Delay Aware, Reconfigurable Security for Embedded Systems Philip Brisk 2 Tammara Massey 1 Foad Dabiri 1 Majid Sarrafzadeh 1 2 1.

Slides:

Advertisements

Similar presentations

Cognitive Radio Communications and Networks: Principles and Practice By A. M. Wyglinski, M. Nekovee, Y. T. Hou (Elsevier, December 2009) 1 Chapter 12 Cross-Layer.

Advertisements

1 Routing Protocols I. 2 Routing Recall: There are two parts to routing IP packets: 1. How to pass a packet from an input interface to the output interface.

Impact of Interference on Multi-hop Wireless Network Performance Kamal Jain, Jitu Padhye, Venkat Padmanabhan and Lili Qiu Microsoft Research Redmond.

Shi Bai, Weiyi Zhang, Guoliang Xue, Jian Tang, and Chonggang Wang University of Minnesota, AT&T Lab, Arizona State University, Syracuse University, NEC.

VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.

Winter 2004 UCSC CMPE252B1 CMPE 257: Wireless and Mobile Networking SET 3f: Medium Access Control Protocols.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Interconnect throughput modeling. Important network performance metrics Throughput – Point to point (link bandwidth + end host software overheads) – Aggregate.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

1 Advancing Supercomputer Performance Through Interconnection Topology Synthesis Yi Zhu, Michael Taylor, Scott B. Baden and Chung-Kuan Cheng Department.

Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.

DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology

1 Distributed Adaptive Sampling, Forwarding, and Routing Algorithms for Wireless Visual Sensor Networks Johnsen Kho, Long Tran-Thanh, Alex Rogers, Nicholas.

Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June

TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003

1 ENERGY: THE ROOT OF ALL PERVASIVENESS Anthony Ephremides University of Maryland April 29, 2004.

Distributed Algorithms for Secure Multipath Routing

Applying Genetic Algorithms to Decision Making in Autonomic Computing Systems Authors: Andres J. Ramirez, David B. Knoester, Betty H.C. Cheng, Philip K.

Wireless Capacity. A lot of hype Self-organizing sensor networks reporting on everything everywhere Bluetooth personal networks connecting devices City.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

Quality-Aware Segment Transmission Scheduling in Peer-to-Peer Streaming Systems Cheng-Hsin Hsu Senior Research Scientist Deutsche Telekom R&D Lab USA Los.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

Secure Group Communications in Wireless Sensor Networks December 8, 2003 CS 526 Advance Internet and Web Systems Patrick D. Cook.

Maximizing the Lifetime of Wireless Sensor Networks through Optimal Single-Session Flow Routing Y.Thomas Hou, Yi Shi, Jianping Pan, Scott F.Midkiff Mobile.

TinySec: Performance Characteristics Chris K :: Naveen S :: David W January 16, 2004.

Establishing Pairwise Keys in Distributed Sensor Networks Donggang Liu, Peng Ning Jason Buckingham CSCI 7143: Secure Sensor Networks October 12, 2004.

1 Algorithms for Bandwidth Efficient Multicast Routing in Multi-channel Multi-radio Wireless Mesh Networks Hoang Lan Nguyen and Uyen Trang Nguyen Presenter:

KAIS T A lightweight secure protocol for wireless sensor networks 윤주범 ELSEVIER Mar

Steady and Fair Rate Allocation for Rechargeable Sensors in Perpetual Sensor Networks Zizhan Zheng Authors: Kai-Wei Fan, Zizhan Zheng and Prasun Sinha.

QoS-Aware In-Network Processing for Mission-Critical Wireless Cyber-Physical Systems Qiao Xiang Advisor: Hongwei Zhang Department of Computer Science Wayne.

1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Hai Yan Computer Science & Engineering University of Connecticut.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks – Chris Karlof, Naveen Sastry & David Wagner Dr. Xiuzhen Cheng Department of Computer.

SENSOR NETWORK SECURITY Group Members Pardeep Kumar Md. Iftekhar Salam Ahmed Galib Reza 1 Presented by: Iftekhar Salam 1.

1 11 Subcarrier Allocation and Bit Loading Algorithms for OFDMA-Based Wireless Networks Gautam Kulkarni, Sachin Adlakha, Mani Srivastava UCLA IEEE Transactions.

A Distributed Framework for Correlated Data Gathering in Sensor Networks Kevin Yuen, Ben Liang, Baochun Li IEEE Transactions on Vehicular Technology 2008.

A Distributed Clustering Framework for MANETS Mohit Garg, IIT Bombay RK Shyamasundar School of Tech. & Computer Science Tata Institute of Fundamental Research.

Wireless Sensor Networks COE 499 Energy Aware Routing

June 21, 2007 Minimum Interference Channel Assignment in Multi-Radio Wireless Mesh Networks Anand Prabhu Subramanian, Himanshu Gupta.

The Case for Addressing the Limiting Impact of Interference on Wireless Scheduling Xin Che, Xi Ju, Hongwei Zhang {chexin, xiju,

Adapted from the original presentation made by the authors Reputation-based Framework for High Integrity Sensor Networks.

Sensor Network Security: Survey Team Members Pardeep Kumar Md. Iftekhar Salam Ah. Galib Reza 110/28/2015.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.

Resource Mapping and Scheduling for Heterogeneous Network Processor Systems Liang Yang, Tushar Gohad, Pavel Ghosh, Devesh Sinha, Arunabha Sen and Andrea.

TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.

Energy and Latency Control in Low Duty Cycle MAC Protocols Yuan Li, Wei Ye, John Heidemann Information Sciences Institute, University of Southern California.

Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.

1 Iterative Integer Programming Formulation for Robust Resource Allocation in Dynamic Real-Time Systems Sethavidh Gertphol and Viktor K. Prasanna University.

Multi-channel Wireless Sensor Network MAC protocol based on dynamic route.

Computer Network Lab. Integrated Coverage and Connectivity Configuration in Wireless Sensor Networks SenSys ’ 03 Xiaorui Wang, Guoliang Xing, Yuanfang.

Linear Programming & its Applications to Wireless Networks Guofeng Deng IMPACT Lab, Arizona State University.

To ensure secure and dependable monitoring of rail cars transporting hazardous materials, providing resiliency against both random and malicious threats.

Tufts Wireless Laboratory School Of Engineering Tufts University Paper Review “An Energy Efficient Multipath Routing Protocol for Wireless Sensor Networks”,

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam Modified by Sarjana Singh.

Efficient Resource Allocation for Wireless Multicast De-Nian Yang, Member, IEEE Ming-Syan Chen, Fellow, IEEE IEEE Transactions on Mobile Computing, April.

Load Balanced Link Reversal Routing in Mobile Wireless Ad Hoc Networks Nabhendra Bisnik, Alhussein Abouzeid ECSE Department RPI Costas Busch CSCI Department.

A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.

CprE 458/558: Real-Time Systems (G. Manimaran)1 CprE 458/558: Real-Time Systems Energy-aware QoS packet scheduling.

SERENA: SchEduling RoutEr Nodes Activity in wireless ad hoc and sensor networks Pascale Minet and Saoucene Mahfoudh INRIA, Rocquencourt Le Chesnay.

On Mobile Sink Node for Target Tracking in Wireless Sensor Networks Thanh Hai Trinh and Hee Yong Youn Pervasive Computing and Communications Workshops(PerComW'07)

Courtesy Piggybacking: Supporting Differentiated Services in Multihop Mobile Ad Hoc Networks Wei LiuXiang Chen Yuguang Fang WING Dept. of ECE University.

1 Chapter 6 Reformulation-Linearization Technique and Applications.

1 Chapter 5 Branch-and-bound Framework and Its Applications.

-1/16- Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks C.-K. Toh, Georgia Institute of Technology IEEE.

Impact of Interference on Multi-hop Wireless Network Performance

Presented by Tae-Seok Kim

Security Of Wireless Sensor Networks

Security of Wireless Sensor Networks

Presentation transcript:

Delay Aware, Reconfigurable Security for Embedded Systems Philip Brisk 2 Tammara Massey 1 Foad Dabiri 1 Majid Sarrafzadeh 1 2 1

Outline ECG Application Security in BANs Related Work Dynamic Security System (DYNASEC) Conclusion 1/15

Body-Area Network Application Electrocardiogram (ECG) Sensor Large bandwidth requirement Parallel transmission of many waveforms Environmental interferences Patient movement Respond to anomalies Activate drug delivery mechanism Based on SQRS Algorithm [Pino et al., ’05] ECG waveforms May misclassify features due to noise Addressed via moving threshold with independent values Extra noise classification removed to reduce code size 2/15

Security in Body-Area Networks Health Insurance Portability and Accountability Act (USA) “… ensure integrity and confidentiality of information” “… protect against reasonably anticipated threats or hazards to the security of integrity of the information” Security-Processing Gap [Ravi et al., ’03] Exacerbated for body area networks Limited Memory Battery lifetime Bandwidth 3/15

Related Work TinyPK [Watro et al., ’04] Authentication and key exchange via RSA encryption TinySec [Karlof et al., ’04] Link-layer security for wireless sensor networks Authentication, Skipjack/RC5 encryption Elliptic curve cryptography on motes [Malan et al., ’04] DYNASEC: adds reconfigurable element to security 4/15

Dynamic Security System (DYNASEC) Normal operation High security all around Anomaly detected Hard real-time requirements Reconfiguration to meet the deadline Dynamically change security levels Throttle packet size 5/15

DYNASEC System Design Sensor Operating System (SOS) [Han et al., ’05] Message Integrity Code (MIC) Encryption (is optional) Skipjack, RC5 implemented in SOS kernel Memory requirements Original – 17% of Mica2 mote memory Modified – 39% of Mica2 mote memory Encryption algorithms have large data segments 6/15

Four Security Levels L0 – No Security L1 – MIC Authentication + No Encryption L2 – MIC Authentication + Skipjack Encryption L3 – MIC Authentication + RC5 Encryption RC5 is faster and stronger than Skipjack Pre-computed key schedule consumes 2.6% of Mica2 mote memory 7/15

Security Cost 8/15 Packet size (bytes)

Dynamic Security Allocation Network organized as a directed ayclic graph (DAG) Sink is a centralized node with more processing power than other nodes In response to anomaly redistribute security levels Integer Budgeting Problem on a DAG Model as Linear Program Solve LP (CPLEX) on centralized node Relax to nearest integer solution If no solution is available Reduce the packet size and try again 9/15

Budgeting Problem Formulation Given: Hard-timing constraint for communication Maximize: Aggregate security of all motes in the DAG Subject to the following constraints Exactly one security algorithm assigned to each mote Each source-to-sink path satisfies the timing constraint For each link: The flow of packets sent into each link does not exceed the link capacity For each internal mote: The flow of outgoing packets is equal to the flow of incoming packets 10/15

Pragmatic Issues Propagation time from centralized node to other nodes is non-negligible Only run the algorithm if there is at least a 15% change in link quality Can re-use the old solution for repeated anomalies If there is a change… Nodes make temporary local decisions for the best routing path… Link quality used to choose next hop Modifies security level Lower if it cannot achieve desired throughput Higher if it exceeds desired throughput Until the centralized node propagates its solution 11/15

Experimental Setup Randomly generated network Simulation on Avrora [Titzer et al., ’05] 10 nodes or less (for now) Runtime of LP solver doesn’t scale 3 Types of Links Well-connected 20% of packets dropped Lossy 50% of packets dropped Very lossy 80% of packets dropped 12/15

Evaluation Small Network (10 nodes or less) Reasonable for today’s body area networks LP converges in approximately 1.5 ms, on average Does not include time to propagate solution to the nodes in the network Establishes feasibility of the approach Will not scale for larger network Must solve budgeting problem in distributed fashion 13/15

Conclusion (1/2) Security-Processing Gap Exacerbated for BANs Limited memory New cryptographic algorithms are needed Smaller code/data segments Approximately 11% of mote memory, per algorithm, could be improved Configurability Allow the user to select a tradeoff between runtime and cipher quality 14/15

Conclusion (2/2) Anomalies  Hard real-time constraints DYNASEC reconfigures security levels in response Security allocation is a budgeting problem Solved using LP-relaxation on centralized node Future work: solve the problem in distributed fashion on the motes Increase emphasis on throttling packet size 15/15