Authors: Ing-Ray Chen; Yating Wang Present by: Kaiqun Fu Reliability Analysis of Wireless Sensor Networks with Distributed Code Attestation CS 5214 Paper Presentation Authors: Ing-Ray Chen; Yating Wang Present by: Kaiqun Fu
Outline Introduction System and performance models Related works Contribution Notations and basic ideas System and performance models System model and assumptions Performance model Numerical results and analysis Environment setup Results Conclusion Questions CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Introduction As we know the capacity of the battery is becoming the bottleneck for the development to the mobile devices. For instance, the standby time for the cell-phones, laptops, etc. The wireless sensor networks which are broadly deployed in many safety-critical applications, such as health, construction and military are also facing the same problem of the energy shortage. And in such cases, the problem might cause some vital consequences. While less attestation would lower the security for the whole system, thus, the tradeoff between the energy and the security attracts most of the researchers’ attention. CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Introduction This paper analyzes the reliability of a homogeneous wireless sensor network executing a distributed code attestation protocol with neighbor sensor nodes serving as code verifiers. By considering the tradeoff between energy exhaustion vs. security vulnerability for causing sensor node failures, we can identify how often distributed code attestation should be performed as well as how many neighbor sensors should serve as code verifiers per attestation event to maximize the system lifetime without compromising performance. CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Related works Existing work on code attestation mostly focused on the protocol design for performing code attestation, and verification of the protocol design. “SCUBA: secure code update by attestation in sensor networks” (by A. Seshadri, et al. Proc. 2006 ACM Workshop on Wireless Security.) assumed the existence of a trusted third party capable of verifying if a SN is compromised through a challenge-response mechanism. To avoid a single point of failure “Distributed software-based attestation for node compromise detection in sensor networks” (by Y. Yang, et al. Proc. 2007 IEEE Symposium on Reliable Distributed Systems) extended centralized code attestation to distributed code attestation by using designated servers or just neighbor SNs to a target SN. CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Contribution This paper concerns the effect of distributed code attestation on the reliability and performance of WSNs, taking into account both security failure and energy exhaustion failure. Compared with existing work, the contribution of this work is that we address reliability and performance issues of distributed code attestation by identifying operational settings to execute distributed code attestation such that the WSN lifetime is maximized without compromising performance. CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Notations (for system model & assumptions) n/π 𝑟 𝑆𝑁 2 : intensity to a spatial Poisson process. 𝑟 𝑆𝑁 : the SN radio range. T: time interval. 𝑛 𝑣 : the number of verifiers. (# threshold verifiers) 𝑃 𝑓𝑝 : false positive probability (misdiagnose a good SN as a bad SN). 𝑃 𝑓𝑛 : false negative probability (misidentify a bad SN as a good node). q: the probability that one SN will be attested. 𝐹 𝑐 (𝑡): distribution function. 𝑃 𝑟 : recovery prob. 𝐸 𝑠 : sensor reading and reporting energy 𝐸 𝑅 : packet routing energy 𝐸 𝑐 : running code attestation energy 𝐸 𝑣 : sending message energy 𝐸 𝑟 : recovery energy CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Notations (for performance model) 𝑃 𝑓𝑝 𝐷𝐶𝐴 : false positive probability for DCA 𝑃 𝑓𝑛 𝐷𝐶𝐴 : false negative probability for DCA 𝑛 𝑚 : the majority of the verifiers. 𝑛 𝑔 (𝑡): the number of good SNs out of n at time t. 𝑛 𝑏 (𝑡): the number of bad SNs out of n at time t. 𝑛 ∗ 𝑔 (𝑡): # good SNs out of n at time t. (after attestation) 𝑛 ∗ 𝑏 (𝑡): # bad SNs out of n at time t. (after attestation) CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Basic ideas The code of a compromised SN would be different from that of a normal SN. Hence by inspecting if the code is still the same as what originally was put in, the system can detect whether the SN has been compromised. Challenge-response mechanism is used to send the attestation and the requests. CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
System model and assumptions Consider a homogeneous WSN in which SNs are deployed randomly and distributed according to a homogeneous spatial Poisson process (n/π 𝑟 𝑆𝑁 2 , 𝑟 𝑆𝑁 , T). Select neighbors 𝑛 𝑣 . While, some of the SNs will be compromised and attack the systme ( 𝑃 𝑓𝑝 , 𝑃 𝑓𝑛 ). CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
System model and assumptions Two types of attacks: Bad-mouthing attacks: it always votes “no” to a good node to increase the false positive probability of this good node being misidentified as a bad node Good-mouthing attacks: it always votes “yes” to another bad node to increase the false negative probability of this bad node being undetected by the system Since all nodes have an equal chance of being captured as they are being deployed randomly in the WSN operational area, the node compromise time may be considered as i.i.d. with a distribution function 𝐹 𝑐 (𝑡). CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
System model and assumptions Distribution function 𝐹 𝑐 (𝑡) input which provides knowledge about the environment hostility Recovery prob. 𝑃 𝑟 . depending on its accessibility to a sink node with code reload capability CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Performance model The 𝑃 𝑓𝑝 𝐷𝐶𝐴 and the 𝑃 𝑓𝑛 𝐷𝐶𝐴 : (1) (2) The first term in Equation 2 accounts for the case in which more than 1/2 of the verifiers selected from the neighbors are bad SNs who will perform good-mouthing attacks by always voting “yes” to this bad node to increase the chance of this bad node being undetected. CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Performance model The second term accounts for the case in which more than 1/2 of the verifiers selected from the neighbors are good SNs but unfortunately some of these good nodes mistakenly miss the target SN as a good node with probability 𝑃 𝑓𝑛 , resulting in more than 1/2 of the verifiers (some of those may be bad SNs) voting “yes” for the target node. CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Performance model The probability that a SN is compromised at time t, given that it was a good node at time t − T , is given by: The number of good neighbor SNs, 𝑛 𝑔 (𝑡), is equal to 𝑛 𝑔 (𝑡−𝑇) minus the number of newly compromised nodes over T i.e., On the other hand, the number of bad neighbor SNs at time t is given by: CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Performance model The bad and good neighbor SN populations are adjusted only when code attestation and recovery are performed. That is: There are two possible ways by which a SN is diagnosed as compromised: the SN is compromised and it is correctly identified as a bad SN with probability 1- 𝑃 𝑓𝑛 𝐷𝐶𝐴 the SN is not compromised and it is incorrectly misidentified as a bad SN with probability 𝑃 𝑓𝑝 𝐷𝐶𝐴 CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Performance model The amount of energy consumed by a SN in an interval [t, t+T ], denoted by 𝐸 𝑢 (𝑡), is given by: Consequently, a SN will exhaust its energy after 𝑁 𝑞 sensing and reporting periods, with 𝑁 𝑞 given by: CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Performance model Let 𝑅 𝑞 (𝑡) denote the probability that a SN returns valid sensing readings in the sensing and reporting interval [t, t+T ], which is exactly the same as the probability that the node is a good node at time t when it returns sensor readings. Because of node homogeneity, 𝑅 𝑞 (𝑡) can be computed by: And let 𝑅 𝑠 (𝑡) denote the probability that the WSN is still healthy: CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Performance model The Mean Time to Failure (MTTF) of the WSN, denoted by 𝐿 𝑠 , hence can be calculated by: CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Environment setup E: initial energy, 2.5 joules 𝐸 𝑠 : energy consumption by sensing event, 0.084 mjoules 𝐸 𝑅 : energy consumption by packet routing, 0.096 mjoules 𝐸 𝑐 : energy consumption by code attestation, 0.01 mjoules 𝐸 𝑣 : energy consumption by sending message, 0.024 mjoules 𝐸 𝑟 : energy consumption by recovery, 0.82 mjoules 𝑃 𝑓𝑝 : good nodes misidentify as bad nodes, less than 1-2% range 𝑃 𝑓𝑛 : bad nodes misidentify as good nodes, 1-2% range T: sensor reading time interval, 1 min range. λ: sensor compromised rate, range of once per 10 minutes to once per 30 minutes. q: probability that code attestation will be performed CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Results CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Results CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Results CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Results CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Conclusion Discovered the optimal operational settings for running distributed code attestation, including how often code attestation should be invoked and how many neighbor verifiers should be used per code attestation event, so that the embedded WSN lifetime is maximized without sacrificing performance. CS 5214 Paper Presentation Kaiqun Fu 11/27/2018
Questions CS 5214 Paper Presentation Kaiqun Fu 11/27/2018