Title: Virtual Nodes for Mobile Networks . and Analyzing Security Protocols
1Virtual Nodes for Mobile Networks .
andAnalyzing Security Protocols
- Nancy Lynch
- Massachusetts Institute of Technology, CSAIL
- UIUC, MIT, Stanford, UCSB, UCLA MURI 3-Year
Review - June 22, 2005
- Sponsored by DDRE and AFOSR
- Program manager Lt Col Sharon Heise
2Involves all aspects of project
Control Information Theory
Computing Verification
Robotic Vehicles
Lynch, Kaynar, and students Gilbert, Mitra,
Nolte, Newport, Umeno,
Communications
3MIT project
- Uses interacting automaton models
- I/O Automata (IOA)
- Timed I/O Automata (TIOA)
- Hybrid (HIOA)
- Probabilistic (PIOA)
- To represent, analyze, simulate, various kinds
of complex systems - Communication systems, traditional and wireless
- Robots, vehicles, aircraft
- Security protocols
4Highlights TIOA
- Monograph Theory of timed I/O automata (Kaynar,
Lynch) - Applications Virtual Node systems
- Tools (Kaynar, Lynch, Garland, Shvartsman, Mitra,
Umeno, Mavrommatis, Lim, Griffeth, Archer) - Designed formal TIOA modeling language
- Built prototypes of supporting tools
- Parser, connection to PVS theorem-prover,
simulator. - Examples
- Many small verification examples
- DHCPv.6 communication protocol, other Internet
protocols - NASA SATS-HVO
- VeroModo, to engineer the tools for wider use.
5Highlights HIOA
- Stability analysis for hybrid systems (Mitra,
Liberzon) - Mode switches, lower bound on average dwell time.
- Last years MURI review talk.
- Motion coordination for mobile robots
- Current Defining HIOA modeling language,
considering how to extend the TIOA tools to
hybrid systems. - PVS theorem-prover, simulator
- Integration with control theory methods
(stability, robustness)
6Highlights PIOA
- Compositionality properties for probabilistic I/O
automata (Lynch, Cheung, Segala, Vaandrager) - Special case Switched automata
- General case Hard
- New kinds of simulation relations to prove
implementation relationships between PIOAs
(Kaynar, Lynch, Segala) - Time-bound restrictions, approximate knowledge
(Canetti, Lynch, Pereira) - Applications to security protocols
7This talk
- Two projects
- Virtual Nodes for Mobile ad hoc Networks
- Security protocol modeling using Probabilistic
I/O Automata.
81. Virtual Node Layers
- Collaborators
- Shlomi Dolev, Alex Shvartsman, Jennifer Welch,
- Seth Gilbert, Sayan Mitra, Calvin Newport, Tina
Nolte, - Limor Lahiani, Elad Schiller,
- Matthew Brown, Mike Spindel
9Virtual Nodes
- Small computers can be equipped with sensors,
actuators, wireless communication. - Potentially, people, robots, vehicles, could use
this hardware to establish mobile ad hoc
networks, coordinate in running applications. - Examples
- Rescue workers in disaster areas
- Soldiers in urban battle
- Robots exploring a novel location
- Cars on highway
- Set up network, use network to collect and
process data, produce models of environment, plan
activities.
10That would be nice, but
- Application design for ad hoc networks is hard.
- Networks change unpredictably.
- New idea for simplifying application design
- Use a Virtual Node layer
- Abstract layer containing virtual computing nodes
that are better behaved than actual physical
nodes. - Program applications on top of the virtual node
layer.
11Virtual Node Layers
- Abstraction layers containing virtual active
nodes. - Virtual Nodes may be associated with fixed
geographical locations, or - VNs may move
- Along a pre-planned path, or
- Along a path that is calculated
dynamically. - Program applications over
the VN layer.
12Virtual Node Layers
13Virtual Node Layers
14Virtual Node Layers
Route message to a designated geographical region.
15Virtual Node Layers
Gather, analyze,aggregate,and distribute data.
16Virtual Node Layers
Coordinateregion.
17Alternative approach IP Routing
- Build an IP-style point-to-point routing service
directly over the MAC layer. - Build applications on top of IP routing layer.
- Masks mobility.
- Standard approach
(IETF Working Group on
Mobile Ad
Hoc Networks) - Internet-inspired view
- Many protocols AODV, DSR,
APRL, ODMRP, GPSR, STARA,
18IP Routing
- But IP routing is difficult to implement in
mobile networks. - Algorithms are complicated.
- Dont work well when network changes too much.
- And it doesnt give us everything we want
- Rescue workers, soldiers want
- Broadcast to geographical region (Geocast).
- Learn standing orders for region.
- Collect data about region.
- Robots in novel location want
- Elect leader for region.
- Build predictive models.
- Use model to coordinate activities.
- Cars on highway want
- Information about highway conditions.
- Travel advice.
19Other services
- Local services
- Local leader election
- Local reliable broadcast
- Global services
- Token circulation
- Leader election
- Mutual exclusion
- Spanning trees
- Still dont provide
everything we
need
Application
Token
Leader
RBcast
20Virtual Node Layers
- Sounds appealing, but needs a lot of work
- Theoretical
- Define particular Virtual Node layers.
- Devise algorithms to implement VN layers over MAC
layer, analyze correctness, performance,
fault-tolerance. - Devise algorithms to implement applications over
VN layers, analyze - Empirical
- Validate assumptions in practice.
- Implement VN layers.
- Implement applications.
21Four VN layers, with applications
- 1.1. Virtual objects
- 1.2. Virtual mobile I/O automata
- 1.3. Virtual stationary timed I/O automata
- 1.4. Virtual stationary I/O automata with time
bounds
221.1. Virtual Objects
- Dolev, Gilbert, Lynch, Shvartsman, Welch DISC3,
DGLSW 04 - Original goal
- Implement atomic Read/Write memory (like
centralized shared memory) in mobile networks.
23RAMBO algorithm
- Runs directly over MAC layer.
- Guarantees
- Atomicity in all cases (like shared memory).
- Good latency in common cases.
- High availability.
- Use configurations
- members, read-quorums, write-quorums.
- Members maintain object replicas.
- Read, write, reconfigure ops involve two phases,
accessing a read-quorum and a write-quorum. - Everything proceeds concurrently.
24Virtual Objects approach
- Uses Virtual Object intermediate layer.
- Virtual Objects at fixed geographical locations.
- Centers of small, densely populated areas
- Roadways Busy traffic intersections.
- Urban battlefield Major buildings, bridges,
- Continuously populated, thus able to maintain
state. - Implement Virtual Object layer over mobile ad hoc
network layer. - Implement Read/Write memory over Virtual Object
layer.
25Virtual Object Layer
- Client automata, with knowledge of time and
location. - Virtual Object automata, atomic tagged-value
objects. - Client automata accept Read/Write operation
invocations from, return responses to, their
external environment. - Client automata perform operations on VO automata.
26Implementing Atomic Memory
- Client automata manage Read/Write operations.
- Replicas at Virtual Objects.
- Read/Write operations use quorums of VOs.
- Write operation 1-phase
- Choose unique tag (Real-time clock, Client node
ID). - Write the new (tag, value) to a write-quorum of
VOs. - Read operation 2-phase
- Read from read-quorum of VOs, learn largest (tag,
value). - Propagate to a write-quorum of VOs.
- Avoid propagating a tag if another op has already
done so. - Tolerates bounded number of VO stopping failures.
- Limited reconfiguration also allowed.
27Implementing Virtual Objects
- Physical layer assumptions
- Each physical mobile node (PN) has real-time
clock, location service (GPS, Cricket) - Local Broadcast (LBcast) communication service,
within VO region. - Guaranteed, totally ordered delivery
- GeoCast communication service
- Delivers message to every PN within a fixed
radius of the target location. - Implementation strategy
- Implement each VO separately.
- PNs in a VOs region implement the VO,
- Using Replicated State Machine strategy,
- Using totally-ordered LBcast.
- Use GeoCast for communication between clients and
VOs.
28Discussion
- VO layer definition emerged during this work.
Allowed us to untangle high-level, low-level
algorithms. - Theoretical approach
- All components defined as TIOAs.
- Correctness proofs, analysis.
- Strong communication assumptions
- Totally-ordered reliable LBcast
- Better to weaken this, e.g., allowing message
loss, collisions. - Global GeoCast
- Better to eliminate entirely.
29Discussion
- Recovery of failed Virtual Objects
- When region empties out, then someone arrives.
- Low-level algorithm allows VOs to recover, in
initial state. - Remains to extend our high-level atomic memory
algorithm to accommodate VO recoveries Tulone.
301.2. Virtual Mobile I/O Automata
- Dolev, Gilbert, Lynch, Schiller, Shvartsman,
Welch DISC 04 - DGLSSW 04
- Virtual Objects are passive data repositories
now consider active Virtual Nodes (general I/O
Automata). - Mobility VNs can move, along pre-determined
path. - Local communication LBcast only, no GeoCast.
- Virtual Mobile Node layer
- Client nodes (Timed I/O Automata)
- Virtual Mobile Nodes (arbitrary, ordinary I/O
Automata). - Interact using Local Broadcast (only).
- Failure model for VMNs
- VMN automaton may crash, revert to initial state.
- Resumes activity in its pre-determined location.
31Virtual Mobile Nodes
32Virtual Mobile Nodes
33Implementing the VMN Layer
- Physical layer assumptions
- Each physical mobile node has real-time clock,
location info. - Local Bcast communication service (only)
- Guaranteed, totally ordered delivery within
region. - Implementation strategy
- Replicated state machine algorithm
- All PNs in vicinity of VMN perform all steps.
- Using reliable totally-ordered LBcast
- Very similar to implementation of Virtual
Objects. - Its all relative
is the same as
34Applications
- Message routing
- VMN picks up and delivers messages.
- Compulsory protocols Chatzigiannakis, et al. 01
- Sensor data collection
- VMN can pick up data, aggregating along the way.
- Answer queries.
35Application High Tech Highway
- Physical platform
- Cars with computers having GPS devices.
- Hard to wire entire highway, but easy to install
software on car computers. - Virtual Node layer
- Virtual Stationary Nodes (Virtual Mobile Nodes
that dont move) at key points along the highway. - Virtual Mobile Nodes racing back and forth in
between. - Possible uses
- Traffic coordination
- Obstacle avoidance
36High Tech Highway
Observe what happens at this intersection. Learn
who is here, who is approaching. Use the
information to implement a virtual traffic light.
Offload statistics to Highway Patrol vehicles as
they pass.
37High Tech Highway
Traffic jam ahead. Slow down. Consider another
route.
An ambulance is coming. Get out of the left lane.
38Discussion
- VMN work introduced
- Active Virtual Nodes (I/O automata).
- Local communication only (LBcast)
- VNs can move, along pre-determined path.
- Recovery of failed Virtual Mobile Node
- When its path passes through empty area, then
enters populated area. - VMN recovers, in initial state, at predicted
location. - Applications accommodate VMN recoveries.
- E.g., VMN in High-Tech Highway begins sending new
data when it recovers. - Remaining work
- Weaken LBcast assumptions
- Consider message loss, collisions.
- VMS with autonomous motion.
391.3. Virtual Stationary TIOAs
- Nolte, Gilbert, Lahiani, Dolev, Lynch 05
- Nolte, Lahiani, Dolev, Lynch 05
- Most useful special case of Virtual Mobile Nodes
Virtual Stationary Nodes. - Timing
- VMNs are ordinary IOAs, hence have no control
over timing. - New VSNs are general TIOAs, can control timing in
arbitrary ways. - New Virtual Stationary Node layer
- Client nodes (TIOAs)
- Virtual Stationary Nodes (TIOAs).
- Interact using Local Bcast (only).
- VSN failures May crash, revert to initial
state, recover.
40Virtual Stationary Node layer
41Application GeoCast
Route message to a designated geographical region
42Data Management
Gather, analyze,aggregate,and distribute data.
43Region coordination
Coordinate behavior ofnodes in region.
44Token circulation
Circulate tokenregion by region.
45Location Service
- Support queries about current locations of PNs.
- Implement Location Service over VSN layer
- Each PN has a Home Location
- VSN that keeps track of PNs current location
(VSN region). - Determined by hash function from PN id.
- PN keeps Home Location up-to-date by sending
periodic messages. - Use GeoCast (implemented over VSN layer).
- Queries, responses also use GeoCast.
- For reliability, use several, redundant Home
Locations. - Easier than solutions using distributed hashing
directly over physical layer. - Use this Location Service to implement (easily)
point-to-point message routing between PNs.
46Coordination Oracles
- Oracle associated with a given VSN location
- Gathers and analyzes information about that
location. - Sends summarized information to other Oracles.
- Builds a suitable model of the environment.
- PNs query nearby Oracles and use response to help
plan their actions. - Use for advanced global coordination.
47Coordination Oracles
My model predicts fierce fighting here. Stay
here, take cover!
Location A
48Coordination Oracles
Location B
My model predicts quiet here. Location A needs
reinforcements. I will suggest a safe route
there.
Location A
49Implementing the VSN Layer
- Physical layer assumptions
- Each PN has real-time clock, location info.
- Local Broadcast (LBcast) communication (only)
- Use leader-based algorithm
- Less communication than fully replicated state
machine algorithm. - Only the leader sends out scheduled events.
- Choosing the leader
- Uses leader-election sub-algorithm.
- If leader fails, leader election sub-algorithm
chooses a new leader. - Can rotate leader systematically, to save power.
- Algorithm enforces VSNs timing constraints
(TIOAs). - Self-stabilizing
50Discussion
- VSN work introduced
- Important special case of Virtual Mobile Nodes
No motion. - VSNs are general TIOAs.
- New leader-based algorithm, reducing
communication, self-stabilizing. - VSN recovery
- VSNs can fail, recover in initial state.
- High-level algorithms accommodate VSN recoveries
- Remaining work
- Weaken LBcast assumptions
- Consider message loss, collisions.
- Requires new VSN implementations
- Reduce communication further.
- Guidelines for choosing leaders
- Location, speed, direction, power
511.4. Virtual IOAs time bounds
- Lynch, Mitra, Nolte 05
- Current experimental project Brown, Spindel
- Virtual Stationary Nodes with less precise timing
guarantees. - I/O automata with tasks, time bound for each task
Merritt, Modugno, Tuttle 91 - Allows simpler implementations.
- Many applications dont require precise control.
- New VSN layer
- Client nodes (TIOAs)
- VSNs (IOAs with time bounds).
- LBcast
- VSNs crash, recover in initial state.
- Application Motion Coordination
52Motion Coordination Problem
- Given curve G, and a finite, unknown set of
physical mobile nodes (PNs), move the PNs so that
they are (approximately) evenly spaced on G.
53Virtual Node Approach
- Divide region into zones, one Virtual Stationary
Node (VSN) per zone. - VSNh coordinates client nodes in zone h.
- Directs motion of CNs in zone h
- Towards G.
- On G, to even out spacing.
- Communicates with
neighboring VSNs, sends
extra clients to
neighboring zones.
CN
CN
54Goal
- If failures and recoveries stop, then
- Within bounded time
- The set of CNs in each zone h becomes fixed, and
the number is (approximately) proportional to the
length of Gh (the portion of G within zone h). - If Gh is nonempty, then the CNs in zone h reach
and remain on Gh. - In the limit
- If Gh is nonempty, then the CNs in zone h are
(approximately) evenly spaced on Gh.
55Physical Layer
- Bounded rectangle B
- Components
- PNi, physical nodes
- LBcast
- RealWorld
- All components are Hybrid IOAs.
x
realtime
LBcast
RW
send(m)i
v2
x2
receive(m)i
realtime
PNi
PN2
PN1
B
56Virtual Layer
- B partitioned into square zones.
- Neighbors NSEW zones
- Components
- CNi, client nodes, correspond one-for-one with
PNs - VNh, virtual nodes
- LBcast
- RealWorld
x
realtime
LBcast
RW
send(m)i
receive(m)i
v2
x2
realtime
send(m)1,3
receive(m)1,3
CNi
CN2
VN2,3
VN2,2
CN1
VN1,3
VN2,1
VN1,2
VN1,1
57Virtual Node VNh
- Located at center of square h.
- Discrete, no clock
- I/O automaton tasks upper bound for each
task. - Task partition of locally- controlled actions
- If a task T is enabled, then within specified
time, either T becomes disabled or an action in T
is performed.
x
realtime
LBcast
RW
send(m)i
receive(m)i
v2
x2
realtime
send(m)1,3
CNi
CN2
VN2,3
VN2,2
CN1
VN1,3
VN2,1
VN1,2
VN1,1
58Implementing Virtual Layer
- Replicated state machine algorithm
- Each PN in zone h keeps a copy of the state of
VNh. - PNs perform same actions, in same order, on their
copies - Achieves specified VN task bounds (assuming
theyre large enough). - Failed VNh restarts within bounded time if a CN
enters and remains in zone h.
59Motion Coordination Using VNs
- Round-based.
- In each round
- Each CN sends a message to its local VN, letting
it know the CN is in its zone. - VNs exchange messages with neighboring VNs,
letting them know how many CNs they have. - Each VN calculates
- Which local CNs should be assigned to neighboring
zones. - What its local CNs new target points should be.
- Each VN broadcasts the new target points.
- Each CN moves towards its new target point.
60Implementing the rounds
- Difficulty VNs do not have access to clocks!
- Solution Use the CNs knowledge of time.
- Recall
- CNs receive accurate knowledge of time (from RW).
- Known upper bound on time for VN tasks.
- Known upper bound for message delivery.
- So, CNs send trigger messages to VNs, telling
them its time to perform a step within a round. - CNs determine that enough time has passed that
the VNs must have already received all relevant
messages.
61Discussion
- This work introduced
- VSNs as simple IOAs tasks bounds
- VSNs used to control motion of the physical
nodes. - Modeled everything using Hybrid I/O Automata
(HIOAs). - Remaining work
- Extend algorithm to handle changing curve (local
input) - Apply the framework to other problems Robotics,
unmanned vehicle control,
62Experimental project
- Undergrad programmers Mike Spindel, Matthew
Brown - PhD students Gilbert, Newport, Nolte
- Building small network of virtual nodes on a
bunch of HP ipaqs, equipped with 802.11 and GPS
sensors. - Demo applications
- Virtual traffic light
- Tracking cooperative mobile devices
(using home location
service) - Sponsor Quanta, Inc.
63Conclusions (Virtual Nodes)
- Virtual node layers are an elegant, easy-to-use
way to program mobile ad hoc networks. - Virtual Stationary Nodes are simplest, and
provide most of the benefits. - More work is needed on finding practical, simple,
efficient, fault-tolerant implementations of VN
layers. - Lots of opportunities to design new applications.
- E.g. Control for free flight
- Initial experimental work going on this summer.
642. Security Protocol Analysis
- Collaborators
- Ran Canetti, Dilsun Kaynar, Olivier Pereira,
Roberto Segala, - Ling Cheung, Moses Liskov, Frits Vaandrager
65General goals
- Model security protocols precisely, prove their
correctness rigorously, completely. - Take proper account of computational limitations.
- Tractable, usable methods.
- Relationship to Mitchells project
- Same goals
- Somewhat different approach
- Probabilistic I/O Automata, with polytime
restrictions, instead probabilistic polytime
process algebras. - Invariants, simulation relations instead of
process equivalence. - Handling of crypto primitives?
- Remains to reconcile the two approaches.
66Specific goal
- Prove correctness of a simple 2-party
Oblivious Transfer protocol - Requirements
- Transmitter gets two inputs, x0, x1, from
environment. - Receiver gets a bit, to select one of the inputs.
- Receiver is supposed to output the selected x
input. - Adversary (who hears all communication) should
not learn anything interesting. - Protocol A three message exchange
- Transmitter chooses and sends a trapdoor
permutation f to Receiver. - Receiver chooses two random numbers, applies f to
just one of them (the one corresponding to its
input bit), sends results to Transmitter. - Transmitter inverts the permutation for both,
applies xor with random bits, sends to Rec. - Receiver decode the right value.
67Several versions of the problem
- Depending on whether Transmitter and/or Receiver
is corrupted. - Adversary also sees inputs, outputs, random
choices of corrupted parties.
68What does all this mean?
- Describe the protocol components as Probabilistic
I/O Automata. - Describe the correctness conditions as other
PIOAs, e.g., when no one is corrupted - E.g., when just the Receiver is corrupted
in(b)
in(x0,x1)
out(x)
out(x)
Funct
69Correctness specification
- An implementation relationship between the
algorithm PIOA system and the spec PIOA system. - Using new relation neg,ppt
- For every poly-time Envt PIOA E, every
probabilistic execution of the algorithm with E
yields approximately the same visible behavior as
some execution of the specification with E. - Approximation Negligible difference in the
probability that E outputs accept.
70How to prove correctness?
- Break the proof into several stages, using system
descriptions at several levels of abstraction. - Prove some stages using standard PIOA
simulation relations. - These prove not just neg,ppt , but stronger
0,any - Actually, need to generalize the standard PIOA
simulations. - Other stages exactly describe the correctness of
the use of a crypto primitive (e.g., trap-door
permutation). - Proofs adapted from techniques from computational
cryptography - Distinguisher arguments.
- But re-cast in terms of mappings between automata
instead of proofs by contradiction.
71New ideas
- Modeling everything using PIOAs
- Algorithms
- Correctness specs, including functionality and
secrecy. - Proofs using simulation relations, in multiple
layers - Some layers use PIOA simulation relations.
- Others use crypto Distinguisher arguments.
- Carefully isolates the different kinds of
reasoning. - New PIOA theory
- New kinds of simulation relations
- Capture correspondence between random choices at
different levels. - New ways of expressing computational crypto
reasoning - Define crypto primitives in terms of
implementation relationship neg,ppt - Compose to get relation neg,ppt for systems
that use the primitives.
72Thank you!
73A generic slide
- Here is some text
- And a bullet