1 / 21

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks. Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson Presented by : Varagur Karthik Iyer Adapted from the slides by: Qiao Xu, CSC774 Spring04. Outline. Introduction Temporal Leashes TIK Protocol

ilori
Download Presentation

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson Presented by : Varagur Karthik Iyer Adapted from the slides by: Qiao Xu, CSC774 Spring04

  2. Outline • Introduction • Temporal Leashes • TIK Protocol • Performance & Security Analysis • Future Work & Conclusion

  3. Introduction • Problem: Wormhole Attack • An attacker records packets at one location of the network, tunnel them to another location, and retransmits them there into the network • Wormhole attack allows attackers to: • Gain unauthorized access • Disrupt routing • Perform DOS attacks • Solution: Packet Leash • Add information into the packet to restrict its maximum allowed transmission distance

  4. Illustration of a wormhole attack • A mobile wireless ad hoc network • Nodes S and D communicate through wireless multi hop routing Normal Operation S D

  5. Illustration of a wormhole attack • A mobile wireless ad hoc network • Nodes S and D communicate through wireless multi hop routing Under Attack Colluding Attackers S Wormhole D

  6. Goal Limit the distance traveled by a packet in a network Approaches Two approaches to the achieve the goal Space : geographical leashes Limit the range of the packet using the distance it can travel Time : Temporal Leashes Limit the range of the packet using the time it remains valid Packet Leashes Colluding Attackers S Wormhole D

  7. Geographical Leashes (Overview) • Definition: a geographical leash establishes an upper bound on the distance that a packet can travel • Requirements • Every node must have knowledge of its location • Loose time synchronization • Nodes can be relatively mobile • Geographical leashes also enable multiple location detection

  8. Temporal Leashes • Definition: a temporal leash establishes an upper bound on a packet’s lifetime, which restricts the maximum travel distance • Key Requirement: all nodes must have tightly synchronized clocks • Maximum clock difference (Δ) between any two nodes must be within a few microseconds

  9. Temporal Leashes • Implementation with a packet expiration time • Sender calculates a packet expiration time to be sent with each packet: te = ts + L/c – Δ • te: packet expiration time • ts: packet sent time • c: propagation speed of wireless signal • L: maximum allowed travel distance; L > Lmin = Δ*c • Δ: maximum clock difference between 2 nodes

  10. Temporal Leashes • Receiver will accept and process a received packet if and only if the time when the packet is received (tr) is less than the packet expiration time (te) • What’s missing? • Need an efficient way for the receiver to authenticate te

  11. TIK Protocol - Overview • TIK – TESLA with Instant Key disclosure • TIK implements a temporal leash and provides efficient instant authentication for broadcast communication in wireless networks • Based on the observation that a receiver can verify the TESLA security condition, that the corresponding key hasn’t been disclosed, as it receives the packet, this allows sender to disclose the key in the same packet • Assume sender can precisely predict ts and receiver can record tr as soon as the packet arrives • Requires accurate time synchronization between all the nodes

  12. TIK Protocol – Sender Setup • Sender generates a series of keys, K0, K1,…, Kw-1, using a PRF F and a secret master key X: Ki = Fx(i) • Sender selects a key expiration interval I and determines the expiration time (Ti) for its keys: Ti = T0 + i*I, where T0 is the expiration time for K0 • Sender constructs a Merkle hash tree to commit to keys: K0, K1,…, Kw-1

  13. TIK Protocol – Merkle Hash Tree m07 m03 m47 m01 m23 m45 m67 K0’ K1’ K2’ K3’ K4’ K5’ K6’ K7’ K0 K1 K2 K3 K4 K5 K6 K7

  14. TIK Protocol – Merkle Hash Tree • How is it constructed? • For every leaf node, Ki’ = H(Ki); i.e. K0’ = H(K0) • For every parent node, mp = H(ml || mr); i.e. m01 = H(K0’|| K1’), m03 = H(m01 || m23); • The root value (m07) is signed by the sender and sent to the receivers, where it can be authenticated with sender’s public key • To authenticate K2, for example: • Sender must include K3’, m01, m47 in the packet • Receiver computes m07’ and compare to the pre-distributed m07 m07’ = H[ H[ m01 || H[ H[K2] || K3’]] || m47 ]

  15. TIK Protocol – Receiver Bootstrapping • Assume all nodes are synchronized with a maximum clock difference of Δ • Assume each receiver knows every sender’s hash tree root value and the associated parameter T0 and I

  16. TIK Protocol – Sending and Verifying Packets Sender HMAC M T Ki Receiver HMAC M T Ki Time at Sender ts Ti Time at Receiver tr≤ (ts + т - Δ) ≤ (Ti - Δ)

  17. TIK Protocol – Sending and Verifying Packets • S → R: (HMACKi(M), M, T, Ki) • M: message payload • HMACKi(M): message authentication code for M • Ki: key used to generate the HMAC for M • T: tree authentication values used to authenticate Ki • Receiver: • Verifies if the sender has started sendingKi after receiving HMAC, based on Ti • Verifies if Ki is authentic based on the hash root value and T • Verifies the HMAC, using authenticated Ki • Accept the packet as authentic only if all those verifications are successful

  18. Security & Performance Analysis • Security Analysis • Temporal leash with TIK protocol can detect and prevent wormhole attacks if all nodes are good nodes • Can’t deal with a malicious sender that claims a false timestamp • Can’t deal with a malicious receiver that refuses to check the leash • Performance Analysis • Requires only n public keys in a network with n nodes • Efficient hash tree authentication of keys • Efficient instant authentication of packet because the key is disclosed in the same packet • Modest storage requirement for the Merkle hash tree

  19. Related Work • RF-Watermarking • Modulating the RF waveform in a way known only to authorized nodes • Vulnerable to node capture • Intrusion Detection • Hard to isolate attacker using a software only approach, since it is hard to distinguish malicious traffic from legitimate traffic

  20. Future Work & Conclusion • Future Work • An efficient implementation of Geographical leashes • Securing TIK against node misbehavior (sender/receiver) • Achieving accurate time synchronization among the nodes • Conclusion • Wormhole attack is a powerful and disruptive attack against wireless networks • With precise timestamps and tight clock synchronization, TIK can prevent wormhole attacks

  21. Thank You! • Questions and Comments

More Related