Upload
jagger
View
40
Download
3
Embed Size (px)
DESCRIPTION
Securing Distributed Sensor Networks. Udayan Kumar Subhajit Sengupta Sharad Sonapeer. Flow. Obstacles Security requirements Attacks Defense A probabilistic approach towards key management Base Station Security. Obstacles. Very limited resources Memory, power Unreliable communication - PowerPoint PPT Presentation
Citation preview
Securing Distributed Securing Distributed Sensor NetworksSensor Networks
Udayan KumarUdayan KumarSubhajit SenguptaSubhajit SenguptaSharad SonapeerSharad Sonapeer
FlowFlow
ObstaclesObstacles Security requirementsSecurity requirements AttacksAttacks DefenseDefense A probabilistic approach towards key A probabilistic approach towards key
managementmanagement Base Station SecurityBase Station Security
ObstaclesObstacles Very limited resourcesVery limited resources
– Memory, powerMemory, power Unreliable communicationUnreliable communication
– Unreliable transferUnreliable transfer– Conflicts while broadcastsConflicts while broadcasts– LatencyLatency
Unattended operationUnattended operation– Physical attacksPhysical attacks– Managed remotelyManaged remotely– No central point managementNo central point management
security requirementssecurity requirements
Data confidentialityData confidentiality Data integrityData integrity Data freshnessData freshness AvailabilityAvailability Self OrganizationSelf Organization AuthenticationAuthentication
AttacksAttacks
Sybil AttackSybil Attack Traffic analysis attackTraffic analysis attack Node Replication attackNode Replication attack Attack against privacyAttack against privacy
DefenseDefense
Focus on two methodsFocus on two methods– Key managementKey management
Provides for data confidentiality, integrity, Provides for data confidentiality, integrity, freshness and authenticationfreshness and authentication
– Securing base stationSecuring base stationTraffic analysis attacksTraffic analysis attacks
DSN Nodes have limited computation and communication capabilities.
DSN – a truly dynamic infrastructure.
So traditional approach is vulnerable and impractical.
FACT: Energy consumption for a RSA (1024-bit) is about 42 mJ whereas for a AES it is 0.104 mJ in Motorola MC68328 (a mid range processor).
A probabilistic approach A probabilistic approach towards key managementtowards key management
Solution ApproachSolution Approach
DSN node is given a key-ring of sizeDSN node is given a key-ring of size k k randomly randomly chosen from a key pool of size chosen from a key pool of size PP before deployment. before deployment.
Because of the randomness; two sets of Because of the randomness; two sets of kk keys may keys may be completely different. be completely different.
If a path of nodes sharing keys pair-wise exists then If a path of nodes sharing keys pair-wise exists then that path is used to exchange key, thus establishing that path is used to exchange key, thus establishing a direct link. a direct link.
Key Pre-DistributionKey Pre-Distribution A large pool of A large pool of PP keys (~ keys (~ 222020) and their identifiers ) and their identifiers
are generated. are generated.
kk keys are drawn randomly without replacement keys are drawn randomly without replacement to construct a particular key-ring and loaded to a to construct a particular key-ring and loaded to a node of DSN.node of DSN.
A trusted controller node saves the key identifiers A trusted controller node saves the key identifiers of a key ring and associated sensor identifier.of a key ring and associated sensor identifier.
only a small number of keys needed to ensure only a small number of keys needed to ensure that any two nodes (at least) share a key with a that any two nodes (at least) share a key with a certain probability.certain probability.
Experimental result shows that, for a probability = Experimental result shows that, for a probability = 0.50.5, only , only 7575 keys drawn randomly out of a pool of keys drawn randomly out of a pool of 10,00010,000 keys need to be on any key ring of a node. keys need to be on any key ring of a node.
Shared-key discoveryShared-key discovery
Goal - discover the node with which it shares a key. Goal - discover the node with which it shares a key.
The easiest way - Broadcasting.The easiest way - Broadcasting.
Hide key-sharing patterns among nodes from an Hide key-sharing patterns among nodes from an attacker and establish private shared-key discovery. attacker and establish private shared-key discovery.
The recipient decrypts it with the proper key.The recipient decrypts it with the proper key.
Creates the routing topology that guarantees the Creates the routing topology that guarantees the existed secured link, as a link implies sharing of a existed secured link, as a link implies sharing of a key. Also sharing of 2 or more keys between sensor key. Also sharing of 2 or more keys between sensor nodes doesn’t cause a link security exposure.nodes doesn’t cause a link security exposure.
Path-key EstablishmentPath-key Establishment
A path-key is assigned to selected pairs of A path-key is assigned to selected pairs of sensor nodes that do not share a key.sensor nodes that do not share a key.
But they are connected by two or more links at But they are connected by two or more links at the end of the discovery phase of the shared-the end of the discovery phase of the shared-key.key.
key-ring size (key-ring size (kk) is determined anticipating the ) is determined anticipating the fact of revocation and incremental addition of fact of revocation and incremental addition of new sensor nodes, since both may require the new sensor nodes, since both may require the execution of the path key establishment phase execution of the path key establishment phase after shared-key discovery.after shared-key discovery.
Some issues of DSNSome issues of DSN
Revocation.Revocation.
Re-Keying.Re-Keying.
Resiliency to node capture.Resiliency to node capture.
AnalysisAnalysis
pp = prob. of existence a shared key between 2 nodes. = prob. of existence a shared key between 2 nodes.nn = number of nodes. = number of nodes.dd = = p*(n-1)p*(n-1) = expected number of edges connecting that = expected number of edges connecting that
node with its neighbor.node with its neighbor.
Now we will try to find Now we will try to find dd so that DSN will be connected. so that DSN will be connected.
We also want to determine the pool size of keys (We also want to determine the pool size of keys (PP) ) given a limit for given a limit for kk keys in each node for a DSN of keys in each node for a DSN of nn nodes where nodes where dd is given under a neighborhood is given under a neighborhood connectivity constraint (say connectivity constraint (say n’n’ = neighborhood = neighborhood connectivity of a node connectivity of a node n’<< nn’<< n). [ practically ). [ practically kk is limited is limited by memory size of a node]by memory size of a node]
Analysis…(contd.)Analysis…(contd.)
PPcc = lim prob. = lim prob. [[G (n,p)G (n,p) is connected] is connected] == exp (exp(-c)) exp (exp(-c)) n-> infn-> infwhere where pp = = (ln(n) /n) + (c/n) (ln(n) /n) + (c/n) [ [cc is any Real constant] is any Real constant]
p’ = d/( n’ - 1) >> p. So p’ precisely gives us the probability that 2 nodes
share at least a key from their k sized key-ring that was chosen from a pool of size P [not a sensor design constraint and may be very big].
Given n we can find p so that G is connected with PPc .c .
We have to find out P for a given k and for a p’ .
Analysis…(contd.)Analysis…(contd.)
p’ =1-prob. ( two nodes don’t share a key)
= 1 - (P-k ) C k / P C k
Using Sterling Approximation : n ! ≈ (2)1/2 (n)n+(1/2) e-n
So we have, p’ = 1- [(1-k/p)2(P-k+(1/2)) / (1-2k/P) (P-2k+(1/2))]
Important ConclusionsImportant Conclusions
Size of a DSN (Size of a DSN (nn) has little effect on the expected ) has little effect on the expected degree of a node required to have a connected graph.degree of a node required to have a connected graph.
If If PP = = 10,00010,000 then only then only kk = = 7575 keys are required to be keys are required to be distributed to any two nodes to make distributed to any two nodes to make pp = = 0.50.5 to share to share a key from their key ring. Now for a key from their key ring. Now for kk = = 250250 if we take if we take PP = = 100,000100,000. This proves the scalability.. This proves the scalability.
““Almost certain” connectivity through shared-key for Almost certain” connectivity through shared-key for a a 10,00010,000-node DSN, a key ring of size only -node DSN, a key ring of size only 250250 have have to be pre-distributed. to be pre-distributed.
Base Station SecurityBase Station Security
Multi-path routing Multi-path routing to multiple base to multiple base stationsstations
Confusion of Confusion of address fieldsaddress fields
Relocation of base Relocation of base stationstation
Multiple Base StationsMultiple Base Stations
Route DiscoveryRoute Discovery
Route RequestRoute Request
Route FeedbackRoute Feedback
Multiple Base StationsMultiple Base Stations
Multi-path data routingMulti-path data routing
Compute the connectivity information from the feedback Compute the connectivity information from the feedback messagesmessages
Compute global topology of the networkCompute global topology of the network
Compute redundant routes for each nodeCompute redundant routes for each node
Construct forwarding tables for each nodeConstruct forwarding tables for each node (forwarding table entry <D,S,IS> for each route node lies)(forwarding table entry <D,S,IS> for each route node lies)
Dispatch the forwarding tablesDispatch the forwarding tables
Multiple Base StationsMultiple Base Stations
Multi-path data routing (cont’d)Multi-path data routing (cont’d) (Computing 2-redundant routes)(Computing 2-redundant routes)
Choose two independent paths for any desired Choose two independent paths for any desired node Anode A
First path to the closest base station (Use BFS)First path to the closest base station (Use BFS)
Second path to any base station (Three s1, s2, s3 Second path to any base station (Three s1, s2, s3 sets of nodes) sets of nodes)
Disguising Base station locationDisguising Base station location
During route During route discoverydiscovery
Reversible hash Reversible hash function H(x) , shared function H(x) , shared key Kckey Kc
For each ID m, For each ID m, computecompute
Cm = {x: H(x) = m}Cm = {x: H(x) = m}
After route After route discoverydiscovery
Pair-wise keys for Pair-wise keys for each neighbor nodes each neighbor nodes on the same routeon the same route
Sent along with the Sent along with the forwarding tablesforwarding tables
Base Station RelocationBase Station Relocation
Uniform Random Uniform Random DeploymentDeployment
Attack on vicinity of Attack on vicinity of Base stationBase station
Both Base stations on Both Base stations on the opposite edgesthe opposite edges
Base Station RelocationBase Station Relocation
Dense–sparse Dense–sparse GraphGraph
Attack on the center Attack on the center of the dense part of the dense part
One Base station on One Base station on dense-sparse edgedense-sparse edge
Other Base station on Other Base station on opposite to firstopposite to first
Thank You Thank You