Solution: Use mutliple, heterogenous routes between victim and the center forredundant message • Packet dropping: e.g., malicious device drops some packets between a victim and the center • Solution: As above (will work if no adversary on at ≥ one route) • DoS attacks: e.g., flooding emergency center with false requests for help • Solution: Limit number of requests any device can generate. „Call back” the victim to confirm her emergency request. • Other: DoS attacks on weak links, ID spoofing, ... 23
Intrusion Detection (1) • Motivation – Why needed? • When prevention fails • Lack of initial authentication mechanism • Challenges: • Securely distributing information about malicious entities in the presence of other (unknown) malicious entities • Avoiding malicious entities while maintaining connectivity • Real-time intrusion detection and response more difficult than in other networks types • Bec. highly heterogeneous 24
Intrusion Detection (2) • Possible intrusion detection approach: [Zamboni, 2001] • Internal „software sensors” used as embedded detectors • Intrusion detection performed by autonomous agents using embedded detectors • Benefits of embedded detectors: • More resistant to tampering or disabling, because they are a part of the program they monitor. • Very low CPU overhead (not executing continuously) • Perform direct monitoring have access to the internal data of programs they monitor) • Detection data is safer—does not travel through an external path (a log file, for example) between its generation and its use 25
Conclusions • Oppnets are a new wide category of networks • Leverage resources they can detect in the vicinity • Sensing / monitoring / computing / communication / etc. resources • Particularly well suited to emergency operations • Starts with a buildup of communications infrastructure • Applicable for non-emergency situations as well • High-payoff potential for this paradigm/technology • Reduction of human suffering & loss of life • Economic benefits • Technological, educational & research benefits 26
Future Work • Investigating oppnetfundamentals • Designing oppnet architecture • With its associated components • Methods, protocols, and algorithms • Building a prototype • For stimulation and feedback • Necessary for fine-tuning oppnet design • Proof of concept: technical prowess & economic benefits 27
Thank you very much for your time and attention! 28
Selected WiSe Lab Publications onSensornets, Oppnets & Pervasive Computing * Directly related to oppnets • L. Lilien and A. Gupta, ” Opportunistic Networks for Emergency Preparadness and Response” (submitted).(*) • V. Bhuse, A. Gupta, and L. Lilien, "Research challenges in lightweight intrusion detection for sensornets" (submitted). • L. Lilien and B. Bhargava, ”A Scheme for Privacy-preserving Data Dissemination,” IEEE Transactions on Systems, Man and Cybernetics (to appear). • L. Lilien, Z. Kamal, V. Bhuse and A. Gupta, "Opportunistic Networks: The Concept and Research Challenges in Privacy and Security,” International Workshop on Research Challenges in Security and Privacy for Mobile and Wireless Networks (WSPWN 2006), Miami, Florida, March 2006. (*) • T. Canli, M. Terwilliger, A. Gupta and A. Khokhar, "Power Efficient Algorithms for Computing Fast Fourier Transform over Wireless Sensor Networks," The Fourth ACS/IEEE Conference on Computer Systems and Applications, Dubai, UAE, March 2006. • V. Bhuse, A. Gupta and L. Lilien, "DPDSN: Detection of packet-dropping attacks for wireless sensor networks," Proceedings of the 4th International Trusted Internet Workshop (TIW), International Conference on High Performance Computing, Goa, India, December 2005. • A. Gupta and V. Bhuse, "Anamoly Intrusion Detection in Wireless Sensor Networks," Journal of High Speed Networks, vol. 15, issue 1, January-March 2006. • M. Terwilliger, A. Gupta, A. Khokhar and G. Greenwood,"Localization using Evolution Strategies in Sensornets," Proceedings of the IEEE Congress on Evolutionary Computation, Edinburgh, UK, September 2005. • V. Bhuse, A. Gupta, M. Terwilliger, Z. Yang and Z. Kamal, "Using Routing Data for Information Authentication in Sensor Networks," Proceedings of the 3rd International Trusted Internet Workshop (TIW), International Conference on High Performance Computing, Bangalore, India, December 2004. • T. Canli, M. Terwilliger, A. Gupta and A. Khokhar, "Power-Time Efficient Algorithm for Computing FFT in Sensor Networks," (Extended Abstract). Proceedings of the Second ACM Conference on Embedded Networked Sensor Systems (SenSys), Baltimore, Maryland, November 2004. • B. Bhargava, L. Lilien, A. Rosenthal, and M. Winslett, “PervasiveTrust,” IEEE Intelligent Systems, vol. 19(5), Sep./Oct.2004, pp. 74-77. (*) • B. Bhargava and L. Lilien, “Private and Trusted Collaborations,” Proc. Secure Knowledge Management (SKM 2004): A Workshop, Amherst, NY, Sep. 2004. • M. Jenamani, L. Lilien, and B. Bhargava, “Anonymizing Web Services Through a Club Mechanism with Economic Incentives,” Proc. International Conference on Web Services (ICWS 2004), San Diego, California, July 2004, pp. 792-795. • Z. Kamal, M. Salahuddin, A. Gupta, M. Terwilliger, V. Bhuse and B. Beckmann, "Analytical Analysis of Data and Decision Fusion in Sensor Networks," The 2004 International Conference on Embedded Systems and Applications. Las Vegas, June 2004. • M. Terwilliger, A. Gupta, V. Bhuse, Z. Kamal, and M. Salahuddin, "A Localization System Using Wireless Sensor Networks: A Comparison of Two Techniques," Proceedings of the 2004 Workshop on Positioning, Navigation and Communication, Hanover, Germany, March 2004 , pp. 95-100. • V. Bhuse, A. Gupta and R. Pidva, "A Distributed Approach to Security in Sensornets," The 58th IEEE Semiannual Vehicular Technology Conference, Orlando, Florida, USA, October 2003. • L. Lilien, “Developing Pervasive Trust Paradigm for Authentication and Authorization,” Proc. Third Cracow Grid Workshop (CGW’03), Kraków (Cracow), Poland, October 2003, pp. 42-49 (invited paper). 29
WiSe Lab Experience in Sensornets – Selected Projects Since 1/03 * Results useful for oppnets • Designing of WiSe Security Protocols: DSPS • Location Tracker Using Motes (*) • RHS: Remote Home Surveillance (*) • Directed Diffusion: Attacks & Countermeasures • Improving the Accuracy of Mote Measurements by UsingNeural Networks • SOMS: Smart Occupancy Monitoring System Using Motes (*) • Comparative Study of Network Simulators • Collaborative Image Processing (*) • DENSe: a Development Environment for Networked Sensors • Incorporating Mobile-ware in Distributed Computations / Grids (*) • Extendingthe ns-2 Simulator to Satellite and WCN Simulations • Smart Antennas for WCNs • Energy Efficient MAC Protocols for IEEE 802.11x • A Wireless Security Testing System (*) • Mobile and Self-Calibrating Irrigation System • Collective Communications for Sensornets (*) 30