So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks

Similar documents
So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks

Secure Location Verification with Hidden and Mobile Base Stations

Badri Nath Dept. of Computer Science/WINLAB Rutgers University Jointly with Wade Trappe, Yanyong Zhang WINLAB IAB meeting November, 2004

On the Physical Layer for Secure Distance Measurement

arxiv: v2 [cs.cr] 18 Apr 2014

Are We Really Close? Verifying Proximity in Wireless Systems

Securing Wireless Localization: Living with Bad Guys. Zang Li, Yanyong Zhang, Wade Trappe Badri Nath

Secure Localization in Wireless Sensor Networks: A Survey

Know Your Neighbor, Keep Your Distance and other cautionary tales for wireless systems

Localization in WSN. Marco Avvenuti. University of Pisa. Pervasive Computing & Networking Lab. (PerLab) Dept. of Information Engineering

Interleaving And Channel Encoding Of Data Packets In Wireless Communications

Wireless Security gets Physical

Terminology (1) Chapter 3. Terminology (3) Terminology (2) Transmitter Receiver Medium. Data Transmission. Simplex. Direct link.

Understanding and Mitigating the Impact of Interference on Networks. By Gulzar Ahmad Sanjay Bhatt Morteza Kheirkhah Adam Kral Jannik Sundø

Device Pairing at the Touch of an Electrode

Lecture Fundamentals of Data and signals

SecDEv: Secure Distance Evaluation in Wireless Networks

Location Discovery in Sensor Network

Indoor Positioning by the Fusion of Wireless Metrics and Sensors

Data Communication. Chapter 3 Data Transmission

Terminology (1) Chapter 3. Terminology (3) Terminology (2) Transmitter Receiver Medium. Data Transmission. Direct link. Point-to-point.

Chapter 10. User Cooperative Communications

SecDEv: Secure Distance Evaluation in Wireless Networks

UNDERSTANDING AND MITIGATING

HY448 Sample Problems

Localization (Position Estimation) Problem in WSN

Underwater Communication in 2.4 Ghz ISM Frequency Band for Submarines

A 3D ultrasonic positioning system with high accuracy for indoor application

Fast and efficient randomized flooding on lattice sensor networks

Lecture 3: Data Transmission

INTRODUCTION TO WIRELESS SENSOR NETWORKS. CHAPTER 8: LOCALIZATION TECHNIQUES Anna Förster

Multiple Receiver Strategies for Minimizing Packet Loss in Dense Sensor Networks

Chapter 3. Data Transmission

EC 554 Data Communications

Open Access AOA and TDOA-Based a Novel Three Dimensional Location Algorithm in Wireless Sensor Network

Localization in Wireless Sensor Networks

Prof. Maria Papadopouli

Chapter 1 Basic concepts of wireless data networks (cont d.)

Collaborative transmission in wireless sensor networks

A Review of Vulnerabilities of ADS-B

DISTINGUISHING USERS WITH CAPACITIVE TOUCH COMMUNICATION VU, BAID, GAO, GRUTESER, HOWARD, LINDQVIST, SPASOJEVIC, WALLING

Vulnerability modelling of ad hoc routing protocols a comparison of OLSR and DSR

Principles of Ad Hoc Networking

Innovative Science and Technology Publications

Formal Reasoning about Physical Properties of Security Protocols

Practical Attacks on Proximity Identification Systems (Short Paper)

COMP211 Physical Layer

Data and Computer Communications Chapter 3 Data Transmission

BASIC CONCEPTS OF HSPA

Power-Modulated Challenge-Response Schemes for Verifying Location Claims

EECS 122: Introduction to Computer Networks Encoding and Framing. Questions

Encoding and Framing

Abderrahim Benslimane, Professor of Computer Sciences Coordinator of the Faculty of Engineering Head of the Informatic Research Center (CRI)

Distance Bounding with IEEE a: Attacks and Countermeasures

LOCALIZATION AND ROUTING AGAINST JAMMERS IN WIRELESS NETWORKS

Distance Bounding with IEEE a: Attacks and Countermeasures

Mathematical Problems in Networked Embedded Systems

Robust Wireless Localization to Attacks on Access Points

Wi-Fly?: Detecting Privacy Invasion Attacks by Consumer Drones Simon Birnbach, Richard Baker, Ivan Martinovic

Part II Data Communications

Privacy at the communication layer

Probabilistic Link Properties. Octav Chipara

Locali ation z For For Wireless S ensor Sensor Networks Univ of Alabama F, all Fall

OPTICAL NETWORKS. Building Blocks. A. Gençata İTÜ, Dept. Computer Engineering 2005

Spectrum Sensing Brief Overview of the Research at WINLAB

Wireless Network Security Spring 2014

Toward attack resistant localization under infrastructure attacks

Common Control Channel Allocation in Cognitive Radio Networks through UWB Multi-hop Communications

Real-World Range Testing By Christopher Hofmeister August, 2011

Repelling Sybil-type attacks in wireless ad hoc systems

Ultra Wideband Transceiver Design

International Journal of Scientific & Engineering Research, Volume 7, Issue 2, February ISSN

The Basics of Signal Attenuation

Encoding and Framing. Questions. Signals: Analog vs. Digital. Signals: Periodic vs. Aperiodic. Attenuation. Data vs. Signal

Chapter 3 Digital Transmission Fundamentals

Basic Communications Theory Chapter 2

Lecture 9: Spread Spectrum Modulation Techniques

Mobile Positioning in Wireless Mobile Networks

Syed Obaid Amin. Date: February 11 th, Networking Lab Kyung Hee University

Introduction. Introduction ROBUST SENSOR POSITIONING IN WIRELESS AD HOC SENSOR NETWORKS. Smart Wireless Sensor Systems 1

Adam Callis 5/6/2018

Jamming-resistant Broadcast Communication without Shared Keys

Exercise 1 Measurements using Sensor Nodes (Crickets)

A Primary User Authentication System for Mobile Cognitive Radio Networks

Distance Bounding with IEEE a: Attacks and Countermeasures

Range Sensing strategies

Data Transmission (II)

CS649 Sensor Networks IP Lecture 9: Synchronization

Performance Analysis of Cooperative Communication System with a SISO system in Flat Fading Rayleigh channel

Course 2: Channels 1 1

CS307 Data Communication

SourceSync. Exploiting Sender Diversity

Channel Modeling ETIN10. Wireless Positioning

Location Privacy of Distance Bounding Protocols

Chapter 2 Distributed Consensus Estimation of Wireless Sensor Networks

RF Design Considerations for Passive Entry Systems

A Practical Approach to Landmark Deployment for Indoor Localization

Safeguarding Wireless Service Access

Data Communications & Computer Networks

DATA TRANSMISSION. ermtiong. ermtiong

Transcription:

So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks Tyler W Moore (joint work with Jolyon Clulow, Gerhard Hancke and Markus Kuhn) Computer Laboratory University of Cambridge Third European Workshop on Security and Privacy in Ad Hoc and Sensor Networks September 21, 2006, Hamburg, Germany

Outline 1 2 3

Outline 1 2 3

Introduction Distance-bounding protocols are specialized authentication protocols that determine an upper bound for the physical distance between two parties Distance-bounding protocols prevent two parties from appearing closer together than they actually are Security is often tied to proximity (e.g., access tokens, contactless wallets) Applications to wireless network security Preventing relaying attacks Secure neighbor discovery Component for secure localization Preventing wormhole attacks

Secure location services vs. distance bounding Secure location services Provides relative or absolute location of nodes within a network Requires the ability to calculate distances or angles and collaboration between several nodes, e.g., anchor or base station nodes providing trusted reference locations Distance bounding Involves just two parties, a prover and verifier The verifier places an upper bound on the distance to the prover Distance bounding relies exclusively on the protocol and communication medium to ensure security no trusted anchors allowed!

Location-finding techniques Available techniques Received Signal Strength (RSS): Exploits the inverse relationship between signal strength and distance to estimate the distance to other nodes Angle-of-Arrival (AoA): Examines the directions of received signals to determine the locations of transmitters or receivers Time-of-Flight (ToF): Measures elapsed time for a message exchange to estimate distance based on the communication medium s propagation speed Suitability to distance bounding RSS inappropriate since attackers can easily amplify and attenuate signals AoA inappropriate since attackers can easily reflect or retransmit from different directions This leaves RF and ultrasound time-of-flight mechanisms

Simple time-of-flight authentication protocol Why not use a challenge-response protocol? 1. V challenge P : N V R {0, 1} n 2. P response V : h K (N V ) The verifier V times the round-trip time for the prover P s response Distance bound is sensitive to delay t d, which makes cryptographic operations infeasible

Brands-Chaum distance bounding protocol P V m i R {0,1} C i R {0,1} commit(m 1,m 2,...,m k ) Start of rapid bit exchange C i R i = C i m i R i End of rapid bit exchange m = C 1 R 1... C k R k open commit, sign(m) verify commit verify sign(m)

Discussion Delay t d minimized by only using bitwise XOR with pre-committment Alternative construction due to Hancke-Kuhn uses a pre-computed table lookup Accuracy determine by: Resolution of timing mechanism Pulse width Bit period t p Processing delay t d Bit errors

Outline 1 2 3

Relay attack with slow medium P V P V t Vertical axis indicates node position; horizontal axis time 2 good nodes P and V ; 2 bad nodes P and V P & V transmit over ultrasound, but P & V use RF

Relay attack with slow medium P V P V t Vertical axis indicates node position; horizontal axis time 2 good nodes P and V ; 2 bad nodes P and V P & V transmit over ultrasound, but P & V use RF

Relay attack with slow medium P V P V t Vertical axis indicates node position; horizontal axis time 2 good nodes P and V ; 2 bad nodes P and V P & V transmit over ultrasound, but P & V use RF

Relay attack with slow medium P V P V t Vertical axis indicates node position; horizontal axis time 2 good nodes P and V ; 2 bad nodes P and V P & V transmit over ultrasound, but P & V use RF

Relay attack with slow medium P t d V P V t Vertical axis indicates node position; horizontal axis time 2 good nodes P and V ; 2 bad nodes P and V P & V transmit over ultrasound, but P & V use RF

Relay attack with slow medium P t d V P V t Vertical axis indicates node position; horizontal axis time 2 good nodes P and V ; 2 bad nodes P and V P & V transmit over ultrasound, but P & V use RF

Relay attack with slow medium P t d V P V t Vertical axis indicates node position; horizontal axis time 2 good nodes P and V ; 2 bad nodes P and V P & V transmit over ultrasound, but P & V use RF

Relay attack with slow medium P t d V P t d P V t r t The shortened round-trip-time t r yields a closer perceived position P

Guessing attacks on packet-based challenge-response protocols Braunds-Chaum times multiple single-bit exchanges between a prover and verifier Others have subsequently proposed timing a single packet-based exchange For example, in Čapkun-Hubaux (2005, 2006), a verifier transmits an n-bit challenge C 1... C n and the prover responds in reverse order R n... R 1 An attacker can guess the last bit R n and preemptively transmit R n R n 1... R 1

Packet-based challenge-response protocol t d P R n R n 1 C n 1 C n t p V t C C DB n 1 n R n R n 1 t

Guessing attacks on packet-based challenge-response protocols P C R n 1 Cn n t d R n 1 R n 2 R n 3 P R n R n 1 R n 2 R n 3 t p t a V C n 1 C n t DB R n R n 1 R n 2 R n 3 t

Comparison to Sastry et al. s guessing attacks on packet-based challenge-response protocols Sastry et al. describe a guessing attack where the adversary (potentially distinct from the prover) shortens the perceived distance between the prover and verifier by exploiting differences between bitrates of in and out channels The attack can be addressed if the verifier chooses when to start and stop timing packet transmission In the guessing attack we describe, a malicious prover can shorten the perceived distance to the verifier independent of the bitrate Crucially, this cannot be addressed by choosing when to start and stop timing packets Multiple timings must be taken

Deferred bit signalling (a) (b) (c) If waveform (a) is the symbol for 0 and waveform (b) the symbol for 1, then what should waveform (c) be decoded as? Compare the received waveform with the two candidate symbols and integrate the differences over the duration of the symbol In effect, we can defer transmitting to extract a time advantage

Early bit detection Using a modified receiver, an attacker can preemptively determine which symbol a waveform represents If the attacker s receiver has an m-times better signal-to-noise ratio than a regular receiver, then the attacker s receiver can terminate the integration after observing 1 m-th of the symbol s energy (after about 1 m of the bit s transmission time) The attacker can save m 1 m of the symbol s transmission time compared to using a regular receiver.

Early decision decoder example (a) (b) (c) (d) 0 1 2 3 4 5 6 7 8 9

Combining early bit detection with deferred bit signalling P t d V 00 11 P P V 01 01 t t d

Principles for secure time-of-flight distance-bounding protocols Principle 1: Use a communication medium with a propagation speed as close as possible to the physical limit for propagating information through space-time (the speed of light in vacuum). This excludes not only acoustic communication techniques, but also limits applicability of wires and optical fibers. Principle 2: Use a communication format in which only a single bit is transmitted and the recipient can instantly react on its reception. This excludes most traditional byte- or block-based communication formats, and in particular any form of forward error correction.

Principles for secure time-of-flight distance-bounding protocols (cont d.) Principle 3: Minimize the length of the symbol used to represent this single bit. In other words, output the energy associated with a bit in as short a time as is feasible to distinguish the two possible transmitted bit values. This leaves the attacker no room to shorten this time interval much further. Principle 4: As the previous criterion may limit the energy that can be spent on transmitting a single bit, the distance-bounding protocol must be designed to cope well with substantial bit error rates.

Outline 1 2 3

Distance-bounding protocol design is severely constrained by tight timing requirements Anything less than timing several single-bit exchanges is prone to manipulation by a clever adversary Minimize symbol width (e.g., by using ultra-wideband) to limit exposure to early bit detection and deferred bit signalling attacks For more, visit: http://www.cl.cam.ac.uk/~ twm29/

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback