Wireless Network Security Spring 2011

Transcription

1 Wireless Network Security Spring 2011 Patrick Tague Jan 18, 2011 Class #3 Wireless vulnerabilities and threats

2 Announcement: Agenda 6 remaining survey slots, 12 students yet to sign up Vulnerabilities, threats, and challenges Inherent wireless challenges Managing misbehavior Trust Securing wireless services

3 Wireless Challenges Wireless medium and networks using it face many unique challenges not relevant in wired Wireless medium is open, broadcast Devices ( nodes ) can be mobile Physically mobile, logically mobile Wireless but plugged in? Design for battery-power Imposes resource constraints across layers Increasingly decentralized

4 Broadcast Environment Anyone can talk, anyone nearby can listen We can control connectivity in wired networks, but not in wireless

5 Network Dynamics Wireless medium is constantly changing (fading) Nodes are free to move around Physical node mobility Logical mobility associating with different networks at different times Loads/demands are dynamic Constant bit-rate (CBR) traffic is rare

6 Resource Constraints Wireless devices are ideally battery-powered (otherwise, why go wireless) Debate: how to balance the trade-off between security, performance, and efficiency? Smaller devices are also limited in computation, storage, communication, etc. Lots of devices on the market have 8-bit processors Storage is cheap and compact, but still limited Short range comms with limited capabilities

7 Decentralization Systems are becoming less and less centralized Control is moving out to end nodes, away from large servers Ex: APs and mesh gateways act as local servers, provide access to cloud, but do not rely on it Creates competition among independent systems Think of how many WiFi APs you've seen at once...

8 Ex: Key Management Key management includes group formation, group enrollment, key establishment, key distribution, key revocation, key update, and group dis-enrollment Challenging? In addition to guarantees on algorithms and keys themselves, need to ensure practicality/efficiency in mobile wireless networks More next time...

9 Agenda Vulnerabilities, threats, and challenges Inherent wireless challenges Managing misbehavior Trust Securing wireless services

10 Misbehavior Misbehavior is any operation that goes against explicit or implicit protocol requirements, goals, or directions Malicious, selfish, curious, or accidental Possible at any layer of the protocol stack Targeted misbehavior aims to degrade or interfere with operations of a particular protocol or interaction Timed/scheduled interference or situational behavior

11 Physical Layer Misbehavior Open, shared medium is vulnerable Anyone can talk greedy or malicious nodes can easily interfere Prevention/degradation of communication via jamming Cutting off available resources influences network control, operation, and performance Anyone can listen curious or malicious nodes can easily eavesdrop on communication Recovery of information exchanged by neighbors (violation of data, identity, operation/intention privacy) Inference/learning, tracking, observing

12 MAC Layer Misbehavior MAC is all about timing: when should you talk Selfish and malicious nodes are free to transmit whenever they desire Selfish nodes can transmit early, while others follow protocols and wait politely Malicious nodes can use well-timed transmissions to intentionally interfere with MAC operation and/or reception Malicious nodes can initiate channel reservations and then not use them, denying availability to others

13 MAC

14 Routing Misbehavior In distributed multi-hop routing, relays control route establishment, use, and management Selfish relays can refuse route establishment Malicious relays can attract routes (to get access to data), stretch routes (to waste resources), terminate routes (to deny service), or otherwise modify routes Once routes are established, relays can misbehave in forwarding (dropping/inserting/modifying packets, incorrect forwarding), data access (reading/copying packet contents), or mgmt (breaking the route)

15 Transport Misbehavior Selfish or malicious routers can interfere with end-to-end traffic characteristics Ex: duplicate, drop, or delay packets to trigger transport-layer retransmission Waste source and relay energy Degrade throughput Delay traffic (degrade QoS) Ex: modify traffic behaviors so transport-layer retransmission parameters are artificially inflated RTT inflation causes future retransmission delays (throughput and QoS degradation)

16 Agenda Vulnerabilities, threats, and challenges Inherent wireless challenges Managing misbehavior Trust Securing wireless services

17 Trust In cooperative/collaborative environments (shared comm medium, multi-hop routing, etc.), nodes can establish trust relationships Trust mechanisms can replace centralized notions of authority and control Instead of having an authority revoke misbehaving nodes, others can just stop interacting with them Key management Trust management Trust can be based on i) cryptographic models, ii) observed behavior, iii) third-party reputation

18 Reputation Many distributed protocols rely on reputation systems for trust management Each entity Y collects task-, time-, and eventspecific trust values about an entity X from multiple recommenders Z 1,...,Z n Y computes its own trust value about X using recommendations and its trust in Z i s recs Trust and reputation systems themselves are subject to misbehavior and attacks

19 Agenda Vulnerabilities, threats, and challenges Inherent wireless challenges Managing misbehavior Trust Securing wireless services

20 Securing Wireless Services In addition to securing data communication and providing robust protocol operation, services used by wireless networks themselves are subject to misbehavior and attack Any time- or location- stamping services are subject to synchronization and localization misbehavior In-network interactions can reveal sensitive information via headers privacy violation Communication implies relationship, i.e. if x sends to y, then x and y are in some way related anonymity may be required to hide relationships

21 Next time... Information security in broadcast environments Broadcast authentication and encryption Key establishment/management A few attacks