VDG, July 17, 2007 1 Copyright © 2007

On the Evolution of Adversary Models(from the beginning to sensor networks)

Virgil D. Gligor Electrical and Computer Engineering

University of MarylandCollege Park, MD. 20742

gligor@umd.edu

Lisbon, PortugalJuly 17-18, 2007

VDG, July 17, 2007 2 Copyright © 2007

Overview

1. New Technologies often require a New Adversary Def.- continuous state of vulnerability

2. Why is the New Adversary Different ? - ex. sensor, mesh networks, MANETs

- countermeasures

3. Challenge: find “good enough” security countermeasures

4. Proposal: Information Assurance Institute

VDG, July 17, 2007 3 Copyright © 2007

A system without an adversary definition cannotpossibly be insecure; it can only be astonishing…

… astonishment is a much underrated security vice.(Principle of Least Astonishment)

VDG, July 17, 2007 4 Copyright © 2007

1. New Technology > Vulnerability ~> Adversary <~> Methods & Tools

Why an Adv. Def. is a fundamental concern ?

-sharing user-mode confidentiality and untrusted user- sys. vs. user mode (’62->) programs& data; integrity breaches; mode programs rings, sec. kernel (’65, ‘72)- computing utility system penetration; & subsystems FHM (’75) theory/tool (’91)*(early – mid 1960s) acc. policy models (’71)

- shared stateful DoS instances untrusted user DoS = a diff. prob.(83-’85)*services processes; formal spec. & verif. (’88)*

e.g., DBMS, net. protocols concurrent, DoS models (’92 -> ) dyn. resource alloc. coord. attacks(early - mid 1970s)

- PCs, LANs; read, modify, block, “man in the middle” informal: NS, DS (’78–81)public-domain Crypto replay, forge active, adaptive semi-formal: DY (‘83)(mid 1970s) messages network adversary Byzantine (‘82 –>)

crypto attk models (‘84->) auth. prot. analysis (87->)

- internetworking large-scale effects: geo. distributed, virus scans, tracebacks (mid – late 1980s) worms, viruses, coordinated intrusion detection

DDoS (e.g., flooding) attacks (mid ’90s ->)

2. Technology Cost -> 0, Security Concerns persist

VDG, July 17, 2007 5 Copyright © 2007

Continuous State of Vulnerability

New Technology >

New Vulnerability ~>

New Adversary Model <~>

New AnalysisMethod & Tools

+/- O(months) +O(years)

+O(years)

Reuse of Old (Secure)Systems & Protocols

New Technology ~>

New Vulnerability

OldAdversary Model

… a perennial challenge (“fighting old wars”)

mismatch

VDG, July 17, 2007 6 Copyright © 2007

New Technology Ex.: Sensor Networks

Claim

Sensor Networks introduce:

- new, unique vulnerabilities: nodes captured and replicated

- new adversary: different from and Dolev-Yao and traditional Byzantine adv.s

and

- require new methods and tools: emergent algorithms & properties (for imperfect but good-enough security)

Mesh Networks have similar but not identical characteristics

VDG, July 17, 2007 7 Copyright © 2007

Two Extreme Examples

Low end: Smart Cards (< $15) High end: IBM 4764 co-proc. (~ $9K)

- no tamper resistance- non-invasive phys. attacks

- side-channel (timing, DPA)- unusual operating conditions

- temperature, power clock glitches

- invasive phys. attacks- chip removal from plastic cover- microprobes, electron beams

- tamper resistance, real time response- independent battery, secure clock- battery-backed RAM (BBRAM)- wrapping: several layers of non-metallic grid of conductors in a grounded shield to reduce detectable EM emanations- tamper detection sensors (+ battery)

- temp., humidity, pressure, voltage, clock, ionizing radiation

- response: erase BBRAM, reset device

Limited Physical Node Protection

VDG, July 17, 2007 8 Copyright © 2007

Observation: a single on-chip secret key is sufficient to protect (e.g., via Authenticated Encryption) many other memory-stored secrets (e.g., node keys)

Problem: how do we protect that single on-chip secret key ?

Potential Solution: Physically Unclonable Functions (PUFs)

observation: each IC has unique timing

basic PUF: Challenge extracts unique, secret Response (i.e., secret key) from

IC-hidden, unique timing sequence

Limited Physical Node Protection

VDG, July 17, 2007 9 Copyright © 2007

b0 b1 b2 b61 b128

bi=0 bi=1

Arbiter

switch

01

Arbiter 0

Arbiter 1

Arbiter operation

LFSR Challengee.g., 128 bits

Responsee.g., 255 bits

Basic PUF circuit [Jae W. Lee et al. VLSI ‘04]

b62feed-fwd arbiter

unknown challenge bit

IC

255

VDG, July 17, 2007 10 Copyright © 2007

Basic PUF counters:

brute-force attacks (2*128 challenge-response pairs => impractical)

duplication (different timing => different Secret Response)

invasive attacks (timing modification => different Secret Response)

However,

Pr. 1: adversary can build timing model of Arbiter’s output=> can build clone for secret-key generation

Pr. 2: Arbiter’ output (i.e., secret-key generation) is unreliableReality: intra-chip timing variation (e.g., temp, pressure, voltage)

=> errors in Arbiter’s output (e.g., max. error: 4 – 9%)

Basic PUF circuit [Jae W. Lee et al. VLSI ‘04]

VDG, July 17, 2007 11 Copyright © 2007

Suggested PUF circuit [Ed Suh et al. ISCA ‘05]

Solution to Pr. 1: hash Arbiter’s output to provide new Response - cannot discover Arbiter output from known Challenges and new Responses

Solution to Pr. 2: add Error Correcting Codes (ECCs) on Arbiter’s output

e.g., use BCH(n, k, d) n(timing bits) = k(secret bits) + b(syndrome bits) for (d-1)/2 errors

BCH (255,63,61) => 30 (> 10%n > max. no.) errors in Arbiter’s output are corrected > 30 errors ? (probability is 2.4 X10-6)

probability of incorrect output is smaller but not zero

hash Arbiter’s output and verify against stored Hash(Response)

VDG, July 17, 2007 12 Copyright © 2007

Suggested PUF circuit

b0 b1 b2 b61 b128

Arbiter

LFSRknownChallengee.g., 128 bit

secretResponse

b62feed-fwd arbiterBCH

knownSyndromee.g., 192 bits

Hash

(Off-line) Verifiable-Plaintext Attack:Get C, S, hash(R); guess remaining (e.g., 63) bits of Arbiter’s output; verify new R; repeat verifiable guesses until Arbiter’s output is known; discover secret key

However, syndrome reveals some (e.g., b=192) bits of Arbiter’s output (n=255)

IC

255bits

generate response: C -> R, S; retrieve response: C, S -> R

VDG, July 17, 2007 13 Copyright © 2007

Some Characteristics of Sensor Networks

1. Ease of Network Deployment and Extension- scalability => simply drop sensors at desired locations- key connectivity via key pre-distribution =>

neither administrative intervention nor TTP interaction

2. Low Cost, Commodity Hardware - low cost => physical node shielding is impractical

=> ease of access to internal node state(Q: how good should physical node shielding be to prevent access to a sensor’s internal state ?)

3. Unattended Node Operation in Hostile Areas => adversary can capture, replicate nodes (and node states)

VDG, July 17, 2007 14 Copyright © 2007

NEIGHBORHOOD i

1

3i

2

Captured Node

3

Replicated Node Insertion: How Easy ?

shared keyoutside neighborhood

shared keyoutside neighborhood

NEIGHBORHOOD j

NEIGHBORHOOD k

shared key

inside neighborhood

path key

VDG, July 17, 2007 15 Copyright © 2007

NEIGHBORHOOD j

NEIGHBORHOOD i

1

3i

2

Captured Node

3

NEIGHBORHOOD k

3

Node

Replica 1

3

Node

Replica 2

Note: Replica IDs are cryptographically bound to pre-distributed keys and cannot be changed

Attack Coordination among Replicas: How Easy ?

collusion

VDG, July 17, 2007 16 Copyright © 2007

New vs. Old Adversary

Old Byzantine Adversaries - can do 1) but not 2) - consensus problems impose fixed thresholds for captured nodes

(e.g., t < n/2, t < n/3) and fixed number of nodes, n.

Old (Dolev-Yao) Adversary can - control network operation

- man-in-the-middle: read, replay, forge, block, modify, insert messages anywhere in the network

- send/receive any message to/from any legitimate principal (e.g., node) - act as a legitimate principal of the network

Old (Dolev-Yao) Adversary cannot 1) adaptively capture legitimate principals’ nodes and discover a legitimate principal’s secrets 2) adaptively modify network and trust topology (e.g., by node replication)

VDG, July 17, 2007 17 Copyright © 2007

Countermeasures for Handling New Adv.?

1. Detection and Recovery - Ex. Detection of node-replica attacks- Cost ? Traditional vs. Emergent Protocols - Advantage: always possible, good enough detection- Disadvantage: damage possible before detection

2. Avoidance: early detection of adversary’s presence- Ex. Periodic monitoring - Cost vs. timely detection ? False negatives/positives ?- Advantage: avoids damage done by new adversary- Disadvantage: not always practical in MANETs, sensor and mesh networks

3. Prevention: survive attacks by “privileged insiders”- Ex. Subsystems that survive administrators’ attacks (e.g., auth)- Cost vs. design credibility ? Manifest correctness

- Advantage: prevent damage; Disadvantage: very limited use

VDG, July 17, 2007 18 Copyright © 2007

Example of Detection and Recovery

(IEEE S&P, May 2005)

- naïve: each node broadcasts <ID, “locator,” signature> perfect replica detection: ID collisions, different Iocators complexity: O(n2) messages

- realistic: each node broadcasts locally <ID, “locator,” signature> local neighbors further broadcast to g << n random witnesses good enough replica detection: ID collision, different

Iocators at witness detection probability: 70 - 80% is good enough

complexity: O(n x sqrt(n)) messages

VDG, July 17, 2007 19 Copyright © 2007

A New App.: Distributed Sensing

VDG, July 17, 2007 20 Copyright © 2007

A New Application: Distributed Sensing

Application: a set of m sensors observe and signal an event - each sensor broadcasts “1” whenever it senses the event;

else, it does nothing - if t m broadcasts, all m sensors signal event to neighbors; else do nothing

New (Distributed-Sensing) Adversary - captures nodes, forges, replays or suppresses (jams) broadcasts

(within same or across different sessions) - increases broadcast count with outsiders’ false broadcasts

Operational Constraints - absence of event cannot be sensed (e.g., no periodic “0” broadcasts) - broadcasts are reliable and synchronous (i.e., counted in sessions)

Adversary Goals: violate integrity (i.e., issues t m/2 false broadcasts) deny service (i.e., t > m/2, suppresses m-t+1 broadcasts)

VDG, July 17, 2007 21 Copyright © 2007

32

1

8

9

104

5

6

7

CommunicationNeighborhood

revocation target

An Example: distributed revocation decision[IEEE TDSC, Sept. 2005]

11

12

13

14

m=6, t = 4 votes in a session => revoke target

propagate revocation

decision

propagate re

voca

tion

decision

Keying Neighborhood

VDG, July 17, 2007 22 Copyright © 2007

New vs. Old Adversary

A (Reactive) Byzantine Agreement Problem ? - both global event and its absence are (“1/0”) broadcast by each node - strong constraint on t ; i.e., no PKI => t > 2/3m; PKI => t >m/2 - fixed, known group membership

New (Distributed-Sensing) Adv. =/= Old (Byzantine) Adv. - new adversary need not forge, initiate, or replay “0” broadcasts - new adversary’s strength depends on a weaker t (e.g., t < m/2) - new adversary may modify membership to increase broadcast count ( > t)

No.

VDG, July 17, 2007 23 Copyright © 2007

Conclusions

3. How effective are the countermeasures ?- provide “good enough” security; e.g., probabilistic security

properties

1. New Technologies => New Adversary Definitions- avoid “fighting the last war”- security is a fundamental concern of IT

2. No single method of countering new and powerful adversaries- detection- avoidance (current focus) - prevention (future)