The Resurrecting Duckling Security Issues for AdHoc Wireless Networks

1
The Resurrecting DucklingSecurity Issues for
Ad-Hoc Wireless Networks

• Frank Stajano and Ross Anderson
• ATT Laboratories Cambridge and
• University of Cambridge Computer Laboratory
• 1999 ATT Software Symposium
• ??? (ses_at_calab.kaist.ac.kr)

2
Introduction

• The trends networking of consumer electronics
• With short range wireless transceiver
• Communicating and cooperating with each other
• Ex) Cooperating of cell-phone and digital-camera
• Researches of embeddable wireless
• Piconet project, HomeRF, IrDA and Bluetooth
• Security issues of wireless networking
• Availability
• Authenticity
• Integrity
• Confidentiality

3
Availability

• Ensuring that service offered by the node will be
  available to its users when expected
• Radio jamming attack
• Battery exhaustion attack
• Attack sleep deprivation torture
• Defense restriction of access, prioritised
  service
• Management of black list
• Lots of storage consumed
• Worthless to multiple-path attack
• Solution resource reservation mechanism

4
Authenticity (1/3)

• Ensuring that the principals with whom one
  interacts are the expected ones
• Authenticity is essential prerequisite
• Different condition absence of an online server
• Secure transient association
• Example of an universal remocon and gadgets in
  home
• Insufficiency of central authentication service
• P-III CPU-ID and Dog licensing examples

5
Authenticity (2/3)Imprinting

• Transient association with imprinting
• Device recognize as its owner the first entity
  that sends it a secret key
• Reverse metempsychosis
• Hardware as the body, State of software as the
  soul
• Thermometer dies when returned to the bowl of
  disinfectant
• Duckling dies of old age or order of its mother
• Escrowed Seppuku
• Legitimate user sometimes lost the password
• Someone other than the mother (manufacturer)
• holds the role of Shogun
• Centralized vs. decentralized key recovery
  facility

6
Authenticity (3/3)Imprinting timing and
connection

• Needs for perishing part of ducklings soul
• Thermometer need calibration periodically
• Two-souls (calibration and user)
• Exchange of keys
• Public key algorithms can not be used for CPU
  power
• Problems of Identifying identical devices
• (For whom, this key is?)
• Physical contact is cheap and simple solution

7
Integrity

• Ensuring that the node has not been maliciously
  altered
• Thread model thermometer example
• Attacker mess around with its internals
• A legitimate node may then end up unknowingly
  transacting with a maliciously altered one
• Hard to avoid cause of cost and form factor
  constraints
• Tamper proof model
• Tamper evidence model
• One must design the device so that non-intrusive
  attacks are not practical
• Time may pass before a broken seal is noticed
• Likelihood of successful attacks on the sealing
  mechanism

8
Confidentiality

• Ensuring that the communication context remains
  illegible to unexpected users
• Protecting confidentiality is simply a matter of
  encrypting after authentication process

9
Conclusion

• Examined the main security issues that arise in
• ad-hoc wireless network of mobile devices
• Spell out the new problems and opportunities
• Offer a new way of thinking about the solution
  space
• - The resurrecting duckling security policy
  model