Modeling Ad-hoc Rushing Attack in a

Negligiblity-based Security Framework

Jiejun KongJiejun Kong, *Xiaoyan Hong, #Mario Mario GerlaGerla

Scalable Network Technologies *Computer Science Department #Computer Science Department Los Angeles University of Alabama, Tuscaloosa University of California, Los

Angeles

jkong@scalable-networks.com, hxy@cs.ua.edu, gerla@cs.ucla.edu

ACM WiSe’06ACM WiSe’06September 29, 2006. Los Angeles, CaliforniaSeptember 29, 2006. Los Angeles, California

Notion: Security as a “landslide” game Played by the guard and the adversary

– Proposal can be found as early as Shannon’s 1949 paper– Not a 50%-50% chance game, which is too good for the

adversary

The notion has been used in modern crypto since 1970s– Based on NP-complexity – The guard wins the game with 1 - negligible probability– The adversary wins the game with negligible probability– The asymptotic notion of “negligible” applies to one-way

function (encryption, one-way hash), pseudorandom generator, zero-knowledge proof, ……

AND this time ……secure routing

The Asymptotic Cryptography Model

Security can be achieved by a polynomial-bounded guard against a polynomial-bounded adversary

1 2 # of key bits (key length) 128

Prob

abili

ty o

f sec

urity

bre

ach The “negligiblenegligible” line

(sub-polynomialsub-polynomial line)

Insecure Secure(Ambiguous area)

Our Asymptotic Network Security Model

Conforming to the classic notion of security

Network metric (e.g., # of nodes -- network scale)

Prob

abili

ty o

f net

wor

k se

curit

y br

each

The “negligiblenegligible” line(sub-polynomialsub-polynomial line)

The “exponentialexponential” line

Insecure Secure(Ambiguous area)

Negligible := (Asymptotic) Sub-Polynomial Consistent with computational cryptography’s asymptotic

notion of “negligible / sub-polynomial”

is negligible by definition

x is key length in computational cryptox is network metric (e.g., # of nodes) in network security

DefinitionDefinition: A function : N R is negligible, if for every positive integer c and all sufficiently large x’s (i.e., there

exists Nc>0, for all x>Nc),

Problem Statement Secure routing problems are not solved

– Rushing attacks, wormhole attacks, etc. are threatening mobile wireless networks

Secure routing lacks formal modeling– More generally, foundation of network security is

unknown

The connection between network scale and network security is unknown

Forwarding in Wireless Networks

Area defined by intersection of 2 or more transmission circles Node redundancy is common in wireless ad hoc networks

– In the E(AE(Aforwardforward)), expectation size of the forwarding area, there are usually more than 1 “good” or “bad” nodes inside

E(AE(Aforwardforward))

Rushing Attack [Hu,Perrig,Johnson 2003]

RREQ forwarding– Rushing attackers disobey delay (MAC/routing/queuing)

requirements& w/ higher prob., are placed on RREP / DATA path

Low-cost: feasible as long as capable of intercepting & forwarding

source dest

RREQ

RREP

Mobile network model Divides the entire network area A into large number

n of very small tiles (i.e., possible “positions”)– A node’s presence probability p at each tile is small

Follows a spatial binomial distribution B(n,p)

– When n is large and p is small, B(n,p) is approximately a spatial Poisson point distribution with rate 1

– If there are N mobile nodes, use 1 as the average PDF

N = N·1

– The probability of exactly k nodes in an area A’

1 in Random Way Point model

[Bettstetter et al.]

a=1000

In our stochastic model, 1 is arbitrary

No matter what the mobility model is, there is a stochastic PDF for node’s probabilistic presence at each position

If in certain area the node’s stochastic presence PDF is 0, then this area should not be

counted in the entire network area A

Modeling adversarial presence : percentage of non-cooperative network

members (e.g., probability of node selfishness & intrusion) 3 random variables

– x : number of nodes in the forwarding community area

– y : number of cooperative nodes

–z : number of non-cooperative nodes

Rushing Attack is Low-cost & Severe ! Per-hop success prob. of node-to-node routing is negligible

with respect to network scale N under rushing attack

Per-hop failure prob. of node-to-node ad hoc routing schemes is unfortunately 1 - negligible(N)

As illustrated later, this means rushing attack makes legacy node-to-node routing schemes fall into negative RP– Negative RP: success/yes probability is negligible, severe problem!– RP: failure/no probability is negligible

Integral and differential not a problem:

…progress … Secure routing problems are not solved

– Rushing attacks, wormhole attacks, etc. are threatening mobile wireless networks

Secure routing lacks formal modeling– More generally, foundation of network

security is unknown

The connection between network scale and network security is unknown

Terminology Las Vegas algo.

Always correct, probably fast

Monte-Carlo algo. Always fast, probably correct with 1-side error– Today’s focus

Atlantic City algo. (or Monte-Carlo w/ 2-side) Always fast, probably correct with 2-side error

RP: Randomized Polynomial-time RP (1-run): not this one!

– Polynomial-time– If correct answer is

FAILURE/NO, it always returns FAILURE/NO

– If correct answer is SUCCESS/YES, it returns SUCCESS/YES with probability ½+(x); but may return FAILURE/NO otherwise

RP (n-runs): today’s pick!– Polynomial-time– If correct answer is

FAILURE/NO, it always returns FAILURE/NO

– If correct answer is SUCCESS/YES, it returns SUCCESS/YES with probability 1-(½)n; but may return FAILURE/NO

Las Vegas

Answer

Monte Carlo Answer

SUCCESSYES

FAILURENO

SUCCESSYES

constant p > 0

(p ½+(x))1 - p ½-(x)

FAILURENO 0 1

Las Vegas

Answer

Monte Carlo Answer

SUCCESSYES

FAILURENO

SUCCESSYES

1 – pn

(p> 1-1/2n)

pn

(p<1/2n)

FAILURENO 0 1

X

poly(x)

the ideal line(can be foundby Las Vegasalgorithms)

(x)

(x)

(x)

(x)

(x)

(x)

deviation bound

deviation bound

A Generic Family of Random Algorithmswith Invariant Deviation (x)

(This is proven in Theorem 2)

Mq

t

Turing Machine (TM)

Deterministic TM– At most 1 move for each

transition state Non-deterministic TM &

Probabilistic TM– Can be represented by

DTM + random tape

Add a random tape to hold coin-tosses for probabilistic Turing Machines

# # # # # # # # # # # # #

Mq

t

Routing in Probabilistic Turing Machine

with GVG oracle # of possible node positions < O(poly(n)) Every node is only a “puppet” tape carrier --- The randomized state is maintained by an oracle, the Global

Virtual God Node communication, mobility and the environmental randomness are simulated by GVG in random tape

Mq

t

# # # # # # # # # # # # # Old place replaced by blank tape

Mq

t RREQ

On-demand route discovery starts

Mq

t RREP

Route successfully established whenRREP is received after poly(N) steps

Modeling mobility

Community Based Security (CBS)

Community-to-community forwarding (not node-to-node) Turn the table

– Now the forwarding failure becomes negligible (x)

– Rushing attack becomes ineffective

Ideally, stay in GVG-RP (i.e., with (x) forwarding failure) for polynomial routing steps (wrt. network scale N)

…progress … Secure routing problems are not solved

– Rushing attacks, wormhole attacks, etc. are threatening mobile wireless networks

Secure routing lacks formal modeling– More generally, foundation of network security is unknown

The connection between network scale and network security is unknown

Connecting a few Theories

Probabilistic Complexity Theory RP & BPP

requires discovery of negligibility

Stochastic Mobility Analysis &Spatial Poisson Processes

Summary Initiative

– Some problems (wrt. foundations of network security) are based on randomized algorithms and probabilistic complexity theory

This paper’s contributions– Devises the GVG oracle to translate wireless networking problems into randomized

algorithms– Algorithms/Protocols in GVG-RP are asymptotically invariant

(x) failure probability at each step (x) failure probability over polynomial steps– In a closed space A (2-d network area or 3-d network volume) where nodes follow spatial Poisson point

distribution and with non-zero PDF • Routing protocols based on local community coordination are in RP• In contrast, legacy routing protocols based on node-to-node coordination are in negative RP

They are severely vulnerable to low-cost routing attacks (rushing attack)

Detailed protocol design is available, though not a perfect implementation– Jiejun Kong, Xiaoyan Hong, Yunjung Yi, Joon-Sang Park, Mario Gerla, “A Secure Ad-

hoc Routing Approach using Localized Self-healing Communities,” pp.254-265, ACM MOBIHOC, May 25-28, 2005.

Open challenges– Applications in other network security domains– Foundations of network security

This slide is intentionally left blank Backup slides follow

Why does size matter? When competition is about physical power in body (network of cells): right before the

“Cretaceous-Tertiary (K-T) extinction” event, the dinosaurs were of their largest size

ALLOSAURUSERA: Late Jurassic ( Kimmeridgian 154.1 - 150.7 Ma ).

SIZE: Length 10 - 12 m. Weight 1 - 1.7 tonnes.

TYRANNOSAURUSERA: Late Cretaceous ( Campanian - Maastrichtian 83.5 - 65 Ma ).

SIZE: Length 12-14 m. Height 5m. Weight 4.5 - 7 tonnes.

PROTOCERATOPSERA: Late Cretaceous ( Santonian - Campanian 85.8 - 71.3 Ma ).SIZE: Length 2m. Height 75cm. Weight 1.4 tonnes.

TOROSAURUSERA: Late Cretaceous ( Maastrichtian 71.3 - 65 Ma ).SIZE: Length 7.6 m. Weight 7 - 8 tonnes.

Why does size matter? (cont’d) When competition is about intelligence in networks of neuron: cranial capacity

and complexity

Taxon Cranial capacity

(cc)

Age (Megannum)

Au. Afarensis 400 – 500 3.6—2.9

Au. africanus 400 – 500 3.0—2.4

Homo habilis 500 – 650 2.0—1.6

Homo rudolfensis 600 – 800 2.4—1.6

Homo ergaster 750 – 1250 1.8—1.2

Homo erectus 750 – 1250 1.8—0.3

Homo sapiens 1400 avg. 0.25—present

BPP: Bounded-error Probabilistic Polynomial-time

BPP (1-run)– Polynomial-time– On either case, will give

correct answer with

probability ½+(x) (i.e., give incorrect answer otherwise)

BPP (n-runs)– Polynomial-time– On either case, will give

correct answer with probability 1-e-n/24(i.e., give incorrect answer otherwise)

• Prove by Chernoff’s bound

Las Vegas

Answer

Monte Carlo Answer

YES NO

YES p ½+(x) 1–p ½-(x)

NO ½-(x) ½+(x)

Las Vegas

Answer

Monte Carlo Answer

YES NO

YES p > 1-e-n/24 1-p < e-n/24

NO < e-n/24 > 1-e-n/24

1 Inspired by Bettstetter et al.’s work

– For any mobility model (random walk, random way point), Bettstetter et al. have shown that1 is computable following

– For example, in random way point model

in a square network area of size a£a defined by -a/2·x· a/2 and -a/2·y· a/2

– 1 is “location dependent”, yet computable in NS2 & QualNet given any area A’ (using finite element method)