1 secure sensor routing a clean-slate approach bryan parno, mark luk, evan gaustad, adrian perrig...
TRANSCRIPT
![Page 1: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/1.jpg)
1
Secure Sensor RoutingSecure Sensor RoutingA Clean-Slate ApproachA Clean-Slate Approach
Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig
Carnegie Mellon University
![Page 2: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/2.jpg)
2
Sensor Networks
• Thousands of nodes, each with:– A CPU and ~10 KB of RAM– A radio – Sensors (e.g., heat, motion, sound)– Limited power
• Communicate via multi-hop routing• Applications: burglar alarms,
emergency response, industrial uses
All require secure routing!
![Page 3: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/3.jpg)
3
Attacks on Routing• Inject incorrect routing information or alter
setup/update messages• Compromise sensors
– Provide malicious routing data/messages
• Suppress (selectively) routing messages• Specific attacks:
– Blackhole– Wormhole– Replication– Denial of Service
– Sybil– Rushing– Slander– Framing
![Page 4: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/4.jpg)
4
Consequences of Routing Attacks
• Controlling routing allows the attacker to control the network’s communication– Can view, modify, and/or drop messages– Create loops to exhaust legitimate nodes– Prevent or subvert proper network
functionality
![Page 5: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/5.jpg)
5
Techniques for Secure Routing• Prevention
– Harden protocols by restricting participants’ actions– Typically employs cryptography– Only forestalls known attacks
• Detection & Recovery– Monitor behavior for malicious activity– Eliminate malicious participants– Must be able to distinguish anomalous behavior and
accurately assign blame
• Resilience– Maintain availability even under unpredicted attacks– Provide graceful performance degradation
![Page 6: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/6.jpg)
6
Previous Work• Sensor routing
– Most assume trusted environment– INSENS only applicable to certain topologies– SIGF requires GPS
• Other secure routing protocols– Typically rely on a single technique
• Prevention: S-BGP, Ariadne• Detection & Recovery: Watchdog, Pathrater, Secure Traceroute• Resilience: INSENS
– Inappropriate for resource-constrained sensor nodes• Require PKI or excessive amounts of memory, computation or
communication
![Page 7: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/7.jpg)
7
Goals
• Start from a clean-slate• Incorporate all three security techniques
– Prevention, detection & recovery, and resilience
• Provide highly secure, highly available point-to-point routing– Necessary in many applications, e.g., Geographic
Hash Tables (GHTs), key establishment, etc.
• Minimize resource utilization
![Page 8: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/8.jpg)
8
Outline
• Introduction
• Overview and Assumptions
• Address and Routing Setup
• Forwarding
• Detection and Recovery
• Simulation and Implementation
![Page 9: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/9.jpg)
9
Our Routing Protocol Architecture
• Establish routing tables and network addresses– Use prevention techniques to thwart active attackers– Detect and recover from attempts to deviate from the
protocol or to launch additional attacks
• Apply resilient routing techniques to forward packets– Uses the securely established routing tables and
network addresses
![Page 10: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/10.jpg)
10
Assumptions
• Network authority (NA) uses a public/private keypair {KNA , K-1
NA}• Each sensor node preloaded with:
– Network authority’s public key KNA – Unique IDx
– Certificate: Sig(K-1NA, IDx)
• Signature scheme optimizes for verification
• Intended for networks of primarily stationary sensors
![Page 11: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/11.jpg)
11
Outline
• Introduction
• Overview and Assumptions
• Address and Routing Setup
• Forwarding
• Detection and Recovery
• Simulation and Implementation
![Page 12: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/12.jpg)
12
Address and Route Setup Overview• Goal:
– Assign a unique network address to each node– Populate each node’s routing table
• Accomplished with a recursive grouping algorithm – Initially, each sensor constitutes its own group– Groups repeatedly merge until all nodes belong to same group
• Each time a node’s group merges, the node adds one bit to its network address and one entry to its routing table
Node ID Address
Routing Table
A 0.1
B 0.0
C 1.1
D 1.0
![Page 13: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/13.jpg)
13
Recursive Grouping Algorithm• Groups act in an asynchronous, distributed fashion• Each group:
– Collects information about its neighbors– Proposes to merge with smallest neighboring group
• Based on number of nodes in the group
• Ties broken based on group ID
• This metric keeps addresses and routing tables small
– Mutual proposal triggers merge
• Entire process is deterministic for a given topology– Limits the damage an attacker can inflict
![Page 14: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/14.jpg)
14
Recursive Grouping Example
![Page 15: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/15.jpg)
15
Calculating Network Addresses
• Assume G and G’ decide to merge
• Each node in G independently extends its network address by one bit based on:
• Nodes in G’ make similar changes
![Page 16: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/16.jpg)
16
Network Addresses Formation
![Page 17: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/17.jpg)
17
Populating Routing Tables
• Assume G and G’ decide to merge• Each node in G records the neighbor from
whom it heard about G’ in its current routing table slot
G
PrefixNext Hop
0.* C
1.0 C
D
G G’
![Page 18: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/18.jpg)
18
Sample Routing Table
PrefixNext Hop
0.* 0.1.1
1.0.* 1.0.1
1.1.1 1.1.1
1.1.0
![Page 19: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/19.jpg)
19
Outline
• Introduction
• Overview and Assumptions
• Address and Routing Setup
• Forwarding
• Detection and Recovery
• Simulation and Implementation
![Page 20: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/20.jpg)
20
Forwarding
• Basic forwarding similar to area-style forwarding
• Given a destination network address route towards node with longest matching prefix
• Path length in logical hops bound by log(n)– A logical hop may require several physical hops
![Page 21: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/21.jpg)
21
Forwarding Example
PrefixNext Hop
0.* 0.1.1
1.0.* 1.0.1
1.1.1 1.1.1
1.1.0
PrefixNext Hop
1.* 1.1.0
0.0.* 0.0.1
0.1.0 0.1.0
0.1.1
PrefixNext Hop
1.* 1.0.0
0.1.* 0.1.0
0.0.0 0.0.0
0.0.1
PrefixNext Hop
0.* 0.1.1
1.0.* 1.0.1
1.1.1 1.1.1
1.1.0
Message from 1.1.0 to 0.0.0
![Page 22: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/22.jpg)
22
Outline
• Introduction• Overview and Assumptions• Address and Routing Setup• Forwarding• Detection and Recovery
– Threats– Detecting Grouping Deviations – Eliminating Malicious Nodes
• Simulation and Implementation
![Page 23: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/23.jpg)
23
Threats
• Compromised nodes may lie about group size or ID to subvert route setup
• Compromised nodes may claim multiple IDs or try to simultaneously group with several other nodes
![Page 24: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/24.jpg)
24
Detecting Grouping Deviations• Maintain a Grouping Verification Tree (GVT) for
each group during recursive grouping– Prevents attacker from lying about group ID or size – Based on a hash tree construction
• Before two groups merge, they verify each other’s GVT
• Integrity of the GVTs insures integrity of the recursive grouping algorithm
• Final GVT covers all nodes in the network– Can be used to authenticate any node’s network
address
![Page 25: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/25.jpg)
25
Background: Hash Trees• Employ a one-way hash function H: {0,1}*→{0,1}ρ
to create one-way data structures• The Merkle Tree is one such data structure
– Each internal node calculated as:
Parent = H(ChildL || ChildR)– Authenticates a leaf node given the root value and nodes
along the path to the root
![Page 26: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/26.jpg)
26
Group ID Computation
• Assume G and G’ decide to merge• Each node in G independently
calculates the new group ID as:
![Page 27: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/27.jpg)
27
GVT Formation• One GVT per group• GVT leaves are IDs of nodes in the group• Internal nodes represent intermediate group IDs• Each node maintains information about its branch of
the GVT– Specifically, the group ID and size of each merge partner
![Page 28: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/28.jpg)
28
GVT Verification• Before merging, group G verifies the GVT for G’ (and
vice versa)• G’ announces its group ID (and size)• Group G sends a challenge value to G’• The challenge uniquely selects a node in G’
– Chosen node sends its certificate and GVT information to G• Nodes in G verify the GVT values
Responder Challengerλ
![Page 29: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/29.jpg)
29
Eliminating Malicious Nodes• Legitimate nodes use the Honeybee
mechanism to eliminate malicious nodes• To revoke malicious node M, legitimate node
L broadcasts:– IDL, IDM, and a signature
• Legitimate nodes revoke M and L– Prevents a compromised node from revoking more
than one legitimate node
![Page 30: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/30.jpg)
30
Outline
• Introduction
• Overview and Assumptions
• Address and Routing Setup
• Forwarding
• Detection and Recovery
• Simulation and Implementation
![Page 31: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/31.jpg)
31
Simulations• Comparison against Beacon Vector Routing (BVR) protocol
[NSDI 2005]– Optimized for efficiency– No security included
• Experimental Setup:– 500 nodes, random deployment, DOI radio model
• Summary of Results:– Our routing success rate: 100%– Paths longer than shortest path– Distributes overhead evenly throughout network
• Better than BVR, even in topologies with voids
![Page 32: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/32.jpg)
32
Metric: Path Stretch• Stretch = Protocol Path Length / Optimal Path Length• Optimistic for BVR: does not include failed BVR routes
![Page 33: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/33.jpg)
33
Metric: Load Distribution - Uniform
~ 168,000 messages
![Page 34: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/34.jpg)
34
Metric: Load Distribution - Irregular
~ 26,000 messages
![Page 35: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/35.jpg)
35
Implementation• Developed in NesC on TinyOS using Telos
sensor nodes– Source code to be available soon
• Challenges overcome:– Reliable Broadcast– Asynchronicity– Asymmetric Links
• Ongoing work to expand the current testbed
![Page 36: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/36.jpg)
36
Other Contributions
• Techniques for resilient forwarding
• Duplicate detection
• Proofs of performance and correctness
• Implementation details
![Page 37: 1 Secure Sensor Routing A Clean-Slate Approach Bryan Parno, Mark Luk, Evan Gaustad, Adrian Perrig Carnegie Mellon University](https://reader035.vdocument.in/reader035/viewer/2022062712/56649caf5503460f949729d4/html5/thumbnails/37.jpg)
37
Conclusions
• Secure sensor routing is an important and difficult problem
• Most previous techniques assume a trusted environment or use a single security technique
• We design a protocol incorporating all three security techniques that still compares favorably to insecure protocols