Presentation is loading. Please wait.

Presentation is loading. Please wait.

Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook.

Similar presentations


Presentation on theme: "Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook."— Presentation transcript:

1 Queensland University of Technology CRICOS No J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook Park, Juan Gonzalez, and Ernest Foo

2 CRICOS No J a university for the world real R Key Management in WSNs for PCS/SCADA Introduction. –WSNs & SCADA. Related Work. –Nilsson et al.’s & Alzaid et al.’s schemes. Sandwich Attack. Performance Analysis –Memory overhead, communication cost, & computation cost. Conclusion 2

3 CRICOS No J a university for the world real R Introduction: WSNs Embedded Processor Transceiver Memory Sensors Battery 3 Limited Storage Limited Lifetime Slow Computations 1Kbps - 1Mbps, Meters,

4 CRICOS No J a university for the world real R Introduction: SCADA 4 Master Center Historian Communication Systems Remote field Network Manager Human Interaction Database Storage Processing Servers Separate Subnet Fiber Optics Radio Satellite Gateways IEDs Sensors

5 CRICOS No J a university for the world real R Related Work Several papers proposed key management designs for SCADA. –They use heavy cryptographic mechanisms. –Do not consider the integration of WSNs with SCADA. The works that consider the integration, proposed by Nilsson et al. and Alzaid et al.. 5

6 CRICOS No J a university for the world real R Related Work – Nilsson et al. Nilsson et al. designed two key update protocols: –The 1 st protocol updates the pairwise symmetric key between and. –The 2 nd protocol updates the global or group key among and. They claimed that these protocols provide both forward and backward secrecy (past and future key secrecy). It is not the case! 6

7 CRICOS No J a university for the world real R Related Work – Nilsson et al. Node compromise attacks was not considered in Nilsson et al.. The new group key is directly carried by the protocols messages, encrypted under the pairwise key. The value of new pairwise key is determined by the sensor node. etc. Alzaid et al.’s addressed these weaknesses. 7

8 CRICOS No J a university for the world real R Related Work – Alzaid et al. The adversary can launch node compromise –All the credentials stored in sensors. –All the software code installed within the sensors, especially random number generation functions. It cannot compromise the network manager. 8 Adversary Model

9 CRICOS No J a university for the world real R Related Work – Alzaid et al. Past key secrecy: the past keys should not be compromised. Future key secrecy: the future keys should not be compromised. Security Requirements 9

10 CRICOS No J a university for the world real R The Proposed Key Management Forward hash chainReverse hash chain Past key secrecy Future key secrecy The Group Key Update Protocol 10

11 CRICOS No J a university for the world real R The Proposed Key Management The Group Key Update Protocol (Protocol-1) 11

12 CRICOS No J a university for the world real R The Proposed Key Management The Pairwise Key Update Protocol (Protocol-2) 12

13 CRICOS No J a university for the world real R Sandwich Attack The Problem Alzaid et al.’s scheme suffers from a new kind of attack called “Sandwich Attack”. Suppose an attacker captures a node at are revealed. All the subsequent hash images of the forward hash chain (but not the reverse hash chain) can be computed. 13

14 CRICOS No J a university for the world real R Sandwich Attack The Problem When the attacker captures another node at where. The adversary is able to compute all the preimages of the reverse hash chain between. Then, the attacker can compute all the group keys from to by computing: 14

15 CRICOS No J a university for the world real R Sandwich Attack Forward hash chain Reverse hash chain 15 unknown

16 CRICOS No J a university for the world real R Sandwich Attack Forward hash chain Reverse hash chain 16 unknown known unknown

17 CRICOS No J a university for the world real R Sandwich Attack The Solution (Protocol-3) Break the reverse hash chain into smaller ones. 17

18 CRICOS No J a university for the world real R Sandwich Attack can play two strategies: Replace Protocol-1 completely with Protocol-3. rerun Protocol-3 until receives 2 nd message of the protocol from to ensure the reestablishment of the reverse hash chain. Switch between Protocol-1 and Protocol-3 whenever it is needed. The choice between these two strategies depends on how much the Sandwich attack concerns the network designers. 18

19 CRICOS No J a university for the world real R Performance Analysis Memory Overhead 19 Stored information per sensor Nilsson et al. [2]Alzaid et al. [1]Our proposal QtySize (bits)QtySize (bits)QtySize (bits) Pairwise key shared with M Key used for random number generation M’s public key Group key Secret data Indexes Hashed value of the old pairwise key Total

20 CRICOS No J a university for the world real R Performance Analysis Communication Cost 20 ProtocolStep Nilsson et al. [2]Alzaid et al. [1]Our proposal # of bits Energy (  J) # of bits Energy (  J) # of bits Energy (  J) Pairwise key 1. M → N M ← N Total Group key 1. M → N M ← N Total

21 CRICOS No J a university for the world real R Performance Analysis Computation Cost 21 ProtocolStep Consumed energy (  J) Nilsson et al. [2] Alzaid et al. [1] Our proposal Pairwise key 1. M → N Compute the new key M ← N Total Group key 1. M → N Compute the new key M ← N154 Total

22 CRICOS No J a university for the world real R Conclusion Lamport’s reverse hash chain as well as usual hash chain are employed to ensure past and future key secrecy against node compromise. No delivery for the whole value of the new group key for group key update. Sandwich Attack is mitigated by breaking the reverse hash chain into shorter ones. 22

23 CRICOS No J a university for the world real R References [1] Alzaid, Hani and Park, DongGook and Gonzalez Nieto, Juan and Boyd, Colin and Foo, Ernest. A Forward & Backward Secure Key Management in Wireless Sensor Networks for PCS/SCADA. [2] Nilsson, Dennis K. and Roosta, Tanya and Lindqvist, Ulf and Valdes, Alfonso. Key management and secure software updates in wireless process control environments. 23

24 Queensland University of Technology CRICOS No J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Questions


Download ppt "Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook."

Similar presentations


Ads by Google