Toward Resilient Security in Toward Resilient Security in Wireless Sensor NetworksWireless Sensor Networks

Rob PolakRob PolakFeb 23 2006Feb 23 2006

CSE 535CSE 535

What is Wireless Security on the What is Wireless Security on the Link Level?Link Level?

Message AuthenticityMessage Authenticity Verify SenderVerify Sender Verify Message has not been forgedVerify Message has not been forged

Message PrivacyMessage Privacy The messages can not be read by a third The messages can not be read by a third

party.party.

Previous researchPrevious research

Pairwise Key DistributionPairwise Key Distribution Nodes contain a pool of symmetric keys, with Nodes contain a pool of symmetric keys, with

a probability they contain shared keys.a probability they contain shared keys. These shared keys are then used to create a These shared keys are then used to create a

pairwise key used to endorse messages.pairwise key used to endorse messages. What are the problems with this method?What are the problems with this method?

Problems with PairwiseProblems with Pairwise

As more nodes are compromised the As more nodes are compromised the fraction of affected pairwise keys fraction of affected pairwise keys increases quickly.increases quickly.

Insider Attacks are not accounted for in Insider Attacks are not accounted for in the system.the system.

Some sensors may not be able to Some sensors may not be able to communicate if they do not share keys.communicate if they do not share keys.

Solution?Solution? Location-Based Resilient Security (LBRS)Location-Based Resilient Security (LBRS)

Split terrain into grids, and use a locally binded keySplit terrain into grids, and use a locally binded key

Overview LBRSOverview LBRS

When an event occurs it is endorsed by When an event occurs it is endorsed by multiple nodes within a cell.multiple nodes within a cell.

Message is then forwarded to a node up Message is then forwarded to a node up stream towards the Sink.stream towards the Sink.

Messages are verified en-route to ensure Messages are verified en-route to ensure validity.validity.

Grid ConstructionGrid Construction How to construct a grid with no real How to construct a grid with no real

infrastructure.infrastructure. Solution: construct a virtual grid of cells, and bind Solution: construct a virtual grid of cells, and bind

keys to certain cells.keys to certain cells. How to determine cell size? What are the How to determine cell size? What are the

tradeoff’s?tradeoff’s? As cell size increases nodes are required to have less As cell size increases nodes are required to have less

keys, however, if a large cell is compromised an keys, however, if a large cell is compromised an attacker can forge events of a larger area.attacker can forge events of a larger area.

BootstrappingBootstrapping Time when node is first deployed, and needs to Time when node is first deployed, and needs to

generate it’s keysgenerate it’s keys Node determines its position Node determines its position Node generates keys based upon its location, a Node generates keys based upon its location, a

master secret, and a one way function.master secret, and a one way function. Then the node identifies all of the nodes in its Then the node identifies all of the nodes in its

sensing range and generates keys for those nodes. sensing range and generates keys for those nodes. (used later in en-route message filtering)(used later in en-route message filtering)

Master secret is then erased permanently (no more Master secret is then erased permanently (no more keys can be generated).keys can be generated).

En-Route FilteringEn-Route Filtering Any given report requires (m-1) distinct MAC Any given report requires (m-1) distinct MAC

endorsements (message authentication codes)endorsements (message authentication codes) Reports are collectively processed and Reports are collectively processed and

endorsed by surrounding nodes within a cell.endorsed by surrounding nodes within a cell. Once a message is sent to it’s upstream node Once a message is sent to it’s upstream node

(using geographic routing) the senders mac’s is (using geographic routing) the senders mac’s is then verified by the receiving node.then verified by the receiving node.

RoutingRouting LBRS uses a concept of beam width routing, LBRS uses a concept of beam width routing,

which is a subset of a geographic routing.which is a subset of a geographic routing.

AnalysisAnalysis Analysis InfoAnalysis Info

Given: a circular terrain of radius R and N Given: a circular terrain of radius R and N sensor nodes sensor nodes

For fabricated attacks where m-1 distinct For fabricated attacks where m-1 distinct MAC’s are needed to verify a report the MAC’s are needed to verify a report the detection ratio is : 1 - ½^(8s(m-1)) = 0.999 detection ratio is : 1 - ½^(8s(m-1)) = 0.999 =99% detection rate for our simulation.=99% detection rate for our simulation.

In a simulation network of 10km with 400K In a simulation network of 10km with 400K nodes, the forged reports were found in an nodes, the forged reports were found in an average of 4.2 hops, and 6 hops at most.average of 4.2 hops, and 6 hops at most.

Node CompromiseNode Compromise

Can we prove our hypothesis that LBRS is Can we prove our hypothesis that LBRS is less vulnerable to node compromise.less vulnerable to node compromise. Results from the simulation show that when Results from the simulation show that when

100 nodes are compromised only 11 cells or 100 nodes are compromised only 11 cells or 0.68% of the total terrain. (30k nodes)0.68% of the total terrain. (30k nodes)

No comparisons to pairwise system.No comparisons to pairwise system.

ImplementationImplementation

ImplementationImplementation Only talks about very basic setup of nodes.Only talks about very basic setup of nodes. Seems to be “missing” any results.Seems to be “missing” any results.

Future WorkFuture Work

Implementing the system and study the Implementing the system and study the performanceperformance

DiscussionDiscussion

What are some of the problems with this What are some of the problems with this system?system? Can not handle networks with nodes that Can not handle networks with nodes that

change location.change location. Does not scale well into system with low Does not scale well into system with low

density of nodes.density of nodes. Is this a viable network security solution? Is this a viable network security solution?

Are you convinced?Are you convinced?