ITIS 60108010 Wireless Network Security - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

ITIS 60108010 Wireless Network Security

Description:

The malicious node can conduct Sybil attack ... Conduct intruder identification. Prevent Sybil attacks. Support node revocation ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 20
Provided by: Weicha9
Category:

less

Transcript and Presenter's Notes

Title: ITIS 60108010 Wireless Network Security


1
ITIS 6010/8010 Wireless Network Security
  • Dr. Weichao Wang

2
  • Pairwise key establishment in sensor networks
  • In many of secure routing mechanisms, we have
    assumed the knowledge of keys
  • We will investigate how these keys are
    established among wireless nodes

3
  • Key predistribution method (Eschenauer and
    Gligor, CCS02)
  • Back in 2002, symmetric encryption is still the
    only choice for sensors
  • No trusted third party for key distribution
  • Predistribution
  • Group key
  • Pairwise key
  • Each has its problems sensor compromise, add new
    node, forward/backward secrecy

4
  • Probabilistic key sharing
  • A pool of P keys are generated offline
  • Every sensor will randomly get k keys when it is
    deployed
  • With a certain probability, any pair of sensors
    may share at least one key
  • For those that do not share keys, multihop path
    can be used to establish such a key

5
  • Example P 10,000, how may keys should every
    sensor have so that the probability is 0.5? (75)
  • Some simple analysis
  • Shared key discovery b/w neighbors
  • Broadcast key identifiers
  • Broadcast plaintext and corresponding ciphertexts

6
  • Path key establishment
  • Establish keys through shared neighbors
  • Revocation
  • A compromised sensor only discloses a small part
    of the keys
  • Addition of new sensors
  • A question can we link the pre-distributed keys
    to node identity or other information?
  • What will be the advantages and disadvantages?

7
(No Transcript)
8
  • Three extensions (by Chan et al, Oakland)
  • q-composite
  • Multipath reinforcement
  • Random pairwise key
  • Evaluation criteria
  • Resilience to node capture
  • Revocation
  • Scale
  • Clone attack

9
  • q-composite pre-distribution
  • A pair of nodes have to share at least q keys to
    establish a secure link b/w them
  • When q increases, attackers have to compromise
    more nodes to break a link
  • We still need to preserve a certain probability
    that any pair of sensors can establish a key
  • How to balance the two factors?

10
  • A simple analysis
  • What is the probability that a pair of sensors
    have exactly i shared keys?
  • The probability that a pair of nodes have at
    least q shared keys is 1- p(0) - p(1) - -
    p(q-1)
  • Improvements in resilience to node capture
  • q-composite demonstrates better resilience than
    basic scheme when a small group of sensors are
    compromised
  • It makes the system more robust since it is more
    difficult to compromise a large group of sensors

11
  • Say we have node A and B, neither of them has
    been compromised. What is the probability that
    the link between them is not safe if x nodes have
    been captured?
  • For a specific key, the probability that it is
    compromised is?

12
(No Transcript)
13
  • Multipath key reinforcement
  • Try to establish a link key through multiple
    paths
  • It will be great to use with the basic mechanism,
    but not the q-composite
  • Now the malicious node has to compromise more
    keys to get the link key

14
  • Let us assume that A and B have already find a
    single shared key
  • Now A and B will determine a new link key through
    multiple independent paths
  • A locates j link-disjoint paths
  • Each link in the paths has established a link key
  • A generates j random numbers and each random
    number will be sent through a different path
  • the final key will be k xor R1 xor R2 xor --- xor
    Rj
  • The final key is protected by all j random numbers

15
  • The more paths
  • The safer is the key
  • The more communication overhead
  • For each path, the longer is the path
  • The higher probability that it is not safe
  • 2-hop multipath
  • Only go through the shared neighbors

16
  • If the probability that an attacker compromises
    one link key is b, then the probability that it
    compromises a k two-hop path key is
  • b (2b b2)k
  • Why multipath and q-composite should not work
    together?
  • q-composite needs a smaller key space

17
(No Transcript)
18
  • Random pairwise key scheme
  • In the basic scheme, we cannot authenticate the
    node
  • The malicious node can conduct Sybil attack
  • We need to link the knowledge of a key and the
    identity of the node
  • Every key is known by only two nodes
  • Every node remembers m keys and the other half
    that knows the key

19
  • Can be used to
  • Authenticate the other node
  • Conduct intruder identification
  • Prevent Sybil attacks
  • Support node revocation
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "ITIS 60108010 Wireless Network Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!