 Building and breaking wireless peering networks. MANE is really simple. The idea is that if you have a network that can configure itself, then you don't need network administrators. Mobile ad hoc networks should be very fast. They should deliver voice over IP quality traffic. If you move from cell to cell or regions or zones, or if your regions or zones are 50, 60, 90, 500 mile an hour moving groups, flocking together or working together, I can't think of anything Lebanon that would need fast moving communications networks. But the idea is really simply that when the infrastructure breaks, when everything else fails, you can make your own network all by yourself the same way that we all make friends. In Hurricane Katrina we saw that all of the emergency responders equipment was fucked, all the delivery of goods and services was bent, all the phones did not work, all the Wi-Fi and Wi-Max and whatever the hell else your star technology is, broke because the power went out, and broke because the phone lines went down, and broke because the towers fell down, and broke and broke and broke and broke. Mobile ad hoc networks are MANE. Do not have those same problems. If you can get batteries, you can make a network. You can make a network that works, and ideally a network that works at full cell phone quality or IP packet delivery quality. The beautiful thing of MANE and the problem of MANE is that there's no central administration. And I mean none. You're not allowed to have central passwords. You can't have online authentication. You can't have servers. You can use them, but you can't count on them being there because by their very nature if a group of users splits into two groups of users, the resources in this group and the resources in this group can no longer talk to each other and since they can no longer talk, if your server's here and your client's here, then you don't have a client-server architecture. You're bent and it doesn't work. So you have to rethink all the problems. You have to figure out a new way to build a secure system. And once you've done that, then the entire network works and you don't need a freaking subnet. No more DNS server addresses. It's really, really nice when you can make it work. It works in hostile environments. Mobile ad hoc networks should resist service attacks. They should resist man-in-the-middle attacks. They should resist network floods. They should do a lot of things. And what I'm going to show you a little later is a demonstration of a network that doesn't. And this will be probably the most robust network that exists today outside of the things that I've been working on, which are not really ready for all y'all yet. So the best things that exist are not good enough and they are not getting better at all. Shannon is one of those guys like Einstein who just figures out the right thing at the right time and tells everybody and then busts your balls because you can't beat him. Shannon's law says that power and distance and bandwidth are fundamentally related. You can use more power to get more bandwidth. You can use more power to get more distance. The funny thing is if you buy twice as much power, you get twice as much bandwidth. But if you want twice as much distance, you need four times as much power. And this is why mobile ad hoc networks will eventually be the way the world works. It is simply the fact that Shannon says to all of us that it costs the square of the cost to buy more distance with just bigger and bigger networks or bigger and bigger wireless footprints. But it's only a linear increase in cost to have more and more nodes on a network as long as you keep the transmission power small. You can have nice, good, clean bandwidth that only goes a few hundred feet per hop. Your latency is a little higher, but in most of the applications in the world that we're working with, I mean, you can get across the entire fricking internet in 20, 30 milliseconds, so a few extra hops isn't going to be noticeable to Jitterbuffer and a voiceover IP stack. The problems with mobile ad hoc networks are very simple, and this has been the case since RIP, since the Bellman Ford algorithm was invented in the late 50s. The networks don't scale, and it is really a total bitch to make a voluntary security system. In fact, you pretty much need to have the entire model of human interaction in your security model because you wake up in a desert one day and there is one other device in the world. Do you trust it? Do you care? Does it matter? Well, if that person has the water and is just a little out of sight, you really care. If that person knows where the water is and is going to lie to you, you really are just better off than in the first place. So it's difficult to know before you make friends how much you're going to get bent by the evilness of your new friends. Mobile ad hoc networks have that exact same problem at every level. Link layer, routing layer, circuits, discovery and naming, every single problem in humanity is reflected in mobile ad hoc networks. Again, as I was saying earlier, people move a lot. Wireless and wired networks don't, and mobile ad hoc networks purport to solve the problem of making networks where the people are. The problem is that since people move a lot, they path through the network changes very rapidly. If two people are in a line in front of you and they're the two hops you need to go through to get to where you're going, and they switch places, it's very easy to see a routing loop forming. It's very easy to see a lot of routing problems. It's just so much easier to build infrastructure solutions. What a commercial person is going to tell you is that it's just so much easier to build infrastructure. Besides, you have to pay to use the infrastructure whether or not you're using the infrastructure. Your phone bill doesn't come proportional to the amount of use you get out of your phone. Your phone bill comes proportional to the amount of money they can pull out of your freaking wallet. They don't have to justify the costs. They don't have to do anything. They just need you to believe that there's no better solution. The only people that will change that fact is you and you and you and your dollars. You put your money into equipment, you put your money into investments and technology that makes mobile ad hoc and peer-to-peer networks, your phone bill will go down. I can't say it any simpler than that. Fixed mesh networks or hybrid infrastructure is what the commercial carriers are now telling us is exactly the solution to all of our problems because if infrastructure is good, infrastructure must be better. More infrastructure in these guys' case is you, the access point, more cost the infrastructure and they just add a new layer in the middle of bending you over. That's all hybrid infrastructure does for you is just make the bend over area, the footprint of where you get screwed larger. People, at least me, want a real solution. I want to say to hell with net neutrality, it's my network if I use it, it's mine. It's your network. If you use it, it's yours. We cannot have a life where there's a middle of the world and a backbone that we owe somebody to connect to. We're here. We have communications devices. We should be able to fucking communicate whether or not there's a god damn signal in this lovely infrastructure free building. So I'm going to divert a little bit and talk about the science behind routing protocols because the differences between peer-to-peer networks really do fall down to the lowest bits of security or rather of the science. I won't bore you too long with this. The major types of routing protocols that exist are link state routing. This is going to be your OSPF. This is your big, gigantic network routing protocol. Then there's distance vector routing and this starts back with RIP and the really, really lame, lame, lame old protocols and goes forward with RIP. That's the new mesh network that we're all supposed to fall in love with because it scales up to 16 and maybe 30 devices. Thanks. Policy-based routing is a really great new thing where you override your other routing protocol with a text file because your other routing protocol isn't distance vector and so it sucks and so you need a text file. Cisco tells us that if we have an IP address, I'm not convinced. Distance vector routing requires that every device has a unique address. Now this is different. I'll say this again probably but in a link state routed protocol like IP or most IP networks, your interface has an address and so if I switch from say wired to wireless, my IP address changes, TCP four tuple changes and I have to use some gateway or some intermediary. I have to get help to make IP work when I disconnect the wire. If you all have seen this, I'll fuck it all suspend, undock, open it back up, reopen my sessions, wait for it. This is the problems with link state routing and why distance vector routing is so much cooler because the device itself has an address and so if you can reach the address with your Bluetooth hopping over to Wi-Fi, skipping to infrared, fine. As long as you can get to where you're going, it all works the same. So your voice over IP session just switches interfaces rather than dying and making you start over. In other words, you can undock your phone, keep talking. Applications don't distinguish transports on a distance vector network so you don't have bind to this interface. There's no need for that because I'm running, I'm bound. Partial failures. So my speaking of which, I really like HTC and these new devices. I'm not pimping for them because I'm paid, I'm pimping because I love them. These are really cool. They have EVDO which is purported to be wireless broadband plus Wi-Fi and if you have a distance vector routing protocol on it, then when EVDO fails or Wi-Fi fails, the transport just switches. It works it all out for you. Maybe you lose a few packets while it's switching. How was the device supposed to know that Singular was going to fail again? Singular is going to fail. It's just going to happen and nobody's going to know quite when or why or how. So to a user, a distance vector routed network or Mene is much more natural. The sensation is I've got something connected. It's kind of working so I'm done. In the same sense, once you can ping 4222, you're pretty much sorted out on the internet. If you can turn your device on, you're pretty much sorted out on a DV network. So because of that reason, people when they're using the devices have a much less I'm a tech geek. I know how to work this device feeling and much more of I'm a grandma and my phone works feeling. The last line here is PBTP, peer-to-peer networks, Mene, networks, allow for a high mobility index. In IP, your mobility index is roughly 0 because you can walk from one end of the access point to the other end of the access point, but on average you pretty much have to stay within one little small area and if you integrate that curve over time you pretty much have a line at 0. You're pretty much not allowed to move on the internet without stopping and restarting whatever the hell it was you were doing. The challenges with DV networks are really freaking expensive to exchange your entire view of the world once a second or so and emit in packets to everyone who can hear you. Here's my version of the phone book. Throwing phone books at your friends once a second is expensive and painful and is a heavy load and we shouldn't do it. And this is why when I say AODV will scale to tens of nodes and they're proud of that because that's pretty much what it takes to do vector routing is you have to exchange the whole damn phone book because the network scales exponentially. For every device on the network every other device on the network has to add one packet entry every second hell of a cost to pay. High processing complexity I'm going to get into that in most like AODV and backward you're going to see that it's very inexpensive to run these protocols because you only have 12 devices on your network it doesn't take a machine very long to do it. When you start adding all the security features required to make this a robust and functional network then your processor goes absolutely under water. Link state routing it has very few values and a lot of challenges but it's cheap. The processing and message complexity are trivial because you can make every user in the world figure out how to type an IP address or turn on DHCP make everyone learn your networking technology even the grandmas can figure out how to call tech support and have somebody configure their computer and once because you force the user to do all the configuration and you force the user to know when they're changing transports and you force the user to do all the thinking and all the work then it is obviously comparatively inexpensive and by comparatively I mean to say probably 20, 30, 40 percent less expensive and to internet service providers that means totally unacceptable cost and I think that's a good thing to add to go to better networking protocols. Challenges with link state routing as I said every interface has a unique address. Applications have to decide which interfaces they're bound to and you've got people who think that the great idea is to secure the world by making sure that everything's bound only to the internal interface and we've all seen how much good it really does to stop binding to an interface. It's a total joke. The only value in binding is a lie. So it's not really a very big drive. Exceptionally unnatural to users. I still cannot convince my mother that networking is something that she can figure out and that she can turn on acquire an IP address automatically. She really gets stopped at the acronym IP and just says what? So it's very unnatural to users. I mean you and me and the people in this room can figure out just whatever's put in front of us but that's why we're here and the other 360 plus million of them are out there. We can do it and they pretty much can't. Link state routing demands a low mobility index and I say low because mobile IP and some solutions like that will slowly but slowly get you a better mobility index and so you can move a little bit with the great new mobility technology. So there is some motion available but very very little and you really rely on an underlying transport to sort out the handovers. EVDO or GSM data services, if you're walking from tower to tower they're handling the hiding the fact that you have an IP address for you and sorting out how to path through the networks. A distance vector algorithm wouldn't require all the extra brains of three or four or five different routing protocols to make IP look like it's working. I really hate the name of this slide but it was so funny to me because I'm such a fucking lame-er that I had to keep it. Godzilla versus Mothra or Dijkstra rather. Dijkstra's shortest path first algorithm is pretty much the core of all routing technology at some point or another. Link state routing really Dijkstra's child is the internet. Pretty much everything in the entire world runs this way except for everything in the entire world that actually matters has to switch over to distance vector routing because that's what actually works. So mesh networks of course are DVR. IGRP internal gateway routing of any kind is generally done has been done in the past with distance vector algorithms although OSPF seems to be winning a lot of wars these days. BGP is a distance vector algorithm and games and AI all use distance vector as the method of figuring out which way to drive around the map and shoot you next. So some examples of this technology and a sort of a walk from where things are bad over toward things getting better if we start with infrastructure mode Wi-Fi. You are immobile in fact the name of the protocol is WEP. Wired equivalency protocol because God you really need that wire. I think that the world of WEP and the whole notion of Wired equivalency is a horrible horrible horrible sin. I want wireless because I want to move not because I want to not plug in a cable. You have to sacrifice bandwidth exponentially to increase radius linearly as I was talking about earlier. Moreover if you're talking to someone sitting next to you through an infrastructure mode wireless network rather than routing to the wireless card that's two feet away it routes to the access point and then back to your friend and you eat the bandwidth have twice the chances for back at loss and pay twice the cost overall. It's a horrible again horrible sin. The closed security model requires user intervention. What I mean here is that you have to have a group of users for instance if you're at a T-Mobile hot spot their security model requires that you become part of their user group and this is as I was saying earlier so that they can fuck you out of more money there's no other reason whatsoever to use equipment like this except that because you have to sign up and they close the community down and it's all their rules they get to charge you to use the same wireless card that you paid for. Now the hybrid mode Wi-Fi WDS some people are calling it there are some 8 or 211S some extensions to the protocols for fixed mesh Wi-Fi and the idea here is just if you put enough access points down and give them the same SSID and hook them together on a backplane they can make it feel like you have a big big big wireless area network when in fact you just have 12 little wireless area networks but your computer doesn't die because of it. With the scalability of these networks you can get all the way up to 16 access points and I know you could never think of a place big enough to need 16 access points but it's okay because you can't have 17 you may not use them. There will not be standards for fixed mesh Wi-Fi we believe until about 2008 the client devices are still tethered it's exactly the same it's just a 4x increase in radius 16 devices are required to make your radius get 4x bigger because you have square distance problems same scalability problems of all distance vector networks that is they put in a layer of distance vector right above the infrastructure mode that you don't quite feel as bad because they're not scalable they have the sizing problems the only way you get reliable failover is to not pick up the 4x increase in radius but if you use all 16 devices to give yourself twice the radius then you can have failover in case one of the devices becomes marginally obstructed or blocked and feel like you have a more reliable network and for that you only have to pay roughly 10 times the equipment cost and 4 times the bandwidth so this spectrum allocation is where the problem gets really bad because as we know Wi-Fi only has 3 real channels 16 and 11 in the US and with 3 real channels you cannot tile a plane without having collisions and interrupts and overlaps which means that you lose bandwidth for using fixed mesh Wi-Fi even over Wi-Fi bandwidth what we really want that's me, I'm speaking for all of us because I got this microphone what we want is peer to peer networking we want to go to friends house or to a bar or to wherever the hell we want to go and we want our phone to work we want text messaging to work and we want the crush list for that cute chick over there or cute guy over there to be functional when the sidekick data service turns off we want voice over IP and 3GPP reliable message delivery I want to stream television to my phone because I'm a couch potato but I'd really like it if I could take my couch with me I want voice over IP to work I want to be able to call I want to be able to give shout outs to a bar or to my friends who are nearby I want automatic discovery I really want to know if I'm in an offline area that is, I don't know about you all but there are some bars in Seattle that have really thick walls and once you kind of go inside you're pretty much disconnected from the rest of the world they're large enough you can't see everybody not by half and you can pretty much get lost looking into the back room and looking at the cameras so I want a discovery network that says your buddy list has four people who are reachable when I go inside and be able to hit a shout out to all my friends and say where the hell are you, why aren't you back with my drink yet we want maximum mobility I want my network to work when I'm on the freeway I want my car to be able to share my iTunes with your car's iTunes the iPods that we've docked and I want to be able to listen to your crap music instead of my crap music and I don't want to have to stop and switch interfaces I don't want to have to reconfigure my world every time I decide to change what I'm doing I don't want to tell my damn computer what I'm doing I want it to figure it out for itself and more importantly I want to control my network policy this guy wants to share wants to route traffic to the internet through me and it's going to cost me, I'll pay it this guy, I don't know so well I want to be able to pick and choose who I will route traffic for who I'll put phone calls through for what people tell you is we'll take care of that for you sir and charge you understanding the link layer so getting into how to actually build a mobile ad hoc network you have to have some kind of carrier sense the basic idea here is you have to be able to detect that there are computers near yours Wi-Fi has a really decent mechanism for this beaconing or broadcast packets are fine just send out a broadcast periodically and say hey here's my device I exist I want to make love to you once you are in near enough proximity to other people who are beaconing and you can receive and understand their packets then you can detect that you have peers nearby now these don't have to be peers on your buddy list these are just people who may or may not want to route traffic for you and vice versa you need to be able to infer link quality this is really important this starts the whole issue of how to make a high quality mesh network is understanding what's a good way to route packets and what's a bad way to route packets good ways to route packets are ways that don't drop good ways to route packets are ways that don't even require a retry the basic idea here is the better you can receive packets the more reliably I should route through you and vice versa especially if our transmitters are symmetrical we need to be able to infer link quality so that we can start advertising the presence of our neighbors we'll get up to that a little bit later back to someone hey peer A I see you and I hear your packets reliably and I can receive from you and you need to hear back from your friend that he can hear you and can maybe the link quality is different radio is a crazy, crazy medium and it's very difficult to predict so you need to be able to hear back and forth how effective your link quality is because even sending a packet forward requires an ACK that little ACK packet can drop and if it does then you have to retransmit the whole big packet again so you waste time you tie up your Wi-Fi MAC and you chew up more and more bandwidth because you're still going to transmit the packet even if it was going to drop you don't know it drops until too late we need to be able to take the link quality and translate that into a link metric the idea here is to sum up the cost of links if it takes three hops and the costs are one, two and three that's a way for six units of cost almost everyone at this point has settled on latency as the costing metric so how long will it take to transmit if I've got a 99% Wi-Fi link quality it takes about 1,257 microseconds to get a packet across if I've got a 40% link quality on Wi-Fi it takes about infinity to get a packet across it'll take about eight retries it'll chew up your MAC for about 20 seconds trying to send one packet if you don't listen, won't respond and you won't have any other network traffic for about 20 seconds if you try to send across a 40% link quality send it up here with 40% link quality oh yeah I already wrote that down for you attacking the link layer really obvious and easy stuff you listen to what people are beaconing you can figure out who's around you and you can by listening to the acknowledgments of the link quality figure out who's near them you can figure out who's at the topology of the network without having any permission or access to the network at all this will not ever change that's not actually a fixable problem because again if we all want to share a network where we have personal and individual control then we at least have to agree at the base level on how the hell we're going to find each other so you're going to be able to infer the topology of a wireless mesh network unless you've got one of Beatles type 1 crypto modules then if the network is functional if the network is secure it's going to be secure by public key crypto the public key crypto is expensive the public key crypto is big and it uses big ass keys that you have to be able to freely exchange so you can retrieve people's public keys and do identity fingerprinting building new keys is fairly expensive and so it's pretty unreasonable to rekey very quickly so you can pretty effectively track people across multiple media who the hell's on the network it's not really a big crime but it's the beginning of a lot of other crimes and that's why we're here right content interception if the network is not secured you can watch the voice over IP go by there's usually an encapsulation protocol or some way that the links are being exchanged but you can usually pretty quickly figure out how to reconstruct a message stream put the voice over IP packets the RTP packets back together stream them out your local jitter buffer by your tap effectively attack in the link layer the Sibyl attack I hadn't heard this before, it's a really great name the idea is simply that you put in your packet acknowledgments for about a million people you just start dropping drop the Chinese phonebook every time you wake up and it takes people so long to figure out that you're screwing with them that they're usually so backed up that you're screwing with them again by the time it comes in next you spoof your own identity and by the time they figured out that you're spoofed by your local conom the machine just goes to hell, RAM, CPU, all gone this is of course named after Sibyl the multiple personality symptom woman in the I guess late 70s greeting flood there is just really simply you just wake up and call yourself a different name every 20, 30 microseconds and make sure that your friends think that there are about 100,000 people in the room and just sort out a simple straightforward denial of service attack and the problem again with that is only that you don't know who and how to trust it's a trust based problem and that's going to be the core of the security model that we get to in a little bit greeting and acknowledgement replay this is really simply if I greet twice instead of once you're going to think that you've received more percentage of packets from me if you're not careful if I'm lying to you about how fast I'm sending them and you're getting every other packet you still think you have 100% link quality you're going to over advertise the link to me you're going to be able to attract the traffic I'll show you guys a simulation of a relatively effective network attack attracting traffic and you'll see that it's brilliant once you've got the hack in place you can just draw all the rows into you degenerated routing is the major reason for this attack either because you want to drop everyone's packets and just screw with them or because you want to intercept and analyze or attack in some other way it increases the processing and storage requirements of everyone around you because you are making the network less effective and because the scalability concerns are always the problem so anything you can do to degenerate the effectiveness of the routing protocol is a way to turn off or destroy the functionality of the network wormhole attack is brilliant and simple if I have a 30 hop wireless network and I drag one ethernet cable from end to end the idea is for everybody on each end to route backwards toward the ends and then across the wire in the middle that's how it should work and if you do that and then draw all the traffic to you and then sniff it and monitor it before you pass it along or decide to drop it then everyone in the network thinks they're getting a good deal to route over your wire and of course one you can destroy if you're really smart about it you can destroy the network and make everyone think that the whole network is right one hop away from them and that's how you we'll talk about the wormhole attack a little more as a routing layer attack in addition to the sort of routing level problems you get the whole security model issue of opening a network and starting a new network with people you've never met before unauthorized access reduces bandwidth and gives people a really convenient way to intrude your perimeter if you've got a wireless network in the real world today that's WEP 100 feet of perimeter around the building with a secure camera so that people can't come close to you no one can afford that much real estate but with peer to peer networking it's even worse you only have to be able to get one link into the building and then you've got a whole access to the network so your security model cannot be based on the notion of a perimeter with a mobile ad hoc network selective jamming really simple if you put on a little device that listens to people transmitting and the second you see the MAC address which is what it was trying to send to you you just turn on a microwave oven open it up and turn it on for about maybe five, six hundred microseconds then you'll just destroy every packet that comes by just from that person just make them feel like they're at home in Nowheresville and more importantly because the MAC has an exponential back off and most people have eight or more retries set you're going to freeze their MAC because they're not going to be able to get any more packets out and this is a really clever clever attack that I think has been underutilized in getting people to shut the hell up on the network you can make them stop very quickly if you jam their packets quickly it'll take you about eight little bursts of five hundred microseconds to get twenty free seconds of airtime really easy way to fix the wifi bandwidth problems at Starbucks and with selective jamming you can isolate and conquer you can make sure that the packets from the network reach Joe and so Jane and Joe don't make friends you make friends for them you become the way they route traffic and they somehow can always reliably get traffic to you but just can't quite figure out how to get around that obstruction between them which is your microwave oven so to secure the link layer you need a Diffie Hellman for instance something like it DSA Key Exchange you need to be able to first be able to track the identity of the people you're talking to sort of the very core basic levels you need to be able to exchange keys, exchange identities make a decision about whether to do the key exchange and waste your own processor time to make a link and obviously in doing so you are opening yourself up to crypto attacks where you waste all your CPU running DSA Key Exchange protocols they're extremely expensive compared to like packet encryption and will destroy your processor you just make links with everybody out there so even securing the thing brings in more problems this is what I'm talking about with the fact that it's going to take us another 10 years after somebody makes a reasonable mesh network to even get to the point where it's really worth having a deep knowledge level track security because the security solutions cause security problems today work tokens the idea here is pretty straightforward there's a simple way to do a work token which is to say I will make friends with you if you prove to me that you've done something for instance, why don't you run 500 or 500,000 rounds of SHA 512 find a great cool number and as long as you meet certain cryptographic protocol requirements then I'll see that you've done a bunch of work and everyone around you will see that you've done a bunch of work and so it's pretty reasonable to waste the time to build a key exchange because you've already spent 10 or 100 or 1000 times that much power to join the network so that's a really easy and straightforward way to defend against analysis service attacks in fact work tokens I think should probably be generally applied to places where there are denial of service attacks it's just a really straightforward way to slow the problem down if it costs you a million CPU cycles to add one more name to the phone book that's then going to fall off because you can't waste the time to come back to it then it's really not worth your time to attack the network and the nice thing here is just like in humanity the work token leverages denial of service attacks versus the desire to join networks and this is the straightforward thing of you're wearing shoes you're welcome to come into the restaurant you've sort of met the bar you're tall enough to ride this ride in addition to work tokens and key exchange you need to sign your broadcasts and this is where you start getting into the real processing complexity of mayonnaise is sign broadcasts will prevent people from building new broadcasts in your name unfortunately that means everyone has to run 8 byte SHA 512 or 10 byte SHA 512 which is just not even worth the key setup most of the time the setup algorithms are so slow that the stuff is really expensive to do I'm going to keep hammering on this problem because it'll take a 400 megahertz processor and turn it into a brick in no time flat for a network of 30 devices sign broadcasts prevent outright the wormhole attack they stop it from being effective the simple part of it is the wormhole attack can still be done but only in a sense of actually improving your routing wormhole attacks cannot just destroy your network once you have signed broadcasts certified identity the idea is really simple if everyone goes to a central resource like IANA, internet, one of these big central nonprofits with a certain name then that name can be yours and it can be attached to your public key another idea would be the PGP global directory is another example of where we'd get these certified identities from as long as the identities are sensible and string based like build.microsoft.com or something like that then it's easy to do I will accept links from startoutmicrosoft.com and make yourself a nice little island of 10,000 and the certified identity also allows every user to control their policy and decide who they'll route packets for how well they'll route packets and when and why and it impedes unauthorized access obviously it can't destroy it but as long as you validate someone's certificate you know that they are at least not really really old hacker dead identity and as long as the certificate expiration time is relatively short it puts a pretty good wall up other techniques jittered timers the timing attacks on these networks are crucial to destroying the functionality and to busting into everything if you jitter your timers then it makes it very very difficult for that microwave oven to turn on it just the right moment makes it very hard you effectively have to build a oh about a gigahertz FPGA running at 2.4 gigahertz wifi frequency and able to do full processing and turn around and turn on a transmitter turning on a transmitter usually takes about 200 milliseconds which is about oh about 200 times longer than it takes to get a packet through so jittered timers will definitely reduce the risk of spoofing and sniping and makes the selective jamming very difficult transient MAC address just change your MAC address I mean this is really simple but if you heard the wifi talks earlier tonight the MAC address is your or I guess that was yesterday the MAC address is your worst enemy it tells people pretty much which stepping level in manufacture a major wifi card changing your MAC address to something bogus is completely reasonable completely acceptable won't screw with your network and will interfere with people breaking your stuff cycle it periodically to throw off listeners problem with cycling it periodically is that you're going to have to do something to keep the old MAC address and the new MAC address up while your mobile ad hoc network switches routes over to the new MAC address because your peers on the network are going to think that you're somebody else temporarily avenues for future research at the link layer it is important to understand the hidden node problem and this is simply that if Alice can hear Bob and Bob can hear Charlie Alice probably can't hear Charlie but when Alice transmit Bob rather if Alice and Charlie both transmit at the same time even though they can't hear each other Bob can't hear anything because he's just between two people yelling the hidden node problem is the basis for all two hop topologies that is if you've got Alice Bob and Charlie it's two hops between them the two hop topology is the basis for making mobility functional all y'all in the back there's more seats up here come on in ubiquitous acknowledgement really simple just there must be some really great attacks available by saying yeah I can hear you yeah I can hear you yeah I can hear you oh yeah I can hear you yeah I can hear you yeah I can hear you do that about a thousand times people will be convinced that you have a perfectly clear link and that they should really reliably trust that they can get traffic through to you as we talked about earlier rushing attacks getting packets back sooner like the SNA I can reach packets earlier today ubiquitous acknowledgement the brilliant thing here is that you can actually set off the timers of other people on the network to say that they feel like they must be backward in time so you can get their timers so far off that they won't even listen to the truth anymore and you can sort of borg their heads these are good places for some future research again I want to really stress this there is no really good set of research out there on all of this stuff there are a few Chinese University and Canadian University papers on the topics but they really only address the basic basic stuff there's so so much profit to be made in this area that some people would pick up and start attacking the networks that I'm building routing is the next layer up, once you have links you need to form routes, you need to go from one hop to the next hop to the next hop and this is fundamentally a problem of geometry as you see with the triangle here if Alice, Bob and Charlie have three links between them and it's one foot two feet and three feet of the distances then the costs of those links are one unit nine units since Shannon tells us that we always have to pay for distance by the square so if we look down in the example here one squared plus two squared is less than three squared so rather than Alice transmitting to Charlie it probably makes more sense for Alice to go through Bob to get to Charlie and if we can run this calculation fast enough then Charlie can move quite quickly we can figure out where he's going how and why and make very rapid routing updates these routes are based on advertisements that is when I am telling you if I'm Alice I'm telling you about Bob and Charlie I tell you periodically the cost with which I can reach Charlie and going back here for a second if I'm Alice in this environment I'm actually going to advertise the cost to Charlie not as nine which would be the direct route but because that would be stupid I'm not going to route that way I'm not going to pay the cost that way I'm not going to advertise the cost that way Alice is going to say I can reach Charlie for five really? Jesus alright I'm not to fly cool so if node R the recipient hears about node O the origin through some peer P then in shorthand we say that R hears P advertising about O so it's sort of backwards O begins the advertisement I'm here P picks it up it says I'm the peer of O I can hear O I've got a certain amount of cost and as R I listen to that so it's sort of a message coming from the destination back to me the source where I want to talk to the destination you need a temporal quality metric that is you need some kind of a number to say how fast can I get where I'm going so that people near me can make better decisions about how they want to get to where they're going so that people near them and so forth down the network recursively so in shorthand we say that the recipient can hear about P the peer it's on most networks that will be 3500 microseconds so if we sum it up over multiple hops P can hear about O for 3500 R can hear about O for 3000 R will say that he's going to go through P to O for 3500 and then advertise back out that because he's going to need to hop through a 3000 cost link to get to the 3500 cost link the cost for the route is 6500 Algorithms have to work very hard to avoid routing loops because it's trivial, trivial if Charlie moves around in between between A and B then both people can start to try to route the same direction the traffic can start going in storms and accelerating storms usually this causes all sorts of hell so attacking the routing layer refusal to participate black hole attack really simply just drop all data packets participate in every other way in the network drop every data packet that comes through you and it will slow people down and slow people down and slow people down it's so obvious in fact that most algorithms will have retry counts it's really easy to detect black holes simply try to send a little ping across two hops and realize that you're not getting anything through but if you send it a longer way it works then you mark that peer that you tried to route through initially as an asshole and boot them off your network grey hole drop some data packets the proportionality with which you drop data packets the exact likelihood with which you'll be detected dropping data packets so again probably not that big of a deal I count the packet drop ratio as an additional cost factor and it'll make the route look like it's very slow because retransmissions effectively just move packet loss into the time domain under estimating distance this is a far bigger problem this is effectively the wormhole attack a wormhole attack will absorb all traffic within roughly half of the distance of the wormhole so if you've got a wire that jumps 50 hops and can bring people and can advertise the packets through to the other side then for about 25 hops in all directions around each end of the wormhole there will be a sinkhole effect created and all traffic will route into the middle it's a brilliant brilliant attack very easy to do and absolutely rewarding in variant violation this is really simple just go into the algorithm wherever they say avoid routing loops less than a greater than create routing loops all day long mess people up they hate you they can't do anything about it rushing attacks first pass the post algorithms are commonly used to disambiguate what's a slow path from a fast path in the examples here with the S&A talk a minute ago or DNS response spoofing rushing attacks make it very difficult for anyone to think better than you and so first pass the post algorithms obviously are horrible we talked about earlier with the hellos and the link beacons but we do the same thing as an advertisement we say I've got routes to node 1, node 2 node 3, 4, 5 node 900,000, 900,000 1 and we do that every second you can do it at the link layer to say that I've got friends that are nearby but that's really easy to detect as bullshit advertisements way harder to detect because fundamentally they're about things that are far away from you this is effectively a simple attack on steroids the ability of any network and just absolutely crushes local routing efficiency trust based link slushion to defend this you must infer trust from your links if the link does not deliver packets reliably and it's somebody on the other side of their fault rather if Alice sends to Bob and Bob destroys the I'm so not getting through this talking time I'm actually going to stop talking and start showing because I think you probably like pretty pictures more than you care about anything I'm saying alright we'll sort that in a second so let me put a move around to this network and just first start it running for a second let me stop this and just talk about it for just a second the brightness of the links here are talking about the quality of the links bring up some different views of the same network this is a 15 seconds into the run lifetime of the network this is the topology that the network thinks it has that'll straighten itself out over time but this mobile device here is always going to cause some strange behavior if we look for what network traffic is running I'm going to run this a little longer this is going to run for a second while I talk what we're seeing here is these devices is my Dell laptop not having enough CPU in it is these devices trying to do crypto exchanges and so forth throughout traffic I run this same simulation you'll notice though that every device is connected somehow to the top left corner this is because the network is working real fast switching over putting the same network up with the mover having a rogue algorithm instead let that run for a bit see first notice that the link quality to the rogue node is perfect all the lines to the mover are white everyone thinks they can hear him perfectly it's a fundamental attack and begins the rest of things next the network topology network topology won't really change in this particular algorithm but watch what happens to the network traffic as my mouse sucks watch what happens to the network traffic these people on the bottom right as this mover as the mover makes his way around and as I talk a little longer you'll start to see these network devices over on the right hand side are losing all the traffic being drawn onto the rogue node this is exactly how you break a mobile ad hoc network and you can choose either to continue forwarding the traffic or instead you can choose to drop the traffic outright sniff it, spy it, do whatever you want to do with it I'm really sorry they're going to kick me out of here pretty soon but let me also give you all what you're actually waiting for so put that up there on the top left what nodes on the bottom right get hacked so as you can see this network is just totally destroyed by the rogue device and this is going to happen in the best of networks in the worst of networks you won't even see any network structure left at all the demo would be 16 or 25 red dots and you wouldn't see anything working because modern mobile ad hoc networks just get destroyed I'll leave that up here a little bit longer let me flip over first okay so I'm going to run through the conclusions real fast while you're all writing the URL you can have discovery you can have secure identity you can have high quality routing you can have efficient networking but you can't have it without a scalable routing algorithm which is not generally being developed except by some people that I work with you cannot ever build an effective manet without hardware cryptography I'll say this again if you don't have hardware crypto on your phone you cannot build a peer-to-peer network that will stay up I am trying to convince HTC and if you have any access to handheld device manufacturers or laptop manufacturers convince them to put AES 256 and SHA 512 on their prox if they do it, you guys can have cheap networks if they do it, you guys can have cheap networks if they do it, you guys can have free phone calls if they don't do it, you keep paying the man you shouldn't pay the man get them to put hardware crypto on your phones and we of course need fixes for 802.11 ad hoc mode which is horribly broken going forward, what you can do to hurry the future is to seek out and play with emerging protocols go find AODV go find whatever YMAX standard comes out in 2009, 2010 no kidding, that's how long YMAX is lagging for ad hoc networks because all the people who make YMAX are commercials and the lot they're the phone companies, they do not want you to help them because they do not want you to need any ad hoc equipment because they do not want you to need peer-to-peer networks because they do not want you to need free phone calls they want you to pay them and so they are not building an ad hoc networking standard until 2009, 2010 if you're not pissed off you really, really should be demand hardware crypto and use thin mac wireless cards thin macs don't do things like they don't do things like retransmit on their own they wait for the user to decide about retransmissions thin macs are far, far more effective and all of the TI and so forth wireless LANs wireless LAN chips that exist today have expensive procs a lot of extra firmware, a bunch of crap they don't need and it definitely gets in your way of doing good peer-to-peer networking thin macs just raw packet senders effectively what I'm talking about Atheros and a couple of other companies are making them demand them in your phones more importantly, Hackit I have not seen a Manay talk yet Manay has been around for ten years I've been coming here for ten years I made it through without puking Hackit for Christ's sakes go out there and get this shit and hack it break the fuck out of it so that there's something to talk about publish your results, publish your findings and embarrass the people that make this equipment today if they're not embarrassed by it you're not doing your damn jobs so thank you very much I'll leave the URL up here for a little bit