Wireless Ad Hoc & Sensor Networks Wireless Ad Hoc & Sensor - - PowerPoint PPT Presentation

Wireless Ad Hoc & Sensor Networks Wireless Ad Hoc & Sensor Networks

• Security

WS 2010/2011 WS 2010/2011

• Prof. Dr. Dieter Hogrefe
• Dr. Omar Alfandi

Outline

• Introduction
• Security challenges in Ad Hoc Networks

y g

• Threats and Attacks
• Security Solutions

Security Solutions

– Cryptography Schemes and Key Management

• Cryptography functions

yp g p y

• Key management approaches
• Key management in Ad Hoc Networks

– Routing Protocols Security – Soft security mechanisms

S

• Summary

2

What is Security in Wireless Ad Hoc Networks (1/2)

• Confidentiality

– Protection of confidential information from unauthorized user

v

Integrity Authentication

from unauthorized user

• Integrity

– Guarantee that information being

v

Confidentiality

g transferred (IP Headers, Source Route) is not tampered

• Spread spectrum digest checksums

Privacy Accessibility

• Spread spectrum, digest, checksums

and encryption

• Availability

– Ensure the survivability of the network services despite of various attacks

• Access control mechanisms

3

What is Security in Wireless Ad Hoc Networks (2/2)

• Non-repudiation

– Ensure that the originator of communications can’t deny it later

v

Integrity Authentication

communications can t deny it later

• Authenticity

– Verify and validate the identity claimed

Confidentiality A ibilit

y y by a node

• Cryptographic schemes : digital

signature, certificates,…

Privacy Accessibility

signature, certificates,…

• Privacy

– Prevent not authorized disclosure of location of nodes, topology of network and traffic

• usually accomplished by encryption

y p y yp

4

Outline

• Introduction
• Security challenges in Ad Hoc Networks

y g

• Threats and Attacks
• Security Solutions

Security Solutions

– Cryptography Schemes and Key Management

• Cryptography functions

yp g p y

• Key management approaches
• Key management in Ad Hoc Networks

– Routing Protocols Security – Soft security mechanisms

S

• Summary

5

Security Challenges in Ad Hoc Networks

• Shared broadcast radio channel
• Insecure operational environment

Insecure operational environment

• Lack of central authority
• Lack of association

Lack of association

• Limited resource availability
• Physical vulnerability
• Physical vulnerability
• Security in Ad Hoc networks is an

y essential component for basic network functions like packet forwarding and routing forwarding and routing

6

Outline

• Introduction
• Security challenges in Ad Hoc Networks

y g

• Threats and Attacks
• Security Solutions

Security Solutions

– Cryptography Schemes and Key Management

• Cryptography functions

yp g p y

• Key management approaches
• Key management in Ad Hoc Networks

– Routing Protocols Security – Soft security mechanisms

S

• Summary

7

Threats and Attacks

• Major Attacks Classification

– Passive attacks Misbehaving node obtains exchanged data or learns important information by monitoring and listening without disrupting the

• peration of the communication. e.g.:

p g

• Selfish node that does not forwarding packets of other nodes in
• rder to save energy, but expect others to forward its packet!

– Active attacks involves information interruption or modification and therefore disrupting the normal functionality of the Ad hoc Networks e.g.:

• Malicious node that aims at damaging the communication and

finally the whole network y

8

Threats and Attacks

• Another Attacks Classification

– External: attacks are carried on by nodes outside of the network – Internal: attacks are carried on by nodes inside the network attacks are carried on by nodes inside the network

• Internal attacks are more severe than external attacks,

Internal attacks are more severe than external attacks, since insider:

– Has privileged access rights – Knows valuable and secret information

9

Threats and Attacks

Att k di t t l t k Attacks according to protocol stack:

10

Physical Layer Attacks

• Eavesdropping:

– Signals broadcast over airwaves can be easily intercepted with i t d t th f receivers tuned to the proper frequency.

• Jamming:

malicious powerful transmitter sends random noise and as – malicious powerful transmitter sends random noise and as useless signals making other nodes unable to communicate.

• Impersonating:

p g

– fake messages and routing information can be injected into network.

11

Network Layer Attacks

Wormhole attack

• An attacker may directly send

Route Request packets to

S11 S8 S4 S1

Route Request packets to their destination through the wormhole.

• When neighbors of the

S12 S13 S S S6 S5 S S2 S9

• When neighbors of the

destination node hear the request, they will forward it and discard all other Route

S10 S7 S3

and discard all other Route Request packets from that node.

• The result of this is that no
• The result of this is that no
• ther paths except those

through the wormhole can be found found.

12

Network Layer Attacks

Blackhole attacks

• An attacker advertises itself as having good paths (e.g.

shortest path) to destination

• It causes all nodes around it to route packets towards it
• Then it discards all the packets it is asked to forward

Intention of the attacker

• Hindering the path-finding
• Intercepting all data packets

13

Network Layer Attacks

• Byzantine attack

– Attackers perform creating routing loops, forwarding packets th h ti l th l ti l d i k t through non-optimal paths, or selectively dropping packets

• Information disclosure

Attacker may leak confidential or important information such as – Attacker may leak confidential or important information such as information about network topology, nodes location or optimal route to unauthorized node

• Resource consumption

– An attacker can attempt to consume battery life by unnecessary request for route or by forwarding unnecessary packets to the request for route, or by forwarding unnecessary packets to the victim node

14

Network Layer Attacks (Routing Attacks)

• Routing messages flooding attack:

– Hello flooding, RREQ flooding, Ack flooding, …

• Routing table overflow attack:

– An attacker can simply send excessive route advertisements to

• verflow the victim’s routing table (Proactive Routing Algorithms)
• verflow the victim s routing table.(Proactive Routing Algorithms)
• Routing cache poisoning attack:

– An attacker could broadcast spoofed packets with source route An attacker could broadcast spoofed packets with source route to X via itself; thus, neighboring nodes that overhear the packet may add the route to their route caches.

• Packet replication:

– Adversary replicates stable packet . This consume additional bandwidth and battery power and cause confusion in routing bandwidth and battery power and cause confusion in routing process.

15

Network Layer Attacks (Routing Attacks)

Rushing attack

• attacker form a wormhole.
• the tunneled packets can propagate faster.
• rushing can act as an effective DoS against on-Demand

Routing Protocols.

D M S

16

Transport Layer Attacks

Session hijacking:

• Adversary takes control over a session between two

nodes:

– attacker spoofs the victim’s IP address d t i th t b th t i t d b – determines the correct sequence number that is expected by the target – then performs a DoS attack on the victim p – thus the attacker impersonates the victim node and continues the session with the target

Assumed route

A B

Actual route Attacker 17

Multilayer Attacks

• That could occur in any layer of the protocol stack:

– Denial of service (DoS): an adversary attempts to prevent th i d f i th i authorized users from accessing the service

• Jamming: malicious powerful transmitter sends random noise and

as useless signals making other nodes unable to communicate

• SYN flooding: an adversary send a large number of SYN packets to

a victim node

• Distributed DoS attack: several adversaries attack a service at the

same time

– Impersonation: adversary pretends to be another node Device tampering: mobile device get damaged or stolen easily – Device tampering: mobile device get damaged or stolen easily

• Application layer attack: Repudiation: Denial of

participation in all or part of communications participation in all or part of communications Outline

• Introduction
• Security challenges in MANETs

y g

• Threats and Attacks
• Security Solutions

Security Solutions

– Cryptography Schemes and Key Management

• Cryptography functions

yp g p y

• Key management approaches
• Key management in Ad Hoc Networks

– Routing Protocols Security – Soft security mechanisms

S

• Summary

19

Security Solutions

• Security is not a single layer issue but, it is a

Multi-Layer/ Cross-Layer issue

• To have comprehensive security, major solutions are:

– Cryptography Schemes and Key Management – Routing Protocols Security Soft security mechanisms – Soft security mechanisms

20

Outline

• Introduction
• Security challenges in Ad Hoc Networks

y g

• Threats and Attacks
• Security Solutions

Security Solutions

– Cryptography Schemes and Key Management

• Cryptography functions

yp g p y

• Key management approaches
• Key management in Ad Hoc Networks

– Routing Protocols Security – Soft security mechanisms

S

• Summary

21

Cryptography Schemes and Key Management

• Four main goals of cryptography

– Confidentiality – Authentication – Integrity Non Repudiation – Non-Repudiation

• The purpose of cryptography is to take the original

information (plaintext) and encrypt it into (ciphertext) in information (plaintext) and encrypt it into (ciphertext) in such a way that only authorized people know how to decrypt and convert it back to the plain text.

22

Cryptography Schemes and Key Management

• Encryption (E) and Decryption (D) is governed by the

Keys which are small amount of information used by the t hi l ith cryptographic algorithms

• Two major kinds of cryptography algorithms

S t i ( i t k ) t i l k f ti – Symmetric (private-key) system: use a single key for encryption and decryption

• Requires the sender and receiver share the secret key
• Fast

– Asymmetric (public-key) system: use different key for encryption and decryption of which one is private and the other public and decryption, of which one is private and the other public.

• based on mathematical principles it is impossible to obtain one

key from another

23

Outline

• Introduction
• Security challenges in Ad Hoc Networks

y g

• Threats and Attacks
• Security Solutions

Security Solutions

– Cryptography Schemes and Key Management

• Cryptography functions

yp g p y

• Key management approaches
• Key management in Ad Hoc Networks

– Routing Protocols Security – Soft security mechanisms

S

• Summary

24

Cryptography Functions

• Cryptography functions

– Secrete key (symmetric cryptography, e.g. DES) – Public key (asymmetric cryptography, e.g. RSA) – Hashing system (one-way function – massage digest, e.g. MD5)

• only encrypt data and produce a fixed-length digest There is no
• only encrypt data and produce a fixed-length digest. There is no

decryption; only comparison is possible.

25

Symmetric Key Algorithms

• Two kinds of Symmetric key algorithms

– Block cipher (e.g. substitution and transposition) Stream cipher (e g Vernam cipher) – Stream cipher (e.g. Vernam cipher)

• Example of substitution and transposition

Original Alphabet : A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Original Alphabet : A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Substitution: E F G H I J K L M N O P Q R S T U V W X Y Z A B C D Plaintext : EVERY DAY CREATES A HISTORY Block Plaintext: EVERY DAYCR EATES AHIST ORY Ciphertext: IZIVC HECGV IEXIW ELMWX SVC Transposition: 1 2 3 4 5 3 5 1 4 2 Ciphertext: EYERV YRDCA TSEEA ITASH YOR

26

Symmetric Key Algorithms

• Example of Vernam cipher

– Key has the same length as the plaintext – Encrypted stream is given by XOR of the plaintext and key – Decryption is by XOR of the cipher with the same key

27

Asymmetric Key Algorithms

• Asymmetric key or public key algorithm

– Each node has a public/private key pair (K,k) for encryption and d ti decryption

• Public key is distributed to every node but private key are known as

secrete and are not shared

• The keys are related mathematically, but the private key cannot be

practically derived from the public key.

– Sender encrypts the message with the receiver's public key: c = E (Ks , m) – Only the receiver can decrypt the cipher text with its own private key: d = D (ks , E(Ks ,m)) = m

28

Asymmetric Key Algorithms

• Two main schemes based on public key encryption:

– Public Key Infrastructure (PKI): used to ensure confidentiality

• a message encrypted with a recipient's public key cannot be

decrypted by anyone except the recipient possessing the corresponding private key

– Digital signature : used to ensure authenticity

• a message signed with a sender's private key can be verified by

a message signed with a sender s private key can be verified by anyone who has access to the sender's public key, thereby proving that the sender signed it and that the message has not been tampered with. tampered with.

29

Asymmetric Key Algorithms

• How can prove that a public key is authentic?

– Certificate Authority (CA), as Trusted Third Party (TTP)

• Create certificates (bind nodes’ ID and public key)
• Sign certificate using its private key (k)
• Store certificates
• Distribute certificates
• Its public key (K) is known to every node

Users verify certificates with CA’s public key

• Users verify certificates with CA’s public key

CA

Public/private pair (K,k)

(KA,kA) (KB,kB) (KC,kC)

30

Outline

• Introduction
• Security challenges in Ad Hoc Networks

y g

• Threats and Attacks
• Security Solutions

Security Solutions

– Cryptography Schemes and Key Management

• Cryptography functions

yp g p y

• Key management approaches
• Key management in Ad Hoc Networks

– Routing Protocols Security – Soft security mechanisms

S

• Summary

31

Key Management Approaches

• Key management

– The secure administration of cryptographic keys – Its primary goal is to share a secret (Keys) among a specified set

• f participants
• Main approaches

– Key pre-distribution – Public Key

• Key transport
• Key agreement

Key agreement

– Key distribution center (KDC)

32

Key Pre-distribution

• Key pre-distribution involves

– Distributing keys to all existing nodes before the start of i ti b ll i t ll d h communication by manually installed on each peer. – Much less communication and computation

• Disadvantages

– All participant must be known during the initial configuration All participant must be known during the initial configuration – No mechanism to include new members in the group or to change the key

33

Key Transport

• In key transport, one of the communicating entities

generates key and transports them to the others.

• Key transport methods:

– With prior shared key (Key Encrypting Key (KEK))

It i d th t i h d k l d i t th

• It is assumed that a prior shared key already exists among the

participating nodes.

• This prior shared key is used to encrypt a new key and transmitted

t ll di d to all corresponding nodes.

• But, the existence of prior shared key can not always assumed.
• In the existence of PKI and TTP, key can encrypted with each

y y node’s public key and transport to it.

– Without prior shared key (Shamir’s three-pass protocol)

34

Shamir’s Three-pass Protocol

• Shamir’s three-pass scheme

– Is based on commutative encryption for any message m – for any encryption/decryption key pair e/d with any independent encryption key k: D(d,E(k,E(e,m))) = E(k,m)

A generates (e,d) B generates (k,s) E (e,m)

A adds lock B adds lock

E(k E (e m)) E(k,E (e,m)) E(e,E (k,m))

A removes lock

E(k )

A removes lock B removes lock

E(k,m)

35

Key Agreement

• Key agreement schemes:

– Used for agree upon a secret key among two or more parties E h ti t ib t t t th t k – Each parties contribute a part to the secret key

• Most popular example: Diffie-Hellman exchange

a , g, p b g, p, A A chooses secret: a B chooses secret: b A = ga mod p K = Ba mod p B = gb mod p K = Ab mod p B secret: a secret: b K = Ab mod p = (ga mod p)b mod p = gab mod p =(gb mod p)a mod p = Ba mod p K: shared secret key K = A mod p = (g mod p) mod p = g mod p =(g mod p) mod p = B mod p

36

Key Distribution Center (KDC)

• KDC is a central center to create and distribute key

among all participants.

KDC

– It should be trusted by all members – It must have a relationship with all peers The initiator exchange with the KDC is based on:

KDC

– The initiator exchange with the KDC is based on:

• Pre-shared secrete value (like a password)
• Public key cryptography
• Disadvantages

– Single point of failure – Should be powered on at all times to be accessible to all nodes

• Not suitable for ad-hoc network

37

Outline

• Introduction
• Security challenges in Ad Hoc Networks

y g

• Threats and Attacks
• Security Solutions

Security Solutions

– Cryptography Schemes and Key Management

• Cryptography functions

yp g p y

• Key management approaches
• Key management in Ad Hoc Networks

– Routing Protocols Security – Soft security mechanisms

S

• Summary

38

Key Management in Ad Hoc Networks

Three key management model in Ad Hoc Networks:

• Password-Based Group System
• Distributed Certificate Authority (Threshold

Cryptography) Cryptography)

• Self-organized Public Key Management

39

Password-Based Group System

• Based on the network infrastructure

– Such as dedicated routers and stable links

E l i ti

• Example scenario: meeting room

– All device in a room can be the part

• f the secure session

– A prior shared secrete can be obtained by physically more secured medium, like ired net ork wired network – Parties are identified based on their location – Relative location is used as criterion for access control – With TTP which knows the location of the participants then it will be location-based access control

40

Distributed Certificate Authority

Threshold Cryptography (1/3)

• One security schemes that protects the routing

information and data traffic is based on:

– Public key cryptography

E h d h bli / i t k i

• Each node has public/private key pair
• Public key is distributed to every node that needs it
• Private key are known as secrete and are not shared
• Key management models in public key cryptography :

– Centralized Certificate Authority (CA)

• Centralized CA is not suitable for MANETs

– Should be powered on at all times to be accessible to all nodes – Single point of failure

– Distributed Certificate Authority

41

Distributed Certificate Authority

Threshold Cryptography (2/3)

• Distributed CA

– More than one CA jointly manage the key management – Whole trusted service has a public/private key pair K/k All d k K d t t tifi t i d ith k – All nodes know K, and trust certificates signed with k – k is divided and distributed to n CAs

k s s s s      ...

3 2 1

k s s s s

n

    ...

3 2 1

CA

K1/k1 K2/k2

CA CA

K3/k3

CA

Kn/kn

42

Distributed Certificate Authority

Threshold Cryptography (3/3)

• Threshold cryptography scheme: (t, n)

– Allows n parties to share the ability to perform the cryptography

• peration like creating a digital signature

An s bset of t shares does not leak an information on

• Any subset of t shares does not leak any information on

the secret

• To create a signature at least t out of n CA need to
• To create a signature at least t out of n CA need to

combine their knowledge

• The correctness of the signature is verifiable with K

The correctness of the signature is verifiable with K

43

Example of Threshold Cryptography

• Threshold cryptography scheme (2,3)

S1

CA

K1/k1 K2/k2

PS(m,S1) PS( S ) k S2 S3

CA 2 2 CA

K3/k3

Combiner PS(m,S2) PS(m,S3) x (m)k

• PS is a partial signature of message m with CA using its

( ,

3)

p g g g share Si

44

Self-Organized Public Key Management

It is a chain of certificate based on Pretty Good Privacy (PGP):

• Self-Organized, scalable solution
• No trusted third party required
• All users create their own public/private key pair
• Create, store and distributed their own public key

certificates

• Sign certificates of other nodes they trust
• Construct local certificate repositories

45

Self-Organized Public Key Management

• In certificate graph:

– Vertices: public key of nodes – Edges: public key certificates

• If X wants to get the certificate of the Y it finds the valid

chain of certificates leading to Y chain of certificates leading to Y

X 1 2 Y 3 X 2 Certificates issued by X Certificates issued to Y intermediate nodes are trusted by the y pervious certificate

46

Self-Organized Public Key Management

47

Outline

• Introduction
• Security challenges in Ad Hoc Networks

y g

• Threats and Attacks
• Security Solutions

Security Solutions

– Cryptography Schemes and Key Management

• Cryptography functions

yp g p y

• Key management approaches
• Key management in Ad Hoc Networks

– Routing Protocols Security – Soft security mechanisms

S

• Summary

48

Routing Protocols Security

Why we need Routing Protocols Security ? Protocols were designed by assuming and expecting assuming and expecting (not enforced) that all nodes are cooperative .They are having inherent shortcomings that leads to the malicious activities activities.

49

Requirements of Secure Routing Protocol for MANETs

• Detection of malicious nodes

– Protocol should detect malicious nodes and avoid the participate f th i ti d h th ith t h d

• f them in routing process and choose paths without such nodes
• Guarantee of correct route discovery

If there exist a route between source and destination protocol – If there exist a route between source and destination, protocol should be able to find it and ensure the correctness of the route

• Confidentiality of network topology

y p gy

– By discovery the network topology and traffic pattern of the network via attackers, active node will be found and DoS may happened Protocol should be able to prevent it

• happened. Protocol should be able to prevent it
• Stability against attacks

– Protocol should work properly even if there exist malicious nodes Protocol should work properly even if there exist malicious nodes

50

Examples of Secure Routing Protocols

Some proposed secure routing Protocols against different attacks:

Protocol Attack ARAN (Authenticated Routing for Ad Hoc Networks) Impersonation SAODV (Secure Ad-hoc On- SAODV (Secure Ad hoc On Demand Distance Vector) Blackhole SMT (Secure data Transmission in M bil d h k) Location disclosure Mobile ad-hoc network) Location disclosure SEAD (Secure Efficient Ad-hoc Distance Vector Routing Protocol) Denial of Service Distance Vector Routing Protocol)

51

Outline

• Introduction
• Security challenges in Ad Hoc Networks

y g

• Threats and Attacks
• Security Solutions

Security Solutions

– Cryptography Schemes and Key Management

• Cryptography functions

yp g p y

• Key management approaches
• Key management in Ad Hoc Networks

– Routing Protocols Security – Soft security mechanisms

S

• Summary

52

Soft security mechanisms

Challenges:

• Applying trust and reputation in Ad Hoc Networks
• Ensuring data is routed through a secure route

composed of trusted nodes

Secure route Secure route

D

Sh t t t

S

Shortest route

53

Security-Aware Routing Protocol (SAR)

• SAR - Approach

– Use different security attributes to improve the quality of the security of an ad-hoc route – Incorporate security levels of nodes into traditional routing metrics metrics

• Goal

– Quantify the notion of trust and reputation – Quantify the notion of trust and reputation – Represent trust relationships – Integrate the trust value of a node and the security Integrate the trust value of a node and the security attributes of a route to provide an “integrated security metric”

54

Outline

• Introduction
• Security challenges in Ad Hoc Networks

y g

• Threats and Attacks
• Security Solutions

Security Solutions

– Cryptography Schemes and Key Management

• Cryptography functions

yp g p y

• Key management approaches
• Key management in Ad Hoc Networks

– Routing Protocols Security – Soft security mechanisms

S

• Summary

55

Summary

• Mobile ad-hoc networks, due to their characteristic are highly

vulnerable to security attacks Th diff t l ifi ti f tt k l b d

• There are different classification of attacks also based on

protocol stacks

• Security in Ad Hoc Networks is an essential component for
• Security in Ad Hoc Networks is an essential component for

basic network functions like packet forwarding and routing

• Security solution:

y

– cryptography schemes and key management which mainly used for authentication, integrity, confidentiality and non-repudiation

• symmetric key asymmetric key hashing system
• symmetric key, asymmetric key, hashing system
• Key management approaches in general are based on, key pre-

distribution, public key consist of (key transport and key agreement) and Ke distrib tion center (KDC) and Key distribution center (KDC)

56

Summary

• Key management in Ad Hoc Networks are mainly based on

threshold cryptography and self-organized public key management

– routing protocols security which provided for defending against routing attacks – trust management and reputation systems as soft security mechanism that is unavoidable in cooperative environments

57