Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

Slides:



Advertisements
Similar presentations
Chris Karlof and David Wagner
Advertisements

Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.
Network security Dr.Andrew Yang.  A wireless sensor network is network a consisting of spatially distributed autonomous devices using sensors to cooperatively.
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
Trust relationships in sensor networks Ruben Torres October 2004.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Digital Signatures and Hash Functions. Digital Signatures.
KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.
Seeing-Is-Believing: Using Camera Phones for Human- Verifiable Authentication Jonathan M. McCune Adrian Perrig Michael K. Reiter Carnegie Mellon University.
Trusted Computing Technologies for Embedded Systems and Sensor Networks Adrian Perrig Carnegie Mellon University.
Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.
Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.
Security in Wireless Sensor Networks. Wireless Sensor Networks  Wireless networks consisting of a large number motes  self-organizing  highly integrated.
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Secure Aggregation for Wireless Networks Lingxuan Hu David Evans [lingxuan, Department of Computer.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
How Does Topology Affect Security in Wireless Ad Hoc Networks? Ioannis Broustis CS 260 – Seminar on Network Topology.
10/31/20051 Designing Secure Sensor Networks Paper Authors: Paper Authors: Elaine Shi and Adrian Perrig, Carnegie Mellon University Presenter: Matt Egyhazy.
1 Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup Cynthia KuoCarnegie Mellon University.
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
An Analysis of Bluetooth Security
Key Management in Mobile and Sensor Networks Class 17.
Providing Transparent Security Services to Sensor Networks Hamed Soroush, Mastooreh Salajegheh and Tassos Dimitriou IEEE ICC 2007 Reporter :呂天龍 1.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Secure Pairing of Wireless Devices by Multiple Antenna Diversity Liang Cai University of California, Davis Joint work with Kai Zeng, Hao Chen, Prasant.
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Security on Sensor Networks Presented by Min-gyu Cho SPINS: Security Protocol for Sensor Networks TinySec: Security for TinyOS SPINS: Security Protocol.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.
Security in Wireless Sensor Networks by Toni Farley.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam Modified by Sarjana Singh.
Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)
Security for Broadcast Network
TRUSTED FLOW: Why, How and Where??? Moti Yung Columbia University.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
June All Hands Meeting Security in Sensor Networks Tanya Roosta Chris Karlof Professor S. Sastry.
Jinfang Jiang, Guangjie Han, Lei Shu, Han-Chieh Chao, Shojiro Nishio
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
MiniSec: A Secure Sensor Network Communication Architecture Carnegie Mellon UniversityUniversity of Maryland at College Park Mark Luk, Ghita Mezzour, Adrian.
1/18 Talking to Strangers: Authentication in Ad-Hoc Wireless Networks Dirk Balfanz 외 2 명 in Xerox Palo Alto Research Center Presentation: Lee Youn-ho.
PROJECT DOMAIN : NETWORK SECURITY Project Members : M.Ananda Vadivelan & E.Kalaivanan Department of Computer Science.
Jamming for good: a fresh approach to authentic communication in WSNs
Packet Leashes: Defense Against Wormhole Attacks
SPINS: Security Protocols for Sensor Networks
OTR AKE Protocol.
Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.
Security Of Wireless Sensor Networks
SPINS: Security Protocols for Sensor Networks
Security of Wireless Sensor Networks
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
Presentation transcript:

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment in Sensor Networks 1

How do nodes receive cryptographic keys? “Distribution is simple; nodes are loaded with the shared key before deployment.” TinySec …send the key in the clear “thus resulting in a brief moment of vulnerability.” ZigBee SPINS Eschenauer and Gligor TinySec ZigBee MiniSecINSENS 2

Potential approach – Factory installation 3

Potential approach – Physical interface  Properties achieved Secrecy Ease of use  But… Batch deployment remains a tedious task USB interface will not exist on many commodity nodes Sensors deployed in harsh environments USB interface are expensive 4

An ideal practical solution  No physical interface No USB connectors, screens, or keypads  Deploy keys wirelessly Resistant to eavesdropping and injection attacks  Key deployment by end users End users are not security experts  Batch deployment for multiple nodes Scales for large deployments 5

Agenda  Motivation  Problem definition  Single node key deployment  User study  Batch deployment 6

Agenda  Motivation  Problem definition  Single node key deployment  User study  Batch deployment 7

Problem definition (1/2)  Securely setup a shared secret between a base station and a new node Key secrecy Attacker cannot compromise shared secret Key authenticity New node receives the key that base station intended it to receive Demonstrative identification Users are certain which devices are communicating 8

Problem definition (2/2) Robust to user error Fail safe - human error result in failure to setup a key, not key compromise Cost effective Does not require additional hardware on each node No asymmetric cryptography Even asymmetric crypto schemes need one authenticated value 9

Assumptions  Installer Trusted Not expert  Base station Trusted Generates keys  Sensor node Unmodified hardware Loose time synchronization Unmodified software 10

Strong attacker model  Dolev-Yao Overhear, intercept, modify, reorder, and send arbitrary messages Before, during, and after key deployment  More powerful malicious device deployed around vicinity of nodes Higher antenna gain Faster processor 11

Agenda  Motivation  Problem definition  Single node key deployment  User study  Batch deployment 12

Keying Device How to send key wirelessly to new node? Base station KMKM New Node KMKM KMKM Attacker eavesdrops on key! Attacker 13

Keying Device Need some type of isolation KMKM New Node KMKM Shielded messages Faraday cage approach proposed by Castelluccia and Mutaf,

Why isn’t a Faraday cage sufficient?  How does installer know when to open cage?  How does installer know cage is closed?  What happens if Faraday cage is imperfect?  How does installer know if node has correct key? 15

How does installer know when to open cage? Faraday Cage Keying Device New Node 16

How does installer know when to open cage? Faraday Cage Keying Device New Node Keying Beacon 17

‘ Keying beacon interacts with user Faraday Cage Keying Device New Node Keying Beacon  Solid blue - performing key deployment  Blinking blue - done 18

Keying beacon interacts with user Faraday Cage Keying Device New Node Keying Beacon  Solid blue - performing key deployment  Blinking blue - done 19

Why isn’t a Faraday cage sufficient?  How does installer know when to open cage?  How does installer know cage is closed?  What happens if Faraday cage is imperfect?  How does installer know if node has correct key? 20

How do nodes know when cage is closed? Faraday Cage Keying Device New Node Keying Beacon Authenticated heartbeats 21

‘ Authenticated heartbeats determine whether cage is closed Faraday Cage Keying Device New Node Keying Beacon Authenticated heartbeats 22

Why isn’t a Faraday cage sufficient?  How does installer know when to open cage?  How does installer know cage is closed?  What happens if Faraday cage is imperfect?  How does installer know if node has correct key? 23

What if cage leaks? Faraday Cage Keying Device New Node Keying Beacon 24

What if cage leaks? Faraday Cage Keying Device New Node Keying Beacon  Solution 1: Keying beacon eavesdrops I hear shielded messages! 25

How leaky is cage? Faraday Cage  L cage : Attenuation of cage (dBm) Strong attenuation (large negative number) Attacker cannot overhear shielded messages Weak attenuation (small negative number) Attacker can overhear shielded messages Keying beacon can also detect leaked messages  In order for leaking to go undetected… Attacker needs a sweet spot Based on our setup: -66 dBm 26

How far away does attacker have to be?  RS e : Eavesdroppers required radio sensitivity  Attacker antenna gain of 10dBm  P t : Transit power of keying device, at minimum power  L cage : Attenuation of cage  d min : Distance of eavesdropper 27 If cage leaks, attacker needs to be within 19cm

What if cage leaks? Faraday Cage Keying Device New node Keying Beacon  Solution 2: Keying beacon jams at full power Leaked messages overpowered by jamming signal 28

How do nodes know jammed at correct time? Faraday Cage Keying Device New node Keying Beacon 29  Requires loose time synchronization

Summary: Protecting shielded messages  Faraday cage attenuates shielded messages  Shielded messages sent at minimum power  Keying beacon jams at full power 30

Why isn’t a Faraday cage sufficient?  How does installer know when to open cage?  How does installer know cage is closed?  What happens if Faraday cage is imperfect?  How does installer know if node has correct key? 31

Rsp Chal How does installer know if node has correct key? Faraday Cage Keying Device New Node Keying Beacon KMKM KMKM MAC KMKM 32

How does installer know if node has correct key? Faraday Cage Keying Device New node Keying Beacon KMKM KMKM KMKM 33

Key verification Faraday Cage Keying Device New node Keying Beacon KMKM KMKM KMKM Rsp Chal Rsp’ = KMKM MAC 34

What if there was an error? Faraday Cage Keying Device New node Keying Beacon KMKM KMKM K M’  Easy for user to detect  Fail-safe 35 Rsp’ Rsp !=

Summary: Single node key deployment  Installer places… New Node and Keying Device inside Faraday cage Keying Beacon outside Faraday cage  Keying Device and Beacon exchange authenticated heartbeats to determine whether cage is closed  Installer closes cage… Key exchange inside cage (Shielded messages) Beacon jams at full power  Beacon notifies installer to open cage  Key verification Compares jamming schedule Challenge response protocol  Beacon signals to installer whether keying was successful 36

Agenda  Motivation  Problem definition  Single node key deployment  User study  Batch deployment 37

User study 38

Agenda  Motivation  Problem definition  Single node key deployment  User study  Batch deployment 39

Batch deployment New Nodes Faraday Cage Keying Beacon Keying Device 40 K1K1 K2K2 K3K3

Same questions apply for batch deployment  How does installer know when to open cage? Keying might take variable time! Need to determine number of nodes in batch  How does installer know cage is closed? Authenticated heartbeats  What happens if Faraday cage leaks signal? Beacon jams at full power  How does installer know if node has correct key? Key verification 41

Batch deployment New Nodes Faraday Cage Keying Beacon Keying Device 42 Weight Scale

Batch deployment New Nodes Faraday Cage Keying Beacon Keying Device  Same protocol from user’s perspective 43 Weight Scale # nodes = Weight / Unit weight Heartbeat: Weight

Related Work 44  Physical interface  Resurrecting Duckling [Stajano 01]  Seeing is Believing [McCune 04]  Other side channel as sensors  Talking to Strangers [Balfanz 03]  Shake Them Up [Castelluccia 05]  Requires pre-existing information  Integrity code [Cagalj 06]  Insecure  Key Infection [Chan 03]

Conclusion  Key deployment Hard problem Not currently addressed for highly secure environments Needed by all secure sensor network protocols  Message-in-a-Bottle Secure Robust to user error 45

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.