1 / 21

Formal Methods and Security Models for Wireless Network Protocols

Formal Methods and Security Models for Wireless Network Protocols. Calvin Ko SPARTA, Inc. April 11, 2008. Formal Methods for Security. A precise specification of “security properties” A formal model of the system

elina
Télécharger la présentation

Formal Methods and Security Models for Wireless Network Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Formal Methods and Security Models for Wireless Network Protocols Calvin Ko SPARTA, Inc. April 11, 2008

  2. Formal Methods for Security • A precise specification of “security properties” • A formal model of the system • A mathematically rigorous approach to verify that the model of the system satisfies the security properties • Theorem proving • Model checking

  3. Some Notes on Formal Verification • You cannot prove that a system is secure in any absolute sense • You can only prove that a model of a system does or does not have certain specific security properties • It requires human judgment to conclude whether having or not having those security properties constitutes 'a secure system' • Getting the properties (requirements) right is as important as getting the (model of the) system right • There is no magic wand, no blind test that could automatically prove an arbitrary given system is secure

  4. Routing in Ad Hoc Networks • Routing is a critical service in MANET • Multi-hop communication without base station • Fully distributed routing • Each node is a router • No centralized point • Topology is dynamic • Link failure and message loss occur frequently • Routing security in MANET is a very challenging problem

  5. Current State • Many ad hoc routing protocols • General: AODV, OLSR, DSR, TORA, ZRP, TBRPF, … • Security-aware: SAODV, ARAN, SRP, SEAD, Ariande, SLSP, OSRP, Ednaira, SOLSR… • Other add-on solution: WATCHDOG, Pathrater, Confidant, SAR, TIARA, IDS, … • We don’t fully understand how secure they are?

  6. What we need? • Not only a single data point • Protocol  Mobility  Adversary  Security-Property

  7. Our Recent Work • Provide high assurance of the security of tactical networks – via mathematically rigorous reasoning • Develop a formal proof – the specification-based IDS can enforce the given secure routing requirement of the OLSR protocol Formal Tactical Network model ACL2 Prover Tactical network protocol (OLSR) Formal Security Requirements …….. …….. ……… …….. Formal Protocol Specification Specification-based IDS Formal Adversary Model Formal Model of IDS (constraint, detection algorithm)

  8. Security Modeling for Routing with Byzantine nodes • Protect the network from bad wireless nodes • A small number of Byzantine nodes could cause huge problem, e.g., • How to misuse AODV: a case study of insider attacks against mobile ad hoc networks, Peng Ning • Attack against OLSR, Cédric Adjih • Rushing attacks, wormhole attacks, Sybil attacks

  9. Security Analysis of Ad Hoc Routing Protocols • Define what “secure routing” mean • Limit the disruption by Byzantine nodes • Routing performance gradually degraded as the number of Byzantine nodes increase • Existing security properties • Access control – (Secure states / Safety Properties) • Information flow – (Noninterference) • Data Integrity • Availability

  10. Types of misbehavior • Misbehavior in route-control traffic (distributed computation of routing tables) • Routing integrity • Misbehavior in forwarding data traffic

  11. A C B G E F D Tactical Network Model • A set of MANET nodes with some malicious nodes. • Good nodes follow the protocol • Bad nodes can do anything • Changing topology and wireless links • An events • Send / receive packets • Protocol-specific events

  12. A C B G E F D Wireless Ad Hoc Network • Consider a particular execution (or run) of a MANET, producing a trace s • The best case is that the bad nodes all behave in a way that conform to the protocol. We denote the resulting trace by s+ • The best we can do in the worst case is that other nodes treat the bad nodes as non-existence. We denote the trace by s-

  13. t5 t12 A A A G G C B C B C B G E D E F F D E F D Original Execution Trace - S t0 Send event Recv event An execution trace … C send P1 to D at t1 A send P2 to B at t2 B recv P2 at t5

  14. t5 t12 A A G G C B C B E D E F F D All bad nodes behave well – S+ t0 A C B G E F D Send event Recv event An execution trace … C send P1 to D at t1 A send P2 to B at t2 B recv P2 at t5

  15. t0 A C B G E F D All bad nodes removed: S- t5 t12 A A G G C B C B E D E F F D Send event Recv event An execution trace … C send P1 to D at t1 A send P2 to B at t2 B recv P2 at t5

  16. S, S+, S- Given a trace of the network S Malicious nodes are well behaved Malicious nodes are removed from the network S+ S-

  17. Security Routing Requirements • No route degradation - At any time t, the route from x to y in S is at least as good as (no of hops) the route from x to y in either S- or S+. • No route being diverted - At any time t, if the route from x to y in S will go through an intermediate node z, then the route from x to y in S or S+ will go through z.

  18. A A C C B B G G E E F F D D No route degradation A to E - 2 hops A to F - 3 hops S A to E - 2 hops A to F - 2 hops A to E - 2 hops A to F - 2 hops S+ A S- B E F D

  19. A Formal Analysis framework Common Security Properties Formal Protocol Specification Mobility conditions Adversary model Highly automated Verification

  20. Building blocks for Secure Ad hoc Routing Protocol OLSR • Building blocks • Secure neighbor discovery • Secure 2-hop neighbor association • … Secure Neighbor Discovery (1-hop) 2-hop Neighbor Discovery (2-hop) MPR Selector Routing Table

  21. Research Challenges • Security properties for protocols • Fundamental understanding of basic building block for protocol security • Support for incremental and reusable proof for proving result with ranges of assumptions • Composing protocols in large network • Systematic identification of vulnerabilities in protocol specification

More Related