Wireless Network Security Spring 2014

Similar documents
Wireless Network Security Spring 2013

Mobile Security Fall 2011

Wireless Network Security Spring 2011

Wireless Network Security Spring 2011

Mobile Security Fall 2013

Wireless Network Security Spring 2015

Wireless Network Security Spring 2011

Wireless Network Security Spring 2015

Wireless Network Security Spring 2016

Wireless Network Security Spring 2014

Wireless Network Security Spring 2011

Wireless Network Security

Wireless Network Security Spring 2013

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

A Cloud-Based Scheme for Protecting Source-Location Privacy against Hotspot-Locating Attack in Wireless Sensor Networks

Wireless Network Security Spring 2012

Introduction to VANET

Chapter 5 Ad Hoc Wireless Network. Jang Ping Sheu

TOWARD PRIVACY PRESERVING AND COLLUSION RESISTANCE IN A LOCATION PROOF UPDATING SYSTEM

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Wireless Network Security Spring 2015

Wireless Network Security Spring 2011

Wireless Network Security Spring 2016

WIDS Technology White Paper

Wireless Network Security Spring 2013

Wireless Attacks and Countermeasures

Wireless Network Security Spring 2015

Sleep/Wake Aware Local Monitoring (SLAM)

Chapter 24 Wireless Network Security

AMOEBA: Robust Location Privacy Scheme for VANET

COOPERATIVE DATA SHARING WITH SECURITY IN VEHICULAR AD-HOC NETWORKS

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

CS 268: Computer Networking. Taking Advantage of Broadcast

Part I. Wireless Communication

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

Efficient Authentication and Congestion Control for Vehicular Ad Hoc Network

Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack

CHAPTER 2 WIRELESS SENSOR NETWORKS AND NEED OF TOPOLOGY CONTROL

15-441: Computer Networking. Lecture 24: Ad-Hoc Wireless Networks

Wireless Network Security Spring 2013

Subject: Adhoc Networks

Achieving Privacy in Mesh Networks

WSN Routing Protocols

Wireless Network Security Spring 2016

Requirements from the

CIS 5373 Systems Security

Ad-hoc Trusted Information Exchange Scheme for Location Privacy in VANET

Unicast Routing in Mobile Ad Hoc Networks. Dr. Ashikur Rahman CSE 6811: Wireless Ad hoc Networks

Wireless Network Security Spring 2015

Wireless Network Security Spring 2011

Requirements Analysis of IP and MAC Protocols for Dedicated Short Range Communications (DSRC)

Final Exam: Mobile Networking (Part II of the course Réseaux et mobilité )

Network Encryption 3 4/20/17

6.9 Summary. 11/20/2013 Wireless and Mobile Networks (SSL) 6-1. Characteristics of selected wireless link standards a, g point-to-point

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Source destination obfuscation in wireless ad hoc networks

Problem Set 10 Due: Start of class December 11

The Challenges of Robust Inter-Vehicle Communications

Hacking MANET. Building and Breaking Wireless Peering Networks. Riley Caezar Eller

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Wireless Network Security Spring 2014

5 Tips to Fortify your Wireless Network

Cisco Securing Cisco Wireless Enterprise Networks (WISECURE) Download Full Version :

Wireless LAN Security (RM12/2002)

CS Paul Krzyzanowski

CHAPTER 5 CONCLUSION AND SCOPE FOR FUTURE EXTENSIONS

Reliable and Efficient flooding Algorithm for Broadcasting in VANET

Overview of Security

Cross-layer Enhanced Source Location Privacy in Sensor Networks

CSMC 417. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala. Fall 2018 CMSC417 Set 1 1

A REVIEW PAPER ON DETECTION AND PREVENTION OF WORMHOLE ATTACK IN WIRELESS SENSOR NETWORK

ENSC 427, Spring 2012

Chapter 18 Privacy Enhancing Technologies for Wireless Sensor Networks

Ad Hoc Networks: Introduction

CE693: Adv. Computer Networking

SCALABLE VEHICULAR AD-HOC NETWORKS DISTRIBUTED SOFTWARE-DEFINED NETWORKING

Content. 1. Introduction. 2. The Ad-hoc On-Demand Distance Vector Algorithm. 3. Simulation and Results. 4. Future Work. 5.

AODV-PA: AODV with Path Accumulation

Packet Estimation with CBDS Approach to secure MANET

Overview of Challenges in VANET

DETECTING, DETERMINING AND LOCALIZING MULTIPLE ATTACKS IN WIRELESS SENSOR NETWORK - MALICIOUS NODE DETECTION AND FAULT NODE RECOVERY SYSTEM

Security Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe

Vorlesung Kommunikationsnetze Research Topics: QoS in VANETs

CSMA based Medium Access Control for Wireless Sensor Network

BackTrack 5 Wireless Penetration Testing

ECE 4450:427/527 - Computer Networks Spring 2017

Introduction to Mobile Ad hoc Networks (MANETs)

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

Enhancement of Routing in Urban Scenario using Link State Routing Protocol and Firefly Optimization

Physical and Link Layer Attacks

Attacks on WLAN Alessandro Redondi

Introduction to Internet of Things Prof. Sudip Misra Department of Computer Science & Engineering Indian Institute of Technology, Kharagpur

MultiNet: Connecting to Multiple IEEE Networks Using a Single Wireless Card IEEE INFOCOM 2004

Hooray, w Is Ratified... So, What Does it Mean for Your WLAN?

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

Chapter 7: Naming & Addressing

EXPERIMENTAL EVALUATION TO MITIGATE BYZANTINE ATTACK IN WIRELESS MESH NETWORKS

Configuring the Radio Network

Transcription:

Wireless Network Security 14-814 Spring 2014 Patrick Tague Class #16 Network Privacy & Anonymity 2014 Patrick Tague 1

Network Privacy Issues Network layer interactions in wireless networks often expose information about identity, context, content, relationships, etc. In certain cases, cryptographic protections can help, but not always In certain cases, pseudonyms help, but not always 2014 Patrick Tague 2

ID Matching Network IDs/addresses can facilitate tracking, profiling, inference, etc. Ex: a network service provider sees device A connect to a network in Pgh, then to another network in DC, then to another network in SF the service provider can create a profile of the device owner Ex: an eavesdropper sees device A show up and connects to a network at the same time every day the eavesdropper can temporally profile the user to learn when they will be away from home 2014 Patrick Tague 3

Traffic Analysis A curious or malicious party can observe network traffic and analyze flow patterns to infer relationships Plaintext IDs can make this pretty easy Something like conservation of flow can allow traffic flow decoupling Inference capability depends on several factors: Network visibility global or local view? Traffic density dense or sparse traffic distributions?... 2014 Patrick Tague 4

Timing Analysis Since network operations are typically at least somewhat delay sensitive, there are end-to-end correlations between transmission events Ex: node A transmit 10 packets, then neighboring node B transmits 10 packets of similar size maybe B is relaying A's traffic Depending on visibility and density, very little other information is needed (e.g., strong hop-by-hop packet re-encryption doesn't prevent timing analysis) 2014 Patrick Tague 5

Understanding the Risks What type of network? Services? Etc.? WLAN, cellular, VANET, WSN, What is the attacker's goal / purpose? Real-time tracking, recovering past traces, Robbery, personal safety, blackmail, mal-marketing, surveillance, What granularity is needed for attack success? Relational, location-specific, region-specific, 2014 Patrick Tague 6

Privacy Challenges 1. Understanding the privacy goals What needs to be protected? What are the rules to be enforced? 2. Understanding the threat What are attackers goals, capabilities, methods,? Practicality of attacker assumptions? 3. Metrics How to measure privacy protection and enforcement? How to evaluate and incorporate risk? 2014 Patrick Tague 7

Different Privacy Concerns Profiling and tracking WiFi users Event/object inference in WSN Unauthorized user/car tracking in VANET 2014 Patrick Tague 8

WLAN Location Challenges to location privacy in WLAN Network operators are untrusted High density of APs; many may be malicious Precise (~1m) localization Broadcast IDs (MAC addresses) Very easy to eavesdrop on devices' MAC addresses, even if security features are enabled 2014 Patrick Tague 9

WiFi Tracking WiFi devices provide various pieces of information that can enable tracking Static MAC address rogue AP or eavesdropper can record MAC-location pairs Location can be computed coarsely by AP/SSID or finely using coordination among APs WiFi probe messages SSID lists and MAC address pairs suggest favorite locations This not only allows you to track the device, but also to learn something about the user 2014 Patrick Tague 10

Ex: WiFi Probe Messages 2014 Patrick Tague 11

Potential Solutions What if we don't allow the AP to determine the location of a client? Policy is easily bypassed by a malicious AP What if we don't give the AP enough information to identify clients (i.e., anonymize)? What other services does this interfere with? 2014 Patrick Tague 12

MAC Randomization MAC addresses are 48 bits with some addresses reserved, so there's a good amount of entropy The client can randomize its MAC address every time without affecting end-to-end performance As long as other ID information is hidden from the AP, the AP cannot identify clients in its network Trade-offs: Privacy can be achieved, monitoring and IDS are lost MAC collisions 2014 Patrick Tague 13

Collisions 2014 Patrick Tague 14

Implementation Issues Seq# in headers must be removed, otherwise subsequent messages are correlated Connection reestablishment often Signal analysis can still expose correlation All other uses of MAC addresses lost (e.g., whitelist, blacklist, IDS) Key management needed if MACs need to be matched by another user 2014 Patrick Tague 15

What about location privacy issues in multi-hop wireless networks? 2014 Patrick Tague 16

Traffic Anonymization In multi-hop networks (MANET/WSN), transmission linking can expose what path is used for a session Traffic analysis: Analyzing the flow of packets through a network (with global knowledge) allows decomposition into individual flows Local traffic analysis: Without global knowledge, timing information can expose flow decomposition in a neighborhood 2014 Patrick Tague 17

WSN Location Privacy In sensor networks, we're usually not concerned with protecting sensor locations, but what they're sensing may be more sensitive Truck at (x 1,y 1 ) @ 1:34pm Truck at (x 2,y 2 ) @ 1:37pm Truck at (x 3,y 3 ) @ 1:35pm 2014 Patrick Tague 18

Source Location Privacy One of the common goals in WSN is to hide the location of the sensed event from an observer But, the traffic generated will immediately expose any singular event Commonly called the Panda Hunter Problem Sensors in a wildlife area are used to track/study pandas Whenever a panda walks by a sensor, it generates traffic A hunter can track the traffic to find the panda 2014 Patrick Tague 19

Panda Hunter Problem Objective of the WSN / defender: Properly / quickly collect panda mobility info Hide the location information from the panda hunters that can eavesdrop on WSN traffic but not decrypt Objective of the panda hunters: Learn the location of the data source (and thus the panda) by analyzing traffic flow statistics 2014 Patrick Tague 20

Panda Hunter Strategies Two approaches: Choose one location in the network to monitor traffic Wait for the panda to walk somewhere that creates traffic flows through the chosen location, then find the panda Probably takes a long time depending on the area, and no better than naïve hunting Find the base station and monitor all network traffic More work to find the base station, more traffic to analyze all at once, but any panda-related traffic goes here 2014 Patrick Tague 21

Anti-Analysis Methods In the Panda Hunter context, there are two ways to mitigate the attack: Prevent the hunter from finding the base station (i.e., destination location privacy) Prevent the hunter from finding the panda (i.e., source location privacy) These problems are sort of duals of each other, so we look only at the second one Image from [Deng et al., PMC 2006] 2014 Patrick Tague 22

Flooding One common approach is to hide the actual event data in dummy ( chaff ) traffic Flooding the network with dummy traffic prevents the attacker from figuring out what is real If it looks like the panda is everywhere, where is it? Of course, flooding dummy traffic is a lot of work for very little reward 2014 Patrick Tague 23

Probabilistic Flooding Trade-offs can be made between the overhead of flooding and the resulting location privacy by instructing each node to forward dummy traffic only with probability p Less dummy traffic slightly degrades privacy Less dummy traffic means lower overhead Nodes need to be able to distinguish dummy from real traffic, or also drop real traffic w.p. (1-p) 2014 Patrick Tague 24

Random Routing Another technique to mitigate traffic analysis is random routing Next hop rand({neighbors}) Non-deterministic packet flow makes the analysis harder, but increases delay Can combine random routing with prob flooding Phantom Routing: 2014 Patrick Tague 25

Two-Way Random Walk Two-way Greedy Random Walk (GROW) Short path from base station created to serve as receptors, who listen for packets and unicast them Makes the random walk faster, since the path just needs to get close to the base station 2014 Patrick Tague 26

Transmission Correlation To make things harder, attackers can analyze timing at a node to further decompose flows at a point Sequence of transmissions by two neighboring nodes can indicate re-transmissions data on same path Q: how to make re-transmissions statistically uncorrelated with original transmissions? (e.g., [Alomair et al., Globecom 2010]) 2014 Patrick Tague 27

Simple Approach 2014 Patrick Tague 28

Better Approach 2014 Patrick Tague 29

More Issues Perfectly fitting the dummy distribution introduces delay in the data In certain scenarios, delay kills the application, especially if time synchronization is done by the BS Instead of waiting, inject data after some amount of time that fits the distribution Leads to a short-long problem: short interval times followed by longer interval times tend to contain real data packets 2014 Patrick Tague 30

Beating Correlation Tests Instead of creating dummy messages according to a schedule, create dummy intervals Allows the node to find a better fit when real data shows up, allowing the system to defeat correlation tests that expose real traffic 2014 Patrick Tague 31

What about location privacy issues in mobile networks (e.g., VANETs)? 2014 Patrick Tague 32

LBS in VANET 2014 Patrick Tague 33

How to prevent the untrusted LBS from tracking vehicles? 2014 Patrick Tague 34

AMOEBA Pseudonyms + group identify location privacy among vehicles on the highway Groups increase anonymity and reduce linkability Pseudonym updates and silence at opportune times further reduce linkability Power control allows group communication without infrastructure eavesdropping 2014 Patrick Tague 35

V2I G2I Protect anonymity by grouping network traffic Allow vehicles to form ad hoc groups Group leader communicates to RSU Rotate group leader randomly 2014 Patrick Tague 36

Road structure Leveraging Silence pseudonyms not enough Random silent period with pseudonym update reduces linkability, but causes safety problems Rely on silent periods during times of high driver attentiveness, e.g., while changing lanes or merging 2014 Patrick Tague 37

Privacy and LBS 2014 Patrick Tague 38

Trusted group leader? Some Issues Compromised group leader no privacy Rotation helps, but doesn't solve Trusted group? Malicious group members can expose info to LBS, spoof LBS requests, etc. Lack of end-to-end control in V2I/LBS Pay services? No control over vehicles in data flow Malicious leader could interfere 2014 Patrick Tague 39

Summary We saw some unique location privacy issues in very different wireless systems Additional location privacy issues exist in other domains / contexts, but no time to cover them all As systems continue to emerge / evolve, new privacy issues will arise 2014 Patrick Tague 40

Happy Spring Break! March 18: OMNET++ Tutorial III March 20: Trust & Reputation 2014 Patrick Tague 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback