Trust_ Privacy_ and Security

Document Sample
Trust_ Privacy_ and Security Powered By Docstoc
					            CS 6910: Advanced Computer and Information Security
                                Lecture 2b

       Opportunistic Networks:
 The Concept and Research Challenges
        in Privacy and Security
         Leszek Lilien, Zille Huma Kamal, Vijay Bhuse and Ajay Gupta
                         WiSe (Wireless Sensornets) Lab
                        Department of Computer Science
                          Western Michigan University
                             Kalamazoo, MI 49008

Presented at the International Workshop on Research Challenges in Security and Privacy
   for Mobile and Wireless Networks (WSPWN 2006), Miami, Florida, March 15-16, 2006
               > CS 6910: Go to Slide 15 <

      Basic Concepts for Opportunistic Networks

     New paradigm and technology:
                 opportunistic networks or oppnets
          Innovative
          Facing the challenge of pervasive computing
          Advancing leading-edge pervasive computing and networking know-

     Oppnet deployed as a seed oppnet
               Localizes its nodes
            Configures itself
            Adapts to environment
March 15-16, 2006                                                            2
                      Startup: Seed Oppnet
             Oppnet starts as a seed oppnet

                                                     Link to
                                                     the World

                       Seed Nodes

           Seed oppnet grows into an expanded oppnet
March 15-16, 2006                                                3
                      Growth: Expanded Oppnet

                                                                Link to
                                                                the World
 (refrigerator)                                                             Cellphone
                              Seed Nodes                                        Tower
   wave                    Overturned
   Relay                      Vehicle
                               with OnStar                        Computer Network

           Heterogenous helpers join oppnet
March 15-16, 2006
                    Add communication, computing, sensing, storage, other resources 4
                       Oppnet Growth Activities

             Detecting & identifying candidate helpers
             Contacting & inviting selected candidates
             Admitting & integrating helpers that join oppnet
             Offloading tasks to helpers
                   Determining useful colaborative functionalities
                   Managing offloaded tasks

             Clean up and release each helper when no longer

March 15-16, 2006                                                     5
                        Basic Oppnet Categories

           2 major oppnet categories:
                   Benevolent oppnets
                   Malevolent oppnets

           Corresponding oppnets scenarios:
                   Benevolent oppnet scenario:
                        „Citizens Called to Arms‖
                   Malevolent oppnet scenario:
                        „Bad Guys Gang Up‖

March 15-16, 2006                                   6
   Benevolent Oppnet
   Scenario: „Citizens
   Called to Arms‖ (1)
           Seed oppnet deployed
            after an earthquake (un-                                             7

            predictable emergency)
                Seed is ad hoc wireless network with very powerful
                       More energy, computing and communication resources

           Seed tries to detect candidate helpers
               For help in damage assessment and disaster recovery
               Uses any available detection method — including:
                       Celphone- or radio-based detection
                       Searching for nodes using the IP address range for the
                        affected geographic area
                       AI-based visual detection (next)
March 15-16, 2006                                                                7
   Benevolent Oppnet
   Scenario: „Citizens
   Called to Arms‖ (2)

           Example:                                                     8

              Helper 1 monitoring a surveillance net detects an
               overturned car
              Helper 2 asked to recognize its license plate
              Helper 3 finds that the cars has OnStar link
              Helper 4 contacts BANs (Body Area Network) on or within
               bodies of car occupants via OnStar infrastructure
              Helper 5 evaluates obtained info and dispatches

March 15-16, 2006                                                        8
   Benevolent Oppnet
   Scenario: „Citizens
   Called to Arms‖ (3)


           Oppnet selects optimal subset of detected nodes
              Inviting devices, clusters & entire networks
              Helpers for communicating, sensing, computing
           Using „hidden‖ capabilities, e.g. for sensing:
               Desktop can „sense‖ presence of a potential victim at
                its keyboard
               Cellphones can „sense‖ location
                       Even ones w/o GPS can be triangulated

March 15-16, 2006                                                       9
   Benevolent Oppnet
   Scenario: „Citizens
   Called to Arms‖ (4)
           Using „hidden‖
            emergency functionalities                                        10

               Oppnet contacts 2 independent sensornets (SNs):
                  water infrastructure control SN /
                              public space surveillance SN
               SNs ordered to abandon normal functions & help in
                rescue & recovery operations
                  Water infrastructure SN (with multisensor capabilities,
                     under road surfaces) — ordered to sense vehicular
                     movement and traffic jams
                  Public space surveillance SN — ordered to search
                     for images of human victims
March 15-16, 2006                                                            10
   Malevolent Oppnet
   Scenario: „Bad Guys
   Gang Up‖ (1)
           Scenario 1 — Terrorists
            create apparently
            harmless weather monito-
            ring sensornet (SN):
                SN becomes a seed of a malevolent opportunistic SN
                SN exploits other nodes from many other networks
                    (w/o revealing its true goals)
                        ―Critical mass‖ of the opportunistic SN is reached (in terms of
                         geographical spread and sensing capabilities)
                   SN waits for wind patterns that can speed up spread of
                    poisonous chemicals
                        Collected data used to decide when to start chemical attack

March 15-16, 2006                                                                          11
                           Malevolent Oppnet Scenario:
                            „Bad Guys Gang Up‖ (2)

        Scenario 2 — network at home starts spying on you:
            Becomes a seed oppnet
            Exploits other devices/nets to collect all info on you:
                       From your fridge (& RFID-equipped food packaging):
                        what/when you eat
                       From your computer: keylogs your passwords, sensitive data
                       From your cellphone: who you call & when
                       From your networked camera: what photos you take
                       From your home security surveillance system: your private
                       Cyberfly with camera eyes and microphone ears
                       ...
        Huge privacy problem! / Huge security problem!
        Controls to counteract malevolent oppnets badly needed
March 15-16, 2006                                                                    12
                                  Related Research
           Interoperability
                   Among wireless networks: WANs, MANs, LANs, PANs (personal)
                   Much less research on interoperability between wired & wireless nets
                   Ambient networks (big European Union project, next-generation
                    Internet—for 2015/2020, smaller networks able to compose themselves into
                    bigger ones)
           Growth in P2P systems
                   Searching for peers in unstructured systems
           Grid Systems
                   Integrating and managing heterogeneous systems
           Trojan Horses
                   Mimic their spread capabilities in search for helpers
           Other

March 15-16, 2006                                                                          13
      Research Challenges in Basic Operations
           Bypassed in this presentation
           Include:
              Challenges in Seed Oppnet Deployment
                        E.g., localization, self-configuration, adatptability
                   Challenges in Detecting Helper Systems
                        E.g., primitives to detect candidates, identify and categorize them,
                         evaluate and classify them (e.g., based on dependability and usefulness)
                   Challenges in Inviting & Admitting Candidate Helpers
                        E.g., select candidates to invite, develop protocols for candidates to
                         accept or reject invitation, devise primitives /methods to manage
                         expanded oppnet
                   Etc., etc. for remaining operations

March 15-16, 2006                                                                                 14
                         > CS 6910: Start here <

Research Challenges in Security and Privacy
       1) Major privacy challenges in oppnets

       2) Security challenges in oppnets
                   With secondary privacy challenges

March 15-16, 2006                                       15
                    Major Privacy Challenges (1)

           Privacy challenges in oppnets
                   Oppnets are and use pervasive systems
                        Must face all privacy challenges inherent to pervasive computing
                   „Make it or break it‖ issue for oppnets (and perv. comp)

           Major privacy goals
                   Assure privacy of communications and data storage
                   Protect helper resources from the host oppnet
                   Protect oppnet from its helpers
                   Protect environment from privacy violations by oppnet
                        Also from malevolent oppnets

March 15-16, 2006                                                                       16
                    Major Privacy Challenges (2)
           Classes of solutions to achieve the privacy goals
                   Provide protected private areas within seed nodes/helpers
                   Anonymize or pseudonimize entities within oppnet range
                   Detect and neutralize malevolent oppnets
                   Detect and neutralize exploiting oppnets for privacy violations

           Special solutions for emergency oppnet applications
                   Strict privacy protection relaxed in life-or-death situations
                      Must follow law and ethics

                   Basic assumptions:
                      Entity gives up only as much privacy as indispensable for
                        becoming a helper
                      Entity’s privacy disclosure is proportional to:

                            Benefits for the entity, or

                            A broader common good

March 15-16, 2006                                                                     17
                             Security Challenges (1)
           Sources of security challenges
                   Dependable authentication cannot be performed when
                    helpers join oppnet
                        Not possible to guarantee that malicious devices will not join
                   Can detect notorius behavior after entity becomes a
                        If available, reputation can be used beforehand
                   Delivering secret keys securely to all and only non-
                    malicious devices is very difficult
                        Relying alone on crypto authentication mechanisms (e.g.,
                         Kerberos) not sufficient

       => security challenges in oppnets are bigger
                   Incl. MITM, packet dropping, ID spoofing
                    (masquerading), DoS
March 15-16, 2006                                                                         18
                        Security Challenges (2)
             The major security (and privacy) challenges:
                   Secure routing via increasing trust
                       Routing through more trusted systems
                       Shared secrets for each communicating pair
                       Using shared secrets with broadcast authentication
                       Using digital signatures
                       …
                   Helper privacy and oppnet privacy via intrusion
                    detection (also above)
                   Protecting data privacy and data integrity
                   Identifying and preventing most dangerous attacks
                   Intrusion detection

             All discussed next
March 15-16, 2006                                                            19
          Secure Routing via Increased Trust
             Secure routing via increased trust
                   Maintain list of ―more trusted‖ entities and list of „less trusted‖
                   Secure routing can use both lists

             Secure wireless ad hoc routing protocol most
              relevant for opnets: Ariadne [Hu, Perrig, and Johnson, 2002]
                   On-demand protocol
                   Works in the presence of compromised nodes
                   Uses symmetric cryptography
                   Authenticates routing messages

             Still, cannot use directly
                   More heterogeneous (esp. w.r.t. wired/wireless transmission

             Can look for less energy-efficient oppnet solutions
                   Can rely on growth to amass needed resources (even with a big
March 15-16, 2006
                    safety margin)                                                        20
               Helper Privacy and Oppnet Privacy
                    via Intrusion Detection
             Protect privacy via detecting intrusions, illegal
              resource accesses
             Helper privacy supported via:
                   Access control (authentication and authorization)
                   Intrusion detection
                      2nd line of privacy defense
                            Meant to work by scaring away attackers
                       More difficult than in many other nets
                            Bec. of heterogeneity, spontaneous growth

             Oppnet privacy supported via:
                   Intrusion detection
                       Catches helpers that become attackers

March 15-16, 2006                                                        21
   Protecting Data Privacy and Data Integrity
             Data privacy challenges
                   Capture of even a single oppnet entity (especially in crisis
                    when providing physical protection is even more difficult)
                    cripples whole symmetric key cryptography scheme
                   Attacker masquerading as controller (or cluster head) can
                    distribute its own crypto keys

             Data integrity challenges
                   Digital signatures are expensive computationally for
                    lightweight devices (cellphone, PDA, etc.)
                   Packet format convesrsions can be attacked
                        Heterogeneous entities/media fragment/aggregate packets

March 15-16, 2006                                                                  22
                    Identifying and Preventing Most
                     Dangerous Attacks - Examples
             MITM: e.g., malicious device becomes a MITM on the
              communication line between a victim and first responders
                    Solution: Use mutliple, heterogenous routes between victim and
                     the center forredundant message

             Packet dropping: e.g., malicious device drops some packets
              between a victim and the center
                    Solution: As above (will work if no adversary on at ≥ one route)

             DoS attacks: e.g., flooding emergency center with false
              requests for help
                    Solution: Limit number of requests any device can generate. „Call
                     back‖ the victim to confirm her emergency request.

             Other: DoS attacks on weak links, ID spoofing, ...
March 15-16, 2006                                                                       23
                        Intrusion Detection (1)

             Motivation – Why needed?
                   When prevention fails
                   Lack of initial authentication mechanism

             Challenges:
                   Securely distributing information about malicious
                    entities in the presence of other (unknown) malicious
                   Avoiding malicious entities while maintaining
                   Real-time intrusion detection and response more
                    difficult than in other networks types
                       Bec. highly heterogeneous
March 15-16, 2006                                                           24
                        Intrusion Detection (2)
             Possible intrusion detection approach:                [Zamboni, 2001]

                   Internal „software sensors‖ used as embedded
                   Intrusion detection performed by autonomous agents
                    using embedded detectors
                   Benefits of embedded detectors:
                       More resistant to tampering or disabling, because they are a
                        part of the program they monitor.
                       Very low CPU overhead (not executing continuously)
                       Perform direct monitoring have access to the internal data
                        of programs they monitor)
                       Detection data is safer—does not travel through an external
                        path (a log file, for example) between its generation and its

March 15-16, 2006                                                                     25

        Oppnets are a new wide category of networks
              Leverage resources they can detect in the vicinity
                       Sensing / monitoring / computing / communication / etc. resources

        Particularly well suited to emergency operations
              Starts with a buildup of communications infrastructure
              Applicable for non-emergency situations as well

        High-payoff potential for this paradigm/technology
              Reduction of human suffering & loss of life
              Economic benefits
              Technological, educational & research benefits
March 15-16, 2006                                                                      26
                                     Future Work

           Investigating oppnet fundamentals

           Designing oppnet architecture
                   With its associated components
                        Methods, protocols, and algorithms

           Building a prototype
                   For stimulation and feedback
                        Necessary for fine-tuning oppnet design
                   Proof of concept: technical prowess & economic benefits

March 15-16, 2006                                                             27
                       Thank you very much
                    for your time and attention!

March 15-16, 2006                                  28
                    Selected WiSe Lab Publications on
                Sensornets, Oppnets & Pervasive Computing
   * Directly related to oppnets
   1.        L. Lilien and A. Gupta, ‖ Opportunistic Networks for Emergency Preparadness and Response‖ (submitted). (*)
   2.        V. Bhuse, A. Gupta, and L. Lilien, "Research challenges in lightweight intrusion detection for sensornets" (submitted).
   3.        L. Lilien and B. Bhargava, ‖A Scheme for Privacy-preserving Data Dissemination,‖ IEEE Transactions on Systems, Man and Cybernetics (to
   4.        L. Lilien, Z. Kamal, V. Bhuse and A. Gupta, "Opportunistic Networks: The Concept and Research Challenges in Privacy and Security,‖
             International Workshop on Research Challenges in Security and Privacy for Mobile and Wireless Networks (WSPWN 2006), Miami, Florida, March
             2006. (*)
   5.        T. Canli, M. Terwilliger, A. Gupta and A. Khokhar, "Power Efficient Algorithms for Computing Fast Fourier Transform over Wireless Sensor
             Networks," The Fourth ACS/IEEE Conference on Computer Systems and Applications, Dubai, UAE, March 2006.
   6.        V. Bhuse, A. Gupta and L. Lilien, "DPDSN: Detection of packet-dropping attacks for wireless sensor networks," Proceedings of the
             4th International Trusted Internet Workshop (TIW), International Conference on High Performance Computing, Goa, India, December 2005.
   7.        A. Gupta and V. Bhuse, "Anamoly Intrusion Detection in Wireless Sensor Networks," Journal of High Speed Networks, vol. 15, issue 1, January-
             March 2006.
   8.        M. Terwilliger, A. Gupta, A. Khokhar and G. Greenwood, "Localization using Evolution Strategies in Sensornets," Proceedings of the IEEE
             Congress on Evolutionary Computation, Edinburgh, UK, September 2005.
   9.        V. Bhuse, A. Gupta, M. Terwilliger, Z. Yang and Z. Kamal, "Using Routing Data for Information Authentication in Sensor Networks," Proceedings
             of the 3rd International Trusted Internet Workshop (TIW), International Conference on High Performance Computing, Bangalore, India,
             December 2004.
   10.       T. Canli, M. Terwilliger, A. Gupta and A. Khokhar, "Power-Time Efficient Algorithm for Computing FFT in Sensor Networks," (Extended Abstract).
             Proceedings of the Second ACM Conference on Embedded Networked Sensor Systems (SenSys), Baltimore, Maryland, November 2004.
   11.       B. Bhargava, L. Lilien, A. Rosenthal, and M. Winslett, ―PervasiveTrust,‖ IEEE Intelligent Systems, vol. 19(5), Sep./Oct.2004, pp. 74-77. (*)
   12.       B. Bhargava and L. Lilien, ―Private and Trusted Collaborations,‖ Proc. Secure Knowledge Management (SKM 2004): A Workshop, Amherst, NY,
             Sep. 2004.
   13.       M. Jenamani, L. Lilien, and B. Bhargava, ―Anonymizing Web Services Through a Club Mechanism with Economic Incentives,‖ Proc. International
             Conference on Web Services (ICWS 2004), San Diego, California, July 2004, pp. 792-795.
   14.       Z. Kamal, M. Salahuddin, A. Gupta, M. Terwilliger, V. Bhuse and B. Beckmann, "Analytical Analysis of Data and Decision Fusion in Sensor
             Networks," The 2004 International Conference on Embedded Systems and Applications . Las Vegas, June 2004.
   15.       M. Terwilliger, A. Gupta, V. Bhuse, Z. Kamal, and M. Salahuddin, "A Localization System Using Wireless Sensor Networks: A Comparison of Two
             Techniques," Proceedings of the 2004 Workshop on Positioning, Navigation and Communication, Hanover, Germany, March 2004 , pp. 95-100.
   16.       V. Bhuse, A. Gupta and R. Pidva, "A Distributed Approach to Security in Sensornets," The 58th IEEE Semiannual Vehicular Technology
             Conference, Orlando, Florida, USA, October 2003.
   17.       L. Lilien, ―Developing Pervasive Trust Paradigm for Authentication and Authorization,‖ Proc. Third Cracow Grid Workshop (CGW’03), Kraków
             (Cracow), Poland, October 2003, pp. 42-49 (invited paper).

March 15-16, 2006                                                                                                                                         29
           WiSe Lab Experience in Sensornets –
              Selected Projects Since 1/03
   * Results useful for oppnets

          Designing of WiSe Security Protocols: DSPS
          Location Tracker Using Motes (*)
          RHS: Remote Home Surveillance (*)
          Directed Diffusion: Attacks & Countermeasures
          Improving the Accuracy of Mote Measurements
           by Using Neural Networks
          SOMS: Smart Occupancy Monitoring System Using Motes (*)
          Comparative Study of Network Simulators
          Collaborative Image Processing (*)
          DENSe: a Development Environment for Networked Sensors
          Incorporating Mobile-ware in Distributed Computations / Grids (*)
          Extending the ns-2 Simulator to Satellite and WCN Simulations
          Smart Antennas for WCNs
          Energy Efficient MAC Protocols for IEEE 802.11x
          A Wireless Security Testing System (*)
          Mobile and Self-Calibrating Irrigation System
          Collective Communications for Sensornets (*)
March 15-16, 2006                                                              30