Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)

Similar presentations


Presentation on theme: "Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)"— Presentation transcript:

1 Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)

2 Sensor Networks  100s to 1000s of cheap sensor nodes  Communicate peer-to-peer and route information to base stations  Example: Sensors could be scattered by air to monitor pollution - or track people

3 Typical Sensor Node Characteristics  Wireless communication  Battery powered  Immobile  Not tamper-resistant  Limited processing hardware and memory  Communicate peer-to-peer and route data to one or more base stations

4 Platform Technologies: UCB Mote  UCB Mote Evolution

5 Approaches to Key Distribution  Attempt #1: Use a PKI Problem: Too computationally intensive  Attempt #2: Use a single symmetric master key Problem: Single node capture exposes entire network  Attempt #3: Load each node with key for each neighbour Problem: Don’t know neighbours a priori  Attempt #4: Load each node with many keys (n-1 keys/node, or fancier randomised scheme) Problem: Memory cost too high

6 Threat Model  Attacker deploys white dust to monitor an area  Defender has a few black dust motes already, rapidly deploys more, and sends in ‘insects’ that reverse-engineer some white motes  Passive defense: see what movements yield sensor traffic  Active defense: transmit jamming / deceptive messages  Example: corrupt routing to partition network

7 Defender Model  During the deployment phase, we have a partial, passive defender - some links monitored but no jamming / flooding / physical attack  After deployment, the gloves come off! The defender is pervasive and active  Often reasonable because of economics: white can deploy dust anywhere while black must defend everywhere

8 Basic Idea  Suppose all nodes share an initial master key, and use this to bootstrap link keys  Once the reverse-engineering insect arrives, the enemy gets the master key  The enemy can now eavesdrop all the links it monitored  But it could only monitor a small fraction of them! We may still be OK  This is equivalent to broadcasting initial keys locally, and in the clear

9 Key Infection  Assume that mote i, when it comes to rest, transmits a key ki  When mote j hears it, it responds with a pairwise key, using only just enough power for the link: j -> i : { j, k ji } ki i j The key is compromised if a hostile mote lies in the intersection of the two circles i E.g, 1 black mote for 100 white % of links secure

10 Key Whispering  First improvement - instead of broadcasting ki at full power, whisper it - increase volume until response heard  In other words, whispering already reduces compromised links by 2/3 d1% basic1% whisper3% basic3% whisper 21.13%0.40%3.48%1.19% 31.75%0.61%5.06%1.81% 42.38%0.83%6.75%2.44% 52.92%1.01%8.40%3.02%

11 Key Capture Enemy / subverted nodes  Neither node A or node B was captured, but their shared key has been exposed Keys of node A Keys of node B

12 Multipath Privacy Amplification  If i talks via j to k, and link jk compromised, find any other paths, e.g., i -> l -> k, set up keys k ik along all available paths, and hash them together  This gets a further significant reduction in compromised links: d1% basic1% multipath 3% basic3% multipath 20.61%0.38%2.23%1.11% 30.55%0.26%1.76%0.91% 40.40%0.16%1.57%0.80% 50.35%0.04%1.29%0.40%

13 Interaction with Routing  Even with no mobility, the network topology will change as a result of battery exhaustion / attacks  White may invest in preparing for failover - multipath key establishment helps  Many interesting questions, e.g. energy efficiency, clubbing, different logical paths on same physical path…

14 Other Applications (1)  Peer-to-peer systems typically start out optimistically with a large number of hopefully trustworthy nodes  ‘Black’ nodes join once the network starts to operate, and ‘white’ nodes may be subverted (e.g., by court order)  Here too the issue isn’t the initial key bootstrapping, but resilience in the face of what happens later

15 Other Applications (2)  Subversive networks are similar. Law enforcement can only monitor so many people, and so many phones…  Once subversive activity manifests, the task is to penetrate a network that may have been fairly open at the start, but has now closed up  Again, the important aspect is not the initial bootstrapping, but the subsequent lockdown, and any associated resilience

16 Security Economics  Economics provide the big showstopper for security in general  Here, the game depends on both initial and marginal costs of attack and defence  Initial keying increases initial cost to both  Equilibrium depends on marginal costs - defender efforts vs attacker resilience  Logically, defender will give up, or attacker have to go all out to maintain network  Attacker will logically make marginal investment in resilience, not bootstrapping

17 Research Problems  What are the relative costs of key establishment vs. maintenance in different types of network?  What are the best attack and defence strategies at equilibrium?  What’s the interaction with routing algorithms?  Can you deal with new motes joining?  Can you have multiple virtual networks (‘United Nations Dust’)?  Can multiple users interact locally (‘Neighbourhood Watch Dust’)?

18 Conclusions  Sensor networks present interesting and novel protection problems  They provide a tractable model for bigger problems, from P2P network design to some real-world policing problems  Challenge the conventional wisdom that authentication is about trust bootstrapping  In many real social networks, trust is more about group reinforcement / bonding  Will future pervasive computing systems be command-and-control, or societal?


Download ppt "Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)"

Similar presentations


Ads by Google