1 anonymity in manets threats and mitigations roy friedman, neer roggel technion, israel institute...
Post on 20-Dec-2015
221 views
TRANSCRIPT
1
Anonymity in MANETs Threats and Mitigations
Roy Friedman, Neer RoggelTechnion, Israel Institute of Technology
Computer Science Department{roy,nroggel}@cs.technion.ac.il
2
Outline
• What are MANETs?
• Anonymity scenarios
• Attackers and threats
• Our approach: IP hopping
• Limitations and future work
• Open discussion
3
What is a MANET?
4
5
6
What are MANETs?
7
What are MANETs?
8
Anonymity Scenarios
• Battlefield– Units in motion– Sensor network
• Content sharing– Oppressive regime– Rights protected content
9
Attacker Capabilities
• Eavesdropping• Geolocating a node• Device fingerprinting• Generating traffic• Man in the middle• Node compromise• Worm holes
10
Threats to Anonymity
• Irrefutably implicating a node• Distorting route construction• “Chattering laptops”• Attacks on timing• Traffic analysis
11
Traffic Analysis
12
Traffic Analysis Example
A B M D E
K
P
O
L
AB
D
EK
O
P
L
IP1IP2
IP3
IP4IP5
IP7
IP8
IP6
13
Our Approach
14
Simple Example
A
BM
D
E
K
PO
L
( ) ( )iX K KIP E X E i
IP1IP2
IP3
IP4IP5
IP7
IP8
IP6
15
IP Hopping
• Step 1: agree on shared information
A B M D E
Axg A Bx xg A B Mx x xg A B M Dx x x xg
E D M B A
Exg E Dx xg E D Mx x xg E D M Bx x x xg
16
IP Hopping
• Step 2: derive temporary addresses
A B M D E E D M B Ax x x x x x x x x xg K g
(2 )iA KIP E i (2 1)i
E KIP E i
17
IP Hopping
• Step 3: use temporary addresses
A
B
M
D
E
[Ai,B,M,D,Ei]
[Ai,B,M,D,Ei]
[Ai,B,M,D,Ei]
[Ai,B,M,D,Ei]
18
Traffic Analysis Revisited
A B M D E
K
P
O
L
IP1IP2
IP3
IP4IP5
IP7
IP8
IP6
19
Limitations
• Routing efficiency– Discovery, maintenance
• In-band agreement
• Network services– Authentication, service discovery, address
binding, address assignment
20
Future Research Directions
• More IP information leaks
• Better routing mechanisms
• TCP stream information leaks
21
Discussion
• How can we tell the network to help us find someone we are looking for without telling the network who it is we are looking for?
• Once the route is known, how do we ensure that all nodes along the way are capable of receiving the packet and forwarding it?