a collusion attack on pairwise key presdistribution
play

A Collusion Attack on Pairwise Key Presdistribution Schemes for - PowerPoint PPT Presentation

Aug 10, 2023 •572 likes •773 views

Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions A Collusion Attack on Pairwise Key Presdistribution Schemes for Distributed Sensor Networks Tyler W Moore University of Cambridge Computer

  1. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions A Collusion Attack on Pairwise Key Presdistribution Schemes for Distributed Sensor Networks Tyler W Moore University of Cambridge Computer Laboratory IEEE Workshop on Pervasive Computing and Communications Security 2006 Pisa, Italy Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  2. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Introduction Key predistribution schemes considered the safest way to bootstrap trust in a sensor network Main drawback: high storage overhead Key predistribution can actually be quite insecure Many pre-loaded global secrets strengthen attacker incentive Localised communication helps hide misbehaviour We describe an attack where colluding nodes reuse selected pairwise keys to create many false identities and hijack majority of communications Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  3. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Bootstrapping a sensor network Constraints for establishing secure communication Sensors deployed in hostile environments ⇒ global passive adversary No tamper-resistant hardware ⇒ several corrupt nodes Network topology unknown prior to deployment No access to centralised server, trusted third party, etc. Solution Assign keys to nodes in advance Must balance security against storage and computing limitations of sensors Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  4. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Options for predistributing keys Single master key predistribution Inexpensive but susceptible to single compromise Pairwise key predistribution Resilient to widespread compromise but storage infeasible for large networks (requires n − 1 keys per node) Random key predistribution (Eschenauer & Gligor CCS 2002) Nodes are assigned a random subset of keys from a large key space If nodes share a common key, then a link can be established Probabilistic guarantees based on random graph theory Efficient, though fails badly when a small group of nodes are compromised Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  5. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Options for predistributing keys (ctd.) Random pairwise scheme (Chan et al. IEEE S&P 2003) Combines the random graph approach with pairwise key assignment More efficient than pure pairwise scheme, but requires much more storage than EG 2003 (each node typically stores between 0 . 2 n and 0 . 4 n keys, depending on parameters) No duplicate keys, so secure against eavesdropping attacks Authors claim that pairwise key assignment enables mutual authentication at no added cost But is it secure from a colluding attacker? Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  6. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Notation and system parameters Notation n : Network size n ′ : expected number of neighbour nodes in radio range p : probability of two nodes sharing a pairwise key N ( d ): set of neighbours of node d U ( d ): set of usable pairwise keys for node d System model Nodes have limited communication radius Nodes distributed uniformly across a space Nodes pre-loaded with n ∗ p pairwise keys Nodes broadcast their identifiers to neighbours, who check ID to see if they share a pairwise key Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  7. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Attack preconditions Threat model Attacker compromises a set of nodes A , q = | A | , obtaining keys and controlling all communications Attacker nodes may collude across network via existing routing mechanism or an out-of-band channel Attack targets the integrity and availability of communications Weaknesses of key predistribution Many more secrets pre-loaded than actually used for communication ( n ∗ p >> n ′ ) Sensors have localised interactions, but global key assignment Key insight: colluding attackers can exploit latent secrets and communication gaps Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  8. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Attack description Consider two nodes controlled by an attacker, a, b ∈ A a tells b its secrets b masquerades as a to all of b ’s neighbours that a shares a pairwise key with, and vice versa Repeat for all pairs of nodes in A As more nodes are compromised, more keys can be reused Like a Sybil attack (each node presents multiple identities) Like a node replication attack (multiple copies of same node) Attacker nodes pretend to be different nodes to different neighbours Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  9. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Example attack e i k be c g a b k ag f k ah d h legitimate pairwise key colluding pairwise key k ag Independence Collusion U ( a ) { k ad } { k ad , k be } U ( b ) { k bh , k bi } { k bh , k bi , k ag , k ah } Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  10. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Overlap a e d b c Only one of nodes a and c should masquerade as b to node e Node c gains nothing by pretending to be a to d Overlap unavoidable as q → n n ′ Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  11. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Attack Discussion Integrity, availability of communications targeted, not confidentiality Many false channels can overwhelm legitimate ones Authentication based on pairwise key possession inadequate Node revocation, redundant routing schemes undermined Attack variables Coordination levels: ratio n ′ n between average node neighbourhood and network size Key storage: as p increases, more secrets can be exploited Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  12. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Impact Analysis & Measurement We focus on the number of usable pairwise secret keys available to an attacker A pairwise key is usable if it is shared between nodes in communication range and it is not already in use within this range Attack Metrics Number of usable pairwise keys available to a colluding attacker Ratio of usable keys for attacker to keys available to attacker’s neighbours Simulations Nodes uniformly distributed over a plane n = 1000, n ′ = 60, p = . 25 and varied q , averaging results from 20 rounds Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  13. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Increased usable pairwise keys 4000 25,000 independence collusion usable pairwise keys 20,000 3000 15,000 2000 10,000 1000 5,000 0 0 0 .005 .01 .015 .02 0 .02 .04 .06 .08 .10 fraction of attacker nodes fraction of attacker nodes Measures � a ∈ A | U ( a ) | for increasing q Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  14. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Per-node usable pairwise keys 250 independence 200 collusion pairwise keys 150 100 50 0 0 .01 .02 .03 .04 .05 .06 .07 .08 .09 .10 fraction of attacker−controlled nodes As q grows large, each colluding node can establish n ∗ p fake communication channels Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  15. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Quantifying attacker penetration But what is the overall impact of a collusion attack? � a ∈ A | U ( a ) | I ( A ) = � � b ∈ N ( a ) | U ( b ) | a ∈ A I ( A ) compares the number of usable pairwise keys available to an attacker to the keys available to attacker-controlled nodes’ neighbours I ( A ) reveals the fraction of working communication channels controlled by the attacker Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

  16. Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions Quantifying attacker penetration (ctd.) 0.7 independence fraction of usable pairwise keys 0.6 collusion 0.5 0.4 0.3 0.2 0.1 0 0 .01 .02 .03 .04 .05 .06 .07 .08 .09 .10 fraction of attacker−controlled nodes Corrupting 5% of nodes grants power to half of communication channels Any application requiring honest interaction with majority of neighbours is susceptible Tyler W Moore A Collusion Attack on Pairwise Key Predistribution

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated Model in the Mediated Model Jol Alwen (NYU) Jonathan Katz (U. Maryland) Yehuda Lindell (Bar-Ilan U.) Giuseppe Persiano (U. Salerno) abhi

519 views • 25 slides
Graph Resistance and Learning from Pairwise Comparisons pairwise comparisons of items. In

Graph Resistance and Learning from Pairwise Comparisons pairwise comparisons of items. In

Alex Olshevsky Department of ECE, Boston University Joint work with Julien Hendrickx (UC Louvain) and Venkatesh Saligrama (BU) Graph Resistance and Learning from Pairwise Comparisons pairwise comparisons of items. In many contexts,

759 views • 50 slides
Fighting Collusion in Auctions Theory & Experiment Audrey Hu Theo Offerman Sander

Fighting Collusion in Auctions Theory & Experiment Audrey Hu Theo Offerman Sander

Fighting Collusion in Auctions Theory & Experiment Audrey Hu Theo Offerman Sander Onderstal Motivation Fighting collusion is a primary concern of auctioneers (Graham and Marshall, 1987; Marshall and Marx, 2006) In the 1980s, 75%

488 views • 22 slides
Hacking Online Games Matt Ward & Paul Jennas II April 22, 2012 Agenda Importance Attack

Hacking Online Games Matt Ward & Paul Jennas II April 22, 2012 Agenda Importance Attack

Hacking Online Games Matt Ward & Paul Jennas II April 22, 2012 Agenda Importance Attack Tree for Cheating On-line Poker Bots Denial of Service Collusion Software Exploits Conclusion Importance Out-of-band market for virtual equipment

1.07k views • 63 slides
Competition Policy - Spring 2005 Collusion II Antonio Cabrales & Massimo Motta April 22,

Competition Policy - Spring 2005 Collusion II Antonio Cabrales & Massimo Motta April 22,

Prepared with SEVI SLIDES Competition Policy - Spring 2005 Collusion II Antonio Cabrales & Massimo Motta April 22, 2005 Summary Symmetry helps collusion Multimarket contacts Cartels

522 views • 31 slides
Online Learning with Pairwise Loss Functions Online Learning with Pairwise Loss Functions MLSIG

Online Learning with Pairwise Loss Functions Online Learning with Pairwise Loss Functions MLSIG

Online Learning with Pairwise Loss Functions Online Learning with Pairwise Loss Functions MLSIG Seminar Series, Dept. of CSA, IISc Joint work with B. Sriperumbudur, P. Jain, H. Karnick Purushottam Kar MLO Group, Microsoft Research India Outline

464 views • 28 slides
OLIGOPOLY DYNAMICS: COLLUSION AND PRICE WARS Overview Context: Firms interact over time

OLIGOPOLY DYNAMICS: COLLUSION AND PRICE WARS Overview Context: Firms interact over time

OLIGOPOLY DYNAMICS: COLLUSION AND PRICE WARS Overview Context: Firms interact over time possibly using history-dependent strategies Concepts: repeated games, grim strategies, collusion, price wars Economic principle: repetition

375 views • 26 slides
BEWARE Sustainable Beef L i b e r t y H a n g s i n T h e B a l a n c e What Is the GRSB? A

BEWARE Sustainable Beef L i b e r t y H a n g s i n T h e B a l a n c e What Is the GRSB? A

BEWARE Sustainable Beef L i b e r t y H a n g s i n T h e B a l a n c e What Is the GRSB? A legal entity a 501(c) (3) Corporation Organized in Colorado a vehicle to facilitate collusion against freedom loving people collusion |k

1.11k views • 69 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Pairwise Sequence Alignment: Dynamic Programming Algorithms COMP 571 Luay Nakhleh, Rice

Pairwise Sequence Alignment: Dynamic Programming Algorithms COMP 571 Luay Nakhleh, Rice

1 Pairwise Sequence Alignment: Dynamic Programming Algorithms COMP 571 Luay Nakhleh, Rice University 2 DP Algorithms for Pairwise Alignment The number of all possible pairwise alignments (if gaps are allowed) is exponential in the length

386 views • 9 slides
Collaboration or Combination? Integration or Collusion? Beware of Antitrust Risks Contracts

Collaboration or Combination? Integration or Collusion? Beware of Antitrust Risks Contracts

Collaboration or Combination? Integration or Collusion? Beware of Antitrust Risks Contracts Mergers Collaboration or Combination? ACOs Networks Integration or Collusion? Employed Beware of Antitrust Risks Physicians Bundled Payments

297 views • 7 slides
Me Merge gers a and Collus Collusion ion in in Al All - Pay Au Auctions and Crowdsourcin

Me Merge gers a and Collus Collusion ion in in Al All - Pay Au Auctions and Crowdsourcin

Me Merge gers a and Collus Collusion ion in in Al All - Pay Au Auctions and Crowdsourcin Crowdsourcing Con g Conte tests sts Omer Lev, Maria Polukarov, Yoram Bachrach & Jeffrey S. Rosenschein AAMAS 2013 St. Paul, Minnesota

570 views • 21 slides
Pairwise comparison, and other methods MATH 105: Contemporary Mathematics University of

Pairwise comparison, and other methods MATH 105: Contemporary Mathematics University of

Pairwise comparison, and other methods MATH 105: Contemporary Mathematics University of Louisville October 26, 2017 Pairwise Comparison 2 / 12 How to Simplify Voting Every method weve seen so far seems flawed somehow. And yet choosing

389 views • 6 slides
Pairwise Alignment Mark Voorhies 3/27/2012 Mark Voorhies Pairwise Alignment Review: Tips and

Pairwise Alignment Mark Voorhies 3/27/2012 Mark Voorhies Pairwise Alignment Review: Tips and

Pairwise Alignment Mark Voorhies 3/27/2012 Mark Voorhies Pairwise Alignment Review: Tips and tricks Making a file executable: chmod a+x pydotter . py Handling file/directory names with spaces: cd My \ D i r e c t o r y \ with \ Spaces

955 views • 57 slides
3.6. Tacit Collusion Matilde Machado

3.6. Tacit Collusion Matilde Machado

3.6. Tacit Collusion Matilde Machado 3.6. Colusin Tcita: juegos

372 views • 8 slides
Foundations of Computing II Lecture 9: Pairwise-Independent Hashing Stefano Tessaro

Foundations of Computing II Lecture 9: Pairwise-Independent Hashing Stefano Tessaro

CSE 312 Foundations of Computing II Lecture 9: Pairwise-Independent Hashing Stefano Tessaro tessaro@cs.washington.edu 1 This week Applications + Random Variables Today: Data structures! The power of pairwise-independence

745 views • 21 slides
A Systems Thinking Approach to Building and Updating C4ISR Architecture Views William B. Carter

A Systems Thinking Approach to Building and Updating C4ISR Architecture Views William B. Carter

I n t e g r i t y S e r v i c e E x c e l l e n c e A Systems Thinking Approach to Building and Updating C4ISR Architecture Views William B. Carter 29 January 2003 1 C4ISR Architecture View Update Process PURPOSE n Describe the outcomes

342 views • 21 slides
Latency-Reliability Tradeoff for Different Hop-Level ARQ-based Error Recovery in a Multi-Hop

Latency-Reliability Tradeoff for Different Hop-Level ARQ-based Error Recovery in a Multi-Hop

Latency-Reliability Tradeoff for Different Hop-Level ARQ-based Error Recovery in a Multi-Hop Wireless Network Teeraw at I ssariyakul ( teeraw at@trlabs.ca) Ekram Hossain ( ekram @ee.um anitoba.ca) Attahiru Sule Alfa ( alfa@ee.um anitoba.ca)

581 views • 32 slides
Arizonas Education Transformation Presented to: Information Technology Authorization

Arizonas Education Transformation Presented to: Information Technology Authorization

Arizonas Education Transformation Presented to: Information Technology Authorization Committee July 2017 Satish K Pattisapu Chief Information Officer Arizona Education Learning and Accountability System (AELAS) ARS 15-249 enacted in

424 views • 16 slides
PLEASE HOLD ALL QUESTIONS UNTIL AFTER THE PRESENTATION Summary in your packet OFFICE OF THE

PLEASE HOLD ALL QUESTIONS UNTIL AFTER THE PRESENTATION Summary in your packet OFFICE OF THE

PLEASE HOLD ALL QUESTIONS UNTIL AFTER THE PRESENTATION Summary in your packet OFFICE OF THE BURSAR STUDENT CASHIER CENTER STUDENT DISBURSEMENTS CENTER https://bursar.louisiana.edu FAQ database Survey Cost to Attend? Tuition and Fees

370 views • 35 slides
Performance measuring Who? Alexandru Giurgiu (alex.giurgiu@os3.nl) Jeroen Vanderauwera

Performance measuring Who? Alexandru Giurgiu (alex.giurgiu@os3.nl) Jeroen Vanderauwera

Performance measuring Who? Alexandru Giurgiu (alex.giurgiu@os3.nl) Jeroen Vanderauwera (jeroen.vanderauwera@os3.nl) From? System and Network Engineering - UvA When? June 22, 2010 1/21 Table of contents Introduction 1 Test setup 2

230 views • 21 slides
ENGIE Fab New Business And Innovation ENGIE Fab AGENDA I. General Introduction II. ENGIE

ENGIE Fab New Business And Innovation ENGIE Fab AGENDA I. General Introduction II. ENGIE

ENGIE Fab New Business And Innovation ENGIE Fab AGENDA I. General Introduction II. ENGIE Innovation III. ENGIE New Ventures IV. ENGIE New Business Factory General Introduction What Business Innovation Is All About ENGIE Fab Seeking

499 views • 20 slides
Lecture 1: Introduction, Types & Expressions (Chapter 1, Section 2.6) CS 1110 Introduction

Lecture 1: Introduction, Types & Expressions (Chapter 1, Section 2.6) CS 1110 Introduction

http://www.cs.cornell.edu/courses/cs1110/2018sp Lecture 1: Introduction, Types & Expressions (Chapter 1, Section 2.6) CS 1110 Introduction to Computing Using Python [E. Andersen, A. Bracy, D. Gries, L. Lee, S. Marschner, and W. White] CS

330 views • 30 slides
Building a Microservices Platform with Kubernetes Matthew Mark Miller @DataMiller Cloud Native:

Building a Microservices Platform with Kubernetes Matthew Mark Miller @DataMiller Cloud Native:

Building a Microservices Platform with Kubernetes Matthew Mark Miller @DataMiller Cloud Native: Microservices running inside Containers on top of Platforms on any infrastructure Microservice A software component of a system that is

1.05k views • 60 slides

More recommend