MASY: Management of Secret keYs in Mobile Federated Wireless Sensor Networks Jef Maerien IBBT DistriNet Research Group Department of Computer Science Katholieke.

Slides:

Advertisements

Similar presentations

Chris Karlof and David Wagner

Advertisements

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Decentralized Reactive Clustering in Sensor Networks Yingyue Xu April 26, 2015.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Survey of Secure Wireless Ad Hoc Routing

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Authentication & Kerberos

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

A Survey of WAP Security Architecture Neil Daswani

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Security Issues In Sensor Networks By Priya Palanivelu.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

Secure Group Communications in Wireless Sensor Networks December 8, 2003 CS 526 Advance Internet and Web Systems Patrick D. Cook.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, and J.D. Tygar – University of California, Berkeley.

SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks By: Sencun Zhu, Sanjeev Setia, and Sushil Jajodia Presented By: Daryl Lonnon.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.

Computer Science Public Key Management Lecture 5.

SpartanRPC Secure WSN Middleware for Cooperating Domains Peter Chapin and Christian Skalka University of Vermont MASS-2010; San Francisco; November 8-12,

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.

1 Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University Excerpted from

Security in Wireless Sensor Networks using Cryptographic Techniques By, Delson T R, Assistant Professor, DEC, RSET 123rd August 2014Department seminar.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

Intelligent Database Systems Lab 國立雲林科技大學 National Yunlin University of Science and Technology 1 Wireless Sensor Network Wireless Sensor Network Based.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

A Highly Scalable Key Pre- Distribution Scheme for Wireless Sensor Networks.

Applied cryptography Project 2. 2CSE539 Applied Cryptography A demo Chat server registration Please enter a login name : > Alice Please enter the.

Self-Healing Group-Wise Key Distribution Schemes with Time-Limited Node Revocation for Wireless Sensor Networks Minghui Shi, Xuemin Shen, Yixin Jiang,

Efficient Pairwise Key Establishment Scheme Based on Random Pre-Distribution Keys in Wireless Sensor Networks Source: Lecture Notes in Computer Science,

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.

A Secure Routing Protocol with Intrusion Detection for Clustering Wireless Sensor Networks International Forum on Information Technology and Applications.

1 Authentication Celia Li Computer Science and Engineering York University.

Presented by Edith Ngai MPhil Term 3 Presentation

Intrusion Tolerance for NEST

SPINS: Security Protocols for Sensor Networks

Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li University of Pittsburgh, Pittsburgh, PA Hui Ling.

SPINS: Security Protocols for Sensor Networks

Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.

Presentation transcript:

MASY: Management of Secret keYs in Mobile Federated Wireless Sensor Networks Jef Maerien IBBT DistriNet Research Group Department of Computer Science Katholieke Universiteit Leuven Leuven, Belgium

Overview Context Related work Architecture Evaluation Future work and conclusion 01/26/10

Context : Container tracking Containers travel across the world Visiting many ports / storage facilities Many parties present Container Owners Infrastructure provider Work together in federation Wireless sensors monitor the cargo Send data back to owner 01/26/10

Context Sensors from many different parties Each container owner has own sensors Internet enabled Needed to send data Provided by infr. provider through GW Each party has back-end server Needed to receive monitoring feed Light weight nodes Nodes do not support assymetric encryption Too heavy weight for the lightest nodes

Key management in WSN Pre-shared key with gateway (SPINS / LEAP) – Gateway = key distribution center Pre-shared key ring(PIKE) – Compare rings -> generate secret – Use of 3th node if needed Assymetric encryption (SIZZLE) – limited certificates, assumed preloaded – Still memory intensive

Shortcomings Limited mobility Limited scalability No internet - connectivity Soldier dropping an ADSID 1967 (Air Delivered Seismic Intrusion Detector)

VANET security research Vehicle has 2 key pairs: Long term / Short term Short term : local key – Signed by local CA / Trusted by local vehicles Long term : global key – Signed by RA (DMV) – Trusted by local CA‘s – Local CA deploys STK using LTK

Architecture : General concept 01/26/10

Architecture

Evaluation Implementation on Tmote-Sky : Contiki Sunspot: Squawk VM Evaluate Message Overhead RAM Overhead ROM Overhead 01/26/10

Message size Hello – [NodeMac,CompIP,Nonce,Signature] 8B 4B 4B 16B Total 32 bytes Signature = {NodeMac,CompIP,Nonce} SK Reply – [NodeMac,{GK} SK ] 8B 16B Total 24 bytes

Memory overhead Contiki - Tmote Sky: Limited ROM// RAM overhead : ROM :Contiki 23.2kB, AES 5kB, protocol 1 kB RAM : 300 bytes Squak VM - SunSPOT: More overhead : ROM: 68.5kB (with crypto libs) protocol ca 7kB RAM : 10 total kB (unefficient implementation => OO)

Comparison : MASY-LEAP-Sizzle ComparisMASY(Tmote)MASY(SPOT)LEAPSizzle RAM (byte) ROM (kB)5, Message Overhead (bit) *600* 01/26/10

Infrastructure Gateway : Incompatible MAC -> Separate impl. Written in Java + C (Contiki ) / Java (SunSPOT) Back-end : Web Service Implemented in Java 01/26/10

Future work Multi node configuration Nodes travel in groups : 1 message to deploy key Drain attack prevention Periodically forward connection requests (e.g. 1/min) Use combination asymmetric – symmetric keys Powerful nodes can use certificates Weaker nodes use symmetric keys

Conclusion A new key management scheme for mobile federated Wireless Sensor Networks Resource rich trusted entity establishes the trust relationship Internet-connectivity to handle additional complexity Prototype shows limited additional overhead

Questions Jef Maerien IBBT DistriNet Research Group Department of Computer Science Katholieke Universiteit Leuven Leuven, Belgium

Approach Step 1: New node detects new network, sends out a token containing own ID and compIP Step 2: Relay node relays request to GW Step 3: Gateway receives token, contacts the node owner and sends group key Step 4: Owner verifies gateway, encrypts group key in token and sends it back to GW Step 5: GW sends token to relay node Step 6: Relay sends token to new node Relay node can be skipped if new node is in range of GW 01/26/10

Context: container tracking 01/26/10 High Mobility Many Nodes Limited memory Limited CPU Limited comm Federated environment

Requirements Limited resources (The WSN constraint) – Limited communication – Limited processing – Limited Energy – => light weight key infrastructure on node Secure key deployment : – Confidential / authentication – Only authorized parties can know the group key Network key not known in advance – Pre-agreeing keys = fairly insecure – Possible breaches require rekeying

Attacker model Active External Attacker Monitor network Inject Messages Subvert nodes Does not want to be detected => No flooding No DOS

Analysis New Node : – limit hello send / trust in BE is required : rekey Networked node – Requires detection mechanism => rekey without Gateway : – no trust in Gw => no conn / BE must trust Gw Outsider : – no info on group key / knows BE or node identity