International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.

Slides:

Advertisements

Similar presentations

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Advertisements

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Digital Signatures and Hash Functions. Digital Signatures.

KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Security Issues In Sensor Networks By Priya Palanivelu.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.

SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.

Wireless Sensor Network Security Anuj Nagar CS 590.

Computer Science Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks Presented by Akshay Lal.

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

Bob can sign a message using a digital signature generation algorithm

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Secure Aggregation for Wireless Networks Lingxuan Hu David Evans [lingxuan, Department of Computer.

KAIS T A lightweight secure protocol for wireless sensor networks 윤주범 ELSEVIER Mar

Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.

Message Authentication Requirements Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key Traffic.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Hai Yan Computer Science & Engineering University of Connecticut.

Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.

Providing Transparent Security Services to Sensor Networks Hamed Soroush, Mastooreh Salajegheh and Tassos Dimitriou IEEE ICC 2007 Reporter ：呂天龍 1.

Anonymous Path Routing Protocol in Wireless Sensor Networks Jang-Ping Sheu* §, Jehn-Ruey Jiang* and Ching Tu* National Central University* and National.

Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.

Fall 2002CS 395: Computer Security1 Chapter 11: Message Authentication and Hash Functions.

Security on Sensor Networks Presented by Min-gyu Cho SPINS: Security Protocol for Sensor Networks TinySec: Security for TinyOS SPINS: Security Protocol.

11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

Attacks in Sensor Networks Team Members: Subramanian Madhanagopal Sivasankaran Rahul Poondy Mukundan.

Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.

Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.

Multi-user Broadcast Authentication in Wireless Sensor Networks Kui Ren, Wenjing Lou, Yanchao Zhang SECON2007 Manar Mahmoud Abou elwafa.

Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.

Prepared by Dr. Lamiaa Elshenawy

User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:

Aggregation and Secure Aggregation. Learning Objectives Understand why we need aggregation in WSNs Understand aggregation protocols in WSNs Understand.

A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.

Efficient Pairwise Key Establishment Scheme Based on Random Pre-Distribution Keys in Wireless Sensor Networks Source: Lecture Notes in Computer Science,

Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.

Network Security Celia Li Computer Science and Engineering York University.

Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.

Aggregation and Secure Aggregation. [Aggre_1] Section 12 Why do we need Aggregation? Sensor networks – Event-based Systems Example Query: –What is the.

Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.

@Yuan Xue 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Introduction Wireless devices offering IP connectivity

Cryptographic Hash Function

Digital signatures.

SPINS: Security Protocols for Sensor Networks

Data Integrity: Applications of Cryptographic Hash Functions

SPINS: Security Protocols for Sensor Networks

Security of Wireless Sensor Networks

Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.

Presentation transcript:

International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁

 Introduction  Related Works  Specification  Verification  Implementation  Conclusions

 Limitation of sensor  Storage  Computational Complexity  Amount of Data  Transmission Range  Authenticating sensor reading, confidentiality  Assumptions  Limited number of sensors in the range of the base station  Invulnerable and powerful base station  No location awareness, no network topology

 SNEP  Block cipher  Authentication, confidentiality, RNG  No forward security  TinySec  Node to node communication security  Early stage malicious message detection  Failure to address replay attacks  Key deployment mechanism are not robust

 Authentication  Confidentiality  Freshness  Forward Security  Continuously evolving key

Base station node n node m : (n, d)m : Initial key Key evolution Hash function Signature

Base station node n node m : Encoding function m :

 Message loss, Delay in message delivery  Non-sequential message receipt in the base station  (n,d,s), search for a j  Hash chain update 2w+1 XnXn X n+1 X n+2 X n+3 X n+4

 Signature Forgery  Confidentiality Violation  Forward Security

 Signature forgery attack  Without knowledge of key x, constructing (n,d,s)  Constructing a valid signature  at most 2 -t ( t <= k )  Acceptable keys   Probability of successful forgery  at most 2 -t+log(2w+1)

 Attack can query O C   Attack is successful  Attacker gets any information on d other than |d|  Probability distribution: Uniform over {0,1} |d|  E is random oracle  Input to E is unique  Without, cannot be distinguished from

 Assumption  Attacker can physically extract or obtain  Oracle  Attacker can query O F at input (n,j) not (n,i),  Non-invertibility of H  Knowledge of  Do not help to decipher message under any key,

 Resource requirements  Hash Function  MAC Function  Encryption Function  Choice of Security Parameter Size

 Hash function (SHA-1)  Non-invertibility  Collision resistance property  15 µJ is required to establish a new key assuming k=160  Code size 2000 byte  MAC function  HMAC-SHA1-t  1 µJ/byte is required to generate a signature

 Encryption Function  G : non-invertible collision resistant hash function  Encryption Function E  Code size/Chip area viewpoint G, H use the same concrete hash function  Choice of Security Parameter Sizes  k : the size of the key (160 bit)  t : the size of the signature (64 bit)

 Wireless sensor networks  Authentication of the origin data  Confidentiality of data  Forward security  Freshness  Minimise the resource requirements  Low computational complexity using a hash function  No data expansion to minimise the communication overhead

 Problems  Only the base station verifies the messages  DOS attack  Acceptance window  messages can be ignored