1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

Slides:



Advertisements
Similar presentations
Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys
URSA: Providing Ubiquitous and Robust Security Support for MANET
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Security In Wireless Sensor Networks by Adrian Perrig, John Stankovic, and David Wagner.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
WIRELESS SENSOR NETWORK SECURITY USING GROUP KEY MANAGEMENT SCHEME Presented By: Mohammed Saleh CS 599a Fall06.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
DARPA Security Mini-task Naveen Sastry. Groups Involved BBN SRI UMass / UMich / U. Arizona UC Berkeley.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Establishing Pairwise Keys in Distributed Sensor Networks Donggang Liu, Peng Ning Jason Buckingham CSCI 7143: Secure Sensor Networks October 12, 2004.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Self Protecting Cryptosystems Moti Yung Columbia University/ RSA Labs.
Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Security in Wireless Sensor Networks. Wireless Sensor Networks  Wireless networks consisting of a large number motes  self-organizing  highly integrated.
Brian Padalino Sammy Lin Arnold Perez Helen Chen
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
Intrusion Detection System for Wireless Sensor Networks: Design, Implementation and Evaluation Dr. Huirong Fu.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
MASY: Management of Secret keYs in Mobile Federated Wireless Sensor Networks Jef Maerien IBBT DistriNet Research Group Department of Computer Science Katholieke.
Leveraging Channel Diversity for Key Establishment in Wireless Sensor Networks Matthew J. Miller Nitin H. Vaidya University of Illinois at Urbana-Champaign.
Description of the monitoring system experimentation on the freight car pSHIELD Demonstrator Testbed Architecture pSHIELD Final Review Meeting, Bruxelles.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
1 Secure Ad-Hoc Network Eunjin Jung
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University Excerpted from
Key Management in Mobile and Sensor Networks Class 17.
A Design for Secure and Survivable Wireless Sensor Networks Yi Qian, Kejie Lu, David Tipper Presented by: William Newton University of Maryland, Baltimore.
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
Adapted from the original presentation made by the authors Reputation-based Framework for High Integrity Sensor Networks.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
Cryptography and Network Security (CS435) Part One (Introduction)
Intrusion Tolerant Software Architectures Bruno Dutertre, Valentin Crettaz, Victoria Stavridou System Design Laboratory, SRI International
A Highly Scalable Key Pre- Distribution Scheme for Wireless Sensor Networks.
An Adaptive Intrusion-Tolerant Architecture Alfonso Valdes, Tomas Uribe, Magnus Almgren, Steven Cheung, Yves Deswarte, Bruno Dutertre, Josh Levy, Hassen.
A Two-Layer Key Establishment Scheme for Wireless Sensor Networks Yun Zhou, Student Member, IEEE, Yuguang Fang, Senior Member, IEEE IEEE TRANSACTIONS ON.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST PI Meeting January 29, 2003.
Intrusion Tolerant Software Architectures Bruno Dutertre and Hassen Saïdi System Design Laboratory, SRI International OASIS PI Meeting.
High-integrity Sensor Networks Mani Srivastava UCLA.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Applied cryptography Project 2. 2CSE539 Applied Cryptography A demo Chat server registration Please enter a login name : > Alice Please enter the.
Security in Wireless Ad Hoc Networks. 2 Outline  wireless ad hoc networks  security challenges  research directions  two selected topics – rational.
P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.
To ensure secure and dependable monitoring of rail cars transporting hazardous materials, providing resiliency against both random and malicious threats.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Sensor Coordination using Active Dataspaces Steven Cheung NSF NOSS PI Meeting October 18, 2004.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Presented by Edith Ngai MPhil Term 3 Presentation
Intrusion Tolerant Architectures
Intrusion Tolerance for NEST
SPINS: Security Protocols for Sensor Networks
Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.
SPINS: Security Protocols for Sensor Networks
Detecting Denial-of-Service Attacks against Sensor Networks
Presentation transcript:

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002

2 Administrative Project Title: Intrusion Tolerance for Networked Embedded Sys. PM: Vijay Raghavan PI: Bruno Dutertre and Steven Cheung PI phone # : (650) , (650) PI Institution: SRI International Contract #: F C-0212 Award start date: 9/20/2002 Award end date: 12/20/2004 Agent name & organization: Raymond Liuzzi, AFRL/Rome

3 Subcontractors and Collaborators Collaborators: –Hassen Saïdi –Ulf Lindqvist –Joshua D. Levy

4 Problem Description, Project Overview Objective: –Low-cost, intrusion-tolerant authentication and key management for NEST (resource-limited wireless devices) Impact: –Fundamental building blocks on which higher-level security services can be implemented –Enable the secure deployment of sensor networks, or other NEST applications. Success criteria: –Demonstrate deployment on a representative network of small wireless sensors (Motes) –Relevant metrics: network size, fraction of compromised sensors, overhead

Problem and Challenge Impact New Ideas Schedule  Build low-cost key-management services for sensor networks:  Localized authentication protocols for bootstrapping  Chains of trusted intermediaries for  Secret sharing + disjoint paths for tolerating compromised nodes  Intrusion detection for motes:  Detect denial-of-service attacks  Detect misbehaving nodes Intrusion Tolerance for NEST Intrusion-tolerant key-distribution services for large networks of microsensors 2QFY03: Design Bootstrapping Protocols 3QFY03: Baseline Intrusion Detection 4QFY03: Design Inturion-tolerant Key-Distribution Protocols 1QFY04: Experimental Validation and Demo 1QFY05: Integration and Final Demo FY03 FY04 FY05  Enable deployment of sensor networks in hostile environments  Support other security services for wireless sensor networks:  Confidentiality and integrity of communication  Robust NEST services Self organizing protocols Low cost cryptography Detect/respond to DoS attacks

6 Outline Existing approaches to authentication and key management –PKI, Diffie-Hellman, trusted servers Proposed approach: –Local authentication and initial key establishment –Leveraging local trust –Intrusion detection and response Plan

7 Objective Low-cost key management for large-scale networks of small wireless devices Constraints: –Limited memory, processing power, and bandwidth –Networks too large and not accessible for manual administration/configuration

8 Traditional Key Management Decentralized approaches: –Public-key infrastructure, certificates –Diffie-Hellman style key establishment Approaches based on symmetric-key cryptography –Trusted authentication and key distribution server (e.g., Kerberos) Too expensive Limited scalability High administrative overhead to set up long-term keys Vulnerable to server failure Server may be a bottleneck

9 Proposed Approach Goals: –Intrusion-tolerant architecture for key management in NEST –Use only inexpensive cryptographic algorithm –Decentralized (no server) and self organizing Approach: –Build initial secure local links –For nonlocal communication, rely on chains of intermediaries –Use secret sharing when intermediaries are not fully trusted –Develop complementary intrusion detection methods to locate nontrustworthy nodes

10 Bootstrapping Establish secure local links between neighbor devices quickly after deployment –Weak authentication is enough (need only to recognize that your neighbor was deployed at the same time as you) –Exploit initial trust (it takes time for an adversary to capture/compromise devices) –Focusing on local links improves efficiency

11 Basic Bootstrapping Scheme For a set S of devices to be deployed –Construct a symmetric key K –Distribute it to all devices in the set K enables two neighbor devices A and B –To recognize that they both belong to S (weak authentication) –To generate and exchange a key for future communication Possible drawback: –Every device from S in communication range of A and B can discover. More robust variants are possible.

12 Leveraging Local Trust To establish keys between distant nodes: –use chains of trusted intermediaries To tolerate compromised nodes: –disjoint chains and secret sharing A B C D E

13 Tradeoffs Security increases with –the number of disjoint paths –the number of shares but these also increase cost Challenges: –Implement cheap secret sharing techniques –Quantify the security achieved –Find the right tradeoff for an assumed fraction of compromised nodes

14 Intrusion Detection Goals: –Detect compromised nodes (to remove them from chains) –Detect other intrusions: denial-of-service attacks, attempt to drain power –Cryptography is ineffective against these

15 Intrusion Detection Approach Develop models of attacks and relevant signatures: –What must be monitored? –How to collect and distribute the data? Develop diagnosis methods: –Identify the source of the attack if possible Possible responses: –Avoid nodes that are considered compromised –Hibernation to counter DoS or power-draining attacks

16 Experimental Evaluation Platform: –“motes” with TinyOS – nodes with upto 20% compromised nodes –Objective: show feasibility, measure overhead Experiment scenario remains to be defined

17 Project Status Participating in the security minitask Identifying security threats for a NEST environment Getting familiar with the TinyOS platform and the NEST Challenge In the process of setting up a sensor network testbed; motes ordered

18 Schedule

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.