Title: Anonymous Path Routing Protocol in Wireless Sensor Networks
1Anonymous Path Routing Protocol in Wireless
Sensor Networks
Jang-Ping Sheu , Jehn-Ruey Jiang and Ching
Tu National Central University and National
Tsing-Hua University Taiwan, R.O.C.
2Outline
- Introduction
- Related Work
- Anonymous Path Routing (APR) Protocol
- Security Analysis
- Implementation and Evaluation
- Conclusion
3Outline
- Introduction
- Related Work
- Anonymous Path Routing (APR) Protocol
- Security Analysis
- Implementation and Evaluation
- Conclusion
4Introduction
- Security is important for MANETs and WSNs
- Adversaries can easily overhear messages.
- It is more challenging to keep WSNs secure
- Sensor nodes have limited capability
- Sensor nodes are easier to be captured and
compromised - It is harder to prevent the network topology from
being analyzed in a WSN than in a MANET because
the former has a more dynamic topology than the
latter. - We focus on keeping WSNs secure
5Introduction
- General attacks in WSNs
- Active attacks
- Forging attacks
- Replay attacks
- Denial of service (DoS) attacks
-
- Passive attacks
- Data eavesdropping attacks
- Traffic analysis attacks
-
They are invisible and harder to detect.
They may be the prelude of active attacks.
6Introduction
- We rely on anonymous communication for resisting
the attacks. - Anonymous communication
- A new paradigm to resist attacks
- Since identities of nodes are hidden, the network
topology is difficult to be analyzed. - It can also prevent most of active attacks.
7Outline
- Introduction
- Related Work
- Anonymous Path Routing (APR) Protocol
- Security Analysis
- Implementation and Evaluation
- Conclusion
8Related Work
- ANODR
- ACM MobiHoc, 2003
- An ANonymous On-Demand Routing protocol based on
trapdoor one-way function and boomerang onion - SDAR
- IEEE LCN, 2004
- A Secure Distributed Anonymous Routing protocol
based on public key cryptography
9Related Work
- AnonDSR
- ACM SASN, 2005
- An Anonymous Dynamic Source Routing protocol
based on shared secret key used in source and
destination nodes, and public key cryptography
used in the intermediate nodes - MASK
- IEEE INFOCOM, 2005
- An anonymous on-demand routing protocol based on
bilinear pairing
10Drawbacks of Existent Methods
- High computing overhead
- Each node should try all its shared secret keys
for receiving an anonymous packet (ANODR) - Public key cryptography (AnonDSR, SDAR)
- Bilinear mapping function (MASK)
- Existent methods are not applicable to WSNs.
11Outline
- Introduction
- Related Work
- Anonymous Path Routing (APR) Protocol
- Security Analysis
- Implementation and Evaluation
- Conclusion
12Three Schemes of APR
- Anonymous one-hop communication
- Anonymous multi-hop path routing
- Anonymous data forwarding
13Anonymous One-hop Communication
- In the initial period
- One-hop pair-wise key establishment
- Data encryption key establishment
- MAC (Message Authentication Code) key
establishment - Bidirectional hidden identity (HI) establishment
- Link table establishment
- for storing all keys and HIs
- Afterwards
- One-hop communication by HI
- One-hop acknowledgement
- for avoiding packet loss problem
14One-Hop Key Establishment
- PIKE is applied to set one-hop pairwise keys and
random nonces - PIKE assumes that O(?n) pre-established pairwise
keys have been set when n sensors are deployed
Node 14 shares different pair-wise keys with each
of Nodes 1 and 4.
Node 91 shares different pair-wise keys with each
of Nodes 9 and 1.
Nodes 11 and 94 share distinct pairwise keys with
91 and 14 Choose the closer node
15One-Hop Key Establishment
- PIKE is applied to set one-hop pairwise keys and
random nonces
I
Encrypted by KAI
KAB, rn
Encrypted by KBI
KAB, rn
H
J
KAB, rn
PIKE
KAB, rn
rn random nonce
B
A
Key reply
- Two more keys are then set
- Data encryption key K0AB-enc H(KAB?C1), C1 is
a constant - MAC function key K0AB-mac H(KAB?C2), C2 is a
constant - The two keys will change dynamically
- Data encryption key Ki1AB-enc H(KiAB-enc)
- MAC function key Ki1AB-mac H(KiAB-mac)
16Hidden Identity Establishment
- His are bidirectional
- HISeqA?B H(KAB ? IDB ? Seq rn)
- HISeqB?A H(KBA ? IDA ? Seq rn)
HI-in
HI-out
J
B
HIJ?A
HIB?A
HIA?J
HIA?B
A
HIA?S
HIA?E
HIS?A
HIE?A
S
E
17One-hop communication by HI
H
D
Not for me!!
J
B
HI0A?B , DATA, MAC
C
Not for me!!
A
S
link table of B
Its for me!!
E
Not for me!!
18One-Hop Acknowledgement
- To solve the packet loss problem
HIA?B , DATA
HIA?B , DATA
A
B
HIB?A , ACK
Update link table
Update link table
19ACK Loss
- ACK loss problem
- B updates sequence number and HI but A doesnt
- Sequence numbers and HIs become different
- Solution storing last HI-in
It matches with last HI-in
Timeout!!!!
HIA?B , DATA
A
B
HIB?A , ACK
Update link table
Update link table
Keep link table intact
20Anonymous Multi-hop Path Routing
- Two more pseudonyms
- HIPs (Hidden Identity for routing Path) are
established for any possible source node and
stored in HIP table for each path. (A path is
represented by two end nodes of the path the
source node and the destination node.) - PathIDs are established and used in the routing
table - Two messages
- Anonymous Path Routing Request (APR-REQ)
- Anonymous Path Routing Reply (APR-REP)
- Two cases for the source and destination nodes
- With a pre-distributed pair-wise key
- Shown next
- Without pre-distributed pair-wise key
- Integrate PIKE into APR
21Anonymous Multi-hop Path Routing with
aPre-distributed Pair-wise Key Between S and D
- Flooding APR-REQ to the entire network
HIP table of D
HIPSD H(KSD?IDS?IDD)
I
K
H
D is the destination!!
G
D
J
M
HIPSD, B
B
F
HIP table of S
HIPSD, A
A
C
S
E
HIPSD, S
22Anonymous Multi-hop Path Routing with
aPre-distributed Pair-wise Key Between S and D
Routing table of D
- D sends APR-REP back to S
I
Routing table of B
K
PathIDSD
H
D
HID?B
J
Routing table of A
M
B
HIB?A
A
HIA?S
PathIDSD
C
Routing table of S
S
E
PathIDSD
23Anonymous Data Forwarding
Routing table of D
It is from S!!!
I
Routing table of B
K
PathIDSD
H
D
HIB?D
HID?B
J
Routing table of A
M
B
HIA?B
HIB?A
A
HIS?A
PathIDSD
HIA?S
C
Routing table of S
S
E
PathIDSD
24Outline
- Introduction
- Related Work
- Anonymous Path Routing (APR) Protocol
- Security Analysis
- Implementation and Evaluation
- Conclusion
25Security Analysis
- APR can resist the following attacks
- Traffic analysis attacks
- No node can identify the sender and receiver
except the two communicating nodes - Forging attacks
- If adversaries send a malicious packet with
forged HI, the packet will be accepted with
probability 1/ 2hm - h is the length of HI
- m is the length of MAC
- A typical setting h 16 and m 32
26Security Analysis
- Replay attacks
- If adversaries use the legal packets sent before,
every packet will only be accepted by receiving
node only once - Denial of service (DoS) attacks
- Without correct HI, DoS attack packets will be
ignored directly - APR can limit the damage caused by DoS attacks in
a local area
27Outline
- Introduction
- Related Work
- Anonymous Path Routing (APR) Protocol
- Security Analysis
- Implementation and Evaluation
- Conclusion
28Implementation
- Implementation
- Symmetric key algorithm Skipjack
- One-way hash function SHA-1
- Message authentication code function CBC-MAC
- Platform Berkeley MICAz (128KB Program Flash and
4 KB SRAM ) with TinyOS - Assumption Some pre-distributed keys are stored
in program flash.
29Implementation Results
- Memory Footprint
- Required programming memory 9436 bytes
- Required SRAM size
- Depended on network size and node density
- 50 bytes for an entry of the link table
- 8 bytes for an entry in routing table
30Implementation Results
31Implementation Results (Cont.)
574.2 ms
32Implementation Results (Cont.)
- Environment
- Test field 5R x 5R (R is the communication
range) - Number of nodes 25200
- Multi-hop communications per node 520
- Average link table size
1.1 Kbytes
33Implementation Results (Cont.)
- Average routing table size
1.6 Kbytes
34Implementation Results (Cont.)
- Average memory overhead for varying numbers of
nodes
1.88 Kbytes
1.72 Kbytes
route requests per node
route requests per node
35Outline
- Introduction
- Related Work
- Anonymous Path Routing (APR) Protocol
- Security Analysis
- Implementation and Evaluation
- Conclusion
36Conclusion
- In APR, data can be encrypted by pair-wise keys
and transmitted with pseudonyms - between neighboring sensor nodes (link level)
- between the source and destination nodes of a
multi-hop communication path (routing level) - APR can resist several types of attacks
- Traffic analysis attacks
- Forging attacks
- Replay attacks
- Denial of service (DoS) attacks
- We have implemented APR on the sensor platform of
MICAz with TinyOS - To demonstrate APRs applicability and
communication capability
37 Thank you for your listening Q A
38Anonymous Multi-hop Communication End-to-end
Key Establishment
- M wants to communicate with D
Anonymous path from M to I
Anonymous path from I to D
I
KSD, rn
G
K
KSD, rn
H
KSD, rn
D
KSD, rn
J
M
B
F
A
C
S
E
39Anonymous Path Routing (APR) Request with Key
Reply Message
- D launch anonymous multi-hop path routing
I
G
K
HIPDM, D, Key reply
H
D
J
M
B
F
A
C
S
E
40PathID Collision Problem
- Case 1 Different Pre-hop nodes
- Pre-hop nodes are different
- Forwarding node can choose proper node for
forwarding - Ex.
- The packet with the PathID is 12 comes from L
should be send to N - The packet with the PathID is 12 comes from K
should be send to I
Routing table of F
L
12
K
12
F
12
12
I
N
41PathID Collision Problem (Cont.)
14
13
Q
13
14
O
13
13
R
P
Routing table of O
42PathID Collision Problem (Cont.)
15
13
14
Q
15
13
14
O
13
13
R
13
P
X
Routing table of O
Back