SPLASH Project INRIA-Eurecom-UC Irvine November 2006
SPLASH project review July July 2006 Security of Wireless Adhoc Networks –From MANET security… –To WSN (Wireless Sensor Network) Security! Many contributions in many different areas...
Outline MANET Security –Membership Management –Collaboration Enforcement WSN Security –The security Challenges –Secure Aggregation Conclusions
What is a MANET? No centralized control No hierarchy Fault-tolerant Dynamic membership MANET Distributed and scalable security services required Set of nodes (5-50) that establish A network Wireless and multi-hop Does not rely on any fixed infrastructure Spontenuous (no prior association)
MANET two main Security Challenges Membership/Key Management –How does a new node become a member of the MANETand receive key material without relying on a trusted membership controller? Secure Routing/Collaboration Enforcement –How can we make sure that all node collaborate i.e. relays others’ packets?
Topic 1: Membership Management The Centralized Approach A B C D E F Membership manager Single point of failure!
Our Approach: Distributed Membership Management A B C E F All members are equal and can participate in new node admission Secure as long as less than t nodes out of n get compromized
Our approach:Admission Control Step 1: Join request Step 2: Join commit (Vote) Step 3: GMC issuance & share acquisition M new New member (M new ) wants to join the group A quorum of t current members need to issue M new a group membership certificate (GMC) If no quorum found, membership is denied Vote 1 Vote 2
Some details …. Initialization –Dealer (or set of founding nodes) randomly selects polynomial f(x) of degree t-1 –… distributes a secret ssi to each authorized member –And publishes its witnesses f(x) = S + a 1 x + a 2 x 2 + … + a t-1 x t-1 (mod q) ss i = f(id i ) (mod q) Wj = g aj (mod p)
Node Admission A new node new receives the partial secret share, pssj, from node j, –Pssj = ssj.lj(new), where lj(.) is the Lagrange coefficient. –Computes its secret share, from at least t partial secrets share by summing them.
Key Exchange Once a node becomes a member it has a secret share ss_{new} that can be used: –To Vote for new member admission –To Establish a key with any other MANET member n_i Compute n_i’s public key, PK(i) K_{new,i} = PK(i)^ss_{new} = g^{ssi})^ss_{new} Node i can do the same computation and retrieve the same secret key –To Prove membership Our scheme is fully distributed and secure as long as less than t out of the n members are compromised. It was fully implemented and evaluated… More infos?: –Robust Self-Keying Mobile Ad Hoc Networks, Claude Castellucia, Nitesh Saxena, and Jeong H. Yi, Elsevier Computer Networks, April 2007.Elsevier Computer Networks (mod q) (mod p)
Topic 2: Secure Collaboration How to make sure that members are not selfish? –Some nodes might drop packets to save energy or to perform DoS attacks We have developped: – a reputation based solution (CORE) Introduced at Paristic 2004 –a Cryptographic solution
Collaboration Enforcement Problem statement: A B C CA
Collaboration Enforcement (2) Problem statement: A B C CA
Boomerang Routing Some packets addressed to B are routed via C –Boomerang routing ;-) A C B CABA A C B CABA BA
Boomerang Routing If B drops packets…it may drop some of its packets … It is forced to collaborate since he does not know the final destination… Reference: Pocket bluff (INRIA Research Report) Pocket bluff A C B CABA
Topic3 : Wireless Sensor Networks Security Another type of adhoc networks Network of sensors that usually monitor the environment Sensors are very small and cheap devices They usually send their monitored data to the sink (a more powerful device) Sink a bc d e
Application Spectrum Hazard Detection Biological Monitoring Linear Structure Protection Smart Environment Wearable Computing Immerse Environments Earth Science & Exploration Context-Aware Computing Interactive VR Game Wireless Sensor Networks Urban Warfare Military Surveillance Disaster Recovery Environmental Monitoring
MANET vs WSN MANET and WSN look similar but they are quite different.. MANETWSN Nodes are MobileNodes are Fixed Nodes1000/10000 Nodes Nodes belong to same entityNodes belong to different entities Nodes sends to BSP2P communication Nodes can easily be physically corrupted Nodes have very Limited CPU/memory/energy
Manet Security Challenges MANET WSN Access/Membership Management Scalability Collaboration enforcement/ Secure routing Energy/CPU efficient security protocols Sensor revocation
Some Contributions Key establishment/pairing –Shake them Up! (presented at Paristic 2005) Dara Aggregation in WSN –Aggregation is a useful technique to save energy Transmission is the most costly: Transmitting 1 bit is equivalent to executing 1000 instructions! –User is often more interested in the aggregate (i.e. average in a give area) than each individual value –Instead of sending each value to the sink, the values are added by intermediate nodes… –Less packets are transmitted, i.e. energy is saved… Sink a bc d e y’=a+b+c+…e y=y’/n CH
Secure Aggregation Aggregation is simple without security –Intermediate nodes process data of their children But what happens if the data sent by each sensor is encrypted using a key that it shares with the sink? We’ve developed a new additively homomorphic cipher Enc(k1, a) + Enc(k2, b) = Enc(k1+k2, a+b) –Intermediate nodes can add the ciphers they receive from children …and the sink can still recover the sum of the plaintexts. –But intermediate nodes do not have access to the plaintext values, i.e. privacy is provided… Efficient Aggregation of Encrypted Data in Wireless Sensor Networks, Mobiquitous 2005, July 2005 Mobiquitous 2005 Sink aggregation function “average” of n sensor nodes a E(a) E(b) b E(c) c E(d) d e y’=E(a)+…+E( d) y=D(y’)/n E(e)
Conclusions The SPLASH project was a very productive, collaborative and successful project –Pars Mutaf (INRIA) visited Eurecom for 1 year. –Claude Castelluccia (INRIA) visited UCI for 2 years. The scientific contributions were numerous and many papers were published We participated in many conf. PC and launched ESAS (European Workshop on Security in Adhoc and Sensor Network) Most of our results were implemented and evaluated experimentally –Not just papers or simulations!
Some Papers Key distribution/Membership Management in MANET –Robust Self-Keying Mobile Ad Hoc Networks, Elsevier Computer Networks, April 2007.Elsevier Computer Networks –Ad hoc network security, book chapter in Mobile Adhoc networking, 2004 and in Handbook of Information Security (2006). Secure and Private MANET routing protocol –Packet coding for strong anonymity in ad hoc networks, IEEE Securecomm 2006, –Securing Route Discovery in DSR, IEEE Mobiquitous'05 Collaboration Enforcement in MANET –CORE: a collaborative reputation mechanism to enforce node cooperation in MANET (Michiardi phd thesis, publications) –Pocket Bluff, INRIA Tech. Report, WSN Security –Shake Them Up! Mobisys –Efficient Aggregation of Encrypted Data in Wireless Sensor Networks IEEE Mobiquitous'05 –Authenticated Interleaved Encryption, eprint, –More to come soon ;-)