Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.

Published byShanna Harmon Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer."— Presentation transcript:

1 Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer Frankie Authors: Wensheng Zhang, Hui Song, Sencun Zhu, and Guohong Cao

2 Computer Science Outline Background Motivation Proposed Schemes –Restricting privileges –Revocation Conclusion Future Work

3 Computer Science Background BS Mobile Sink Mobile sinks (MS) are useful in sensor networks for: data collection, data querying and network maintenance Nodes may be far away from BS, so sending data from each node to the BS will decrease security Long delay, thus intermediate can modify the data passing by Each node temporarily holds the data, then the BS dispatches a MS to go around to collect it

4 Computer Science Background Assumptions: 1.BS are secure and fixed in location 2.MS are dispatched with a known task 3.All clocks of sensor nodes are loosely synchronized 4.Nodes know their general location

5 Computer Science Motivation If MS is given too many privileges, it will become an attractive target for an attacker to compromise Attacker can use compromised MS to revoke other nodes and bring down an entire sensor network Enable sensor nodes to validate tasks claimed by MS Goal of design: –Least privilege –Immediate Privilege Deprivation (revocation) –On-demand task assignment –Efficiency

6 Computer Science Notation u: sensor node MS: mobile sink Rn: randomly generated nonce TT: type of task Ts: Starting time of a task Te: Ending time of a task Km: Master key held by BS Ku: individual node key

7 Computer Science Scheme I & II: Key Distribution 1.BS generates master key k m 2.BS generates an individual key for each node u K u = Gk m (u) where G is a pseudo random function f(u,y) a t bivariate polynomial share 3.Loads the MS with a pairwise key K u (MS) = H(TT | MS | K u | T s | T e ) f(MS(u),y) where MS(u) = H(TT | T s | T e | u)

8 Computer Science Scheme I & II: Authentication 1.MS  u: MS, TT, Ts, T in plaintext and encrypted with pairwise share key 2.MS and u use their pairwise key to encrypt this information and authenticate each other Problem: Not scalable in terms of storage! –Store one pairwise key with each host node –Store n(t+1) coefficients

9 Computer Science Scheme III: Reducing Polynomial Shares to One Goal: Reduce the number of polynomial shares processed by a MS to one To do this we will need to: 1.Use locations of the host nodes rather then their id to reduce the amount of information the MS must store about each host node (cell merging) 2.Use Merkle-hash tree to construct the id for a MS so that only one polynomial share has to be assigned to the MS (block compression)

10 Computer Science Scheme III: Reducing Polynomial Shares to One If MS is scheduled to cross cell (i,j) then BS will generate a specific id for MS MS(i,j) = H(TT | T s | T e | i | j) MS can establish a pairwise key f(MS(i,j),u) with any node u in cell (i,j) (0,0) Cell (i,j) Cell Merging Merge continuous cells into blocks Each block = (i,j,d,s) –(i,j) = index –d = 0 for top, =1 for bottom –s = number of cells in direction d First block: (1,1,0,7) Second block: (2,7,1,3)

11 Computer Science Scheme III: Reducing Polynomial Shares to One Block compression B1 B2B3B4B5B6B7B8 X 78 X 34 X 56 X 12 X 14 X 58 X 18 = H(X 14 | X 58 ) MS gives u B 3, B 4, X 12 and X 58 u verifies that it is in B 3 and derives X 18 = F(F(X 12 |F(B 3 |B 4 ))|X 58 ) u computes id of MS (H(TT|T s |T e |X 1m )) to derive polynomial share

12 Computer Science Revoking a MS On-Demand Revoke a MS if it is compromised or the security policy has changed and the MS still holds privileges Naïve approach –BS unicast revocation message to all host nodes BS may not know all nodes’ ids Too much overhead –BS flood revocation message over the network All nodes that receive this message must forward it

13 Computer Science Basic Revocation Scheme Multicast revocation message within the revocation area 1.BS broadcast revocation message to it’s neighbors, indicating the id of the MS to be revoked 2.Once each neighbor receives this message Checks to see if this is a duplicate message, if so, the message is dropped If the neighbor finds it is within the revocation area indicated by the message, it records the id of the revoked MS and rebroadcasts the message to it’s neighbors

14 Computer Science Problems with Basic Scheme The basic revocation scheme is performs well when the revocation area is a regular shape (e.g. rectangle or circle) One can divide the irregular shape into several regular shapes… Revocation Area The revocation area is divided into 100 rectangles and each rectangle needs 4 bytes Need 400 bytes to represent revocation area Typical packet contains few tens of bytes (assume 29 bytes) To revoke an MS, must send = 14 revocation messages must be sent, received and forwarded by each host node 400 29

15 Computer Science Enhanced Revocation Schemes Revocation area is divided into multiple subareas and multiple revocation messages are sent to and multicasted within the subareas simultaneously The blocks forming the subarea are further combined into smaller number of blocks (expanded blocks) This reduces the… –Revocation delay –Number of revocation messages

16 Computer Science GPSR-based Scheme Use GPSR protocol to send each revocation message to a certain node within the subarea Then multicast the message within the subarea

17 Computer Science Performance GPSR-based schemes reduce latency by sending multiple packets almost simultaneously along different paths Triangle Trajectory Polygon Trajectory

18 Computer Science Conclusion & Future Work Conclusion –Each node must be able to verify the MS and the task that the MS has been sent to perform Future work –Address issues when the MS needs to change its trajectory due to an unexpected event –Explore other revocation techniques to balance the tradeoff between delay and message complexity

19 Computer Science Questions Are there any questions?

Download ppt "Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer."

Similar presentations

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Computer Networking A Top-Down Approach Chapter 4.7.

Computer Networking A Top-Down Approach Chapter 4.7.
Scalable Content-Addressable Network Lintao Liu 2001.11.19.

Scalable Content-Addressable Network Lintao Liu
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
1 Routing Techniques in Wireless Sensor networks: A Survey.

1 Routing Techniques in Wireless Sensor networks: A Survey.
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.

A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Joint work with Xinran Wang, Sencun Zhu and Guohong Cao Dept. of Computer Science &

A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Joint work with Xinran Wang, Sencun Zhu and Guohong Cao Dept. of Computer Science &
Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007.

Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:

Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
1 Sensor Relocation in Mobile Sensor Networks Guiling Wang, Guohong Cao, Tom La Porta, and Wensheng Zhang Department of Computer Science & Engineering.

1 Sensor Relocation in Mobile Sensor Networks Guiling Wang, Guohong Cao, Tom La Porta, and Wensheng Zhang Department of Computer Science & Engineering.
Presented By : Ankita Jaiswal Guided By : Dr. Agrawal sir.

Presented By : Ankita Jaiswal Guided By : Dr. Agrawal sir.
IC-29 Security and Cooperation in Wireless Networks 1 Secure and Robust Aggregation in Sensor Networks Parisa Haghani Supervised by: Panos Papadimitratos.

IC-29 Security and Cooperation in Wireless Networks 1 Secure and Robust Aggregation in Sensor Networks Parisa Haghani Supervised by: Panos Papadimitratos.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Haiyun Luo, Fan Ye, Jerry Cheng, Songwu Lu, Lixia Zhang

Haiyun Luo, Fan Ye, Jerry Cheng, Songwu Lu, Lixia Zhang
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

Similar presentations

Ads by Google