Verification of Security in Autonomous Wireless Networks
Contact: Jean Leneutre, TELECOM ParisTech [email protected], 01 45 81 78 81
February 10, 2010
The unique characteristics of wireless autonomic networks, such as the distributed and dynamic network archi- tecture, the broadcast nature of the wireless medium, and the stringent resource constraints of the wireless devices, make them extremely attractive and vulnerable to malicious attacks, which range from the easily mountable jam- ming attacks to the sophisticated manipulation of routing information. Without well–designed countermeasures even a few attackers can break down the whole network. In particular such networks require protocols that securely establish properties of the network environment when in an adversarial setting. Such properties could be:
• topological proximity - a node is able to verify that a specific node is in its neighborhood (for example to establish that there exists a symmetrical link with this node);
• secure localization - a node is able to determine or make verifible statement about its real location;
• secure synchronization - a node able to to securely synchronize its clock to the clock of another trusted node.
Some attacks targetting these properties have already been studied and some protocols to ensure these proper- ties have also been proposed (for instance concerning the first property in the context of ad hoc routing [1]).
However, experience has shown that security protocol were often prone to vulnerabilities. Informal verification of security properties on such protocols becomes even more difficult due to the broadcast nature of communication.
Traditional security formal verification methods usually deals with secrecy properties or authentication properties (see [2] for a complete survey). Furthermore they consider a wired context which do not take into account the broadcast nature of the wireless medium. The Dolev-Yao intruder model [3] used in the traditional security veri- fication methods, is not adapted to the wireles context. For instance, the Dolev-Yao Model considers an attacker that is able to eavesdrop and block every message transmitted in the network, whereas in a wireless context, an attacker may only be able to perform such actions in its neighbourhood (or in several neighbourhoods in case of collusion of attackers), but not in the whole network.
Therefore, there is a need for specific methods and tools for modeling and reasoning about protocols ensuring such properties.
A few works recently tried to validate or verify some of the properties previously cited, and can be roughly classified according to three approach :
• the application of model checking techniques to finite models of ad hoc routing protocols or instance in [4];
these approach cannot be directly applied to other protocols;
• the extension of process calculi with broadcast (for instance [5]); most of these extensions only deals with symmetrical links;
• the use of an expressive logical formalism and theorem proving assistant tool; recently [6] took this approach using the Paulson’sInductive Approach[7]; such an approach allow to formalize and verify a large class of properties, but of course at the detriment of automation.
The aim of this Internship is to define a formalism and automated verification procedures that allows to cap- ture and automatically verify a subclass of security properties related to topology, location and time as large as possible. This formalism must model wireless communication in a natural manner. An important task will consist
1
in redefining a suitable attacker model. The verification procedures must be implemented in a tool that will be validated through the verification of a great number of various protocols.
A starting point for the work is to conceive such a formalism as an adaptation ofStrand Spaces[8]. Indeed, Strand spaces formalism naturally have a notion of broadcast. To take into account the notion of topology, strands, nodes and terms could be equipped with a pair of coordinates and an emission power. These attributes would mimic the physics of wireless communication, with strands as emission points, dictating initial power of a term.
Communication would only be possible given enough power: inter-strand edges existence is subject to a condition on power. Terms would be relayed by different strands with different powers. A sketch of such an extension is presented in[9].
[1]X. Xue, L. Chen L. and J. Leneutre J., "A Lightweight Mechanism to Secure OLSR", International MultiCon- ference of Engineers and Computer Scientists 2006 (IMECS ’06), Hong Kong, China.
[2]P. Ryan, S. Schneider, M. Goldsmith, G. Lowe, and B. Roscoe, "Modelling and analysis of security Protocols", Addison Wesley, 2001.
[3]D. Dolev and A.C. Yao, "On the security of public key protocols", Proceedings of the IEEE 22nd Annual Symposium on Foundations of Computer Science, pp. 350-357, 1981.
[4]K. Bhargavan, D. Obradovid, and C. A. Gunter, "Formal verification of standards for distance vector routing protocols", Journal of the ACM, 49(4), 2002.
[5]F. Ghassemi, W.J. Fokkink and A. Movaghar, "Restricted broadcast process theory", 6th IEEE International Conference on Software Engineering and Formal Methods - SEFM’08, Cape Town, pp. 345-354, 2009.
[6]P. Schaller, D. Schmidt, D.A. Basin and S. Capkun, "Modeling and Verifying Physical Properties of Security Protocols for Wireless Networks", inProc. of IEEE 23rd Computer Security Foundations Symposium (CSF), 2009.
[7]L.C. Paulson, "The inductive approach to verifying cryptographic protocols ",Journal of Computer Security6, 1-2 (Jan. 1998), 85-128.
[8]F. J. Thayer Fabrega, J. C. Herzog, and J. D., Guttman, "Strand spaces: Proving security protocols correct", Journal of Computer Security, vol. 7, pp. 191–230, 1999.
[9]M. Amarendei–Stavila and J. Leneutre, "Strand spaces for wireless networks: Application to ad hoc routing protocol security",Research Report TELECOM ParisTech, Jan. 2010.
2
