ADVANCED TOPICSShambhu Upadhyaya*

Mesh Networks and SecurityShambhu Upadhyaya*

What are Wireless Mesh Networks?Similar to Wi-Fi Networks Instead of multiple wireless hotspots (WHS), WMNs use one WHS and several transit access points (TAP), also called routersClients connect to TAPs, which connect wirelessly to the WHS either directly or multi-hopping over other TAPs

Shambhu Upadhyaya*

WMNsWMN provides reliability through redundancyIt is a special case of wireless ad hoc networksWireless mesh networks can be implemented with various wireless technologies including 802.11 (802.11s), 802.15, 802.16 ExamplesMIT RoofNet (2001)Quail Ridge WMN (QuRiNet) at Napa Valley, CA (2004)Also useful in smart grid for automatic meter readingShambhu Upadhyaya*

Advantages/DisadvantagesAdvantagesThe TAPs themselves are cheaper than WHSSince TAPs communicate by wireless signals, they do not require cabling to be run to add new TAPsAllows for rapid deployment of temporary networksDisadvantagesTAPs are often placed in unprotected locationsLack of physical security guaranteesCommunications are wireless and therefore susceptible to all the vulnerabilities of wireless transmissions

Shambhu Upadhyaya*

Three Security Challenges Posed by WMNsSecuring the routing mechanismWMNs rely on multi-hop transmissions over a predominantly wireless networkRouting protocol is very important and a tempting targetDetection of corrupt TAPsThe TAPs are likely to be stored in unprotected locations, so they may be easily accessed by malicious entities and can be corrupted or stolenProviding fairnessThe protocol needs to be designed to distribute bandwidth between the TAPs in a manner fair to the users to prevent bandwidth starvation of devices far from the WHS

Shambhu Upadhyaya*

FairnessThere are several ways in which bandwidth can be distributed among TAPsWhat may be the best solution is to distribute bandwidth proportional to the number of clients using a TAP

Shambhu Upadhyaya*

Attack ModelFour simple types of attacks possibleThe first attack is removal and replacement of the device easily detected by change of topologyAccess the internal state of the deviceModify internal stateClone TAPsOther sophisticated attacks possibleBlocking attacks, black hole, sybil, etc.Shambhu Upadhyaya*

Access Internal State This is a passive attack and is difficult to detectIn this attack the attacker need not disconnect the device from WMNEven the disconnection cannot be detectedThe effect of the attack can be reduced by changing the TAP data at regular intervalsShambhu Upadhyaya*

Modify Internal StateIn this type of attack, the attacker can modify the routing algorithmThis type attack also changes the topologyIt can also be detected by WHSShambhu Upadhyaya*

Clone TAPIn this type of attack the attacker is able to create a replica of the TAP and place this in a strategic location in WMNIt also allows the attacker to inject some false data or to disconnect some parts of networkIt can damage the routing mechanisms but can be detectedShambhu Upadhyaya*

Jamming and CountermeasureThe first diagram shows the attack by the adversaryThe second diagram shows the protection measure for this attack after detectionShambhu Upadhyaya*

Attacks on Multihop Routing in WMNRational attack vs. malicious attackA rational attack Does only if misbehaving is beneficial in terms of price, QoS, or resource savingFor instance, force the traffic through a specific TAP in order to monitor the traffic of a given mobile client or regionA malicious attack Involves partitioning the network or isolating the TAPsFor instance, the routes between WHS and TAPs are artificially increased leading to poor performance

Shambhu Upadhyaya*

Securing Multihop RoutingUsing secure routing protocols to prevent attacks against routing messagesIf the state of one or more TAPs is modified, the attack can be detected and the network reconfiguredDoS attacks can be prevented by identifying the source of disturbance and disabling itShambhu Upadhyaya*

Generalized WMNsVehicular Networks is special case of WMNs where TAPs are represented by cars and roadside WHSInvolves applications such as reporting events (accidents), cooperative driving, payment services and location based servicesMulti-Operator WMNs include several operators and various devices: mobile phones, laptops, base stations and APs Shambhu Upadhyaya*

ConclusionWMNs extend the coverage of WHS in an inexpensive mannerThe three fundamental security issues that have to be addressed in WMNsDetection of corrupt TAPsDefining and using a secure routing protocolDefining and implementing a proper fairness metric

Shambhu Upadhyaya*

ReferenceBen Salem, N.; Hubaux, J-P, "Securing wireless mesh networks , Wireless Communications, IEEE, vol.13, no.2, pp.50,55, April 2006Shambhu Upadhyaya*

Energy-Aware ComputingShambhu Upadhyaya*

Issues in Sensor NetworksLocalizationSynchronizationIn-network processingData-centric queryingEnergy-aware computingShambhu Upadhyaya*

Energy ConstraintsBattery-powered devicesCommunication is much more energy consuming than computationTransmitting 1 bit costs as much energy as running 1,000 instructionsGap is only going to be larger in the futureLoad balancingCoordinated sleeping schedulesExplore correlation in sensing dataPower saving techniques integral to most sensor networks

Shambhu Upadhyaya*

MAC Protocols for Sensor NetworksContention-Based:CSMA protocols (IEEE 802.15.4)Random access to avoid collisionsIEEE 802.11 type with power saving methodsScheduling-Based:Assign transmission schedules (sleep/awake patterns) to each nodeVariants of TDMAHybrid schemesShambhu Upadhyaya*

MAC Protocol ExamplesPAMAS [SR98]:Power-aware Medium-Access Protocol with SignalingContention-based accessPowers off nodes that are not receiving or forwarding packetsUses a separate signaling channelS-MAC [YHE02]:Sensor Medium Access Control protocolContention-based accessTRAMA [ROGLA03]:Traffic-adaptive medium access protocol Schedule- and contention-based accessWave scheduling [TYD+04]:Schedule- and contention-based accessShambhu Upadhyaya*

S-MACIdentifies sources of energy waste [YHE03]:CollisionOverhearingOverhead due to control trafficIdle listeningTrade off latency and fairness for reducing energy consumptionComponents of S-MAC:A periodic sleep and listen pattern for each nodeCollision and overhearing avoidanceShambhu Upadhyaya*

S-MAC: Sleep and Listen SchedulesEach node has a sleep and listen schedule and maintains a table of schedules of neighboring nodesBefore selecting a schedule, node listens for a period of time:If it hears a schedule broadcast, then it adopts that schedule and rebroadcasts it after a random delayOtherwise, it selects a schedule and broadcasts itIf a node receives a different schedule after selecting its schedule, it adopts both schedulesNeed significant degree of synchronizationShambhu Upadhyaya*

S-MAC: Collision and Overhearing AvoidanceCollision avoidance:Within a listen phase, senders contending to send messages to same receiver use 802.11Overhearing avoidance:When a node hears an RTS or CTS packet, then it goes to sleepAll neighbors of a sender and the receiver sleep until the current transmission is overShambhu Upadhyaya*

Routing StrategiesGeographic routing:Greedy routingPerimeter or face routingGeographic localizationAttribute-based routing:Directed diffusionRumor routingGeographic hash tablesEnergy-aware routing:Minimum-energy broadcastEnergy-aware routing to a regionShambhu Upadhyaya*

Energy-Aware RoutingNeed energy-efficient pathsNotions of energy-efficiency:Select path with smallest energy consumptionSelect paths so that network lifetime is maximizedWhen network gets disconnectedWhen one node diesWhen area being sensed is not covered any moreApproaches:Combine geographic routing with energy-awarenessMinimum-energy broadcastShambhu Upadhyaya*

Minimum Energy Broadcast RoutingGiven a set of nodes in the planeGoal: Broadcast from a source to all nodesIn a single step, a node may broadcast within a range by appropriately adjusting transmit powerEnergy consumed by a broadcast over range is proportional to Problem: Compute the sequence of broadcast steps that consume minimum total energyCentralized solutionsNP-complete [ZHE02]Shambhu Upadhyaya*

Three Greedy HeuristicsIn each tree, power for each node proportional to th exponent of distance to farthest child in treeShortest Paths Tree (SPT) [WNE02]Node version of Dijkstras SPT algorithmMinimum Spanning Tree (MST) [WNE02]Maintains an arborescence rooted at sourceBroadcasting Incremental Power (BIP) [WNE02]In each step, add a node that can be reached with minimum increment in total costSPT is (n)-approximate, MST and BIP have approximation ratio of at most 12 [WCLF01]Shambhu Upadhyaya*

ReferencesFeng Zhao and Leonidas Guibas, Wireless Sensor Networks: An Information Processing Approach, Morgan Kaufman, 2004Jeffrey E. Wieselthier, Gam D. Nguyen, and Anthony Ephremides. 2002. Energy-efficient broadcast and multicast trees in wireless networks. Mob. Netw. Appl. 7, 6 (December 2002)Shambhu Upadhyaya*

Advanced Metering Infrastructure (AMI)Shambhu Upadhyaya*

A Typical Smart GridShambhu Upadhyaya*

Advanced Meter ReadingAdvanced Metering Infrastructure (AMI) or smart meters (2-way) Used for revenue accountingWireless based Many proprietary Moderate range, drive-by reading Mesh (Zigbee) and WiFi sometimes About 50Million AMR/AMI installed (USA) Suggested standard: ANSI C12.18 Smart meters (at Microgrid level) provide information needed to analyze energy usage and thus allow energy minimization algorithms to be implemented

Shambhu Upadhyaya*

Prospects for Smart AppliancesExamples: smart refrigerator, smart dryerTwo-way communication via InternetLogical extension of smart grid/buildingsTechnically possible for years but Hardware costs high; Installation may be complex; Standards lackingForms a SCADA or CPS systemSecurity and privacy concerns highBenefits unclearFuturistic discussion mostlyShambhu Upadhyaya*

Smart Metering CommunicationZigbee is ideal for AMICan network a no. of sensors and controllers in a householdPossibly in a mesh networkCan operate in one of 3 frequency bandsShambhu Upadhyaya*

Potential ConcernsWiFi and Zigbee interferenceCan be handled by separating the channels by 30MHzSecurity concerns of ad hoc and mesh networks applyEavesdroppingTraffic analysisReplay attacksAdditionally:Employee mistakes, equipment malfunctions, virus, coordinated attacks from a state or terrorist groupPrivacy concernsSmart meters collect personally identifiable info Cyber criminals could use them for identity theftShambhu Upadhyaya*

A Privacy Compromise ScenarioElectricity use patterns could lead to disclosureCould leak info on customersWhen theyre at home (sleeping versus watching television)When at work, or travelingIt might also be possible to discover what types of appliances and devices are presentIncreases in power draw could suggest changes in business operationsImpactsCriminal targeting of homeBusiness intelligence to competitors

Shambhu Upadhyaya*

Hacking Attacks and MitigationTwo-way communication between customers and utility companies means more riskTwo-way meters accessible to both users and enemies (use buggy s/w)Smart meter is the pain point (may be hacked)Simulation of a worm injected into a meter showshow it would spread how it can be used to cause power grids to surge or shut offCommon vulnerabilities exist, but no powerful devices to implementDevices do not have cycles to implement strong crypto solutionsMitigation techniquesZigbee security (uses hierarchy of keys)Machine-to-machine strong authenticationEncryptionData hashing, digital signing, etc.This is an active research area todayShambhu Upadhyaya*

ReferencesDarold Wobschall, University at Buffalo, 2012M. Nabeel, J. Zage, S. Kerr, E. Bertino, Cryptographic Key Management for Smart Power Grids, 2012, http://www.cerias.purdue.edu/apps/reports_and_papers/view/4591

Shambhu Upadhyaya*

Internet of Things (IoT)Shambhu Upadhyaya*

What is IoT?Loosely coupled decentralized system of smart objectsUbiquitous computing, 100B to be connected to the Internet by 2020After the WWW, IoT represents the most potentially disruptive technological revolutionWhat inspired IoT?RFID, Short-range wireless communicationReal-time localizationSensor networksWhat does it entail?Scientific theoryEngineering designUser experienceShambhu Upadhyaya*

IoT CurriculumUniversities have started building special curriculaOpen University in UK has developed a learning infrastructure for collaborative learning in IoTMerging of the physical and digital realms (CPS)Physical objects become true actors on the InternetHuge increase in the number of internetconnected devices, objects, sensors and actuatorsHuge increase in the amount and value of data (Big Data)Emergence of novel embedded device platforms below the level of personal mobile devicesNovel applications in energy, transport, health, business and daily lifeExpectation is that MOOCs may take up the challengeCompanies such as Cisco, IBM, Intel are engaging

Shambhu Upadhyaya*

Skills Set for IoTAlgorithmsProgramming skillsDistribution and collaborationAbility to develop networked sensing appsCreative designCollaborative designEthical issuesPrivacy and securityComputing in society

Shambhu Upadhyaya*

Typical Components of IoTiPodNokia, Android cell phonesNintendo DS, Game Boy AdvanceRoomba 500 iRobotSirius Satellite Radio ReceiversAutomobiles Shambhu Upadhyaya*

IoT Protocol DetailsIEEE 802.15.4 is the standard for low rate WPANs802.15.4 handles the physical and MAC layer but not upper layersCan be used with 6LoWPAN and standard IP protocols to build a wireless embedded Internet6LoWPAN is the low power IPv6 version developed for small devicesShambhu Upadhyaya*

Internet of Nano ThingsShambhu Upadhyaya*

Security Challenges in IoTCryptographic securityTraditional tools may not be suitable due to limited processor speed and memoryKey managementManual key management may not scaleLimited user interfaces will make security deployment difficultCredentialing Credentialing users and devices requiredmay not scale due to the sheer size of the neworkIdentity managementA devise identity may need to be mapped to groups of usersUsability is also an issueLimited user interfacePrivacy Sensitive information on health frontnetwork guards may be needed

Shambhu Upadhyaya*

Referenceshttp://prezi.com/aordc8uod3rj/internet-of-things-presentation/IEEE Computer, February 2013I. Akyildiz and J. Jornet, The Internet of Nano-Things, IEEE Wireless Communications, 2010

Shambhu Upadhyaya*

*These are examples of energy efficient protocols*In graph theory, an arborescence is a directed graph in which, for a vertex u called the root and any other vertex v, there is exactly one directed path from u to v.*Interference can be handled by separating the channels by 30MHz

*Nintendo DS Developers System*Electromagnetic communication works in the THz band*Credentialing establishing credentials using a third party.*