Sang Yoon Chang

SimpleMAC: a jamming-resilient MAC-layer protocol for wireless channel coordination

In wireless networks, users share a transmission medium. To increase the efficiency of channel usage, wireless systems often use a Medium Access Control (MAC) protocol to perform channel coordination by having each node announce its usage intentions; other nodes avoid making conflicting transmissions minimizing interference both to the node that has announced its intentions and to a node that cooperates by avoiding transmissions during the reserved slot. Traditionally, in a multi-channel environment, such announcements are made on a common control channel. However, this control channel is vulnerable to jamming because its location is pre-assigned and known to attackers. Furthermore, the announcements themselves provide information useful for jamming. In this paper, we focus on a situation where multiple wireless transmitters share spectrum in the presence of intelligent and possibly insider jammers capable of dynamically and adaptively changing their jamming patterns. We develop a framework for effectively countering MAC-aware jamming attacks and then propose SimpleMAC, a protocol resilient to these attacks. SimpleMAC consists of two schemes (the Simple Transmitter Strategy and the Simple Signaling Scheme) that are easily analyzed using game theory, and show the optimal adversarial behavior under these protocols. We evaluate our schemes mathematically, through Monte Carlo simulations, and by implementation on the WARP software-defined radio platform. SimpleMAC provides very rapid improvement over the alternative of not using any MAC protocol, and eventually converges to optimal performance (over six-fold improvement in SINR, 50% gains in Shannon capacity in a realistic mobile scenario).

Secure MAC-Layer Protocol for Captive Portals in Wireless Hotspots

Wireless access points largely fall into three categories: home and small business networks, enterprise networks, and hotspots. Wi-Fi Protected Access (WPA) provides solutions to home, small business, and enterprise networks, but hotspots typically are not secured at the Medium Access Control (MAC) layer because they are open to the public. In this paper, we present a scheme that establishes a secure wireless connection between a client device and an access point in these open environments. In our approach, we use hierarchical identity-based cryptography, and each user uses its MAC address as its public key. Our scheme ensures confidentiality and integrity even in the presence of colluding attackers.

Securing wireless medium access control against insider denial-of-service attackers

In a wireless network, users share a limited resource in bandwidth. To improve spectral efficiency, the network dynamically allocates channel resources and, to avoid collisions, has its users cooperate with each other using a medium access control (MAC) protocol. In a MAC protocol, the users exchange control messages to establish more efficient data communication, but such MAC assumes user compliance and can be detrimental when a user misbehaves. An attacker who compromised the network can launch a two-pronged denial-of-service (DoS) attack that is more devastating than an outsider attack: first, it can send excessive reservation requests to waste bandwidth, and second, it can focus its power on jamming those channels that it has not reserved. Furthermore, the attacker can falsify information to skew the network control decisions to its favor. To defend against such insider threats, we propose a resource-based channel access scheme that holds the attacker accountable for its channel reservation. Building on the randomization technology of spread spectrum to thwart outsider jamming, our solution comprises of a bandwidth allocation component to nullify excessive reservations, bandwidth coordination to resolve over-reserved and under-reserved spectrum, and power attribution to determine each nodes contribution to the received power. We analyze our scheme theoretically and validate it with WARP-based testbed implementation and MATLAB simulations. Our results demonstrate superior performance over the typical solutions that bypass MAC control when faced against insider adversary, and our scheme effectively nullifies the insider attacker threats while retaining the MAC benefits between the collaborative users.

Redundancy offset narrow spectrum: countermeasure for signal-cancellation based jamming

Correlated jamming, introduced in the 1980s as the optimal interference signal in information theory, aims to cancel the target victim signal in contrast to the more traditional jamming approach of adding noise-like interference. The recent surge of antenna-cancellation based technology with benign intention (including full duplex radio technology and friendly jamming for confidentiality) has reignited interest in correlated jamming attack in wireless security. Randomization is an effective technique for availability against such attacks; for instance, spread spectrum technology randomizes the channel access to counter jamming. However, spread spectrum technology assumes dividing the medium into multiple orthogonal channels, only one of which is accessed per time, and thus has an inherent spreading cost. Redundancy Offset Narrow Spectrum (RONS) offers a narrow spectrum technology that bypasses the spreading cost and effectively counters correlated jamming and further helps ensuring confidentiality.

Enabling Dynamic Access Control for Controller Applications in Software-Defined Networks

Recent findings have shown that network and system attacks in Software-Defined Networks (SDNs) have been caused by malicious network applications that misuse APIs in an SDN controller. Such attacks can both crash the controller and change the internal data structure in the controller, causing serious damage to the infrastructure of SDN-based networks. To address this critical security issue, we introduce a security framework called AEGIS to prevent controller APIs from being misused by malicious network applications. Through the run-time verification of API calls, AEGIS performs a fine-grained access control for important controller APIs that can be misused by malicious applications. The usage of API calls is verified in real time by sophisticated security access rules that are defined based on the relationships between applications and data in the SDN controller. We also present a prototypical implementation of AEGIS and demonstrate its effectiveness and efficiency by performing six different controller attacks including new attacks we have recently discovered.

Watermarking for detecting freeloader misbehavior in software-defined networks

Software-defined networking (SDN) provides network operators a high level of flexibility and programability through the separation of the control plane from the data plane. When initiating traffic, users are required to install flow rules that direct the traffic routing. This process requires communication between control and data plane and results in significant overhead and enables the controller to monitor the traffic and its source. In this paper, we introduce a novel misbehavior, called freeloading, where attackers bypass the process of installing flow rules. The attackers thus can send traffic with an unfair advantage in delay (enabling them to launch more timely threats) and significantly reduce the risk of attacker detection by the network controller (especially if further threats were launched). To prevent such attack, we develop a flow watermarking technique that embeds a secret message into the data payload. It facilitates ownership of the established flow rules, so that only the legitimate owners of flow rules can send packets using their own rules and the network can help detect the misuse cases of the installed flow rules.

SimpleMAC: a simple wireless mac-layer countermeasure to intelligent and insider jammers

In wireless networks, users share a transmission medium. For efficient channel use, wireless systems often use a Medium Access Control (MAC) protocol to perform channel coordination by having each node announce its usage intentions and other nodes avoid making conflicting transmissions. Traditionally, such announcements are made on a common control channel. However, this control channel is vulnerable to jamming because its location is pre-assigned and known to attackers. Furthermore, the announcements themselves provide information useful for jamming. We focus on a situation where transmitters share spectrum in the presence of intelligent and insider jammers capable of adaptively changing their jamming patterns. Despite the complex threat model, we propose a simple MAC scheme, called SimpleMAC, that effectively counters network compromise and MAC-aware jamming attacks. We then study the optimal adversarial behavior and analyze the performance of the proposed scheme theoretically, through Monte Carlo simulations, and by implementation on the WARP software-defined radio platform. In comparison to the Nash equilibrium alternative of disabling the MAC protocol, SimpleMAC quickly attains vastly improved performance and converges to the optimal solution (over six-fold improvement in SINR and 50% gains in channel capacity in a realistic mobile scenario).

Insider-Attacks on Physical-Layer Group Secret-Key Generation in Wireless Networks

Physical-layer group secret-key (GSK) generation is an effective way of generating secret keys in wireless networks, wherein the nodes exploit inherent randomness in the wireless channels to generate group keys, which are subsequently applied to secure messages while broadcasting, relaying, and other network-level communications. While existing GSK protocols focus on securing the common source of randomness from external eavesdroppers, they assume that the legitimate nodes of the group are trusted. In this paper, we address insider attacks from the legitimate participants of the wireless network during the key generation process. Instead of addressing conspicuous attacks such as switching-off communication, injecting noise, or denying consensus on group keys, we introduce stealth attacks that can go undetected against state-of- the-art GSK schemes. We propose two forms of attacks, namely: (i) different-key attacks, wherein an insider attempts to generate different keys at different nodes, especially across nodes that are out of range so that they fail to recover group messages despite possessing the group key, and (ii) low-rate key attacks, wherein an insider alters the common source of randomness so as to reduce the key-rate. We also discuss various detection techniques, which are based on detecting anomalies and inconsistencies on the channel measurements at the legitimate nodes. Through simulations we show that GSK generation schemes are vulnerable to insider-threats, especially on topologies that cannot support additional secure links between neighbouring nodes to verify the attacks.

Key Update at Train Stations: Two-Layer Dynamic Key Update Scheme for Secure Train Communications

Modern train systems adopt communication-based train control (CBTC), which uses wireless communications to better monitor and control the train operations. Despite the well-studied security issues in wireless networking in information technology applications, security implementations in trains have been lagging; many train systems rely on security by obscurity and forgo well-established security practices such as key updates. To secure train systems against increasingly evolving and persistent attackers and mitigate key breach (which can occur due to misuse of the key), we build a key update scheme, Key Update at Train Stations (KUTS), that leverages the inherent physical aspects of train operations (mobility/infrastructure-asymmetry between the stations and the trains and the operational differences when the trains are at stations and between the stations). Furthermore, by incorporating separation of key chain and use and on the entities providing the key seeds, KUTS protects the key seeds for future updates against the breach of the current key and is both key-collision irrelevant (thwarting known collision-based threats on one-way random functions) and system-compromise resilient (protecting the key secrecy even when the train system is compromised). We theoretically analyze KUTS’s effectiveness, security strength, and security properties. We also implement KUTS on various computing devices to study the performance overhead.

A Lightweight Encryption and Secure Protocol for Smartphone Cloud

User data on mobile devices are always transferred into Cloud for flexible and location-independent access to services and resources. The issues of data security and privacy data have been often reverted to contractual partners and trusted third parties. As a matter of fact, to project data, data encryption and user authentication are fundamental requirements between the mobile devices and the Cloud before a data transfer. However, due to limited resources of the smartphones and the unawareness of security from users, data encryption has been the last priority in mobile devices, and the authentication between two entities always depends on a trusted third party. In this paper, we propose a lightweight encryption algorithm and a security handshaking protocol for use specifically between in mobile devices and in Cloud, with the intent of securing data on the user side before it is migrated to cloud storages. The proposed cryptographic scheme and security protocol make use of unique device specific identifiers and user supplied credentials. It aims to achieve a usersoriented approach for Smartphone Cloud. Through experiments, we demonstrated that the proposed cryptographic scheme requires less power consumption on mobile devices.