Secure Time Synchronization Service for Sensor Networks S. Ganeriwal, R. Kumar, M. B. Sirvastava Presented by: Kaiqi Xiong 11/28/2005 Computer Science.

Slides:



Advertisements
Similar presentations
1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Advertisements

Dynamic Source Routing (DSR) algorithm is simple and best suited for high mobility nodes in wireless ad hoc networks. Due to high mobility in ad-hoc network,
Nick Feamster CS 4251 Computer Networking II Spring 2008
International Technology Alliance In Network & Information Sciences International Technology Alliance In Network & Information Sciences 1 Interference.
CWSP Guide to Wireless Security
Università degli Studi di Firenze 08 July 2004 COST th MCM - Budapest, Hungary 1 Cross-layer design for Multiple access techniques in wireless communications.
Chris Karlof and David Wagner
高度情報化社会を支えるネットワーキング技術 (大阪大学 工学部説明会資料)
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.1: NetBill.
Net Security1 Chapter 8 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew Yang.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.
Hidden Terminal Problem and Exposed Terminal Problem in Wireless MAC Protocols.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.2 Tree-Based Group Diffie Hellman Protocol Acknowledgment:
Chorus: Collision Resolution for Efficient Wireless Broadcast Xinyu Zhang, Kang G. Shin University of Michigan 1.
HIERARCHY REFERENCING TIME SYNCHRONIZATION PROTOCOL Prepared by : Sunny Kr. Lohani, Roll – 16 Sem – 7, Dept. of Comp. Sc. & Engg.
Trust relationships in sensor networks Ruben Torres October 2004.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Z-MAC: a Hybrid MAC for Wireless Sensor Networks Injong Rhee, Ajit Warrier, Mahesh Aia and Jeongki Min Dept. of Computer Science, North Carolina State.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.
1 Dual Busy Tone Multiple Access (DBTMA) : A Multiple Access Control Scheme for Ad Hoc Networks Z. Haas and J. Deng IEEE Trans. on Communications June,
1 Dual Busy Tone Multiple Access (DBTMA) : A Multiple Access Control Scheme for Ad Hoc Networks Z. Haas and J. Deng IEEE Trans. on Communications June,
Multi-Channel MAC for Ad Hoc Networks: Handling Multi-Channel Hidden Terminals Using A Single Transceiver Nov 2011 Neng Xue Tianxu Wang.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
Security Issues In Sensor Networks By Priya Palanivelu.
He Huang Introduction:The Flooding Time Synchronization Protocol.
1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 15th Lecture Christian Schindelhauer.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 13th Lecture Christian Schindelhauer.
Adaptive Self-Configuring Sensor Network Topologies ns-2 simulation & performance analysis Zhenghua Fu Ben Greenstein Petros Zerfos.
ITIS 6010/8010: Wireless Network Security Weichao Wang.
Computer Science Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks Presented by Akshay Lal.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
Timing-sync Protocol for Sensor Networks (TPSN) Presenter: Ke Gao Instructor: Yingshu Li.
Energy-Aware Synchronization in Wireless Sensor Networks Yanos Saravanos Major Advisor: Dr. Robert Akl Department of Computer Science and Engineering.
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
1 Secure Cooperative MIMO Communications Under Active Compromised Nodes Liang Hong, McKenzie McNeal III, Wei Chen College of Engineering, Technology, and.
Secure Aggregation for Wireless Networks Lingxuan Hu David Evans [lingxuan, Department of Computer.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
On-Demand Traffic-Embedded Clock Synchronization for Wireless Sensor Networks Sang Hoon Lee.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Using Directional Antennas to Prevent Wormhole Attacks Lingxuan HuDavid Evans Department of Computer Science University of Virginia.
Copyright: S.Krishnamurthy, UCR Power Controlled Medium Access Control in Wireless Networks – The story continues.
Effects of Multi-Rate in Ad Hoc Wireless Networks
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Attacks in Sensor Networks Team Members: Subramanian Madhanagopal Sivasankaran Rahul Poondy Mukundan.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.
Mohamed Elhawary Computer Science Department Cornell University PERCOM 2008 Zygmunt J. Haas Electrical and Computer Engineering Department Cornell University.
Computer Science 1 Using Directional Antennas to Prevent Wormhole Attacks Presented by: Juan Du Nov 16, 2005.
Chih-Min Chao and Yao-Zong Wang Department of Computer Science and Engineering National Taiwan Ocean University, Taiwan IEEE WCNC 2010 A Multiple Rendezvous.
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Tackling Exposed Node Problem in IEEE Mac Deepanshu Shukla ( ) Guide: Dr. Sridhar Iyer.
SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Network Raymond Chang March 30, 2005 EECS 600 Advanced Network Research, Spring.
SEA-MAC: A Simple Energy Aware MAC Protocol for Wireless Sensor Networks for Environmental Monitoring Applications By: Miguel A. Erazo and Yi Qian International.
A Multi-Channel Cooperative MIMO MAC Protocol for Wireless Sensor Networks(MCCMIMO) MASS 2010.
A Cluster Based On-demand Multi- Channel MAC Protocol for Wireless Multimedia Sensor Network Cheng Li1, Pu Wang1, Hsiao-Hwa Chen2, and Mohsen Guizani3.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
FD-MMAC: Combating Multi-channel Hidden and Exposed Terminals Using a Single Transceiver Yan Zhang, Loukas Lazos, Kai Chen, Bocan Hu, and Swetha Shivaramaiah.
S E A D Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks Yih-Chun Hu,David B.Johnson, Adrian Perrig.
Packet Leashes: Defense Against Wormhole Attacks
High Throughput Route Selection in Multi-Rate Ad Hoc Wireless Networks
Aug Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Explanation and Revision of Previous Time.
Presentation transcript:

Secure Time Synchronization Service for Sensor Networks S. Ganeriwal, R. Kumar, M. B. Sirvastava Presented by: Kaiqi Xiong 11/28/2005 Computer Science CSC 774 Adv. Net. Security

2 Outline Time synchronization and techniques –Pairwise sender-receiver synchronization Secure time sync problem: pulse delay attacks Proposed techniques –Node to node Single hop: Secure Pairwise Synchronization (SPS) Multi-hops: SO(opportunistic)M, SDM and STM –Group: L-SGS and SGS Conclusions and possible research questions

CSC 774 Adv. Net. Security3 Why Time Synchronization Time difference in sensor node clocks –Time offset: = C A (t)-C B (t) Why time synchronization –e.g., TESLA, localization and target tracking (any protocol regarding time stamp) How to find

CSC 774 Adv. Net. Security4 How to Synchronize Pairwise sender-receiver synchronization: TPSN # –Step 1: A (T 1 ) (T 2 ) B: A, B, sync –Step 2: B (T 3 ) (T 4 ) A: m, where m=[B, A, T 2, T 3, ack] –Step 3: Compute A B T1T1 T2T2 T3T3 T4T4 = [(T 2 -T 1 )-(T 4 -T 3 )]/2 d = [(T 2 -T 1 )+(T 4 -T 3 )]/2 T 1, T 4 are measured in As clock T 2, T 3 are measured in Bs clock # S. Ganeriwal, et al., Timing-sync protocol for sensor networks, SenSys, 2003

CSC 774 Adv. Net. Security5 Why Secure Time Synchronization Type 1 attack: modify T 2 and T 3 by capturing node B Type 2 attack: pulse-delay attacks –Simply jam an initial pulse –Store in its memory –Replay it at an arbitrary time later =[(T 2 -T 1 )-(T 4 -T 3 )+ ]/2; d=[(T 2 -T 1 )+(T 4 -T 3 )+ ]/2 T 2 * = T 1 + d + + Jam the signal with delay A sends at T 1 B receives at T 2 *

CSC 774 Adv. Net. Security6 Roadmap For Proposed Techniques Only discuss techniques resilient to type 2 attacks Node-to-node: time synchronization of two nodes –Single hop: Secure Pairwise Synchronization (SPS) –multi-hops: Secure Opportunistic Multi-hop (SOM) Secure Direct Multi-hop (SDM) Secure Transitive Multi-hop (STM) Group: time synchronization among a group of nodes –Lightweight Secure Group Synchronization (L-SGS) –Secure Group Synchronization (SGS)

CSC 774 Adv. Net. Security7 Single-hop - Secure Pairwise Synchronization (SPS) Step 1: A (T 1 ) (T 2 ) B: A, B, N A, sync Step 2: B (T 3 ) (T 4 ) A: m, MAC[K AB, m] –where m=[B, A, N A, T 2, T 3, ack] Step 3: Compute d=[(T 2 -T 1 )+(T 4 -T 3 )]/2 If d d* (predefined), then =[(T 2 -T 1 )-(T 4 -T 3 )]/2; else abort End-to-end delay (d) consists of Waiting time T w at mac to access channel ( s~min) (Big!) Transmission time T t : time taken to transmit the packet bit- by-bit at the radio of sender (100s s) Propagation delay T p : time over wireless link between sender and receiver (ns)

CSC 774 Adv. Net. Security8 Performance - Define d* d = N(d avg, ) is a Guassian distribution Select d* = d avg +3 Maxi sync error=3 =10 s Attacker can introduce a maxi pulse-delay factor of 12 due to –d avg +3 + /2 = d avg -3 –In this case, maxi attacker impact = 6 Fig: End-to-end delay over a link Table: Statistics of end-to-end delay ( Waiting time is extracted )

CSC 774 Adv. Net. Security9 Secure Opportunistic Multi-hops (SOM) Assumption: key K AB shared by A and B SOM Step 1: m 1 =[A, B, N A ], sync Step 2: m, MAC[K AB, m] where m=[m 1, T 2, T 3, ack] Step 3: Node A computes d =[(T 2 -T 1 )+(T 4 -T 3 )]/2 If d d M *, then =[(T 2 -T 1 )-(T 4 -T 3 )]/2; else abort B A – Exactly the same as SPS except nodes C and D added DC Send at T 1 Receive at T 2 Receive at T 4 Send at T 3

CSC 774 Adv. Net. Security10 Performance: SOM End-to-end delay –d=sum (T w + T t +T p ) –T w is significantly higher –Standard deviation is higher in 3 orders of magnitude as compared to a single hop –Maxi sync error=3 Maxi attacker impact=6

CSC 774 Adv. Net. Security11 Secure Direct Multi-hop (SDM) Step 5: 5: Node A computes d=(E 1 +E 2 )/2 –If d d T *, then = (E 1 -E 2 )/2; else abort where E 1 = (T 2 -T 1 )+(T 4 -T 3 )+(T 6 -T 5 ), E 2 = (T 12 -T 11 )+(T 10 -T 9 )+(T 8 -T 7 ) Step 1. A C D B: A, B, N A, sync Step 2. B,D,N A,m 1,M 1 – m 1 =[m 1, T 2, T 3, ack], M 1 =MAC[K BD, B, D, N A, m 1 ] – m 2 =[B, D, A, T 4, T 9, T 6 -T 5, T 8 -T 7, ack], M 2 =MAC[K DC, D, C, N A, m 2 ] – m 3 =[B,D,C,A,T 2,T 11,T 4 -T 3,T 10 -T 9, T 6 -T 5,T 8 -T 7, ack], M 3 =MAC[K CA,C, A, N A, m 3 ] B A DC T1T1 T3T3 T2T2 T4T4 T5T5 T6T6 T7T7 T8T8 T9T9 T 10 T 11 T 12 Step 3. D,C,N A,m 2,M 2 Step 4. C,A,N A,m 3,M 3

CSC 774 Adv. Net. Security12 Performance (as compared to SOM) Advantages –End-to-end delay is not corrupted by T w –d AC = d CD =d DB =N(d avg, ). So, d AB =N(nd avg, n 1/2 ) –d T *= nd avg + n 1/2 – n 1/2 M * (SOM), lower in 3 orders of magnitude Disadvantages –ack has to carry the state information and timestamps about all the previous packets, so the packet size of ack packet is larger

CSC 774 Adv. Net. Security13 Secure Transitive Multi-hop (STM) Step 5: A sync to C (SPS) Step 1. A C D B: A, B, N A, sync Step 2. B, D, N A, m 1, M 1 – m 1 = [B, D, notify], M 1 = MAC[K BD, B, D, N A, m 1 ] – m 2 = [B, D, C, notify], M 2 = MAC[K DC, D, C, N A, m 2 ] # – m 3 = [B, D, C, A, notify],M 3 = MAC[K CA, C, A, N A, m 3 ] # B A DC Step 4. C sync to D (SPS)Step 3. D sync to B (SPS) # In the paper, K BD in M 2 and M 3 should be K DC and K CA respectively D C: D, C, N A, m 2, M 2 C A: C, A, N A, m 3, M 3

CSC 774 Adv. Net. Security14 Comparison (SOM, SDM and STM) Maximal delay parameter same as d* in SYS Advantages –Threshold is verified at each step, so re-sync if the threshold does not meet in STM. But, threshold is done only when A receives ack in SOM and SDM Disadvantages –In STM, an external attacker can carry out pulse-delay attacks on the link joining C and D, due to local verification –The total number of transmitted messages 2n for SOM and SDM, but 3n for STM when no attacks

CSC 774 Adv. Net. Security15 Group Synchronization Lightweight Secure Group Synchronization (LSGS) –Step 1: G 1 *: G 1, sync –Step 2: G i (T i ) (T i1 ) G 1 : G i, N i –Step 3: G 1 (T 1 ) (T 1i ) *: G 1, T 1, ack, m, M where m={T i1, G i, N i }, M=MAC[K 1i, G 1, T 1, ack, m] (i = 2,…n) –Step 4: Compute d = [(T i1 -T i )+(T 1i - T 1 )]/2 If d d*, then = [(T i1 -T i )-(T 1i - T 1 )]/2; else abort Note. G i A and G 1 B in a single hop

CSC 774 Adv. Net. Security16 Performance (L-SGS) Same as SPS –Resilient to pulse-delay attacks and message modification attacks Not resilient to internal attacks (if G 1 is malicious)

CSC 774 Adv. Net. Security17 Secure Group Synchronization (SGS) Triangle consistency ij Node i Node j Node k jk ki Internal attacks if ij + jk + ki 0? Main ideas of SGS –Every two nodes use SPS by broadcast. No fixed node is used for time sync –Use triangle consistency to detect internal attacks

CSC 774 Adv. Net. Security18 Comparison and Summary # Compared to the packet size in SPS

CSC 774 Adv. Net. Security19 Conclusions A suite of time synchronization protocols was proposed to detect pulse-delay attacks –Node-to-node Single hop: SPS Multi-hops: –SOM (shared pairwise key and big d M *) –SDM (large message sizes), STM (external attacks) –Group: L-SGS (internal attacks), SGS (big communication overhead) Secure group synchronization is based on the assumption: all group nodes are in each others power range

CSC 774 Adv. Net. Security20 Possible Research Questions How to sync time when some nodes are not in the power range of other nodes in a group Prevention? How to continue with the processing of time sync when attacks How to develop methods to avoid internal attacks (e.g., a hash chain?) Is it possible to apply Iuloss approach or a tree-based technique to SGS for reducing communication overhead

CSC 774 Adv. Net. Security21 Thank You! Questions?