secure time synchronization service for sensor networks s. ganeriwal, r. kumar, m. b. sirvastava...
TRANSCRIPT
Secure Time Synchronization Service for Sensor Networks
S. Ganeriwal, R. Kumar, M. B. Sirvastava
Presented by: Kaiqi Xiong
11/28/2005
Computer Science
CSC 774 Adv. Net. Security
CSC 774 Adv. Net. Security
2
Outline
• Time synchronization and techniques– Pairwise sender-receiver synchronization
• Secure time sync problem: pulse delay attacks
• Proposed techniques– Node to node
• Single hop: Secure Pairwise Synchronization (SPS)
• Multi-hops: SO(opportunistic)M, SDM and STM
– Group: L-SGS and SGS
• Conclusions and possible research questions
CSC 774 Adv. Net. Security
3
Why Time Synchronization
• Time difference in sensor node clocks– Time offset: = CA(t)-CB(t)
• Why time synchronization– e.g., TESLA, localization and target tracking (any protocol
regarding time stamp)
• How to find
CSC 774 Adv. Net. Security
4
How to Synchronize
• Pairwise sender-receiver synchronization: TPSN#
– Step 1: A (T1) (T2) B: A, B, sync
– Step 2: B (T3) (T4) A: m, where m=[B, A, T2, T3, ack]
– Step 3: Compute
A
B
T1
T2 T3
T4
= [(T2-T1)-(T4-T3)]/2
d = [(T2-T1)+(T4-T3)]/2
T1, T4 are measured in A’s clock
T2, T3 are measured in B’s clock
#S. Ganeriwal, et al., Timing-sync protocol for sensor networks, SenSys, 2003
CSC 774 Adv. Net. Security
5
Why Secure Time Synchronization
• Type 1 attack: modify T2 and T3 by capturing node B• Type 2 attack: pulse-delay attacks
– Simply jam an initial pulse– Store in its memory– Replay it at an arbitrary time later
=[(T2-T1)-(T4-T3)+]/2; d=[(T2-T1)+(T4-T3)+]/2
T2* = T1 + d + +
Jam the signal with delay A sends at T1 B receives at T2*
CSC 774 Adv. Net. Security
6
Roadmap For Proposed Techniques
• Only discuss techniques resilient to type 2 attacks• Node-to-node: time synchronization of two nodes
– Single hop: Secure Pairwise Synchronization (SPS)– multi-hops:
• Secure Opportunistic Multi-hop (SOM)• Secure Direct Multi-hop (SDM)• Secure Transitive Multi-hop (STM)
• Group: time synchronization among a group of nodes– Lightweight Secure Group Synchronization (L-SGS)– Secure Group Synchronization (SGS)
CSC 774 Adv. Net. Security
7
Single-hop - Secure Pairwise Synchronization (SPS)
• Step 1: A (T1) (T2) B: A, B, NA, sync
• Step 2: B (T3) (T4) A: m, MAC[KAB, m]
– where m=[B, A, NA, T2, T3, ack]
• Step 3: Compute d=[(T2-T1)+(T4-T3)]/2• If d d* (predefined), then =[(T2-T1)-(T4-T3)]/2; else abort
End-to-end delay (d) consists of •Waiting time Tw at mac to access channel (s~min) (Big!)•Transmission time Tt : time taken to transmit the packet bit-by-bit at the radio of sender (100’s s)•Propagation delay Tp: time over wireless link between sender and receiver (ns)
CSC 774 Adv. Net. Security
8
Performance - Define d*
• d = N(davg, ) is a Guassian distribution
• Select d* = davg+3
• Maxi sync error=3=10s
• Attacker can introduce a maxi pulse-delay factor of 12 due to
– davg+3 +/2 = davg-3
– In this case, maxi attacker impact = 6
•Fig: End-to-end delay over a link
•Table: Statistics of end-to-end delay (Waiting time is extracted)
Maximum(s)
Minimum (s)
Average(s) (dAVG)
Standarddeviation ()
768 755 762 2.82
CSC 774 Adv. Net. Security
9
Secure Opportunistic Multi-hops (SOM)
• Assumption: key KAB shared by A and B
• SOM
Step 1: m1=[A, B, NA], sync
Step 2: m, MAC[KAB, m]
where m=[m1, T2, T3, ack]
Step 3: Node A computes d =[(T2-T1)+(T4-T3)]/2
If d dM*, then =[(T2-T1)-(T4-T3)]/2; else abort
BA
– Exactly the same as SPS except nodes C and D added
DC
Send at T1 Receive at T2
Receive at T4 Send at T3
CSC 774 Adv. Net. Security
10
Performance: SOM
• End-to-end delay – d=sum (Tw+ Tt +Tp)
– Tw is significantly higher
– Standard deviation is higher in 3 orders of magnitude as compared to a single hop
– Maxi sync error=3• Maxi attacker impact=6
CSC 774 Adv. Net. Security
11
Secure Direct Multi-hop (SDM)
• Step 5: Node A computes d=(E1+E2)/2
– If d dT*, then = (E1-E2)/2; else abort
• where E1 = (T2-T1)+(T4-T3)+(T6-T5), E2 = (T12-T11)+(T10-T9)+(T8-T7)
Step 1. A C D B: A, B, NA, sync
Step 2. B,D,NA,m1,M1
– m1=[m1, T2, T3, ack], M1=MAC[KBD, B, D, NA, m1]
– m2 =[B, D, A, T4, T9, T6-T5, T8-T7, ack], M2=MAC[KDC, D, C, NA, m2]
– m3 =[B,D,C,A,T2,T11,T4-T3,T10-T9, T6-T5,T8-T7, ack], M3=MAC[KCA,C, A, NA, m3]
BADC
T1 T3T2 T4 T5T6
T7T8T9T10T11T12
Step 3. D,C,NA,m2,M2Step 4. C,A,NA,m3,M3
CSC 774 Adv. Net. Security
12
Performance (as compared to SOM)
• Advantages– End-to-end delay is not corrupted by Tw
– dAC= dCD=dDB=N(davg, ). So, dAB=N(ndavg, n1/2)
– dT*= ndavg+n1/2
n1/2 M* (SOM), lower in 3 orders of magnitude
• Disadvantages– ack has to carry the state information and
timestamps about all the previous packets, so the packet size of ack packet is larger
CSC 774 Adv. Net. Security
13
Secure Transitive Multi-hop (STM)
• Step 5: A sync to C (SPS)
Step 1. A C D B: A, B, NA, sync
Step 2. B, D, NA, m1, M1
– m1 = [B, D, notify], M1 = MAC[KBD, B, D, NA, m1]
– m2 = [B, D, C, notify], M2 = MAC[KDC, D, C, NA, m2]#
– m3 = [B, D, C, A, notify], M3 = MAC[KCA, C, A, NA, m3]#
BADC
Step 4. C sync to D (SPS) Step 3. D sync to B (SPS)
#In the paper, KBD in M2 and M3 should be KDC and KCA respectively
D C: D, C, NA, m2, M2C A: C, A, NA, m3, M3
CSC 774 Adv. Net. Security
14
Comparison (SOM, SDM and STM)
• Maximal delay parameter same as d* in SYS
• Advantages– Threshold is verified at each step, so re-sync if the
threshold does not meet in STM. But, threshold is done only when A receives ack in SOM and SDM
• Disadvantages– In STM, an external attacker can carry out pulse-delay
attacks on the link joining C and D, due to local verification
– The total number of transmitted messages• 2n for SOM and SDM, but 3n for STM when no attacks
CSC 774 Adv. Net. Security
15
Group Synchronization
• Lightweight Secure Group Synchronization (LSGS)
– Step 1: G1 *: G1, sync
– Step 2: Gi (Ti) (Ti1) G1: Gi, Ni
– Step 3: G1 (T1) (T1i) *: G1, T1, ack, m, M• where m={Ti1, Gi, Ni}, M=MAC[K1i, G1, T1, ack, m] (i = 2,…n)
– Step 4: • Compute d = [(Ti1-Ti )+(T1i - T1)]/2
• If d d*, then = [(Ti1-Ti )-(T1i - T1)]/2; else abort
Note. Gi A and G1 B in a single hop
CSC 774 Adv. Net. Security
16
Performance (L-SGS)
• Same as SPS– Resilient to pulse-delay attacks and message
modification attacks
• Not resilient to internal attacks (if G1 is malicious)
CSC 774 Adv. Net. Security
17
Secure Group Synchronization (SGS)
• Triangle consistency
ij
Node i
Node j
Node kjk
ki
Internal attacks if ij+ jk + ki 0?
Main ideas of SGS
– Every two nodes use SPS by broadcast. No fixed node is used for time sync
– Use triangle consistency to detect internal attacks
CSC 774 Adv. Net. Security
18
Comparison and Summary
Secure Sync Singlehop
Multi-hop sync over n hops(n=5)
Group sync of nnodes
Protocols SPS SOM SDM STM T-SGS SGS
Maxi sync error 3(10s)
3M
(25ms)3 n1/2
(25s)3 n1/2
(25s)3
(10s)3
(10s)
Maxi externalattacker impact
6(20s)
6M
(50ms)6 n
(120s)6 n
(120s)6
(20s)6
(20s)
Resilient tointernal attackers
- Yes No No No Yes
Total number ofmessages
2 2n 2n 3n n+1 3n
Ack packet size# - Same Large Same Large Large
#Compared to the packet size in SPS
CSC 774 Adv. Net. Security
19
Conclusions
• A suite of time synchronization protocols was proposed to detect pulse-delay attacks
– Node-to-node• Single hop: SPS
• Multi-hops:
– SOM (shared pairwise key and big dM*)
– SDM (large message sizes), STM (external attacks)
– Group: L-SGS (internal attacks), SGS (big communication overhead)
• Secure group synchronization is based on the assumption: all group nodes are in each other’s power range
CSC 774 Adv. Net. Security
20
Possible Research Questions
• How to sync time when some nodes are not in the power range of other nodes in a group
• Prevention? How to continue with the processing of time sync when attacks
• How to develop methods to avoid internal attacks (e.g., a hash chain?)
• Is it possible to apply Iulos’s approach or a tree-based technique to SGS for reducing communication overhead
CSC 774 Adv. Net. Security
21
Thank You!
Questions?