1 / 35

Mobile Traffic Sensor Network vs. Motion-MIX : Tracing & Protecting Mobile Wireless Nodes

Mobile Traffic Sensor Network vs. Motion-MIX : Tracing & Protecting Mobile Wireless Nodes. # Jiejun Kong, * Dapeng Wu, + Xiaoyan Hong, # Mario Gerla # Dept of Computer Science * Dept of Computer Science + Dept of EE

reba
Download Presentation

Mobile Traffic Sensor Network vs. Motion-MIX : Tracing & Protecting Mobile Wireless Nodes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile Traffic Sensor Network vs. Motion-MIX:Tracing & Protecting Mobile Wireless Nodes #Jiejun Kong, *Dapeng Wu, +Xiaoyan Hong, #Mario Gerla #Dept of Computer Science *Dept of Computer Science +Dept of EE UCLA University of Florida University of Alabama November 7, 2005 @ACM SASN’05

  2. Problem: Mobile Anonymity • Fixed Anonymity: Identity(net addr) • Mobile Anonymity: Identity  Location • Identity (net addr/identity) • Location (positioned by the adversary) • Motion pattern(deduced by the adversary) • Significance of anonymous wireless communication • 1996 A.D.: Chechnya rebel leader, General Dzhokhar Dudayev, always on the move, but killed during a traceable wireless call

  3. Mobile Traffic Sensor Network • Mobile traffic analyst • Unmanned aerial vehicle (UAV) • Coordinated positioning(tri-lateration / tri-angulation)can reduce location uncertainty • If moving faster thanthe transmitter, canalways trace the victim

  4. Outline • Background • Proposed solution • In theory: Asymptotic network security model • In practice: Motion-MIX • Security analysis • Motion-MIX satisfies the asymptotic network security model • Summary

  5. Notion: Security as a “landslide” game • Played by the guard and the adversary • Proposal can be found as early as Shannon’s 1949 paper • Not a 50%-50% chance game, which is too good for the adversary • The notion has been used in modern crypto since 1970s • Based on NP-complexity • The guard wins the game with 1 - negligible probability • The adversary wins the game with negligible probability • The asymptotic notion of “negligible” applies to one-way function (encryption, one-way hash), pseudorandom generator, zero-knowledge proof, ……AND this time ……

  6. Definition: A function m: NR is negligible, if for every positive integer c and all sufficiently large x’s (i.e., there exists Nc>0, for all x>Nc), Our Asymptotic Network Security Model • Concept: the probability of security breach decreases exponentially toward 0 when network metric increases linearly / polynomially • Consistent with computational cryptography’s asymptotic notion of “negligible / sub-polynomial” • is negligible by definition x is key length in computational cryptox is network metric (e.g., # of nodes) in network security

  7. Insecure Secure(Ambiguous area) The Asymptotic Cryptography Model The “negligible” line(sub-polynomial line) • Security can be achieved by a polynomial-bounded guard against a polynomial-bounded adversary Probability of security breach 1 2 # of key bits (key length) 128 • See Lenstra’s analysis for proper key length(given adversary’s brute-force computational power) • There are approximately 2268 atoms in the entire universe

  8. Insecure Secure(Ambiguous area) Our Asymptotic Network Security Model The “negligible” line(sub-polynomial line) • Conforming to the classic notion of security used in modern cryptography ! We’ve used the same security notion The “exponential” line(memory-less line) Probability of network security breach Network metric (e.g., # of nodes -- network scale)

  9. Design Assumptions • Adversary model • Passive • Few insiders (captured & compromised nodes), • Global (or equivalently, mobile and capable of scanning the entire network area in short time) • Honest-but-curious (protocol-compliant) • External: polynomially-bounded by key length • Internal: fraction  of N (which is # of network nodes) • Network model • Loquor ergo sum (I speak, so I exist): nodes must transmit upon application demand, cannot shut up • Pairwise key sharing (via Diffie-Hellman, KPS, or “mobility helps security”)

  10. Venue  Venue • “Venue” is the smallest area that the adversary can “pinpoint” a wireless transmitter via its wireless transmission The VIP nodebeing traced

  11. D. Niculescu, B. Nath, “VOR Base Stations for Indoor 802.11 Positioning,” ACM MOBICOM’04, pp.58—69. Assumption: Imperfect Wireless Positioning

  12. Motion Pattern Tracing (1 node) • 1 transmitting node in the network • No way to protect it • Just like a cryptographic case using 1-bit key

  13. Motion Pattern Tracing (2 nodes) • 2 transmitting nodes in the network; Better security protection • What’s the network-based analytic model behind this phenomenon?What happens if there are many nodes in a scalable network? • We need Motion-MIX

  14.  Motion-MIX: Design Goal • k incoming mobile nodes or wireless packet flows get fully mixed in the Motion-MIX k-anonymity: the adversary cannot differentiate these k nodes

  15. Motion-MIX vs. Chaumian MIX • Effectiveness determined by the adversary’s capability & the guard’s capability • Privacy model: like Chaumian MIX processor, the internal state of Motion-MIX is private The adversarial side cannot position any transmitting node inside the area quantified by  • Temporal-spatial model: like Chaumian MIX (e.g., pool mix), the guarding side can delay and gather the protected items in a Motion-MIX Motion-MIX’s size is determined bi-laterally (the adversary & the guard) in terms of time and space

  16. Adversary’s capability  ’ Size of Motion-MIX • Adversary determines inner circle • Guard determines outer ring • t is the minimum delay between any 2 transmissions from a single node • vavg is the average/expected node mobility speed • Motion-MIX’s size is a bilaterally-determined quantity’ = ( + vavg*t)

  17. Wireless Traffic Mixing Per Venue Algorithm D -- Wireless traffic mixing:(Each venue transmits approximately kpackets pert in a fully distributed manner) Prerequisite: Pre-defined system parameterkand unit timet.1 Divide current unit timetintokslices. 2 FOR (each time slicei) DO 3 IF (I have only heardx<itransmissions so far during the current unit time interval) 4 In the next time slice, transmit a decoy packet with probability(i-x)/i. 5 END IF 6 END FOR Ensures: Greater-than-zero effect1. If at least a “good” node is in a venue, the adversary can only estimate there are averagelyE(k’)nodes inside. Actually # of nodes inside the venue can be from minimally1 to maximally(N - #_of_non-empty_venues). 2. Otherwise, the venue is empty. Motion-MIX is not functional.

  18. Necessary Conditions of Motion-MIX • Protocol-stack-wise concerns, not limited to application/middleware layer (unlike MIX-Zone) • Building blocks • Identity-free routing  ANODR (MOBIHOC’03) • Anonymous even against any insider • One-time packet contents  XOR-tree (TISS’00) • E.g., for 100 packets, the 2 extreme cases (1 sender to 1 recipient & 100 different senders to 100 different recipients) and all cases in-between are equally probable looks truly random / independent • Radio interface calibration to remove RF signatures “Shake them up” (MOBISYS’05)

  19. #E #D #C KB( KA(hello)) KA(hello) KC( KB( KA(hello))) KA(hello) KC( KB( KA(hello))) KB( KA(hello)) #B Identity-free Routing: ANODR (MOBIHOC’03) E Route-REPly global_trap denotes an encryption of a well-known tag (“You are the destination”) using a key only known by destination E C D B • ANODR: destination EreceivesRREQ, global_trap, onion where A Route-REQuest onion = KD( KC( KB( KA(hello)))) RREP, global_proof, onion  RREP, global_proof, onion, #X#X is a random packet stamp selected by Xand shared on the hop KX(m) denotes using symmetric key K (only known by X) to encrypt a message m

  20. payload payload payload payload #3 #2 #1 #4 Identity-free Data Forwarding • Table driven virtual circuit: stores mapping of a pair of packet stamps • Packet marked with # • Matched incoming # is replaced by corresponding outgoing # • IP address, 802.11 MAC address not used in ANODR C A B #3 #4 #1 #2 #2 #3

  21. 198573f8d5b 198573f8d5b 2 e53410957fa 3 e53410957fa ... ... One-time Packet Contents (cont’d) • “Unpredictable” pseudorandom packet contents • In secular term, looks truly random to the adversary • Key management & distribution needed 56a35d537fe 1 56a35d537fe Key

  22. 4342747 5422819 5452343 1745634 9746411 6175747 8543358 Identity-free Packet Flow (ANODR)

  23. Mobile network model • Divides the network into large number n of very small tiles (i.e., possible “positions”) • A node’s presence probability p at each tile is small Follows a spatial binomial distributionB(n,p) • When n is large and p is small, B(n,p) is approximately a spatial Poisson distribution with rate r1 • If there are N mobile nodes roaming i.i.d.rN= N·r1 • The probability of exactly k nodes in an area A’

  24. Venue ’ Venue

  25. Average Venue • Publicity assumption (Kerckhoff’s Desiderata): the adversary knows the entire identity set and the network area, it can estimate that expectation of # of nodes in each venue is • Thus, nodes in each venue transmit k = E(k') real/decoy packets in a fully distributed manner • A motion-MIX is min(k, E(k'))–anonymouswhere '=(+vavg*t) is the bi-lateral Motion-MIX size • In each non-empty venue, min(k, E(k')) - anonymous • In the entire network, ubiquitously min(k, E(k')) - anonymous due to identity-free routing, one-time packet contents and RF signature hiding

  26. Untraceable Mobile Nodes (or Packet Flows) All motion patterns equally likely if contiguous venues are non-empty (in the previous time slot t) Untraceable(per Shannon’s information theoretic notion) The VIP nodebeing traced

  27. Security Analysis: Impact of N (# of nodes) Probability of having less than k good nodes is negligible with respect to network scale N Probability of tracing a mobile node is negligible with respect to Nand motion time |T| Probability of tracing a packet flow is negligible with respect to N and# of traveled venues |X|

  28. Summary • Anonymous communication in mobile networks has its own idiosyncrasy • Motion pattern of mobile nodes can be traced Motion-MIX needed • We propose a novel asymptotic network security model that is consistent with classic security notions • Identity-free routing, one-time packet contents, and radio signature hiding are necessary conditions to implement Motion-MIX • Motion-MIX + ANODR is practical • Work-in-progress: Currently, doing real-world experiments on Motion-MIX and ANODR • Related to MANET localization/positioning, QualNet simulation, ANODR Linux implementation, UAV experiment • More rigorous formalization & proofs

  29. UCLA E-mail contacts:Jiejun Kong: jkong@cs.ucla.eduMario Gerla: gerla@cs.ucla.edu Thank You Questions ?

  30. Notion: Perfect Secrecy(C.E.Shannon) • A triangluar relation: plaintext M, ciphertext E, key K • Given ciphertext E, adversary gains no informationH(M|E) = H(M)a posteriori = a priori XORm k = e Not scalable

  31. Route-driven connection Route-driven connection s s r r 1 1 1 1 s s r r 2 2 2 2 s s r r 3 3 3 3 s s r r 4 4 4 4 anonymity anonymity anonymity anonymity set set set set Notion: Perfect Anonymity(IACR ePrint TR2005-132) Not Scalable indistinguishable indistinguishable flooding synchronized Sender Anonymity Recipient Anonymity

  32. Message Secrecy & Anonymity(information theoretic notion) • Security degradation can be defined as the ratio between H(XAS|C)andH(XAS),as demonstrated in 2 PET’02 papers [Serjantov&Danezis,PET’02] and [Diaz et al., PET’02] • This non-scalable solution is not our answer ! Perfect AnonymityH(XAS|C) = H(XAS) Perfect SecrecyH(M|E) = H(M)

  33. r1 • Inspired by Bettstetter et al.’s work • For any mobility model (random walk, random way point), Bettstetter et al. have shown thatr1 is computable following • For example, in random way point modelin a square network area of size a£a defined by -a/2·x· a/2 and -a/2·y· a/2 • r1 is “location independent”, yet computable in NS2 & QualNet given any area A’(using finite element method)

  34. r1in Random Way Point model [Bettstetter et al.] a=1000

  35. WASP Micro-Aerial Vehicle (MAV) • Wingspan: 13 inches • Combined wing structure (Lithium-Ion battery pack): 4.25 ounces (120 gm) • Total weight of the vehicle: 6 ounces (170 gm) • Power: 9 Watts during the flight. • Flying time: 1 hour and 47 min • Good enough to trace a mobile soldier or a few soliders per MAV

More Related