Securing Wireless Sensor Networks - PowerPoint PPT Presentation

About This Presentation
Title:

Securing Wireless Sensor Networks

Description:

Title: A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Author: wedu Last modified by: Office 2004 User Created Date: 10/5/2003 1:07:02 AM – PowerPoint PPT presentation

Number of Views:276
Avg rating:3.0/5.0
Slides: 56
Provided by: wedu2
Learn more at: https://www.ewh.ieee.org
Category:

less

Transcript and Presenter's Notes

Title: Securing Wireless Sensor Networks


1
Securing Wireless Sensor Networks
  • Wenliang (Kevin) Du
  • Department of Electrical Engineering and Computer
    Science
  • Syracuse University

2
Overview
  • Overview of Wireless Sensor Networks (WSN).
  • Security in wireless sensor networks.
  • Security risks
  • Security objectives
  • Technology limitations
  • Key management in WSN

3
Wireless Sensor Networks
  • Motes
  • Tiny computing platform
  • Wireless communication
  • Low power operation (using battery)
  • Sensors
  • Sensing the environment (light, motion, etc.)
  • Networks
  • Self configuring and maintaining connectivity
  • Routing
  • Distributed sensing and computing

4
Sensor Network Applications
  • Environment monitoring
  • Habitat monitoring
  • Forrest fire monitoring
  • Animal monitoring
  • Structure and equipment monitoring
  • Supply chain monitoring
  • Manufacturing flows, asset tracking
  • Battle field surveillance

5
Enabling Technologies
  • Very low power electronics (µW)
  • Very low cost hardware ()
  • Very easy to develop, install, maintain.

6
Mica2, Mica2Dot, MicaZ Motes
  • CPU ATMega128L 8-bit, 8MHz,
  • 4KB EEPROM, 4KB RAM, 128KB Flash
  • Chipcon CC100, C2420 radio.

7
TelosB Mote
  • CPU 8 MHz TI MSP430
  • 48 KB Flash memory
  • 10 KB RAM
  • Chipcon CC2420 radio, 2.4GHz
  • IEEE 802.15.4

8
Intel Mote
  • CPU ARM7TDMI, 12MHz, 32-bit
  • 512 KB Flash, 64kB RAM
  • Bluetooth 1.1 radio, 30m range
  • 2.4 GHz antenna

9
Gateway (Stargate)
  • 400 Mhz Intel PXA255 Processor
  • Same processor found in IPAQ Dell Axim
  • Small, 3.5 x 2.5 form factor
  • Embedded Linux BSP

10
Technologies for Energy Saving
  • Other source of energy
  • Solar energy
  • Vibration
  • Multi-hop routing
  • Sleeping
  • Dynamic voltage scaling

11
Operating System and Programming Language
  • TinyOS
  • Developed by UC Berkeley
  • industry standard
  • Freely-available and open source
  • Programming Language NesC
  • An extension of C
  • Event driven
  • concurrency model enables the motes to be
    programmed to handle many events in parallel

12
Motes on the Market
  • 50 - 100 at current price
  • prototypes developed by Intel Research and UC
    Berkeley
  • 5 over the next five years
  • Through re-engineering, Moores Law, and volume
    production
  • Crossbow Technology Inc first commercial
    manufacture of motes.

13
Security in Sensor Networks
14
Securing WSN
  • Security objectives in sensor networks
  • Unique security problems.
  • Why not use existing security mechanisms?
  • Unique features of sensor networks
  • Call for unique security solutions.

15
What should we protect?
  • The CIA Model
  • Confidentiality
  • Integrity
  • Availability
  • What do they mean in sensor networks?
  • Unique meaning
  • Difference and similarity with traditional
    networks.

16
Confidentiality and Privacy
  • Contents of data
  • Eavesdropping
  • Source of data
  • Example the pander-hunter problem
  • Traffic analysis
  • Destination of data
  • Finding and destroying the base stations

17
Integrity
  • Integrity of broadcast
  • Broadcast authentication
  • Integrity of communication among sensors
  • Integrity of sensing
  • Integrity of nodes
  • Integrity of location
  • Location discoveries, e.g. beacon-based schemes
  • Location verification
  • Integrity of time
  • Time synchronization

18
Availability
  • Physically destroying sensors
  • Denial of Service (DOS) Attacks
  • Attack at physical layer jamming
  • Attack at link layer (e.g. violating protocols)
  • Attack at routing layer (e.g., refusing to route)
  • Attack at application layer
  • Energy consumption attacks
  • Depriving sleep
  • Making CPU busy

19
Questions
  • Dont we have similar problems in traditional
    networks?
  • Why dont we use similar solutions?
  • Cant we use encryption to solve most of the
    problems?

Unique properties of sensor networks make the
problems and solutions unique.
20
Unique PropertiesBroadcasting
  • Main communication channel Broadcasting
  • One-to-many and one-to-one communication
  • The channel is easy to access
  • Eavesdropping
  • Message injection
  • Traffic analysis
  • Jamming
  • Encrypting broadcast is hard
  • Broadcast Authentication is hard

21
Unique Properties Physical Security of Nodes
  • Nodes Low-Cost, Commodity Hardware
  • Ease of access to internal node state
  • Physical node protection is impractical
  • Nodes are unattended
  • Adversary can capture and tamper with nodes
  • Detection of tampering in real-time is expensive

22
Unique PropertiesPhysical Security of Nodes
Two Extreme Examples
Low end Smart Cards (lt 40)
High end IBM 4758 co-proc. ( 4K)
  • tamper resistance, real time resp.
  • independent battery, secure clock
  • battery-backed RAM (BBRAM)
  • wrapping several layers of non-metallic
  • grid of conductors in a grounded shield
  • - reduce detectable EM emanations
  • tamper detection sensors ( battery)
  • temp., humidity, pressure, voltage,
  • clock, ionizing radiation
  • - response erase BBRAM, reset device
  • no tamper resistance
  • non-invasive phys. attacks
  • side-channel (timing, DPA)
  • unusual operating conditions
  • temperature, power clock glitches
  • invasive phys. attacks
  • chip removal from plastic cover
  • microprobes, electron beams

23
Unique Properties Physical Security of Nodes
  • Friends or Enemy?
  • Enemy's malicious nodes
  • Good nodes turns malicious (compromised)
  • Sybil Attacks A node takes on multiple
    identities
  • Encryption cannot solve this problem
  • Protecting secret keys depends on physical
    security

24
Unique Properties Trusted Infrastructure
  • Many security solutions (for traditional
    networks) depends on trusted infrastructures
  • Public Key Infrastructure (PKI) certificate
    servers
  • Key distribution center Kerberos
  • Location GPS satellites
  • Time synchronization trusted time servers
  • Not Practical for Sensor Networks
  • High cost
  • Main target of attacks difficult to protect

25
Unique Properties Constraints on Sensor Nodes
  • Sensor Node Constraints
  • Energy
  • CPU power
  • Memory
  • Asymmetric Arm Race
  • Sensors against powerful attackers

26
Sensor Node Constraints
  • Battery Power Constraints
  • Computational Energy Consumption
  • Crypto algorithms
  • Public key vs. Symmetric key
  • Communications Energy Consumption
  • Exchange of keys, certificates, etc.
  • Per-message additions (padding, signatures,
    authentication tags)

27
Constraints (Cont.)Public Key Encryption
  • Slow
  • 1000 times slower than symmetric encryption
  • Hardware is complicated
  • Energy consumption is high

Processor Energy Consumption (mJ/Kb) Energy Consumption (mJ/Kb) Energy Consumption (mJ/Kb)
Processor RSA/E/V RSA/D/S AES
MIPS R4000 0.81 16.7 0.00115
MC68328 42 840 0.0130
28
Memory Constraints
  • Program Storage and Working Memory
  • Embedded OS, security functions (Flash)
  • Working memory (RAM)
  • Mica2 Motes
  • 128KB Flash and 4KB RAM

29
Key Management Problem
30
Key Management Problem
Sensors
31
Key Management Problem
Sensors
Secure Channels
32
General Approaches
  • Trusted-Server Schemes
  • Finding trusted servers is difficult.
  • Public-Key Schemes
  • Expensive and impractical for many sensors.
  • Key Pre-distribution Schemes

33
Key Pre-distribution
  • Loading Keys into sensor nodes prior to
    deployment
  • Two nodes find a common key between them after
    deployment
  • Challenges
  • Memory/Energy efficiency
  • Security nodes can be compromised
  • Scalability new nodes might be added later

34
Naïve Solutions
  • Master-Key Approach
  • Memory efficient, but low security.
  • Needs Tamper-Resistant Hardware.
  • Pair-wise Key Approach
  • N-1 keys for each node (e.g. N10,000).
  • Security is perfect.
  • Need a lot of memory and cannot add new nodes.

35
A Probabilistic Approach
Key Pool S
Each node randomly selects m keys
A
B
E
D
C
  • When S 10,000, m75
  • Pr (two nodes have a common key) 0.50

36
Establishing Secure Channels
B
A
C
37
Key Pre-Distribution Using Deployment Knowledge
38
Observations and Objectives
A
B
F
Property Pr(A, B) Pr(A, F)
Our objective Pr(A, B) gtgt Pr(A, F)
Using deployment knowledge
39
Modeling Deployment Knowledge
Deployment points for a group of sensors
I
A
J
F
40
Key Pre-distribution Scheme
Key Pools
41
Key Sharing Among Key Pools
Horizontal
a
B
C
A
b
b
a
F
D
a
a
Vertical
Diagonal
a
b
b
G
H
I
b
a
42
Local Connectivity
43
Network Resilience
  • What is the damage when x nodes are compromised?
  • These x nodes contain keys that are used by the
    good nodes.
  • What percentage of communications can be affected?

44
Network Resilience
45
A Pairwise Key Pre-distribution Scheme
46
Objectives
  • Pairwise key pre-distribution scheme.
  • Each pair of sensor share a unique secret key
  • Can be used for Authentication
  • Our Approach
  • We use Blom Scheme to achieve Pairwise
  • We use Random Key Selection scheme to improve
    performance and resilience

47
Blom Scheme
  • Public matrix G
  • Private matrix D (symmetric).

D
?1
?1
G
N
?1
Let A (D G)T
A G (D G)T G GT DT G GT D G (A G)T
48
Blom Scheme
A (D G)T
G
(D G)T G
j
i
Kij
i

N
Kji
X
j
N
N
?1
49
Properties of Blom Scheme
  • Bloms Scheme
  • Network size is N
  • Any pair of nodes can directly find a secret key
  • Tolerate compromise up to ? nodes
  • Need to store ?2 keys
  • Challenge Can we increase ? without increasing
    the storage usage.

50
Multiple Space Scheme
Key-Space Pool
? spaces
(D1, G)
? spaces
? spaces
(D2, G)
Two nodes can find a pairwise key if they carry
a common key space!
(D?, G)
51
Measure Local Connectivity
plocal the probability that two neighboring
nodes can find a common key.
52
Plocal for different ? and ?
53
Resilience (p 0.33, m200)
Blom
54
Resilience (p 0.50, m 200)
Blom
55
Summary
  • Overview of sensor networks technologies
  • Security is unique for sensor networks
  • Sensor networks unique properties make the
    security problems and solution unique.
  • Security is quite different from traditional
    (wired) networks.
Write a Comment
User Comments (0)
About PowerShow.com