Intrusion Tolerance for NEST

Slides:

Advertisements

Similar presentations

Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.

Advertisements

Trust relationships in sensor networks Ruben Torres October 2004.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

URSA: Providing Ubiquitous and Robust Security Support for MANET

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Security In Wireless Sensor Networks by Adrian Perrig, John Stankovic, and David Wagner.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington

CS 265 PROJECT Secure Routing in Wireless Sensor Networks : Directed Diffusion a study Ajay Kalambur.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

WIRELESS SENSOR NETWORK SECURITY USING GROUP KEY MANAGEMENT SCHEME Presented By: Mohammed Saleh CS 599a Fall06.

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Establishing Pairwise Keys in Distributed Sensor Networks Donggang Liu, Peng Ning Jason Buckingham CSCI 7143: Secure Sensor Networks October 12, 2004.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

1 Self Protecting Cryptosystems Moti Yung Columbia University/ RSA Labs.

Security in Wireless Sensor Networks. Wireless Sensor Networks  Wireless networks consisting of a large number motes  self-organizing  highly integrated.

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

MASY: Management of Secret keYs in Mobile Federated Wireless Sensor Networks Jef Maerien IBBT DistriNet Research Group Department of Computer Science Katholieke.

Leveraging Channel Diversity for Key Establishment in Wireless Sensor Networks Matthew J. Miller Nitin H. Vaidya University of Illinois at Urbana-Champaign.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

1 Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University Excerpted from

Key Management in Mobile and Sensor Networks Class 17.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

Cryptography and Network Security (CS435) Part One (Introduction)

Intrusion Tolerant Software Architectures Bruno Dutertre, Valentin Crettaz, Victoria Stavridou System Design Laboratory, SRI International

A Highly Scalable Key Pre- Distribution Scheme for Wireless Sensor Networks.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST PI Meeting January 29, 2003.

High-integrity Sensor Networks Mani Srivastava UCLA.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Security in Wireless Ad Hoc Networks. 2 Outline  wireless ad hoc networks  security challenges  research directions  two selected topics – rational.

Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)

Tufts Wireless Laboratory School Of Engineering Tufts University Paper Review “An Energy Efficient Multipath Routing Protocol for Wireless Sensor Networks”,

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Wireless Sensor Networks

Sensor Coordination using Active Dataspaces Steven Cheung NSF NOSS PI Meeting October 18, 2004.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Key Management and Distribution

In the name of God.

Presented by Edith Ngai MPhil Term 3 Presentation

Intrusion Tolerant Architectures

A Key Pre-Distribution Scheme Using Deployment Knowledge for Wireless Sensor Networks Zhen Yu & Yong Guan Department of Electrical and Computer Engineering.

Information Security.

Cryptography and Network Security

CMSC 414 Computer and Network Security Lecture 15

Chapter 8 Network Security.

Key Management Techniques in Wireless Sensor Networks

Location Cloaking for Location Safety Protection of Ad Hoc Networks

Recent developments in group key exchange

SPINS: Security Protocols for Sensor Networks

Securing Wireless Sensor Networks

Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li University of Pittsburgh, Pittsburgh, PA Hui Ling.

Security Of Wireless Sensor Networks

SPINS: Security Protocols for Sensor Networks

A Novel Latin Square-based Secret Sharing for M2M Communications

Detecting Denial-of-Service Attacks against Sensor Networks

Security of Wireless Sensor Networks

SPINS: Security Protocols for Sensor Networks

New York Institute of Technology- Amman Campus

Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.

Presentation transcript:

Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International

Outline Objectives Proposed approach: Plan Local authentication and initial key establishment Leveraging local trust Intrusion detection and response Plan

Objective Low-cost key management for large-scale networks of small wireless devices Constraints: Limited memory, processing power, and bandwidth Networks too large and not accessible for manual administration/configuration Devices can be compromised

Traditional Key Management Decentralized approaches: Public-key infrastructure Diffie-Hellman-style key establishment Approaches based on symmetric-key cryptography Trusted authentication and key distribution server (e.g., Kerberos) Too expensive Limited scalability High administrative overhead to set up long-term keys Vulnerable to server failure Server may be a bottleneck

Proposed Approach Goals: Approach: Intrusion-tolerant architecture for key management in NEST Use only inexpensive cryptographic algorithm (symmetric-key crypto) Decentralized (no server) and self organizing Approach: Build initial secure local links For nonlocal communication, rely on chains of intermediaries Use secret sharing when intermediaries are not fully trusted Develop complementary intrusion detection methods to locate nontrustworthy nodes

Bootstrapping Establish secure local links between neighbor devices quickly after deployment Weak authentication is enough (need only to recognize that your neighbor was deployed at the same time as you) Exploit initial trust (it takes time for an adversary to capture/compromise devices) Focusing on local links improves efficiency

Basic Bootstrapping Scheme For a set S of devices to be deployed Construct a symmetric key K Distribute it to all devices in the set K enables two neighbor devices A and B To recognize that they both belong to S (weak authentication) To generate and exchange a key for future communication Possible drawback: Every device from S in communication range of A and B can discover . More robust variants are possible.

Leveraging Local Trust B C A D E To establish keys between distant nodes: use chains of trusted intermediaries To tolerate compromised nodes: disjoint chains and secret sharing

Tradeoffs Security increases with but these also increase cost the number of disjoint paths the number of shares but these also increase cost Challenges: Implement cheap crypto and secret sharing techniques Quantify the security achieved Find the right tradeoff for an assumed fraction of compromised nodes

Intrusion Detection Goals: Detect compromised nodes (to remove them from chains) Detect other intrusions: denial-of-service attacks, attempt to drain power Cryptography is ineffective against these

Intrusion Detection Approach Develop models of attacks and relevant signature: What must be monitored? How to collect and distribute the data? Develop diagnosis methods: Identify the source of the attack if possible Possible responses: Avoid nodes that are considered compromised Hibernation to counter DoS or power-draining attacks

Experimental Evaluation Platform: “motes” with TinyOS up to 20% compromised nodes Objective: show feasibility, measure overhead Experiment scenario remains to be defined

Schedule