![Page 1: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/1.jpg)
Selected Topics in Wireless Security
Radha PoovendranNetwork Security LabElectrical Engineering DepartmentUniversity of Washington, Seattle, WAhttp://www.ee.washington.edu/research/nsl
Bertinoro PhD. Summer School, July 2009
![Page 2: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/2.jpg)
Outline Securing Ad-Hoc Network AssetsThreats in Ad-Hoc EnvironmentsElementary Security PropertiesChallenges in Realizing Security PropertiesBuilding Blocks of Defense MechanismsTopic Covered: Control Channel Jamming with node capture attack
http://www.ee.washington.edu/research/nsl7/6/2009
![Page 3: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/3.jpg)
Ad Hoc Network FeaturesInterconnection of a (large) number of devices in the absence of infrastructure
Rely on peer-to-peer communication and collaborationDynamic Network Topology – Mobility, Sleeping PatternsSelf-organized and Self-Adaptive to topology changesHeterogeneous in device capabilities
Vehicle networks Personal Networks Sensor Networks
Resource Constraints (Energy, CPU, Memory)
http://www.ee.washington.edu/research/nsl7/6/2009
![Page 4: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/4.jpg)
Ad Hoc Networks - Span of Applications
Home, Community
and Enterprise Networking
Vehicular and Transporta-
tion Networks
Inventory Tracking /
Supply Chain Management
Health Monitoring
Surveillance Networks, Tactical
Communica-tions
Network must be Available, Reliable and SecureWhat does it mean to “Secure” the network?
http://www.ee.washington.edu/research/nsl7/6/2009
![Page 5: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/5.jpg)
Securing the Network Assets
Network Security Requirements
Network is Available
Network is Efficient
Network is Performing
Network Nodes are valid
Network Protects Info
Denial of Service Attacks
Resource Depletion Attacks
Performance Degradation
AttacksPhysical Attacks Crypto Attacks
1. How does an adversary know when and where in the network to mount an attack?
2. How does an adversary mount these attacks? 3. How do we reason about attack primitives?
Stepping stones
http://www.ee.washington.edu/research/nsl7/6/2009
![Page 6: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/6.jpg)
Threats in the Ad hoc Environment
• Eavesdrop, block, modify, decompose, insert, replay messagesTapping on the Open Wireless Medium
Legitimate Node
Adversary
• Compromise, clone, move nodes, modify software/hardwarePhysical Attacks on Unattended Devices
Compromised Node
What security properties can we use to defend against these threats?
http://www.ee.washington.edu/research/nsl7/6/2009
![Page 7: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/7.jpg)
Integrity
Elementary Security PropertiesWhat is the source of the information?
Is the sourcetrusted?
Has the info been altered
in transit?Is the info fresh?
Is access to theinfo restricted?
Is info used in local computations
indeed local?
Source Authenticity
Freshness
Confidentiality Locality Verification
http://www.ee.washington.edu/research/nsl7/6/2009
![Page 8: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/8.jpg)
Challenges in Realizing Security PropertiesNo Centralized Trusted Entity
Lack of infrastructure; node mobility Need for collaboration among the nodes
Heterogeneity in Resource ConstraintsComputation/communication efficient security mechanisms
Nodes Have no Global View of the NetworkHave to rely on limited local information and collaborate
Susceptible to Physical/Side-Channel AttacksCryptography alone is not enough to secure the network
http://www.ee.washington.edu/research/nsl7/6/2009
![Page 9: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/9.jpg)
Building Blocks of Defense Mechanisms• Over-deploy Nodes • Aggregate Data
from Multiple Sources
• Disseminate Data via Multiple Paths
Information Redundancy
• Use Consistency Checks based on Invariant Properties
• E.g. Time, Communication Range
Multiple Modalities
• Crypto Mechanisms• Distributed trust -
Threshold Schemes
Integrate Security and Robustness
1. How to use the building blocks to detect, isolate and defend against the attacks encountered?
2. What type of approaches are suitable for such problems?3. What can be done when the attacker model is not known?
http://www.ee.washington.edu/research/nsl7/6/2009
![Page 10: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/10.jpg)
Today: Mitigation of Control Channel Jamming with node
capture Attack
7/6/2009 http://www.ee.washington.edu/research/nsl
![Page 11: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/11.jpg)
Impact of Jamming Control Channels
7/6/2009 http://www.ee.washington.edu/research/nsl/ 11
Sensitive info about network functionality is broadcast on dedicated control channels
Jamming prevents reception of control messages and degrades network functionality
A control channel becomes the critical point-of-failure for any supported network functionality
Trusted CORE
![Page 12: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/12.jpg)
7/6/2009 Guevara Noubir, NEU 12
Why Control Channel?GSM:
FDMA: Carrier channels of 200KHz
• Very few Beacon FrequenciesTDMA:
8 time slotsTS0: carries most control traffic
Super Frame Structure:Critical information such as FCCH, BCCH1 is only scheduled 1/51 frames
⇒ 1 pulse every 400 timeslots on a 200KHz band prevents all communication
![Page 13: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/13.jpg)
Control Channel Anti-Jamming
http://www.ee.washington.edu/research/nsl/ 13
Interference + Noise
7/6/2009
Sender ReceiverPath Loss
Jamming
f f
Synchronization keys must remain secret for effective anti-jamming
Randomized jamming avoidance
f
Synchronized receiver filtering
Shared synch keyt t
Receiver can decode message if SINR ≥ τ
![Page 14: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/14.jpg)
Impact of Node Capture on Anti-Jamming Protocols
k
k
k
k
7/6/2009 http://www.ee.washington.edu/research/nsl/ 14
k
Any receiver with synch key k can receive control
message
Trusted sender uses synch key
k to send on control channel
Node capture exposes synch key k, allows for
efficient jamming
How can we provide control availability in the presence of jamming using exposed synch keys?
![Page 15: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/15.jpg)
Main Idea: Channel Redundancy
7/6/2009 http://www.ee.washington.edu/research/nsl/ 15
Freq
uenc
y f
Time t
Freq. hopping in f × t space
kb kg
t0
h(kb,t0)
h(kg,t0)
kpkr
h(kr,t0)
h(kp,t0)
How to assign keys to nodes?
![Page 16: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/16.jpg)
Dynamic Jamming Mitigation for Wireless Broadcast Networks
Jerry Chiang and Yih-Chun Hu
Electrical and Computer EngineeringUniversity of Illinois at Urbana-ChampaignResults from the Infocom 2008 paper as well as the Mobicom2007 papers
![Page 17: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/17.jpg)
Outline
BackgroundJamming attackSpread spectrumCode tree methodTree remerging optimizationTheoretical results
Jerry Chiang and Yih-Chun Hu
![Page 18: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/18.jpg)
Broadcast System
A broadcast system has one transmitter and many receivers
Hard to efficiently extend point-to-point anti-jamming capability of spread spectrum to broadcast systems
Jerry Chiang and Yih-Chun Hu
![Page 19: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/19.jpg)
Tree Keying SchemeEach node of the tree corresponds to a spread spectrum code
[Chiang and Hu, Cross-layer jamming detection and mitigation in wireless broadcast networks, MobiCom 2007]
![Page 20: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/20.jpg)
Tree Keying Scheme
Each user holds the codes corresponding to a leaf and its ancestors
[Chiang and Hu, Cross-layer jamming detection and mitigation in wireless broadcast networks, MobiCom 2007]
![Page 21: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/21.jpg)
Cover• A cover is a set of codes such that each
user can decode using at least one spreading code
![Page 22: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/22.jpg)
Test Codes• A set of codes are called test codes if
they are chosen from descendents of the cover
![Page 23: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/23.jpg)
Detectable Codes• The ancestors of the test codes in the
cover are called detectable codes
![Page 24: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/24.jpg)
Jamming Detection
Control entity and the user nodes have to collaborate on detection of possible jammingEach node needs to check if it received same control information via two channelsTransmitter simultaneously sends message on both the current minimal safe cover and a set of test codesJamming detected when reception happens on test codes but not detectable codes
![Page 25: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/25.jpg)
Response to Jamming Detection
• Jamming is detected on code C
• Replace C in the cover with its two children
![Page 26: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/26.jpg)
Broadcast Control Channel Jamming:Resilience and Identification
of Traitors
Agnes Chan, Xin Liu,Guevara Noubir, Bishal Thapa
@ College of Computer & Information ScienceNortheastern University, Boston
![Page 27: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/27.jpg)
NU Wireless Lab ISIT 2007, Nice 41
Problem Definition
Traitor: A malicious user inside the system whose intension is to prevent the delivery of broadcast control information
Goal: Fully Traitor-Resilient Control Channel BroadcastIdentify all the traitorsRevoke the bad guys
Resiliency: Ability to deliver control messages successfully to all users at least once during a bounded period of time
![Page 28: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/28.jpg)
NU Wireless Lab ISIT 2007, Nice 42
Outline
ModelTraitor Resilient Scheme
1-Traitor SchemeT-Traitor Scheme
Performance EvaluationCommunication CostDelay
Conclusion and Future Work
![Page 29: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/29.jpg)
NU Wireless Lab ISIT 2007, Nice 43
ModelNetwork Model
Static: N users and T or less traitorsOne-Time Preassigned Key DistributionServer sends information over multiple channelsChannels are distributed over frequency & timeUsers use a cryptographic hash function with keys as input to acquire channel information
Adversary ModelPersistent Traitors/JammersFollow the key sequence prescribedCan only jam one channel at a timeServer knows the jammed channels(only for ID)
![Page 30: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/30.jpg)
NU Wireless Lab ISIT 2007, Nice 44
TERM DEFINITION
![Page 31: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/31.jpg)
NU Wireless Lab ISIT 2007, Nice 45
One-Traitor Resilient Scheme
Binomial Based
![Page 32: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/32.jpg)
NU Wireless Lab ISIT 2007, Nice 46
One-Traitor Resilient Scheme
Example:
Communication Cost:
![Page 33: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/33.jpg)
NU Wireless Lab ISIT 2007, Nice 47
Optimal One-Traitor Scheme
Sperner's Lemma: Given F, choosing -subset of F gives the largest Anti-chain of FKey Distribution: Given N, pick F such that
Communication Cost, F: (sterling's approx.) Optimality:
We know the lower bound,
![Page 34: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/34.jpg)
NU Wireless Lab ISIT 2007, Nice 48
One-Traitor Resilient Scheme
![Page 35: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/35.jpg)
NU Wireless Lab ISIT 2007, Nice 49
T-Traitor Resilient Scheme
Polynomial Based:
![Page 36: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/36.jpg)
NU Wireless Lab ISIT 2007, Nice 50
T-Traitor Resilient Scheme
Example:
For user j at TS i, assign
![Page 37: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/37.jpg)
NU Wireless Lab ISIT 2007, Nice 51
T-Traitor Resilient Scheme
Correctness: PBK-T resilient Scheme satisfies the sufficient conditions:
Cost: p*q
![Page 38: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/38.jpg)
NU Wireless Lab ISIT 2007, Nice 54
T-Traitor Resilient Scheme
Identification:T-resilience => Unique Identification of all TraitorsThe assumption that server knows all the jammed channel information is used hereCost: table lookups, where c is the maximum degree of identifying polynomials
![Page 39: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/39.jpg)
NU Wireless Lab ISIT 2007, Nice 55
Conclusion and Future WorkExtend Combinatorial Scheme of 1-Traitor Scheme to T-Traitor SchemeStudy the optimal T-Traitor resilient schemeProbabilistic Method of defining a resilient scheme and identification for non-persistent traitorsSuggestions...
![Page 40: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/40.jpg)
Patrick Tague, Radha Poovendran
Network Security Lab (NSL)Department of Electrical Engineering
University of Washington, Seattle
In collaboration with: Mingyan Li, Boeing Research & Technology
Mitigating Control Channel Jamming using Random Key Assignment
![Page 41: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/41.jpg)
Control Channel Key Assignment
7/6/2009Network Security Lab -
http://www.ee.washington.edu/research/nsl/ 57
k
k
kGlobal key k: capture of single node exposes k, compromises control channel anti-jamming
k1, k2
k1
k2
Unique key ki per node: node capture has no effect on other nodes, but number of control
channels is N (large)
Problem: design key assignment that balances trade-off between number of channels and robust anti-jamming
![Page 42: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/42.jpg)
Design for Graceful Degradation
7/6/2009Network Security Lab -
http://www.ee.washington.edu/research/nsl/ 58
Avai
labi
lity
Number of captured nodes
τ
Error-Correcting Codes
How to assign keys for graceful degradation instead of threshold behavior?
Robustness to node capture,
captured node ID
Efficiency (fewer channels / less
overhead)
Tradeoffs between robustness, efficiency, captured node ID1
Unicast channels, pairwise keys
N
![Page 43: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/43.jpg)
Our Approach: Random Key Assignment
7/6/2009Network Security Lab -
http://www.ee.washington.edu/research/nsl/ 59
No deterministic structure to allow for strategic node
capture attacks
Redundancy in channels available to each node
Ability to constrain/control number of nodes with each key
Nodes can join/leave network without control channel re-configuration
Network
![Page 44: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/44.jpg)
Random Control ChannelKey Assignment
7/6/2009Network Security Lab -
http://www.ee.washington.edu/research/nsl/ 60
kt,1 kt,2
kt,3 kt,4
kt,5 kt,6
Kt: keys for time slot t
Randomly assign a subset of keys to each node
Node n can access (or jam) channels #5 and #6Node n:
Ktn = {kt,5, kt,6}
• Number of keys qt = |Kt| determines overhead• Subset size mt = |Kt
n| and ratio mt / qt determine resilience to jamming at time t
![Page 45: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/45.jpg)
Periodic Key Reuse
7/6/2009Network Security Lab -
http://www.ee.washington.edu/research/nsl/ 61
k0,1 k0,2
k0,3 k0,4
k0,5 k0,6
K0: keys for time slots t ≡ 0 mod p
• Resilience increases with p• Overhead and delay increase with p
k1,1 k1,2
k1,3 k1,4
k1,5 k1,6
K1: keys for time slots t ≡ 1 mod p
kp-1,1 kp-1,2
kp-1,3 kp-1,4
kp-1,5 kp-1,6
Kp-1: keys for time slots t ≡ p-1 mod p
Node n: Kn = (K0n, K1
n, … ,Kp-1n)
![Page 46: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/46.jpg)
Elimination of Captured Nodes
k0,1 k0,2
k0,3 k0,4
k0,5 k0,6
K0
k1,1 k1,2
k1,3 k1,4
k1,5 k1,6
K1kp-1,1 kp-1,2
kp-1,3 kp-1,4
kp-1,5 kp-1,6
Kp-1
J0 = {k0,1, k0,4} J1 = {k1,2, k1,3} Jp-1 = {kp-1,1, kp-1,3 , kp-1,5}
Detection of control channel jamming yields (J0, J1,…, Jp-1)
How effectively can the source revoke captured nodes based on detected jamming?
7/6/2009Network Security Lab -
http://www.ee.washington.edu/research/nsl/ 62
![Page 47: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/47.jpg)
Identifying Captured Nodes
Captured node identification:Estimate the set of captured nodes C given the jamming evidence {Ji : i=0,…,p-1}
Node ID Assigned Keys1 (K0
1, K11, … ,Kp-1
1)2 (K0
2, K12, … ,Kp-1
2)… …N (K0
N, K1N, … ,Kp-1
N)
Time Slot Jammed Channels0 J0 = {k0,1, k0,4}1 J1 = {k1,2, k1,3}…p-1 Jp-1 = {kp-1,1, kp-1,3 , kp-1,5}
How to estimate the captured node set? How accurate is this estimation process?
7/6/2009Network Security Lab -
http://www.ee.washington.edu/research/nsl/ 63
![Page 48: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/48.jpg)
Captured Node Estimation
k0,1 k0,2
k0,3 k0,4
k0,5 k0,6
K0
• Accuracy of ID process depends on designImproves as nodes look more “different”
Depends on adversary’s choice of what to jam
k1,1 k1,2
k1,3 k1,4
k1,5 k1,6
K1kp-1,1 kp-1,2
kp-1,3 kp-1,4
kp-1,5 kp-1,6
Kp-1
J0 = {k0,1, k0,4} J1 = {k1,2, k1,3} Jp-1 = {kp-1,1, kp-1,3 , kp-1,5}
ML/MAP Estimate:C’ = arg maxC Pr[C | {Ji}]
= arg maxC Pr[{Ji} | C]
Heuristic Iterative Estimate:At each iteration:add n’ = arg maxn Pr[n є C\C’ | {Ji}]
7/6/2009Network Security Lab -
http://www.ee.washington.edu/research/nsl/ 64
![Page 49: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/49.jpg)
Examples
Resilience to jamming for various design parameters
Identification miss rate for various design parameters
250 nodes, jamming on 90% of possible channels7/6/2009
Network Security Lab -http://www.ee.washington.edu/research/nsl/ 65
![Page 50: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/50.jpg)
Challenges in Captured Node Detection
7/6/2009Network Security Lab -
http://www.ee.washington.edu/research/nsl/ 66
Assumption of adversarial behavior
required for detection
Trade-offs between resilience to attack and detection capabilities
vs
Non-trivial false alarm and miss rates due to redundant
key assignmentHow can we address these challenges?
![Page 51: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/51.jpg)
Acknowledgements
Agnes Chan, Guevara Noubir : North Eastern UniversityYih-Chun Hu, Jerry Chang: UIUCLoukas Lazos: UoA, TucsonPatrick Tague: NSLhttp://www.ee.washington.edu/research/nsl
![Page 52: Selected Topics in Wireless Securityswing09/schedule/... · control channel anti-jamming. k. 1, k. 2. k. 1. k. 2. Unique key . k. i. per node: node capture has no effect on other](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0275c47e708231d4045edc/html5/thumbnails/52.jpg)
Reading list for the 1st lecture
Prof. Dawn SongABC
Prof. PoovendranP. Tague, M. Li, and R. Poovendran, Mitigation of Control Channel Jamming under Node Capture Attacks, IEEE Transactions on Mobile Computing.http://www.ccs.neu.edu/home/noubir/publications/CLNT07.pdfhttp://users.crhc.illinois.edu/yihchun/pubs/infocom08.pdf