wireless sensor networks security and privacy professor jack stankovic department of computer...
TRANSCRIPT
![Page 1: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/1.jpg)
Wireless Sensor Networks
Security and Privacy
Professor Jack StankovicDepartment of Computer Science
University of Virginia
![Page 2: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/2.jpg)
SecuritySecurity
• Complex, many aspects to consider• Opportunity to address this properly
– from the start!• New (severe) constraints (memory,
bandwidth, cpu processing speeds, power, …)– Lightweight solutions required
• Symmetric cryptography (asymmetric crypto is probably too expensive)
• Digital signature – 300 bytes/packet
![Page 3: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/3.jpg)
QuestionQuestion
• If, for some reasons, WSNs did not have the significant impact we have been projecting, what might those reasons be?
– Poor security – easy to make systems ineffective/unreliable
– Privacy policy – laws that state that thou shall not deploy WSNs in public places
![Page 4: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/4.jpg)
QuestionQuestion
• Is it possible to build secure WSN?
• VigilNet – 40 services (each can be attacked)– Solutions for each won’t fit
• Weaker guarantees and evolve
![Page 5: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/5.jpg)
VigilNet ArchitectureVigilNet Architecture
![Page 6: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/6.jpg)
OutlineOutline
• Basic Problems• Routing Problems
– Solutions• SPINS
• Denial of Service• Privacy• Summary
![Page 7: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/7.jpg)
Basic ProblemsBasic Problems• Vulnerability of channels (eavesdrop and
inject fake messages)• Vulnerability of nodes (capture, modify
messages, re-route) (or add new nodes)• Absence of infrastructure (e.g., no
centralized certification authorities)• Dynamically changing topology (difficult
to distinguish between dynamics and attacks)
• Minimum capacity devices– Drain batteries
• Real-Time – slow packets down
![Page 8: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/8.jpg)
Basic ProblemsBasic Problems
• Most existing solutions are too costly– Digital signatures – adds as much as
300 bytes/packet– Asymmetric crypto adds large variables
and large memory costs, etc.
• Don’t handle broadcasting type operations
![Page 9: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/9.jpg)
Communication ScenariosCommunication Scenarios
• Confidentiality (eavesdrop)
Adversary
Node1Base StationMsg
Node2
Eavesdropping is Good for Debugging
![Page 10: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/10.jpg)
Communication Scenarios
Communication Scenarios
• Integrity
Adversary
Node1Base StationMsg1
Msg1’
![Page 11: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/11.jpg)
Communication Scenarios
Communication Scenarios
• Authenticity
Base StationAdversary
Node 1
Node 2
Node 3
Node 4
I am the Base Station
Reprogram systemReset system parameters
![Page 12: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/12.jpg)
Security AssumptionsSecurity Assumptions
• Trust and Key Management– Trust base station and oneself
– Symmetric Keys• Active area of research – how to
disseminate private keys
![Page 13: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/13.jpg)
Security SolutionsSecurity Solutions
• Very difficult• Fn(assumptions made)
– E.g., attack model
• Themes for Security in WSN– Operate in the presence of security
attacks– Self-heal– Evolve to new attacks
![Page 14: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/14.jpg)
Routing - Threat Models and Security Goals
Routing - Threat Models and Security Goals
• Threat Model:– Mote-class vs. laptop-class adversaries– Insiders vs. outsiders
• Security Goals:– Authenticity: verifies the identity of the sender– Integrity: messages are not tampered with– Availability: messages are received by intended
receivers– Confidentiality: no eavesdropping
• Insiders and laptop-class adversaries are difficult challenges
![Page 15: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/15.jpg)
Routing - Network Assumptions
Routing - Network Assumptions
– Insecure Radio Links– Eavesdropping, modifying bits, and
packet replays– Attacker has similar capabilities (HW,
etc.)– Except, Attacker may have high quality
(long-range) communications– Nodes can be “turned”– Attacker controls > 1 node; collusion is
possible– Tamper resistant nodes are not realistic
![Page 16: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/16.jpg)
Routing - Trust RequirementsRouting - Trust Requirements
– Base Stations are trustworthy– Random key pre-distributions are valid
• Initialization procedure prior to deployment– Global (pair-wise) key, pools of keys, etc.
• Neighbor to neighbor key establishment after deployment
• Note: Too expensive to involve base station on all transactions
![Page 17: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/17.jpg)
WSN Routing AttacksWSN Routing Attacks
• Spoofing• Selective Forwarding• Blackhole/Sinkhole• Sybil • Wormholes• HELLO Floods
Many routing protocols have been proposed,but few with security as a goal !
(consider all the ones we studied in this course)
![Page 18: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/18.jpg)
Route Where?Route Where?
• Each node to base station• Nodes to aggregation points and
then from aggregation point to base station
• Between 2 (n) nodes (peer to peer)• Between 2 (n) areas• Among all members of a (static /
dynamic) group
![Page 19: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/19.jpg)
Routing AttacksRouting Attacks
adversary
base station
sensor node
high quality wireless link
Attacks: try to manipulate user/application data oraffect the underlying routing topology (state information)
![Page 20: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/20.jpg)
Attack: Bogus Routing Information
Attack: Bogus Routing Information
• Spoofed, altered, or relayed routing information causes problems
• Example: spoof routing table beacons or claim to be base station– Can attract traffic
Attacker becomes partof routing tree
![Page 21: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/21.jpg)
Attacks: Selective Forwarding / Blackholes /
Sinkholes
Attacks: Selective Forwarding / Blackholes /
Sinkholes • Only forward a
select few… drop / modify remaining packets
• Forward none – blackhole
• Sinkhole – lure all traffic through a compromised node; enables selective forwarding
![Page 22: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/22.jpg)
Attack: Sybil attackAttack: Sybil attack• An adversary may
present multiple identities to other nodes
• FT implications: routes believing to be using disjoint nodes could be using a single adversary– E.G., an attacker node
could provide multiple geographic locations to pretend to be in more than 1 place at a time
A
B
I am at A and B
![Page 23: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/23.jpg)
Attack: WormholesAttack: Wormholes• Tunnel packets received
in one part of the network and replays them in a different part
• Two distant malicious nodes collude to understate their distance from each other by relaying packets along a private channel between them
• Enables other attacks – confuses topology
![Page 24: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/24.jpg)
Attack: HELLO floodsAttack: HELLO floods
• Hello packets to announce presence of a node
• Assumption: the sender of a received packet is within normal radio range
• False! A powerful transmitter could reach the entire network
• Disrupts routing paths
![Page 25: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/25.jpg)
Recall - SPEEDRecall - SPEED
• SPEED: A Semi-Stateless Protocol for Real-Time Communication in Sensor Networks. Uses neighbor tables
Strong Back-Pressure(Congestion)
Area AnycastMulticast
![Page 26: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/26.jpg)
SPEEDSPEED
23
5
9
10
7
Delay
11
SPEED20
11030
115
Node 5's NT
Delay0.5s0.1s0.4s0.1s
ID97
103
Packet
Packet
Source
Destination
Attack – change table
![Page 27: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/27.jpg)
RAP RAP
• RAP: A Real-Time Communication Architecture for Large-Scale Wireless Sensor Networks.
1
Packets withDifferent Velocities
Respecting Deadlines and
Priorities
Attack – change velocity;Different order of delivery
![Page 28: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/28.jpg)
SPEED and RAP: Routing Security Analysis
SPEED and RAP: Routing Security Analysis
• Convince nodes to change their state tables (delay, source, destination, distance, deadlines, velocities).
• Flood network with high velocity packets (i.e. short deadlines or large distances).
• Change the radius of the last mile process.
• Local forwarding decisions allow some types of attacks to not be noticed. Example: a destination that is “beyond” the edge of the network.
• Just lower the velocity of a packet which will end up missing its deadline later and will be dropped.
![Page 29: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/29.jpg)
Solution - SPINSSolution - SPINS
• Suite of security protocols optimized for sensor networks
• Practical on minimal hardware– Memory constraints– Energy constraints– CPU constraints
• Can be used for building higher level protocols, like secure routing
![Page 30: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/30.jpg)
DefinitionDefinition
• Secure Channel: a communication channel that offers – Confidentiality
• no eavesdropping
– Data authentication• you know who sent message
– Integrity • data not changed
– Data freshness• Weak – correct order• Strong – recent in terms of time
![Page 31: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/31.jpg)
SPINS: 2 Building BlocksSPINS: 2 Building Blocks
• SNEP (Sensor-Network Encryption Protocol)
– Encryption Protocol
• Data confidentiality and integrity
– Secure point-to-point communication
• 2-party authentication
– Data freshness (adversary can’t replay old messages)
TESLA (Micro Timed Efficient Stream Loss-tolerant Authentication)
– Provides streaming broadcast authentication
![Page 32: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/32.jpg)
Typical CostTypical Cost
• Authenticated Broadcast– Asymmetric digital signature
• Up to 50-1000 bytes (of overhead) per packet
• Need a different solution
![Page 33: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/33.jpg)
System AssumptionsSystem Assumptions
• Communication patterns– Frequent node-base station exchanges– Frequent network flooding from base– Node-node interactions infrequent (not
including multi-hop routing relays)
• Base station– Sufficient memory, power– Shares secret key with each node
• Node– Limited resources, limited trust– Each node trusts itself
![Page 34: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/34.jpg)
DesignDesign
• Asymmetric cryptography is too expensive
• Use symmetric cryptography primitives
• A simple symmetric encryption function (RC5) provides:– Encryption & Decryption– Message Authentication Code (MAC)– Pseudorandom number generation– Hash Function
• Overhead is only 8 bytes per packet• Use single block cipher (for code reuse)
![Page 35: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/35.jpg)
Block Cipher: RC5Block Cipher: RC5
• Subset of RC5 with 40% reduction in code size• Low memory requirements• Cipher text is the same size as the original text• They rejected AES and DES as too expensive
Plaintext
RC5 block cipherKey Ciphertext
![Page 36: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/36.jpg)
Key Generation/SetupKey Generation/Setup
• Nodes and base station share a master key (pre-deployment)• Other keys are bootstrapped from the master key:
– Encryption keys (different for each direction between 2 nodes)– Message Authentication code key (different for each direction)– Random number generator key
Ctr
RC5 BlockCipherMaster Key KeyMAC
KeyEncryption
Keyrandom
F is a pseudo-Random function to generate keys
![Page 37: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/37.jpg)
SNEP EncryptionSNEP Encryption
• Encrypted-data = {D}<Keyencryption, counter>• Counter is shared state – but not sent in message like
usual solutions; maintained at each pair of nodes• With the counter, even the same message is encrypted
differently each time• RC5 generates “random” data to XOR with message
Counter
RC5 BlockCipherKeyEncryption
+Pj Cj
![Page 38: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/38.jpg)
SNEP EncryptionSNEP Encryption
• Weak freshness guaranteed; counter must increase
• Decryption is identical
Counter+1
RC5 Block CipherKeyEncryption
+Pj+1 Cj+1
Counter+1
RC5 Block CipherKeydecryption
+ Pj+1
![Page 39: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/39.jpg)
SNEP MACSNEP MAC
• Message Authentication Code = MAC(KMAC, X)• MAC uses Cipher Block Chaining (CBC)• Every block of input affects output
KMAC RC5
X1
KMAC RC5
X2
KMAC RC5
X3
MAC
+ +
![Page 40: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/40.jpg)
Authentication, ConfidentialityAuthentication, Confidentiality
• Without encryption on MSG, can have authentication only• For encrypted messages, the counter is included in the MAC• Counter in MAC prevents replays
Node A
Msg, MAC(KMAC, Msg)
{Msg}<Kencryption, Counter), MAC(KMAC, Counter|| {Msg}<Kencryption, Counter>)
Node B
![Page 41: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/41.jpg)
Spins So FarSpins So Far
• SNEP
– Encryption Protocol (RC5)
•Data confidentiality and integrity
– Secure point-to-point communication
•2-party authentication
•MAC based on RC5
– Data freshness (adversary can’t replay old messages)• Counters
![Page 42: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/42.jpg)
Broadcast AuthenticationBroadcast Authentication
• Broadcast is basic communication mechanism
• Sender broadcasts data• Each receiver verifies data origin
Sender
R1
M
R4
M
R3R2 MM
![Page 43: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/43.jpg)
TESLA ProtocolTESLA Protocol
• TESLA : efficient source authentication in multicast for wired networks.
• µTESLA: broadcast authentication for WSNs.– TESLA is too expensive for WSN
![Page 44: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/44.jpg)
TESLA ProtocolTESLA Protocol
• Compare & Contrast (similarities)– Both require loose time sync. between BS
and each node.– Both uses one-way hash function to produce
a chain of secret keys in the sender, each key corresponding to a time interval at which the sender sends a packet.
– Both maintain a key disclosure schedule known to both sender and receiver.
– Receiver holds off the authentication of a packet until the required key is disclosed.
![Page 45: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/45.jpg)
TESLATESLA
• Compare & ContrastDifferences
µTESLA removes or adapts the expensive features of TESLA:
Asymmetric digital signature is replaced by symmetric key
Frequency of key disclosure is greatly lessened Only the Base Station stores the key chain Inter-node communication is made possible by
the Base Station
![Page 46: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/46.jpg)
TESLA OverviewTESLA Overview
• Provides authenticated broadcast mechanism
• Must have an asymmetric mechanism to prevent forgery
• Why not use asymmetric digital signatures?– Expensive computation, storage, and
communication
• Asymmetry: delayed key disclosure– Requires loosely synchronized clocks
![Page 47: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/47.jpg)
Simple MAC Insecure for Broadcast
Simple MAC Insecure for Broadcast
Sender
R1
M, MAC(K,M)
R4
M, MAC(K,M)
M’, MAC(K,M’)
K
K K
![Page 48: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/48.jpg)
Key SetupKey Setup
• Main idea: One-way key chains– BS chooses K(n) – easy to compute K(n-1)– BS computes entire chain
• K0 is initial commitment to chain• Base station gives K0 to all nodes
– Nodes can’t compute K(1)
Kn Kn-1 K1 K0
X
…….F(Kn) F(K1)F(K2)
![Page 49: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/49.jpg)
BroadcastBroadcast
• Divide time into intervals• Associate Ki with interval i• Messages sent in interval i use Ki in MAC• Ki is revealed at time i + • Nodes authenticate Ki and messages using Ki
K0 K1 K2 K3 …
0 1 2 3 4 time
K0 Revealed Here
![Page 50: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/50.jpg)
Robustness to Packet Loss
Robustness to Packet Loss
K2 K3 K4 K5
tTime 2 Time 3 Time 4 Time 5
K1
P5
K3
P3
K1
P2
K0
P1
K0
Verify MACs
P4
K2
FF
Authenticate K3
Time 1
REAVEALINGKey K0
![Page 51: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/51.jpg)
TESLA IssuesTESLA Issues
• Important parameters: time interval, disclosure delay
• Delay must be greater than RTT to ensure integrity
• Parameters define maximum delay until messages can be processed
• Nodes must buffer broadcasts until key is disclosed
• Requires loose time synchronization in network• Base station commits to maximum number of
broadcasts when forming chain– When current chain is exhausted, all nodes must be
bootstrapped with a new one
![Page 52: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/52.jpg)
Evaluation (Memory)Evaluation (Memory)
![Page 53: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/53.jpg)
Evaluation (Execution Time)
Evaluation (Execution Time)
• 2.5 ms to encrypt a 16 byte message
• 18 ms to deal with broadcast authentication
![Page 54: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/54.jpg)
Evaluation (Energy cost)
Evaluation (Energy cost)
• Total cost to send a message• Highest overhead is from transmission of 8-
byte MAC per packet
ExtraBytes
![Page 55: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/55.jpg)
Authenticated RoutingAuthenticated Routing
• Simple “Breadth-first search” routing algorithm• Routing scheme assumes bidirectional communication• Base station periodically broadcasts beacon
BS
![Page 56: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/56.jpg)
Authenticated RoutingAuthenticated Routing
• First reception of authenticated beacon during current routing interval defines “parent”
• At reception of a beacon, if it’s fresh then accept sender as its parent in the route and broadcast another beacon with the node’s id as sender id
BS
![Page 57: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/57.jpg)
Authenticated RoutingAuthenticated Routing
• Attacker cannot re-route any link – won’t authenticate
BS
![Page 58: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/58.jpg)
Authenticated RoutingAuthenticated Routing
• Final tree
BS
![Page 59: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/59.jpg)
SPINS SummarySPINS Summary
• Focus on WSN communication patterns
• Meet severe energy, time, memory constraints
• Time synchronized network• Pre-loaded master keys• Basic techniques to be used in other
protocols
![Page 60: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/60.jpg)
Denial of ServiceDenial of Service
Ref: Denial of Service in Sensor Networks; Wood & Stankovic
![Page 61: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/61.jpg)
The Jamming ProblemThe Jamming Problem
• Jamming disrupts communication around the source
• Expensive to prevent—but can detect it
J
![Page 62: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/62.jpg)
Solution SummarySolution Summary
J
Edge nodes blindly report jamming
Inner nodes sleep
Outer nodes map collaboratively
Jammed area
![Page 63: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/63.jpg)
Jam DetectionJam Detection
• Highly decentralized algorithm:– Loose group semantics, eager
eavesdropping, supremacy of local information, robustness to packet loss and failure
– Does not consider other security attacks
![Page 64: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/64.jpg)
A Mapping ServiceA Mapping Service
• Map jammed-area and export to other modules
• Possibilities for using this information:– Report jammed area to base station
• Send in vehicle
– Route around jammed area– Lower duty-cycle to save energy– Redirect any queries to services in
jammed area– Expose area as programmer-accessible
entity
![Page 65: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/65.jpg)
Summary - Security Summary - Security
• Solutions from the start (too late?)
• Lightweight solutions required
• System must operate in presence of faults AND attacks
• Framework needed for security updates as attacks evolve over time
![Page 66: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/66.jpg)
Summary - SecuritySummary - Security
• Define new trust models• Key distribution schemes (static and
dynamic)• Routing, secure groups, denial of service,
localization, …
• Can solutions exploit– Physical properties?
• Directional antennas, time validity intervals of data, velocity, …
– Density? – Redundancy? – HW?
![Page 67: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/67.jpg)
Medical System Architecture
Medical System Architecture
Internet
Internet
PDAs
Nurses Stations
![Page 68: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/68.jpg)
Smart Living Health Spaces
Smart Living Health Spaces
![Page 69: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/69.jpg)
MotivationMotivation
• What is privacy?– “The claim of
individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” – Alan Westin
• WSN in healthcare
![Page 70: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/70.jpg)
Many StakeholdersMany Stakeholders
• Patients• Patients family and friends• Doctors• Nurses• Technicians• Orderlies• Admin• Social Workers
![Page 71: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/71.jpg)
PrivacyPrivacy
• Very complex, dynamic• Differs for different countries,
people, etc.• Build into WSN at start• Filters
– Example: only transmit aggregated information about people in an area not ID based information
• Showstopper?
![Page 72: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/72.jpg)
Authorization FrameworkAuthorization Framework
Request Authorizer
Privacy Policy
Policy ManagerContext Manager
Context
Data mining analysis
Request History
Database
User’s Request
Reply
Inconsistency Check
Ask for data
Change policy
![Page 73: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/73.jpg)
Request ExpressionsRequest Expressions• Mandatory:
– <Request Subject >– <Data Subject>– <Data>– <Action>
• Optional:– [Aggregate Function]– [Time]– [Place]– [Conditions]– [Set Values]
• Example: Nurse N1 requests to read pulse of patient P1 for 30
minutes if P1’s pulse is lower than 50 bpm N1 read (P1,pulse) [t1,t1+30] if (P1,pulse) < 50
Roles, UserID, roomID, floorID
Read, write, delete, add, set
EKG, pulse, motion, light, temp, activity
max, min, avgsingle time t , periodic [t1,t2]Bed, room, floor,
=, >, <, >=, <=, <> single value, range
![Page 74: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/74.jpg)
Policy ComponentsPolicy Components
– Request Subject – Rule: (action, ruling, context)– Data Subject– Data
– Examples:• Doctor (read,allow,critical condition) (patient,
activity data) Role policy
• DoctorX (read, deny) (patient, activity data) Individual policy
![Page 75: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/75.jpg)
RepresentationRepresentation
• Directed Acyclic Graph – Nodes:
• Individual user• Role• Data
– Edges:• Inheritance• Data association• Rule: (action, ruling, context)
![Page 76: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/76.jpg)
Privacy Policy Representation -
Example
Privacy Policy Representation -
Example
U: User1
U: User2
R: Doctor
D: Cardio
D: PII
R: Patient
U: User3
U: User4
<rule>
![Page 77: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/77.jpg)
Policy Inconsistency Types
Policy Inconsistency Types
• Syntax inconsistency• Semantic
inconsistency– Multiple-role– Role vs. individual
policy– Multiple rule
instances
User
Role 1
Role 2
Data
Is-a
<rule 3>
<rule 1>
<rule 2>
Is-a
![Page 78: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/78.jpg)
Inconsistency Detection Example
Inconsistency Detection Example
User
Role t
Data
<rule 3>
<rule 4>
Role s
![Page 79: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/79.jpg)
Privacy Privacy
• Added requirements for WSN– WSN specific
• Lightweight and Integrated Solutions
– Highly dynamic• Alarms• Override when necessary
– Highly distributed access and data creation
– Data is transient– Notion of inanimate objects
![Page 80: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/80.jpg)
Possible ApproachPossible Approach
• Privacy filters– Collect what is needed; no more
• Blurring• Reactive to critical situations
– Real-Time Privacy
• WSN-Privacy Language• Consistency checks (at different
levels of granularity, at different times)
• Across enterprise trust domains
![Page 81: Wireless Sensor Networks Security and Privacy Professor Jack Stankovic Department of Computer Science University of Virginia](https://reader035.vdocument.in/reader035/viewer/2022062803/56649f425503460f94c611d6/html5/thumbnails/81.jpg)
Summary - Research Q.Summary - Research Q.
• How do we compose untrustworthy entities into a trustworthy aggregation– And how to maintain this trust as
topology changes
• Lightweight key management• Routing, denial of service, intrusion
detection, authentication, localization, etc.
• Adaptive security and privacy service