Secure Time Synchronization Service for Sensor Networks S. Ganeriwal, R. Kumar, M. B. Sirvastava Presented by: Kaiqi Xiong 11/28/2005 Computer Science CSC 774 Adv. Net. Security

2 Outline Time synchronization and techniques –Pairwise sender-receiver synchronization Secure time sync problem: pulse delay attacks Proposed techniques –Node to node Single hop: Secure Pairwise Synchronization (SPS) Multi-hops: SO(opportunistic)M, SDM and STM –Group: L-SGS and SGS Conclusions and possible research questions

CSC 774 Adv. Net. Security3 Why Time Synchronization Time difference in sensor node clocks –Time offset: = C A (t)-C B (t) Why time synchronization –e.g., TESLA, localization and target tracking (any protocol regarding time stamp) How to find

CSC 774 Adv. Net. Security4 How to Synchronize Pairwise sender-receiver synchronization: TPSN # –Step 1: A (T 1 ) (T 2 ) B: A, B, sync –Step 2: B (T 3 ) (T 4 ) A: m, where m=[B, A, T 2, T 3, ack] –Step 3: Compute A B T1T1 T2T2 T3T3 T4T4 = [(T 2 -T 1 )-(T 4 -T 3 )]/2 d = [(T 2 -T 1 )+(T 4 -T 3 )]/2 T 1, T 4 are measured in As clock T 2, T 3 are measured in Bs clock # S. Ganeriwal, et al., Timing-sync protocol for sensor networks, SenSys, 2003

CSC 774 Adv. Net. Security5 Why Secure Time Synchronization Type 1 attack: modify T 2 and T 3 by capturing node B Type 2 attack: pulse-delay attacks –Simply jam an initial pulse –Store in its memory –Replay it at an arbitrary time later =[(T 2 -T 1 )-(T 4 -T 3 )+ ]/2; d=[(T 2 -T 1 )+(T 4 -T 3 )+ ]/2 T 2 * = T 1 + d + + Jam the signal with delay A sends at T 1 B receives at T 2 *

CSC 774 Adv. Net. Security6 Roadmap For Proposed Techniques Only discuss techniques resilient to type 2 attacks Node-to-node: time synchronization of two nodes –Single hop: Secure Pairwise Synchronization (SPS) –multi-hops: Secure Opportunistic Multi-hop (SOM) Secure Direct Multi-hop (SDM) Secure Transitive Multi-hop (STM) Group: time synchronization among a group of nodes –Lightweight Secure Group Synchronization (L-SGS) –Secure Group Synchronization (SGS)

CSC 774 Adv. Net. Security7 Single-hop - Secure Pairwise Synchronization (SPS) Step 1: A (T 1 ) (T 2 ) B: A, B, N A, sync Step 2: B (T 3 ) (T 4 ) A: m, MAC[K AB, m] –where m=[B, A, N A, T 2, T 3, ack] Step 3: Compute d=[(T 2 -T 1 )+(T 4 -T 3 )]/2 If d d* (predefined), then =[(T 2 -T 1 )-(T 4 -T 3 )]/2; else abort End-to-end delay (d) consists of Waiting time T w at mac to access channel ( s~min) (Big!) Transmission time T t : time taken to transmit the packet bit- by-bit at the radio of sender (100s s) Propagation delay T p : time over wireless link between sender and receiver (ns)

CSC 774 Adv. Net. Security8 Performance - Define d* d = N(d avg, ) is a Guassian distribution Select d* = d avg +3 Maxi sync error=3 =10 s Attacker can introduce a maxi pulse-delay factor of 12 due to –d avg +3 + /2 = d avg -3 –In this case, maxi attacker impact = 6 Fig: End-to-end delay over a link Table: Statistics of end-to-end delay ( Waiting time is extracted )

CSC 774 Adv. Net. Security9 Secure Opportunistic Multi-hops (SOM) Assumption: key K AB shared by A and B SOM Step 1: m 1 =[A, B, N A ], sync Step 2: m, MAC[K AB, m] where m=[m 1, T 2, T 3, ack] Step 3: Node A computes d =[(T 2 -T 1 )+(T 4 -T 3 )]/2 If d d M *, then =[(T 2 -T 1 )-(T 4 -T 3 )]/2; else abort B A – Exactly the same as SPS except nodes C and D added DC Send at T 1 Receive at T 2 Receive at T 4 Send at T 3

CSC 774 Adv. Net. Security10 Performance: SOM End-to-end delay –d=sum (T w + T t +T p ) –T w is significantly higher –Standard deviation is higher in 3 orders of magnitude as compared to a single hop –Maxi sync error=3 Maxi attacker impact=6

CSC 774 Adv. Net. Security11 Secure Direct Multi-hop (SDM) Step 5: 5: Node A computes d=(E 1 +E 2 )/2 –If d d T *, then = (E 1 -E 2 )/2; else abort where E 1 = (T 2 -T 1 )+(T 4 -T 3 )+(T 6 -T 5 ), E 2 = (T 12 -T 11 )+(T 10 -T 9 )+(T 8 -T 7 ) Step 1. A C D B: A, B, N A, sync Step 2. B,D,N A,m 1,M 1 – m 1 =[m 1, T 2, T 3, ack], M 1 =MAC[K BD, B, D, N A, m 1 ] – m 2 =[B, D, A, T 4, T 9, T 6 -T 5, T 8 -T 7, ack], M 2 =MAC[K DC, D, C, N A, m 2 ] – m 3 =[B,D,C,A,T 2,T 11,T 4 -T 3,T 10 -T 9, T 6 -T 5,T 8 -T 7, ack], M 3 =MAC[K CA,C, A, N A, m 3 ] B A DC T1T1 T3T3 T2T2 T4T4 T5T5 T6T6 T7T7 T8T8 T9T9 T 10 T 11 T 12 Step 3. D,C,N A,m 2,M 2 Step 4. C,A,N A,m 3,M 3

CSC 774 Adv. Net. Security12 Performance (as compared to SOM) Advantages –End-to-end delay is not corrupted by T w –d AC = d CD =d DB =N(d avg, ). So, d AB =N(nd avg, n 1/2 ) –d T *= nd avg + n 1/2 – n 1/2 M * (SOM), lower in 3 orders of magnitude Disadvantages –ack has to carry the state information and timestamps about all the previous packets, so the packet size of ack packet is larger

CSC 774 Adv. Net. Security13 Secure Transitive Multi-hop (STM) Step 5: A sync to C (SPS) Step 1. A C D B: A, B, N A, sync Step 2. B, D, N A, m 1, M 1 – m 1 = [B, D, notify], M 1 = MAC[K BD, B, D, N A, m 1 ] – m 2 = [B, D, C, notify], M 2 = MAC[K DC, D, C, N A, m 2 ] # – m 3 = [B, D, C, A, notify],M 3 = MAC[K CA, C, A, N A, m 3 ] # B A DC Step 4. C sync to D (SPS)Step 3. D sync to B (SPS) # In the paper, K BD in M 2 and M 3 should be K DC and K CA respectively D C: D, C, N A, m 2, M 2 C A: C, A, N A, m 3, M 3

CSC 774 Adv. Net. Security14 Comparison (SOM, SDM and STM) Maximal delay parameter same as d* in SYS Advantages –Threshold is verified at each step, so re-sync if the threshold does not meet in STM. But, threshold is done only when A receives ack in SOM and SDM Disadvantages –In STM, an external attacker can carry out pulse-delay attacks on the link joining C and D, due to local verification –The total number of transmitted messages 2n for SOM and SDM, but 3n for STM when no attacks

CSC 774 Adv. Net. Security15 Group Synchronization Lightweight Secure Group Synchronization (LSGS) –Step 1: G 1 *: G 1, sync –Step 2: G i (T i ) (T i1 ) G 1 : G i, N i –Step 3: G 1 (T 1 ) (T 1i ) *: G 1, T 1, ack, m, M where m={T i1, G i, N i }, M=MAC[K 1i, G 1, T 1, ack, m] (i = 2,…n) –Step 4: Compute d = [(T i1 -T i )+(T 1i - T 1 )]/2 If d d*, then = [(T i1 -T i )-(T 1i - T 1 )]/2; else abort Note. G i A and G 1 B in a single hop

CSC 774 Adv. Net. Security16 Performance (L-SGS) Same as SPS –Resilient to pulse-delay attacks and message modification attacks Not resilient to internal attacks (if G 1 is malicious)

CSC 774 Adv. Net. Security17 Secure Group Synchronization (SGS) Triangle consistency ij Node i Node j Node k jk ki Internal attacks if ij + jk + ki 0? Main ideas of SGS –Every two nodes use SPS by broadcast. No fixed node is used for time sync –Use triangle consistency to detect internal attacks

CSC 774 Adv. Net. Security18 Comparison and Summary # Compared to the packet size in SPS

CSC 774 Adv. Net. Security19 Conclusions A suite of time synchronization protocols was proposed to detect pulse-delay attacks –Node-to-node Single hop: SPS Multi-hops: –SOM (shared pairwise key and big d M *) –SDM (large message sizes), STM (external attacks) –Group: L-SGS (internal attacks), SGS (big communication overhead) Secure group synchronization is based on the assumption: all group nodes are in each others power range

CSC 774 Adv. Net. Security20 Possible Research Questions How to sync time when some nodes are not in the power range of other nodes in a group Prevention? How to continue with the processing of time sync when attacks How to develop methods to avoid internal attacks (e.g., a hash chain?) Is it possible to apply Iuloss approach or a tree-based technique to SGS for reducing communication overhead

CSC 774 Adv. Net. Security21 Thank You! Questions?