1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.

Slides:



Advertisements
Similar presentations
What Is an Ad Hoc Network?
Advertisements

Chris Karlof and David Wagner
Security in Wireless Sensor Networks: Key Management Approaches
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Presenter: Dinesh Reddy Gudibandi.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.
Introduction to Wireless Sensor Networks
Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.
KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Joint work with Xinran Wang, Sencun Zhu and Guohong Cao Dept. of Computer Science &
Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007.
Location-Aware Security Services for Wireless Sensor Networks using Network Coding IEEE INFOCOM 2007 최임성.
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
IC-29 Security and Cooperation in Wireless Networks 1 Secure and Robust Aggregation in Sensor Networks Parisa Haghani Supervised by: Panos Papadimitratos.
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Lightweight Key Establishment and Management Protocol (KEMP) in Dynamic Sensor Networks draft-qiu-6lowpan-secure-router-01 Ying QIU, Jianying ZHOU, Feng.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Security Issues In Sensor Networks By Priya Palanivelu.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
Dissemination protocols for large sensor networks Fan Ye, Haiyun Luo, Songwu Lu and Lixia Zhang Department of Computer Science UCLA Chien Kang Wu.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Establishing Pairwise Keys in Distributed Sensor Networks Donggang Liu, Peng Ning Jason Buckingham CSCI 7143: Secure Sensor Networks October 12, 2004.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks By: Sencun Zhu, Sanjeev Setia, and Sushil Jajodia Presented By: Daryl Lonnon.
Computer Science Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks Presented by Akshay Lal.
Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.
LEDS:Providing Location –Aware End-to-End Data Security in Wireless Sensor Networks By Prasad Under Esteemed Guidences Of; Prof Mr.A.Nagaraju.
Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
1 A Location-ID Sensitive Key Establishment Scheme in Static Wireless Sensor Networks Proceedings of the international conference on mobile technology,applications,and.
A Review by Raghu Rangan WPI CS525 September 19, 2012 An Early Warning System Based on Reputation for Energy Control Systems.
Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.
Version Number Authentication and Local Key Agreement Levente Buttyán Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology.
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Secure and Energy-Efficient Disjoint Multi-Path Routing for WSNs Presented by Zhongming Zheng.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof David Wagner University of California at Berkeley 1st IEEE International.
Computer Science 1 Using Directional Antennas to Prevent Wormhole Attacks Presented by: Juan Du Nov 16, 2005.
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.
Key management for wireless sensor networks Sources: ACM Transactions on Sensor Networks, 2(4), pp , Sources: Computer Communications, 30(9),
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.
Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
Jinfang Jiang, Guangjie Han, Lei Shu, Han-Chieh Chao, Shojiro Nishio
Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb CSE 535.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.
Energy Efficient Detection of Compromised Nodes in Wireless Sensor Networks Haengrae Cho Department of Computer Engineering, Yeungnam University Gyungbuk.
A Secure Routing Protocol with Intrusion Detection for Clustering Wireless Sensor Networks International Forum on Information Technology and Applications.
Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.
In the name of God.
Introduction to Wireless Sensor Networks
An Overview of Security Issues in Sensor Network
Presentation transcript:

1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng Ning Presented By, Monisha Kanoth & Suneeta Kamana

2 Contents Introduction to Sensor Networks Interleaved Hop-by-Hop Authentication Scheme Security Analysis Performance Evaluation Variant of the interleaved hop-by-hop authentication scheme

3 Introduction to Sensor Networks A Wireless Sensor Network (WSN) consists of a base station and a number of wireless sensors. Base Station: Controls the sensors and collects data reported by the sensors. Sensors: Devices that produce response to a change in a physical or chemical condition.

4 Characteristics of Sensor Networks Mostly deployed in unattended environments Low energy use Limited energy resources Dynamic and autonomous operation network

5 Applications Military and national security application Environment monitoring Traffic surveillance

6 Example Sensor Network Road

7 Possible Attacks on Sensor Networks Physical destruction of sensor networks Security attacks on routing and data link protocols –Eavesdrop on all traffic –Inject packets –Replay older packets –Drop or alter packets (by compromising the nodes) This paper focuses on false data injection attacks.

8 Contents Introduction to Sensor Networks Interleaved Hop-by-Hop Authentication Scheme Security Analysis Performance Evaluation Variant of the interleaved hop-by-hop authentication scheme

9 Interleaved Hop-by-Hop Authentication Scheme Assumptions Threat Model and Design Goal Notation and Definition The Basic Scheme Association Maintenance

10 Assumptions Network and Node Assumptions: –Sensor nodes are organized into clusters. –Network links are bidirectional. –Every node has space to store several hundred bytes of keying materials. Security Assumptions: –Every node shares a master key with the base station. –Each node has established a pairwise key with its one-hop neighbors. –A node can establish a pairwise key with a node that is multiple hops away. –Base station has a mechanism to authenticate broadcast messages. –Base station will not be compromised.

11 Threat Model and Design Goals Adversary Threats: By injecting false data, the adversary aims at the following goals: Deceiving the base station – false alarm Depleting the resources of the forwarding nodes Design Goals: The scheme should have the following properties when there are no more than t compromising nodes: Base station should be able to detect any false data injected by a compromised node. The number of hops before an injected data packet is detected and discarded should be as small as possible. The scheme should be efficient in computation and communication with respect to the security it provides. The scheme should be robust to node failures

12 Notations u, v (in lower case) are principals such as communicating nodes. K u is the key of node u shared with the base station. K uv is the pairwise key shared between nodes u and v. G is a family of pseudo-random functions. is node u’s authentication key, derived as MAC (k, s) is the message authentication code (MAC) of message s generated with a symmetric key k.

13 Definition For two nodes u i and u j on the path from CH to BS, if |i – j| = t + 1, we say u i and u j are associated, and u i is an associated node of u j. if ¡ - j = t + 1, u i is the upper associated node of node u j, and u j is the lower associated node of node u i. Example: When t=3, u 8 is the upper associated node of u 4 CH is a lower associated node of u 4

14 The Basic Scheme The scheme involves the following five phases: –Node initialization and deployment –Association discovery –Report endorsement –En-route filtering –Base station verification

15 Node Initialization and Deployment The key server loads every node with – a unique integer id – necessary keying materials. Specifically, it loads node u with K u shared with the base station. Using K u, node u computes its authentication key.

16 Association discovery This phase is necessary for a node to discover the IDs of its association nodes. Two way association discovery scheme: –Base station Hello –Cluster Acknowledgement

17 Base Station Hello When the message (M) arrives at a node, –it records the ids in M, attaches its own id to M, and then rebroadcasts it. –and if M already contains (t+1) ids, the node removes the first id in the list, adds its own id to the end of the list, and rebroadcasts it. Base station hello step where t = 3

18 Cluster Acknowledgement The ACK includes the cluster id, and the ids of the t+1 lower association nodes A node removes the last id in the id list and adds its own id in the beginning

19 Report Endorsement When a node v agrees on an event E, it computes –a MAC for E, using its authentication key as the MAC key (individual MAC) –another MAC for E, using the pairwise key shared with its upper association node u as the MAC key (pairwise MAC) This endorsement is authenticated with the pairwise key shared between v and Cluster head

20...Report Endorsement Cluster head (CH) collects endorsements from the other nodes and computes a compressed MAC over E, denoted as XMAC(E). =

21 …Report Endorsement The report R that node CH finally generates and forwards towards BS is as follows. R:

22 En-route Filtering When a node u receives R from its downstream node- –It first verifies the authenticity of R –It checks the number of different pairwise MACs in R If node u is s (s<t+1) hops away from BS, it should see s pairwise MACs Else, it should see t+1 pairwise MACs –It then verifies the last MAC in the pairwise MAC list

23 …En-route Filtering Report sent by Cluster Head: R: Report sent by u1: R:

24 Base Station Verification The base station BS only needs to verify the compressed MAC. –It computes t+1 MACs over E using the authentication keys of the nodes in the id list –It then XORs the MACs to see if it matches the one in the report

25 Association Maintenance Base-station initiated repair Local repair

26 Contents Introduction to Sensor Networks Interleaved Hop-by-Hop Authentication Scheme Security Analysis Performance Evaluation Variant of the interleaved hop-by-hop authentication scheme

27 Security Analysis Base Station Detection –The authentication scheme requires that each of t+1 cluster nodes compute an individual MAC –This guarantees that an adversary has to compromise at least t+1 nodes to be able to forge a report to deceive the base station

28 …Security Analysis En-route Filtering –Outsider Attacks Since every message is authenticated in a hop- by-hop fashion, an unauthorized node cannot inject false data without it being detected –Insider Attacks An adversary may compromise several sensor nodes, and then use the compromised nodes to inject false data into the network

29 Insider Attacks The security of the Cluster Acknowledgement process is critical because it provides the lower association knowledge The goal of an attack on this process is to lower associate more than t noncompromised nodes to t compromised nodes –Cluster Insider Attacks –En-route Insider Attacks

30 Cluster Insider Attacks All of the t compromised nodes are from the cluster Since the ACK from the CH towards BS must contain t+1 distinct node ids, it must include the id of a noncompromised node One of the t+1 relaying nodes closest to the CH drops a false report

31 En-route Insider Attacks In this attack, t compromised nodes that lie on the path to the BS collude to attack the cluster acknowledgement process The worst case scenario occurs when the CH and the t-1 forwarding nodes are compromised and these t compromised nodes are equally separated by t noncompromised nodes A false report will be dropped after it is forwarded by at most t 2 noncompromised nodes

32 Enhancements to the Basic Scheme When a node receives a report, it additionally checks if the downstream node is the first one in the list and this reduces the upper bound to t(t-1) Further, a node can add an id pair that includes its id and the id of its lower association and this reduces the upper bound to t(t-2)

33 Contents Introduction to Sensor Networks Interleaved Hop-by-Hop Authentication Scheme Security Analysis Performance Evaluation Variant of the interleaved hop-by-hop authentication scheme

34 Performance Evaluation Computational Cost –Establishing Pairwise keys In this scheme a cluster node computes one pairwise key and an en-route computes two. In the case of a node-failure or a path change, a node has to compute a pairwise key shared with a new node –Report Authentication A cluster node computes three MACs and the en- route node computes four. This scheme reduces the over-all energy expenditure of a node even though it entails additional computational costs

35 …Performance Evaluation Communication Cost is caused by: –Every authentic report contains one compressed MAC and t+1 pairwise MACs. –Since the size of a pairwise MAC only impacts the capability of en-route filtering, it can be made smaller as a tradeoff between performance and security –When a path change occurs, a node adds its own id to the beaconing message.

36 Contents Introduction to Sensor Networks Interleaved Hop-by-Hop Authentication Scheme Security Analysis Performance Evaluation Variant of the interleaved hop-by-hop authentication scheme

37 Variant of the Interleaved Hop-by-hop Authentication Scheme Every node en-route to the base station accepts a report received from a downstream node only if it has been verifiably endorsed by at least t+1 nodes –The t+1 immediately downstream nodes associated with a node is referred as the lower association set –A node is also in the lower association set of t+1 immediately upstream nodes on the path to the BS, and this set if referred to as the upper association set

38 … Variant of the Authentication Scheme This variant allows en-route nodes to filter out false data packets immediately It does not require the authenticated neighbor knowledge This variant is preferred when t is small.

39 Conclusions A Scheme to detect and discard false data injection in sensor networks is presented It guarantees that the base station can detect a false report when no more than t nodes are compromised The number of hops that a false data packet could be forwarded before it is detected and dropped is t 2 in the worst case

40 Future Work Study the use of interleaved hop-by- hop authentication for preventing or mitigating attacks against sensor network routing and data collection protocols Understand how this scheme can be adapted for sensor networks with mobile data sinks

41 Questions ?

42

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.