Thoughts on the Formal Modeling of Security of Sensor Networks Catherine Meadows Center for High Assurance Computer Systems Naval Research Laboratory Washington,

Slides:



Advertisements
Similar presentations
Security attacks. - confidentiality: only authorized parties have read access to information - integrity: only authorized parties have write access to.
Advertisements

Chris Karlof and David Wagner
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
A Survey of Secure Wireless Ad Hoc Routing
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.
Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.
Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Robust Range-Independent Localization for Wireless Sensor Networks Radha Poovendran Joint work with Loukas Lazos Network Security Lab University of Washington.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Securing OLSR Using Node Locations Daniele Raffo Cédric Adjih Thomas Clausen Paul Mühlethaler 11 th European Wireless Conference 2005 (EW 2005) April
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
SeRLoc: Secure Range-Independent Localization for Wireless Sensor Networks Radha Poovendran Network Security Lab University of Washington Protocol Exchange.
1 Somya Kapoor Jorge Chang Amarnath Kolla. 2 Agenda Introduction and Architecture of WSN –Somya Kapoor Security threats on WSN – Jorge Chang & Amarnath.
Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 6: Securing neighbor discovery.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks Authors: Wenyuan XU, Wade Trappe, Yanyong Zhang and Timothy Wood Wireless.
Establishing Pairwise Keys in Distributed Sensor Networks Donggang Liu, Peng Ning Jason Buckingham CSCI 7143: Secure Sensor Networks October 12, 2004.
LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks By: Sencun Zhu, Sanjeev Setia, and Sushil Jajodia Presented By: Daryl Lonnon.
Evaluating the Vulnerability of Network Traffic Using Joint Security and Routing Analysis Patrick Tague, David Slater, and Radha Poovendran Network Security.
Programming Satan’s Computer
Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
How Does Topology Affect Security in Wireless Ad Hoc Networks? Ioannis Broustis CS 260 – Seminar on Network Topology.
A Survey of Secure Location Schemes in Wireless Networks /5/21.
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.
Towards Provable Secure Neighbor Discovery in Wireless Networks Marcin Poturalski Panos Papadimitratos Jean-Pierre Hubaux.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Power Save Mechanisms for Multi-Hop Wireless Networks Matthew J. Miller and Nitin H. Vaidya University of Illinois at Urbana-Champaign BROADNETS October.
Using Directional Antennas to Prevent Wormhole Attacks Lingxuan HuDavid Evans Department of Computer Science University of Virginia.
Providing Transparent Security Services to Sensor Networks Hamed Soroush, Mastooreh Salajegheh and Tassos Dimitriou IEEE ICC 2007 Reporter :呂天龍 1.
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.
The Sybil Attack in Sensor Networks: Analysis & Defenses
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Computer Science 1 Using Directional Antennas to Prevent Wormhole Attacks Presented by: Juan Du Nov 16, 2005.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.
Jinfang Jiang, Guangjie Han, Lei Shu, Han-Chieh Chao, Shojiro Nishio
Secure positioning in Wireless Networks Srdjan Capkun, Jean-Pierre Hubaux IEEE Journal on Selected area in Communication Jeon, Seung.
S E A D Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks Yih-Chun Hu,David B.Johnson, Adrian Perrig.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Packet Leashes: Defense Against Wormhole Attacks
Wireless Sensor Network Architectures
Presenter: Yawen Wei Author: Loukas Lazos and Radha Poovendran
Outline Using cryptography in networks IPSec SSL and TLS.
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Presentation transcript:

Thoughts on the Formal Modeling of Security of Sensor Networks Catherine Meadows Center for High Assurance Computer Systems Naval Research Laboratory Washington, DC

Outline of Talk Brief introduction to sensor networks Brief introduction to standard Dolev-Yao notion of protocol correctness In-depth discussion of how assumptions behind sensor network security differ from Dolev-Yao notions Some examples –Chose examples as different from DY-type protocols as possible in order to illustrate points Some suggestions for future research

What is a Sensor Network? Network of sensors and other devices communicating by wireless technology Responsible for gathering and coordinating data, and communicating it to data processing points

Security Needs of Sensor Networks Nodes need to be able to authenticate themselves to network Receiver of data from network needs to be able to ensure that that data is correct and consistent –Receiver could be another node in the network our some entity outside of network –Data may be aggregate of data gathered by individual nodes Network needs to be able to protect itself from denial of service attacks Network may also need to protect secrecy of data, although not in all applications –Will often be enough to guarantee that no single node contains information about the entire network

How Can We Adapt Formal Crypto Protocol Analysis to Sensor Networks Have generally accepted threat model, Dolev-Yao, that serves as the basis for most formal analysis systems for crypto protocols Well-defined formal methods built using that model –Recently, model has been extended to include cryptographic notions of security Purpose of this talk: –Explore where DY does and does not apply to sensor networks –Explore feasibility of developing general threat model for security of sensor networks

Some Attacks on Sensor Networks Collusion: Illegal collaboration among subset of nodes Sybil: Single entity impersonates multiple network nodes –Effective against systems that rely on majority vote Sinkhole: Single node redirects all data through it –Good for implementing denial of service attack Wormhole: Adversary has faster link for communication between origin and destination point –Can be used to confuse network about physical location of origin

Dolev-Yao Model Assume intruder who can –Read, intercept, alter, or create traffic at any point –Perform any cryptographic operation available to legitimate member of system Assume principals divided up into honest and dishonest –Honest principals follow rules of protocol –Dishonest principals in league with intruder and share all keys and other information with it Any message sent by dishonest principal –Honest principals stay honest, dishonest principals say dishonest Some variants of model do allow for compromise of keys

Dolev-Yao Model (cont.) Fixed set of operations allowed to principals –Concatenation, deconcatenation –Cryptographic functions (private key, public key, keyed hash, etc.) –Generation of random nonces –Some versions also include timestamps Two general classes of security goals –Secrecy –Authentication: if a certain event occurs, then certain other events must have or must not have occurred in the past Possibly in a prescribed order

ATTACKER MODEL

What’s Behind Attacker Model in DY In wired networks, we generally assume strong layering –Crypto protocols will rely on routing to send data from one point to another, but can’t make any special demands on it For that reason, DY model makes the worst case assumption that the network is completely under control of the intruder

Sensor Network Model Not as Pessimistic Severe energy constraints means that you need to have greater cross-layer communication –Secure services can and must be designed in closer cooperation with other network services Thus, most security protocols for sensor networks interact closely with the routing mechanism The upshot: modeling routing explicitly means that we can assume that nodes controlled by intruder can only read or alter traffic if they are in close physical proximity to sender of traffic More detailed, but weaker, intruder model Note: most, but not all, solutions rely on broadcast routing, so can make simplifying assumption that attacker can pick up on or interfere with communication only if within certain distance of broadcasting node

DISHONEST PRINCIPALS

Assumptions About Dishonest Principals In DY model, dishonest principals in league with attacker and assumed to be in communication with it In sensor networks, ability to communicate limited to physical proximity Only nodes that are close together are assumed always to be able to communicate Again, attacker model is weaker, but more detailed

Assumptions About Dishonest Principals (2) In DY, set of honest and dishonest nodes does not change In sensor network, nodes usually assumed to start out honest Much computation in sensor networks based on consensus –Thus necessary to identify bad nodes and remove them Life trajectory of bad node: starts out good, becomes bad, is identified and removed

Assumptions About Attacker Computational Strength In sensor networks, nodes may have very limited computational and memory capability in order to conserve energy Some models assume that attacker nodes have no more capability than honest nodes –Allows us to use non-cryptographic solutions Algorithms that are not cryptographically strong, but cannot be broken by resource-constrained node

ACTIONS AVAILABLE TO HONEST PRINCIPALS

Operations Available to Honest Principals Besides operations available to honest principals, have two others Distance bounding –Node can tell distance from other node by sending it a message and see how long it takes to return –If response authenticated, dishonest node can lie about being further away than it is, but not closer Signal strength measurement –Sender includes strength of transmitted message in message –Receiver compares received strength to transmitted strength to compute distance –Not secure, but can be useful when combined with other mechanisms

SECURITY GOALS

Security Goals DY Goals involve secrecy and authentication for some set of principals –What happens to rest of network is immaterial Sensor network goals usually apply to the entire network –Network should be connected (securely) –Majority of nodes in the network should be able to compute their location Goals often probabilistic –May be too difficult to get perfect of near-perfect assurance of success

Protocol 1: Eschenauer-Gligor Key Distribution Scheme Public key cryptography often too expensive to implement in a sensor network Shared key crypto requires too many keys Insight: don’t need every node to be able to communicate directly with every other node –What you need is a connected graph Assign each node a random subset of given pool of keys Nodes then go through a key discovery phase to determine which near neighbors they share keys with Resulting graph: –Nodes are sensors –Edges are (s,t) where s and t are near one-hop neighbors sharing key Probabilistic analysis to determine whether graph is connected –Given two nodes, what is the probability there is a path between them?

When newcomer claims position, three nodes forming triangle around that position perform distance bounding protocol Newcomer can’t claim to be farther away from one node than it is without also claiming to be closer to another node It’s impossible to pretend to be closer than you are! Protocol 2: Capkun & Hubaux Secure Positioning Scheme

Features of a Secure Distance Bounding Protocol Timed response must be quick to compute –Computationally intensive response will mess up timing –Authentication is computationally expensive But, if protocol not authenticated properly, honest node’s connection could be hijacked by another node Need a way of including both crypto and fast responses in the same protocol Problem first addressed by Brands and Chaum, 1998 –Seeking to defeat “grandmaster attack” on zero knowledge protocols –Attacker passes off honest node protocol responses as its own –Dual of problem we are considering here

Capkun and Hubaux Protocol u : Generate random nonce N u : Generate commitment (c, d) = commit(N u ) u -> v : c v : Generate random nonce N v v -> u : N v u -> v : N u XOR N v v : Measure time t vu between sending N v and receiving N u XOR N v u -> v : N u,N v,d,MAC Kuv (u, N u,N v,d) v: Verify MAC and verify if N u = open(c, d) Security property: If protocol finishes successfully, u should have sent N u XOR N v to v after receiving N v

Protocol 3: SerLoc (Lazos and Poovendran, 2004) Secure location protocol designed to defeat wormhole attack Depends on architecture consisting of powerful beacons who have access to location information (e.g. via GPS), and less powerful sensors who locate themselves wrt beacons Attacker may try to replay beacon information from one part of network in other parts, confusing sensors

SerLoc Idea L1L1 L4L4 L2L2 (0, 0) s L3L3 Each locator L i transmits information that defines the sector S i, covered by each transmission Sensor s defines the region of intersection (ROI), from all locators it hears – Majority Vote LocatorSensor ROI Locators heard at the sensor LH s S2S2 S3S3 S4S4 S1S1 s

Dealing with Wormholes (1) Accept only single message per locator Multiple messages from the same locator are heard due to: –Multi-path effects –Imperfect sectorization –Replay attack sensorLocator AcAc Wormhole link Attacker obstacle R R R: locator-to-sensor communication range. Multi-path or Imperfect Sectors are not attacks! False Alarms!

Exploit the range bounds to detect anomalies AiAi AjAj Dealing with Wormholes (2) Wormhole link 2R2R LiLi LjLj This allows you to identify anomalies, but not to choose correct location If you hear from two locators greater than 2R apart, can use distance bounding to detect which is closer R R Locators heard by a sensor cannot be more than 2R apart, where R = locator-to-sensor communication range

Protocol not Secure Against Jamming If attacker can block transmission from close-by locators, sensor can no longer identify anomalies Lazos, Poovendran, and Capkun have developed protocol robust against jamming combining ideas of SerLoc and Capkun-Hubaux Use metric Maximum Spoofing Impact (MSI): maximum distance between actual location and spoofed location Protocol reduces MSI AiAi AjAj Wormhole link 2R2R LiLi LjLj R R

Where do we go from here? Look what’s been done for similar problems Nature of problem –Network-wide properties to be guaranteed –Guarantee only statistical –Attacker with limited powers Two examples –Denial of service Meadows’ denial of service model Application of probabilistic model checkers to anti-DoS –Agha et al. Use PMAude and VESTA to model Gunter et al.’s packet dropping protocol –Anonymizing networks Stubblebine and Syverson’s group intruder logic models intruder with limited abilities Application of probabilistic model checkers to anonymizing networks –Shmatikov application of PRISM to Crowds

Conclusions Number of new problems to consider when analyzing security of sensor network protocols –Consensus-related goals –Probabilistic definitions of correctness –Need to take geometry, timing, and other physical factors into account What are the best ways of dealing with these?

References L. Eschenauer and V. Gligor, “A Key-Management Scheme for Distributed Sensor Networks” Proc. of the 9th ACM Conference on Computer and Communication Security, Washington D.C., November 2002 S. Capkun and J. Hubaux, “Secure Positioning of Wireless Devices and Applications to Sensor Networks,” Proc. of INFOCOM, Miami FL, March 2005 L. Lazos and R. Poovendran, “SeRloc: Secure Range-Independent Localization for Wireless Sensor Networks,” Proc. Of WISE, Philadelpia, PA, October 2004 L. Lazos, R. Poovendran, and S. Capkun, “ROPE: Robust Position Estimation in Wireless Sensor Networks,” Proc. of ISPN 2005