mobile traffic sensor network vs. motion-mix : tracing & protecting mobile wireless nodes
Post on 12-Jan-2016
17 Views
Preview:
DESCRIPTION
TRANSCRIPT
Mobile Traffic Sensor Network vs. Motion-MIXMotion-MIX:
Tracing & Protecting Mobile Wireless Nodes
##Jiejun Kong, Jiejun Kong, *Dapeng Wu, +Xiaoyan Hong, ##Mario Gerla
#Dept of Computer Science *Dept of Computer Science +Dept of EE UCLA University of Florida University of Alabama
November 7, 2005@ACM SASN’05
Problem: Mobile Anonymity Fixed Anonymity: Identity (net addr) Mobile Anonymity: Identity Location
– Identity (net addr/identity)
– Location (positioned by the adversary)
– Motion patternMotion pattern (deduced by the adversary)
Significance of anonymous wireless communication– 1996 A.D.: Chechnya rebel leader, General Dzhokhar General Dzhokhar
DudayevDudayev, always on the move, but killed during a traceable wireless call
Mobile Traffic Sensor Network Mobile traffic analyst
– Unmanned aerial vehicle (UAV)– Coordinated positioning
(tri-lateration / tri-angulation)can reduce location uncertainty
If moving faster thanthe transmitter, canalways trace the victim
Outline Background
Proposed solution– In theory: Asymptotic network security model– In practice: Motion-MIX
Security analysis– Motion-MIX satisfies the asymptotic network
security model
Summary
Notion: Security as a “landslide” game
Played by the guard and the adversary– Proposal can be found as early as Shannon’s 1949 paper– Not a 50%-50% chance game, which is too good for the
adversary
The notion has been used in modern crypto since 1970s– Based on NP-complexity – The guard wins the game with 1 - negligible probability– The adversary wins the game with negligible probability– The asymptotic notion of “negligible” applies to one-way
function (encryption, one-way hash), pseudorandom generator, zero-knowledge proof, ……
AND this time ……
Our Asymptotic Network Security Model Concept: the probability of security breach decreases
exponentially toward 0 when network metric increases linearly / polynomially
Consistent with computational cryptography’s asymptotic
notion of “negligible / sub-polynomial”
is negligible by definition
x is key length in computational cryptox is network metric (e.g., # of nodes) in network security
DefinitionDefinition: A function : N R is negligible, if for every positive integer c and all sufficiently large x’s (i.e., there
exists Nc>0, for all x>Nc),
The Asymptotic Cryptography Model
Security can be achieved by a polynomial-bounded guard against a polynomial-bounded adversary
1 2 # of key bits (key length) 128
Prob
abili
ty o
f sec
urity
bre
ach The “negligiblenegligible” line
(sub-polynomialsub-polynomial line)
Insecure Secure(Ambiguous area)
• See Lenstra’s analysis for proper key length(given adversary’s brute-force computational power)
• There are approximately 2268 atoms in the entire universe
Our Asymptotic Network Security Model
Conforming to the classic notion of security used in modern cryptography ! We’ve used the same security notion
Network metric (e.g., # of nodes -- network scale)
Prob
abili
ty o
f net
wor
k se
curit
y br
each
The “negligiblenegligible” line(sub-polynomialsub-polynomial line)
The “exponentialexponential” line
(memory-lessmemory-less line)
Insecure Secure(Ambiguous area)
Design Assumptions Adversary model
– Passive– Few insiders (captured & compromised nodes),– Global (or equivalently, mobile and capable of scanning
the entire network area in short time)– Honest-but-curious (protocol-compliant)– External: polynomially-bounded by key length– Internal: fraction of N (which is # of network nodes)
Network model– Loquor ergo sum (I speak, so I exist): nodes must transmit
upon application demand, cannot shut up– Pairwise key sharing (via Diffie-Hellman, KPS, or
“mobility helps security”)
Venue
Venue
The VIP nodebeing traced
“Venue” is the smallest area that the adversary can “pinpoint” a wireless transmitter via its wireless transmission
Assumption: Imperfect Wireless Positioning
D. Niculescu, B. Nath, “VOR Base Stations for Indoor 802.11 Positioning,” ACM MOBICOM’04, pp.58—69.
Motion Pattern Tracing (1 node)
1 transmitting node in the network No way to protect it
– Just like a cryptographic case using 1-bit key
Motion Pattern Tracing (2 nodes)
2 transmitting nodes in the network; Better security protection What’s the network-based analytic model behind this phenomenon?
What happens if there are many nodes in a scalable network? We need Motion-MIX
Motion-MIX: Design Goal
k incoming mobile nodes or wireless packet flows get fully mixed in the Motion-MIX k-anonymity: the adversary cannot differentiate these k nodes
Motion-MIX vs. Chaumian MIX
Effectiveness determined by the adversary’s capability & the guard’s capability
1. Privacy model: like Chaumian MIX processor, the internal state of Motion-MIX is private The adversarial side cannot position any transmitting
node inside the area quantified by
2. Temporal-spatial model: like Chaumian MIX (e.g., pool mix), the guarding side can delay and gather the protected items in a Motion-MIX Motion-MIX’s size is determined bi-laterally (the adversary & the guard) in terms of time and space
Size of Motion-MIX Adversary determines
inner circle
Guard determines outer ring t is the minimum delay
between any 2 transmissions from a single node
– vavg is the average/expected node mobility speed
Motion-MIX’s size is a bilaterally-determined quantity ’ = ( + vavg*t)
Adversary’s capability
’
Wireless Traffic Mixing Per Venue
Algorithm D -- Wireless traffic mixing:(Each venue transmits approximately k packets per t in a fully distributed manner)
Prerequisite: Pre-defined system parameter k and unit time t. 1 Divide current unit time t into k slices.2 FOR (each time slice i) DO3 IF (I have only heard x<i transmissions so far during the current unit time interval)4 In the next time slice, transmit a decoy packet with probability (i-x)/i.5 END IF6 END FOR
Ensures: Greater-than-zero effect1. If at least a “good” node is in a venue, the adversary can only estimate there are averagely E(k’) nodes inside. Actually # of nodes inside the venue can be from minimally 1 to maximally (N - #_of_non-empty_venues).2. Otherwise, the venue is empty. Motion-MIX is not functional.
Necessary Conditions of Motion-MIX
Protocol-stack-wise concerns, not limited to application/middleware layer (unlike MIX-ZoneMIX-Zone)
Building blocks1. Identity-free routing ANODR (MOBIHOC’03)
• Anonymous even against any insider
2. One-time packet contents XOR-tree (TISS’00)• E.g., for 100 packets, the 2 extreme cases (1 sender to 1 1 sender to 1
recipient & 100 different senders to 100 different recipientsrecipient & 100 different senders to 100 different recipients) and all cases in-between are equally probable looks truly random / independent
3. Radio interface calibration to remove RF signatures “Shake them up” (MOBISYS’05)
Identity-free Routing: ANODR (MOBIHOC’03)
ANODR: destination E receives
RREQ, global_trap, onion whereRoute-REQuest
Route-REPly
A
E
KA(hello)KB( KA(hello))KC( KB( KA(hello)))
onion = KD( KC( KB( KA(hello))))
RREP, global_proof, onion
B
C D
#E#D#C
#B
KC( KB( KA(hello)))KB( KA(hello))KA(hello)
RREP, global_proof, onion, #X
#X is a random packet stamp selected by X
and shared on the hop
KKXX(m)(m) denotes using symmetric key K (only known by X) to encrypt a message m
global_trapglobal_trap denotes an encryption of a well-known tag (“You are the destination”) using a key only known by destination E
Identity-free Data Forwarding
Table driven virtual circuit: stores mapping of a pair of packet stamps
Packet marked with #– Matched incoming # is replaced by corresponding
outgoing #– IP address, 802.11 MAC address not used in ANODR
#1 #2 #2 #3 #3 #4
A B C
#1 payload #2 payload #3 payload #4 payload
One-time Packet Contents (cont’d)
“Unpredictable” pseudorandom packet contents– In secular term, looks truly random to the adversary– Key management & distribution needed
1Key 56a35d537fe 56a35d537fe
3 e53410957fa e53410957fa
2 198573f8d5b 198573f8d5b..
. ...
Identity-free Packet Flow (ANODR)
4342747
5422819
5452343
1745634
97464116175747
8543358
Mobile network model Divides the network into large number n of very
small tiles (i.e., possible “positions”)– A node’s presence probability p at each tile is small
Follows a spatial binomial distribution B(n,p)
– When n is large and p is small, B(n,p) is approximately a spatial Poisson distribution with rate 1
– If there are N mobile nodes roaming i.i.d. N = N·1
– The probability of exactly k nodes in an area A’
Venue
Venue
’
Average Venue Publicity assumption (Kerckhoff’s Desiderata): the
adversary knows the entire identity set and the network area, it can estimate that expectation of # of nodes in each venue is – Thus, nodes in each venue transmit k = E(k') real/decoy
packets in a fully distributed manner
A motion-MIX is min(k, E(k'))–anonymouswhere '=(+vavg*t) is the bi-lateral Motion-MIX size– In each non-empty venue, min(k, E(k')) - anonymous– In the entire network, ubiquitously min(k, E(k')) -
anonymous due to identity-free routing, one-time packet contents and RF signature hiding
Untraceable Mobile Nodes (or Packet Flows)
The VIP nodebeing traced
All motion patterns equally likely if contiguous venues are non-emptynon-empty(in the previous time slot t) Untraceable (per Shannon’s information theoretic notion)
Security Analysis: Impact of N (# of nodes)Probability of having less than k good nodes is negligible with respect to network scale N
Probability of tracing a mobile node is negligible with respect to N and motion time |T|
Probability of tracing a packet flow is negligible with respect to N and # of traveled venues |X|
Summary Anonymous communication in mobile networks has its own
idiosyncrasy– Motion pattern of mobile nodes can be traced
Motion-MIX needed We propose a novel asymptotic network security model that
is consistent with classic security notions– Identity-free routing, one-time packet contents, and radio signature
hiding are necessary conditions to implement Motion-MIX– Motion-MIX + ANODR is practical
Work-in-progress: Currently, doing real-world experiments on Motion-MIX and ANODR– Related to MANET localization/positioning, QualNet simulation,
ANODR Linux implementation, UAV experiment– More rigorous formalization & proofs
UCLA E-mail contacts:
Jiejun Kong: jkong@cs.ucla.edu
Mario Gerla: gerla@cs.ucla.edu
Notion: Perfect Secrecy (C.E.Shannon)
1m
2m
3m
4m
1e 2e 3e 4e
43 1 2
1
1 3
432
3 1
4
2 4
2
00 01 10 11
01 00 11 10
10 11 00 01
11 10 01 00
XORm m k = k =
ee4e
2e
1e
3e
4m
3m
2m
1m 12
43
1
3
341
2
31
plaintext ciphertext
fkey
2
4
42
A triangluar relation: plaintext M, ciphertext E, key K Given ciphertext E, adversary gains no information
H(M|E) = H(M) a posteriori = a prioriNot
sca
lable
Notion: Perfect Anonymity(IACR ePrint TR2005-132)
Route-driven connection
1s
2s
3s
4s
anonymityset
4r
3r
2r
1r
anonymityset
Route-driven connection
1s
2s
3s
4s
anonymityset
4r
3r
2r
1r
anonymityset
syn
chro
niz
ed
flo
od
ing
ind
isti
ng
uis
hab
le
ind
isti
ng
uis
hab
leSender
AnonymityRecipient
Anonymity
Not S
cala
ble
Message Secrecy & Anonymity(information theoretic notion)
Security degradation can be defined as the ratio between H(XAS|C) and H(XAS),as demonstrated in 2 PET’02 papers [Serjantov&Danezis,PET’02] and [Diaz et al., PET’02]
This non-scalable solution is not our answer !
Perfect Secrecy H(M|E) = H(M)
Perfect Anonymity H(XAS|C) = H(XAS)
1 Inspired by Bettstetter et al.’s work
– For any mobility model (random walk, random way point), Bettstetter et al. have shown that1 is computable following
– For example, in random way point model
in a square network area of size a£a defined by -a/2·x· a/2 and -a/2·y· a/2
– 1 is “location independent”, yet computable in NS2 & QualNet given any area A’ (using finite element method)
1 in Random Way Point model
[Bettstetter et al.]
a=1000
WASP Micro-Aerial Vehicle (MAV)
Wingspan: 13 inches Combined wing structure (Lithium-Ion battery pack): 4.25 ounces (120 gm) Total weight of the vehicle: 6 ounces (170 gm) Power: 9 Watts during the flight. Flying time: 1 hour and 47 min Good enough to trace a mobile soldier or a few soliders per MAV
top related