Packet Leashes: Defense Against Wormhole Attacks

Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

What is it? An attacker receives packets at one point in the

network, “tunnels” them to a different point in the network and then replays them from this point.

Note: the attacker can create a wormhole for packets not addressed to itself so long as it is within hearing range

Why is this bad? A node is misled to believe it is within transmission

range of the sending node

Wormhole Attack

Gives the attacker many advantages of power over the network: Example 1: When used against DSR, each ROUTE

REQUEST packet is tunneled directly to the destination target note of the REQUEST. All of the destination neighbors following normal routing protocol rebroadcast the REQUEST copy but discard without processing all other received ROUTE REQUEST packets originating from the same Route Discovery - essentially, routes greater than two hops are never discovered. The attacker can then discard rather than forward all data packets leading to DOS attack since no other route to the destination can be discovered as long as the attacker maintains the wormhole for ROUTE REQUEST. The attacker can also selectively modify or drop random bits of a data packet

Wormhole Attack

Example 2 Wireless Access Control system based

on physical proximity: such as wireless keys, or proximity and token based access control systems for PCs - an attacker could relay the authentication exchanges to gain access

Partial prevention techniques Secret method for modulating bits RF watermarking - authenticates wireless

transmission by by modulating RF waveform in a way known only to authorized nodes. Knowledge of which RF parameters are modulated is kept secret. Shortcoming: If waveform is exactly captured and

replayed at the end of the wormhole, the signal level of the watermark is independent of the distance traveled hence watermark may still be intact even if it traveled beyond normal wireless transmission range

Intrusion Detection - may work in some cases but difficult in general since packets sent by attacker are indistinguishable from packets sent by legitimate nodes

Packet Leash

Author defined general mechanism for detecting and defending against wormhole attacks.

A Leash is any information that is added to a packet for the purpose of restricting the packet’s maximum allowed transmission distance. Two types: Geographical Leashes Temporal Leashes

Geographical Leashes I Requirements: each node must know its location

and all nodes must have loosely synchronized clocks

The sender includes in the packet, its own location, ps, and the time it sent the packet, ts, The receiver compares these values to its location pr,

and the time it receives the packet tr, If the clocks of both sender and receiver are synchronized within ,and v is an upper bound on the velocity of any node, the receiver can compute an upper bound on the distance between itself and the sender, dsr

Geographical Leashes II A digital signature could be used to authenticate the the location

and timestamp in the received packet

Sometimes, bounding the distance between sender and receiver does not prevent wormhole attacks: e.g when obstacles prevent communication between two nodes who are otherwise within allowed transmission range. Solution: Each node has a propagation model. There is

a defined radius around both the sender and the receiver such that the receiver verifies that every possible location of the sender radius around ps can send to every possible location of the receiver radius around pr

Temporal Leashes Requirements: All nodes must have tightly

synchronized clocks s.t. max difference between any two nodes’ clocks is and must be known by all network nodes

Process: Option I: The sending node includes in the packet the

time at which it sent the packet, ts, and this value is compared by the receiving node to the time it receives the packet tr. The receiver can determine whether the packet traveled further based on the supposed transmission time and the speed of light.

Option II: The sender could include an expiration time in the packet so that the receiver does not accept the packet after this time

Note: Could also use signatures for authentication

Potential Problems Time synchronization subject to attacks,

and hence restricts applicability of temporal leashes

In contention-based MAC protocol, sender may not know exact time packet will be transmitted

Receiver needs to be able to authenticate expiration time in temporal leashes, option II, otherwise, attacker could change the time and still wormhole the packet Solution: TESLA with Instant Key disclosure

(TIK) protocol

TIK Protocol I Why was TIK developed?

To resolve the problem of attacker accessing and modifying the expiration time of a temporal leash. The current methods for preventing this have several drawbacks: Message Authentication Codes: n(n-1)/2 keys need to

be set up in a network of n nodes - key set up expensive, impractical in large networks.For a broadcast packet, the sender would need to add a separate MAC for each receiver - increases packet size, possibly greater than maximum packet size. One could have multiple users share keys but this allows a subset of colluding receivers to impersonate attacker

Digital Signatures: based on computationally expensive asymmetric cryptography.

TIK Protocol II TIK is an extension of TESLA broadcast

authentication protocol which uses time as a source of authentication asymmetry to ensure that a receiver can verify but not create valid authentication information. TIK basically includes the key in the packet.

TIK requires accurate time synchronization between all nodes and each node only needs to know one public value for each sender node.

TIK Protocol III - Stages

Sender Setup Receiver Bootstrapping Sending and verifying Authenticated

Packets

Security Analysis of Packet Leashes Provide means of verifying that signal is not

propagating farther than normal transmission distance

Using geographic leashes, nodes can detect tunneling across obstacles otherwise impenetrable by radio

A malicious receiver could refuse to check the leash - an attacker could tunnel to another attacker without detection but this second attacker cannot forward the packet without being detected

Geographic leashes less efficient than temporal since they require broadcast authentication

Conclusion Wormhole attacks - tunneling of packets by the

attacker providing several advantages which could result in misleading route information as well as Denial-of-Service attacks

Packet leashes (additional information added to packets to restrict maximum transmission distance of a packet) - as a detection and defense mechanism against wormhole attacks: Geographical and Temporal Leashes TIK designed to implement temporal leashes - needed

to provide authentication of received packets - requires n public keys in a network of size n