Towards provable secure neighbor discovery in wireless networks

In wireless systems, neighbor discovery (ND) is a fundamental building block: determining which devices are within direct radio communication is an enabler for networking protocols and a wide range of applications. To thwart abuse of ND and the resultant compromise of the dependent functionality of wireless systems, numerous works proposed solutions to secure ND. Nonetheless, until very recently, there has been no formal analysis of secure ND protocols. We close this gap in [24], but we concentrate primarily on the derivation of an impossibility result for a class of protocols. In this paper, we focus on reasoning about specific protocols. First, we contribute a number of extensions and refinements on the framework of [24]. As we are particularly concerned with the practicality of provably secure ND protocols, we investigate availability and redefine accordingly the ND specification, and also consider composability of ND with other protocols. Then, we propose and analyze two secure ND protocols: We revisit one of the protocols analyzed in [24], and introduce and prove correct a more elaborate challenge-response protocol.

[1]  Radha Poovendran,et al.  A graph theoretic framework for preventing the wormhole attack in wireless ad hoc networks , 2007, Wirel. Networks.

[2]  Dusko Pavlovic,et al.  An encapsulated authentication logic for reasoning about key distribution protocols , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[3]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[4]  Chris Hankin,et al.  A framework for security analysis of mobile wireless networks , 2006, Theor. Comput. Sci..

[5]  David Evans,et al.  Using Directional Antennas to Prevent Wormhole Attacks , 2004, NDSS.

[6]  Srdjan Capkun,et al.  Implications of radio fingerprinting on the security of sensor networks , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[7]  Hridesh Rajan,et al.  Slede: a domain-specific verification framework for sensor network security protocol implementations , 2008, WiSec '08.

[8]  Markus G. Kuhn,et al.  So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks , 2006, ESAS.

[9]  Michalis Faloutsos,et al.  TrueLink: A Practical Countermeasure to the Wormhole Attack in Wireless Networks , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[10]  Panagiotis Papadimitratos,et al.  How to Specify and How to Prove Correctness of Secure Routing Protocols for MANET , 2006, 2006 3rd International Conference on Broadband Communications, Networks and Systems.

[11]  Levente Buttyán,et al.  Statistical Wormhole Detection in Sensor Networks , 2005, ESAS.

[12]  Bharat K. Bhargava,et al.  Visualization of wormholes in sensor networks , 2004, WiSe '04.

[13]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[14]  Panagiotis Papadimitratos,et al.  Secure neighbor discovery in wireless networks: formal investigation of possibility , 2008, ASIACCS '08.

[15]  Radha Poovendran,et al.  Distance Bounding Protocols: Authentication Logic Analysis and Collusion Attacks , 2007, Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks.

[16]  John C. Mitchell,et al.  A modular correctness proof of IEEE 802.11i and TLS , 2005, CCS '05.

[17]  Srdjan Capkun,et al.  Secure positioning in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[18]  Markus G. Kuhn,et al.  Attacks on time-of-flight distance bounding channels , 2008, WiSec '08.

[19]  John S. Baras,et al.  Modeling vulnerabilities of ad hoc routing protocols , 2003, SASN '03.

[20]  Bart Preneel,et al.  Distance Bounding in Noisy Environments , 2007, ESAS.

[21]  Levente Buttyán,et al.  Provably Secure On-Demand Source Routing in Mobile Ad Hoc Networks , 2006, IEEE Transactions on Mobile Computing.

[22]  Dusko Pavlovic,et al.  Deriving Secrecy in Key Establishment Protocols , 2006, ESORICS.

[23]  Srdjan Capkun,et al.  Secure neighborhood discovery: a fundamental element for mobile ad hoc networking , 2008, IEEE Communications Magazine.

[24]  Dusko Pavlovic,et al.  Deriving secrecy properties in key establishment protocols , 2006 .

[25]  Jie Gao,et al.  Detecting Wormhole Attacks in Wireless Networks Using Connectivity Information , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[26]  Gerhard P. Hancke Practical attacks on proximity identification systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[27]  Laurent Bussard Trust establishment protocols for communicating devices , 2004 .

[28]  Juan Manuel González Nieto,et al.  Detecting relay attacks with timing-based protocols , 2007, ASIACCS '07.

[29]  Srdjan Capkun,et al.  SECTOR: secure tracking of node encounters in multi-hop wireless networks , 2003, SASN '03.

[30]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).