Wireless Network Security Spring 2011

Similar documents
Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Wireless Network Security Spring 2011

Wireless Network Security Spring 2016

CSC 774 Advanced Network Security

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011

Wireless Network Security Spring 2013

Wireless Network Security Spring 2015

Wireless Network Security Spring 2015

Communication in Broadband Wireless Networks. Jaydip Sen Convergence Innovation Lab Tata Consultancy Services Ltd. Kolkata, INDIA

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Key establishment in sensor networks

Wireless Network Security Spring 2014

CSC 774 Advanced Network Security

A Key-Management Scheme for Distributed Sensor Networks

Key establishment in sensor networks

Wireless Network Security Spring 2013

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Mobile Security Fall 2011

Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks

On the Security of an Efficient Group Key Agreement Scheme for MANETs

Cluster Based Group Key Management in Mobile Ad hoc Networks

Efficient and Secure Source Authentication for Multicast

Analysis of Attacks and Defense Mechanisms for QoS Signaling Protocols in MANETs

Cryptographic Concepts

Wireless Network Security Spring 2011

SECURE ROUTING PROTOCOLS IN AD HOC NETWORKS

Security in Mobile Ad-hoc Networks. Wormhole Attacks

Secure Multi-Hop Infrastructure Access

Security+ SY0-501 Study Guide Table of Contents

Wireless Network Security Spring 2015

LHAP: A Lightweight Hop-by-Hop Authentication Protocol For Ad-Hoc Networks

An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks

Secure Routing and Transmission Protocols for Ad Hoc Networks

Reliable Broadcast Message Authentication in Wireless Sensor Networks

Kun Sun, Peng Ning Cliff Wang An Liu, Yuzheng Zhou

Collusion-Resistant Group Key Management Using Attributebased

Cryptography and Network Security Chapter 14

Stateless key distribution for secure intra and inter-group multicast in mobile wireless network q

An Efficient Key Management Scheme for Heterogeneous Sensor Networks

CIS 4360 Secure Computer Systems Applied Cryptography

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Cryptographic Primitives and Protocols for MANETs. Jonathan Katz University of Maryland

CS 161 Computer Security

Wireless Network Security Spring 2011

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Effective Cluster Based Certificate Revocation with Vindication Capability in MANETS Project Report

Certificateless Public Key Cryptography

Crypto meets Web Security: Certificates and SSL/TLS

Mitigating DoS attacks against broadcast authentication in wireless sensor networks

A Tree-Based µtesla Broadcast Authentication for Sensor Networks

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

UNIT - IV Cryptographic Hash Function 31.1

MHIP: Effective Key Management for Mobile Heterogeneous Sensor Networks

Wireless Network Security Spring 2016

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Enhancing the Security in WSN using Three Tier Security Architecture Chanchal G. Agrawal *

What's the buzz about HORNET?

Information Security CS 526

Location-Based Pairwise Key Establishments for Static Sensor Networks

Lecture 2 Applied Cryptography (Part 2)

Chapter 9: Key Management

Improving Key Pre-Distribution with Deployment Knowledge in Static Sensor Networks

Persistent key, value storage

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Overview. SSL Cryptography Overview CHAPTER 1

BISS: Building secure routing out of an Incomplete Set of Security associations

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.

CS 416: Operating Systems Design April 22, 2015

Random Key Predistribution Schemes for Sensor Networks 1

Wireless Network Security Spring 2014

Public-key Cryptography: Theory and Practice

Real-time protocol. Chapter 16: Real-Time Communication Security

Secure Adaptive Topology Control for Wireless Ad-Hoc Sensor Networks

WIRELESS sensor networks have received a lot of attention

CS 161 Computer Security

Optimal Multicast Group Communication

Wireless Network Security Spring 2013

Spring 2010: CS419 Computer Security

Source Anonymous Message Authentication and Source Privacy using ECC in Wireless Sensor Network

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Pluggable Transports Roadmap

An Optimal Symmetric Secret Distribution of Star Networks 1

LIGHTWEIGHT KEY MANAGEMENT SCHEME FOR HIERARCHICAL WIRELESS SENSOR NETWORKS

Operating Systems Design Exam 3 Review: Spring Paul Krzyzanowski

CSE 127: Computer Security Cryptography. Kirill Levchenko

A Security Infrastructure for Trusted Devices

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Clustering Based Certificate Revocation Scheme for Malicious Nodes in MANET

Security Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol. John Jersin Jonathan Wheeler. CS259 Stanford University.

Wireless Network Security Spring 2014

0x1A Great Papers in Computer Security

Subject: Adhoc Networks

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Key Agreement Schemes

Key Agreement in Ad-hoc Networks

Viber Encryption Overview

Network Security

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Use of Symmetric And Asymmetric Cryptography in False Report Filtering in Sensor Networks

Transcription:

Wireless Network Security 14-814 Spring 2011 Patrick Tague Jan 20, 2011 Class #4 Broadcast information security

Agenda Broadcast information security Broadcast authentication and encryption Key management Key establishment A few attacks

Broadcast Communication Broadcast comm takes advantage of the shared medium for one-to-many transmissions Can be much more efficient than one-toone unicast communication

Topology and Scale Gains from broadcast advantage depend on network topology and scale In a star topology, O(1) transmissions cover N nodes (compared to O(N) in unicast) In general, O(N/d) transmissions cover N nodes with density d (compared to O(N 2 ) in unicast) Ex: d ~ log N Additional considerations with network scale: Key management overhead for broadcast authentication and encryption

Broadcast Authentication Allows nodes to verify the source of packet transmissions First idea: use symmetric key cryptography and MACs Any group member with the authentication key can forge packets on behalf of any other group member Second idea: use public-key signatures Provably correct, but very expensive (signature per packet, public key overhead [time + BW], etc.) Third idea: packet-block signatures sign a collection of packets, partition signature over packet block Packet loss packet-block can't be validated, denial-ofservice opportunity, still expensive

TESLA / µtesla [Perrig et al., 2002] TESLA (Timed Efficient Stream Loss-tolerant Authentication), µtesla for WSN Uses time-released symmetric keys to get efficiency of symmetric approaches without forgery problems One-way hash-chains are used to release/update keys periodically, introduces small delay and buffering Requires that all nodes are loosely time synchronized Paper posted on class website

Broadcast Encryption Encryption has similar challenges in symmetric and public-key approaches No symmetric key solutions are secure against malicious/curious group members, and timing solutions like TESLA don't work for secrecy Must rely on public-key approaches For large broadcast groups (n-k of n, k<<n), O(k) ciphertexts per message with O(log n) private key length [Goodrich et al., 2004] For small broadcast groups (k of n, k<<n), k ciphertexts with O(1) private key length [unicast] Inefficient!

Efficient Broadcast Encryption [Boneh et al., 2005] Approach uses Bilinear Maps for collusionresistant encryption Secure against any number of colluding nodes Two constructions First has O(1) length ciphertexts and private keys, O(k) length public keys Second has tunable tradeoffs between ciphertext size and public key length e.g. O(k 1/2 ) each Still too expensive for many systems, may have to rely on attack detection and revocation instead Paper posted on class website

(Group) Key Management Group formation, joining, and leaving can be controlled entirely by distribution and revocation of symmetric keys A session encryption key (SEK) is given to all group members (used to distribute/collect data) A unique key encryption key (KEK) is given to each group member and used to periodically update SEKs Revocation = not getting an SEK update Updating SEKs must be very efficient so it can occur with sufficient frequency to minimize effects of misbehavior

Key Trees [Sherman & McGrew, 2003] m-ary key trees can be used for efficient SEK rekeying (m=2 below) Group leader assigns 4 quantities to each node so everyone can compute SEK X 0, e.g. M 1 stores X 3,1, f(x 3,2 ), f(x 2,2 ), and f(x 1,2 )

Key Tree Update Dis-enrollment as re-keying: If e.g. M 1 leaves the group X 3,1, f(x 3,2 ), f(x 2,2 ), and f(x 1,2 ) must be revoked Leader broadcasts E K3,2 (f(x' 3,1 )), E K2,2 (f(x' 2,1 )), E K1,2 (f(x' 1,1 ))

Power-Efficient Key Trees [Lazos & Poovendran, 2005] Re-keying trees in large distributed networks (WSNs, MANETs, etc.) requires numerous transmissions over multi-hop routes Tree can be constructed to group nodes according to power proximity (network and physical layer info)

Group-Less Key Establishment In fully distributed systems with no support for group key management (WSN), keying has other challenges Public-key not possible, Diffie-Hellman establishment is too costly, so it has to be symmetric key An authority/owner of the system can load keys onto nodes before deployment (see e.g. [Eschenauer & Gligor, 2002]) Re-keying is an issue, so the keys must be long-term But, if the system is unattended, an attacker can physically compromise nodes and extract keys So...

Key Predistribution -or- Pre-deployment Keying Authority assigns symmetric keys prior to deployment, used long term Single key per network single attacked node compromises everything Single key per node pair O(N 2 ) storage overhead, most of which is wasted Meet somewhere in the middle - single key per group What is known about topology before deployment? If nothing, groups can be random Approach: assign a set of keys from a large pool to each node [Eschenauer & Gligor, 2002] or use a randomized matching algorithm [Tague & Poovendran, 2007]

WSN Node Capture Attacks Physically attacking nodes leads to key recovery Depending on the attacker's goal, can capture nodes randomly until sufficient keys are recovered or can target nodes with specific keys If the goal is getting all the keys, try to find a key covering set of nodes If the goal is getting all keys that are actually used, find a link covering set of nodes If the goal is compromising traffic secrecy, also need to know some network layer topology information, then need a path membership link covering set Goals are many, but everything fits into an attack framework [Tague & Poovendran, 2007]

Node Capture Defenses Can't prevent attacks on unattended devices Tamper-proof hardware would help, but it's very expensive So, the answer isn't defense, it's mitigation Make the attacker's job more expensive Make the attacks less effective Make the attacks detectable This is a mostly-open problem

Next time... Physical layer & communication security Physical layer vulnerabilities and threats Communication availability Multi-channel diversity Leveraging physical layer properties for secrecy and authentication Key establishment from channel randomness Authentication using wireless signatures

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback