SECURITY FOR IN NETWORK PROCESSING AND AGGREGATION

SECURITY FOR IN NETWORK PROCESSING AND AGGREGATION

Michigan Tech University1

EE5723 – Network SecurityApril 08, 2010

Outline


Overview of Aggregation Basics of non-secure aggregation Basics of secure aggregation Aggregation Protocols and Techniques

Overview of Aggregation


“Aggregation collects results from several sensors and calculates a smaller message that summarizes the important information from a group of sensors.” [1]





Aggregation is helpful as it reduces the amount of traffic on a network. This helps prolong battery life. Can provide less processing needs.

Basics of Non-secure Aggregation


A few different types of aggregation techniques: Data Centric Routing [4]. Statistical aggregation. Simple Object Access Protocol (SOAP) [9]

Data-centric routing


Data-centric routing is more about removing duplications unnecessary traffic in parents in a tree.

This could include: Duplicate packet removal Removing packets from sensors with similar

readings Three Methods:

Center at Nearest Source (CNS) Shortest Paths Tree (SPT) Greedy Incremental Tree (GIT)

Data-centric routing


Statistical Aggregation


Application of estimation theory. It can involve:

Minimums and/or maximums Different types of averaging Medians Counts Normal distributions Lots of other types of statistical inference.

SOAP in WSN


Simple Object Access Protocol (SOAP) Based on XML (Extensible Markup Language) Easily integrated into different programming

languages. Message types:

1. A node dispatching a hello message to sinks. 2. A sink sends a Remote Procedure Call (RPC) to

registered nodes. 3. Nodes responding to the RPC.

SOAP in WSN


The modified SOAP allows an adaptive Pull strategy instead of a traditional push strategy. Requestor sends request to Invoker. The Invoker processes what Requestor wants and

sends back results when the results have been obtained.

SOAP in WSN


While security was not initially implied in this protocol it could easily be adapted to one of the few techniques introduced in this presentation.

Drawbacks of Aggregation


More computation for internal nodes More delays in getting from edge node to

Central Node. Not as useful when full data is needed.

Flaws on Existing Aggregation


Straight averaging is insecure if even a single node is compromised. Geometric Mean

floor((31+32+30+29+31+200)/6) = 58 Harmonic Mean

floor(6/(1/31+1/32+1/30+1/29+1/31+1/200)) = 35

Minimum and maximum functions insecure Example: Ice or Fire on thermostat (0 or 200

degrees)

Attacks on Existing Aggregation


Network attacks Eavesdropping DoS Replay Artificial data insertion (Stealthy Attack) Intruder Nodes

Physical Attacks Tampering Physical compromise of nodes

Basics of Secure Aggregation


Security needed to transfer data reliably from the sensor to the base station.

With aggregation intermediate nodes require access to the data for the aggregation. This introduces a need to determine if the data received from aggregators is reliable.

Cannot bootstrap all keys to device as applications require a dynamic structure.

Basics of Secure Aggregation


Standard Public key is too intensive for limited computing environment.

The basic approaches of network security apply to secure aggregation though majority of research covers these: Integrity Authentication

Integrity in Secure Aggregation


The integrity in secure aggregation helps make sure that intermediate and aggregator nodes have not altered the data.

This can involve a hash function, most commonly the Message Authentication Code (MAC).

Authentication in Secure Aggregation


The use of authentication helps ensure that intruder nodes don’t insert invalid data into the aggregation values. This can have severe effects on the system as

mentioned beforehand. Two protocols that help with authentication

include: uTESLA MAC (Assuming a certain key is used)

WSN Security Protocols


Security Protocols ECC – Elliptic Curve Cryptography [2] (Not

Covered) MAC – Message Authentication Code [8] Merkle Hash Tree [7] SPINS – [5] [6]

SNEP – Secure Network Encryption Protocol µTESLA – Micro Timed Efficient Stream Loss-Tolerant

Authentication

MAC/HMAC


Message Authentication Code Used to verify message authenticity

HMAC – Hashed MAC Uses cryptographic hashing function to create

the MAC Used to check data integrityMAC(text)t = HMAC(K, text)t = H((K0 ⊕ opad )|| H((K0 ⊕ ipad) ||

text))t

Does not provide non-repudation Because it uses Symmetric Keys

Does prevent replay attacks

MAC/HMAC


Image courtesy of Wikipedia

Merkle Hash Tree


The hash tree is a way to store hash information.

It is a fairly easy concept. hash 0 = hash( hash 0-0 + hash 0-1 ) Where

+ indicates concatenation.

µTESLA


Micro Timed Efficient Stream Loss-Tolerant Authentication

Derived from TESLA protocol, developed by A. Perrig at Carnegie Mellon University

Broadcast Authentication Strong Freshness

µTESLA


Addresses problems with TESLA Digital signature for packet authentication

µTESLA uses only symmetric mechanisms

Overhead of 24 bytes/packet µTESLA discloses key once per time interval

One-way key chain is too big µTESLA restricts number of authenticated senders

Assumptions Base station, nodes must be loosely synchronized Each node must know upper bound for max sync error

µTESLA


The basic protocol One-way key chain and delayed key disclosure Keys : Ki = F(Ki+1)

F public one-way function Each node knows Ki and predefined time slot intervals Sender periodically broadcasts current key K0 is initial commitment to chain, base station gives K0 to

all nodes

Issues with µTESLA


Important parameters: interval length, disclosure delay

Delay must be greater than RTT for integrity Parameters define maximum delay until

messages can be serviced Nodes must buffer all broadcasts until key is

disclosed. Counters must be (somewhat) synchronized

Aggregation Protocols and Techniques


SecureDAV [2] Elliptic Curve Cryptography Merkle Hash Trees

Secure Aggregation for Wireless Networks [1] Non-confidential µTESLA MAC Hashing (Any algorithm would do)

SecureDAV


Prevents acceptance of faulty readings Doesn’t make assumption that nodes are

honest. Develops private cluster key for each cluster. Only distributes a chunk of the private key to

the cluster nodes. This prevents an attacker from obtaining the full

key. Up to t nodes can be compromised. t < n/2

SecureDAV


Uses Averaging Transmit average back to sensors for

verification. If verified, sensors do partial signature. Aggregator combines partial signatures into a

full one. Average and full signature sent to the base

station. Cluster Head integrity ensured using Merkle

hash Trees

SecureDAV


Issues If greater than n/2 nodes are compromised in a

cluster of n nodes then the cluster can be compromised.

Covers Basic confidentiality Integrity

Secure Aggregation For WSN


Protocol focuses on Integrity and Authentication It has a fixed base station Uses uTESLA from SPINS Protocol Incorporates a MAC (non-specific) Uses delayed aggregation and authenticaion. Non-specific aggregation technique. Shared secret with base station established before

deployment.


Michigan Tech University33Tree From [1]



Helps protect against: Intruder Node Attacks

Authentication (Doesn’t have initial Key) Artificial Data

Hash Replay

Using the uTESLA key in the Hash



Compromised Node Attacks: With access to node information it has the ability

to forge node messages. No cryptographic way to prevent this, but different

aggregation techniques can detect false readings. This is harder with intermediate nodes a the Hash

from children are harder to forge.

Conclusions


Aggregation can provide many benefits. Many different protocols exist with different

types of goals in mind. Intermediate node data processing creates a

need for a special kind of security. Protocols with lightweight security

implementations are important.

Sources


[1] L. Hu, D. Evans, “Secure Aggregation for Wireless Networks,” Workshop on Security and Assurance in Ad hoc Networks, 2003.

[2] A. Mahimkar, T. Rappaport, “SecureDAV: A Secure Data Aggregation and Verification Protocol for Sensor Networks”, 2004

[3] Jing Deng, Richard Han, and Shivakant Mishra, “Security Support for In-Network Processing in Wireless Sensor Networks” ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '03), 2003

[4] B. Krishnamachari, D. Estrin, S. Wicker, “The Impact of Data Aggregation in Wireless Sensor Networks”

[5] Robert Anderson “SPINS:Security Protocolsfor Sensor Networks,” http://web.pdx.edu/~raand/files/SPINS.pdf, May 11, 2004.

[6] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and D. Tygar, “SPINS: Security Protocols for Sensor Networks,” Proceedings of Seventh Annual International Conference on Mobile Computing and Networks MOBICOM 2001, July 2001.

Sources


[7] B. Przydatek, D. Song, A. Perrig, “SIA: Secure Information Aggregation for Sensor Networks,” SenSys’03, 2003.

[8] M. Bellare, R. Canetti, H. Krawczyk, “Keying Hash Functions for Message Authentication,” 1996.

[9] A. Al-Yasiri, A. Sunley, “Data aggregation in wireless sensor networks using the SOAP protocol,” Journal of Physics: Conference Series 76, 2007

Documents

SECURITY FOR IN NETWORK PROCESSING AND AGGREGATION