Transcript Secure Network Routing: Ariadne and Skipchains

Protocol Security for
Wireless Networks
Yih-Chun Hu
Illinois Center for
Wireless Systems
Pervasiveness of Security
• Layers in the Internet divide responsibility
Application
HTTP, IMAP
Transport
TCP, UDP
Network
IP
MAC / Link
802.11 MAC
Physical
802.11a PHY
• Security is important at each layer
CIA: Not Just an Intelligence Agency
• Confidentiality:
– Data
– Privacy (Location, Identity, Traffic, …)
• Integrity:
– Data Integrity
– Origin Integrity (Location, Identity, …)
• Availability
Solutions Must Pervade Layers
• Many security properties are vulnerable at
several layers:
Application
– Availability
– Location privacy
Transport
Network
MAC / Link
Physical
Why Location Privacy?
• Wireless transmissions can reveal location:
– Cellular
– Electronic Toll Collection (iPass)
– WiFi, Bluetooth, …
Providing Location Privacy
• Power-control for avoiding localization (Physical)
• Pseudonymous geographic routing (Network)
• Anonymous rendezvous (Network)
• Transaction communication model (Transport)
• Silent periods (Cross-Layer):
– Dissociate one transaction from another
– Duration depends on density, mobility
• User Interface (Application)
Reducing Localization Precision
• Existing localization techniques:
– Rice: less than 1m with 50% error indoors
– Place Lab: 15-30m with 50% error outdoors
• Need (generally) at least 3 APs
passively scan
all channels
order all APs based on
their RSSIs:
R1 >= R2 >= … >= Rn
exists R1-Ri-1<20 dB
& R1-Ri>20 dB?
NOtransmit at the
maximum power
YES
adjust transmit power to
TXAP – Ri+
RSAP-10dB
effective area for TPC
Using Silent Period
• Decorrelate transmissions:
– Deterministic plus random
– BusView data validation
User Interface
• Directs all location privacy
mechanisms
• Privacy on/off checkbox
• Wait notification
Why Availability?
• Many different wireless technologies:
– Unlicensed bands share spectrum with
industrial applications and other users
• Users running the same protocol might not
cooperate:
– Selfish misbehavior
– Malicious misbehavior
– Software and
hardware bugs
A Multi-Layer Solution to Availability
• Jamming mitigation (Physical)
• Packet leashes (Physical / Network)
• MAC-level misbehavior detection (MAC)
• Secure routing protocols (Network)
Possible Misbehavior
• Do not follow MAC-layer rules for “backoff”
B1 = 1
B1 = 1
Misbehaving node
Transmit
Transmit
Well-behaved node
Wait
Wait
B2 = 20
B2 = 19
Deterministic Backoff
• Receivers choose the backoff for the senders
– Included in the previous acknowledgement
B
Sender
S
Receiver
R
A Bottom-Up Approach to Availability
• Start with a trusted core:
– (Possibly) a subset of nodes
– Very low bandwidth
– Highly available
• Bootstrap services using the core:
– Routing
– Congestion control
• Handle failures of core nodes
Wireless Security Faculty at Illinois
•
•
•
•
•
•
•
•
•
Tamer Basar
Roy Campbell
Carl Gunter
Christoforos Hadjicostis
Yih-Chun Hu
Ravishankar K. Iyer
Klara Nahrstedt
William H. Sanders
Nitin H. Vaidya