An overview of Trust, Naming and Addressing and Establishment of - PowerPoint PPT Presentation

An overview of Trust, Naming and Addressing and Establishment of security associations trust assumptions; • attacker models; • naming and addressing; • key establishment in • sensor networks; key establishment in ad • hoc networks exploiting  physical contact  node mobility  vicinity Security and Cooperation in Wireless Networks Georg-August University Göttingen

Trust Trust: The belief that another party will behave according to a set of well-  established rules and thus meet one’s expectations. The trust model of current wireless networks is rather simple  – subscriber – service provider model – subscribers trust the service provider for providing the service, charging correctly, and not misusing transactional data – service providers usually do not trust subscribers, and use security measures to prevent or detect fraud In the upcoming wireless networks the trust model will be much more complex  – entities play multiple roles (users can become service providers) – number of service providers will dramatically increase – user – service provider relationships will become transient – how to build up trust in such a volatile and dynamic environment? Georg-August University Göttingen 1 Trust, Naming and Addressing and Establishment of security associations

Reasons to trust organizations and individuals Moral values  – Culture + education, fear of bad reputation Experience about a given party  – Based on previous interactions Rule enforcement organization  – E.g. police or spectrum regulator Usual behavior  – Based on statistical observation Rule enforcement mechanisms  – Prevent malicious behavior by appropriate security mechanisms and encourage cooperative behavior – It is much easier to encrypt the communication than to deploy police force everywhere to check that no one is eavesdropping Georg-August University Göttingen 2 Trust, Naming and Addressing and Establishment of security associations

Trust vs. security and cooperation  trust pre-exists security – all security mechanisms require some level of trust in various components of the system – E.g. if I trust that my computer is not compromised and the security mechanisms I am using is not (yet) broken --> then I can do my online transactions with the legitimate belief of not being defrauded.  cooperation reinforces trust – trust is about the ability to predict the behavior of another party – I see the other party’s cooperative behavior --> so I would believe that she will continue being cooperative --> this encourages me to be cooperative --> she will trust in me Georg-August University Göttingen 3 Trust, Naming and Addressing and Establishment of security associations

Misbehaviors: Malice and selfishness Malice: willingness to do harm no matter what  Selfishness: overuse of common resources (network, radio spectrum,  etc.) for one’s own benefit A misbehavior consists in deliberately departing from the prescribed  behavior in order to reach a specific goal A misbehavior is selfish (or greedy, or strategic) if it aims at obtaining an  advantage that can be quantitatively expressed in the units (bitrate, joules, or coverage) or in a related incentive system (e.g., micropayments); any other misbehavior is considered to be malicious.  traditionally, security is concerned only with malice  but in the future, malice and selfishness must be considered jointly if we want to seriously protect wireless networks Georg-August University Göttingen 4 Trust, Naming and Addressing and Establishment of security associations

Who is malicious? Who is selfish?  Examples of malice and selfish behavior: • A technique aiming at increasing one’s share of the bandwidth (in general at the expense of other users) is selfish. • An attack aiming at obtaining information about another user of the network is malicious. • The attack aiming at dropping another node’s packets in order to save own power is selfish. Security mechanisms: to thwart malicious behavior Game theory: to model and prevent selfish behavior There is no watertight boundary between malice and selfishness  Both security and game theory approaches can be useful Georg-August University Göttingen 5 Trust, Naming and Addressing and Establishment of security associations

Naming and Addressing naming and addressing are fundamental for networking  – notably, routing protocols need addresses to route packets – services need names in order to be identifiable, discoverable, and useable attacks against naming and addressing  – address stealing • adversary starts using an address already assigned to and used by a legitimate node – Sybil attack • a single adversarial node uses several invented addresses • makes legitimate nodes believe that there are many other nodes around – node replication attack • dual of the Sybil attack • the adversary introduces replicas of a single compromised node using the same address at different locations of the network Georg-August University Göttingen 6 Trust, Naming and Addressing and Establishment of security associations

Illustration of the Sybil and node replication attacks Z Y D C B Sybil nodes A X E I C F A X G X B D H J replicated nodes Georg-August University Göttingen 7 Trust, Naming and Addressing and Establishment of security associations

Cryptographically Generated Addresses (CGA)  aims at preventing address stealing  general idea: – generate node address from a public key – corresponding private key is known only by the legitimate node – prove ownership of the address by proving knowledge of the private key  example in case of IPv6: Georg-August University Göttingen 8 Trust, Naming and Addressing and Establishment of security associations

Thwarting the Sybil attack  note that CGAs do prevent an attacker from stealing or spoofing an address already chosen by another node  CGAs do not prevent the Sybil attack – an adversary can still generate addresses for herself  a solution based on a central and trusted authority – the central authority vouches for the one-to-one mapping between an address and a device – e.g., a server can respond to requests concerning the legitimacy of a given address  other solutions take advantage of some physical aspects – e.g., identify the same device (when it is using a new fake address) based on radio fingerprinting or using geographic location Georg-August University Göttingen 9 Trust, Naming and Addressing and Establishment of security associations

Thwarting the node replication attack (1/2)  a centralized solution – each node reports its neighbors’ claimed locations to a central authority (e.g., the base station in sensor networks) – the central authority detects if the same address appears at two different locations – assumes location awareness of the nodes A D E A @ (x2, y2) A base C station A @ (x1, y1) B Georg-August University Göttingen 10 Trust, Naming and Addressing and Establishment of security associations

Thwarting the node replication attack (2/2)  a decentralized variant – neighbors’ claimed location is forwarded to witnesses – witnesses are randomly selected nodes of the network – if a witness detects the same address appearing at two different locations then it broadcast this information and the replicated nodes are revoked Georg-August University Göttingen 11 Trust, Naming and Addressing and Establishment of security associations

Analysis of the decentralized variant total number of nodes in the network is n  average number of neighbors is d (network degree)  A broadcasts its location to its neighbors  each neighbor of A forwards A’s location claim with probability p to g  randomly selected witnesses average number of witnesses receiving A’s location claim is p.d.g  Assume the attacker inserts L replicas of node A  The probability that p.d.g recipients of claim l1 do not receive any of the  p.d.g copies of claim l2 is: P nc1 =(1-(p.d.g)/n) (p.d.g) The probability that the 2 p*d*g recipients of claims l1 and l2 do not  receive any of the p.d.g copies of claim l3 is: P nc2 =(1-(2p.d.g)/n) (p.d.g) In the same way, the probability of no collisions is:  P nc = П (1-(i.p.d.g)/n) (p.d.g) (1 <= i <= (L-1)) Using (1+x)<=e^x we have: P nc <=exp( - L(L-1)(p.d.g) 2 / 2n) Georg-August University Göttingen 12 Trust, Naming and Addressing and Establishment of security associations

Analysis of the decentralized variant  then for the probability of detection: (1- P nc =)P det > 1 – exp( - L(L-1)(p.d.g) 2 / 2n)  numerical example: n = 10000, d = 20, g = 100, p = 0.5 L = 2  P det ~ 0.63 L = 3  P det ~ 0.95 Georg-August University Göttingen 13 Trust, Naming and Addressing and Establishment of security associations

Establishment of security associations: Outline Key establishment in sensor networks Exploiting physical contact Exploiting mobility Exploiting the properties of vicinity and of the radio link Georg-August University Göttingen 14 Trust, Naming and Addressing and Establishment of security associations