The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
19 Apr 1999-pp 172-194
TL;DR: A resurrecting duckling security policy model is presented, which describes secure transient association of a device with multiple serialised owners over the air in a short range wireless channel.
Abstract: In the near future, many personal electronic devices will be able to communicate with each other over a short range wireless channel. We investigate the principal security issues for such an environment. Our discussion is based on the concrete example of a thermometer that makes its readings available to other nodes over the air. Some lessons learned from this example appear to be quite general to ad-hoc networks, and rather different from what we have come to expect in more conventional systems: denial of service, the goals of authentication, and the problems of naming all need re-examination. We present the resurrecting duckling security policy model, which describes secure transient association of a device with multiple serialised owners.
Citations
More filters
01 Aug 2000
TL;DR: Two techniques that improve throughput in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so are described, using a watchdog that identifies misbehaving nodes and a pathrater that helps routing protocols avoid these nodes.
Abstract: This paper describes two techniques that improve throughput in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so. To mitigate this problem, we propose categorizing nodes based upon their dynamically measured behavior. We use a watchdog that identifies misbehaving nodes and a pathrater that helps routing protocols avoid these nodes. Through simulation we evaluate watchdog and pathrater using packet throughput, percentage of overhead (routing) transmissions, and the accuracy of misbehaving node detection. When used together in a network with moderate mobility, the two techniques increase throughput by 17% in the presence of 40% misbehaving nodes, while increasing the percentage of overhead transmissions from the standard routing protocol's 9% to 17%. During extreme mobility, watchdog and pathrater can increase network throughput by 27%, while increasing the overhead transmissions from the standard routing protocol's 12% to 24%.
3,747 citations
Cites background from "The Resurrecting Duckling: Security..."
...[23] F. Stajano and R. Anderson....
[...]
...Stajano and Anderson [23] elucidate some of the security is- sues facing ad hoc networks and investigate ad hoc networks composed of low compute-power nodes such as home ap-pliances, sensor networks, and PDAs where full public key cryptography may not be feasible....
[...]
...Stajano and Anderson [23] elucidate some of the security issues facing ad hoc networks and investigate ad hoc networks composed of low compute-power nodes such as home appliances, sensor networks, and PDAs where full public key cryptography may not be feasible....
[...]
11 May 2003
TL;DR: The random-pairwise keys scheme is presented, which perfectly preserves the secrecy of the rest of the network when any node is captured, and also enables node-to-node authentication and quorum-based revocation.
Abstract: Key establishment in sensor networks is a challenging problem because asymmetric key cryptosystems are unsuitable for use in resource constrained sensor nodes, and also because the nodes could be physically compromised by an adversary. We present three new mechanisms for key establishment using the framework of pre-distributing a random set of keys to each node. First, in the q-composite keys scheme, we trade off the unlikeliness of a large-scale network attack in order to significantly strengthen random key predistribution's strength against smaller-scale attacks. Second, in the multipath-reinforcement scheme, we show how to strengthen the security between any two nodes by leveraging the security of other links. Finally, we present the random-pairwise keys scheme, which perfectly preserves the secrecy of the rest of the network when any node is captured, and also enables node-to-node authentication and quorum-based revocation.
3,125 citations
Cites background from "The Resurrecting Duckling: Security..."
...Stajano and Anderson discuss the issues of bootstrapping security devices [22]....
[...]
11 May 2003
TL;DR: This work proposes security goals for routing in sensor networks, shows how attacks against ad-hoc and peer-to-peer networks can be adapted into powerful attacks against sensors, and introduces two classes of novel attacks against sensor networks sinkholes and HELLO floods.
Abstract: We consider routing security in wireless sensor networks. Many sensor network routing protocols have been proposed, but none of them have been designed with security as a goal. We propose security goals for routing in sensor networks, show how attacks against ad-hoc and peer-to-peer networks can be adapted into powerful attacks against sensor networks, introduce two classes of novel attacks against sensor networks sinkholes and HELLO floods, and analyze the security of all the major sensor network routing protocols. We describe crippling attacks against all of them and suggest countermeasures and design considerations. This is the first such analysis of secure routing in sensor networks.
2,946 citations
Cites background from "The Resurrecting Duckling: Security..."
...Security issues in ad-hoc networks are similar to those in sensor networks and have been well enumerated in the literature [9, 10], but the defense mechanisms developed for ad-hoc networks are not directly applicable to sensor networks....
[...]
16 Jul 2001
TL;DR: A suite of security building blocks optimized for resource-constrained environments and wireless communication, and shows that they are practical even on minimal hardware: the performance of the protocol suite easily matches the data rate of the network.
Abstract: As sensor networks edge closer towards wide-spread deployment, security issues become a central concern. So far, much research has focused on making sensor networks feasible and useful, and has not concentrated on security.We present a suite of security building blocks optimized for resource-constrained environments and wireless communication. SPINS has two secure building blocks: SNEP and mTESLA SNEP provides the following important baseline security primitives: Data confidentiality, two-party data authentication, and data freshness. A particularly hard problem is to provide efficient broadcast authentication, which is an important mechanism for sensor networks. mTESLA is a new protocol which provides authenticated broadcast for severely resource-constrained environments. We implemented the above protocols, and show that they are practical even on minimal hardware: the performance of the protocol suite easily matches the data rate of our network. Additionally, we demonstrate that the suite can be used for building higher level protocols.
2,703 citations
Cites background from "The Resurrecting Duckling: Security..."
...Stajano and Anderson discuss the issues of bootstrapping security devices [51]....
[...]
TL;DR: A suite of security protocols optimized for sensor networks: SPINS, which includes SNEP and μTESLA and shows that they are practical even on minimal hardware: the performance of the protocol suite easily matches the data rate of the network.
Abstract: Wireless sensor networks will be widely deployed in the near future. While much research has focused on making these networks feasible and useful, security has received little attention. We present a suite of security protocols optimized for sensor networks: SPINS. SPINS has two secure building blocks: SNEP and μTESLA. SNEP includes: data confidentiality, two-party data authentication, and evidence of data freshness. μTESLA provides authenticated broadcast for severely resource-constrained environments. We implemented the above protocols, and show that they are practical even on minimal hardware: the performance of the protocol suite easily matches the data rate of our network. Additionally, we demonstrate that the suite can be used for building higher level protocols.
2,298 citations
Cites background from "The Resurrecting Duckling: Security..."
...Stajano and Anderson discuss the issues of bootstrapping security devices [39]....
[...]
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
"The Resurrecting Duckling: Security..." refers background in this paper
...Suppose that a doctor picks up a thermometer and tries to get his palmtop to do a Diffie-Hellman key exchange [6] with it over the air....
[...]
01 Apr 1977
TL;DR: The author identifies the integrity problems posed by a secure military computer utility and integrity policies addressing these problems are developed and their effectiveness evaluated.
Abstract: : An integrity policy defines formal access constraints which, if effectively enforced, protect data from improper modification. The author identifies the integrity problems posed by a secure military computer utility. Integrity policies addressing these problems are developed and their effectiveness evaluated. A prototype secure computer utility, Multics, is then used as a testbed for the application of the developed access controls.
1,185 citations
18 Nov 1996
TL;DR: It is concluded that trusting tamper resistance is problematic; smartcards are broken routinely, and even a device that was described by a government signals agency as 'the most secure processor generally available' turns out to be vulnerable.
Abstract: An increasing number of systems from pay-TV to electronic purses, rely on the tamper resistance of smartcards and other security processors. We describe a number of attacks on such systems -- some old, some new and some that are simply little known outside the chip testing community. We conclude that trusting tamper resistance is problematic; smartcards are broken routinely, and even a device that was described by a government signals agency as 'the most secure processor generally available' turns out to be vulnerable. Designers of secure systems should consider the consequences with care.
1,133 citations
"The Resurrecting Duckling: Security..." refers background in this paper
...This can in theory be avoided by making the node tamper-proof, but it is much easier to talk about this property than to implement it in practice [1], especially within the cost and form factor constraints of personal consumer electronics devices....
[...]
07 Apr 1997
TL;DR: A number of attacks that can be mounted by opponents with much shallower pockets, such as smart-cards, are described.
Abstract: There has been considerable recent interest in the level of tamper resistance that can be provided by low cost devices such as smart-cards. It is known that such devices can be reverse engineered using chip testing equipment, but a state of the art semiconductor laboratory costs millions of dollars. In this paper, we describe a number of attacks that can be mounted by opponents with much shallower pockets.
708 citations
"The Resurrecting Duckling: Security..." refers background in this paper
...In this case, one must still design the device so that non-intrusive attacks (such as those based on protocol failure, power analysis and glitch attacks [2]) are not practical; it is also necessary to take into account the time that might pass before a broken seal is noticed, and the likelihood of successful attacks on the sealing mechanism [9]....
[...]
Journal Article•
TL;DR: In this article, the authors describe a number of attacks that can be mounted by opponents with much shallower pockets, three of them involve special (but low cost) equipment: differential fault analysis, chip rewriting, and memory remanence.
Abstract: There has been considerable recent interest in the level of tamper resistance that can be provided by low cost devices such as smart-cards. It is known that such devices can be reverse engineered using chip testing equipment, but a state of the art semiconductor laboratory costs millions of dollars. In this paper, we describe a number of attacks that can be mounted by opponents with much shallower pockets. Three of them involve special (but low cost) equipment: differential fault analysis, chip rewriting, and memory remanence. There are also attacks based on good old fashioned protocol failure which may not require any special equipment at all. We describe and give examples of each of these. Some of our attacks are significant improvements on the state of the art; others are useful cautionary tales. Together, they show that building tamper resistant devices, and using them effectively, is much harder than it looks.
401 citations