1 / 24

Using Directional Antennas to Prevent Wormhole Attacks

Using Directional Antennas to Prevent Wormhole Attacks. Lingxuan Hu and David Evans [lingxuan, evans]@cs.virginia.edu Department of Computer Science University of Virginia NDSS 2004 5 February 2004 http://www.cs.virginia.edu/evans/. Wormhole Attack. B. C. A. D. S. Y. X.

lindsay
Download Presentation

Using Directional Antennas to Prevent Wormhole Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu and David Evans [lingxuan, evans]@cs.virginia.edu Department of Computer Science University of Virginia NDSS 2004 5 February 2004 http://www.cs.virginia.edu/evans/ Hu and Evans, UVa

  2. Wormhole Attack B C A D S Y X Attacker needs a transceivers at two locations in the network, connected by a low latency link Attacker replays (selectively) packets heard at one location at the other location Hu and Evans, UVa Pirate image by Donald Synstelien

  3. Beacon Routing 1 0 2 4 3 Nodes select parents based on minimum hops to base station Hu and Evans, UVa

  4. Wormhole vs. Beacon Routing [Karlof and Wagner, 2003]; [Hu, Perrig, Johnson 2003] 1 0 2 2 1 0 X Y Wormhole attack disrupts network without needing to break any cryptography! Hu and Evans, UVa

  5. Wormhole Impact 1 0.9 0.8 0.7 Base Station at Corner 0.6 500 0 0.5 Fraction of Routes to Base Station Disrupted 0.4 0.3 Base Station at Center 0.2 0.1 0 0 50 100 150 200 250 300 350 400 450 500 Position of Endpoint (x,x) A randomly placed wormhole disrupts ~5% of links A single wormhole can disrupt 40% of links (center) 0 500 Hu and Evans, UVa

  6. Possible Solutions • Packet Arrival Time • Packet Leashes [Hu, Perrig, Johnson 2003] • Signal is transmitted at speed of light • Requires tightly synchronized clocks (temporal leashes) or precise location information (geographic leashes) • Packet Arrival Direction Hu and Evans, UVa

  7. Directional Antennas North 3 2 4 1 Aligned to magnetic North, so zone 1 always faces East 5 6 Omnidirectional Transmission Directional Transmission from Zone 4 Model based on [Choudhury and Vaidya, 2002] General benefits: power saving, less collisions Hu and Evans, UVa

  8. Assumptions • Legitimate nodes can establish secure node-node links • All critical messages are encrypted • Network is fairly dense • Nodes are stationary • Most links are bidirectional (unidirectional links cannot be established) • Transmissions are perfect wedges • Nodes are aligned perfectly (relaxed in paper) Hu and Evans, UVa

  9. Protocol Idea • Wormhole attack depends on a node that is not nearby convincing another node it is • Verify neighbors are really neighbors • Only accept messages from verified neighbors Hu and Evans, UVa

  10. Directional Neighbor Discovery 3 2 B 4 1 A zone (B, A) = 4 is the antenna zone in which B hears A 5 6 • 1. A Region HELLO | IDA • Sent by all antenna elements (sweeping) • 2. B  A IDB | EKBA(IDA | R | zone (B, A)) • Sent by zone (B, A) element, R is nonce • A  BR • Checks zone is opposite,sent by zone (A, B) Hu and Evans, UVa

  11. 3 2 4 1 5 6 Detecting False Neighbors B A Y X zone (B, A[Y]) = 1 zone (A, B [X]) = 1 False Neighbor: zone (A, B) should be opposite zone (B, A) Hu and Evans, UVa

  12. 3 2 4 1 5 6 Not Detecting False Neighbors B A Y X zone (B, A[Y]) = 4 zone (A, B [X]) = 1 Undetected False Neighbor: zone (A, B) = opposite of zone (B, A) Directional neighbor discovery prevents 1/6 of false direct links…but doesn’t prevent disruption Hu and Evans, UVa

  13. Observation: Cooperate! • Wormhole can only trick nodes in particular locations • Verify neighbors using other nodes • Based on the direction from which you hear the verifier node, and it hears the announcer, can distinguish legitimate neighbor Hu and Evans, UVa

  14. 3 2 4 1 5 6 Verifier Region v • A verifier must satisfy these two properties: • 1. Be heard by B in a different zone: • zone (B, A) ≠ zone (B, V) • 2. B and V hear A in different zones: • zone (B, A) ≠ zone (V, A) zone (B, A) = 4 zone (B, V) = 5 zone (B, A) = 4 zone (V, A) = 3 (one more constraint will be explained soon) Hu and Evans, UVa

  15. Verified Neighbor Discovery 5. IDV | EKBV (IDA | zone (V, B)) V A B 4. INQUIRY | IDB | IDA | zone (B, A) 1. A Region Announcement, done through sequential sweeping 2. BA Include nonce and zone information in the message 3. A B Check zone information and send back the nonce Same as before 4. BRegionRequest for verifier to validate A 5. V B If V is a valid verifier, sends confirmation 6. BA Accept A as its neighbor and notify A Hu and Evans, UVa

  16. Verifier Analysis 3 2 3 2 v 4 1 B 1 4 Y X A 5 6 5 6 Region 1 Region 2 Wormhole cannot trick a valid verifier: zone (V, A [Y]) = 5 zone (A, V [X]) = 1 Not opposites: verification fails Hu and Evans, UVa

  17. Worawannotai Attack v V hears A and B directly A and B hear V directly But, A and B hear each other only through repeated X 3 2 3 2 B 1 4 X A 5 6 5 6 Region 1 Region 2 Hu and Evans, UVa

  18. Preventing Attack 1. zone (B, A) zone (B, V) 2. zone (B, A) zone (V, A) 3. zone (B, V) cannot be both adjacent to zone (B, A) and adjacent to zone (V, A) Hu and Evans, UVa

  19. Cost Analysis • Communication Overhead • Minimal • Establishing link keys typically requires announcement, challenge and response • Adds messages for inquiry, verification and acceptance • Connectivity • How many legitimate links are lost because they cannot be verified? Hu and Evans, UVa

  20. 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 Node Distance (r) Lose Some Legitimate Links Network Density = 10 Network Density = 3 1 Verified Protocol 0.9 0.8 0.7 Verified Protocol 0.6 0.5 Strict Protocol (Preventing W Attack) Link Disconnection Probability Strict Protocol (Preventing W Attack) 0.4 0.3 0.2 0.1 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Node Distance (r) Hu and Evans, UVa

  21. …but small effect on connectivity and routing 10 Network with density = 10 Verified protocol: 0.5% links are lost no nodes disconnected Strict protocol: 40% links are lost 0.03% nodes disconnected 9 8 7 Strict Protocol 6 Verified Protocol 5 Average Path Length 4 Trust All 3 2 1 0 4 6 8 10 12 14 16 18 20 Omnidirectional Node Density (More details and experiments in paper) Hu and Evans, UVa

  22. Vulnerabilities • Attacker with multiple wormhole endpoints • Can create packets coming from different directions to appear neighborly • Magnet Attacks • Protocol depends on compass alignment of nodes • Antenna, orientation inaccuracies • Real transmissions are not perfect wedges Hu and Evans, UVa

  23. Conclusion/Moral • An attacker with few resources and no crypto keys can substantially disrupt a network with a wormhole attack • Mr. Rogers was right: “Be a good neighbor” • If you know your neighbors, can detect wormhole • Need to cooperate with your neighbors to know who your legitimate neighbors are Hu and Evans, UVa

  24. http://www.cs.virginia.edu/evans/ndss04 Hu and Evans, UVa

More Related