Proactive Security Measures in Wireless Network Design

Slide Note
Embed
Share

Exploring the benefits of proactive security measures in wireless networks, this study delves into protecting network flow information from inference attacks and implementing security designs to prevent eavesdropping. Case studies, strategies to safeguard connectivity information, and methods for understanding and countering malicious attacks are also discussed.

lockwood_a
lockwood_a Follow

Uploaded on Sep 29, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. INFERENCE INTEGRITY IN WIRELESS NETWORKS Zhuo Lu, Electrical Engineering / FC2 University of South Florida

  2. PROACTIVE NETWORK SECURITY feasibility efficiency security Traditional security reactive/passive defense Find the best application domains of being proactive in wireless network designs We take a fundamental approach to quantitatively understand the benefits of being proactive in wireless networks

  3. CASE STUDIES 1. Protecting network flow information against inference attack (network anti-inference) 2. Scapegoating attacks in network tomography

  4. CASE I Case I: Protecting network flow information against inference attack (anti-inference)

  5. MULTI-HOP WIRELESS NETWORK: FEASIBLE DESIGN Example destination source

  6. MULTI-HOP WIRELESS NETWORK: OPTIMIZED DESIGN Example destination source

  7. MULTI-HOP WIRELESS NETWORK: SECURITY DESIGN Prevent Eavesdropping Data content Connectivity/flow? destination source

  8. STRATEGY TO PROTECT CONNECTIVITY INFORMATION 1. Understand attacks How malicious attacks can know the connectivity information, what is the worst-case attack? 2. Analyze potential strategies against attacks Limit the performance cost Measure the security impact

  9. HOW TO KNOW CONNECTIVITY INFO Network inference Sensing the wireless transmission Extracting who it transmitting to whom at low layers Building a relationship between link and flow information. Then, inferring flow info from link info. K H I 150kbps F E G C D A J 100kbps 50kbps B Applications: fault diagnose, network monitoring, flow detection, can also be used for malicious purpose.

  10. INFERENCE: PROBLEM FORMULATION Flow inference formulation: y = Ax y link rate vector: observed by attackers x flow rate vector: to be estimated A routing matrix: known network info Given A and y, estimate x Usually an under-determined system So no least squares solution!

  11. HOW TO GET ROUTING MATRIX A Example:

  12. EXAMPLE Observing link transmissions (knowing y) 11 nodes, 2 flows, y=Ax get x from y. Inference Result: A H: 100kbps, B H: 50kbps

  13. HOW TO BEAT INFERENCE ATTACK? Two underlying assumptions for inference Link traffic is only induced by network flows No flow no link traffic Routing is usually predictable E.g., shortest path routing. To break at least one of these assumptions, we have to be proactive!

  14. DECEPTION/HONEY TRAFFIC Link traffic is only induced by network flows No flow no link traffic Every node randomly transmits some redundant traffic All nodes transmit some redundant traffic in a coordinated way Deception Traffic Strategy (Proactive)

  15. ROUTING CHANGING Routing is usually predictable E.g., shortest path routing. Dynamically change routing paths to make sure the attacker has some information mismatch Routing Changing Strategy (Proactive)

  16. FUNDAMENTAL PROBLEM K K H H I I F F 300kbps E E 150kbps G G C C D D 100kbps A A 100kbps J J 100kbps B B Deception traffic Routing changing Yes, we may confuse the attacks from properly inferring the connectivity information But security efficiency

  17. RESEARCH GOALS How proactive strategies improve security at a limited cost of efficiency? 1) Improve security 2) Limit the cost of efficiency destination source

  18. FORMULATION UNDER PROACTIVE STRATEGIES Original formulation: y = Ax Deception Traffic: Add noise: y = Ax + J ( deception traffic vector) Routing Changing: Information mismatch: changing routing means routing matrix A B ( new routing matrix)

  19. METRIC TO MEASURE SECURITY BENEFIT Metrics to measure the accuracy of network inference? Genie bound: lower bound of error in all possible methods. Assuming the attacker knows who is transmitting, Then using minimum mean squared error estimation to estimate all the flow rates. Error of inference Method 1 Method 2 Genie bound

  20. GENIE BOUND We want to see how much the genie bound can be increased due to deception traffic and routing changing with limited costs. Error of inference Genie bound under proactive defense Genie bound

  21. LIMIT THE COSTS Deception Traffic: y = Ax + J |J|/n, or E|J|/n (average deception traffic per node) is smaller than a constant, where n is the number of nodes in the network. Routing Changing: A B We have a random geometric graph model, all nodes are randomly distributed. A and B are random matrices. How to model the routing changing ??

  22. ROUTING MODELING (FROM SCALING LAW) Model: Under any routing strategy, the average number of hops between any source-destination pair is denoted by a function g(n) satisfying g(n) = O(n), where n is the number of nodes in the network Existing K-shortest path routing satisfies this model.

  23. ROUTING MODELING (CONTD) Quantifying the cost of routing changing: The original routing changing: g(n) The new routing changing: h(n) The cost is h(n)/g(n), where n is the number of nodes in the network. Limit the cost: (h(n)/g(n)) = (1),

  24. THEORETICAL RESULT: AN EXAMPLE In a network with n nodes, (n) random network flows/connectivities.

  25. CASE I Case II: Scapegoating Attacks in Network Tomography (in both wireline and wireless scenarios)

  26. MOVE TO NETWORK TOMOGRAPHY Motivation: If we can t see what s going on in a network directly, how to measure the network performance? Brain Tomography Direct access is difficult

  27. MOVE TO NETWORK TOMOGRAPHY Motivation: If we can t see what s going on in a network directly, how to measure the network performance? Network Tomography Network Direct access is difficult

  28. MOVE TO NETWORK TOMOGRAPHY Definition: Study internal characteristics (e.g. link delay) of the network from external measurements (e.g. path delay). infer the link performance from end-to-end path measurements. Applications: discovering in a network Link failures Node failures Performance bottleneck Potential security attacks

  29. BASICS IN NETWORK TOMOGRAPHY Why we can infer internals via externals Delay example: Nodes 0, 1, 2, 3 End-nodes: 0, 2, 3 We can only perform measurements between these end nodes. These nodes are called monitors Link delays: x1, x2, x3 End-to-end path delays: y1, y2, y3 0 1ms 1 x 2 y 1 y 1 3ms 2ms 2 x 3 x y3 3 2 Key observation in network tomography There is a relationship between x and y. Objective: Given y, get x.

  30. FORMULATION OF NETWORK TOMOGRAPHY ( NETWORK INFERENCE) Formulation: Given end-to-end measurement 3 4 5 0 ? = 1ms 1 x and routing matrix 2 y 1 y 1 ?1?2?3 1 1 0 ?1 ?2 ?3 1 0 1 0 1 1 3ms 2ms ? = 2 x 3 x y3 3 2 The relationship is: ? = ?? Solution (linear inverse): given ? and ?, obtain x, i.e., 1 2 3 ???? = ? = ???

  31. TRADITIONAL ATTACKS Packet dropping attack: Intentionally drop or delay packets routed to the malicious nodes. 0 delay all packets! Black hole attack 1 x Grey hole attack 2 y 1 y 1 2 x 3 x Weak Point Very easy to be detected. Find out the links which always suffer bad performance under network tomography. y3 3 2

  32. SECURITY CONCERNS Current attack models are blind, brute-force Less sophisticated Can an attacker do a better job? Key Assumption in Network Tomography: Seeing is believing Measurements indeed reflect the real performance aggregates over individual links. does not always hold in the presence of a more sophisticated attack !!!

  33. SCAPEGOATING ATTACK Key Idea: Attackers cooperatively delay or drop packets to manipulate end-to-end measurements such that The network is damaged A legitimate node is incorrectly identified by network tomography as the root cause of the problem (thereby becoming a scapegoate). The tomography can be deceived by attackers !

  34. INTUITION: SCAPEGOATING ATTACK B: Drop !! M1: I can t reach M2 through A! 2 1 3 M1 M2 A B 10 5 8 4 7 C D 10: M1-M3: 8 6 11: M1-M3: 8 7 9 12: M1-M3: 1 4 6 13: M1-M3: 1 4 7 9 14: M1-M3: 1 2 5 9 15: M1-M3: 1 2 5 7 6 16: M1-M3: 1 2 3 10 9 17: M2-M3: 10 9 18: M2-M3: 10 7 6 19: M2-M3: 3 5 9 20: M2-M3: 3 5 7 6 21: M2-M3: 3 2 4 6 22: M2-M3: 3 2 4 7 9 23: M2-M3: 3 2 1 8 6 6 9 1: M1-M2: 1 2 3 2: M1-M2: 1 2 5 10 3: M1-M2: 1 4 7 10 4: M1-M2: 1 4 7 5 3 5: M1-M2: 1 4 6 9 10 6: M1-M2: 8 7 10 7: M1-M2: 8 7 5 3 8: M1-M2: 8 6 9 10 9: M1-M2: 8 6 9 5 3 M3 Monitors: M1, M2,M3 Attackers: B, C Victim: A

  35. INTUITION: SCAPEGOATING ATTACK M1: I can t reach M3 through A! 2 1 3 M1 M2 A B 10 5 8 4 7 C D C: Drop !! 10: M1-M3: 8 6 11: M1-M3: 8 7 9 12: M1-M3: 1 4 6 13: M1-M3: 1 4 7 9 14: M1-M3: 1 2 5 9 15: M1-M3: 1 2 5 7 6 16: M1-M3: 1 2 3 10 9 17: M2-M3: 10 9 18: M2-M3: 10 7 6 19: M2-M3: 3 5 9 20: M2-M3: 3 5 7 6 21: M2-M3: 3 2 4 6 22: M2-M3: 3 2 4 7 9 23: M2-M3: 3 2 1 8 6 6 9 1: M1-M2: 1 2 3 2: M1-M2: 1 2 5 10 3: M1-M2: 1 4 7 10 4: M1-M2: 1 4 7 5 3 5: M1-M2: 1 4 6 9 10 6: M1-M2: 8 7 10 7: M1-M2: 8 7 5 3 8: M1-M2: 8 6 9 10 9: M1-M2: 8 6 9 5 3 M3 Monitors: M1, M2,M3 Attackers: B, C Victim: A

  36. INTUITION: SCAPEGOATING ATTACK M1: I can reach M3 through C! 2 1 3 M1 M2 A B 10 5 8 4 7 C D 10: M1-M3: 8 6 11: M1-M3: 8 7 9 12: M1-M3: 1 4 6 13: M1-M3: 1 4 7 9 14: M1-M3: 1 2 5 9 15: M1-M3: 1 2 5 7 6 16: M1-M3: 1 2 3 10 9 17: M2-M3: 10 9 18: M2-M3: 10 7 6 19: M2-M3: 3 5 9 20: M2-M3: 3 5 7 6 21: M2-M3: 3 2 4 6 22: M2-M3: 3 2 4 7 9 23: M2-M3: 3 2 1 8 6 6 9 1: M1-M2: 1 2 3 2: M1-M2: 1 2 5 10 3: M1-M2: 1 4 7 10 4: M1-M2: 1 4 7 5 3 5: M1-M2: 1 4 6 9 10 6: M1-M2: 8 7 10 7: M1-M2: 8 7 5 3 8: M1-M2: 8 6 9 10 9: M1-M2: 8 6 9 5 3 M3 Delivered Monitors: M1, M2,M3 Attackers: B, C Victim: A

  37. INTUITION: SCAPEGOATING ATTACK 2 1 3 M1 M2 A B 10 5 8 4 All packets through A are blocked. 7 C D All packets do not pass A are delivered. A must have some problems. 10: M1-M3: 8 6 11: M1-M3: 8 7 9 12: M1-M3: 1 4 6 13: M1-M3: 1 4 7 9 14: M1-M3: 1 2 5 9 15: M1-M3: 1 2 5 7 6 16: M1-M3: 1 2 3 10 9 17: M2-M3: 10 9 18: M2-M3: 10 7 6 19: M2-M3: 3 5 9 20: M2-M3: 3 5 7 6 21: M2-M3: 3 2 4 6 22: M2-M3: 3 2 4 7 9 23: M2-M3: 3 2 1 8 6 6 9 1: M1-M2: 1 2 3 2: M1-M2: 1 2 5 10 3: M1-M2: 1 4 7 10 4: M1-M2: 1 4 7 5 3 5: M1-M2: 1 4 6 9 10 6: M1-M2: 8 7 10 7: M1-M2: 8 7 5 3 8: M1-M2: 8 6 9 10 9: M1-M2: 8 6 9 5 3 M3 Monitors: M1, M2,M3 Attackers: B, C Victim: A

  38. POSSIBLE STRATEGIES Strategies: 2 1 3 M1 M2 A B 10 5 8 4 7 C D 6 9 M3 Chosen-Victim Attack Victim set is already given. Maximum-Damage Attack Find best victim sets for the maximum damage in the network Obfuscation Make every link look mostly similar without evident outliers.

  39. POSSIBLE STRATEGIES: EXAMPLES Strategies: 2 1 3 M1 M2 A B 10 5 8 4 7 C D 6 9 M3 Example of three attacks Delay Maximum- Damage Obfuscation Chosen- Victim Link Index 1 2 3 4 5 6 7 8 9 10

  40. CONVERT INTUITION INTO FORMULATION Objective: attack the linear inverse solution ? = ??? Things significantly go wrong after inverse! ???? manipulated measurement Formulation: Definition: wrong or right link state 0 x normal x b i l = x b ( ) uncertain S l b b i l i u 1 x abnormal i u 2 y 1 y ix i 1 o is the performance of link . lb ub o and are the lower and upper bound. Definition: link set 2 x 3 x y3 3 2 o is the victim link set.

  41. MEASURING THE ATTACK DAMAGE Formulation: Definition of the damage vector: m = y - y oy is the measurements with attack. oy is the measurements without attack. o If an attacker cannot manipulate a particular path, the entry at m is 0. 2 1 3 M1 M2 A B 10 5 8 4 Attack- manipulatable 7 C D Attacker cannot manipulate this path! 6 9 M3

  42. EXAMPLE: FORMULATING CHOSEN-VICTIM Chosen-Victim Attack: scapegoat 2 1 3 M1 M2 A B 10 5 8 4 7 C D 6 9 M3 Damage objective: find a damage vector m with max m 1 Deceiving objective (added as constraint to the max): link 1 should be the one detected abnormal via the inverse abnormal ( ) normal = 1 i = S l i others

  43. EXAMPLE: FORMULATING MAX-DAMAGE Max-Damage Attack: 2 1 3 M1 M2 A B 10 5 8 4 7 C D 6 9 M3 Objective: find a damage vector m with max m 1 Subject to: The victim(s) look abnormal The attack nodes/links look normal

  44. EXAMPLE: FORMULATING OBFUSCATION Obfuscation 2 1 3 M1 M2 A B 10 5 8 4 7 C D 6 9 M3 Objective: maximize the number of uncertain links = i l S abnormal x normal x b i l x b ( ) uncertain b b l i u i u

  45. EXPERIMENTAL EVALUATION Attack Example 2 1 3 M1 M2 A B 10 5 8 4 make it a scapegoat! 7 C D 6 9 M3 Chosen-Victim Attack Link 10 has a very high delay.

  46. EXPERIMENTAL EVALUATION Attack Example make it a scapegoat! 2 1 3 M1 M2 A B 10 5 8 4 7 C D 6 9 make it a scapegoat! M3 Maximum-Damage Attack Delay of both link 1 and 9 are high.

  47. EXPERIMENTAL EVALUATION Attack Example 2 1 3 M1 M2 A B 10 5 8 4 7 C D 6 9 M3 Obfuscation Delay of all links are similar, making the measurement of the network look very confusing!

  48. IMPERFECT CUT: MAX-DAMAGE AND OBFUSCATION Max-Damage and Obfuscation Use the Rocketfuel datasets as topologies for wireline networks. Use random geometric graph to generate wireless network topologies. Even one single attacker is likely to succeed, and maximum-damage attacks are always more likely than chosen-victim attacks.

  49. HOW TO DETECT SUCH ATTACKS Can we really detect perfect cut? The attackers completely block our view of the victim link!! M2 M2 M1 M1 M4 Victim link A1 A1 B B D D C C M3 M3 A2 A2 Victim link E E (a) Perfect Cut (b) Imperfect Cut

  50. HOW ABOUT IMPERFECT CUT? We should find inconsistency between attack paths (M1-M2 and M1-M3) and non-attack paths (M1-M4) M2 M1 M4 A1 B D C M3 A2 E (b) Imperfect Cut

Related


Understanding Wireless Networks: Types and Applications

Understanding Wireless Networks: Types and Applications

jets_849
Overview of External Wireless Communication System on International Space Station (ISS)

Overview of External Wireless Communication System on International Space Station (ISS)

jang395
Proactive Network Protection Through DNS Security Insights

Proactive Network Protection Through DNS Security Insights

rserv
Wireless Network Essentials and Classification

Wireless Network Essentials and Classification

aisl_373
IPv6 Security and Threats Workshop Summary

IPv6 Security and Threats Workshop Summary

lori_4
Understanding Wireless Security Audits and Best Practices

Understanding Wireless Security Audits and Best Practices

muriel
Scrolls:Rolling Flexible Surfaces for Wideband Wireless

Scrolls:Rolling Flexible Surfaces for Wideband Wireless

prudence
Understanding Wireless Communication Networks by Dr. K. Gopi at SITAMS

Understanding Wireless Communication Networks by Dr. K. Gopi at SITAMS

thelonious
Exploring Wireless Technologies and Mobile Commerce

Exploring Wireless Technologies and Mobile Commerce

rut_mac
Cyber Threat Detection and Network Security Strategies

Cyber Threat Detection and Network Security Strategies

lilliemae
Enhancing SWIFT Security Measures for ReBIT: March 2018 Update

Enhancing SWIFT Security Measures for ReBIT: March 2018 Update

grajales_i
Understanding Security Onion: Network Security Monitoring Tools

Understanding Security Onion: Network Security Monitoring Tools

sadhbh
Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University

Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University

kol_lov
Proactive Leadership and Quality Management Insights

Proactive Leadership and Quality Management Insights

evon_323
Rate Optimization in Wideband RIS-assisted Wireless Systems

Rate Optimization in Wideband RIS-assisted Wireless Systems

llewellyn
Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

quer_sna
Wireless Office Docking Model for Multiple Devices

Wireless Office Docking Model for Multiple Devices

epps_eda
Evolution of 8K UHD Wireless Transfer Usage Model for Next Generation Displays

Evolution of 8K UHD Wireless Transfer Usage Model for Next Generation Displays

dedo524
Challenges and Solutions in Wired-Wireless TSN Configuration

Challenges and Solutions in Wired-Wireless TSN Configuration

six_bur
Understanding Network Security Vulnerabilities and Attacks

Understanding Network Security Vulnerabilities and Attacks

leyo_5
Understanding Wireless Wide Area Networks (WWAN) and Cellular Network Principles

Understanding Wireless Wide Area Networks (WWAN) and Cellular Network Principles

anselm
Legal Framework on Information Security in the Ministry of Trade, Tourism, and Telecommunication

Legal Framework on Information Security in the Ministry of Trade, Tourism, and Telecommunication

joso_597
Modeling and Generation of Realistic Network Activity Using Non-Negative Matrix Factorization

Modeling and Generation of Realistic Network Activity Using Non-Negative Matrix Factorization

sidra
BCA 601(N): Computer Network Security

BCA 601(N): Computer Network Security

danna

More Related Content

Guide to Wireless Network Access Configuration on Windows 7, 8, and 10
Guide to Wireless Network Access Configuration on Windows 7, 8, and 10
Wireless LANs: Components and Security Issues
Wireless LANs: Components and Security Issues
Understanding Wireless Network Threats and Vulnerabilities
Understanding Wireless Network Threats and Vulnerabilities
Innovative Wireless Guitar Multi-Functional Design Project Overview
Innovative Wireless Guitar Multi-Functional Design Project Overview
Enhancing Network Security with Software-Defined Snort and OpenFlow
Enhancing Network Security with Software-Defined Snort and OpenFlow
Overview of Computer and Network Security Fundamentals
Overview of Computer and Network Security Fundamentals
A Hybrid Intrusion Detection System Approach for IEEE 802.11 Wireless Networks
A Hybrid Intrusion Detection System Approach for IEEE 802.11 Wireless Networks
Importance of Security in Web Development
Importance of Security in Web Development
Securing IT Infrastructure at Exeter University
Securing IT Infrastructure at Exeter University
Real-Time Data-Driven Network Security Workshop by Joe St. Sauver
Real-Time Data-Driven Network Security Workshop by Joe St. Sauver
Evolution of Wireless-Wireline Convergence in 5G Networks
Evolution of Wireless-Wireline Convergence in 5G Networks
Guide to Creating Access from Wired to Wireless Devices Using Airborne AP Ethernet Bridge
Guide to Creating Access from Wired to Wireless Devices Using Airborne AP Ethernet Bridge
Enhancing Throughput in Multi-Hop Wireless Networks Using Reconfigurable Antennas
Enhancing Throughput in Multi-Hop Wireless Networks Using Reconfigurable Antennas
Wireless Soil Moisture Tension Measurements for Irrigation Management
Wireless Soil Moisture Tension Measurements for Irrigation Management
Overview of Wireless Machine-to-Machine Communications in Industrial Environments
Overview of Wireless Machine-to-Machine Communications in Industrial Environments
Network Design Challenges and Solutions in Business Data Communications
Network Design Challenges and Solutions in Business Data Communications
Network Slicing with OAI 5G CN Workshop Overview
Network Slicing with OAI 5G CN Workshop Overview
Network Monitoring Workshop - Incident Response Overview
Network Monitoring Workshop - Incident Response Overview
A Review of Wireless Body Area Networks for Medical Applications
A Review of Wireless Body Area Networks for Medical Applications
Improving Wireless Performance Through Content Overhearing Refactoring
Improving Wireless Performance Through Content Overhearing Refactoring
Understanding Snort: An Open-Source Network Intrusion Detection System
Understanding Snort: An Open-Source Network Intrusion Detection System
Software Engineering Design Principles and Concepts
Software Engineering Design Principles and Concepts
Understanding Computer Security Principles and Practices
Understanding Computer Security Principles and Practices
Understanding the Role of Security Champions in Organizations
Understanding the Role of Security Champions in Organizations