Principles of Ad Hoc Networking Michel Barbeau and Evangelos Kranakis November 12, 2007
Wireless security challenges Network type Wireless Mobility Ad hoc Sensor Challenge Open medium Handover implies change of security parameters Infrastructure based security not applicable In-network processing 2
Signature 1. Unforgeability: proof that the signer signed the document 2. Authenticity: convincing of the document s authenticity 3. Unreusability: signature cannot be moved elsewhere 4. Unalterability: document cannot be changed after signing 5. Unrepudiatability: signer cannot later claim: did not sign the document 3
Digital signature Set of messages: P ; Set of signatures: A; Set of keys: K Signing algorithm: Sig k : P A, with k K Verification algorithm: V er k : P A {true, false} V er k (x, y) = { true if y = Sigk (x) false if y Sig k (x). 4
RSA signature An integer n = pq, the product of two distinct primes p and q Two integers e, d such that ed 1 mod φ(n), φ(n) is the Euler totient function n, e are public; p, q, d are private Signature: Sig(M) M d mod n Verification: V er(m, N) = true M N e mod n 5
ElGamal signature 6
Constructing one-way hash chains USE/REVEAL v H H H H H H H v v v v v v n 1 n 2 n 3 n 4 2 1 0 later values earlier values GENERATE CHAIN 7
Authentication in one-way hash chains H H H H H H v j i j H (v j ) = v i v i 8
Forming a Merkle tree v v v v v v v v 0 1 2 3 4 5 6 7 9
Blinding in Merkle authentication trees u u u u u u u u 0 1 2 3 4 5 6 7 H H H H H H H H v v v v v v v v 0 1 2 3 4 5 6 7 10
Recursive hashing in Merkle authentication trees u 07 u 03 47 u u 01 u 23 u 45 u 67 u u u u u u u u 0 1 2 3 4 5 6 7 v v v v v v v v 0 1 2 3 4 5 6 7 11
Example of Merkle authentication trees u 07 path u path 03 47 u sibling u 01 u 23 path u 45 u 67 sibling u u u u path u u u u 0 1 2 3 4 5 6 7 sibling path v 0 v 1 v 2 v 3 v 4 v 5 v 6 v 7 12
The RC4 encryption Message Text L O G I N Message in ACSII 1001100 1001111 1000111 1001001 1001110 Key Stream 1000100 1000001 1010110 1001001 1000100 XOR Ciphertext 0001000 0001110 0010001 0000000 0001010 13
Cracking RC4 messages Ciphertext 1 0001000 0001110 0010001 0000000 0001010 Ciphertext 2 XOR of un encrypted messages 0001110 0010100 0011010 0000000 0000101 0000110 0011010 0001011 0000000 0001111 XOR 1st Message (LOGIN ) in ACSII 1001100 1001111 1000111 1001001 1001110 XOR 2nd Message in ACSII 1001010 1010101 1001100 1001001 1000001 2nd Message Text J U L I A 14
ZigBee frame with auxiliary header (c) Physical Header MAC Header Network Header Application Header Auxiliary Header Encrypted Payload Message Integrity Code (b) Physical Header MAC Header Network Header Auxiliary Header Encrypted Payload Message Integrity Code (a) Physical Header MAC Header Auxiliary Header Encrypted Payload Message Integrity Code 15
ZigBee network entry Joiner (1) Beacon Request Router Trust Center (2) Beacon (3) Association Request (5) Association Response (7) Transport-Key (4) Update-Device (6) Transport-Key Joiner-Trust Center Link Key Setup Using SKKE (9) Transport-Key(Network Key) (8) Transport-Key(Network Key) 16
Key establishment using the fuzzy commitment protocol Initiator Responder Generate common symmetric key k Derive feature value v Derive feature value v' Compute e = v xor k [hash(k), e] Compute k'= v' xor e hash(k)= hash(k')? 17
ECG with IPI markers IPI 18
Initiator calculation in the fuzzy commitment protocol 6 5 c=(4,5) 4 3 2 v=(8.26,1.37) 1 1 2 3 4 5 6 7 8 19
Responder calculation in the fuzzy commitment protocol 6 5 4 f(v' - d) = (4,5) v'-d=(3.50,4.59) 3 2 1 v'=(7.76,0.96) 1 2 3 4 5 6 7 8 20
Fuzzy encryption protocol Get message m Generate symmetric key k Derive value v Sender [E [m], C(k, v)] k Receiver Derive value v' Using v',decommitk D [E [m]] k k 21
Authentication using the fuzzy commitment protocol Sender Receiver Get message m Generate symmetric key k Derive value v [E k[m], MAC k[m], C(k, v)] Derive value v' Using v',decommit k m' = D [E [m]] k k MAC k [m'] = MAC k [m ]? 22
Example of SEAD implementation (only indices are depicted) 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 23
Example of hash tree chain. One-way chain generation 24
Merkle tree 25
Example of using the hash tree chain vi H( vi 0 ) H H H( v i 1 ) H H H( v i 2 ) H H H H( v i 3 ) H b b b b 0 1 2 3 H H H H H( b 0 b 1 ) = b 01 H H( b 01 b 23 ) H H( b 2 b 3 ) = b 23 v i 1 Hash Tree 26
The bin-and-balls signature scheme s 1 s 2 s 3 s 4 s t G h 27
A single verifier v (inside region R) and a prover p (not depicted) v R 28
A single verifier at the center of a circular region R where there is an upper bound of p on the processing delay v RoA(v, p) R = RoA(v,0) s p 29
Wormhole attack A X Y B 30
Impact on routing protocols: one hop tunneling A C X Y B 31
Partitioning the range of the sensors into six zones numbered 1, 2,..., 6 clockwise 4 3 5 2 6 1 32
Bidirectional communication link A B 33
Wormhole vulnerability in the first protocol 5 6 A 5 6 B 4 X 1 4 Y 1 3 2 C 3 2 Region I Region II 34
Cooperating with neighbors to prevent protocol vulnerabilities D A 5 6 5 6 B 4 X 1 4 Y 1 C 3 2 3 2 Region I Region II 35
Verifier region A B 36
Worawannotai attack V A X B 37
Preventing the Worawannotai attack V a A X b B 38
Verifier region V A a c X b d B 39
Sequence number attacks malicious 4 hops destination a b c e d source s v f 3 hops g 40
Impact of location of base stations on disrupting traffic in a sensor network delimited by a square region 41
Omnidirectional and directional antennas A B A B Omnidirectional Directional 42