Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.

Slides:



Advertisements
Similar presentations
An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Advertisements

Chris Karlof and David Wagner
Secure Time Synchronization Service for Sensor Networks S. Ganeriwal, R. Kumar, M. B. Sirvastava Presented by: Kaiqi Xiong 11/28/2005 Computer Science.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.
A Survey of Key Management for Secure Group Communications Celia Li.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
Security Issues In Sensor Networks By Priya Palanivelu.
Research Trends in MANETs at CIIT, Islamabad Mohammad Mahboob Yasin, PhD COMSATS Institute of Information Technology.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
ITIS 6010/8010: Wireless Network Security Weichao Wang.
Multicast Security CS239 Advanced Network Security April 16 th, 2003 Yuken Goto.
SIA: Secure Information Aggregation in Sensor Networks Dhiman Barman Authors: Bartosz Przydateck, Dawn Song, and Adrian Perrig CMU SenSys 2003.
LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks By: Sencun Zhu, Sanjeev Setia, and Sushil Jajodia Presented By: Daryl Lonnon.
1 Timed Efficient Stream Loss-tolerant Authentication.
Computer Science 1 Research on Sensor Network Security Peng Ning Cyber Defense Laboratory Department of Computer Science NC State University 2005 TRES.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
Computer Science Secure Hierarchical In-network Data Aggregation for Sensor Networks Steve McKinney CSC 774 – Dr. Ning Acknowledgment: Slides based on.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Terminodes and Sybil: Public-key management in MANET Dave MacCallum (Brendon Stanton) Apr. 9, 2004.
Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.
Computer Science 1 CSC 774 Advanced Network Security Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig,
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
SIA: Secure Information Aggregation in Sensor Networks B. Przydatek, D. Song, and A. Perrig. In Proc. of ACM SenSys 2003 Natalia Stakhanova cs610.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.
Multicast Security: A Taxonomy and Some Efficient Constructions By Cannetti et al, appeared in INFOCOMM 99. Presenter: Ankur Gupta.
Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.
Key management for wireless sensor networks Sources: ACM Transactions on Sensor Networks, 2(4), pp , Sources: Computer Communications, 30(9),
Group-based Source Authentication in VANETs You Lu, Biao Zhou, Fei Jia, Mario Gerla UCLA {youlu, zhb, feijia,
Self-Healing Group-Wise Key Distribution Schemes with Time-Limited Node Revocation for Wireless Sensor Networks Minghui Shi, Xuemin Shen, Yixin Jiang,
Multi-user Broadcast Authentication in Wireless Sensor Networks Kui Ren, Wenjing Lou, Yanchao Zhang SECON2007 Manar Mahmoud Abou elwafa.
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Random Key Predistribution Schemes for Sensor.
Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.
Security for Broadcast Network
Aggregation and Secure Aggregation. Learning Objectives Understand why we need aggregation in WSNs Understand aggregation protocols in WSNs Understand.
1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.
A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.
1 Security for Broadcast Network Most slides are from the lecture notes of prof. Adrian Perrig.
Author: Na Ruan, Yoshiaki Hori Published in:
International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
Aggregation and Secure Aggregation. [Aggre_1] Section 12 Why do we need Aggregation? Sensor networks – Event-based Systems Example Query: –What is the.
Authenticating streamed data in the presence of random packet loss February 8 th, 2001 Philippe Golle Nagendra Modadugu Stanford University.
Presented by: Reut Barazani Limor Levy. Contents Introduction Digital signature broadcast message authentication TESLA broadcast message authentication.
Round-Efficient Broadcast Authentication Protocols for Fixed Topology Classes Haowen Chan, Adrian Perrig Carnegie Mellon University 1.
A Secure Routing Protocol with Intrusion Detection for Clustering Wireless Sensor Networks International Forum on Information Technology and Applications.
Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.
Key Management Techniques in Wireless Sensor Networks
SPINS: Security Protocols for Sensor Networks
BROADCAST AUTHENTICATION
Data Integrity: Applications of Cryptographic Hash Functions
SPINS: Security Protocols for Sensor Networks
Presentation transcript:

Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks

Computer Science CSC 774 Adv. Net. Security2 Outline Background Basic Approach Various Extensions Implementation Results Conclusion & Future Work

Computer Science CSC 774 Adv. Net. Security3 Background Wireless Sensor Network –Large number of resource constrained sensor nodes –A few powerful control nodes (Base Station) Broadcast Authentication in Sensor Network –  TESLA –Multilevel  TESLA

Computer Science CSC 774 Adv. Net. Security4 Review of Multilevel  TESLA CDM i =i|K i+1,0 |H(K i+2,0 ) |MAC K’i (i|K i+1,0 |H(K i+2,0 ))|K i-1

Computer Science CSC 774 Adv. Net. Security5 Review of Multilevel  TESLA (cont.) Benefits: –Trade-off between key chain length and broadcast time –Resistant to packet loss Problems left: –Remove the long delay after CDMs are lost –Allow multiple senders –Revoke broadcast senders

Computer Science CSC 774 Adv. Net. Security6 Practical Broadcast Authentication in WSN: Basic Scheme Use Merkle tree to distribute the key chain commitments – referred to as parameter distribution tree –The tree root is pre-distributed –Each commitment is a leaf of the tree Key chain commitmentss1s1 s4s4 s3s3 s2s2 K1K1 K4K4 K3K3 K2K2 K 14 K 34 K 12 Pre-distributed root

Computer Science CSC 774 Adv. Net. Security7 Practical Broadcast Authentication in WSN: Basic Scheme (Cont.) If the 2 nd  TESLA instance will be used: –Sender broadcasts the parameter certificate ParaCert 2 = { s 2, K 1, K 34 } –Receivers immediately authenticate the commitment s 2 by verifying K 14 = H( H( H( s 2 ) K 1 ) | K 34 ) s1s1 s4s4 s3s3 s2s2 K1K1 K4K4 K3K3 K2K2 K 14 K 34 K 12

Computer Science CSC 774 Adv. Net. Security8 Practical Broadcast Authentication in WSN: Basic Scheme (Cont.) The basic scheme has achieved: –Security: Attacker cannot send forged packet unless compromising the sender The parameter certificates are immune to DoS attack –Overhead: Storage: each receiver node needs to store the root of the parameter distribution tree, and the parameters of the senders that are communicating Computation: each receiver node needs hash functions to validate the key chain commitment, where m is the number of  SLA instances –Allows multiple senders: Senders can be added dynamically by generating enough instances for late-joined senders

Computer Science CSC 774 Adv. Net. Security9 Scheme for Long-lived Senders Basic idea: –two-level parameter distribution tree Pre-Distribution –Fix the interval length that each  TESLA key chain uses, denote such an interval as (  TESLA) instance interval. Assume each key chain has length L. –Assume sender j needs n j instance intervals through out its life: use the n j key chain parameters as leaves to construct a lower level tree, denoted as Tree j. When generating key chains for each sender: k i+1, L = F’(k i, 0 ), where F’ is a pseudo random function. –With the roots of Tree j s as leaves, an upper level parameter distribution tree is generated, denoted as Tree R –Tree R ’s root is pre-distributed to receivers, while the parameter certificate of Tree R of sender j, denoted as ParaCert j and all the key chains generated for sender j is pre-distributed to sender j.

Computer Science CSC 774 Adv. Net. Security10 Scheme for Long-lived Senders: Example s1s1 s4s4 s3s3 s2s2 K1K1 K4K4 K3K3 K2K2 K 14 K 34 K 12 s’ 1 s’ 4 s’ 3 s’ 2 K’ 1 K’ 4 K’ 3 K’ 2 R3R3 K’ 34 K’ 12 Tree R Tree j Receivers: K 14 Pre-distribution: Sender 3 : ParaCert 3 ={s 3, K 4, K 12 }, and Sender 3 ’s key chains

Computer Science CSC 774 Adv. Net. Security11 Scheme for Long-lived Senders: Example s’ 1 s’ 4 s’ 3 s’ 2 K’ 1 K’ 4 K’ 3 K’ 2 R3R3 K’ 34 K’ 12 k 3,1 k 3,0 k 3,L k 2,0 k 2,L k 1,0 k 1,L k 4,0 k 4,L k 4,1 k 2,1 k 1,1 F’F’F’F’F’F’ Tree 3

Computer Science CSC 774 Adv. Net. Security12 Scheme for Long-lived Senders (Cont.) The above scheme has achieved: –Security: Same as in the basic scheme –Overhead: Storage: receivers’ are same as in the basic scheme, sender j needs to store ParaCert j besides all the key chains. Computation: for validation of each key chain commitment, and for validation of each sender, where m is the number of senders. –Benefit over basic scheme: Fixed key chain length Two ways to validate the key chain commitments

Computer Science CSC 774 Adv. Net. Security13 Distributing Parameter Certifications Due to the low bandwidth and small packet size, ParaCert j must be delivered in several packets. –Each packet must be authenticated independently and immediately –Assume that each ParaCert contains L hash values, each packet can hold b hash values. Adopt the idea of distillation codes.

Computer Science CSC 774 Adv. Net. Security14 Distributing Parameter Certifications: Example s1s1 s4s4 s3s3 s2s2 K1K1 K4K4 K3K3 K2K2 K 14 K 34 K 12 s5s5 s8s8 s7s7 s6s6 K5K5 K8K8 K7K7 K6K6 K 58 K 78 K 56 K 18 ParaCert 3 = {K 58, K 12, K 4, s 3 }, assume that each packet can hold 3 hash values, P 1 = {K 58, K 12, K 34 }, verify: K 18 = H(H(K 12 | K 34 )|K 58 ) P 2 = {K 4, s 3 }, verify: K 34 = H(K 4 |H(s 3 ))

Computer Science CSC 774 Adv. Net. Security15 Revoking  TESLA Instances Revocation tree –Similar to the parameter distribution tree, the central server generates a revocation message for each  TESLA instance, and use all the messages to construct a Merkle tree, whose root is pre-distributed. –Advantages: Guarantees a non-compromised sender not be revoked. –Disadvantages: Cannot guarantee each receiver receives the revocation message due to the unreliable communication Revoked senders must be remembered by receivers, which introduces large storage overhead.

Computer Science CSC 774 Adv. Net. Security16 Revoking  TESLA Instances (Cont.) Proactive Refreshment of Authentication Keys –Central server sends  TESLA key chains to the senders when senders are broadcasting, instead of pre-distributing all the key chains. Central server can revoke a sender by stop sending  TESLA key chains to it. –Advantages: Guarantees a compromised sender be revoked Receivers do not need storage overhead –Disadvantages: A non-compromised sender may be revoked if it does not receive the key chains due to some communication problem.

Computer Science CSC 774 Adv. Net. Security17 Experimental Results: Authentication Rate Authentication rate under 0.2 loss rate and 200 forged parameter distribution packet per minute.

Computer Science CSC 774 Adv. Net. Security18 Experimental Results: Channel Loss Rate Channel loss rate: 0.2; # forged commitment distribution: 200 per minute; distribution rate: 95%.

Computer Science CSC 774 Adv. Net. Security19 Experimental Results: Average Failure Recovery Delay Average failure recovery delay. Assume 20 parameter distribution packet per minute.

Computer Science CSC 774 Adv. Net. Security20 Conclusion & Future Work Developed practical broadcast authentication techniques –Distribution of  TESLA key chain parameters –Revocation of compromised senders Future Work –Other schemes based on the basic scheme –Remove the constraint of loosely synchronization of senders and receivers

Computer Science CSC 774 Adv. Net. Security21 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.