This project is targeted at developing security solutions for the next generation of wireless systems. The future for wireless technologies is tending toward several prominent trends: increasing the programmability of the wireless platform itself, further miniaturization of the wireless device, and integration of the wireless device in new application domains. Such trends are represented by the emergence of cognitive radio technologies, embedded systems of ultra low-power wireless transceivers, vehicular ad hoc networks, cyberphysical and SCADA systems, and a new wave of wireless standards (e.g. WiMax). The threats facing these new systems will be similar but different from traditional “wireless security threats”, and will span the layers and involve computing and communication threats. The security and privacy efforts at WINLAB constitute a multi-faceted effort, aimed at addressing security needs across the protocol stack. At the foundation of WINLAB’s security efforts is the realization that securing wireless systems must involve both traditional cryptographic protocol design, as well as techniques that leverage the unique properties of the wireless domain. Consequently, significant amount of effort is being devoted to developing security at the physical and medium access control layer. Additionally, many projects are oriented towards securing new classes of secure applications that leverage location future (such as ensuring that a laptop cannot be taken from a building or that a file can only be accessed inside a secure room). The overall goal of this project is to design a general wireless security architecture that meets the full range of future application and network needs, while also supporting the graceful migration from current security implementations.
Figure 1 - Results from a system implementation of
SEVILLE’s key extraction from the wireless channel.
The rapid adoption of wireless technologies promises to provide a new era of customized applications for the user—ranging from high throughput, wide area media coverage to new pervasive computing applications involving millions of transceivers attached to everyday items. One hurdle that threatens the introduction of new services on future wireless networks is the lack of thorough and well-defined security solutions that meet the challenges posed by wireless networks. We believe that an integrated approach to security development, which considers both network and application specific issues, is critical to facilitating the ultimate deployment of a secure, pervasive computing infrastructure. In particular, security algorithms and protocols for wireless computing must be designed to consider the resource limitations of network nodes, the mobility of network nodes, the unique aspects of the wireless medium, and the underlying interworking of wireless networks. Further, since wireless devices will function in open environments, these networks will quite often face natural and malicious threats. Therefore, wireless networks must be able to adapt and heal themselves in the presence of active and passive threats. Finally, with the proliferation of an underlying communication infrastructure will come increased sharing of digital content, necessitating the development of solutions that will enforce digital rights management policies.
In order to provide trusted computing and communication for the broad variety of current and future wireless networks, WINLAB has initiated several security-related research initiatives, including:
- Defenses for Attacks of Radio interference in WIreless Networks (DARWIN):
Many wireless networks, such as 802.11, are susceptible to simple forms of radio interference attacks (i.e. jamming) that can prevent other wireless devices from even being to transmit or receive. DARWIN consists of methods for diagnosing the presence of radio interference, as well as defense mechanisms for coping with radio interference. One promising defense strategy is channel surfing, whereby wireless devices individually detect the presence of interference and autonomously adjust their operating frequencies in order to evade the interference and reestablish connectivity on a different channel. A second approach, known as spatial retreats, has been proposed and involves wireless nodes altering their spatial positions in order to best evade RF interference.
- SEcurity VIa Lower Layer Enforcements (SEVILLE):
SEVILLE involves using the wireless medium itself to enhance traditional approaches to authentication and confidentiality. WINLAB researchers have been developing methods to extract forge-resistant signatures that can identify wireless transmitters without requiring conventional cryptographic authentication mechanisms. This is particularly important because, without some form of identification, wireless networks are susceptible to spoofing, whereby one device can imitate another device. Further directions for investigation involve utilizing more finely measured physical layer measurements, such as exists in the digitized waveforms available to software defined radio platforms, to conduct authentication and facilitate key establishment in support of higher-layer confidentiality services.
- Securing Wireless Localization:
As more location-dependent services get deployed, the very mechanisms that provide location information will become the target of misuse and attacks. WINLAB researchers have examined the problem of securing the localization infrastructure, and have developed attack-tolerant mechanisms that shield the localization infrastructure from threats that bypass traditional security defenses. Further strategies involve developing a suite of attack-diagnosis mechanisms that identify the presence of localization attacks, and can be thought of as statistical intrusion detection mechanisms for wireless localization systems.
- >Spatio-Temporal Access Control (STAC):
The fact that wireless networks are becoming increasingly ubiquitous, however, suggests that it is not necessary to restrict access to services based solely on conventional identity-based authenticators. Rather, the wireless infrastructure can facilitate location-aware computing paradigms, where services are only accessible if the user is in the right place at the right time. For example, location-aware security services, such as ensuring that a file can only be accessed within a specific secure room, or that a laptop no longer functions when it is taken outside of a building, are not only desirable but will soon become feasible. WINLAB researchers are investigating techniques to provide access control based on the spatio-temporal context surrounding mobile users.
- Assuring Software Radios have Trusted Interactions (AUSTIN):
A new generation of wireless devices, generally referred to as software-defined radios (SDRs) or cognitive radios (CRs), are being built using programmable integrated circuits that are capable of tuning the operation of a wireless device’s protocol stack in a manner that was not previously possible with specialized, “closed” hardware. Unfortunately, security mechanisms are not available to prevent the abuse of these software radios, and adversaries may exploit the wireless medium to their advantage at the expense of the greater good. The AUSTIN project is examining: (1) the theoretical underpinnings related to distributed system regulation as it applies to software radios; (2) the development of a corresponding architecture that includes trusted components and a security management plane for enhanced regulation; (3) onboard defense mechanisms that involve hardware and software-based security, including tamper resistance and software attestation; and (4) a suite of algorithms that conduct policy regulation, anomaly detection/punishment, secure accounting of wireless resources, and associated cryptographic tools needed to support AUSTIN’s objectives.