How Does Topology Affect Security in Wireless Ad Hoc Networks?

1. CS 260 – Seminar on Network Topology How Does Topology Affect Security in Wireless Ad Hoc Networks? Ioannis Broustis broustis@cs.ucr.edu

2. Motivation • Wireless networks are more vulnerable to malicious attacks than wireline networks • Lack of base station • Limited power supply • Dynamically changing topology • Demand for innovative security algorithms • A lot of work has been done with private/public keys and cryptography • Only a few studies address topology-related aspects of security

3. Problems • Dynamically changing topology  hard to distinguish between legitimate and malicious actions • Attackers can cheat on their actual location • Intrusion detection must be performed in a distributed manner • No base stations exist

4. Contribution • In this work.. • We show how can the topological aspects of the network affect its safety from attackers • We describe the four location estimation techniques • We explain why these methods are vulnerable to attacks • We present all current mechanisms that detect intrusions having to do with topological aspects • We propose a new topology-related scheme that addresses most of the attacks

5. Attacks • Wormhole / tunnelling • Two attackers create a tunnel that can be secretly used to transmit packets. • Fake location claim • A node advertizes an erroneous location to its neighbours

6. Attacks

7. Relation to Topology • Fake location claims • Mobility allows a modification of the routing table of the victim node • Mobility of legitimate nodes may help attackers disperse their malicious information • Mobile nodes have power and computation limitations

8. Location Estimation • GPS(Global Positioning System) • Satellites provide a 3-D position • No information about positions of neighbour devices • Nodes must exchange their GPS information (dangerous) Was not designed for security purposes • Attack: Attacker feeds the GPS receiver with fake GPS messages

9. Location Estimation • Radio (RF) • Measure either the received RF signal strength, or the signal's ToF • Receiver calculates the distance from the RF sender by measuring the signal strength. • The receiver must trust the sender for the power at which the latter sent the RF signal. - RF signals travel at the speed of light  attackers cannot decrease the ToF of the signal  ToF better

10. Location Estimation • Ultrasound (US) • Measure the ToF of the sound signal between two nodes • Often used together with the RF • Both the US and RF signals are transmitted at the same time. • Cannot be used outdoors • Animal – unfriendly • Attacker may use the RF link to send the US

11. Location Estimation • Infrared (IR) • Measure ToF of the IR signal • Disadvantage: a direct line-of-sight between the nodes is necessary • New links can be established by redirecting the existing light beams • Attacker cannot speed-up the signal from one node to the other: upper-bound distances

12. Previous studies • They are divided into 3 main categories: • Private/public key authentication and management (beyond the scope of our study) • Secure position-related ad hoc routing (interesting but we don't have time to talk about it now) • Secure location verification of a node's claim

13. N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley. • A set of verifiers V wish to verify whether a prover p is in a region R of interest • Use of RF and US techniques • Time to reach p using RF + the time for the return of the packet using US • If elapsed time > threshold, V will reject the claim

14. N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley. • Receiver's processing delay must be considered • Attack: submit a position claim at the border of R • At the same time, advertise an erroneous value for processing delay • V thinks that p is inside R when in fact it is not • Solution: V shrinks the allowable area • V should reject the claim when the claimed position is within Dp * s of the outside border

15. N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley. • Region of acceptance (ROA)

16. N. Sastry, U. Shankar and D. Wagner, "Secure Verification of Location Claims", EECS, University of California, Berkeley. • Region R is not always a circle Use more verifiers to cover the whole area • No key management or cryptography required. • No synchronization between V and p is required. • Problem: is advertised Dp the actual one?

17. S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004 • 1. Use of Verifiable Multilateration • It is performed by a set of verifiers

18. S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004 • 2. Use of Verifiable Time Difference of Arrival • A set of verifiers is also used

19. S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004 • Use of Landmarks

20. S. Capkun et. al, "Location Verification And Key Management In Wireless Networks", MSc thesis, EPFL 2004 • Secure distributed positioning • Basic Distance Verification (BDV)

21. Possible new scheme

22. Conclusion • The security aspects of the wireless network are closely related to its topology • Currently there is no optimal solution on many intrusion problems • New intelligent attacks are invented all the time • Difficult to design a general solution • Hot research subject Slide theme: Tom Karygiannis