Embed Size (px)
DESCRIPTION
Trust relationships in sensor networks. Ruben Torres October 2004. Introduction. Paper: “Key Infection: Smart Trust for Smart Dust” The two main objectives of this paper are: To present a lightweight security protocol that can be implemented in commodity sensor networks. - PowerPoint PPT Presentation
Citation preview
Trust relationships in sensor networks
Ruben Torres
October 2004
Introduction
Paper: “Key Infection: Smart Trust for Smart Dust” The two main objectives of this paper are:
To present a lightweight security protocol that can be implemented in commodity sensor networks.
to show that the initial trust establishment can be achieve without extra complexity of the security protocol, a low computation overhead and low memory requirements
Its main characteristic is that the initial key exchange between nodes is made in clear text
No assumption of the presence of a highly capable attacker who can monitors and stores all communication. This assumption have lead to the development of heavy security protocols.
Key Infection
The key material is propagated as contact is made, like an INFECTION spreading through a biological population
Key infection is based on the assumption that during the network deployment phase, the attacker can only monitor a fix percentage of the communication channels.
There is no need to preload secret information before sensor network deployment.
It uses symmetric cryptography The initial key exchange is made in clear text. Using a master key at
the beginning, under some circumstances, only secures a fraction of communication that the attacker could have recorded and decipher anyways. Its cheaper to simply exchange session keys in the clear.
Terminology
White Nodes: The nodes that conform our sensor network
Black nodes: The attacker nodes Dust: Term that comes from the “Smart dust” project. Its
goal is to make sensor small and cheap enough that they can be distributed in large number over an area.
Sensor Network assumption Commodity sensor networks
Small, low cost nodes, Limited Battery Energy, minimal computation,
communication and storage resources No tamper-proof hardware
Each node has a transmission range of 10 m. Around half a dozen nodes should have fall into each
node range. The simulation considered 10000 White nodes (good
nodes) and a 100 Black nodes (bad nodes).
Real World Attacker model
The attacker doesn’t have physical access to the network at the deployment phase.
The attacker can only monitor a small portion of the communications during the deployment phase. After key exchange is complete the attacker can monitor al communications at will
The attacker is not able to execute active attacks during the deployment phase of the network. (flooding, jamming, etc).
The deployment time window is of a few seconds. Analogy of a bank door and home doors
Basic key setup Each node choose a key and broadcast it in plain text to its
neighbors The returned packet will be transmitted using the minimum
power necessary for the link, based on the measurement of the signal from i.
Assuming an area with no opponents, plaintext key exchange is not a problem if opponents come after the setup time.
Ki ji
ji {j,Ki,j}Ki
Initial key exchange
Key Whispering
Small change to the original protocol Instead of a full power broadcasting, each White node
starts transmitting as quietly as possible until it receive a response
A key is set with the responder The broadcast is resumed with a new key
Initial key exchange
ji
m
{j,Ki,j}Ki
{m,Ki,m}Ki2
AnalysisBasic Key Setup Key Whispering
For the basic key setup, the effective eavesdropping area is larger than for key whispering. Therefore, the probability of getting a compromised link is larger in the basic setup approach
At the end, we can infer that the combatant who can produce the denser dust has a significant advantage.
S
W2
W1
W4W3
W1 MAX Tx range
e
S
W2W1
W1 MIN Tx range to reach W2
Secrecy amplification (multipath) Link compromised at initial phase Combine keys propagated along
different paths
W1->W3: {W1,W2,N1}K13
W3->W2: {W1,W2,N1}K23
W2 computes: k’12=H(k12 || N1) W2->W1: {N1,N2}K’12
W1->W2: {N2}K’12
After the protocol has finished, if K12 was secure, K’12 remains secure. But if K12 was compromise, the new k’12 is now secure.Path discovery is allowed
p1
W1
W3
W2
p2
p3
W4
Multihop Keys
Node W2 helps in the key setup between W1 and W3
Node W2 forget K13 immediately
Support end to end rather than link layer cryptography
Additional protection in case W2 gets compromised.
{R}k12
W3 (base)W2W1 {k1}k23
{K13}k12
W3 (base)W2W1 {k13}k23
Key Setup
1
2
Recovery from attacks
Sufficient nodes have been subverted for the network to be partitioned
A recovery phase may be initiated Use of backup nodes Re run of the initial network discovery algorithm The multi path key infection algorithm can
automatically discover paths. “Breaks the infection disease analogy”.
Conclusions
Under some assumptions, the clear text key distribution is almost as secure as preloaded keys in nodes.
The benefits of initial keying can be analyzed separately from later key relations maintenance. Resilience and recovery mechanism can be more important than
bootstrapping.
References
R. Anderson, H. Chan, A. Perrig. “Key Infection: Smart Dust for smart Trust”. ICNP2004
C. Karlov. “TinySec: A link layer Security architecture for wireless sensor networks”. Sensys04
J.M. Kahn, R.H. Katz. “Next century challenges: mobile networking for Smart Dust”.
