1 / 22

CSC 774 Advanced Network Security

CSC 774 Advanced Network Security. Packet Leashes: A Defense Against Wormhole Attacks in Wireless Networks Presented by: Jinsuk Jun 14 th Nov 2005. Outline. The Wormhole Attack Packet Leash for Wormhole Detection Temporal Leash and the TIK Protocol Analysis Future Works & Conclusion.

justice
Download Presentation

CSC 774 Advanced Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC 774 Advanced Network Security Packet Leashes: A Defense Against Wormhole Attacks in Wireless Networks Presented by: Jinsuk Jun 14th Nov 2005

  2. Outline • The Wormhole Attack • Packet Leash for Wormhole Detection • Temporal Leash and the TIK Protocol • Analysis • Future Works& Conclusion

  3. Colluding Attackers D S Wormhole The Wormhole Attack • Attacker records a packet at one location in the network, tunnels the packet to another location, then replays it there • Packets may be replayed from the far end of the wormhole. • Puts attacker in a powerful position.

  4. Applications of the Wormhole Attack • Denial-of-Service • On-demand routing protocol such as DSR, AODV • Routing Disruptions • Periodic routing protocol such as DSDV, OLSR, TBRPF • Unauthorized Access • Any wireless access control system that is based on physical proximity

  5. Packet Leash • Assumptions • Resource constrained nodes • Existing key distribution mechanism • Packet Leash • A general mechanism for detecting wormhole • Restrict a packet’s maximum transmission distance. • Geographical Leashes • Temporal Leashes

  6. Geographical Leashes • Location knowledge • Loosely synchronized clocks • Bounded node velocity • Multiple location detection

  7. Temporal Leashes • Definition: a temporal leash establishes an upper bound on a packet’s lifetime, which restricts the maximum travel distance • Timing and contention-based MAC protocols • All nodes must have tightly sync clocks • Maximum clock error (D) must be known by all nodes • Maximum error must be on the order of microseconds or hundreds ofnanoseconds

  8. Temporal Leashes (contd.) • Implementation with a packet expiration time • Authentication technique should be use to protect the timestamp inside packets te: packet expiration time ts: packet sent time c: propagation speed of wireless signal L: maximum allowed travel distance; L > Lmin = Δ*c Δ: maximum clock difference between 2 nodes 

  9. Temporal Leash (contd.) • Node can use message authentication codes for authentication • The sender S and receiver R must share a secret key K

  10. Temporal Leashes (contd.) • Problem ! • In contention-based MAC protocol, sender may not know the precise time it will transmit • Generating digital signature such as RSA take too much time ( order of 10 ms ) • Increase minimum transmission unit • Use more efficient signature scheme

  11. C0 C1 C2 C3 C4 Tree-Authenticated Values • One-way Hash Chain • Chain value by repeatedly apply hash function • Very efficient to compute but still has high overhead • Hash Tree • Place value at leaf node of binary tree • Each internal node is derived from its 2 child nodes

  12. Merkle Hash Trees

  13. TIK Protocol • TESLA with Instant Key disclosure • Provide instant broadcast authentication for temporal leashes • Require accurate time sync between all nodes • Require each node to know one public value for each sender node

  14. TIK Protocol (contd.) • Sender Setup • Derive a series of keys • Selects a key expiration interval I , and determines a schedule of key expiration

  15. TIK Protocol (contd.) • Key expiration • Sender construct hash tree using keysas leaf nodes

  16. TIK Protocol (contd.) • Sending & Verifying Packets • Sender: • Sender pick a key Ki that will not have expired when receiver receives the packet M: message payload HMACKi(M): message authentication code for M Ki: key used to generate the HMAC for M T: tree authentication values used to authenticate Ki • Receiver: • Verifies if the sender has started sending Ki after receiving HMAC, based on Ti • Verifies if Ki is authentic based on the hash root value and T • Verifies the HMAC, using authenticated Ki • Accept the packet as authentic only if all those verifications are successful

  17. TIK Protocol (contd.)

  18. TIK Protocol (contd.) • MAC Layer Issues • TDMA MAC protocol • Choose the time at which the frame begins transmission • HMAC sent by time • Minimum payload length is • CSMA MAC protocol • If protocol use RTS/CTS handshake, the min packet size can be reduced

  19. Security Analysis • Temporal leash with TIK protocol can detect and prevent wormhole attacks if all nodes are good nodes • Can’t deal with a malicious sender that claims a false timestamp • Can’t deal with a malicious receiver that refuses to check the leash

  20. Geographical Leash Can be used with radio propagation model Do not require tight time sync Location info increase overhead Can be used until max range is 2nD Temporal Leash Highly efficient when used with TIK Require tight time sync Cannot be used if max range is less than cD Geographical VS. Temporal

  21. Geographical VS. Temporal • Compare the effectiveness of geographic leashes and temporal leashes by compare the distance • Geographic • Temporal • Geographic leashes should be used when d < cD and temporal leashes should be use when d ≤ cD

  22. Future Works& Conclusion • Future Works • More research on how the sender/receiver can accurately determine ts/tr • Design and deploy accurate time synchronization device among the nodes • Conclusion • Wormhole attack is a significant danger to routing protocols in ad hoc networks. • Packet leashes have the ability to detect such attacks. • TIK can provide efficient authentication in networks with tight time synchronization. • Not for use in resource-scarce systems.

More Related