Presentation is loading. Please wait.

Presentation is loading. Please wait.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers."— Presentation transcript:

1 Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers February 28, 2008

2 The Big Idea Three key bootstrapping protocols for large sensor networks Alternatives to public key cryptosystems Each protocol trades a different drawback in exchange for the security it provides

3 Outline Background The problem with sensor networks Related work Three schemes  q-composite keys scheme  Multipath-reinforcement scheme  Random pairwise keys scheme Future directions

4 The Bootstrapping Problem Initialization process Creating something from nothing

5 Bootstrapping Security in Sensor Networks Especially challenging because of the limitations of sensor networks:  Constrained resources  Physical vulnerability  Unpredictability of future configurations  Temptation to rely on base stations

6 Related Work Previously proposed solutions often depend on:  Asymmetric cryptography  Arbitration by base stations (e.g., SPINS) Some even require physical contact with a master device or assume that attackers do not arrive until after key exchange

7 Finding a Solution Authors’ proposed schemes are based on the basic random key predistribution scheme Basic scheme is modified to meet the appropriate design goals

8 What Makes a Key Predistribution Scheme Good?

9 Key Predistribution Scheme Design Goals Secure node-to-node communication Must not rely on base stations for decision-making Adaptable to addition of nodes after initial network setup

10 Key Predistribution Scheme Design Goals, Cont. Prevent unauthorized access No assumptions about which nodes will be within communication range of each other Resource-efficient and robust to DoS attacks

11 Evaluation Metrics Resilience against node capture Resistance against node replication Revocation of misbehaving nodes Scalability

12 The Basic Scheme

13 Three phases of operation:  Initialization  Key setup  Graph connection

14 The Basic Scheme – Initialization Pick a random key pool, S For each node, randomly select m keys from S (this is the node’s key ring) The size of S is chosen so that two key rings will share at least one key with probability p

15 The Basic Scheme – Key Setup Nodes search for neighbors that share a key Broadcast short IDs assigned to each key prior to deployment Keys verified through challenge-response

16 The Basic Scheme – Graph Connection Nodes then set up path keys with any unconnected neighbors through existing secure paths # of secure links a node must establish during key setup (degree, d) to form a connected graph of size n with probability c is: d = [ (n-1)/n ][ ln(n) – ln(-ln(c)) ]

17 The Basic Scheme – Graph Connection The probability, p, that two nodes successfully connect is p = d/n′ where n′ is the expected number of neighbor nodes within communication range of A ½

18 Extensions of the Basic Scheme q-composite Random Key Predistribution Multipath Key Reinforcement Random Pairwise Keys

19 q-composite Random Key Predistribution Scheme

20 q-composite Scheme Instead of one key, a pair of nodes must share q keys to establish a secure link Key pool must be shrunk in order to maintain probability p of two nodes sharing enough keys

21 Initialization and Key Setup Similar to basic scheme  Each node has m keys on key ring Two nodes must discover at least q common keys in order to connect  Before connecting, a new key is created as a hash of the q shared keys Broadcasting IDs is dangerous, however

22 Evaluation Much harder for an attacker with a given key set to eavesdrop on a link Necessary reduction in key pool size makes large-scale attacks even more powerful

23 Evaluation Compromising a given # of nodes is more damaging Harder to compromise nodes, however

24 Evaluation Dangerous under large-scale attack Absolute # of compromised nodes vs. fraction of compromised communications

25 Multipath Key Reinforcement Scheme

26 Initialization and key setup as in basic scheme Key update over multiple independent paths between nodes Key update is damage control in the event that other nodes are captured

27 Evaluation Better resistance against node capture Significantly higher maximum network size Comes at cost of greater communication overhead

28 Random Pairwise Keys Scheme

29 Key feature is node-to- node identity authentication Ability to verify node identities opens up several security features

30 The Basics Sensor network of n nodes  Pairwise scheme: Each node holds n-1 keys Each key is shared with exactly one other node  Random pairwise scheme: Not all n-1 keys are needed for a connected graph Only np keys are needed to connect with probability p

31 Initialization n  # of unique node IDs m  keys on each node’s key ring p  Probability of two nodes connecting n = m/p

32 Initialization Each node ID pairs with m other random & distinct node IDs Each pair is assigned a key Nodes store key-ID pairs on key rings

33 Key Setup Node IDs are broadcast to neighbors Verified through cryptographic handshake

34 Multi-hop Range Extension Node IDs are small Can be re-broadcast at low cost Neighbors forward IDs during key setup  Increases communication radius  Increases max. network size

35 Distributed Node Revocation Faster than relying on base stations Public votes are broadcast against compromised nodes Offending node is cut off when votes reach threshold

36 Scheme Requirements Compromised nodes can’t revoke arbitrary nodes No vote spoofing Verifiable vote validity Votes have no replay value Not vulnerable to DoS

37 The Voting Process A node’s voting members are those that share a pairwise key with it All voting members are assigned a voting key Votes are verified through a Merkle tree Voting members keep track of votes received up to a threshold, t

38 Voting Threshold If too high  A node may not have enough voting members to be revoked If too low  Easy for a group of compromised nodes to revoke many legitimate nodes

39 Resisting Revocation Attacks Node B’s revocation key for node A must be activated before use  Hashed with secret value known only by A A gives B its secret value only after the two establish communication Other DoS attacks are more practical

40 Resistance to Node Replication and Node Generation Place a cap, d max, on the degree of a node d max is some small multiple of d Nodes keep track of degree and node IDs using same method as vote counting

41 Evaluation Perfect resilience against node capture  All pairwise keys are unique, so capturing one node reveals no information about communications outside of the compromised node’s

42 Evaluation, Cont. Maximum network size suffers slightly

43 Evaluation, Cont. Resistance to revocation attack  Small number of compromised nodes only compromises a small portion of communications  Compromising large number of nodes is not economical

44 Summary Three efficient schemes for secure key bootstrapping Each scheme has trade-offs  q-composite: good for small attacks, bad for large  Multipath-reinforcement: improved security, more communication overhead  Random pairwise: max. network size is smaller

45 Future Work How does the random pairwise scheme perform in small networks? Can the random pairwise scheme be modified to handle larger networks?

46

Download ppt "Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers."

Similar presentations

Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.

Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.
Trust relationships in sensor networks Ruben Torres October 2004.

Trust relationships in sensor networks Ruben Torres October 2004.
Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)

Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.

Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian Perrig Virgil Gligor Carnegie Mellon UniversityUniversity of Maryland.

Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian Perrig Virgil Gligor Carnegie Mellon UniversityUniversity of Maryland.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.

The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:

Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.

Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Similar presentations

Ads by Google