230 likes | 355 Views
An Unlinkable Communication Protocol for WLAN. 2 nd Intermediate Master Thesis Presentation Björn Muntwyler 18 th March 2010 - 17 th September 2010 Advisors : Dr. Vincent Lenders & Dr. Franck Legendre Supervisor : Prof. Dr. Bernhard Plattner. Motivation. Hardened WLAN Systems:
E N D
An Unlinkable Communication Protocol for WLAN 2nd Intermediate Master Thesis Presentation Björn Muntwyler 18th March 2010 - 17th September 2010 Advisors: Dr. Vincent Lenders & Dr. Franck Legendre Supervisor: Prof. Dr. Bernhard Plattner
Motivation Hardened WLAN Systems: Specialized High security level High privacy level High cost proprietary Hard to get (e.g. military Systems) Hardened Systems Standard Systems e.g. military proprietary solutions e.g. Wifi (/+WPA), ZigBee, Bluetooth Ideas, Mechanisms, etc... • Standard WLAN Systems: • Standardized • Low security level • Low privacy level • Low cost • high interoperability • Goal: How can we increase the „privacy“ of a given wireless communication protocol • Hardening given protocols to increase „privacy“
Departement/Institut/Gruppe Who Where What „Privacy“ is a very broad topic – there are leaks everywhere! Most effort is done above the pysical layer Identifier-free link-layer protocol, Disposable Interface Identifiers (Data Link Layer) IPsec (Internet/Network Layer) Transport Layer Security (Application Layer) Related Work References [*]: in appendix
Departement/Institut/Gruppe Problem Formulation Avoid a passive attacker to know: Who's communicating with whom? What is the content of their communication? When is someone communicating? Where - Location Privacy Goal:How can we increase the „privacy“ of a given wireless communication protocol Hardening given protocols to increase „privacy“ Condition: Based on open standards using Software Defined Radios (SDR)
Departement/Institut/Gruppe The New Approach - PSCHP Securing the wireless communication at the pysical layer Using the SDR for IEEE 802.15.4 (ZigBee PHY) Direct-Sequence Spread-Spectrum (DSSS) Two Pairwise Spreading-Sequences: One code for each communication-partner and -direction Periodic Pairwise Code-Hopping: periodically change the chip-sequence used between two nodes to avoid the codes being compromised Idea:Use secret codes and change them dynamically – make solution customizable through „Privacy-Parameters“ Expected Gain: Hide signal below noise level of attacker to remain undetectable Defend against cryptographic attacks on spreading sequences by dynamicly changing those Defend against many „Privacy-Dimensions“ B K1 K2 A K3 K4 C
Departement/Institut/Gruppe Overview Pairwise-Synchronized Code-Hopping Protocol (PSCH-P) Periodic constraint check Sent bytes Time since last key change Two nodes change the chip-sequence simultaneously using the PSCH-Protocol 3-way handshake with Diffie-Hellman key agreement Generate new codes from this shared secret A global chip-sequence Kglobal for administratives → shared secret S (passphrase, UDSSS, etc.) Initialization Joining the Network PSCH-P PSCH-P
Departement/Institut/Gruppe What happend since our last Intermediate Presentation!? Finished Implementation of ZigBee-PSCHP-Solution Evaluation of ZigBee-PSCH-Protocol How much higher is the Packet Loss Rate of PSCHP compared to the Original Code? How does the Overhead behave w.r.t. „privacy“ parameters compared with the Original Code? What are the Key Exchange Times and Setup Times? What is the Attack Surface of PSCHP? How fast can an attacker break the secret codes? How much better can we get by invreasing the Spreading factor? … work in progress ...
Departement/Institut/Gruppe How much higher is the Packet Loss Rate of PSCHP compared to the Original Code? Only slight increase in Packet Loss At lower SNR – moderate PLR, changing Codes more frequently can overcome de-synchronization of PSCHP due to Sync-Pkt-Losses At very low SNR – high PLR, the PSCH-Protocol fails due to lost PSCHP-packets (3-way hand shake)
Departement/Institut/Gruppe How much higher is the Packet Loss Rate of PSCHP compared to the Original Code? Only slight increase in Packet Loss At lower SNR – moderate PLR, changing Codes more frequently can overcome de-synchronization of PSCHP due to Sync-Pkt-Losses At very low SNR – high PLR, the PSCH-Protocol fails due to lost PSCHP-packets (3-way hand shake) Conclusion: Packet Loss Rate increases < 5 %
Departement/Institut/Gruppe How does the Overhead behave w.r.t. „privacy“ parameters compared with the Original Code? Overhead w.r.t. Code-change frequency (PSCHP Byte- Constraint Values) compared to Original Code Min. Key-Change Time: 0.071 sec Min. Setup-Time: 0.110 sec ( + TimerA2)
Departement/Institut/Gruppe How does the Overhead behave w.r.t. „privacy“ parameters compared with the Original Code? Overhead w.r.t. Code-change frequency (PSCHP Byte- Constraint Values) compared to Original Code Min. Key-Change Time: 0.071 sec Min. Setup-Time: 0.110 sec Conclusion: To get an overhead of less then 10% we need Byte Constraints > 1e3 Bytes
Departement/Institut/Gruppe What is the Attack Surface of PSCHP?AND How fast can an attacker break the secret codes? Attacker capabilities and prevention methods are discussed here: Attackability of PSCHP-Solutions Attacking M-ary Spreading- Sequences (Paper: Cluster-based Blind Estimation of M-ary DSSS Signals, Wang et. al.) Finding weak points of PSCHP … work in progress ...
Departement/Institut/Gruppe How fast can an attacker break the secret codes? (IDEA) Check region of communication Check overhead Get area of „Privacy“ Parameters to change spreading sequenes before the attacker has collected enough data to break the codes … work in progress ... Signal-to-Noise Ratio (SNR) [db] Signal-to-Noise Ratio (SNR) [db] Distance [m]
Departement/Institut/Gruppe How much better can we get by invreasing the Spreading factor? … work in progress ...
Departement/Institut/Gruppe Contents of Report (DRAFT) Abstract Contents & List of Figures / Tables Introduction Intro into topic Define the term Privacy Overview of the Thesis Related Work Privacy related Security Problems Attack Tree I Why I chose the Physical Layer Related Work on PHY (Frank Hermanns Code Hopping) Background Knowledge IEEE 802.15.4 ZigBee Direct Sequence Spread Spectrum (DSSS)
Departement/Institut/Gruppe Contents of Report (DRAFT) Attacker Model, System Model and Privacy Requirements PSCHP – The New Approach Design Overview The PSCH-Protocol Customizable Privacy Parameters Implementation The Original Code PSCHP State Machine Spreading Sequence Generation PSCHP messages (INI-SYNC, INI-ACK, ACK-SYNC, D-BEACON)
Departement/Institut/Gruppe Contents of Report (DRAFT) Evaluation of PSCHP Not implemented stuff which could improve PSCHP Drawbacks (Overhead, Throughput, Limitations etc.) Attacking PSCHP Attack Tree II etc. Conclusion & Future Work Bibliography Report Master Thesis ? Paper (+ Technical Report)
Departement/Institut/Gruppe Contents of Report (DRAFT) Evaluation of PSCHP Not implemented stuff which could improve PSCHP Drawbacks (Overhead, Throughput, Limitations etc.) Attacking PSCHP Attack Tree II etc. Conclusion & Future Work Bibliography Report Master Thesis ?! Paper (+ Technical Report)
Departement/Institut/Gruppe Plan for the last 6 Weeks Finish stuff marked as „... work in progress ...“ Analyze influence on packet loss rate and attackability while increasing the Spreading Factor Ajusting the Sending Power according to distance between Sender and Receiver (Design) Writing the Report (4 weeks) Current week
Departement/Institut/Gruppe Appendix / Backup Slides
Departement/Institut/Gruppe Appendix / Backup Slides
Departement/Institut/Gruppe Appendix / Backup Slides