Presentation is loading. Please wait.

Presentation is loading. Please wait.

Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.

Published byAnastasia Hamilton Modified over 5 years ago

Similar presentations

Presentation on theme: "Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling."— Presentation transcript:

1 Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling   University of Pittsburgh, Pittsburgh, PA Taieb Znati   University of Pittsburgh, Pittsburgh, PA Sep. 28th 2006 KAIST Dependable Software LAB. Jun Sup Lee 이준섭( ) 1 1

2 Agenda Motivation Related Work Contents Conclusion Q&A
Multi-path key establishment with Proxy Experiment Result Security Analrysis Conclusion Q&A

3 Motivation Motivation: why security?
Protecting confidentiality, integrity, and availability of the communications and computations S ensor networks are vulnerable to security attacks due to the broadcast nature of transmission Sensor nodes can be physically captured or destroyed Why not use existing security mechanisms? WSN features that affect security. Sensor Node Constraints Battery, CPU power, Memory. Networking Constraints and Features Wireless, Ad hoc, Unattended. This paper’s work : Improved key establish and maintain schemes within WSNs Path Key Establishment Scheme which leverage multiple secure paths with only one proxy for key negotiation and establishment

4 Related Work | Security support in WSNs
Existing schemes: Asymmetric cryptography Slow 2~4 times slower than symmetric encryption Hardware is complicated Energy consumption is high Trusted server schemes (e.g. Kerberos) Lacking of infrastructure Key pre-distribution schemes proposed by L. Eschenauer and V. Gligor (2002) Battery Power Constraints Computational Energy Consumption Crypto algorithms Public key vs. Symmetric key Communications Energy Consumption Exchange of keys, certificates, etc. Per-message additions (padding, signatures, authentication tags) Memory Constraints Program Storage and Working Memory Embedded OS, security functions (Flash) Working memory (RAM)

5 Related Work | Key pre-distribution in WSNs
Loading Keys into sensor nodes prior to deployment Two nodes find a common key between them after deployment Challenges Memory/Energy efficiency Security: nodes can be compromised Scalability: new nodes might be added later Each node randomly selects R keys (Key Ring) N1 N2 Key Pool P N4 N3 When |P| = 1000, R=20 / 30 p (two nodes have a common key) = / 0.605

6 Related Work | Key pre-distribution in WSNs
Node Keys N1 K1,K3,K5,K7 N2 K2,K4,K13,K18 N3 K5,K11,K13,K20 N4 K6,K9,K12,K16 N5 K3,K11,K12,K19 N6 K7,K8,K13,K19 N7 K1,K8,K12,K14 Key pool K1..K20 N5 N4 N3 N2 N7 N1 N6 N1 N2 N3 N4 N5 N6 N7 K12 K1 K7 K5 K13 K11 Physical link Secure link

7 Related Work | Path-key establishment
Nodes not directly sharing a key will establish one through a secure path. Path key of node 4 and 6 (k4,6) is transmitted through node 7 and node 1. Node 4 -- Node 7 -- Node1-- Node6 K4,6 is revealed to node 7 and node 1 during the transmission. Generally, a path key is revealed to all intermediate nodes in the secure link path N1 N2 N3 N4 N5 N6 N7 K12 K1 K7 K5 K13 K11 K46 Path-key establishment problem!!

8 Contents | Multi-path key establishment
Use multiple node disjoint secure paths to send the path-key. The path-key is divided into k pieces(nuggets) and one piece is sent through one path. Therefore, the attacker has to capture at least one node from all these k node-disjoint paths in order to capture the path-key. N2 N4 N1 N5 N6 N3 k1 K16=k1+ K2 k2 k1+ K2=K16 It involves a high level of overhead to find nodes disjoint path. Increasing the number of node disjoint paths does not necessarily improve the level of security.

9 Contents | Multi-path key establishment with Proxy
To reduce the exposure of the key nugget along the path. Proxy ensures that no more than one node (Proxy) along a path knows the key nugget. The proxy shares a key with each end node respectively. it becomes feasible to relax the node disjoint requirement of the k paths without increasing the vulnerability of the path key. N1 N2 N3 N4 N5 N6 N7 K12 K1 K7 K5 K13 K11 Node Keys N1 K1,K3,K5,K7 N2 K2,K4,K13,K18 N3 K5,K11,K13,K20 N4 K6,K9,K12,K16 N5 K3,K11,K12,K19 N6 K7,K8,K13,K19 N7 K1,K8,K12,K14 Proxy Physical link Secure link

10 Contents | End-to-End Key Establishment Scheme
u sends out its key ID list to invite v to set up a path key. v randomly construct a key and breaks it down to k nuggets, K1;K2 : : :Kk v then selects k proxies Upon receiving all k nuggets, node u reconstructs the key K based on the sequence number carried by each nugget v N1 N2 N3 N4 N5 N6 N7 K12 K1 K7 K5 K13 K11 Proxy Proxy u Physical link Secure link

11 Contents | Finding Proxy Algorithm #1
v randomly selects k neighbors and sends out request-for-proxy packets containing key IDs from both u and v. Each recipient examines the ID list to see if it shares keys with both u and v. If it does, it responds to v with key ID that is chosen to communicate with v, If it does not, or it has received the same request from v, it forwards this request to a random neighbor other than the sender. v N1 N2 N3 N4 N5 N6 N7 K12 K1 K7 K5 K13 K11 u Physical link Secure link

12 Contents | Finding Proxy Algorithm #2
v creates a request packet and set its Time-To-Leave (TTL) field to t before locally flooding it into the network. Nodes which receive a request packet respond with positive acknowledgment only if they share a key with u and a key with v respectively. Upon receiving k positive acknowledgment, v selects the sender of these acknowledgments as k proxies. v N1 N2 N3 N4 N5 N6 N7 K12 K1 K7 K5 K13 K11 u Physical link Secure link

13 Contents | Experiment Results of Algorithm #1 & #2
The Algorithm #2 discovers proxies faster than Algorithm #1 It is specially true in dense WSNs. Requires more nodes than Algorithm #1 for local flooding. The result shows if p is large, algorithm #1 is preferred, while the second approach should be used if the network is dense.

14 Contents | Security Analysis
The vulnerability of the system to node capture is measured by computing the likelihood that an attacker who captures x nodes may obtain all k key nuggets. Assume that there are 2k distinct keys used to secure key nuggets by k proxies. Consider a set of x collusive nodes. Probability of colluding x nodes cover all 2k keys is:

15 Contents | Security Analysis
If either u or v is captured, the path key is revealed. The probability of x nodes containing no end nodes but covering all k proxies is : The probability Pc of all key shared being revealed after capture of x nodes is :

16 Contents | Security Analysis
A satisfactory security level ( %) can be achieved even when a large percentage of nodes (5%) are captured and k is small (k = 4)

17 Conclusion The path-key establishment exposure problem commonly encountered in key pre-distribution schemes in WSNs. A Path Key Establishment scheme, which uses multiple secured paths for the negotiation and exchange of symmetric keys between end nodes. Strength Furthermore this scheme assumes no specific routing protocols thus it is not dependent on the physical topology of the network. It will be able to greatly improve the security of key establishment Weakness Currently, the proposed scheme cannot defend against Denial of Service attacks, such as the case when an attacker lies on one or multiple paths from the proxies to the end nodes and drops packets.

18 Thank you Question? For more discussion:
Rm4428,

Download ppt "Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling."

Similar presentations

ACHIEVING NETWORK LEVEL PRIVACY IN WIRELESS SENSOR NETWORKS.

ACHIEVING NETWORK LEVEL PRIVACY IN WIRELESS SENSOR NETWORKS.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
KEY MANAGEMENT TECHNIQUES IN WIRELESS SENSOR NETWORKS JOHNSON C.LEE, VICTOR C.M.LUENG, KIRK H.WONG, JIANNANO CAO, HENRY C.B. CHAN Presented By Viplavi.

KEY MANAGEMENT TECHNIQUES IN WIRELESS SENSOR NETWORKS JOHNSON C.LEE, VICTOR C.M.LUENG, KIRK H.WONG, JIANNANO CAO, HENRY C.B. CHAN Presented By Viplavi.
Trust relationships in sensor networks Ruben Torres October 2004.

Trust relationships in sensor networks Ruben Torres October 2004.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.

Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.

Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

Similar presentations

Ads by Google