Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science 1 Research on Sensor Network Security Peng Ning Cyber Defense Laboratory Department of Computer Science NC State University 2005 TRES.

Published byBaldwin Eaton Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Science 1 Research on Sensor Network Security Peng Ning Cyber Defense Laboratory Department of Computer Science NC State University 2005 TRES."— Presentation transcript:

1 Computer Science 1 Research on Sensor Network Security Peng Ning Cyber Defense Laboratory Department of Computer Science NC State University 2005 TRES meeting

2 Computer Science 2 Outline Background Challenges Our research strategy Investigated problems –Key management –Broadcast authentication –Secure location discovery –Secure clock synchronization Possible collaboration

3 Computer Science 3 Background on Sensor Networks A sensor network consists of a large number of sensor nodes –Low cost –Resource constrained –Wireless communication Sensor networks are ideal candidates for –Critical infrastructure protection –Environment monitoring –Military operations –…–…

4 Computer Science 4 Challenges in Sensor Network Security Resource constraints –Limited storage, computation, and communication Expensive mechanisms such as public key cryptography is not practical –Depletable resources (e.g. battery power) Resource consumption attacks Threat of node compromises –Sensor nodes are usually deployed in an unattended fashion –Subject to node captures

5 Computer Science 5 Challenges (Cont’d) Local computation/communication v.s. global threat –Sensor network applications often depend on local computation and communication due to resource constraints –A determined attacker may Attack any node in a network, and Use information gathered from compromised nodes to attack non-compromised ones

6 Computer Science 6 Research Strategy Cryptographic services –Broadcast authentication –Key management Security mechanisms for fundamental services –Clock synchronization –Secure location discovery –Secure aggregation and in-network processing –Cluster formation/cluster head election

7 Computer Science 7 Research Strategy (Cont’d) Securing sensor network applications –Surveillance –Tracking of moving targets –…–… Other desirable security services –Example: Intrusion detection A desirable component Require different solutions than traditional techniques

8 Computer Science 8 Investigated Research Problems Pairwise key establishment Broadcast authentication Secure location discovery Secure clock synchronization Supported by NSF Cyber Trust and CAREER

9 Computer Science 9 Pairwise Key Establishment Problem: How to establish pairwise keys between nodes that may communicate with each other? –Between arbitrary pairs of nodes –Between neighbor nodes Challenges –Resource constraints (limited computation, storage, communication capabilities) –Threat of compromised nodes Our solutions –Polynomial-pool based key pre-distribution (TinyKeyMan) –Location-based key pre-distribution –Group-based key pre-distribution

10 Computer Science 10 The Polynomial-Based Scheme Blundo et al. CRYPTO’92 Pre-distribution: –A t-degree f(x,y) over finite field F q : f(x,y)=f(y,x) –Each node i gets assigned a polynomial share f(i,x) f(i,x) f(j,x) Node i Node j f(i,j) f(j,i) =

11 Computer Science 11 Properties and Limitations Properties –Threshold property: unconditionally secure for up to t compromised nodes even they collude together –Storage: (t +1)log q bits –Computation: t modular multiplications and t modular additions –No communication overhead Limitations –Insecure when more than t sensor nodes are compromised –An invitation for node compromise attacks

12 Computer Science 12 Polynomial Pool Based Key Pre-Distribution The main idea –Use multiple polynomials (polynomial pool) Three phases: –Pre-Distribution: pre-distribute secrets –Direct key establishment: setup direct keys –Path key establishment: setup indirect keys

13 Computer Science 13 Phase 1: Pre-Distribution f 1 (x,y), f 2 (x,y), …, f n (x,y) Random polynomial pool F A subset: {f j (i, y), …, f k (i, y)} RandomPredetermination i The key issue: Subset Assignment

14 Computer Science 14 Phase 2: Direct Key Establishment The key issue: Share Discovery j i {f 1 (i,y), f 3 (i,y), f 9 (i,y)}{f 2 (j,y), f 3 (j,y), f 8 (j,y)} 1,3,9 2,3,8 1. Real-time Discovery j  {2,3,8} 2. Predetermination

15 Computer Science 15 Phase 3: Path Key Establishment The key issue: Path Discovery j i {1,3,9} {2,4,8} 1. Real-time Discovery 2. Predetermination {1,5,6} {2,7,10} {1,2,7} j  {k}

16 Computer Science 16 One Simple Instance: Random Subset Assignment Scheme Phase 1: Subset assignment –Random f 1 (x,y), f 2 (x,y), …, f n (x,y) Random polynomial pool F A random subset: {f j (i, y), …, f k (i, y)} i

17 Computer Science 17 Random Subset Assignment (Cont’d) Phase 2: Polynomial share discovery –Real-time discovery i f j, …, f k Broadcast IDs in clear text. j Broadcast a list of challenges. i , E kv (  ), v = 1, …, m. j

18 Computer Science 18 Random Subset Assignment (Cont’d) Phase 3: Path discovery –Node i contacts nodes with which it shares a key; any node that also shares a key with j replies. i j k

19 Computer Science 19 Resilience against Compromised Sensors Comparison with basic probability and q-composite schemes –Probability to establish direct keys p = 0.33 –Each sensor has storage equivalent to 200 keys

20 Computer Science 20 More Schemes Random key pre-distribution –Grid-based pairwise key pre-distribution –Hybercube-based pairwise key pre-distribution Location-based key pre-distribution –Pre-deployment knowledge sensors’ expected locations –Post-deployment knowledge Group-based key pre-distribution Related publications –ACM CCS 03, ACM SASN 03, ACM TISSEC 05, ACM TOSN (under revision)

21 Computer Science 21 Implementation: TinyKeyMan Observations –Node IDs are chosen from a field much smaller than keys Field for cryptographic keys: F q Field for node IDs: F q’ –Special fields: q’=2 16 +1, q’ = 2 8 +1 No division operation is needed for modular multiplications l bits each f 1 (i,y)f 2 (i,y)f r (i,y) node ID j Key: n bits Polynomials over F q’ Same storage as 1 polynomial over F q

22 Computer Science 22 Computational Cost

23 Computer Science 23 Memory Requirements SchemeROM(bytes)RAM(bytes) q' = 2 8 + 128811 q' = 2 16 + 141620 Random subset assignment 2,824106 Grid-based scheme 1,16067

24 Computer Science 24 Broadcast Authentication Problem: How to broadcast authenticated messages in large sensor networks –Previous solution  TESLA isn’t scalable Our solutions –Multi-level  TESLA (NDSS 03, ACM TECS 04) –Merkle tree based  TESLA (under review) Also address revocation of broadcasting nodes

25 Computer Science 25 Secure Location Discovery Problem: How can sensors securely determine their locations even if there are malicious external or insider attacks Our solutions –Detect localization anomalies using deployment knowledge (IPDPS 05) –Beaconless location discovery (Infocom 05) –Tolerate malicious location references (under review) –Detect malicious beacon nodes (under review)

26 Computer Science 26 Secure Clock Synchronization Problem: How to distribute a common clock throughout sensor networks Our solutions –Resilient clock distribution (under review) –Multi-path-based resilient clock distribution (under review) –Cluster-wise fault tolerant clock synchronization (under revision)

27 Computer Science 27 Possible Collaboration My interests –Long-term Anything about information security –Short-term Sensor and ad-hoc network security Intrusion detection Software security

Download ppt "Computer Science 1 Research on Sensor Network Security Peng Ning Cyber Defense Laboratory Department of Computer Science NC State University 2005 TRES."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.

Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.

Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Introduction to Wireless Sensor Networks

Introduction to Wireless Sensor Networks
An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.

An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:

Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
Presented By : Ankita Jaiswal Guided By : Dr. Agrawal sir.

Presented By : Ankita Jaiswal Guided By : Dr. Agrawal sir.
Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.

Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
A Beacon-Less Location Discovery Scheme for Wireless Sensor Networks Lei Fang (Syracuse) Wenliang (Kevin) Du (Syracuse) Peng Ning (North Carolina State)

A Beacon-Less Location Discovery Scheme for Wireless Sensor Networks Lei Fang (Syracuse) Wenliang (Kevin) Du (Syracuse) Peng Ning (North Carolina State)
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge Presenter: Todd Fielder.

A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge Presenter: Todd Fielder.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Similar presentations

Ads by Google