Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Tolerance for NEST

Published byWilfrid Wood Modified over 5 years ago

Similar presentations

Presentation on theme: "Intrusion Tolerance for NEST"— Presentation transcript:

1 Intrusion Tolerance for NEST
Bruno Dutertre, Steven Cheung SRI International

2 Outline Objectives Proposed approach: Plan
Local authentication and initial key establishment Leveraging local trust Intrusion detection and response Plan

3 Objective Low-cost key management for large-scale networks of small wireless devices Constraints: Limited memory, processing power, and bandwidth Networks too large and not accessible for manual administration/configuration Devices can be compromised

4 Traditional Key Management
Decentralized approaches: Public-key infrastructure Diffie-Hellman-style key establishment Approaches based on symmetric-key cryptography Trusted authentication and key distribution server (e.g., Kerberos) Too expensive Limited scalability High administrative overhead to set up long-term keys Vulnerable to server failure Server may be a bottleneck

5 Proposed Approach Goals: Approach:
Intrusion-tolerant architecture for key management in NEST Use only inexpensive cryptographic algorithm (symmetric-key crypto) Decentralized (no server) and self organizing Approach: Build initial secure local links For nonlocal communication, rely on chains of intermediaries Use secret sharing when intermediaries are not fully trusted Develop complementary intrusion detection methods to locate nontrustworthy nodes

6 Bootstrapping Establish secure local links between neighbor devices quickly after deployment Weak authentication is enough (need only to recognize that your neighbor was deployed at the same time as you) Exploit initial trust (it takes time for an adversary to capture/compromise devices) Focusing on local links improves efficiency

7 Basic Bootstrapping Scheme
For a set S of devices to be deployed Construct a symmetric key K Distribute it to all devices in the set K enables two neighbor devices A and B To recognize that they both belong to S (weak authentication) To generate and exchange a key for future communication Possible drawback: Every device from S in communication range of A and B can discover More robust variants are possible.

8 Leveraging Local Trust
B C A D E To establish keys between distant nodes: use chains of trusted intermediaries To tolerate compromised nodes: disjoint chains and secret sharing

9 Tradeoffs Security increases with but these also increase cost
the number of disjoint paths the number of shares but these also increase cost Challenges: Implement cheap crypto and secret sharing techniques Quantify the security achieved Find the right tradeoff for an assumed fraction of compromised nodes

10 Intrusion Detection Goals:
Detect compromised nodes (to remove them from chains) Detect other intrusions: denial-of-service attacks, attempt to drain power Cryptography is ineffective against these

11 Intrusion Detection Approach
Develop models of attacks and relevant signature: What must be monitored? How to collect and distribute the data? Develop diagnosis methods: Identify the source of the attack if possible Possible responses: Avoid nodes that are considered compromised Hibernation to counter DoS or power-draining attacks

12 Experimental Evaluation
Platform: “motes” with TinyOS up to 20% compromised nodes Objective: show feasibility, measure overhead Experiment scenario remains to be defined

13 Schedule

Download ppt "Intrusion Tolerance for NEST"

Similar presentations

Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.

Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.
Trust relationships in sensor networks Ruben Torres October 2004.

Trust relationships in sensor networks Ruben Torres October 2004.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
URSA: Providing Ubiquitous and Robust Security Support for MANET

URSA: Providing Ubiquitous and Robust Security Support for MANET
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Security In Wireless Sensor Networks by Adrian Perrig, John Stankovic, and David Wagner.

Security In Wireless Sensor Networks by Adrian Perrig, John Stankovic, and David Wagner.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington

1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington
CS 265 PROJECT Secure Routing in Wireless Sensor Networks : Directed Diffusion a study Ajay Kalambur.

CS 265 PROJECT Secure Routing in Wireless Sensor Networks : Directed Diffusion a study Ajay Kalambur.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
WIRELESS SENSOR NETWORK SECURITY USING GROUP KEY MANAGEMENT SCHEME Presented By: Mohammed Saleh CS 599a Fall06.

WIRELESS SENSOR NETWORK SECURITY USING GROUP KEY MANAGEMENT SCHEME Presented By: Mohammed Saleh CS 599a Fall06.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Similar presentations

Ads by Google