Mobile Security
Wireless Mesh Network Security
Overview
Introduction
• Wireless Ad-hoc Networks • Wireless Mesh Networks
Security in Wireless Networks
Attacks on Wireless Mesh Networks Countermeasures
• Key Management Schemes • SMOCK
Wireless Ad-hoc Networks
No infrastructure like access points
Communication with other nodes only within their transmission range
Nodes farther away only reachable through other nodes by multihop routing
Every node forwards traffic for other nodes
Wireless Mesh Networks
Specialized Type of Ad-hoc Network (WMN)
Mesh Routers
• Often connected to mains • Moderate to high CPU power
• Provide router-, gateway- and other services • Mostly static locations
Mesh Clients
• Often battery powered
• Low CPU power and other resource constraints • Mobile devices like Notebooks, PDAs, etc.
Backbone Configuration
Consists of mesh routers only, which may provide gateway features or other services to client networks
Connect several conventional (infrastructure) networks
WMNs are transparent to their client networks
Conventional routing in client networks with one of the WMN routers as their next hop
Internet
Corporate Network
Cellphone Network Wireless Mesh Network
Client Configuration
Mesh client devices only
No gateways to other networks No dedicated routers
One, probably very large, ad-hoc network
Hybrid Configuration
Hybrid configurations also possible
Combines benefits from both backbone and
client configurations
Mesh clients reachable from outside networks
Internet
Corporate Network
Cellphone Network Wireless Mesh Network
Wireless Mesh Network Clients
Security
No infrastructure
• Nodes added, moved or removed at any time
• Frequent topology changes may conceal break-ins
Shared medium
• Eavesdroping, injecting and modifying traffic easily possible
Limited physical protection
• Mobile and small devices
• Devices scattered over large areas • Physical compromise is more likely
Security
No central management
• Routing and route discovery done by each node • Cooperation and trust relationships often assumed • Attackers may broadcast routing information
Resource constraints
• Ideal targets for DoS attacks
Selective Forwarding
Malicious node drops packets of specific other nodes
Droping too many nodes may lead to discovery or route changes
Attackers node has to be on the routing path of the nodes to be attacked
May be achieved by jamming neighbouring nodes which would normaly forward the desired traffic
Sinkhole Attack
Attract neighbouring nodes to send their data through the attackers node
May be achieved by pretending, or actually serving fast and reliable links
Attacker has to participate in routing
Packet flow of a large area may be influenced
Attackers have the opportunity to monitor or alter a large amount of traffic, disrupt services
Wormhole Attack
Wormhole Attack
Tun nel Similar effects as sinkhole attack
Two nodes required with great distance in between
Out-of-band channel like fast, wired connection
Tunnel exploits routing race conditions to provide fast links
No routing needed, only packet capturing and replaying
Countermeasures
Prevention of many attacks by means of authentication, confidentiality and integrity, as well as non-repudiation
Usage of cryptographic systems to en/decrypt and sign messages required
WMN devices limited in processing power, affecting strength of deployed crypto methods
Constraints of WMN devices on storage, therefore limiting amount and size of keys
Crypto Systems
Symmetric Crypto Systems
• One shared key for en-/decryption • Fast encryption and decryption
• Pairwise secure channels between 𝑛 nodes require 𝑛 (𝑛 − 1) 2 keys • One compromised node renders all keys invalid
• Key distribution system needed to frequently change the keys
Public Key Crypto Systems
• Public key for encryption, private key for decryption • Slower than using symmetric keys
• Pairwise secure channels between 𝑛 nodes require 𝑛 key pairs • One compromised node does not affect the others
SMOCK
Scalable Method Of Cryptographic Key management scheme
Reduce number 𝑂(𝑛) of keys of traditional public key system to 𝑂(log 𝑛) Improves storage usage at the cost of processing power and resilience
Each node uses set of 𝑏 private keys out of key pool 𝐾, but no node has complete subset of another nodes keys
Encryption has to be performed using all public keys corresponding to recipients key set
SMOCK Design
Memory Efficiency
• Minimize overall number of keys stored on each node • min 𝐾 + max𝑖∈𝑉 𝐾𝑖
𝑝𝑟𝑖𝑣
s.t. 𝐾𝑖 ⊈ 𝐾𝑗, 𝐾𝑖 ⊉ 𝐾𝑗 ∀𝑖 ≠ 𝑗
• With 𝐾 the number of (public) keys and 𝐾𝑖𝑝𝑟𝑖𝑣 the number of private keys at node 𝑖 from the set 𝑉 of deployed nodes
Computational Complexity
• Use as few private keys within each key set as possible • min max𝑖∈𝑉 𝐾𝑖
𝑝𝑟𝑖𝑣
s.t. 𝐾𝑖 ⊈ 𝐾𝑗, 𝐾𝑖 ⊉ 𝐾𝑗 ∀𝑖 ≠ 𝑗 and 𝐾 ≤ 𝑀
• With 𝑀 the number of memory slots available for key storage on each node • Both memory efficiency and computational complexity perform best with
SMOCK Design
Resilience Requirement
• In case of system compromises, on average 𝐶 𝑘𝑐 𝑥 , 𝑏 = 𝑘𝑐𝑏(𝑥) with 𝑘𝑐 𝑥 = 𝑎 − 𝑎 − 𝑏 𝑎−𝑏𝑎 𝑥−1 distinct key sets compromised
• 𝑉𝑥 𝑎, 𝑏 = 𝐶(𝑘𝑐 𝑥 ,𝑏)
𝐶(𝑎,𝑏) ≤ 𝑃
• 𝑉𝑥 𝑎, 𝑏 is the vulnerability metric, which is the percentage of compromised connections for 𝑥 compromised nodes
• With 𝑃 the upper bound of compromised connections for 𝑥 compromised nodes, 𝑎 = 𝐾 the number of public keys and 𝑏 = 𝐾𝑖𝑝𝑟𝑖𝑣 the number of private keys
Key Allocation
• Several algorithms available to optimize above equations, though always trade-offs between storage and resilience exist
Secure Communication
Each node calculates an ID from its distinct key set
• All keys are labeled with ascending numbers • Let keyID𝑖𝑗 the 𝑖-th key held by node 𝑗
• Concatenate the keyIDs „ keyID1𝑗|…| keyID𝑏𝑗“
Sending this ID to another node allows it for encrypting a packet using the public keys indicated by the ID destined for the corresponding node
ID is sent in clear text
A node intercepting an ID could not decrypt any traffic due to lack of the required private keys
Conclusion
WMNs are a promising technologie due to scalability, large coverage areas and deployment without installing costly infrastructure
Their ad-hoc network nature imposes high security risks
Many vulnerabilities can be prevented by means of en/decryption and authentication
SMOCK is a public key crypto system which allows for large networks while still providing reasonable secure channels
Questions
Are there any questions?
References
I. F. Akyildiz, X.Wang, and W.Wang. Wireless mesh networks: a survey. Computer Networks, 47(4):445 - 487, 2005.
A. El-Mousa and A. Suyyagh. Ad hoc networks security challenges. In Systems
Signals and Devices (SSD), 2010 7th International Multi-Conference on, pages 1-6, 2010.
C. Karlof and D. Wagner. Secure routing in wireless sensor networks: attacks and countermeasures. In Sensor Network Protocols and Applications, 2003.
Proceedings of the First IEEE. 2003 IEEE International Workshop on, pages 113 -127, May 2003.
S. Misra, I.Woungang, and S. C. Misra, editors. Guide to Wireless Ad Hoc Networks (Computer Communications and Networks) - Security in Wireless Ad Hoc
