View
218
Download
0
Category
Preview:
Citation preview
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 1/26
Intrusion Detection System
WSN
Information Security Research Laboratory
http://seclab.inha.ac.kr/
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 2/26
Topics
• IDS Challenges in WSN
• SPINS: Security Protocol for Sensor Network
• Efficient anonymity schemes for clusteredwireless sensor networks.
• Placement Problem.
• Signature Update.
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 3/26
IDS Challenges in WSN
• Authentication.
• Anonymity(prevent compromising).
•
Node placement.• Signature Update.
SPINS: Security Protocol for Sensor
Network
Adrian Perrig, Robert Szewczyk, JD,VectorWen, and Davide Culler
Springer 2002
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 4/26
Introduction
– Symmetric techniques
• The secret keys are pre-distributed among sensors beforetheir deployment.
• Due to the limitation on memory, symmetric key techniques
are not able to achieve both a perfect connectivity and aperfect resilience for large-scale sensor networks.
– Public key cryptography
• eliminate the connectivity and resilience problems.
• Common criticism: computational complexity andcommunication overhead.
– ECC signature verification: 1.62s (160-bit Atmega 128)
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 5/26
System Assumptions
• Communication Architecture:• The broadcast is the fundamental communication way.
• The network topology is tree which the BS is the root.
•
The sensors cooperate to pass the packets from the leaves tothe root.
• The communication patterns categorized into :
• NodeBs
•BS node
• Bs All Nodes.
• Node node
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 6/26
• They assumed sensors are not trusted.
• The nodes in initialization phase trust the BS
but not after this phase.
• The protocol achieve security requirements
like data authentication, data integrity, and
data freshness.
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 7/26
Notation
Na Nonce by node A (freshness)
Xab Master secret key sheared between A, B
kab Secret encryption key derived from Xab
K’ab Secret MAC key shared FXab(2) wher F() is Pseudo Random function
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 8/26
SNEP
• The two parties A, B shared XAB and derived
the comm. Keys KAB=FX(1), KBA=FX(3), K’AB=FX(2),
K’BA=FX(4).
• The encrypted data E(D){K,C}, and MAC(K’,C||E)
• The complete message from AB is:
A
B: (D){KAB
,C}, MAC(K’AB
,C|| (D){KAB
,CA
})
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 9/26
Counter Exchange Protocol
• AB: CA
BA: CB , MAC(K’BA,CA||CB)
A
B: MAC(K’ AB,CA||CB)• How does the synchronization of the counter
be?
•
AB: CA, MAC(K’AB,CA)BA: CB , MAC(K’BA,CA||CB)
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 10/26
µTESLA
• Requirements:
• The BS and Nodes be loosely synchronized.
•
Each node know the upper bound of max.sync. error.
• Each node loaded with commitment key K0.
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 11/26
µTESLA cont.
• The BS compute the MAC (K,P) where K
unknown for receiver at sending time.
• Ki=F(Ki+1)
• K0=F(F(K2))F F F F F F
K0 K2K1 K3 K4 K5P1 P2 P3 P4 P5 P1 P2
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 12/26
µTESLA detailed description
• Sender phase.(keys generation e.g. MD5)
• Sending Auth. Packet.
•
Bootstrapping new receiver.(parameters of sync.)• MS: NM
• MS: TS|Ki|Ti|Tint|δ,MAC(KMS,NM| TS|Ki|Ti|Tint|δ)
• Auth. received packet.
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 13/26
Node to Node key agreement
• If node A(IDS) want to communicate with
node B.
• They use trusted party BS because the share
master secret key with it (XAS,XAB).
• AB: NA,A
BS: NA,NB ,A,B, MAC(K’BS,NA|NB|A|B)
SA: {SKAB}KSA,MAC(K’ SA,NA|B|{SKAB}KSA)
SB: {SKAB}KSB,MAC(K’ SB,NA|B|{SKAB}KSB)
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 14/26
“Efficient anonymity schemes for clustered wireless
sensor networks”
Satyajayant Misra and Guoliang Xue
Inderscience,Wireless Network 2006
Arizona State University
• Authentication.
• Anonymity(prevent compromising).
•
Node placement.• Signature Update.
IDS Challenges in WSN
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 15/26
Requirements for anonymity in a CWSN
• SN can communicate with any other SN in its
neighborhood and the BS in an anonymous .
•
Routing of messages is anonymous• The nodes in a cluster are indistinguishable.
• SNs outside the neighborhood of a cluster
cannot figure out the CH of the cluster.
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 16/26
• 2k pseudonyms
• Continuous chunk of size 2L
•
The total chunk N2
K bit
…. ….
N2
2L
Framework for the anonymity
schemes
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 17/26
• Each node produce table and for scheme
management.
• SN assign chunk for comm. With node v from (N)
• In secure way:
• UV: chunk
• VU:chunk
• The sender & receiver IDs became:
i + index v
i’ + index u
Table of node u
Sender: index u|| IDvu
Receiver: index v || IDuv
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 18/26
• Authentication.
• Anonymity(prevent compromising).
•
Node placement.• Signature Update.
IDS Challenges in WSN
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 19/26
Cluster Construction
R
Wait for a random amount of timeTimeout and elect itself as a clusterheadGrow the cluster iterativelyLegitimate Cluster
R
R
R
mR
mR
mR
mR
Network partition constructedValid cluster
LOCI: Local Clustering Service for Large Scale Wireless Sensor Networks (Springer 06, Vineet Mittal)
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 20/26
A
R
Placement Problem
CH
IDS
IDS
IDS
IDS
Tree Based
Tree Based
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 21/26
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 22/26
• Authentication.
• Anonymity(prevent compromising).
•
Node placement.• Signature Update.
IDS Challenges in WSN
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 23/26
Signature Update
• The problem of multi pattern matching
technique is preprocessing phase.
• We have two choices(rebuild in node, send to preprocessed signature )
Send new signature from BS
-Less comm. Overhead
-Processing overhead
Send whole table to IDS node
-Intensive comm. Overhead
-Less node processing overhead
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 24/26
Thank You Any Question ?
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 25/26
7/29/2019 Spins protocol
http://slidepdf.com/reader/full/spins-protocol 26/26
Recommended