Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Published byReynard Houston Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security."— Presentation transcript:

1 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security

2 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 2 Wireless Sensor Networks sensor Communication and processing module 1. Network protocol (e.g., routing) 2. Data management (e.g., aggregation) 3. Localization and time synchronization 4. Energy management, robustness,etc. 5. Security Node to node Node to sink Group communication a. Key management b. Broadcast authentication Location? c. Security of fundamental services d. Detection of attacks, etc.

3 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 3 Wireless Sensor Networks (Cont’d) Composed of –Low cost, low power, and multifunctional nodes –Wireless communication in short distances Sensor node –Sensing –Data processing –Communication –Unattended

4 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 4 Security in Sensor Networks Sensor network security –Key management –Point-to-point authentication –Encryption –Broadcast authentication –Secure localization –Secure clock synchronization –…

5 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 5 Challenges in Sensor Network Security Resource constraints –Limited storage, computation, and communication Expensive mechanisms such as public key cryptography is not practical –Depletable resources (e.g. battery power) Resource consumption attacks Threat of node compromises –Sensor nodes are usually deployed in an unattended fashion –Subject to node captures

6 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 6 Challenges (Cont’d) Local computation/communication v.s. global threat –Sensor network applications often depend on local computation and communication due to resource constraints –A determined attacker may Attack any node in a network, and Use information gathered from compromised nodes to attack non-compromised ones

7 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 7 Research Problems Cryptographic services –Broadcast authentication –Key management Security mechanisms for fundamental services –Clock synchronization –Secure location discovery –Secure aggregation and in-network processing –Cluster formation/cluster head election

8 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 8 Research Problems (Cont’d) Securing sensor network applications –Intruder detection –Tracking of moving targets –…–… Intrusion detection –A desirable component –Require different solutions than traditional techniques Others

9 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security9 CSC 774 Network Security Topic 9.1 Key Pre-distribution in Wireless Sensor Networks

10 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 10 Establishing Pairwise Keys in Sensor Networks Traditional techniques are not practical in sensor networks –Public cryptography: not practical –Key distribution centers (KDC): not practical

11 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security11 Probabilistic Key Pre-Distribution

12 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 12 Probabilistic Key Pre-Distribution Basic idea –Assign a random subset of keys of a key pool to each node –Two nodes can establish secure communication if they have at least one common key A set of random keys i j

13 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 13 Probabilistic Key Pre-Distribution (Cont’d) Key distribution (three phases) –Key pre-distribution –Shared-key discovery –Path-key establishment

14 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 14 Probabilistic Key Pre-Distribution (Cont’d) Key pre-distribution –Generate a large pool of P keys and their ids –For each sensor, random draw k keys out of P without replacement This forms the key ring of the sensor –Load the key ring into the memory of the sensor –Save the key ids of each key ring and the sensor id on a trusted controller –For each node, load the i-th controller node with the key shared with that node.

15 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 15 Probabilistic Key Pre-Distribution (Cont’d) Key pre-distribution (Cont’d) –Parameters k and P are critical Only a small number of keys need to be placed on each node’s key ring Any two nodes share at least a key with a chosen probability

16 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 16 Probabilistic Key Pre-Distribution (Cont’d) Shared-key discovery –Each node discovers its neighbors in wireless communication range with which it shares keys –Method 1: Each node broadcasts the list of key ids on its key ring Give an adversary additional knowledge of key distribution No direct ways to comprise keys

17 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 17 Probabilistic Key Pre-Distribution (Cont’d) Shared-key discovery (Cont’d) –Method 2 (private shared-key discovery) For each key on a key ring, each node broadcasts a list – , E Ki (  ), i= 1, …, k, where  is a challenge If a node receives this list, it tries to decrypt each cipher- text with every key it has The node establishes a shared key if it can successfully decrypt a cipher-text

18 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 18 Probabilistic Key Pre-Distribution (Cont’d) Path-key establishment –Assign a path-key to selected pairs of nodes that Are in wireless communication range Do not share a common key But are connected by two or more links at the end of shared-key discovery –Established through those links

19 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 19 Probabilistic Key Pre-Distribution (Cont’d) Revocation –Revoke the entire key ring of a compromised node –A controller node broadcasts a single revocation message containing a signed list of key ids for the revoked key ring The controller generates a signature key K e, and unicasts it to each node by encrypting it with the key they share. –Each node verifies the signed list of key ids, and removes those key from its key ring

20 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 20 Probabilistic Key Pre-Distribution (Cont’d) Re-keying –Restart shared-key discovery and path-key discovery

21 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 21 Analysis Model a sensor network as a random graph –All the sensor nodes are the vertices in the graph –There is an edge between two vertices if the corresponding nodes share a common key Analysis questions –What should be the expected degree (d) of a node so that a sensor network with n nodes is connected? –Given d and the size of a neighborhood (n’), what should be the key ring size (k) and key pool size (P) for a network with n nodes?

22 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 22 Analysis (Cont’d) What should be the expected degree (d) of a node so that a sensor network with n nodes is connected? –Answered by random graph theory –G(n, p): a graph of n nodes for which the probability that a link exists between two nodes is p. –d = p * (n-1): expected degree of a node (i.e. the average number of edges connecting that node with its neighbors). Erdös and Rényi’s Equation: –Given a desired probability P c for graph connectivity and number of nodes, n, the threshold function p is defined by: –where

23 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 23 Analysis (Cont’d)

24 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 24 Analysis (Cont’d) Given d and the size of a neighborhood (n’), what should be the key ring size (k) and key pool size (P) for a network with n nodes? –p’: probability of sharing a key between any two nodes in a neighborhood (p’=d/(n’-1)) –p’ = 1  Pr[two nodes do not share any key] Simplify with Stirling’s approximation

25 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 25 Analysis (Cont’d)

26 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 26 Improvements for the Probabilistic Key Pre-Distribution q-composite key pre-distribution –Two nodes have to have at least q shared keys to derive a valid pairwise key –Better resilience when the number of compromised nodes is small Multi-path enforcement –Derive each path key through multiple node- disjoint paths, each of which derives one sub-key –Path key is the XOR of all sub keys –Better resilience to compromised nodes in key paths

27 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 27 Random Pairwise Keys Scheme Approach –Calculate the smallest probability p of two nodes being connected so that the entire network is connected with a high probability. –Consider a network of n nodes –Each node needs to store np pairwise keys Limitation –The network size is limited by n=m/p, where m is the available memory on each node for keys

28 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security28 Polynomial Pool Based Key Pre-Distribution

29 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 29 Outline Background –Polynomial based key predistribution A framework for key predistribution in sensor networks –Polynomial pool based key predistribution Two efficient key predistribution schemes –Random subset assignment –Grid based key predistribution Efficient implementation in sensor networks Conclusion and future work

30 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 30 Polynomial Based Key Predistribution By Blundo et al. [CRYPTO ‘92] –Developed for group key predistribution –We consider the special case of pairwise key predistribution Predistribution: –The setup server randomly generates where f (x,y) = f (y, x) –Each sensor i is given a polynomial share f(i, y) Key establishment: –Node i computes f (i, y = j) = f (i, j) –Node j computes f (j, y =i) = f (j, i) = f (i, j)

31 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 31 Polynomial Based Key Predistribution (Cont’d) Security properties (by Blundo et al.) –Unconditionally secure for up to t compromised nodes Performance –Storage overhead at sensors: (t +1)log q bits –Computational overhead at sensors: t modular multiplications and t modular additions –No communication overhead Limitation – Insecure when more than t sensors are compromised – An invitation for node compromise attacks

32 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 32 Polynomial Pool Based Key Predistribution A general framework for key predistribution based on bivariate polynomials –Let us use multiple polynomials A pool of randomly generated bivariate polynomials Two special cases –One polynomial in the polynomial pool Polynomial based key predistribution –All polynomials are 0-degree ones Key pool by Eschenauer and Gligor

33 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 33 f 1 (x,y), f 2 (x,y), …, f n (x,y) Random polynomial pool F A subset: {f j (i, y), …, f k (i, y)} i Polynomial Pool Based Key Predistribution (Cont’d) Phase 1: Setup –Randomly generates a set F of bivariate t-degree polynomials –Subset assignment: Assign a subset of polynomials in F to each sensor

34 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 34 Polynomial Pool Based Key Predistribution (Cont’d) Phase 2: Direct Key Establishment –Polynomial share discovery: Communicating sensors discover if they share a common polynomial Pairwise keys can be derived if they share a common polynomial. –Two approaches: Predistribution: –Given predistributed information, a sensor can decide if it can establish a direct pairwise key with another sensor. Real-time discovery: –Sensors discover on the fly if they can establish a direct pairwise key.

35 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 35 Polynomial Pool Based Key Predistribution (Cont’d) Phase 3: Path Key Establishment –Establish pairwise keys through other sensors if two sensors cannot establish a common key directly –Path discovery Node i finds a sequence of nodes between itself and node j such that two adjacent nodes can establish a key directly Key path: the above sequence of nodes between i and j –Two approaches Predistribution –Node i can find a key path to node j based on predistributed information Real-time discovery –Node i discover a key path to node j on the fly

36 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 36 Random Subset Assignment Scheme An instantiation of the polynomial pool-based key predistribution. Subset assignment: random f 1 (x,y), f 2 (x,y), …, f n (x,y) Random polynomial pool F A random subset: {f j (i, y), …, f k (i, y)} i

37 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 37 Random Subset Assignment (Cont’d) Polynomial share discovery –Real-time discovery i f j, …, f k Broadcast IDs in clear text. Broadcast a list of challenges. i , E kv (  ), v = 1, …, m.

38 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 38 Random Subset Assignment (Cont’d) Path discovery –i and j use k as a KDC –Alternatively, i contacts nodes with which it shares a key; any node that also shares a key with j replies. –Each key path has 2 hops i j k

39 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 39 Probability of Sharing Direct Keys between Sensors s: polynomial pool size s’: number of polynomial shares for each sensor p: probability of sharing a polynomial between two sensors

40 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 40 Probability of Sharing Keys between Sensors d: number of neighbors p: probability that two sensors share a polynomial p s : probability of sharing a common key Note: each key path is at most two hops

41 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 41 Dealing with Compromised Sensors Comparison with basic probability and q-composite schemes –Probability to establish direct keys p = 0.33 –Each sensor has storage equivalent to 200 keys

42 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 42 Dealing with Compromised Sensors (Cont’d) Comparison with random pairwise keys scheme –Assume perfect security against node compromises Each polynomial is used at most t times in our scheme –Each sensor has storage equivalent to 200 keys

43 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 43 Grid Based Key Predistribution Create a m  m grid Each row or column is assigned a polynomial Assign each sensor to an interaction Assign each sensor the polynomials for the row and the column of its intersection –Sensor ID: coordinate There are multiple ways for any two sensors to establish a pairwise key

44 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 44 Grid Based Key Predistribution (Cont’d) Order of node assignment

45 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 45 Grid Based Key Predistribution (Cont’d) Polynomial share discovery –No communication overhead Same row Same column

46 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 46 Grid Key Predistribution (Cont’d) Path discovery –Real-time discovery –Paths with one intermediate node –Paths with two intermediate nodes –They know who to contact!

47 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 47 Properties 1.Any two sensors can establish a pairwise key when there is no compromised node; 2.Even if some sensors are compromised, there is still a high probability to establish a pairwise key between non-compromised sensors; 3.A sensor can directly determine whether it can establish a pairwise key with another node.

48 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 48 Dealing with Compromised Sensors Comparison with basic probabilistic scheme, q-composite scheme, and random subset assignment scheme –Assume each sensor has storage equivalent to 200 keys

49 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 49 Dealing with Compromised Sensors (Cont’d) Probability to establish pairwise keys when there are compromised sensors –d: number of non-compromised sensors to contact –Assume each sensor has storage equivalent to 200 keys

50 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 50 Implementation Observations –Sensor IDs are chosen from a field much smaller than cryptographic keys Field for cryptographic keys: F q Field for sensor IDs: F q’ –Special fields: q’=2 16 +1, q’ = 2 8 +1 No division operation is needed for modular multiplications l bits each f 1 (i,y)f 2 (i,y)f r (i,y) Sensor ID j Key: n bits Polynomials over F q’ Same storage as 1 polynomial over F q

51 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 51 Implementation (Cont’d) Lemma 1. In this implementation, the entropy of the key for a coalition of no more than t other sensors is where and. Examples –64 bit keys –When q’=2 16 +1, the above entropy is 63.9997 bits –When q’ = 2 8 +1, the above entropy is 63.983 bits

52 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security 52 TinyKeyMan Polynomial pool based key pre-distribution on TinyOS –http://discovery.csc.ncsu.edu/software/TinyKeyMan/http://discovery.csc.ncsu.edu/software/TinyKeyMan/

Download ppt "Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security."

Similar presentations

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.

Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:

Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
Presented By : Ankita Jaiswal Guided By : Dr. Agrawal sir.

Presented By : Ankita Jaiswal Guided By : Dr. Agrawal sir.
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.

Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge Presenter: Todd Fielder.

A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge Presenter: Todd Fielder.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering 1 Wenjun Gu, Xiaole Bai, Sriram Chellappan and Dong Xuan Presented by Wenjun.

T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering 1 Wenjun Gu, Xiaole Bai, Sriram Chellappan and Dong Xuan Presented by Wenjun.

Similar presentations

Ads by Google