Security and Cooperation in Wireless NetworksJean-Pierre Hubaux and Panos Papadimitratos, EPFL, Switzerland
Enter the era of wireless networks. The number of wireless phones surpasses the number of wired ones; millions of nomadic users connect routinely to wireless Local Area Networks (LANs); wireless devices are commonplace in private houses, factories and hospitals; ubiquitous computing is envisioned, with myriads of sensing and actuating devices which communicate wirelessly and enable applications that change our living and working environment.
At the same time, a new networking paradigm emerges. Wireless networks, such as cellular networks, interconnected devices of no or limited programmability in a highly centralized manner. Nowadays, wireless networks comprise powerful and versatile devices with an increasingly active role in the network operation. Often, such user devices become the wireless network, as is the case for self-organizing multi-hop ad hoc networks and, for example, mesh or vehicular networks.
Unfortunately, this evolution creates new vulnerabilities. Meanwhile, security weaknesses are discovred even in existing wireless networks, e.g., wireless LANs, with some of them painstakingly adressed a posteriori. As solutions devised for wired networks cannot be used as such to protect wireless networks, we believe their protection requires additional attention and a more systematic approach. In this tutorial, we explain how to redesign security and safeguard wireless networks against malicious attacks, and then how to thwart selfish user behavior and stimulate cooperation in wireless networks. Hoping that this will contribute towards averting a future in which pervasive connectivity becomes a constant peril.
1. New Wireless Networks and New Challenges (30min)
In the first part, we explain what is changing in wireless networks and why security must be redesigned accordingly. The evolution from centralized to self-organized operation and the programmability of end user devices open the door to sophisticated and hard-to-prevent attacks, and render greedy behavior a serious threat. Communication across multiple wireless links (hops) requires cooperative route discovery and packet forwarding. Embedded systems (e.g., sensors or cars) imply that human beings are not necessarily involved in communication anymore, while miniaturization leads to limited resources (computing power, energy, and bandwidth) that are too valuable to expend on sophisticated security mechanisms. Finally, the proliferation of wireless-enabled devices and the pervasiveness of these emerging technologies raise major privacy concerns. We motivate the material presented in Parts 2 and 3 by discussing all these challenges and the crucial role of trustworthiness for the deployment of such systems; we present mesh, vehicular, and sensor networks, as well Radio Frequency Identification (RFID) tags as examples.
2. Thwarting Malicious Behavior (2h)
In the second part, we focus on mechanisms thwarting malicious attacks. We present basic concepts and illustrate them with examples taken from concrete proposals in the literature. In particular, we concentrate on fundamental security issues, such as the establishment of secure associations among nodes, the secure discovery of communication paths in the network, including the security of neighbor and route discovery, the security of data communication, and the protection of the end-user privacy.
2.1 Security Association Establishment
The establishment of a security association between two nodes results in their mutual authentication and the setup of cryptographic keys to protect the networking protocols and the nodes’ communication. We explain how associations can be established in the ad hoc networking environment, by taking advantage of its salient features such as node mobility and temporary physical proximity. We also consider key pre-distribution schemes for the establishment of security associations in sensor networks.
2.2 Secure Neighbor Discovery
Discovering neighboring nodes, i.e., other nodes that can be directly reached over a wireless link, is a crucial building block for access control, data dissemination, and routing. Simple neighbor discovery mechanisms can be subverted by attackers that seamlessly introduce inexistent wireless links or “wormholes” in the network. We explain how such attacks can be mounted, what their impact on the network operation (e.g., routing) can be, and discuss defense mechanisms.
2.3 Secure Route Discovery
Subverting the discovery of multi-hop communication paths can be particularly easy-to-mount, and highly effective in controlling and potentially denying communication; advertising inexistent routes, creating loops, and disconnecting large parts of the network. We present secure routing protocols for ad hoc networks. We investigate how security requirements for routing protocols can be specified and how routing protocols can be formally proven secure.
2.4 Secure Data Communication
Intelligent attackers could favorably place themselves on the utilized routes but only disrupt the data communication. Worse even, they can lie undetected, without any deviation from the implemented protocols, and hit only when it counts most, for example, dropping valuable messages. We discuss secure communication protocols for ad hoc networks, and their interoperation with the underlying secure neighbor and route discovery.
Finally, we talk briefly about privacy concerns generated by emerging wireless networks and applications, such as vehicular networks. We present schemes proposed to protect privacy in those systems.
3. Thwarting Selfish Behavior (1h30min)
In this last part, we focus on the danger of greedy user behavior. We provide the appropriate theoretical background to model this problem, and we illustrate this topic by two examples: the first at the network layer, and the second at the MAC layer.
3.1 Brief Tutorial on Game Theory
We introduce the (small) subset of game theory concepts required to perform appropriate modeling in wireless networks: player, payoff, strategy, Pareto efficiency, Nash equilibrium.
3.2 Selfishness in Packet Forwarding
We address the problem of cooperation in fully self-organized wireless networks; we show how packet forwarding can be modeled in a game-theoretic setting, and we prove that, in practice, some sort of incentive is required to stimulate the cooperation between the nodes.
3.3 Selfish Behavior at the MAC Layer of CSMA/CA
We show how easy it is for a mobile station attached to an access point to capture most of the available bandwidth, at the expense of the other users. We explain appropriate techniques to identify this kind of misbehavior and to thwart it.
Participants will be provided with copies of the slides, as well as
excerpts of the upcoming, in 2007 by
Audience and Prerequisite Knowledge
The potential audience includes researchers in wireless networks from academia and corporate research centers. In order to fully benefit from this tutorial, a participant should have some background in wireless networking and at least a basic knowledge of security principles. No knowledge in game theory is required.
Biographies of Presenters
Jean-Pierre Hubaux joined the faculty of EPFL in 1990 and he was promoted to full professor in 1996. He is a member of the Institute of Communication Systems, and leads the LCA-1 unit. His research activity is focused on wireless networks, with a special interest in security and cooperation issues. He has been strongly involved in the National Competence Center in Research named "Mobile Information and Communication Systems" (NCCR/MICS), since its genesis in 1999; this center is often nicknamed "the Terminodes project". In this framework, he has notably defined, in close collaboration with his students, novel schemes for the security and cooperation in multi-hop wireless networks, vehicular networks, and sensor networks; in particular, he has devised new techniques for key management, secure positioning, and incentives for cooperation in such networks. He has also made several contributions in the areas of power management in sensor networks and of group communication in ad hoc networks. He has recently written, with Levente Buttyan, a graduate textbook entitled "Security and Cooperation in Wireless Networks."
He is a member of the steering committee of IEEE Transactions on Mobile computing and an associate editor of Foundations and Trends in Networking. He is the chairman of the steering committee of ACM MobiHoc. He has been serving on the program committees of numerous conferences and workshops, including SIGCOMM, Infocom, MobiCom, MobiHoc, SenSys, WiSe, and VANET. He has held visiting positions at the IBM T.J. Watson Research Center and at the University of California at Berkeley. He was born in Belgium, but spent most of his childhood and youth in Northern Italy. After completing his studies in electrical engineering at Politecnico di Milano, he worked 10 years in France with Alcatel, where he was involved in R&D activities, primarily in the area of switching systems architecture and software.
Panos Papadimitratos is a senior researcher at the EPFL Institute of Communication Systems and the LCA-1 unit. Prior to joining EPFL, he spent a year as a postdoctoral fellow at Virginia Tech. In January 2005, Panos received his PhD from Cornell University, Ithaca, NY, where he worked with Prof. Haas since 2000. His research has been concerned with networking protocols and network security, focusing on mobile and wireless systems. More specifically, his work has defined a novel protocol suite for secure and fault-tolerant communication in mobile ad hoc networks, as well as schemes for securing vehicular communication systems. He has participated in projects, related to network and system security and mobile and wireless systems, funded by the European Commission, the Swiss National Foundation, and in the USA, the National Security Agency, the National Science Foundation, and the Department of Defense Multidisciplinary University Research Initiatives administered by Office of Naval Research and the Air Force Office of Scientific Research. He has served in several technical program committees of conferences and workshops, and as a referee for numerous journals.