Low-Power DoS Attacks in Data Wireless LANs and Countermeasures
Download
Report
Transcript Low-Power DoS Attacks in Data Wireless LANs and Countermeasures
Scalable Robust and Secure
Heterogeneous Wireless Networks
Guevara Noubir
College of Computer Science
Northeastern University, Boston, MA
[email protected]
1
The Heterogeneous Future of Wireless
Networks
Ambient intelligence aware of people’s presence, needs, and context
Ubiquitous computing: maintain seamless access to data and services
Nature and man-made disaster: require adequate operational modes
Safety services: better quality of life for elderly and disabled people
The need for the enabling technology
Limitations of current wireless technology:
No integration, QoS, seamless adaptivity, single-hop, limited data rates, battery life
Major issues: scalability, robustness, security
We need novel approaches!
As these applications become more ubiquitous new threats will appear:
Fast recovery through reconfiguration and prioritization of services
Resiliency to denial of service attack
Amplified by: untracability, limited resources (energy and computation power)
Talk focus on networking aspects
2
Outline
Characteristics of heterogeneous wireless networks
Some security aspects heterogeneous wireless networks
Some novel approaches to scalability and robustness
Physical, layer/link, and multi-layer attacks
Multicasting
Cross-layer design
Accumulative Relaying
Universal Network Structures
Conclusion
3
Characteristics
Limited radio spectrum
Shared Medium (collisions)
Limited energy available at the nodes
Limited computation power
Limited storage memory
Unreliable network connectivity
Dynamic topology
Need to enforce fairness
4
Flexibility
Use of various coding/modulation schemes
Use of various transmission power level
Use of multiple RF interfaces
Use of multi-hop relaying
Clustering and backbone formation
Planning of the fixed nodes location
Packets scheduling schemes
Application adaptivity
5
Multihop Heterogeneous Paths
Resource Efficient Paths:
Multirate, Power-Controlled, Contention and Mobility Aware
Cooperating paths:
Distributed MIMO, Accumulative Relaying
Internet
Access Points
Mobile Nodes
Sensor Nodes
Universal Network Design:
Universal Sensors Steiner Tree
Robust Distributed Compression:
Generalized Slepian-Wolf
Cross-layer power controlled MAC
6
Multilayer DoS in Wireless Networks
Physical layer
MAC layer
Jamming of control traffic and mechanisms
Network layer
Smart multilayer aware jammers
Malicious injection/disruption of routing information
Transport layer
Exploiting weaknesses in congestion control
mechanisms
7
Physical Layer Jamming
Leads to:
Network partition
Forcing packets to be routed over chosen paths
Low-Power: cyber-mines
8
Low-Power Physical Layer Jamming
Jamming effort:
IP packet:
Jamming duration/packet duration
1500 bytes = 12000 bits
Uncoded packet:
Jamming effort in the order of 10-4
9
Jamming IEEE802.11 and 802.11b
Modulation/coding
Rate
Packet length
IP packet
Number of bits
needed to jam
Jamming
Efficiency
BPSK
1500*8
1
12000
QPSK
1500*8
2
6000
CCK (5.5Mbps)
1500*8
4
3000
CCK (11Mbps)
1500*8
8
1500
10
Jamming Encoded Data Packets
Link Architecture
Jamming Unreliable
Communication
Jamming ECC Protected
Communication
UDP
UDP
EDP
…
Jamming Interleaved ECC
Protected Communication
UDP
EDP
IDP
JP
JP
JP
>dmin-1/2
UDP: Uncoded Data Packet
JP: Jamming Packet
EDP: Encoded Data Packet
in l codewords
RP: Received Packet
IDP: Interleaved Data Packet
DDP: De-Interleaved Packet
RP
DDP
P
dmin: code minimum
Hamming distace
>dmin-1/2 errors within
a single codeword
11
Traditional Anti-Jamming Techniques
Focus on bit-level
2
P
G
G
R
J
j
jr rj tr Lr B r
S Pt Gtr Grt R 2jr L j B j
Pj:
Gjr:
Grj:
Rtr:
Lr:
Br:
Pt:
Gtr:
Grt:
Rjr:
Lj:
Bj:
transmitter power
antenna gain from transmitter to receiver
antenna gain from receiver to transmitter
distance from jammer to receiver
jammer signal loss
jamming transmitter bandwidth
Spread-Spectrum in military provides:
jammer power
antenna gain from jammer to receiver
antenna gain from receiver to jammer
distance from transmitter to receiver
communication signal loss
communications receiver bandwidth
20-30dB processing gain
Low-power jamming requires:
40dB!
12
Mitigating Physical Layer DoS
Physical Layer:
Link Layer:
Spread-Spectrum
Directional Antennas
Cryptographic Interleaver + Efficient Coding
Routing:
Jamming-free paths
Use of Mobility
13
Proposed Solution for Link Layer
Cryptographic Interleaving
+
Efficient Adaptive Error Correction
For Binary Modulation:
Cryptographic interleaving transforms the
channel into a Binary Symmetric Channel
Capacity of BSC (Shannon):
C 1 H ( p)
C 1 p log 2 ( p) (1 p) log 2 (1 p)
14
Practical Codes
Low Density Parity Codes:
Very Close to Shannon’s Bound
Best for long packets:
E.g., 16000 bits
Jamming Effort
Code Rate
Shannon Limit
8%
0.5
0.598
Code
Throughput
0.5
17.4%
0.25
0.333
0.25
Non-binary modulation e.g., IEEE802.11b (CCK): transmits 8 bits
Use a Reed-Solomon code with symbols of 8 bits
Maximum length: 256 bytes
Data: k 256bytes
Tolerates: (256-k)/2 errors
15
Conclusion on Physical Layer DoS
Existing Wireless Data Networks are easy targets of physical layer jamming
High transmission power, and spread-spectrum are not enough
Jammer effort in the order of 10-4 for an IP packet
Traditional anti-jamming focuses on bit protection
Cryptographic interleaving and Error Control Codes provide much better
resiliency to Jamming
Additional technique that derive from the J/S ratio: directional antennas
Need adaptivity and careful integration within the network stack
16
Link/MAC Layer DoS
Attack Control Traffic
RACH/Grant CH/BCCH channels in cellular
Authentication (e.g., sending deauth message)
MAC Mechanisms of IEEE802.11:
Reservation:
Backoff:
RTS/CTS are short packets: require less energy to be jammed
NAV: malicious nodes can force nodes to wait for long durations
EIFS: a single pulse every EIFS at high power
Backoff allows an attacker to spend less energy when Jamming
Selecting attacks on MAC/IP addresses
17
DoS on Routing
Malicious nodes can attack control traffic:
Attack goals: disruption or resource consumption
Techniques:
Jamming
Inject wrong information
Black hole: force all packets to go through an adversary node
Rooting loop: force packets to loop and consume bandwidth and
energy
Gray hole: drop some packets (e.g., data but not control)
Detours: force sub-optimal paths
Wormhole: use a tunnel between two attacking nodes
Rushing attack: drop subsequent legitimate RREQ
Inject extra traffic: consume energy and bandwidth
Blackmailing: ruining the routing reputation of a node
Proposed secure routing protocols are still not practical
18
DoS on Transport Layer
Transport layer should be able to differentiate
between:
Congestion
Wireless link packets loss
Due to traffic pattern change: new sessions
Requires source rate reduction
Due to mobility and interference
Requires modulation/coding/power/path change
Malicious nodes
Selective jamming and disruptions
Requires isolation of malicious nodes and dead areas
19
Protection against DoS in wireless
networks requires a careful cross-layer
design
20
Secure Multicasting
[with Kaya, Lin, Qian – Funded by Draper]
Goal:
Secure multicast applications:
Communication over a multihop wireless ad hoc network
Limited computation power, and energy
Services:
Secure remote tracking of mobiles
Sharing sensed data
Military: Data/Video streaming from UAV, multicasting of command decisions
Specificity:
Securely and efficiently acquire and disseminate time varying information
Example: location information
Authentication, integrity, confidentiality, revocation, group key management
Approach:
Overlay network of mobile nodes build secure multicast tree
21
Prototype Application
iPAQ PDA
Pharos Compact Flash GPS
IEEE 802.11 PCMCIA card
22
Ad Hoc vs. Wired Multicast
Wireless:
Mobility:
Higher packet loss
Necessity of frequent discovery of paths
Multihop:
Unreliable links
Loss of a packet results in node exclusion and necessity for new
join request
Cost of multicast depends on number of hops
Major factor because of radio resources scarcity
Ad hoc:
Limited computation: nodes cannot manage large groups
Active nodes
23
Group Management
1
2
5
3
4
9
6
7
10
8
11
12
x
13
Source
y Group member
24
Issues and Results
Efficient tree construction and maintenance
Under mobility greedy algorithms can be very good
Public key encryption is costly:
Close to optimal trees O(log n) in theory but in practice 1.5
approximation
Minimize broadcast cost and tree maintenance
Memory can be traded with computation
Revocation in an infrastructure-less environment
25
Novel Approaches to Scalability and
Robustness
Scalability to large networks with limited
resources requires novel techniques
Make use of specificity of the environment
Use techniques from a combination of fields:
Graph theory, linear programming, network flow
Information theory, coding theory
Accurate simulation and modeling tools
Accumulative relaying
Universal network design
26
Accumulative Power Relaying
[with Chen, Jia, Liu, Sundaram]
B
G
A
C
Reliable reception
Partial reception
Problem:
Determine a feasible schedule [(N1, P1), …, (Nk, Pk)] that
minimizes total energy consumption
27
Accumulative Power Relaying
[with Chen, Jia, Liu, Sundaram]
B
G
A
C
Reliable reception
Partial reception
Problem:
Determine a feasible schedule [(N1, P1), …, (Nk, Pk)] that
minimizes total energy consumption
28
Accumulative Relaying
Very similar to the relay problem in information
theory and still open in it’s general form
Simpler than the general relay problem:
Every energy optimal sequence can be transformed
into a canonical form called wavepath
In a wavepath each node in the sequence activates
its next hop neighbor and only its next hop neighbor
Finding a minimum energy wavepath is still NP-hard
for arbitrary networks
Heuristic for building a wavepath can achieve more
than 40% energy saving on a Euclidian plane
29
Universal Multicast Tree
[with Jia, Lin, Rajaraman, Sundaram]
Problem:
Given a graph G (V, E), n nodes, and a root/sink
Build a tree T such that for all subgroups T leads to a low weight
tree for all subgroups (through pruning)
CostT ( S )
}
i.e., build T that minimizes the stretch Max{
S V
OPT ( S )
Applications:
Environment: sensor network where routing is difficult
Dissemination: efficient multicasting to dynamic groups
Aggregation from changing groups
Distributed queries
30
Universal Tree for the Euclidian Space
Results:
Polynomial time algorithm to build a universal tree
with stretch O(log k) [where k is the size of the
selected subgroup]
Hardness result: no algorithm can build a tree with
stretch lower O(log n/loglog n)
31
Universal Structures
Other results:
Algorithm for a universal tree for non-Euclidian
metrics with poly-logarithmic stretch
Poly-logarithmic stretch for the universal Traveler
Salesman Problem
Extensions:
Universal tree for energy cost
Universal tree for planar, range limited wireless
communication
Fault-tolerant network structures
32
Conclusion
We live in an exciting era:
Wireless physical layer is capable of providing high
data rates
Software flexibility
Computation power
This provides the building blocks to enable
ubiquitous networking
Creates new threats
Need smart adaptive control of the physical layer
Need to deal with security and robustness in a
scalable way
33
Universal Tree for the Euclidian Space
Results:
Polynomial time algorithm to build a universal tree with stretch
O(log k) [where k is the size of selected subgroup]
Hardness result: no algorithm can build a tree with stretch lower
O(log n/loglog n)
Definition:
Level i of v: Liv = {u: 2i-1 < d(u, v) 2i}
L4r
Algorithm:
L3r
Divide V –{r} into L1r, L2r, …, LlogDr,
Run A(Lir, r) in parallel
34
Algorithm A(U, r)
L = {r}
Repeat
For every uU, let Iu denote the level of u to its nearest
neighbor in L;
Let I = max {Iu : u U}
Let H = {u U : Iu = I}
Let H’ H s.t.
u, v H’ d(u,v) 2I-1,
u H\H’ v H’ s.t. d(u,v) < 2I-1
u H’ output edge (u, nearest-neighbor(u))
L = L H’; U = U\H’;
Until no edge output;
35
Universal Tree Algorithm
H
H’
36
Universal Tree Algorithm
H
H’
37
Universal Tree Algorithm
H
H’
38
Universal Tree Algorithm
H
H’
39