Mario Cagalj
Security is at the core of any communication system and, in particular, of wireless (radio) networks. In this thesis, we focus on three important security aspects in the framework of wireless networks: selfish (noncooperative) behavior at the Medium Access Control (MAC) layer, "radio channel jamming"-based Denial-of-Service (DoS) attacks against sensor networks and secure key agreement in peer-to-peer wireless networks. In the context of selfish behavior at the MAC layer, we focus on single collision domain Carrier-Sense Multiple-Access with Collision Avoidance (CSMA/CA) networks. We use both cooperative and non-cooperative game theory to model and analyze the co-existence of multiple CSMA/CA selfish users. Using insights from the game theoretic analysis, we propose a simple channel access protocol that discourages selfish behavior and results in the optimal and fair allocation of the available bandwidth. We perform an extensive evaluation of the proposed protocol. We then consider two types of malicious behavior. The first type deals with an adversary who tries to obstruct the operation of a wireless network by jamming the used radio channel. The second type is concerned with an adversary who interferes with a key agreement protocol executed between parties that use a radio link, in an attempt to learn their private information or to fool them into accepting fake messages as genuine. Concerning the first kind of malicious behavior, we focus on wireless sensor networks, perhaps the most vulnerable category of wireless networks to this kind of threat. An adversary can mask the events that the sensor network should detect by stealthily jamming an appropriate subset of the nodes; in this way, he prevents them from reporting what they sense to the network operator. Therefore, in spite of the fact that an event is sensed by one or several nodes (and the sensor network is fully connected), the network operator cannot be informed on time – we call this the coverage paradox. To mitigate this problem, we propose a reactive defense mechanism based on wormholes, which were so far considered to be a security threat. In our solution, thanks to channel diversity, the nodes under the jamming attack are able to create (probabilistically) a communication route that is resistant to jamming; thus, appropriate information can be conveyed out of the jammed region. We develop appropriate mathematical models to study the proposed mechanisms. Concerning the second kind of malicious behavior, we focus on the problem of a user-friendly key agreement (and message authentication) in settings where the users do not share any authenticated secret or certified public key in advance. We base our approach on the Diffie-Hellman key agreement protocol, which is known to be vulnerable to the "man-in-the-middle" attack if the users involved in the protocol do not share any authenticated information about each other (e.g., public keys, certificates, passwords, shared keys, etc.) prior to the protocol execution. We solve the problem by leveraging on the natural ability of users to authenticate each other by visual and verbal contact. We propose three techniques: the first is based on the visual comparison of short strings, the second on distance bounding, and the third on a novel concept called integrity codes (I-codes). In each case, the users do not need to enter any password or other data, nor do they need physical or infrared connectivity between their devices. We analyze our protocols using a well-established methodology that leads us to a rigorous modularization and a thorough robustness proof of our proposal. We also provide an implementation of I-codes.
EPFL2006
