An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Presenter: Dinesh Reddy Gudibandi.

Slides:



Advertisements
Similar presentations
Ou Liang, Ahmet Sekercioglu and Nallasamy Mani
Advertisements

Virtual Trunk Protocol
1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Dynamic Source Routing (DSR) algorithm is simple and best suited for high mobility nodes in wireless ad hoc networks. Due to high mobility in ad-hoc network,
Security Issues In Mobile IP
Page 1 Approximately Maximum Bandwidth Routing for Slotted Wireless Ad Hoc Networks Approximately Maximum Bandwidth Routing for Slotted Wireless Ad Hoc.
Efficient Secure Aggregation in VANETs Maxim Raya, Adel Aziz, and Jean-Pierre Hubaux Laboratory for computer Communications and Applications (LCA) EPFL.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Chris Karlof and David Wagner
Chapter 1: Introduction to Scaling Networks
ABC Technology Project
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
1 Undirected Breadth First Search F A BCG DE H 2 F A BCG DE H Queue: A get Undiscovered Fringe Finished Active 0 distance from A visit(A)
1 Breadth First Search s s Undiscovered Discovered Finished Queue: s Top of queue 2 1 Shortest path from s.
IONA Technologies Position Paper Constraints and Capabilities for Web Services
Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
25 seconds left…...
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
1 12/18/ :21 Chapter 12Bridges1 Rivier College CS575: Advanced LANs Chapter 12: Bridges.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
Introduction to Ad-hoc & Sensor Networks Security In The Name of God ISC Student Branch in KNTU 4 th Workshop Ad-hoc & Sensor Networks.
Exploring Energy-Latency Tradeoffs for Broadcasts in Energy-Saving Sensor Networks AUTHOR: MATTHEW J. MILLER CIGDEM SENGUL INDRANIL GUPTA PRESENTER: WENYU.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.
Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.
1 Routing Techniques in Wireless Sensor networks: A Survey.
Location-Aware Security Services for Wireless Sensor Networks using Network Coding IEEE INFOCOM 2007 최임성.
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
H-SPREAD: A Hybrid Multipath Scheme for Secure and Reliable Data Collection in Wireless Sensor Networks Wenjing Lou, Member, IEEE, and Younggoo Kwon.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
Dissemination protocols for large sensor networks Fan Ye, Haiyun Luo, Songwu Lu and Lixia Zhang Department of Computer Science UCLA Chien Kang Wu.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit
Routing Security in Ad Hoc Networks
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Establishing Pairwise Keys in Distributed Sensor Networks Donggang Liu, Peng Ning Jason Buckingham CSCI 7143: Secure Sensor Networks October 12, 2004.
LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks By: Sencun Zhu, Sanjeev Setia, and Sushil Jajodia Presented By: Daryl Lonnon.
Computer Science Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks Presented by Akshay Lal.
Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.
Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
1 A Location-ID Sensitive Key Establishment Scheme in Static Wireless Sensor Networks Proceedings of the international conference on mobile technology,applications,and.
Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.
Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof David Wagner University of California at Berkeley 1st IEEE International.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Copyright © 2011, Scalable and Energy-Efficient Broadcasting in Multi-hop Cluster-Based Wireless Sensor Networks Long Cheng ∗ †, Sajal K. Das†,
Tufts Wireless Laboratory School Of Engineering Tufts University Paper Review “An Energy Efficient Multipath Routing Protocol for Wireless Sensor Networks”,
P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao
Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)
Aggregation and Secure Aggregation. Learning Objectives Understand why we need aggregation in WSNs Understand aggregation protocols in WSNs Understand.
Energy Efficient Data Management for Wireless Sensor Networks with Data Sink Failure Hyunyoung Lee, Kyoungsook Lee, Lan Lin and Andreas Klappenecker †
1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
Jinfang Jiang, Guangjie Han, Lei Shu, Han-Chieh Chao, Shojiro Nishio
Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb CSE 535.
Aggregation and Secure Aggregation. [Aggre_1] Section 12 Why do we need Aggregation? Sensor networks – Event-based Systems Example Query: –What is the.
Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.
Energy Efficient Detection of Compromised Nodes in Wireless Sensor Networks Haengrae Cho Department of Computer Engineering, Yeungnam University Gyungbuk.
Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.
In the name of God.
Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.
Aggregation.
Presentation transcript:

An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Presenter: Dinesh Reddy Gudibandi

interleaved hop-by-hop authentication scheme 2 Agenda Introduction Interleaved Hop-by-Hop Authentication Scheme Security Analysis Performance Analysis Conclusion

interleaved hop-by-hop authentication scheme 3 Introduction An unattended WSN lends itself to several attacks like destruction of sensor nodes, security attacks on the routing and data link protocols and resource consumption attacks. Unattended sensor node deployment also makes another attack easier: an adversary may compromise several sensor nodes, and then use the compromised nodes to inject false data into the network. This attack falls in the category of insider attacks

interleaved hop-by-hop authentication scheme 4 Example WSN

interleaved hop-by-hop authentication scheme 5 Introduction Continued…. The focus of work is on detecting and filtering out false data packets, either at or en-route to the base station. This scheme is particularly useful for large-scale sensor networks where a sensor report needs to be relayed over several hops before it reaches the base station. To defend against false data injection attacks, authentication scheme is presented in which at least ‘t + 1’ sensor nodes have to agree upon a report before it is sent to the base station. Here ‘t’ is a security threshold based on the security requirements of the application under consideration and the network node density.

interleaved hop-by-hop authentication scheme 6 An Interleaved Hop-by-Hop Authentication Scheme Assumptions Threat model and design Goal Notation and Definition The Scheme Association maintenance

interleaved hop-by-hop authentication scheme 7 Assumptions Network and Node Assumptions Sensor nodes can be deployed via aerial scattering or by physical installation. Network links are bidirectional Security Assumptions Base station has a mechanism to authenticate broadcast messages and every node can verify the messages. All nodes are equally trusted. Base station will not be compromised.

interleaved hop-by-hop authentication scheme 8 Threat Model and Design Goal Adversary may command compromised node to drop or alter messages going trough them. Attackers goal is to cause false alarms or to deplete the already constrained resources of forwarding nodes by injecting false data. Schemes goal is to defend against false data injection attacks launched by up to t compromised nodes, t is a system parameter. Base station should be able to detect any false data packets injected by a compromised node. Number of hops before an injected data packet is detected and discarded is as small as possible. The Scheme should be robust to node failures.

interleaved hop-by-hop authentication scheme 9 Notations BS is the base station. CH is the cluster head of sensor nodes.

interleaved hop-by-hop authentication scheme 10 Definition For two nodes u i and u j on path from CH to BS, if | i - j| =t+1,we say u i and u j are associated, and u i is an associated node of u j. More specifically, if i – j=t+1, u i is the upper associated node of u j, and u j is the lower associated node of node u i.

interleaved hop-by-hop authentication scheme 11 Path from CH to BS

interleaved hop-by-hop authentication scheme 12 Phases in the Scheme Node initialization and deployment phase Association discovery phase Report endorsement phase En-route filtering phase Base station verification phase

interleaved hop-by-hop authentication scheme 13 Node initialization and deployment phase The key server loads every node with a unique id, as well as necessary keying materials that allow the node to establish pairwise keys with other nodes. After deployment, a node first establishes a one-hop pairwise key with each of its neighbors.

interleaved hop-by-hop authentication scheme 14 Association discovery phase A node discovers the ids of its associated nodes. This process may be initiated by the base station periodically, or by a node that detects the failure of a neighbor node.

interleaved hop-by-hop authentication scheme 15 Report endorsement phase t + 1 nodes generate a report collaboratively when they detect the occurrence of an event of interest. More specifically, every participating node computes two MACs over the event, one using its key shared with the BS, and the other using its pairwise key shared with its upper associated node. Then it sends the MACs to its cluster head. The cluster head collects MACs from all the participating nodes, wraps them into a report, and then forwards the report towards BS.

interleaved hop-by-hop authentication scheme 16 En-route filtering phase Every forwarding node verifies the MAC computed by its lower association node, and then removes that MAC from the received report. If the verification succeeds, it then computes and attaches a new MAC based on its pairwise key shared with its upper associated node. Finally, it forwards the report to the next node towards the BS.

interleaved hop-by-hop authentication scheme 17 Base station verification phase The BS verifies the report after receiving it. If the BS detects that t+1 nodes have endorsed the report correctly, it accepts the report; otherwise, it simply discards the report.

interleaved hop-by-hop authentication scheme 18 Example

interleaved hop-by-hop authentication scheme 19 Association maintenance If the path between the base station and a cluster head is static, then only an initial association discovery process is necessary. However, if the path between the base station and a cluster head changes due to the failure of an intermediate node or other reasons, This scheme has to adapt to the change accordingly to maintain correct associations. Association maintenance in two scenarios, namely  base station initiated repair  local repair.

interleaved hop-by-hop authentication scheme 20 Base Station Initiated Repair In this scenario, once a path is formed, the reports from a cluster head to the base station always follow the same path, unless the path is changed due to the base station. The base station broadcasts a beaconing message periodically forming a breadth-first tree rooted at the base station. Specifically, every node records its parent node as the node from which it first receives the beaconing message during the current epoch, and then rebroadcasts the beaconing message. Thus, the path between a cluster head and the base station is changed when an intermediate node chooses different parent nodes in two consecutive time epochs.

interleaved hop-by-hop authentication scheme 21 Local Repair Our approach for local repair is based on the right-hand rule in the greedy parameter stateless routing (GPSR) protocol. Here we assume every node knows the locations or relative locations of its neighbors (e.g., because of GPS).

interleaved hop-by-hop authentication scheme 22 Local Repair

interleaved hop-by-hop authentication scheme 23 Local Repair When node u4 detects its parent node u5 has failed (the issue of node failure detection is out of scope), it sends a REPAIR message to w1, which is the first node counterclockwise about u4 from edge (u4; u5). The REPAIR message includes the ids of t + 1 upstream nodes of u4 except u5; that is, it includes the id list fu6; u7; u8g. w1 and w2 forward the REPAIR message based on the same rule. When w3 receives the message, it finds that its next node is u6 based on this rule and u6 is in the list fu6; u7; u8g, which means that the failed node has been bypassed. w3 then requests an id list from u6, which includes the ids of t upstream nodes of node u6 and u6. Node w3 then forwards the list to its downstream nodes.

interleaved hop-by-hop authentication scheme 24 Security Analysis Security of the scheme with respect to design goals are. The ability of the base station to detect a false report. The ability of the en-route nodes to filter false reports.

interleaved hop-by-hop authentication scheme 25 Outsider Attacks In This scheme, every message is authenticated in a hop-by-hop fashion during its transmission. Thus, an unauthorized node cannot inject false data without it being detected. Moreover, because an event also contains a timestamp, an attack in which an outsider replays an old report will be detected.

interleaved hop-by-hop authentication scheme 26 Cluster Insider Attacks In this attack, all the t compromised nodes are from the cluster (possibly including the cluster head); that is, no nodes on the path to the base station are compromised. Because the ACK from the cluster head towards the base station must contain t + 1 distinct node ids, it must include the id of a non compromised or non existent node. Therefore, one of the t + 1 relaying nodes closest to the cluster head will be lower associated to a non compromised or non existent node. This node will drop a false report. Thus, we reach the same conclusion that a false report will be dropped after it is forwarded by at most t non compromised nodes.

interleaved hop-by-hop authentication scheme 27 Performance Evaluation Computational Cost The computational overhead of This scheme arises mostly due to two operations – establishing pairwise keys – report authentication. Communication Cost The communication overhead of The scheme arises from two sources. – First, every authentic report contains one compressed MAC and t+1 pairwise MACs. – Second, during association discovery and maintenance, a node adds its own id to a beaconing message when its path changes. Thus, this component of the communication overhead depends on path dynamics.

interleaved hop-by-hop authentication scheme 28 Conclusion Hop-by-Hop Authentication is a simple but effective authentication scheme to prevent false data injection attacks in sensor networks. The scheme guarantees that the base station can detect a false report when no more than t nodes are compromised, where t is a security threshold. In addition, the scheme guarantees that t colluding compromised sensors can deceive at most B non compromised nodes to forward false data they inject, where B is O(t2) in the worst case. Performance analysis shows this scheme is efficient with respect to the security it provides and allows a tradeoff between security and performance.

interleaved hop-by-hop authentication scheme 29 References Zhu, S., S. Setia, S. Jajodia, and P. Ning, “An Interleaved Hop-by-Hop Authentication Scheme for Filtering False Data Injection in Sensor Networks,” IEEE Symposium on Security and Privacy, Oakland, CA, May 9-12, 2004, pp

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.