Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
ZigBeeZigBee SecuritySecurity
2007 11 092007. 11. 09.국가보안기술연구소
김 재 현
[email protected] Information aNd Network Engineering Research Lab.
School of Electrical and Computer Engineering p g gAjou University, Korea
AgendaAgenda
ZigBee Overviewg
ZigBee Security
Security Stack Implementation
Improvement of Authentication Procedure d P f A l iand Performance Analysis
ConclusionConclusion
Jae Hyun KimAjou University 1
AgendaAgenda
ZigBee Overviewg
ZigBee Security
Security Stack Implementation
Improvement of Authentication Procedure d P f A l iand Performance Analysis
ConclusionConclusion
Jae Hyun KimAjou University 2
The ZigBee AllianceThe ZigBee Alliance
User wants network which allows…
Low power consumptionUsers expect battery to last months to years!
Low cost
High density of nodes per networkHigh density of nodes per network
Simple protocol, global implementation
But…
Standard in a fragmented marketS a da d a ag e ed a eMany proprietary solutions have interoperability issues
Jae Hyun KimAjou University 3
The ZigBee AllianceThe ZigBee Alliance
Organized as an independent, neutral, nonprofit corporation in 2002
Open and globalOpen and globalAnyone can join and participate
Membership is globalMembership is global
Activity includes Specification creation
Certification and compliance programs
Branding, market development, and user education
Jae Hyun KimAjou University 4
The ZigBee AllianceThe ZigBee Alliance
Has made its specification publicly availableZigBee is open to all-ZigBee 2006 now available
http://www.zigbee.org/
ZigBee 2007 is on going
Jae Hyun KimAjou University 5
Applications of ZigBeeApplications of ZigBee
securityHVAC
ZigBee CONSUMER
TVVCRDVD/CDremoteBUILDING
HVACAMR
lighting controlaccess control ZigBee
Wireless Control that Simply Works
ELECTRONICS remoteAUTOMATION
patient
PC & PERIPHERALS
PERSONAL HEALTH CARE
mousekeyboardjoystick
monitoringfitness
monitoring
TELECOM SERVICES
security
PERIPHERALS
asset mgtt l
HEALTH CARE
m-commerceinfo servicesobject interaction (Internet of Things)
HOME CONTROL
securityHVAClighting controlaccess control
INDUSTRIALCONTROL
process controlenvironmental
energy mgt
Jae Hyun KimAjou University 7
(Internet of Things) irrigation
ZigBee HistoryZigBee History
December 14, 2004ZigBee v.1.0 draft ratified
February 17, 2006ZigBee Specification r06
December 1, 2006,Release ZigBee-2006 Specification
May 31 2007May 31, 2007ZigBee-2007 Specification(r16) incorporating errata and clarifications
O t b 19 2007October 19, 2007ZigBee-2007 Specification(r17) incorporating errata and clarifications
Jae Hyun KimAjou University 8
ZigBee OverviewZigBee Overview
Features
Low Rate (Maximum 250Kbps)
Low Cost, Low PowerLow Cost, Low Power
Short Range (10m~80m)
Tree, mesh, star topology
Jae Hyun KimAjou University 9
The IEEE 802 Wireless SpaceThe IEEE 802 Wireless Space
WWANWWAN IEEE 802.22
IEEE 802.20
ange
WMANWiMax
IEEE 802.16
R
ZigBeeWLAN WiFi
802.11802.15.4
15.4c802.15.3802.15.3cWPAN
Bluetooth802.15.1
Data Rate (Mbps)0.01 0.1 1 10 100 1000
ZigBee standard uniquely fills a gap ZigBee standard uniquely fills a gap
Jae Hyun KimAjou University 10
g ee sta da d u que y s a gapg ee sta da d u que y s a gapfor low data rate applicationsfor low data rate applications
IEEE 802.15 OverviewIEEE 802.15 Overview
802.15.1 802.15.3 WiMedia 802.15.4ObjectivesObjectives Bluetooth High Rate UWB Low Rate/ZigbeejjFrequency Frequency
bandband 2.4~2.4835Ghz 2.4GHz 3.1GHz~10.6GHz 868/915MHz2.4GHz
FH/TDD CSMA/CA, CSMA/CAMACMAC 79 Ch, 1600hop/sec
S-Aloha,TDMA
CSMA/CATDMA
TopologyTopology Piconet,Piconet,
Child piconet, Peer2Peer Star,TopologyTopology ,Scatternet
p ,Neighbor piconet
Peer2Peer ,Peer2peer
Data RateData Rate < 3Mbps(sync.)< 723Kbps(Async ) < 55Mbps 53.3Mbps
~480Mbps 20k~250kbps< 723Kbps(Async.) ~480Mbps
ModulationModulation GFSKQPSK, DQPSK, 16/32/64-QAM (11,22,33,44,55
Mbps)QPSK, DCM
BPSK(868/915MHz)
O-QPSK(2.4GHz)Mbps)
RangeRange 1m(1mW)100m(100mW) 5~10m 10~20m
Major Major Nokia,Sony
Xtremespectrum
HP, Intel, Microsoft Philips Motorola
Jae Hyun KimAjou University 11 11
jjVenderVender Sony,
Ericssonspectrum,
TimedomainMicrosoft, Samsung
Philips, Motorola
Frequency AllocationFrequency Allocation
2MHz 5MHzChannel 1-10 Channel 11-26Channel 0
868MHz 902MHz 928MHz 2.4GHz 2.4835GHz
Jae Hyun KimAjou University 12 12
Basic Network CharacteristicsBasic Network Characteristics
65 536 t k ( li t) d65,536 network (client) nodes
27 h l27 channels
250Kbps data rate250Kbps data rate
Optimized for timing criticalOptimized for timing-critical applications and power management
Network coordinatorFull Function nodeReduced Function nodeg
Full Mesh Networking SupportCommunications flowVirtual links
Jae Hyun KimAjou University 13
g pp
Device typesDevice types
FFD (Full Function Device)A device capable of operating as a ZigBee coordinator or router or
device, implementing the complete protocol set.
RFD (Reduced Function Device)A device operating with a minimal implementation of the IEEEA device operating with a minimal implementation of the IEEE
802.15.4 protocol.
Can not be a ZigBee coordinator or routerCan not be a ZigBee coordinator or router
Jae Hyun KimAjou University 14
TopologyTopology
ZigBee CoordinatorZigBee Router
Jae Hyun KimAjou University 15
ZigBee End Device
<Mesh>
ZigBee Protocol Stack OverviewZigBee Protocol Stack Overview
ZigBee Device Object (ZDO) Initializing APS, NWK layer and Security Service ProviderAssembling configuration information from end applicationsDevice discovery and Service discovery
Application Support Sublayer (APS)Application Support Sublayer (APS) APSDE(APS Data Entity)
Generation of the application level PDU (APDU)Device BindingDevice BindingGroup address filtering
filter group-addressed messages based on endpoint group membership.Reliable transporte ab e a spo
retransmissionDuplicate rejectionFragmentation
APSME(APS Management Entity)Binding managementAIB management
Jae Hyun KimAjou University 17
SecurityGroup management
ZigBee Protocol Stack OverviewZigBee Protocol Stack Overview
Network(NWK) LayerNLDE(Network Layer Data Entity)NLDE(Network Layer Data Entity)
Generation of the Network level PDU (NPDU)Topology-specific routingSecurity
NLME(Network Layer Management Entity)Configuring a new deviceConfiguring a new deviceStarting a networkJoining, rejoining and leaving a networkAdd iAddressing
ZigBee coordinators and routers can assign addresses to devices joining the network
Route discoveryReception control
control to when the receiver is activated and for how long, enabling MAC sub-layer synchronization or direct reception.
Jae Hyun KimAjou University 18
Routing
ZigBee Protocol Stack OverviewZigBee Protocol Stack Overview
MAC Layer & PHY Layer : IEEE 802.15.4-2003 (LR-WPAN)Over the air data rates of 250 Kbps 40 Kbps and 20 KbpsOver-the-air data rates of 250 Kbps, 40 Kbps, and 20 Kbps
Star or peer-to-peer operation
Allocated 16-bit short or 64-bit extended addresses
Optional allocation of guaranteed time slots (GTSs): TDMA
Carrier sense multiple access with collision avoidance (CSMA-CA) channel access
Fully acknowledged protocol for transfer reliability (use retransmission)retransmission)
Low power consumption
Energy detection (ED)Energy detection (ED)
Link quality indication (LQI)16 channels in the 2450 MHz band, 10 channels in the 915 MHz b d d 1 h l i h 868 MH b d
Jae Hyun KimAjou University 19
band, and 1 channel in the 868 MHz band
Frame StructureFrame Structure
APS layerExtended header
for fragmentation
NWK layerNWK layerRadius
the range(maximum number of hops) of a radius-limited transmission.Sequence number
prevent routing same packetsSource route subframe
for source routing, store the route information from source to destination
MAC layeryPAN ID
allows communication between devices within a network and enables transmissions between devices another networks
Jae Hyun KimAjou University 21
transmissions between devices another networks
AgendaAgenda
ZigBee Overviewg
ZigBee Security
Security Stack Implementation
Improvement of Authentication Procedure d P f A l iand Performance Analysis
ConclusionConclusion
Jae Hyun KimAjou University 22
Design objectives for ZigBee SecurityDesign objectives for ZigBee Security
ZigBee devices areb d ti i t llbased on tiny microcontrollershave low memory (code and data)deployed in home/industrial scenariosdeployed in home/industrial scenarios easy to use
So we needencryption primitive must be simple to implement and executelow overhead for key storage / maintenanceflexible enough to support home/industrialeasy to use
Jae Hyun KimAjou University 23
Design objectives for ZigBee SecurityDesign objectives for ZigBee Security
Secure the InfrastructureNetwork access controlNetwork access controlIntegrity of packet routingPrevent unauthorized use of packet transportp p
Application data securitypp yMessage integrity
protects message from being modified in transit
A th ti tiAuthenticationprovides assurance on the originator of message
Freshnessprevents replay attacks
Privacyprevents an eavesdropper from listening messages
Jae Hyun KimAjou University 24
prevents an eavesdropper from listening messages
History of ZigBee Security
Version r14Entity authentication is addedEntity authentication is addedIncorporating errata and clarifications
Version r15, r16Residential/Commercial mode is changed to Standard/Hi-security modeCommand tunneling is addedCommand tunneling is addedPermission control table is addedIncorporating errata and clarificationsIncorporating errata and clarifications
Version r17Entity authentication is used for frame counter synchronizationMore test vectors for securityIncorporating errata and clarifications
Jae Hyun KimAjou University 25
Incorporating errata and clarifications
ZigBee SecurityZigBee Security
- AES : Advanced Encryption Standard, one of block cipher function- CCM : CTR-CBC-MAC mode of operation
Jae Hyun KimAjou University 26
- CCM* : CTR-CBC-MAC mode of operation with some modification- CTR : CounTeR mode of operation- CBC-MAC : Cipher-Block Chaining-Message Authentication Code mode of operation
ZigBee Device Types on SecurityZigBee Device Types on Security
Trust center(TC)ZigBee CoordinatorZigBee CoordinatorTrust Manager
Authenticate devices that request to join networkj
Network ManagerMaintains and distributes network keys
Configuration Managerg gEnables end-to-end security between devices by assisting in setup of link keys
RouterRouting security informationLiaison for devices which not haveLiaison for devices which not have network key
End device
Jae Hyun KimAjou University 27
End device
Key TypesKey Types
Link keyMaster key Derived using SKKE yBasis of security between two devices (insider protection)Derived using SKKE between
yBasis for long-term security
gtwo devices
Network KeyNetwork Keyshared key : basis of network-wide securityprotects infrastructure and application data from outsider attacks
Keys can be factory-installed or setup over the air or using out-of-band mechanismseavesdropping should be prevented when this is setup
Link and Network keys can be updated periodically
Jae Hyun KimAjou University 28
y p p y
* SKKE : Symmetric-Key Key-Establishment
SymmetricSymmetric--Key Key Establishment Key Key Establishment (SKKE) Protocol(SKKE) Protocol
Jae Hyun KimAjou University 29
QEU, QEV : 16-byte random sequence
SymmetricSymmetric--Key Key Establishment Key Key Establishment (SKKE) Protocol(SKKE) Protocol
Initiator U Responder V
Secret Key GenerationZ = HashMasterKey(U | V | QEU | QEV)
Secret Key GenerationZ = HashMasterKey(U | V | QEU | QEV)
Key Derivation Functionmackey = Hash(Z | 0x01)linkkey = Hash(Z | 0x02)
Key Derivation Functionmackey = Hash(Z | 0x01)linkkey = Hash(Z | 0x02)
Keyed Hash FunctionMacTag2 = Hashmackey(0x03 | U | V | QEU | QEV)
Keyed Hash FunctionMacTag2' = Hashmackey(0x03 | U | V | QEU | QEV)
(3) Send SKKE-3 frame(with MacTag2)
Compare MacTag2 and MacTag2'(If different, stop SKKE)
Jae Hyun KimAjou University 30
* | : Concatenation
V believe that U is correct device
SymmetricSymmetric--Key Key Establishment Key Key Establishment (SKKE) Protocol(SKKE) Protocol
U believe that V is correct device
Jae Hyun KimAjou University 31
Standard ModeStandard Mode
Residential mode in ZigBee 2006Provide reduced security in ZigBee
No SKKENo SKKENo device authentication during joining procedureUse only one key type : Network key
Key typeNetwork key
Provides network layer frame security & integrity (protect external attack)integrity (protect external attack)
AdvantageMinimize storageL bili d iLow capability device can act as trust centerTrust center can be easily replaced with another deviceEasy to maintain
DisadvantageCannot protect internal attacksNo authentication during joining procedure
Jae Hyun KimAjou University 32
g j g p
HiHi--security Modesecurity Mode
Commercial mode in ZigBee 2006Provide full security in ZigBee
Do SKKE
C : KN , KM,AC, KL,AC KM,BC, KM,BC
Do SKKEDevice authentication during joining procedureUse all key types
D : KN , KM,AD, KL,AD
Key typeMaster keyLink key
S f & B : K K KProvides APS layer frame security & integrity (protect internal attack)
Network keyProvides network layer frame security & A : KN , KM,AB, KL,AB
B : KN , KM,AB, KL,AB KM,BC, KL,BC
integrity (protect external attack)
AdvantageProvide all security functions in ZigBee
ZigBee CoordinatorZigBee Router
KM,AC, KL,AC KM,AD, KM,AD
Provide all security functions in ZigBee
DisadvantageIncrease storage overhead
ZigBee End Device
KN Network Key
K M t k b t A d B
Jae Hyun KimAjou University 33
Low capability device cannot act as trust center KL,AB Link key between A and B
KM,AB Master key between A and B
ZigBee Security ServiceZigBee Security Service
128-bit Symmetric Key CryptographyBlock Cipher Mode : 128-bit AES(Advanced EncryptionBlock Cipher Mode : 128-bit AES(Advanced Encryption Standard)Low overheadStrongNIST(National Institute of Standards and Technology) approved securityapproved security
Frame SecurityFrame SecurityEncryption & Message Authentication : AES-CCM*Device level and/or network levelIntegrity is option : 0, 32, 64 or 128 bit MIC(Message Integration Code)
Message protection vs Message overhead
Jae Hyun KimAjou University 34
Message protection vs. Message overhead
ZigBee Security ServiceZigBee Security Service
Key ManagementHash
AES MMO(AES M t M O )AES-MMO(AES-Matyas-Meyer-Oseas)Cryptographic Hash
HMAC(keyed-Hash Message Authentication Code) with AES-MMOKey Establishment ProtocolKey Establishment Protocol
SKKE protocolNetwork key & Link key Update
AuthenticationSKKE ProtocolEntity AuthenticationEntity Authentication
Similar to SKKE protocolUse network key instead of master keyNot establish link key
Device ManagementDevice UpdateD i L i
Jae Hyun KimAjou University 35
Device Leaving
Example of Frame Security Example of Frame Security (APS layer, Outgoing)(APS layer, Outgoing)
UnsecuredPayload
Frame Counter(4)
Source Address(8)
Security Control(1)
<Nonce N>
Security Level(3bits)
Key Identifier(2bits)
Extended Nonce(1bit)
Reserved(2bits)
000
Link Key
Authentication data
00 CCM* Encryption &
Authentication
Nonce
Security Control(1)
Frame Counter(4)
Key Sequence Number(1)
APS Header Auxiliary frame Header Secured APS payload & MIC
Jae Hyun KimAjou University 36
* Colored block represent same value
Example of Frame Security Example of Frame Security (Network layer, Outgoing)(Network layer, Outgoing)
UnsecuredPayload
Frame Counter(4)
Source Address(8)
Security Control(1)
<Nonce N>
Security Level(3bits)
Key Identifier(2bits)
Extended Nonce(1bit)
Reserved(2bits)
011
Network Key
Authentication data
00 CCM* Encryption &
Authentication
Nonce
Security Control(1)
Frame Counter(4)
Source Address(8)
Key Sequence Number(1)
NWK Header Auxiliary frame Header Secured NWK payload & MIC
Jae Hyun KimAjou University 37
* Colored block represent same value
Procedures Procedures --Device Authentication & UpdateDevice Authentication & Update
Hi-Security Mode
Receive NWK address
device updatep(a device joined!)
Transport master key(if master key not preconfigured)
Do device authentication and establish link key
Transport network key
Authenticate between router and joiner device
Jae Hyun KimAjou University 38
Procedures Procedures --Device Authentication & UpdateDevice Authentication & Update
Standard Mode
Jae Hyun KimAjou University 39
Procedures Procedures --Network key updateNetwork key update
TrustCenter Device1 Device2
T t K C d(NWK K N)
Replace alternate or active network key with network key
N
Transport-Key Command(NWK Key, N)
Switch-Key Command(N)
Make network key N the activeMake network key N the active network key or Ignore
Transport-Key Command(NWK Key, N)
Replace alternate or active network key with network key
N
Switch-Key Command(N)
Make network key N the active network key or Ignore
Jae Hyun KimAjou University 40
Procedures Procedures --EndEnd--toto--end key establishmentend key establishment
Jae Hyun KimAjou University 41
Procedures Procedures --Network leaveNetwork leave
RouterTrustCenter Device
Remove Device Command
Leave CommandLeave Command
RouterTrustCenter Leaving Device
Leave Command
Update-Device Command
Jae Hyun KimAjou University 42
ApplicationApplication--specificspecific
Out of band methods for key setup
Wired line(RS-232), NFC, RFID, USB, etc.
Cost/Security tradeoff for number of link keys needed
With 128KB flash / 8KB RAM / debug mode : about 6-10 link
keyskeys
Policy for expiration and update of keys
Hours or days
Policy for accepting new devices
ID/Password, MAC address filtering, etc.
Jae Hyun KimAjou University 43
Disadvantage/Disadvantage/Weakness in ZigBee SecurityWeakness in ZigBee Security
No MAC layer security
Due to program code size or message length limitationDue to program code size or message length limitation
Possible attacksW h l tt k A k l d t fi Att k hi h t tWorm-hole attack, Acknowledgement spoofing, Attack which targets channel reservation, etc.
Trust center based securityy
Authentication, End-to-end key establishment contain communication between device and trust centercommunication between device and trust center
If device is far from TC, then it has too much overhead
Jae Hyun KimAjou University 44
AgendaAgenda
ZigBee Overviewg
ZigBee Security
Security Stack Implementation
Improvement of Authentication Procedure d P f A l iand Performance Analysis
ConclusionConclusion
Jae Hyun KimAjou University 45
Security Stack ImplementationSecurity Stack Implementation
Hardware environmentChipset : Chipcon CC2430
802.15.4 support
128KB flash memory128KB flash memory
8KB RAM
Support AES block cipher modes
Board : Aiji ZDB Ver 2.0
Software environmentIAR Embedded Workbench for MCS-51 Evaluation(C code)
Chipcon 802.15.4 packet snifferp p
Implement security stack on UbiFOS(ZigBee stack of Aiji system)
Jae Hyun KimAjou University 46
Test EnvironmentTest Environment
Using Chipcon 802.15.4 Sniffer for CC2430
Jae Hyun KimAjou University 47
Test Test -- Device authentication(1Device authentication(1--hop)hop)
Direction : Device ←→ TC
Association Request →
Beacon Request →
Beacon ←q
Association Response ←
Transport-Key(Master key) ←
Jae Hyun KimAjou University 48
SKKE-1 ←
Test Test -- Device authentication(1Device authentication(1--hop)hop)
SKKE-2 →
SKKE-3 ←
SKKE-4 →
Transport-key(Network key) ←
Jae Hyun KimAjou University 49
End-Device Announcement
(broadcast)
AgendaAgenda
ZigBee Overviewg
ZigBee Security
Security Stack Implementation
Improvement of Authentication Procedure d P f A l iand Performance Analysis
ConclusionConclusion
Jae Hyun KimAjou University 50
Problem in Problem in Device Authentication Authentication ProcedureProcedure
Device authentication in Hi-security modeTC must do & complete SKKE protocol with joiner device
For multi-hop environmento u t op e o e tRouting some messages from TC(joiner device) to joiner
device(TC)device(TC)
Attacker can target this featureRepeat authentication procedure
possible even if attacker doesn’t have master key
Jae Hyun KimAjou University 51
Problem in Problem in Device Authentication Authentication ProcedureProcedure
Too much Overhead
Jae Hyun KimAjou University 52
Possible SolutionPossible Solution
Reduce the message exchange between TC and device, and
router and device.
Reduce unnecessary network traffic from attacker
Reduce authentication time
Jae Hyun KimAjou University 53
Performance : Preliminary Results
Actual completion time during device authentication (for 2-hop)ZigBee 2007 r16 : about 300msZigBee 2007 r16 : about 300msProposed : about 220ms => 26.7% Improvement
Performance Expectation(@ 250kbps, no processing delay)Completion Time(@250kbps)
0.25
0 15
0.2
)
R16Proposed
0.1
0.15
Tim
e(s)
0
0.05
Jae Hyun KimAjou University 54
0 2 4 6 8 10Number of hops between Coordinator and Joiner
AgendaAgenda
ZigBee Overviewg
ZigBee Security
Security Stack Implementation
Improvement of Authentication Procedure d P f A l iand Performance Analysis
ConclusionConclusion
Jae Hyun KimAjou University 55
Conclusion
Overview of ZigBeeZigBee AllianceZigBee AllianceFeaturesZigBee Protocol Stack Overview
ZigBee SecurityDesign objectiveDesign objectiveSecurity ServicesExample proceduresa p e p ocedu esPossible weaknesses
Implementation of ZigBee Security StackStill working on the improvement of Authentication Procedure
Jae Hyun KimAjou University 56
Procedure
ReferenceReference
[1] ZigBee Alliance Homepage, http://www.zigbee.org/
[2] ZigBee Alliance ZigBee-2006 Specification: ZigBee Document 053474r13[2] ZigBee Alliance, ZigBee-2006 Specification: ZigBee Document 053474r13, December 2006.
[3] ZigBee Alliance, ZigBee-2007 Specification: ZigBee Document 053474r16, May 2007.
[4] IEEE Std. 802.15.4-2003, Wireless Medium Access Control (MAC) and Ph i l L (PHY) S ifi ti f L R t Wi l P l APhysical Layer (PHY) Specification for Low Rate Wireless Personal Area Networks, 2003.
[5] ZigBee Alliance, ZigBee Security Overview[5] ZigBee Alliance, ZigBee Security Overview
[6] ZigBee Alliance, ZigBee Alliance Tutorial, available at http://www.zigbee.org/en/resources/presentations.asp
[7] TSC system, 홈네트워크 ZigBee 보안 – ZigBee 1.0 Security
[8] ZigBee Alliance, ZigBee-2007 Specification: ZigBee Document 053474r17, O
Jae Hyun KimAjou University 57
October 2007.
Scanning Worm DetectionScanning Worm Detection
Scanning wormSend packets with randomly generated addresses to find vulnerable hostsSend packets with randomly generated addresses to find vulnerable hosts that are susceptible to infectionScanning Worm causes severe network congestion
R d l t k dd t fi d l bl h tRandomly scan network addresses to find vulnerable hostsPropagation speed is faster than human reaction
ExampleC d R d I 2 (2001년 월발생 14시간내 3 9 000 h 감염)Code-Red I v2 (2001년 7월발생, 14시간내 359,000 hosts 감염)Slammer (2003년 1월발생, 10분내 75,000 hosts 감염)Blaster (2003년 8월발생, 수시간내 500,000 hosts 감염)Witty (2004년 3월발생, 45분내 12,000 hosts 감염)
Early detection is required to protect networksUsing packet header information
High accuracy, slow detectionUsing network traffic characteristics
Jae Hyun KimAjou University 61
Low accuracy, fast detection
Scanning Worm DetectionScanning Worm Detection
Traffic ParametersBits per unit timeBits per unit timeNumber of packets per unit timePacket inter-arrival time
Traffic AnalysisVarianceVMR (Variance to Mean Ratio)VMR (Variance to Mean Ratio)Correlation coefficient
Detection criteriaVariance : If variance at time t(sec) is greater than averaged value for αseconds, we consider that a worm is detectedVMR : If VMR at time t(sec) is greater than averaged value for β secondsVMR : If VMR at time t(sec) is greater than averaged value for β seconds, we consider that a worm is detectedCorrelation coefficient : If Correlation coefficient at time t(sec) is greater than γ we consider that a worm is detected
Jae Hyun KimAjou University 62
than γ, we consider that a worm is detected
62
Simulation ResultsSimulation Results
2.5
3 x 108
2
2.5 x 1012
CodeRed
Slammer
Witty
1.5
2
affic
Vol
ume
(bits
/sec
)
1
1.5
Var
ianc
e
Normal
0 100 200 300 400 500 600 700 800 9000
0.5
1
Time (sec)
Tra
CodeRedSlammerWittyNormal
200 300 400 500 600 700 800 9000
0.5
Time (sec) 200 300 400 500 600 700 800 900Time (sec)
5
6
CodeRed
Slammer
Witty0.8
1
CodeRed
Slammer
Witt
< Traffic Volume (bits/sec) > < Variance >
3
4
VMR
Witty
Normal
0 2
0.4
0.6
elat
ion
Coe
ffici
ent
Witty
Normal
1
2
-0.2
0
0.2
Cor
re
Jae Hyun KimAjou University 63
200 300 400 500 600 700 800 9000
Time (sec)200 300 400 500 600 700 800 900
-0.4
Time (sec)
< Variance to mean ratio > < Correlation coefficient >
Detection resultsDetection results
Worm breaks out
Criteria Normal Normal + CodeRedIv2
Normal + Slammer
Normal + Witty
Variance No detection 34 2 2
VMR No detection 43 2 2
Correlation coefficient No detection 47 4 43
Jae Hyun KimAjou University 64
Entity Authentication ProtocolEntity Authentication Protocol
Initiator U Responder Vp
Challenge Generation (Generate QEU)
(1) Send EA-1 frame(with QEU)
Challenge Generation (Generate QEV)
(2) Send EA-2 frame(with QEV)
Jae Hyun KimAjou University 66
QEU, QEV : 16-byte random sequence
Entity Authentication ProtocolEntity Authentication Protocol
Initiator U Responder V
Keyed Hash FunctionMacTag2 = HashNetworkKey(0x03 | U | V
| QEU | QEV)
Keyed Hash FunctionMacTag2' = HashNetworkKey(0x03 | U | V
| QEU | QEV)
(3) Send EA-3 frame(with MacTag2 & frame counter)
Compare MacTag2 and MacTag2'(If different, stop EA)
V believe that U is correct device
Jae Hyun KimAjou University 67
* | : Concatenation