securing neighbor discovery
play

Securing Neighbor Discovery the wormhole attack centralized and - PowerPoint PPT Presentation

Sep 21, 2022 •300 likes •639 views

Securing Neighbor Discovery the wormhole attack centralized and decentralized wormhole detection mechanisms Security and Cooperation in Wireless Networks Georg-August University Gttingen Introduction many wireless networking

  1. Securing Neighbor Discovery  the wormhole attack  centralized and decentralized wormhole detection mechanisms Security and Cooperation in Wireless Networks Georg-August University Göttingen

  2. Introduction many wireless networking mechanisms require that the nodes be aware of their  neighborhood (i.e. to know which other nodes they can communicate with directly) The procedure used to acquire this knowledge is called neighbor discovery  If two nodes are in each other’s radio range (are able to hear each other) they  would be considered as neighbors a simple neighbor discovery protocol:  – every node broadcasts a neighbor discovery request – each node that hears the request responds with a neighbor discovery reply – messages carry node identifiers  neighboring nodes discover each other’s ID an adversary may try to thwart the execution of the protocol  – prevent two neighbors to discover each other by jamming – create a neighbor relationship between far-away nodes • by spoofing identity of legitimate nodes and to establish neighbor relationships with other nodes (can be prevented using entity authentication mechanisms) • by installing a wormhole (cannot be prevented by cryptographic techniques alone) Securing Neighbor Discovery Georg-August University Göttingen 2

  3. What is a wormhole? a wormhole is an out-of-band connection, controlled by the adversary, between  two physical locations in the network – the adversary installs radio transceivers at both ends of the wormhole – it transfers packets (possibly selectively) received from the network at one end of the wormhole to the other end via the out-of-band connection, and re-injects the packets there into the network wormhole attack: the two wormhole ends (adversarial transceivers) WE1 and WE2 transmit (tunnel) the neighbor discovery messages heard in their radio rage to each other (possibly selectively)  result: A and B which are far away from each other will believe to be neighbors (because they actually hear each other through the wormhole) notes:  – adversary’s transceivers are not regular nodes (no node is compromised by the adversary) – adversary doesn’t need to understand what it tunnels (e.g., encrypted packets can also be tunneled through the wormhole) – it is easy to mount a wormhole and it may have devastating effects on routing Securing Neighbor Discovery Georg-August University Göttingen 3

  4. Effects of a wormhole at the data link layer: distorted network topology  y y y x x x (c) (b) (a) Neighbor relationships Shortest possible path from all other A set of nodes are randomly placed in between the nodes nodes to x the area; the gray disk: radio range of x y x y x y x (f) (e) (d) As the result of the wormhole attack x and The wormhole: black rectangles are Shortest possible path from all other nodes y become neighbors because the attacker the attacker’s transceivers to x after the attack happens: many nodes relays their neighbor discovery messages reach node x through the wormhole at the network layer:  – routing protocols may choose routes that contain wormhole links • typically those routes appear to be shorter • flooding based routing protocols (e.g., DSR, Ariadne) may not be able to discover other routes but only through the wormhole – adversary can then monitor traffic or drop packets (DoS) Securing Neighbor Discovery Georg-August University Göttingen 4

  5. Wormholes are not specific to ad hoc networks access control system: contactless gate equipped with smart card contactless smart card reader wormhole contactless smart card fast emulator connection smart card reader emulator user may be far away from the building Securing Neighbor Discovery Georg-August University Göttingen 5

  6. Classification of wormhole detection methods  centralized mechanisms – data collected from the local neighborhood of every node are sent to a central entity – based on the received data, a model of the entire network is constructed – the central entity tries to detect inconsistencies (potential indicators of wormholes) in this model – can be used in sensor networks, where the base station can play the role of the central entity  decentralized mechanisms – each node constructs a model of its own neighborhood using locally collected data – each node tries to detect inconsistencies on its own – advantage: no need for a central entity (fits well some applications) – disadvantage: nodes need to be more complex Securing Neighbor Discovery Georg-August University Göttingen 6

  7. Statistical wormhole detection in sensor networks  each node reports its list of believed neighbors to the base station  the base station reconstructs the connectivity graph (model)  a wormhole always increases the number of edges in the connectivity graph  this increase may change the properties of the connectivity graph in a detectable way  detection can be based on statistical hypothesis testing methods Securing Neighbor Discovery Georg-August University Göttingen 7

  8. Examples The gray bars show the expected number  of nodes with different node degrees 35 The black bars show the observed node  number of nodes 30 degrees in the experiment when there is a 25 wormhole 20 The black histogram shows there are  15 some nodes with an unexpectedly high 10 5 node degree. 0 (node degree: no. of neighbors of a node)  0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 node degree Securing Neighbor Discovery Georg-August University Göttingen 8

  9. Examples a wormhole is usually a shortcut that decreases the length of the shortest paths  in the network  distribution of the length of the shortest paths will be distorted  This experiment shows that when a wormhole is there the shorter paths are more likely than longer ones 5000 number of shortest paths 4500 4000 3500 3000 2500 2000 1500 1000 500 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 path length Securing Neighbor Discovery Georg-August University Göttingen 9

  10. Multi-dimensional scaling the nodes not only report their lists of neighbors, but they also estimate  (inaccurately) their distances to their neighbors connectivity information and estimated distances are input to a multi-  dimensional scaling (MDS) algorithm the MDS algorithm tries to determine the possible position of each node  in such a way that the constraints induced by the connectivity and the distance estimation data are respected – the algorithm has a certain level of freedom in “stretching” the nodes within the error bounds of the distance estimation let us suppose that an adversary installed a wormhole in the network  – if the estimated distances between the affected nodes are much larger than the nodes’ communication range, then the wormhole is detected – hence, the adversary must also falsify the distance estimation  distances between far-away nodes become smaller – this will result in a distortion in the virtual layout constructed by the MDS algorithm Securing Neighbor Discovery Georg-August University Göttingen 10

  11. Example 1 in 1D:  wormhole g f e d f g d e c a b c a b reconstructed virtual layout Real replacement of the nodes A virtual layout of the network is constructed based on the neighborhood information obtained by  the nodes. In the real connectivity graph:  the gray disk: the radio range of node b;  dashed lines: the neighborhood relationships of the nodes;  red line: a fake neighbor relationship created by the wormhole  In the virtual layout of the network constructed using MDS from the inaccurate distance  measurements of the neighboring nodes. B and f must be neighbors, so the distance between them should be smaller than the  communication range This makes it impossible to fit the nodes on a straight line which helps to detect the attack  (assuming that we know in advance that the nodes are located on a straight line). Securing Neighbor Discovery Georg-August University Göttingen 11

  12. Example 2 in 2D:  wormhole A virtual layout of the network is constructed based on the neighborhood information obtained by  the nodes. In the real connectivity graph:  Grid lines: the neighborhood relationships of the nodes;  red line: a fake neighbor relationship created by the wormhole  In the virtual layout of the network constructed using MDS from the inaccurate distance  measurements of the neighboring nodes. A and C must be neighbors, so the distance between them should be smaller than the  communication range --- > MDS brings them together This makes it impossible to fit the nodes on a flat surface which helps to detect the attack.  Securing Neighbor Discovery Georg-August University Göttingen 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing IPv6 neighbor discovery and SLAAC in access networks through SDN Daniel Nelle,

Securing IPv6 neighbor discovery and SLAAC in access networks through SDN Daniel Nelle,

Securing IPv6 neighbor discovery and SLAAC in access networks through SDN Daniel Nelle, dnelle@uni-potsdam.de Thomas Scheffler, thomas.scheffler@htw-berlin.de ANRW 2019, Montreal, July 22nd 2019 Outline Security issues in ICMPv6 Stateless

663 views • 21 slides
Scaling IPv6 Neighbor Discovery Ben Mack-Crane ( ben.mackcrane@huawei.com ) Overview of Neighbor

Scaling IPv6 Neighbor Discovery Ben Mack-Crane ( ben.mackcrane@huawei.com ) Overview of Neighbor

Scaling IPv6 Neighbor Discovery Ben Mack-Crane ( ben.mackcrane@huawei.com ) Overview of Neighbor Discovery Protocol IPv6 nodes on the same LAN use Neighbor Discovery (RFC4861) to to find routers and discover link and network parameters,

310 views • 10 slides
On Optimal Neighbor Discovery Philipp H. Kindt philipp.kindt@tum.de SIGCOMM19, Beijing CH

On Optimal Neighbor Discovery Philipp H. Kindt philipp.kindt@tum.de SIGCOMM19, Beijing CH

On Optimal Neighbor Discovery Philipp H. Kindt philipp.kindt@tum.de SIGCOMM19, Beijing CH 918/5-1 - Slotless Neighbor Discovery Neighbor Discovery in MANETs Pairwise Groupwise Pairwise in Groups Realizing Neighbor Discovery

747 views • 19 slides
Improving Neighbor Discovery with Slot Index Improving Neighbor Discovery with Slot Index

Improving Neighbor Discovery with Slot Index Improving Neighbor Discovery with Slot Index

Improving Neighbor Discovery with Slot Index Improving Neighbor Discovery with Slot Index Synchronization Synchronization Shuaizhao Jin , Zixiao Wang , Wai Kay Leong , Ben Leong , Yabo Dong , Dongming Lu Zhejiang

712 views • 46 slides
Benchmarking Neighbor Discovery Problems Bill Cerveny March 12,

Benchmarking Neighbor Discovery Problems Bill Cerveny March 12,

Benchmarking Neighbor Discovery Problems Bill Cerveny March 12, 2013 History Suggested by Ron Bonica at IETF 85 BMWG meeKng Neighbor Discovery (ND)

284 views • 10 slides
IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
Panda: Neighbor Discovery on a Power Harvesting Budget Robert Margolies , Guy Grebla, Tingjun

Panda: Neighbor Discovery on a Power Harvesting Budget Robert Margolies , Guy Grebla, Tingjun

Panda: Neighbor Discovery on a Power Harvesting Budget Robert Margolies , Guy Grebla, Tingjun Chen, Dan Rubenstein, Gil Zussman The Internet of Tags Small energetically self-reliant tags Enabling technologies Energy harvesting with

278 views • 23 slides
CSCI 447/547 MACHINE LEARNING Outline Nearest Neighbor K-Nearest Neighbor Algorithm

CSCI 447/547 MACHINE LEARNING Outline Nearest Neighbor K-Nearest Neighbor Algorithm

Nearest Neighbor CSCI 447/547 MACHINE LEARNING Outline Nearest Neighbor K-Nearest Neighbor Algorithm Note: Slides were adapted from David Sontag, New York University (who adapted them from Vibhav Gogate, Carlos Questrin, Mehryar

200 views • 16 slides
Nearest Neighbor Classification Machine Learning 1 This lecture K-nearest neighbor

Nearest Neighbor Classification Machine Learning 1 This lecture K-nearest neighbor

Nearest Neighbor Classification Machine Learning 1 This lecture K-nearest neighbor classification The basic algorithm Different distance measures Some practical aspects Voronoi Diagrams and Decision Boundaries What is the

893 views • 57 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Learning From Data Lecture 16 Similarity and Nearest Neighbor Similarity Nearest Neighbor M.

Learning From Data Lecture 16 Similarity and Nearest Neighbor Similarity Nearest Neighbor M.

Learning From Data Lecture 16 Similarity and Nearest Neighbor Similarity Nearest Neighbor M. Magdon-Ismail CSCI 4100/6100 My 5-Year-Old Called It A ManoHorse The simplest method of learning that we know. Classify according to similar

331 views • 16 slides
Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

998 views • 67 slides
Example Im at work, neighbor John calls to say my alarm is ringing, but neighbor Mary doesnt

Example Im at work, neighbor John calls to say my alarm is ringing, but neighbor Mary doesnt

Example Im at work, neighbor John calls to say my alarm is ringing, but neighbor Mary doesnt call. Sometimes its set o ff by minor earthquakes. Is there a burglar? Variables: Burglar , Earthquake , Alarm , JohnCalls , MaryCalls Network

849 views • 55 slides
Proximity in the Age of Distraction: Robust Approximate Nearest Neighbor Search Sariel Har-Peled

Proximity in the Age of Distraction: Robust Approximate Nearest Neighbor Search Sariel Har-Peled

Proximity in the Age of Distraction: Robust Approximate Nearest Neighbor Search Sariel Har-Peled Sepideh Mahabadi UIUC MIT Nearest Neighbor Problem Nearest Neighbor Dataset of points in a metric space (, ) , e.g.

967 views • 81 slides
BAYES AND NEAREST NEIGHBOR BAYES AND NEAREST NEIGHBOR CLASSIFIERS CLASSIFIERS Matthieu R Bloch

BAYES AND NEAREST NEIGHBOR BAYES AND NEAREST NEIGHBOR CLASSIFIERS CLASSIFIERS Matthieu R Bloch

BAYES AND NEAREST NEIGHBOR BAYES AND NEAREST NEIGHBOR CLASSIFIERS CLASSIFIERS Matthieu R Bloch Tuesday, January 21, 2020 1 LOGISTICS LOGISTICS TAs and Office hours Monday: Mehrdad (TSRB 523a) - 2pm-3:15pm Tuesday: TJ (VL C449 Cubicle D) -

362 views • 12 slides
High-Dimensional Nearest Neighbor Search High-Dimensional Nearest Neighbor Search Who?

High-Dimensional Nearest Neighbor Search High-Dimensional Nearest Neighbor Search Who?

High-Dimensional Nearest Neighbor Search High-Dimensional Nearest Neighbor Search Who? About Cliqz and me What? Problem statement Why? Applications How? Exact solutions in low dimensions Approximate

690 views • 19 slides
We start with a simple remark about amplitudes The 1 1 amplitude in String Theory <latexit

We start with a simple remark about amplitudes The 1 1 amplitude in String Theory <latexit

We start with a simple remark about amplitudes The 1 1 amplitude in String Theory <latexit

760 views • 65 slides
Dude, where's my spaceship? Dude, where's my spaceship? Albert Einstein Albert Einstein Science

Dude, where's my spaceship? Dude, where's my spaceship? Albert Einstein Albert Einstein Science

Dude, where's my spaceship? Dude, where's my spaceship? Albert Einstein Albert Einstein Science Fiction Science Fiction Science Fiction Science Fiction Science Fiction Science Fiction Science Faction Science Faction c c 299,792,458

230 views • 22 slides
Regenesis and quantum traversable wormholes Ping Gao, Harvard University Outline 1. General

Regenesis and quantum traversable wormholes Ping Gao, Harvard University Outline 1. General

Regenesis and quantum traversable wormholes Ping Gao, Harvard University Outline 1. General introduction 2. Review of gravity side calculation of traversable wormholes 3. A dual CFT calculation: regenesis 4. Outlook Introduction What is a

451 views • 31 slides
Wormhole branch prediction using multi-dimensional histories Jorge Albericio, Joshua San Miguel ,

Wormhole branch prediction using multi-dimensional histories Jorge Albericio, Joshua San Miguel ,

Wormhole branch prediction using multi-dimensional histories Jorge Albericio, Joshua San Miguel , Natalie Enright Jerger, and Andreas Moshovos 2 Motivation foreach frame: foreach object: if distance( object , p ) < threshold: { /* do

1.12k views • 58 slides
A critical look at sensor network security A personal odyssey Naveen Sastry (nks@cs.berkeley.edu)

A critical look at sensor network security A personal odyssey Naveen Sastry (nks@cs.berkeley.edu)

A critical look at sensor network security A personal odyssey Naveen Sastry (nks@cs.berkeley.edu) November 17, 2005 Outline 1. Claim: conventional wisdom 2. Counter-claim: my view 3. Tools 4. Design example 5. The real worry 6. Recap &

580 views • 23 slides
On the Implementation Code of the Secure Mesh Routing Protocol PASER in OMNeT++: The Big Picture

On the Implementation Code of the Secure Mesh Routing Protocol PASER in OMNeT++: The Big Picture

International Workshop on OMNeT++ Code Contribution On the Implementation Code of the Secure Mesh Routing Protocol PASER in OMNeT++: The Big Picture Mohamad Sbeiti and Christian Wietfeld 05.03.2013 Faculty of Electrical and Computing

463 views • 7 slides
Counting Words: Type probabilities Population models Type-rich populations, samples, ZM &

Counting Words: Type probabilities Population models Type-rich populations, samples, ZM &

Populations & samples Baroni & Evert The population Counting Words: Type probabilities Population models Type-rich populations, samples, ZM & fZM Sampling from and statistical models the population Random samples Expectation

1.42k views • 110 slides
Gravitational Collapse in SD Andrea Napoletano Sapienza Universit` a di Roma In collaboration

Gravitational Collapse in SD Andrea Napoletano Sapienza Universit` a di Roma In collaboration

SD@Convergence Workshop Gravitational Collapse in SD Andrea Napoletano Sapienza Universit` a di Roma In collaboration with: Flavio Mercati Henrique Gomes Tim Koslowski Isotropic Wormhole Solution 2 1 1 + 4 ds 2 =

747 views • 25 slides

More recommend