toward resilient security in wireless sensor networks rob polak feb 23 2006 cse 535

15
Toward Resilient Toward Resilient Security in Wireless Security in Wireless Sensor Networks Sensor Networks Rob Polak Rob Polak Feb 23 2006 Feb 23 2006 CSE 535 CSE 535

Upload: ethel-allison

Post on 19-Jan-2018

212 views

Category:

Documents


0 download

DESCRIPTION

Previous research  Pairwise Key Distribution  Nodes contain a pool of symmetric keys, with a probability they contain shared keys.  These shared keys are then used to create a pairwise key used to endorse messages.  What are the problems with this method?

TRANSCRIPT

Page 1: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

Toward Resilient Security in Toward Resilient Security in Wireless Sensor NetworksWireless Sensor Networks

Rob PolakRob PolakFeb 23 2006Feb 23 2006

CSE 535CSE 535

Page 2: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

What is Wireless Security on the What is Wireless Security on the Link Level?Link Level?

Message AuthenticityMessage Authenticity Verify SenderVerify Sender Verify Message has not been forgedVerify Message has not been forged

Message PrivacyMessage Privacy The messages can not be read by a third The messages can not be read by a third

party.party.

Page 3: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

Previous researchPrevious research

Pairwise Key DistributionPairwise Key Distribution Nodes contain a pool of symmetric keys, with Nodes contain a pool of symmetric keys, with

a probability they contain shared keys.a probability they contain shared keys. These shared keys are then used to create a These shared keys are then used to create a

pairwise key used to endorse messages.pairwise key used to endorse messages. What are the problems with this method?What are the problems with this method?

Page 4: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

Problems with PairwiseProblems with Pairwise

As more nodes are compromised the As more nodes are compromised the fraction of affected pairwise keys fraction of affected pairwise keys increases quickly.increases quickly.

Insider Attacks are not accounted for in Insider Attacks are not accounted for in the system.the system.

Some sensors may not be able to Some sensors may not be able to communicate if they do not share keys.communicate if they do not share keys.

Page 5: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

Solution?Solution? Location-Based Resilient Security (LBRS)Location-Based Resilient Security (LBRS)

Split terrain into grids, and use a locally binded keySplit terrain into grids, and use a locally binded key

Page 6: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

Overview LBRSOverview LBRS

When an event occurs it is endorsed by When an event occurs it is endorsed by multiple nodes within a cell.multiple nodes within a cell.

Message is then forwarded to a node up Message is then forwarded to a node up stream towards the Sink.stream towards the Sink.

Messages are verified en-route to ensure Messages are verified en-route to ensure validity.validity.

Page 7: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

Grid ConstructionGrid Construction How to construct a grid with no real How to construct a grid with no real

infrastructure.infrastructure. Solution: construct a virtual grid of cells, and bind Solution: construct a virtual grid of cells, and bind

keys to certain cells.keys to certain cells. How to determine cell size? What are the How to determine cell size? What are the

tradeoff’s?tradeoff’s? As cell size increases nodes are required to have less As cell size increases nodes are required to have less

keys, however, if a large cell is compromised an keys, however, if a large cell is compromised an attacker can forge events of a larger area.attacker can forge events of a larger area.

Page 8: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

BootstrappingBootstrapping Time when node is first deployed, and needs to Time when node is first deployed, and needs to

generate it’s keysgenerate it’s keys Node determines its position Node determines its position Node generates keys based upon its location, a Node generates keys based upon its location, a

master secret, and a one way function.master secret, and a one way function. Then the node identifies all of the nodes in its Then the node identifies all of the nodes in its

sensing range and generates keys for those nodes. sensing range and generates keys for those nodes. (used later in en-route message filtering)(used later in en-route message filtering)

Master secret is then erased permanently (no more Master secret is then erased permanently (no more keys can be generated).keys can be generated).

Page 9: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

En-Route FilteringEn-Route Filtering Any given report requires (m-1) distinct MAC Any given report requires (m-1) distinct MAC

endorsements (message authentication codes)endorsements (message authentication codes) Reports are collectively processed and Reports are collectively processed and

endorsed by surrounding nodes within a cell.endorsed by surrounding nodes within a cell. Once a message is sent to it’s upstream node Once a message is sent to it’s upstream node

(using geographic routing) the senders mac’s is (using geographic routing) the senders mac’s is then verified by the receiving node.then verified by the receiving node.

Page 10: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

RoutingRouting LBRS uses a concept of beam width routing, LBRS uses a concept of beam width routing,

which is a subset of a geographic routing.which is a subset of a geographic routing.

Page 11: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

AnalysisAnalysis Analysis InfoAnalysis Info

Given: a circular terrain of radius R and N Given: a circular terrain of radius R and N sensor nodes sensor nodes

For fabricated attacks where m-1 distinct For fabricated attacks where m-1 distinct MAC’s are needed to verify a report the MAC’s are needed to verify a report the detection ratio is : 1 - ½^(8s(m-1)) = 0.999 detection ratio is : 1 - ½^(8s(m-1)) = 0.999 =99% detection rate for our simulation.=99% detection rate for our simulation.

In a simulation network of 10km with 400K In a simulation network of 10km with 400K nodes, the forged reports were found in an nodes, the forged reports were found in an average of 4.2 hops, and 6 hops at most.average of 4.2 hops, and 6 hops at most.

Page 12: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

Node CompromiseNode Compromise

Can we prove our hypothesis that LBRS is Can we prove our hypothesis that LBRS is less vulnerable to node compromise.less vulnerable to node compromise. Results from the simulation show that when Results from the simulation show that when

100 nodes are compromised only 11 cells or 100 nodes are compromised only 11 cells or 0.68% of the total terrain. (30k nodes)0.68% of the total terrain. (30k nodes)

No comparisons to pairwise system.No comparisons to pairwise system.

Page 13: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

ImplementationImplementation

ImplementationImplementation Only talks about very basic setup of nodes.Only talks about very basic setup of nodes. Seems to be “missing” any results.Seems to be “missing” any results.

Page 14: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

Future WorkFuture Work

Implementing the system and study the Implementing the system and study the performanceperformance

Page 15: Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

DiscussionDiscussion

What are some of the problems with this What are some of the problems with this system?system? Can not handle networks with nodes that Can not handle networks with nodes that

change location.change location. Does not scale well into system with low Does not scale well into system with low

density of nodes.density of nodes. Is this a viable network security solution? Is this a viable network security solution?

Are you convinced?Are you convinced?