csc/ece advanced network securitydiscovery.csc.ncsu.edu/courses/csc774-f11/slides/t06.2_anti... ·...
TRANSCRIPT
• 11/2/11
• 1
Computer Science
CSC/ECE Advanced Network Security
Topic 6.2 Recent Advances in Anti-jamming Wireless Communication
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 1
• Some slides were provided by Srdjan Capkun and Christina Pöpper.
Computer Science
Jamming : The prevention of radio communication by the use of radio signals (typically noise).
Jamming
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 2
• B
• J
• A
• ©D. Adamy, A First Course on Electronic Warfare
Computer Science
Jamming-resistant Communication
• Jamming-resistant communication can be achieved by Spread-Spectrum (SS) Techniques – Frequency Hopping Spread Spectrum (FHSS) – Direct Sequence Spread Spectrum (DSSS)
• SS techniques require an advantage over the attacker – A shared secret key between the sender and receiver
• Point-to-point / unicast communication • Different types of attackers
– Broadband and partial-band/narrow-band jammer – Follower jammer (FHSS communication)
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 3
• 11/2/11
• 2
Computer Science
FHSS: Frequency Hopping Spread Spectrum
DSSS: Direct Sequence Spread Spectrum
Common anti-jamming techniques rely on pre-shared secret codes (keys) • to achieve availability (not authentication or confidentiality)
The pre-shared secrets must be known to the sender and receiver but not to the jammer
• PRNG
• Spreading code (PRNG seed)
• PRNG
• PRNG • PRNG
• frequency
• frequency
• Hopping sequence (PRNG seed)
Spread-Spectrum (SS) Techniques
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 4
Computer Science
Broadcast Communication
• Broadcast communication • One sender, many receivers • Open system - New receivers may join - Receivers may withdraw - Any receiver can listen
(in contrast to multicast)
» Examples: • radio (audio) broadcast
(AM, FM, …) • navigation signals: satellite-
based (GPS), terrestrial (LORAN)
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 5
• A
• B
• multicast
• D • C
• A
• B
• broadcast
• D
• C
Computer Science
Attacks on Broadcast Communication
• For pairwise (unicast) communication we only consider external (outsider) attackers
– A and B are mutually trusted – Attacker uses only public information
• Broadcast communication – High and unknown number of receivers – Receivers are potentially untrusted and may be colluding – We need to consider external attackers and
internal (insider) attackers – Group keys?
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 6
• B
• J
• A
• A
• … • B • D
• C • E
• 11/2/11
• 3
Computer Science
External Attackers on SS Techniques • External attacker
• Does not know the spreading code / hopping sequence • Partial-band attacker can still jam. Example: FHSS
– pj = Probability that the packet is jammed – = 1 – (1 – cj /c )nj
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 7
• c = # frequency channels • cj = # channels the jammer jams • nj = jamming cycles per packet (given by min. jamming period, packet length, and jammer capabilities)
• c
• cj
• Min. jamming
Packet
• Typical computation of jamming probability
via the inverse
Computer Science
Internal Attackers on SS Techniques
• Internal attacker – Legitimate receiver: can decode the broadcast signal, i.e.
knows the used spreading code and its synchronization – Can misuse the spreading code and synchronization for
jamming to disable other receivers to get the signal – Group keys do not prevent this attack!
We need a better solution!
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 8
• A
• … • B • D
• C • E
• Key K
• K
• K • K
• K
Computer Science
• A
• B
• J • broadcast
• m, sig(m)
• D • C • Applications: alarm broadcast,
navigation signals, etc.
• Problem: BS needs to broadcast an (authenticated) message to a large number of unknown/untrusted receivers in an anti-jamming manner.
• But … • Anti-jamming communication relies on shared secret keys • In anti-jamming broadcast we cannot rely on shared keys (unknown/untrusted receivers) • Public-key crypto does not help
• PKA
• PKA
• PKA
• PKA
Anti-jamming Broadcast w/o Shared Keys
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 9
• 11/2/11
• 4
Computer Science
Anti-Jamming Key Establishment
• Problem: A and B want to establish a shared secret key in the presence of a jammer J
• Assumptions: – A and B do not share any secrets – The clocks of A and B are
loosely synchronized O(s) – Each node has a public/private key pair and a certificate binding its
identity to the public key – CA (Certification Authority) is trusted by all nodes; it may be off-line
or unreachable by the nodes at the time of communication
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 10
CA
A B
J
(offline)
CertCA(A) CertCA(B)
Computer Science
Anti-Jamming/Key-establishment Dependency
• Key establishment depends on jamming-resistant communication
• Common anti-jamming techniques require a shared secret key (code)
• Leads to an anti-jamming/ key-establishment dependency cycle
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 11
Computer Science
• (UFH)
Two Solutions: UFH and UDSSS • Basic idea:
• If you cannot coordinate the sender and the receiver – Don’t! • Sender uses random hopping sequences/spreading codes unknown to the
receiver (public set) • Two solutions:
• Uncoordinated Frequency Hopping Spread Spectrum (UFH) • Uncoordinated Direct Sequence Spread Spectrum (UDSSS)
• Rationale: • The attacker cannot predict which channels will be used (neither can the
receiver)
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 12
• 11/2/11
• 5
Computer Science
Attacker Model
Given the number of frequency channels on which the attacker inserts (ct), jams (cj), and overshadows (co), ctPt + cjPj + coPo ≤ PT
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 13
• Attacker goal: to prevent communication! • Attacker actions: Jam, Insert, Modify • Attacker types: Responsive, Sweep, Random, … • Attacker strength (channels/time to jam/sense): cs/ts, cj/tj • Power to insert, jam, and overshadow: Pt, Pj, and Po
• PT: total signal strength that attacker J can achieve at the receiver B
Computer Science
M := m, sig(m), …
M1 M2 Ml
…
M3
M1 M2 Ml
• m1 • m2 • ml
1. Fragmentation
2. Fragment linking (protects against insertion)
3. Packet Encoding (ECC) (protects against jamming)
4. Repeated transmission
Uncoordinated Frequency Hopping (transmitter)
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 14
Computer Science
1. Receiving packets
2. Packet decoding
3. Ordering and linking
4. Message reassembly and signature verification
M1 M2 Ml M3
M := m, sig(m), …
m3 m1
m1
• f1:
• f2:
• … M1 M2 Ml
• M1 • M1 M1 • M1 • M1 M2
• M1 • M1 Ml • …
m2
Uncoordinated Frequency Hopping (receiver)
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 15
• 11/2/11
• 6
Computer Science
• Problem: Fragments are not individually authenticated (pollution attacks)
• (I+1)l
• message size • slot size
• Signature verification at each candidate message (after reassembly)
• In the best case, I=1 … (depends on attacker’s # of channels, power …)
• but l is large; l = (>20) • Result: Attacker performs a DoS attack on the logical level instead on
the physical
Fragment linking
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 16
Computer Science
• Problem: Fragments are not individually authenticated (pollution attacks) • Solution: Cryptographically link fragments (no reliance on shared key)
to achieve message integrity
• Hash linking
• One-way Accumulators
• Short signatures
• Min 1 hash
• 1 witness
• 1 short signature
Fragment linking (Cont’d)
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 17
Computer Science
• Gain: Instead of (I+1)l signature verifications, reduction to (I+1)l hash/acum/signature verifications + (I+1) signature verifications
• Signatures and accumulators better than hash linking • Possible extensions: • Use linking with erasure codes, e.g., Fountain codes. • Reconstruct the message from any k fragments.
Fragment linking (Cont’d)
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 18
• 11/2/11
• 7
Computer Science
Two Solutions: UFH and UDSSS • Basic idea:
• If you cannot coordinate the sender and the receiver – Don’t! • Sender uses random hopping sequences / spreading codes
unknown to the receiver (public set) • Two solutions:
• Uncoordinated Frequency Hopping Spread Spectrum (UFH) • Uncoordinated Direct Sequence Spread Spectrum (UDSSS)
• Rationale: • The attacker cannot predict which spreading codes are used by
the sender (neither can the receiver) • UDSSS has reduced latency compared to DSSS • Throughput can be improved by using parallelization
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 19
Computer Science
Preliminaries: DSSS
t
spread despread
Spreading code
Spreading code
• RF message message • modulator demodulator
sender receiver
• chip
• bit
t
bit 1
Spreading code 1 -1 -1 1 -1 -1 -1 1 1 1 -1
Result (chips) 1 -1 -1 1 -1 -1 -1 1 1 1 -1
chips 1 -1 -1 1 -1 -1 -1 1 1 1 -1
Spreading code 1 -1 -1 1 -1 -1 -1 1 1 1 -1
correlation (1+1+1+1+1+1+1+1+1+1+1)/11=1
bit 1
chips -1 1 1 -1 1 1 1 -1 -1 -1 1
Spreading code 1 -1 -1 1 -1 -1 -1 1 1 1 -1
correlation (-1-1-1-1-1-1-1-1-1-1-1)/11=-1
bit -1 (0) Dr. Peng Ning 20 CSC/ECE 774 -- Adv. Net. Security
Computer Science
Uncoordinated Direct Sequence Spread Spectrum
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 21
• 11/2/11
• 8
Computer Science
Uncoordinated Direct Sequence Spread Spectrum
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 22
Computer Science
Uncoordinated Direct Sequence Spread Spectrum
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 23
Computer Science
Uncoordinated Direct Sequence Spread Spectrum
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 24
• 11/2/11
• 9
Computer Science
UDSSS: Optimization
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 25
Computer Science
Advanced Network Security
DSD-DSSS: DSSS through Delayed Seed Disclosure
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 26
Computer Science
DSD-DSSS: DSSS based on Delayed Seed Disclosure • Goal: DSSS without shared secret • Observation
– A receiver can wait to decode until end of transmission – A jammer must jam the transmission before it is finished
• Exploiting the observation – Construct spreading code sequence using a random seed – Spread the message using this code sequence – Disclose the seed after the message transmission
• It’s too late when the jammer sees the seed
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 27
• 11/2/11
• 10
Computer Science
Delayed Seed Disclosure
• The same observation has been made in – TREKS [Jin et al., MobiHoc09] – RD-DSSS [Liu et al., INFOCOM 2010] – Delayed-key UDSSS [Pöpper et al., JSAC 2010]
• However – TREKS: later parts of message are vulnerable; limited to
pairwise communication – RD-DSSS and Delayed-key UDSSS
• Delayed seed (key) vulnerable
• We provide a novel approach for seed protection
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 28
Computer Science
DSD-DSSS – Spreading Code Sets
• Public spreading code sets: Cp and Ce – Cp: message body – Ce: seed – Cp∩Ce=Ø – Each code has an index
29 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Basic DSD-DSSS – Sender Side
30 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
• 11/2/11
• 11
Computer Science
Basic DSD-DSSS – Receiver Side
31 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
DoS Attacks against Seed Disclosure
• Attacker may inject bogus seeds by – Continuously drawing a code from Ce, spreading a random
bit, and transmitting
• Receivers – Have to try combinations of codes from Ce to recover the
seeds – May recover many possible seeds for one transmission
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 32
Computer Science
Content-based Seed Disclosure • Observation
– Receivers can buffer the seed and despread later – Jammer has to jam/inject during the seed disclosure
• Content-based subset selection – The later seed bits can help protect the earlier ones – Reduce computation – Create a pattern to filter out fake seeds
33
bit b1 b2 b3 b4 b5 b6 b7 b8 code x1 x2 x3 x4 x5 x6 x7 x8
• x
• code set • x
• x
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
• 11/2/11
• 12
Computer Science
Security Requirement
• Jammer shouldn’t be able to infer what codes are used later by observing earlier codes
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 34
Example -- An undesirable situation
• Bit 1
• Bit 2
• Bit 3
• Bit 4
If jammer can derive the relationship between codes by analyzing the subset selection algorithm…
• Ideally…
Computer Science
Intuition
35
• x1 • x2 …
• x
• x
• x5
• x6
• …
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
• Jammer observes code x for the current bit
• … • x
• x3 • x4
Computer Science
Generation of Subsets of Cp
• Generated with Symmetric Balance Incomplete Block Design (SBIBD)
36
• Cp • x • x
• x
# of codes: n2+n+1 # of subsets: n2+n+1 Each subset has n+1 codes Each code is in n+1 subsets Each pair of codes only exists in one subset
• x
• x • x
• x • x
• x • x • x • x
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
• 11/2/11
• 13
Computer Science
Content-based Code Subset Selection – Sender Side
37 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Content-based Code Subset Selection – Receiver Side
38 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Security Analysis
• Jammer’s capability
39 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
• 11/2/11
• 14
Computer Science
Jamming Probability of the Seed
40 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Analysis strategy: Derive the lower bound of jammer’s search space (see paper)
Computer Science
Effectiveness against DoS Attack
41
• 2.87 • 2
• 1.01
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Expected # of Seed Candidates for Receiver
Computer Science
Prototype Implementation
• Hardware – USRPs with XCVR2450 daughter boards
• Software – GNU Radio 3.2 – Modified spread/despread module in GNU Radio’s sample
code named “digital”
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 42
• 11/2/11
• 15
Computer Science
Selected Evaluation Result
43
Code length: 32
• DSSS: 0.25
• UDSSS: 0.35
• Subset: 0.57
• Basic DSD-DSSS: 2.22
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Advanced Network Security
USD-FH: Frequency Hopping with Uncoordinated Seed Disclosure
44 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Previous Work
• UFH [Oakland 08] – Exchange ECDH messages with uncoordinated FH
• ECDH message M is split into multiple packets due to packet size constraint (hop duration × bit rate)
• Packets are chained with hash values to prevent injection attack
• Both sender A and receiver B do uncoordinated FH (A hops faster than B does)
• A send M repeatedly until B collects all packets and reconstructs the message M
– Use the established key for later FH communication 45 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
• 11/2/11
• 16
Computer Science
Previous Work (Cont’d)
• BMA [MobiHoc 09] – Enhanced version of UFH – Erasure coding
• No need to collect all packets to reconstruct the message
– One-way authenticator based on bilinear pairing • Each packet can be verified immediately upon received
– Almost two times faster than UFH
46 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Motivation
• Both UFH and BMA are vulnerable to responsive jamming attacks – Each packet has to contain additional fields (e.g., packet id,
hash/witness value) for message reconstruction • Packet size cannot be too small
– Jammer has enough time to detect and jam the packet • Remove these fields → very small packet size → low
jamming probability – Use uncoordinated FH to transmit a seed instead of the
packet itself – Transmit the message as a whole part using the hopping
pattern determined by the seed • No need of additional fields for message reconstruction
47 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
USD-FH: Sender Side
48
• M:
• p1 • p2 • p3 • p4 • ··· • pl-1 • pl
• split to packets
s2 • PRNG
• 3 8 2 4 … 10 13
• Hopping pattern for M
s1 • PRNG
• 1 5 9 11 … 7
• Hopping pattern for s2
• 1,s2 • 2,s2 • 3,s2 • 4,s2 • ··· • x,s2
• Nobody knows except sender
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
• 11/2/11
• 17
Computer Science
USD-FH: Receiver Side
49
• p1 • p2 • p3 • p4 • ··· • pl-1 • pl
• 3 8 2 4 … 10 13 • 1 5 9 11 7
• 1,s2 • 2,s2 • 3,s2 • 4,s2 • ··· • x,s2 • packets from sender:
• sender’s hopping pattern:
• 3 8 2 4 … 10 13 • 10 9 … • receiver’s hopping pattern:
• PRNG
• (x-2) × hop duration
• p1 • p2 • p3 • p4 • ··· • pl-1 • pl
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Performance Analysis
• Attacks – Low-level jamming attacks (targeting packet)
• types: non-responsive, responsive • strategies: static, random, sweep
– High-level responsive jamming attack (targeting seed)
• catch the seed s2 and jam the message M – Hybrid jamming attack (targeting packet and seed)
• low-level jamming + high-level responsive jamming • most efficient jamming attack
50 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Jamming Probability under Low-level Jamming Attacks
51 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
• 11/2/11
• 18
Computer Science
Observations
• Short hop duration is preferred • USD-FH can support short hop duration
– No id and hash chain/witness value for message reconstruction purpose
• Low packet overhead • Fit into short hopping slot
– Packet size is determined by the size of seed and index number
52 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Evaluation Setup • Compare UFH, BMA, and USD-FH • Simulation using Bluetooth demo in Simulink
– GFSK – 1 Mbps – 200 channels – Message (2,176 bits) – Packet
• Reed-Solomon 15 bit -> 21 bit, tolerate 3 bits error • UFH: message ID (34 bits), packet ID (6 bits), payload (80-640 bits),
hash (70 bits) • BMA: message ID (34 bits), packet ID (6 bits), payload (15-570 bits),
witness(140 bits) • USD-FH: payload (45 bits)
• Optimize x by minimizing Thybrid using Mathematica • 5 Scenarios under hybrid jamming attack
53 Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Evaluation Results – Scenario 1
54
• 20 times faster than UFH • 14 times faster than BMA
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
• 11/2/11
• 19
Computer Science
Evaluation Results – Scenario 2
55
• 43 times faster than UFH • 30 times faster than BMA
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Evaluation Results – Scenario 3
56
• 45 times faster than UFH • 33 times faster than BMA
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Evaluation Results – Scenario 4
57
• UFH and BMA stop working from cj > 10
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
• 11/2/11
• 20
Computer Science
Evaluation Results – Scenario 5
58
• very powerful jammer
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security
Computer Science
Conclusion
• Security of wireless physical layer is necessary – Anti-jamming wireless communication; authentication of
signal; privacy; …
• Using wireless physical layer properties helps – Proximity based access control; device authentication; PUE
defense; …
• More research is needed!
Dr. Peng Ning CSC/ECE 774 -- Adv. Net. Security 59