Security for Ubiquitous and Adhoc
Networks
Mobile Adhoc Networks
Collection of nodes that do not rely on a predefined infrastructure
Adhoc networks can be formed merged together partitioned to separate networks
Not necessarily but often mobile There may exist static and wired nodes
Examples Computer science classroom
adhoc network between student PDAs and workstation of the instructor
Large IT campus Employees of a company moving within a large campus with
PDAs, laptops, and cellphones Moving soldiers with wearable computers
Eavesdropping, denial-of-service and impersonation attacks can be launched
Shopping mall, restaurant, coffee shops Customers spend part of the day in a networked mall of
specialty shops, coffee shops, and restaurants
Examples
12
3
4
56
7
Group A
Group B
Group C
A trust relationship among 3 different adhoc groups
Networking Infrastructure
Networking topologies
Flat infrastructure (zero-tier) All nodes have equivalent routing roles No hierarchy
Hierarchical infrastructure (N-tier) Cluster nodes have different routing roles Control the traffic between cluster and other clusters
Routing Protocols
Proactive: table-driven and distance vector protocols Nodes periodically refresh the existing routing info,
every node can operate with consistent and up-to-date tables
Reactive (on-demand): updates the routing information only when necessary Most routing protocols are reactive
Hybrid: uses both reactive and proactive protocols For example, proactive protocol between networks,
reactive protocol inside of networks
Networking Constraints
Mobility Due to mobility, topology of network can change frequently Nodes can be temporarily off-line or unreachable
Resource constraints Energy constraints Memory and CPU constraints Bandwidth constraints
Prior trust relationship Availability of Internet connection Central trust authority, base station Pre-distributed symmetric keys Pre-defined certificates and certificate revocation lists
Trust Management
Trust model Node-to-node trust Node-to-central authority trust
Cryptosystems Public-key cryptosystem
More convenience Digital signature possibility
Secret-key cryptosystem Less functionality Key distribution problem
Trust Models
Web of Trust Model Hierarchical Model
Key Management
Key creation Central key creation Distributed key creation
Key storage Centralized Replicated storage for fault tolerance Distributed, on each node
Partial key storage (shared secrets) Full key storage
Key distribution Symmetric and private keys: Confidentiality, authenticity and integrity
should not be violated Public keys: Integrity and authenticity should be preserved
Availability
Network services should operate properly Network services should tolerate failures even when DoS
attack threats Several availability attacks:
Network layer: the attacker can modify the routing protocol (divert the traffic to invalid addresses)
Network layer: adversary can shut down the network Session layer: adversary can remove encryption in the session-level
secure channel Application layer: availability of essential services may be threatened
Physical Security
Nodes are assumed to have low physical security Nodes can easily be stolen or compromised by an
adversary Fewer than 1/3 of the principals at the time of network
formation are corrupted or malicious Single or distributed point of failure
Identification and Authentication
Only authorized nodes (subjects) can have access to data (objects)
Only authorized nodes may form, destroy, join or leave groups
Identification can be satisfied by: User ID-Password based authentication systems Presented adequate credentials Delegate certificates
Network Operations
Link layer protections Protects confidentiality Protects authenticity
Network layer protections IPSec in case of IP-based routing
Confidentiality of routing info Authenticity and integrity of routing info
Against impersonation attacks Against destruction and manipulation of messages Against false traffic due to hardware or network failure
Network Operations
Non-repudiation of routing info Routing traffic must leave traces
Management of network Must be protected from disclosure Must be protected against tampering Must be protected against modified configuration tables by
adversary (for reactive routing protocols)
Key Management Security
Environment-specific and efficient key management system Nodes must have made a mutual agreement on a shared
secret or exchanged public keys In more dynamic environments
Exchange of encryption keys may be addressed on-demand In less dynamic environments
Keys are mutually agreed proactively or configured manually
Key Management Security
Private keys have to be stored in the nodes confidentially Encrypted with the system key With proper hardware protection (smart cards) By distributing the key in parts to several nodes
Centralized approaches are vulnerable as single point of failures
Adhoc Keying Mechanisms
ID-based cryptography Master public key/secret key is generated by private-key
generation service (PKG) Master keys known to everyone Arbitrary identities are public keys
Identity: “A1” Public key: “MasterPublicKey | A1”
Private keys should be delivered to nodes by PKG
Adhoc Keying Mechanisms
ID-based encryption schemes Setup: input a security parameter, return master public/secret
keys Extract: input master secret key and identity, return the
personal secret key corresponding to identity Encrypt: input master public key, the identity of the recipient
and message, return ciphertext Decrypt: input master public key, ciphertext and a personal
secret key, return plaintext
Adhoc Keying Mechanisms
Threshold cryptography Allows operations to be “split” among multiple users In t-out-of-n threshold scheme, any set of t users can compute
function while any set of t-1 users cannot If adversary compromises even t-1 users, he cannot perform crypto
operation Honest user who needs to perform crypto operation should contact
t of users Secure against Byzantine adversaries exist for t < n/2, secure
against passive adversaries can support t < n
Resurrecting Duckling Security Model
Two state principle (duckling) Imprintable Imprinted
Imprinting principle Transition from imprintable to imprinted Mother node sends imprinting key
Imprintable Imprinted(alive)
imprinting
death
Resurrecting Duckling Security Policy
New node identifies and authenticates itself to the nearest active node (mother) in the group: imprinting
A shared secret key is established between mother and the new node: bootstrapping is generally accomplished by physical contact
This key provides privacy of computations between the node and the mother
A node may die, returning to its imprintable mode A new imprinting by another mother is possible: reverse
metempsychosis
Resurrecting Duckling Principles
Death principle Transition from imprinted to imprintable (death) Death by order of the mother Death by old age after predefined time interval Death on completion of a specific transaction/job
Assassination principle Assassination by attacker may be uneconomical Some suitable level of tamper resistance should be provided
Broken is different from death A node can be broken by an adversary, but it cannot be made
imprintable (it can be smashed, but it will not die)
Resurrecting Duckling Principles
If the shared secret key is lost and beyond recovery, we may want/need to regain control of the node The manufacturer may order the device to commit suicide
(escrowed seppuku) Shogun role by the manufacturer; however, this will cause
centralization If the mother keeps a copy of the imprinting key, localization
can be achieved Multilevel souls
The same node can serve to many mothers establishing different keys
Each soul in the node will have imprinted and imprintable states, souls would be functioning in parallel
Research at Oregon State University
Information Security Laboratory at Oregon State University is working towards developing a distributed Kerberos system for mobile adhoc network of devices Devices with different computing power, memory (code &
RAM) space, and power consumption properties Initial group formation (authentication) is accomplished by
physical contact, touching (imprinting) Symmetric cryptography based hierarchical trust model Key list & Trust list data structures Nodes may join and may gracefully leave the group Ungraceful (abrupt) leaving requires new touching
Group Formation
a
b c
d
Id Relation MAC Key
c Itself … …
a Parent … Kac
d Child … Kcd
Id Relation MAC Key
d Itself … …
c Parent … Kcd
KLc
KLd
KLa
Id Relation MAC
Key
a Itself … …
b Child … Kab
c Child … Kac
KLb
Id Relation MAC
Key
b Itself … …
a Parent … Kab
Node-to-node Key Agreement
a
b
e
d
i
h
g
f
c2
1
34
5
Ancestor SetsASb={a}
ASh={b, a}
ASd={a}
ASi={d, a}
Graceful Leave
a
b
e
d
i
h
g
f
c
j
Node j wants to leave the group
Node f generates new branch key and sends to b, b forwards new branch key to root node a, node a changes the group key and begins the group re-keying with refreshed branch keys
Abrupt Leave
a
b
e
d
i
h
g
f
c
j
Node d leaves the group abruptly
Node a generates new branch key for this branch, but since node i lost its mother, i should touch contact to any node in the group in order to re-join and re-authenticate