HAI\IDBOOK OF SECURITY AI\ID I\IETWORKS editors Yang Xiao • Frank H Li • Hui Chen "bWorld Scientific 7280tp.new.indd 3/1/11 11:45 AM This page is intentionally left blank editors Yang Xiao The University of Alabama, USA Frank H Li The University of South Carolina Upstate, USA Hui Chen Virginia State University, USA World Scientific NEW JERSEY 7280tp.new.indd • LONDON • SINGAPORE • BEIJING • SHANGHAI • HONG KONG • TA I P E I • CHENNAI 3/1/11 11:45 AM Published by World Scientific Publishing Co Pte Ltd Toh Tuck Link, Singapore 596224 USA office: 27 Warren Street, Suite 401-402, Hackensack, NJ 07601 UK office: 57 Shelton Street, Covent Garden, London WC2H 9HE British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library HANDBOOK OF SECURITY AND NETWORKS Copyright © 2011 by World Scientific Publishing Co Pte Ltd All rights reserved This book, or parts thereof, may not be reproduced in any form or by any means, electronic or mechanical, including photocopying, recording or any information storage and retrieval system now known or to be invented, without written permission from the Publisher For photocopying of material in this volume, please pay a copying fee through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA In this case permission to photocopy is not required from the publisher ISBN-13 978-981-4273-03-9 ISBN-10 981-4273-03-1 Typeset by Stallion Press Email: enquiries@stallionpress.com Printed in Singapore Chelsea - Hdbk of Security & Networks.pmd 5/9/2011, 3:06 PM February 23, 2011 11:25 9.75in x 6.5in Handbook of Security and Networks b1059-fm CONTENTS Preface ix About Editors xi Contributors xiii Acknowledgement xxi Part I: Overview of Network Security Chapter 1: Security in Wireless Data Networks Abdel Karim Al Tamimi and Raj Jain Chapter 2: Enabling Information Confidentiality in Publish/Subscribe Overlay Networks Hui Zhang, Guofei Jiang, Haifeng Chen, Xiaoqiao Meng, Kenji Yoshihira and Abhishek Sharma 39 Chapter 3: Security Enhancement of Network Protocol rfcs Prabhaker Mateti and Venkat Pothamsetty and Benjamin Murray 59 Chapter 4: Authentication of Scalable Multimedia Streams Mohamed Hefeeda and Kianoosh Mokhtarian 93 Chapter 5: Explaining System Security Issues to Computer Professionals Prabhaker Mateti 127 Part II: Attacks on Networks 167 Chapter 6: Attacker Traceback in Mobile Multi-Hop Networks Yongjin Kim and Ahmed Helmy 169 Chapter 7: Detecting DoS Attacks and Service Violations in QoS-enabled Networks Mohamed Hefeeda and Ahsan Habib v 191 February 23, 2011 11:25 9.75in x 6.5in vi Handbook of Security and Networks b1059-fm Contents Part III: Key and Key management 221 Chapter 8: Key Establishment — Secrecy, Authentication and Anonymity Guomin Yang, Duncan S Wong and Xiaotie Deng 223 Chapter 9: Detecting Misused Keys in Wireless Sensor Networks Donggang Liu and Qi Dong 245 Chapter 10: A Survey of Key Revocation Schemes in Mobile Ad Hoc Networks Xinxin Fan and Guang Gong 265 Part IV: Malware 283 Chapter 11: Hardware Controlled Systematic Approach to Detect and Prevent Virus Meikang Qiu, Jiande Wu, Hung-Chung Huang and Wenyuan Li 285 Chapter 12: A Mathematical View of Self-Replicating Malware Thomas M Chen and Nasir Jamil 301 Chapter 13: Worm Propagation and Interaction in Mobile Networks Sapon Tanachaiwiwat and Ahmed Helmy 321 Chapter 14: Windows Rootkits a Game of “Hide and Seek” Sherri Sparks, Shawn Embleton and Cliff C Zou 345 Chapter 15: An Overview of Bot Army Technology and Prospects Martin R Stytz and Sheila B Banks 369 Part V: Latest Security-Related Topics on Computer Networking Chapter 16: Performance of Bridging Algorithms in IEEE 802.15.3 Multi-Piconet Networks Jelena Miˇsi´c, Muhi Ahmed Ibne Khair and Vojislav B Miˇsi´c Chapter 17: Authentication and Billing for Wlan/Cellular Network Interworking Minghui Shi, Yixin Jiang, Xuemin Shen, Jon W Mark, Dongmei Zhao and Humphrey Rutagenwa 411 413 433 February 23, 2011 11:25 9.75in x 6.5in Handbook of Security and Networks Contents Chapter 18: Construction of Fault-Tolerant Virtual Backbones in Wireless Networks Donghyun Kim, Xiaofeng Gao, Feng Zou and Weili Wu b1059-fm vii 465 Chapter 19: Service IOT for Digital Rights Management (DRM) Whai-En Chen, Ting-Kai Huang and Chun-Chieh Wang 487 Chapter 20: Patient Privacy in Healthcare Wireless Sensor Networks Jelena Miˇsi´c and Vojislav B Miˇsi´c 509 Chapter 21: Security Implementation in Real Wireless Sensors: A Review Fei Hu, Nidhi Verma and Yang Xiao 529 This page is intentionally left blank February 23, 2011 11:25 9.75in x 6.5in Handbook of Security and Networks b1059-fm PREFACE As computing and networking technologies are gradually integrated with every aspect of human lives and activities, computer and network security has become a critical issue The Handbook of Security and Networks presents a collection of recent advances in computer networking and security areas These include applied cryptography, access control, authentication, anonymity, network attacks, malware, key management, anomaly detection, network security applications, and other security issues in computer networks More than fifty internationally recognized authorities in the field of security and networks contribute articles in their areas of expertise These international researchers and practitioner are from highly-respected universities, renowned research institutions and IT companies from all over the world This handbook is an essential source of reference for professionals and researchers in the areas of security in computer and networks, and as a text for graduate students in these fields This book is made possible by the great efforts of our contributors and publishers We are indebted to our contributors, who have sacrificed days and nights to put together these chapters for our readers We would like to thank our publishers Without their encouragement and quality work, we could not have this book Finally, we are grateful that our families have continuously supported us Yang Xiao Department of Computer Science The University of Alabama 101 Houser Hall, Box 870290 Tuscaloosa, AL 35487-0290 USA E-mail: yangxiao@ieee.org Frank Haizhon Li Division of Mathematics and Computer Science University of South Carolina Upstate Spartanburg, SC 29303, USA E-mail: fli@uscupdate.edu Hui Chen Department of Mathematics and Computer Science Virginia State University P.O.Box 9068, Petersburg, VA 23806 USA E-mail: huichen@ieee.org ix February 23, 2011 538 11:25 9.75in x 6.5in Handbook of Security and Networks b1059-ch21 F Hu, N Verma and Y Xiao values of p, where p is prime, this is extraordinarily difficult to — much more difficult than just finding y from g, x and p ECC defines its group differently, and is, in fact, the difference in how the group is defined and particularly how the mathematical operations within the group are defined that give ECC its greater security for a given key size 21.3.8 The Elliptic Curve Discrete Logarithm Problem The elliptic curve discrete logarithm problem [11] is the cornerstone of much of present-day elliptic curve cryptography It relies on the natural group law on a nonsingular elliptic curve which allows one to add points on the curve together Given an elliptic curve E over a finite field F , a point on that curve, P , and another point you know to be an integer multiple of that point, Q, the problem is to find the integer n such that nP = Q The problem is computationally difficult unless the curve has a ‘bad’ number of points over the given field, where the term ‘bad’ encompasses various collections of numbers of points which make the elliptic curve discrete logarithm problem breakable For example, if the number of points on E over F is the same as the number of elements of F , then the curve is vulnerable to attack It is because of these issues that point-counting on elliptic curves is such a hot topic in elliptic curve cryptography The inverse operation to point multiplication finding a log in a group defined on an elliptic curve over a prime field is defined as follows: given points Q and P , to find the integer k such that Q = kP mod s This is the elliptic curve discrete logarithm problem and this is the inverse operation in the cryptosystem, the one we effectively have to perform to get the plaintext back from the cipher text, given only the public key Now naively, the obvious, certain way of finding k would be to perform repeated addition operations stepping through P , 2P , 3P , and so on, until we find kP Begin by doubling P , then adding P to 2P finding 3P , then 3P to P finding 4P and so on This is the brute force method The difficulty with this approach is by using a large enough prime field, and the number of possible values for k becomes inconveniently large It is so inconveniently large that it’s quite not practical to create a sufficiently large prime field that searching through the possible values of k would take all the processor time currently available on the planet thousands of years 21.3.9 Elliptic Curve Groups Many cryptosystems require the use of algebraic groups [2] Elliptic curves may be used to form elliptic curve groups A group is a set of elements with customdefined arithmetic operations on those elements For elliptic curve groups, these specific operations are defined geometrically Introducing more stringent properties to the elements of a group, such as limiting the number of points on an elliptic February 23, 2011 11:25 9.75in x 6.5in Handbook of Security and Networks Security Implementation in Real Wireless Sensors b1059-ch21 539 curve, creates an underlying field for an elliptic curve group Elliptic curves are first examined over real numbers in order to illustrate the geometrical properties of elliptic curve groups Thereafter, elliptic curves groups are examined with the underlying fields of Fp (where p is a prime) and F2 m (a binary representation with 2m elements) 21.3.10 Advantages of ECC ECC offers considerably greater security for a given key size The smaller key size also makes possible much more compact implementations for a given level of security This means faster cryptographic operations, running on smaller chips or more compact software This also means less heat production and less power consumption — all of which is of particular advantage in constrained devices, but of some advantage anywhere else There are extremely efficient, compact hardware implementations available for ECC exponentiation operations, offering potential reductions in implementation footprint even beyond those due to the smaller key length alone 21.4 LEAP: Localized Encryption & Authentication Protocol LEAP stands for Localized Encryption and Authentication Protocol [5]; it is a protocol for managing the key for the sensor networks These sensor network are supposed to construe the network security so that even a node gets compromised it doesn’t affect the immediate network neighborhood of the compromised node With the help of application level information and use of node level density, the nodes can be turned off as per requirement The design module is based on the pragmatic observation that different messages may have different security requirement based on the source and destination nodes Hence LEAP supports the establishment of four types of keys for each sensor node: • • • • An Individual key shared with the base station, A Pair Wise key shared with another sensor node, Cluster key shared with multiple neighboring nodes, Group key that is shared by all the nodes in the network, depending on the number of nodes in the network The key based system is based on symmetric key schemes The degree of key sharing between nodes in the system is a major deciding factor The most practical approach for embedding or bootstrapping secret keys in sensor networks is to use pre-deployed keying in which keys are loaded into sensor nodes before they are deployed There are two extremes for sharing the keys: One is the extreme use of shared key all throughout the network and other extreme is sharing pair wise keys for all pairs of nodes With the pair wise keys the probability that the nodes will be February 23, 2011 11:25 9.75in x 6.5in 540 Handbook of Security and Networks b1059-ch21 F Hu, N Verma and Y Xiao compromised is rare but under this approach, each node will need a unique key for every other node that it communicates with Moreover, in many sensor networks, the immediate neighbors of a sensor node cannot be predicted in advance; consequently, these pair wise shared keys will need to be established after the network is deployed One mode of communication is passive participation in which in-network processing of s sensor node can take certain actions based on overheard messages But for this the entire network should share the same key so that intermediate nodes can encrypt/decrypt the messages On the other hand, if a pair wise shared key is used for encrypting or authenticating a message, it effectively precludes passive participation in the sensor network LEAP also includes an efficient protocol for inter-node traffic authentication based on the use of one-way key chains A salient feature of the authentication protocol is that it supports source authentication Assumptions made by this protocol to be established include that every node has space for storing up to hundreds of bytes of keying materials; the sensor nodes can be deployed via aerial scattering or by physical installation; also if a node is sabotaged all the information is lost and the adversary can inject/eavesdrop/fake model/network hog or use any other method to compromise the nodes Now the four main categories of keys are as follows subsections [5] 21.4.1 Individual Key Every node has a unique key that it shares pair wise with the base station This key is used for secure communication between a node and the base station This can be used to send individual observation and data collected by nodes It can be used by the base station too to send individual commands, authentications etc This key is generated and pre-loaded into each node prior to its deployment In this scheme the controller might only keep its master key to save the storage for keeping all the individual keys When it needs to communicate with an individual node u, it computes its individual key based on a pseudo random function on the fly Due to the computational efficiency of pseudo random functions, the computational overhead is negligible 21.4.2 Group Key This is a globally shared key that is used by the base station for encrypting messages that are broadcasted to the whole group Since the group key is shared among all the nodes in the network, an efficient re keying mechanism is necessary for updating this key after a compromised node is revoked 21.4.3 Cluster Key This category of key is shared by a node and all its neighbors, and it is mainly used for securing locally broadcast messages, specifically in heterogeneous systems, e.g., routing control information, or securing sensor messages February 23, 2011 11:25 9.75in x 6.5in Handbook of Security and Networks Security Implementation in Real Wireless Sensors b1059-ch21 541 21.4.4 Pair wise Shared Key Every node shares a pair wise key with each of its immediate neighbors This will be used to communication sensitive information, data commands that require privacy or source authentication F or example, a node can use its pair wise keys to secure the distribution of its cluster key to its neighbors, or to secure the transmissions of its sensor readings to an aggregation node For nodes whose neighborhood relationships are predetermined, e.g., via physical installation, pair wise key establishment is simply done by preloading the sensor nodes with the corresponding keys 21.4.5 Multi-hop Pair wise Shared Keys These keys are used to send readings to an aggregation node or the cluster head that is multiple hops away This can be extend from the (one-hop) pair wise shared key establishment scheme discussed above for the establishment of two-hop pair wise keys Specifically, once a node discovers its neighbors in the neighbor discovery phase, it then broadcasts their ids As a result, a node discovers all the nodes that can be reached in two hops It can then establish a pair wise shared key with all the nodes that are two hops away using the same scheme it used for one-hop pair wise key establishment 21.4.6 Group Keys A group key is a key shared by all the nodes in the network, and it is necessary when the controller is distributing a secure message, e.g., a query on some event of interest or a confidential instruction, to all the nodes in the network One way for the base station to distribute a message M securely to all the nodes is using hop-by-hop translation Specifically, the base station encrypts M with its cluster key and then broadcasts the message Each neighbor receiving the message decrypts it to obtain M , re-encrypts M with its own cluster key, and then re-broadcasts the message The process is repeated until all the nodes receive M However, this approach has a major drawback, i.e., each intermediate node needs to encrypt and decrypt the message, thus consuming a non-trivial amount of energy on computation Under LEAP [5], µTESLA is implemented as broadcast authentication protocol µTESLA assures the authenticity of a broadcast message by using one-way key chain and delayed key disclosure 21.4.7 Advantages of LEAP The combinational use of LEAP’s keys can give rise to a robust key structure: LEAP uses µTESLA for inter-node traffic authentication based on the use of one-way key chains The mechanism enabled easy flow of net work processing at the same time posing a thick wall to the outer nodes and invaders which may want to compromise the network nodes February 23, 2011 542 11:25 9.75in x 6.5in Handbook of Security and Networks b1059-ch21 F Hu, N Verma and Y Xiao The key establishment and key updating procedures used by LEAP are efficient and the storage requirements per node are small LEAP provides a flexible way to provide security, by using combination of its keys it can form a robust network and the same can be relaxed by implementing one kind of key and authentication scheme can prevent/increase the difficulty of launching security attacks on sensor networks 21.5 SPINS: Security Protocols for Sensor Networks SPINS [6] present a suite of security protocols in the form of two building blocks are follows: SNEP (data confidentiality and party authentication) µTESLA (one way authenticated broadcast) The network is bootstrapped with shared secret key between nodes and the base station SNEP advocates low communication overhead by adding only bytes per message It provides two flavors of data freshness: weak and strong Strong data freshness is achieved when the randomly long unpredictable number (called nonce) is used in case of repetitive data to preserve semantic security for e.g., ‘yes’ and ‘no’ Data sent from point A to point B comprises of requested message R and MAC The requested message is composed of encrypted Kencr key & counter C It is like beaconing and adds an additional layer of indirection and privacy MAC is a function of Kmac (derived from Master key), nonce and counter Data ready to send is stated as follows: {R} Kencr,C , MAC (Kmac , Na |C|{R} Kencr,C ) The Counter C is used to save energy instead of sending long randomized data over RF channel Weak data freshness is achieved by using only the counter as follows: data from node A to node B is encrypted with Kencr and C It is later concatenated with MAC which is a function of Kmac and encrypted data In notational language, data ready to send is stated as follows: {D} Kencr,C , MAC (Kmac , C|{D} Kencr,C ) µTESLA promotes symmetric key communication by loosely time synchronizing the nodes with the base station It implements modified one way authentication from TESLA as follows To send an authenticated packet, the base station simply computes a MAC on the packet with a key that is secret at that point in time When a node gets a packet, it can verify that the corresponding MAC key was not yet disclosed by the base station (based on its loosely synchronized clock, its maximum synchronization error, and the time schedule at which keys are disclosed) Since a receiving node is assured that the MAC key is known only by the base station, the receiving node is assured that no adversary could have altered the packet in transit The node stores the packet in a buffer At the time of key disclosure, the base station broadcasts the verification key to all receivers When a node receives February 23, 2011 11:25 9.75in x 6.5in Handbook of Security and Networks Security Implementation in Real Wireless Sensors b1059-ch21 543 the disclosed key, it can easily verify the correctness of the key If the key is correct, the node can now use it to authenticate the packet stored in its buffer Two main points worth mentioning is that this requires additional buffer, processing time and proper time synchronization Also MAC key is a key of a key chain, generated by a public one-way function F To generate the one-way key chain, the sender chooses the last key Kn of the chain randomly, and repeatedly applies F to compute all other keys: Ki = F (Ki + 1) Energy Costs are as follows: Encryption Computation