Anonymous Path Routing Protocol in Wireless Sensor Networks

1
Anonymous Path Routing Protocol in Wireless
Sensor Networks
Jang-Ping Sheu , Jehn-Ruey Jiang and Ching
Tu National Central University and National
Tsing-Hua University Taiwan, R.O.C.
2
Outline

• Introduction
• Related Work
• Anonymous Path Routing (APR) Protocol
• Security Analysis
• Implementation and Evaluation
• Conclusion

3
Outline

• Introduction
• Related Work
• Anonymous Path Routing (APR) Protocol
• Security Analysis
• Implementation and Evaluation
• Conclusion

4
Introduction

• Security is important for MANETs and WSNs
• Adversaries can easily overhear messages.
• It is more challenging to keep WSNs secure
• Sensor nodes have limited capability
• Sensor nodes are easier to be captured and
  compromised
• It is harder to prevent the network topology from
  being analyzed in a WSN than in a MANET because
  the former has a more dynamic topology than the
  latter.
• We focus on keeping WSNs secure

5
Introduction

• General attacks in WSNs
• Active attacks
• Forging attacks
• Replay attacks
• Denial of service (DoS) attacks
• Passive attacks
• Data eavesdropping attacks
• Traffic analysis attacks

They are invisible and harder to detect.
They may be the prelude of active attacks.
6
Introduction

• We rely on anonymous communication for resisting
  the attacks.
• Anonymous communication
• A new paradigm to resist attacks
• Since identities of nodes are hidden, the network
  topology is difficult to be analyzed.
• It can also prevent most of active attacks.

7
Outline

• Introduction
• Related Work
• Anonymous Path Routing (APR) Protocol
• Security Analysis
• Implementation and Evaluation
• Conclusion

8
Related Work

• ANODR
• ACM MobiHoc, 2003
• An ANonymous On-Demand Routing protocol based on
  trapdoor one-way function and boomerang onion
• SDAR
• IEEE LCN, 2004
• A Secure Distributed Anonymous Routing protocol
  based on public key cryptography

9
Related Work

• AnonDSR
• ACM SASN, 2005
• An Anonymous Dynamic Source Routing protocol
  based on shared secret key used in source and
  destination nodes, and public key cryptography
  used in the intermediate nodes
• MASK
• IEEE INFOCOM, 2005
• An anonymous on-demand routing protocol based on
  bilinear pairing

10
Drawbacks of Existent Methods

• High computing overhead
• Each node should try all its shared secret keys
  for receiving an anonymous packet (ANODR)
• Public key cryptography (AnonDSR, SDAR)
• Bilinear mapping function (MASK)
• Existent methods are not applicable to WSNs.

11
Outline

• Introduction
• Related Work
• Anonymous Path Routing (APR) Protocol
• Security Analysis
• Implementation and Evaluation
• Conclusion

12
Three Schemes of APR

• Anonymous one-hop communication
• Anonymous multi-hop path routing
• Anonymous data forwarding

13
Anonymous One-hop Communication

• In the initial period
• One-hop pair-wise key establishment
• Data encryption key establishment
• MAC (Message Authentication Code) key
  establishment
• Bidirectional hidden identity (HI) establishment
• Link table establishment
• for storing all keys and HIs
• Afterwards
• One-hop communication by HI
• One-hop acknowledgement
• for avoiding packet loss problem

14
One-Hop Key Establishment

• PIKE is applied to set one-hop pairwise keys and
  random nonces
• PIKE assumes that O(?n) pre-established pairwise
  keys have been set when n sensors are deployed

Node 14 shares different pair-wise keys with each
of Nodes 1 and 4.
Node 91 shares different pair-wise keys with each
of Nodes 9 and 1.
Nodes 11 and 94 share distinct pairwise keys with
91 and 14 Choose the closer node
15
One-Hop Key Establishment

• PIKE is applied to set one-hop pairwise keys and
  random nonces

I
Encrypted by KAI
KAB, rn
Encrypted by KBI
KAB, rn
H
J
KAB, rn
PIKE
KAB, rn
rn random nonce
B
A
Key reply

• Two more keys are then set
• Data encryption key K0AB-enc H(KAB?C1), C1 is
  a constant
• MAC function key K0AB-mac H(KAB?C2), C2 is a
  constant
• The two keys will change dynamically
• Data encryption key Ki1AB-enc H(KiAB-enc)
• MAC function key Ki1AB-mac H(KiAB-mac)

16
Hidden Identity Establishment

• His are bidirectional
• HISeqA?B H(KAB ? IDB ? Seq rn)
• HISeqB?A H(KBA ? IDA ? Seq rn)

HI-in
HI-out
J
B
HIJ?A
HIB?A
HIA?J
HIA?B
A
HIA?S
HIA?E
HIS?A
HIE?A
S
E
17
One-hop communication by HI

• A sends data to B

H
D
Not for me!!
J
B
HI0A?B , DATA, MAC
C
Not for me!!
A
S
link table of B
Its for me!!
E
Not for me!!
18
One-Hop Acknowledgement

• To solve the packet loss problem

HIA?B , DATA
HIA?B , DATA
A
B
HIB?A , ACK
Update link table
Update link table
19
ACK Loss

• ACK loss problem
• B updates sequence number and HI but A doesnt
• Sequence numbers and HIs become different
• Solution storing last HI-in

It matches with last HI-in
Timeout!!!!
HIA?B , DATA
A
B
HIB?A , ACK
Update link table
Update link table
Keep link table intact
20
Anonymous Multi-hop Path Routing

• Two more pseudonyms
• HIPs (Hidden Identity for routing Path) are
  established for any possible source node and
  stored in HIP table for each path. (A path is
  represented by two end nodes of the path the
  source node and the destination node.)
• PathIDs are established and used in the routing
  table
• Two messages
• Anonymous Path Routing Request (APR-REQ)
• Anonymous Path Routing Reply (APR-REP)
• Two cases for the source and destination nodes
• With a pre-distributed pair-wise key
• Shown next
• Without pre-distributed pair-wise key
• Integrate PIKE into APR

21
Anonymous Multi-hop Path Routing with
aPre-distributed Pair-wise Key Between S and D

• Flooding APR-REQ to the entire network

HIP table of D
HIPSD H(KSD?IDS?IDD)
I
K
H
D is the destination!!
G
D
J
M
HIPSD, B
B
F
HIP table of S
HIPSD, A
A
C
S
E
HIPSD, S
22
Anonymous Multi-hop Path Routing with
aPre-distributed Pair-wise Key Between S and D
Routing table of D

• D sends APR-REP back to S

I
Routing table of B
K
PathIDSD
H
D
HID?B
J
Routing table of A
M
B
HIB?A
A
HIA?S
PathIDSD
C
Routing table of S
S
E
PathIDSD
23
Anonymous Data Forwarding
Routing table of D

• D sends data to S

• S sends data to D

It is from S!!!
I
Routing table of B
K
PathIDSD
H
D
HIB?D
HID?B
J
Routing table of A
M
B
HIA?B
HIB?A
A
HIS?A
PathIDSD
HIA?S
C
Routing table of S
S
E
PathIDSD
24
Outline

• Introduction
• Related Work
• Anonymous Path Routing (APR) Protocol
• Security Analysis
• Implementation and Evaluation
• Conclusion

25
Security Analysis

• APR can resist the following attacks
• Traffic analysis attacks
• No node can identify the sender and receiver
  except the two communicating nodes
• Forging attacks
• If adversaries send a malicious packet with
  forged HI, the packet will be accepted with
  probability 1/ 2hm
• h is the length of HI
• m is the length of MAC
• A typical setting h 16 and m 32

26
Security Analysis

• Replay attacks
• If adversaries use the legal packets sent before,
  every packet will only be accepted by receiving
  node only once
• Denial of service (DoS) attacks
• Without correct HI, DoS attack packets will be
  ignored directly
• APR can limit the damage caused by DoS attacks in
  a local area

27
Outline

• Introduction
• Related Work
• Anonymous Path Routing (APR) Protocol
• Security Analysis
• Implementation and Evaluation
• Conclusion

28
Implementation

• Implementation
• Symmetric key algorithm Skipjack
• One-way hash function SHA-1
• Message authentication code function CBC-MAC
• Platform Berkeley MICAz (128KB Program Flash and
  4 KB SRAM ) with TinyOS
• Assumption Some pre-distributed keys are stored
  in program flash.

29
Implementation Results

• Memory Footprint
• Required programming memory 9436 bytes
• Required SRAM size
• Depended on network size and node density
• 50 bytes for an entry of the link table
• 8 bytes for an entry in routing table

30
Implementation Results

• Computing Time

• Transmission Time

31
Implementation Results (Cont.)

• Routing Time

574.2 ms
32
Implementation Results (Cont.)

• Environment
• Test field 5R x 5R (R is the communication
  range)
• Number of nodes 25200
• Multi-hop communications per node 520
• Average link table size

1.1 Kbytes
33
Implementation Results (Cont.)

• Average routing table size

1.6 Kbytes
34
Implementation Results (Cont.)

• Average memory overhead for varying numbers of
  nodes

1.88 Kbytes
1.72 Kbytes
route requests per node
route requests per node
35
Outline

• Introduction
• Related Work
• Anonymous Path Routing (APR) Protocol
• Security Analysis
• Implementation and Evaluation
• Conclusion

36
Conclusion

• In APR, data can be encrypted by pair-wise keys
  and transmitted with pseudonyms
• between neighboring sensor nodes (link level)
• between the source and destination nodes of a
  multi-hop communication path (routing level)
• APR can resist several types of attacks
• Traffic analysis attacks
• Forging attacks
• Replay attacks
• Denial of service (DoS) attacks
• We have implemented APR on the sensor platform of
  MICAz with TinyOS
• To demonstrate APRs applicability and
  communication capability

37
Thank you for your listening Q A
38
Anonymous Multi-hop Communication End-to-end
Key Establishment

• M wants to communicate with D

Anonymous path from M to I
Anonymous path from I to D
I
KSD, rn
G
K
KSD, rn
H
KSD, rn
D
KSD, rn
J
M
B
F
A
C
S
E
39
Anonymous Path Routing (APR) Request with Key
Reply Message

• D launch anonymous multi-hop path routing

I
G
K
HIPDM, D, Key reply
H
D
J
M
B
F
A
C
S
E
40
PathID Collision Problem

• Case 1 Different Pre-hop nodes
• Pre-hop nodes are different
• Forwarding node can choose proper node for
  forwarding
• Ex.
• The packet with the PathID is 12 comes from L
  should be send to N
• The packet with the PathID is 12 comes from K
  should be send to I

Routing table of F
L
12
K
12
F
12
12
I
N
41
PathID Collision Problem (Cont.)

• Case 2 Same Pre-hop node

14
13
Q
13
14
O
13
13
R
P
Routing table of O
42
PathID Collision Problem (Cont.)
15
13
14
Q
15
13
14
O
13
13
R
13
P
X
Routing table of O
Back