Wireless Network Security Spring 2015

Similar documents
Wireless Network Security Spring 2016

Wireless Network Security Spring 2011

Wireless Network Security Spring 2013

Wireless Network Security Spring 2011

Wireless Network Security Spring 2011

Wireless Network Security Spring 2015

Wireless Network Security Spring 2014

Wireless Network Security Spring 2016

Switching & ARP Week 3

Wireless Network Security Spring 2015

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Wireless Network Security Spring 2013

Chapter 5 Reading Organizer After completion of this chapter, you should be able to:

Mobile Security Fall 2013

A Framework for Optimizing IP over Ethernet Naming System

Internetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview

Secure Neighbor Discovery. By- Pradeep Yalamanchili Parag Walimbe

ROBUST AND FLEXIBLE IP ADDRESSING FOR MOBILE AD-HOC NETWORK

Security Issues In Mobile Ad hoc Network Routing Protocols

Chapter 7: Naming & Addressing

Implementation of AODV Protocol and Detection of Malicious Nodes in MANETs

IPv6 Associated Protocols. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011

Wireless Sensor Networks Chapter 7: Naming & Addressing

CSC 6575: Internet Security Fall Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers

Secure Routing and Transmission Protocols for Ad Hoc Networks

DELVING INTO SECURITY

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

EXPERIMENTAL EVALUATION TO MITIGATE BYZANTINE ATTACK IN WIRELESS MESH NETWORKS

Packet Estimation with CBDS Approach to secure MANET

Ruijie Anti-ARP Spoofing

Wireless Network Security Spring 2015

Configuring ARP attack protection 1

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

AN INTRODUCTION TO ARP SPOOFING

Configuring Dynamic ARP Inspection

A Review on Mobile Ad Hoc Network Attacks with Trust Mechanism

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Better Approach To Mobile Adhoc Networking

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

DHCP Configuration. Page 1 of 14

[Wagh*, 5(4): April, 2016] ISSN: (I2OR), Publication Impact Factor: 3.785

Understanding and Configuring Dynamic ARP Inspection

Towards Layer 2 Authentication: Preventing Attacks based on Address Resolution Protocol Spoofing

1 TABLE OF CONTENTS UNCLASSIFIED//LES

CHAPTER 4 SINGLE LAYER BLACK HOLE ATTACK DETECTION

Module: Routing Security. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Clustering Based Certificate Revocation Scheme for Malicious Nodes in MANET

Mobile ad hoc networks Various problems and some solutions

NETLMM Security Threats on the MN-AR Interface draft-kempf-netlmm-threats-00.txt

Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks

Wireless Network Security Spring 2016

Security of Mobile Ad Hoc and Wireless Sensor Networks

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Configuring ARP attack protection 1

Wireless Network Security Spring 2011

Fixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering

20-CS Cyber Defense Overview Fall, Network Basics

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015

Performance Analysis of AODV under Worm Hole Attack 1 S. Rama Devi, 2 K.Mamini, 3 Y.Bhargavi 1 Assistant Professor, 1, 2, 3 Department of IT 1, 2, 3

Sybil Attack In High Throughput Multicast Routing In Wireless Mesh Network

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

Security in Mobile Ad-hoc Networks. Wormhole Attacks

PUCPR. Internet Protocol. Edgard Jamhour E N G L I S H S E M E S T E R

MANET Architecture and address auto-configuration issue

ECE 697J Advanced Topics in Computer Networks

Rule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs

Secure Host IP Configuration Protocol for Mobile Ad Hoc Networks Fathimabi Shaik and N. Rama krishnaiah

Scribe Notes -- October 31st, 2017

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

A Study of Two Different Attacks to IPv6 Network

CIS 5373 Systems Security

A Review on ICMPv6 Vulnerabilities and its Mitigation Techniques: Classification and Art

Network Security. Thierry Sans

J. A. Drew Hamilton, Jr., Ph.D. Director, Information Assurance Laboratory and Associate Professor Computer Science & Software Engineering

Identifier Binding Attacks and Defenses in Software-Defined Networks

Une attaque par rejeu sur le protocole SEND

Configuring Dynamic ARP Inspection

1 Connectionless Routing

Configuring IPv6 First-Hop Security

Mobile IP Overview. Based on IP so any media that can support IP can also support Mobile IP

ENEE 457: Computer Systems Security 11/07/16. Lecture 18 Computer Networking Basics

BYZANTINE ATTACK ON WIRELESS MESH NETWORKS: A SURVEY

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide

HP High-End Firewalls

CSE 565 Computer Security Fall 2018

SRPS: Secure Routing Protocol for Static Sensor Networks

MANET ROUTING ATTACKS

Mobile Communications. Ad-hoc and Mesh Networks

Ms A.Naveena Electronics and Telematics department, GNITS, Hyderabad, India.

Dynamic Neighbor Positioning In Manet with Protection against Adversarial Attacks

ICS 351: Networking Protocols

Security Considerations for IPv6 Networks. Yannis Nikolopoulos

Detecting Malicious Nodes For Secure Routing in MANETS Using Reputation Based Mechanism Santhosh Krishna B.V, Mrs.Vallikannu A.L

A Review on Black Hole Attack in MANET

Lecture 13: Routing in multihop wireless networks. Mythili Vutukuru CS 653 Spring 2014 March 3, Monday

CCNP Switch Questions/Answers Securing Campus Infrastructure

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Performance Analysis of Aodv Protocol under Black Hole Attack

A Survey of BGP Security Review

Prevention of Black Hole Attack in AODV Routing Algorithm of MANET Using Trust Based Computing

Transcription:

Wireless Network Security Spring 2015 Patrick Tague Class #10 Network Layer Threats; Identity Mgmt. 2015 Patrick Tague 1

Class #10 Summary of wireless network layer threats Specific threats related to identity 2015 Patrick Tague 2

Wireless Networking Message Source Relays / Routers Sink / Destination 2015 Patrick Tague 3

Network Layer Functionality The network layer is primarily responsible for establishing end-to-end paths and delivering packets over them Includes several fundamental services: Addressing: network ID management Routing: finding/establishing paths Forwarding: delivering packets Interactions with Transport layer and Link/MAC layer 2015 Patrick Tague 4

Addressing Before routing can be performed, nodes need some sort of ID or address Address/ID types range from local to global, just like in the postal system (streets up to ZIP codes) In very large-scale systems (e.g. Internet), addresses must have some sort of structure IP addresses follow a specific hierarchy and are reused within each domain Within a domain and in small-scale systems (e.g. MANET/WSN), addresses are typically unstructured or random Address management needed within a domain to prevent duplication and other failure scenarios 2015 Patrick Tague 5

Addressing Threats Addresses can be changed arbitrarily Allows for address spoofing Masquerading as other node(s) Potential for a large number of attacks Changing identity to prevent detection/punishment Attackers can infiltrate address management protocols (ARP, DHCP) to cause problems Inducing address duplication Forcing frequent address changes Manipulating forwarding schemes 2015 Patrick Tague 6

Routing Routing = path management Routing does not involve actual sending of packets from source to destination(s), only sets up the path Lives in the control plane Involves path setup/discovery, maintenance, and teardown Challenges in MANET/WSN environments Route using multiple untrusted relay nodes Resource and capability limitations No centralized authority or monitor Secure routing often relies on existing key mgmt. 2015 Patrick Tague 7

Routing Threats Just as with other types of misbehavior, routers can be greedy, non-cooperative, or malicious Greedy routers can refuse route discovery requests in order to save their own resources Non-cooperative routers can choose to selectively accept route requests to specific sources/dests Malicious routers can persuade route discovery protocols so paths pass through them, avoid them, or take unnecessary detours 2015 Patrick Tague 8

Black-hole attack: Path Attraction A malicious router broadcasts false claims of being close to the destination in order to attract all traffic and drop it Gray-hole attack: Similar to black-hole attack, except it only drops some packets selectively Ex: forward all routing control packets but drop all data Worm-hole attack: Colluding routers create a low-latency long-distance outof-band channel to attract routing paths and control data flow 2015 Patrick Tague 9

Detours: Path Manipulation A malicious router can modify/inject control packets to force selection of sub-optimal routes Gratuitous detours : Greedy routers can avoid being on a selected route by advertising long delays or creating virtual nodes Could be considered a form of Sybil attack, where all personalities are on the routing path 2015 Patrick Tague 10

Targeted blacklisting: Route Subversion In any routing protocols using blacklisting, attackers can accuse/slander/blame others to force them onto the blacklist DoS Rushing attacks: Attackers can quickly disseminate forged requests, causing later valid requests to be dropped 2015 Patrick Tague 11

Forwarding Forwarding = point-to-point data management Forwarding involves actual sending of packets from source to destination(s) on given routing paths Lives in the data plane Correct forwarding involves Sending the correct packets Maintaining packet order Respecting headers and rules Relaying in a timely manner Respecting rate control mechanisms 2015 Patrick Tague 12

Forwarding Threats Misbehavior in the forwarding mechanism (often called Byzantine forwarding) includes various ways of going against forwarding rules Dropping packets Modifying packet contents or header information Injecting bogus packets on source's behalf Forwarding to the wrong next hop Disrespecting rate control (flooding or throttling) 2015 Patrick Tague 13

Network Privacy Threats Routing protocols inherently reveal information to curious/malicious eavesdroppers An attacker can listen to route discovery interactions and learn (1) locations of source and destination nodes, (2) type of interactions between nodes, (3) commonly used paths, (4) network events, or (5) data These are all issues of location privacy, network privacy, and data privacy due solely to the routing process 2015 Patrick Tague 14

Let's go through these different threats in some detail, starting with addressing 2015 Patrick Tague 15

Addressing In traditional networking, each device (radio) has two identities, in the form of addresses MAC address: hardware address of the radio needed for link layer communication (e.g., 802.3, 802.11) Hard-coded into the NIC In theory, unique and static IP address: network layer address used for routing and some other higher layer services Virtual software address 2015 Patrick Tague 16

MAC Addresses MAC addresses in the Internet Ethernet and WiFi use MAC addresses for link layer communication Independent of any higher-layer functionality Link layer frames carry source and destination MAC addresses (6B each) MAC addresses in other systems Not typically used in sensor networks due to overhead Not needed if other addressing is available 2015 Patrick Tague 17

IP Addresses IP addresses in the Internet Network layer and above use IP addresses for some identity purposes Independent of whatever is below the network layer IP addresses must be unique IP addresses in other systems To support common applications, most designers are aiming to support IP addressing (to some extent) 2015 Patrick Tague 18

IP Address Resolution In most Internet domains, IP addresses are assigned centrally using DHCP and bound to MAC addresses using ARP DHCP = Dynamic Host Configuration Protocol: host asks server for IP address, which it keeps until expiry ARP = Address Resolution Protocol: host asks other hosts for MAC address corresponding to an IP address 2015 Patrick Tague 19

ARP image from [Whalen et al., 2001] 2015 Patrick Tague 20

Limitations MAC addresses are no longer hardware-bound Most Linux-like systems allow software to change MAC address used, despite hard-coded MAC address Many devices don't have (unique) MAC addresses DHCP is impractical for distributed systems Requires centralization High overhead in dynamic systems ARP has high overhead in distributed systems Requires request flooding 2015 Patrick Tague 21

Distributed Addressing Problem: How should IP addresses (or other suitable identities) be determined in a distributed system such that: Addresses are compact(-able) for low-overhead communication in sensors or embedded devices Network overhead is (relatively) low Addresses are (sufficiently) unique Systems can split and join Duplicate addresses can be detected and fixed Address space is large enough and dynamic 2015 Patrick Tague 22

A Few Approaches Random selection with duplicate address detection (DAD) Send a query to the selected address; if no response, the address probably isn't in conflict Requires flooding a query through the entire network Merging existing networks is difficult MANETconf Configured initiator nodes act like a server that can assign addresses to requesters who arrive later Configured node floods notification and assigns address if no nodes respond negatively Merging existing networks is difficult 2015 Patrick Tague 23

PACMAN [Weniger, JSAC 2005] PACMAN = Passive Auto-Configuration for Mobile Ad hoc Networks Architecture for efficient distributed MANET address auto-configuration 2015 Patrick Tague 24

Address Assignment To avoid overhead of flooding network to check address uniqueness, PACMAN assigns addresses passively and relies on network to expose conflicts Each node chooses its address using a probabilistic algorithm and a list of known used addresses See the paper for details 2015 Patrick Tague 25

Address Encoding To minimize overhead, PACMAN encodes MANET IP addresses MANET uses a fixed IP prefix (2B for IPv4, 8B for IPv6) Node ID only needs log 2 N bits to support N nodes Pad with lots of zeros, but only need to know #0s 2015 Patrick Tague 26

Passive DAD PDAD relies on observation of events that: Never occur in case of unique addresses but always occur in case of address duplication e.g., receiving a route reply when no request was sent Usually don't occur in case of unique addresses but sometimes occur in case of address duplication e.g., link states in a route reply change completely Upon detection of duplication, at least one node can reinitialize the address assignment This also allows relatively easy management of network split and merge events 2015 Patrick Tague 27

Security Issues PACMAN and many similar approaches were not designed with malicious behaviors in mind Threats [Wang et al., 2005]: Address spoofing attacker spoofs the IP address of a victim and hijacks its traffic False address conflict attacker injects conflict messages (or events) to a target victim Address exhaustion attacker claims many addresses to deny service or prevent nodes from joining Negative reply in cases where approval is needed to join, attacker can prevent nodes from joining 2015 Patrick Tague 28

Secure MANET Auto-Conf [Wang et al., 2005] Bind the IP address to a public key to authenticate auto-configuration processes New node A chooses an IP address as the hash of its public key A sends a query to the network for the IP address using a signed, time-stamped Duplicate Address Probe If a receiving node B has an IP conflict, it checks signatures (authenticity, replay prevention, etc.) and conditionally replies with a signed, time-stamped Address Conflict Notice If A receives ACN from B, it checks signatures and conditionally starts over with a new key pair If no reply within a fixed time period, A joins the network using the generated IP address 2015 Patrick Tague 29

Benefits of the Approach Forces the attacker to find a public key that hashes to a victim's IP address before launching the attack Even with relatively small address space, computation/storage overhead is prohibitive Detailed analysis in the paper 2015 Patrick Tague 30

Trust-Based Auto-Conf [Hu & Mitchell, 2005] Misbehavior in the requester-initiator model (MANETconf) Initiator can intentionally assign conflicting address Requester can flood requests repeatedly, causing resource depletion and/or DoS Malicious node can falsely claim that candidate addresses are already in use, causing excess request floods, resource depletion, and DoS Instead of relying on arbitrary nodes, keep track of which nodes are good and which are bad 2015 Patrick Tague 31

Trust Model For nodes A and B, A's trust in B is given by T A (B) Each node A has a threshold trust value T A * such that it will interact with B only if T A (B) T A * Trust values can be computed based on past behaviors 2015 Patrick Tague 32

Choosing a Trustable Initiator New requester N broadcasts a Neighbor_Query with its threshold T N * Each receiver sends N a InitREP reply with neighbor IDs who have trust values T N * N can chooses its initiator as the neighbor appearing in the most InitREP messages Malicious node is unlikely to be chosen unless majority of neighbors are malicious 2015 Patrick Tague 33

Duplicate Address Check If initiator A gets an Add_Collision message from a node B in response to an Initiator_Request: If B has been previously blacklisted, ignore it If T A (B) T A *, then believe B and start over Otherwise, declare B malicious, add B to the blacklist, and send a Malicious_Suspect message about B to other nodes Other nodes only believe A's Malicious_Suspect message if their trust value in A is high enough 2015 Patrick Tague 34

3rd-Party Duplication Check If a node B detects an address collision between two other nodes, it notifies both of them If a receiving node A gets such a notification from node B: If B has been previously blacklisted, ignore it If T A (B) T A *, believe B and choose a new address Otherwise, add B to the blacklist 2015 Patrick Tague 35

Calculating Trust Values A calculates its trust in B by: Monitoring and measuring a number of performance characteristics, including past behaviors in address assignment Each characteristic maps to a value in [0,1] Trust T A (B) is a weighted combination of the various percharacteristic values For distant nodes B, A must rely on establishing a trusted path to B More detail on evaluating trust in a later class 2015 Patrick Tague 36

Summary Discussed distributed addressing, threats, and a few approaches to secure auto-configuration PACMAN: Passive auto-configuration for MANETs [Weniger; JSAC 2005] Secure address auto-configuration for MANETs [Wang, Reeves, and Ning; MobiQuitous 2005] Secure auto-configuration in MANETs using trust [Hu and Mitchell; MSN 2005] 2015 Patrick Tague 37

Feb 19: Routing and Forwarding Security 2015 Patrick Tague 38

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback