Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trust relationships in sensor networks Ruben Torres October 2004.

Similar presentations


Presentation on theme: "Trust relationships in sensor networks Ruben Torres October 2004."— Presentation transcript:

1 Trust relationships in sensor networks Ruben Torres October 2004

2 Introduction Paper: “Key Infection: Smart Trust for Smart Dust” The two main objectives of this paper are:  To present a lightweight security protocol that can be implemented in commodity sensor networks.  to show that the initial trust establishment can be achieve without extra complexity of the security protocol, a low computation overhead and low memory requirements Its main characteristic is that the initial key exchange between nodes is made in clear text No assumption of the presence of a highly capable attacker who can monitors and stores all communication. This assumption have lead to the development of heavy security protocols.

3 Key Infection The key material is propagated as contact is made, like an INFECTION spreading through a biological population Key infection is based on the assumption that during the network deployment phase, the attacker can only monitor a fix percentage of the communication channels. There is no need to preload secret information before sensor network deployment. It uses symmetric cryptography The initial key exchange is made in clear text. Using a master key at the beginning, under some circumstances, only secures a fraction of communication that the attacker could have recorded and decipher anyways. Its cheaper to simply exchange session keys in the clear.

4 Terminology White Nodes: The nodes that conform our sensor network Black nodes: The attacker nodes Dust: Term that comes from the “Smart dust” project. Its goal is to make sensor small and cheap enough that they can be distributed in large number over an area.

5 Sensor Network assumption Commodity sensor networks  Small, low cost nodes,  Limited Battery Energy, minimal computation, communication and storage resources  No tamper-proof hardware Each node has a transmission range of 10 m. Around half a dozen nodes should have fall into each node range. The simulation considered White nodes (good nodes) and a 100 Black nodes (bad nodes).

6 Real World Attacker model The attacker doesn’t have physical access to the network at the deployment phase. The attacker can only monitor a small portion of the communications during the deployment phase. After key exchange is complete the attacker can monitor al communications at will The attacker is not able to execute active attacks during the deployment phase of the network. (flooding, jamming, etc). The deployment time window is of a few seconds. Analogy of a bank door and home doors

7 Basic key setup Each node choose a key and broadcast it in plain text to its neighbors The returned packet will be transmitted using the minimum power necessary for the link, based on the measurement of the signal from i. Assuming an area with no opponents, plaintext key exchange is not a problem if opponents come after the setup time. KiKi ji ji {j,K i,j } Ki Initial key exchange

8 Key Whispering Small change to the original protocol Instead of a full power broadcasting, each White node starts transmitting as quietly as possible until it receive a response A key is set with the responder The broadcast is resumed with a new key Initial key exchange j i m {j,K i,j } Ki {m,K i,m } Ki2

9 Analysis Basic Key SetupKey Whispering For the basic key setup, the effective eavesdropping area is larger than for key whispering. Therefore, the probability of getting a compromised link is larger in the basic setup approach At the end, we can infer that the combatant who can produce the denser dust has a significant advantage. S W2 W1 W4 W3 W1 MAX Tx range e S W2W1 W1 MIN Tx range to reach W2

10 Secrecy amplification (multipath) Link compromised at initial phase Combine keys propagated along different paths W1->W3: {W1,W2,N1} K13 W3->W2: {W1,W2,N1} K23 W2 computes: k’12=H(k12 || N1) W2->W1: {N1,N2} K’12 W1->W2: {N2} K’12 After the protocol has finished, if K12 was secure, K’12 remains secure. But if K12 was compromise, the new k’12 is now secure. Path discovery is allowed p1 W1 W3 W2 p2 p3 W4

11 Multihop Keys Node W2 helps in the key setup between W1 and W3 Node W2 forget K 13 immediately Support end to end rather than link layer cryptography Additional protection in case W2 gets compromised. {R} k12 W3 (base) W2W1{k 1 } k23 {K 13 } k12 W3 (base) W2W1{k 13 } k23 Key Setup 1 2

12 Recovery from attacks Sufficient nodes have been subverted for the network to be partitioned A recovery phase may be initiated  Use of backup nodes  Re run of the initial network discovery algorithm  The multi path key infection algorithm can automatically discover paths. “Breaks the infection disease analogy”.

13 Conclusions Under some assumptions, the clear text key distribution is almost as secure as preloaded keys in nodes. The benefits of initial keying can be analyzed separately from later key relations maintenance. Resilience and recovery mechanism can be more important than bootstrapping.

14 References R. Anderson, H. Chan, A. Perrig. “Key Infection: Smart Dust for smart Trust”. ICNP2004 C. Karlov. “TinySec: A link layer Security architecture for wireless sensor networks”. Sensys04 J.M. Kahn, R.H. Katz. “Next century challenges: mobile networking for Smart Dust”.


Download ppt "Trust relationships in sensor networks Ruben Torres October 2004."

Similar presentations


Ads by Google