Post on 19-Dec-2015
transcript
Modeling Ad-hoc Rushing Attack in a
Negligiblity-based Security Framework
Jiejun KongJiejun Kong, *Xiaoyan Hong, #Mario Mario GerlaGerla
Scalable Network Technologies *Computer Science Department #Computer Science Department Los Angeles University of Alabama, Tuscaloosa University of California, Los
Angeles
jkong@scalable-networks.com, hxy@cs.ua.edu, gerla@cs.ucla.edu
ACM WiSe’06ACM WiSe’06September 29, 2006. Los Angeles, CaliforniaSeptember 29, 2006. Los Angeles, California
Notion: Security as a “landslide” game Played by the guard and the adversary
– Proposal can be found as early as Shannon’s 1949 paper– Not a 50%-50% chance game, which is too good for the
adversary
The notion has been used in modern crypto since 1970s– Based on NP-complexity – The guard wins the game with 1 - negligible probability– The adversary wins the game with negligible probability– The asymptotic notion of “negligible” applies to one-way
function (encryption, one-way hash), pseudorandom generator, zero-knowledge proof, ……
AND this time ……secure routing
The Asymptotic Cryptography Model
Security can be achieved by a polynomial-bounded guard against a polynomial-bounded adversary
1 2 # of key bits (key length) 128
Prob
abili
ty o
f sec
urity
bre
ach The “negligiblenegligible” line
(sub-polynomialsub-polynomial line)
Insecure Secure(Ambiguous area)
Our Asymptotic Network Security Model
Conforming to the classic notion of security
Network metric (e.g., # of nodes -- network scale)
Prob
abili
ty o
f net
wor
k se
curit
y br
each
The “negligiblenegligible” line(sub-polynomialsub-polynomial line)
The “exponentialexponential” line
Insecure Secure(Ambiguous area)
Negligible := (Asymptotic) Sub-Polynomial Consistent with computational cryptography’s asymptotic
notion of “negligible / sub-polynomial”
is negligible by definition
x is key length in computational cryptox is network metric (e.g., # of nodes) in network security
DefinitionDefinition: A function : N R is negligible, if for every positive integer c and all sufficiently large x’s (i.e., there
exists Nc>0, for all x>Nc),
Problem Statement Secure routing problems are not solved
– Rushing attacks, wormhole attacks, etc. are threatening mobile wireless networks
Secure routing lacks formal modeling– More generally, foundation of network security is
unknown
The connection between network scale and network security is unknown
Forwarding in Wireless Networks
Area defined by intersection of 2 or more transmission circles Node redundancy is common in wireless ad hoc networks
– In the E(AE(Aforwardforward)), expectation size of the forwarding area, there are usually more than 1 “good” or “bad” nodes inside
E(AE(Aforwardforward))
Rushing Attack [Hu,Perrig,Johnson 2003]
RREQ forwarding– Rushing attackers disobey delay (MAC/routing/queuing)
requirements& w/ higher prob., are placed on RREP / DATA path
Low-cost: feasible as long as capable of intercepting & forwarding
source dest
RREQ
RREP
Mobile network model Divides the entire network area A into large number
n of very small tiles (i.e., possible “positions”)– A node’s presence probability p at each tile is small
Follows a spatial binomial distribution B(n,p)
– When n is large and p is small, B(n,p) is approximately a spatial Poisson point distribution with rate 1
– If there are N mobile nodes, use 1 as the average PDF
N = N·1
– The probability of exactly k nodes in an area A’
1 in Random Way Point model
[Bettstetter et al.]
a=1000
In our stochastic model, 1 is arbitrary
No matter what the mobility model is, there is a stochastic PDF for node’s probabilistic presence at each position
If in certain area the node’s stochastic presence PDF is 0, then this area should not be
counted in the entire network area A
Modeling adversarial presence : percentage of non-cooperative network
members (e.g., probability of node selfishness & intrusion) 3 random variables
– x : number of nodes in the forwarding community area
– y : number of cooperative nodes
–z : number of non-cooperative nodes
Rushing Attack is Low-cost & Severe ! Per-hop success prob. of node-to-node routing is negligible
with respect to network scale N under rushing attack
Per-hop failure prob. of node-to-node ad hoc routing schemes is unfortunately 1 - negligible(N)
As illustrated later, this means rushing attack makes legacy node-to-node routing schemes fall into negative RP– Negative RP: success/yes probability is negligible, severe problem!– RP: failure/no probability is negligible
Integral and differential not a problem:
…progress … Secure routing problems are not solved
– Rushing attacks, wormhole attacks, etc. are threatening mobile wireless networks
Secure routing lacks formal modeling– More generally, foundation of network
security is unknown
The connection between network scale and network security is unknown
Terminology Las Vegas algo.
Always correct, probably fast
Monte-Carlo algo. Always fast, probably correct with 1-side error– Today’s focus
Atlantic City algo. (or Monte-Carlo w/ 2-side) Always fast, probably correct with 2-side error
RP: Randomized Polynomial-time RP (1-run): not this one!
– Polynomial-time– If correct answer is
FAILURE/NO, it always returns FAILURE/NO
– If correct answer is SUCCESS/YES, it returns SUCCESS/YES with probability ½+(x); but may return FAILURE/NO otherwise
RP (n-runs): today’s pick!– Polynomial-time– If correct answer is
FAILURE/NO, it always returns FAILURE/NO
– If correct answer is SUCCESS/YES, it returns SUCCESS/YES with probability 1-(½)n; but may return FAILURE/NO
Las Vegas
Answer
Monte Carlo Answer
SUCCESSYES
FAILURENO
SUCCESSYES
constant p > 0
(p ½+(x))1 - p ½-(x)
FAILURENO 0 1
Las Vegas
Answer
Monte Carlo Answer
SUCCESSYES
FAILURENO
SUCCESSYES
1 – pn
(p> 1-1/2n)
pn
(p<1/2n)
FAILURENO 0 1
X
poly(x)
the ideal line(can be foundby Las Vegasalgorithms)
(x)
(x)
(x)
(x)
(x)
(x)
deviation bound
deviation bound
A Generic Family of Random Algorithmswith Invariant Deviation (x)
(This is proven in Theorem 2)
Mq
t
Turing Machine (TM)
Deterministic TM– At most 1 move for each
transition state Non-deterministic TM &
Probabilistic TM– Can be represented by
DTM + random tape
Add a random tape to hold coin-tosses for probabilistic Turing Machines
# # # # # # # # # # # # #
Mq
t
Routing in Probabilistic Turing Machine
with GVG oracle # of possible node positions < O(poly(n)) Every node is only a “puppet” tape carrier --- The randomized state is maintained by an oracle, the Global
Virtual God Node communication, mobility and the environmental randomness are simulated by GVG in random tape
Mq
t
# # # # # # # # # # # # # Old place replaced by blank tape
Mq
t RREQ
On-demand route discovery starts
Mq
t RREP
Route successfully established whenRREP is received after poly(N) steps
Modeling mobility
Community Based Security (CBS)
Community-to-community forwarding (not node-to-node) Turn the table
– Now the forwarding failure becomes negligible (x)
– Rushing attack becomes ineffective
Ideally, stay in GVG-RP (i.e., with (x) forwarding failure) for polynomial routing steps (wrt. network scale N)
…progress … Secure routing problems are not solved
– Rushing attacks, wormhole attacks, etc. are threatening mobile wireless networks
Secure routing lacks formal modeling– More generally, foundation of network security is unknown
The connection between network scale and network security is unknown
Connecting a few Theories
Probabilistic Complexity Theory RP & BPP
requires discovery of negligibility
Stochastic Mobility Analysis &Spatial Poisson Processes
Summary Initiative
– Some problems (wrt. foundations of network security) are based on randomized algorithms and probabilistic complexity theory
This paper’s contributions– Devises the GVG oracle to translate wireless networking problems into randomized
algorithms– Algorithms/Protocols in GVG-RP are asymptotically invariant
(x) failure probability at each step (x) failure probability over polynomial steps– In a closed space A (2-d network area or 3-d network volume) where nodes follow spatial Poisson point
distribution and with non-zero PDF • Routing protocols based on local community coordination are in RP• In contrast, legacy routing protocols based on node-to-node coordination are in negative RP
They are severely vulnerable to low-cost routing attacks (rushing attack)
Detailed protocol design is available, though not a perfect implementation– Jiejun Kong, Xiaoyan Hong, Yunjung Yi, Joon-Sang Park, Mario Gerla, “A Secure Ad-
hoc Routing Approach using Localized Self-healing Communities,” pp.254-265, ACM MOBIHOC, May 25-28, 2005.
Open challenges– Applications in other network security domains– Foundations of network security
This slide is intentionally left blank Backup slides follow
Why does size matter? When competition is about physical power in body (network of cells): right before the
“Cretaceous-Tertiary (K-T) extinction” event, the dinosaurs were of their largest size
ALLOSAURUSERA: Late Jurassic ( Kimmeridgian 154.1 - 150.7 Ma ).
SIZE: Length 10 - 12 m. Weight 1 - 1.7 tonnes.
TYRANNOSAURUSERA: Late Cretaceous ( Campanian - Maastrichtian 83.5 - 65 Ma ).
SIZE: Length 12-14 m. Height 5m. Weight 4.5 - 7 tonnes.
PROTOCERATOPSERA: Late Cretaceous ( Santonian - Campanian 85.8 - 71.3 Ma ).SIZE: Length 2m. Height 75cm. Weight 1.4 tonnes.
TOROSAURUSERA: Late Cretaceous ( Maastrichtian 71.3 - 65 Ma ).SIZE: Length 7.6 m. Weight 7 - 8 tonnes.
Why does size matter? (cont’d) When competition is about intelligence in networks of neuron: cranial capacity
and complexity
Taxon Cranial capacity
(cc)
Age (Megannum)
Au. Afarensis 400 – 500 3.6—2.9
Au. africanus 400 – 500 3.0—2.4
Homo habilis 500 – 650 2.0—1.6
Homo rudolfensis 600 – 800 2.4—1.6
Homo ergaster 750 – 1250 1.8—1.2
Homo erectus 750 – 1250 1.8—0.3
Homo sapiens 1400 avg. 0.25—present
BPP: Bounded-error Probabilistic Polynomial-time
BPP (1-run)– Polynomial-time– On either case, will give
correct answer with
probability ½+(x) (i.e., give incorrect answer otherwise)
BPP (n-runs)– Polynomial-time– On either case, will give
correct answer with probability 1-e-n/24(i.e., give incorrect answer otherwise)
• Prove by Chernoff’s bound
Las Vegas
Answer
Monte Carlo Answer
YES NO
YES p ½+(x) 1–p ½-(x)
NO ½-(x) ½+(x)
Las Vegas
Answer
Monte Carlo Answer
YES NO
YES p > 1-e-n/24 1-p < e-n/24
NO < e-n/24 > 1-e-n/24
1 Inspired by Bettstetter et al.’s work
– For any mobility model (random walk, random way point), Bettstetter et al. have shown that1 is computable following
– For example, in random way point model
in a square network area of size a£a defined by -a/2·x· a/2 and -a/2·y· a/2
– 1 is “location dependent”, yet computable in NS2 & QualNet given any area A’ (using finite element method)