Presentation is loading. Please wait.

Presentation is loading. Please wait.

Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook.

Published byRolf Washington Modified over 10 years ago

Similar presentations

Presentation on theme: "Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook."— Presentation transcript:

1 Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook Park, Juan Gonzalez, and Ernest Foo

2 CRICOS No. 00213J a university for the world real R Key Management in WSNs for PCS/SCADA Introduction. –WSNs & SCADA. Related Work. –Nilsson et al.’s & Alzaid et al.’s schemes. Sandwich Attack. Performance Analysis –Memory overhead, communication cost, & computation cost. Conclusion 2

3 CRICOS No. 00213J a university for the world real R Introduction: WSNs Embedded Processor Transceiver Memory Sensors Battery 3 Limited Storage Limited Lifetime Slow Computations 1Kbps - 1Mbps, 3-100 Meters,

4 CRICOS No. 00213J a university for the world real R Introduction: SCADA 4 Master Center Historian Communication Systems Remote field Network Manager Human Interaction Database Storage Processing Servers Separate Subnet Fiber Optics Radio Satellite Gateways IEDs Sensors

5 CRICOS No. 00213J a university for the world real R Related Work Several papers proposed key management designs for SCADA. –They use heavy cryptographic mechanisms. –Do not consider the integration of WSNs with SCADA. The works that consider the integration, proposed by Nilsson et al. and Alzaid et al.. 5

6 CRICOS No. 00213J a university for the world real R Related Work – Nilsson et al. Nilsson et al. designed two key update protocols: –The 1 st protocol updates the pairwise symmetric key between and. –The 2 nd protocol updates the global or group key among and. They claimed that these protocols provide both forward and backward secrecy (past and future key secrecy). It is not the case! 6

7 CRICOS No. 00213J a university for the world real R Related Work – Nilsson et al. Node compromise attacks was not considered in Nilsson et al.. The new group key is directly carried by the protocols messages, encrypted under the pairwise key. The value of new pairwise key is determined by the sensor node. etc. Alzaid et al.’s addressed these weaknesses. 7

8 CRICOS No. 00213J a university for the world real R Related Work – Alzaid et al. The adversary can launch node compromise –All the credentials stored in sensors. –All the software code installed within the sensors, especially random number generation functions. It cannot compromise the network manager. 8 Adversary Model

9 CRICOS No. 00213J a university for the world real R Related Work – Alzaid et al. Past key secrecy: the past keys should not be compromised. Future key secrecy: the future keys should not be compromised. Security Requirements 9

10 CRICOS No. 00213J a university for the world real R The Proposed Key Management Forward hash chainReverse hash chain Past key secrecy Future key secrecy The Group Key Update Protocol 10

11 CRICOS No. 00213J a university for the world real R The Proposed Key Management The Group Key Update Protocol (Protocol-1) 11

12 CRICOS No. 00213J a university for the world real R The Proposed Key Management The Pairwise Key Update Protocol (Protocol-2) 12

13 CRICOS No. 00213J a university for the world real R Sandwich Attack The Problem Alzaid et al.’s scheme suffers from a new kind of attack called “Sandwich Attack”. Suppose an attacker captures a node at are revealed. All the subsequent hash images of the forward hash chain (but not the reverse hash chain) can be computed. 13

14 CRICOS No. 00213J a university for the world real R Sandwich Attack The Problem When the attacker captures another node at where. The adversary is able to compute all the preimages of the reverse hash chain between. Then, the attacker can compute all the group keys from to by computing: 14

15 CRICOS No. 00213J a university for the world real R Sandwich Attack Forward hash chain Reverse hash chain 15 unknown

16 CRICOS No. 00213J a university for the world real R Sandwich Attack Forward hash chain Reverse hash chain 16 unknown known unknown

17 CRICOS No. 00213J a university for the world real R Sandwich Attack The Solution (Protocol-3) Break the reverse hash chain into smaller ones. 17

18 CRICOS No. 00213J a university for the world real R Sandwich Attack can play two strategies: Replace Protocol-1 completely with Protocol-3. rerun Protocol-3 until receives 2 nd message of the protocol from to ensure the reestablishment of the reverse hash chain. Switch between Protocol-1 and Protocol-3 whenever it is needed. The choice between these two strategies depends on how much the Sandwich attack concerns the network designers. 18

19 CRICOS No. 00213J a university for the world real R Performance Analysis Memory Overhead 19 Stored information per sensor Nilsson et al. [2]Alzaid et al. [1]Our proposal QtySize (bits)QtySize (bits)QtySize (bits) Pairwise key shared with M.22561 1 Key used for random number generation 1128---- M’s public key1256---- Group key.11281 1 Secret data.--21282 Indexes.--2162 Hashed value of the old pairwise key--11281 Total1024800

20 CRICOS No. 00213J a university for the world real R Performance Analysis Communication Cost 20 ProtocolStep Nilsson et al. [2]Alzaid et al. [1]Our proposal # of bits Energy (  J) # of bits Energy (  J) # of bits Energy (  J) Pairwise key 1. M → N--27213.627213.6 2. M ← N25619.225619.225619.2 Total25619.252832.852832.8 Group key 1. M → N25612.81447.227213.6 2. M ← N1289.61289.61289.6 Total38422.427216.840023.2

21 CRICOS No. 00213J a university for the world real R Performance Analysis Computation Cost 21 ProtocolStep Consumed energy (  J) Nilsson et al. [2] Alzaid et al. [1] Our proposal Pairwise key 1. M → N-304 2. Compute the new key15452000 3. M ← N52154278 Total5230852582 Group key 1. M → N150278304 2. Compute the new key-154 3. M ← N154 Total304586612

22 CRICOS No. 00213J a university for the world real R Conclusion Lamport’s reverse hash chain as well as usual hash chain are employed to ensure past and future key secrecy against node compromise. No delivery for the whole value of the new group key for group key update. Sandwich Attack is mitigated by breaking the reverse hash chain into shorter ones. 22

23 CRICOS No. 00213J a university for the world real R References [1] Alzaid, Hani and Park, DongGook and Gonzalez Nieto, Juan and Boyd, Colin and Foo, Ernest. A Forward & Backward Secure Key Management in Wireless Sensor Networks for PCS/SCADA. [2] Nilsson, Dennis K. and Roosta, Tanya and Lindqvist, Ulf and Valdes, Alfonso. Key management and secure software updates in wireless process control environments. 23

24 Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Questions

Download ppt "Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook."

Similar presentations

ACHIEVING NETWORK LEVEL PRIVACY IN WIRELESS SENSOR NETWORKS.

ACHIEVING NETWORK LEVEL PRIVACY IN WIRELESS SENSOR NETWORKS.
Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.

GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.

Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology

DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:

Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.

Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.

Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering 1 Wenjun Gu, Xiaole Bai, Sriram Chellappan and Dong Xuan Presented by Wenjun.

T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering 1 Wenjun Gu, Xiaole Bai, Sriram Chellappan and Dong Xuan Presented by Wenjun.

Similar presentations

Ads by Google