Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and."— Presentation transcript:

1 Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and Prof. Shiv Mishra University of Colorado at Boulder Department of Computer Science

2 Reprogramming Wireless Sensor Networks (WSNs) Reprogramming in situ sensor nodes through wireless medium. –Important for sensor network management. Patch buggy code, change run-time parameters. Install new applications and unanticipated features. Very important for hostile and/or rugged terrain. General properties of WSNs –Resource constraints –Tree-structured routing FireWxNet MobiSys 2006 Base station Tree-structured topology of WSN

3 Secure Reprogramming in WSNs Security is critical for Reprogramming. –Scientific applications – lives may depend on the data (FireWxNet) –Military applications –Commercial applications – inject false code Types of attacks: –Prevent an adversary from injecting malicious or bogus code image to sensor nodes. Data authenticity and integrity – a focus of this paper –Prevent an adversary from a DoS flooding attack – our approach has resilience to this –Prevent an adversary from understanding program code Confidentiality – not a focus of this paper –In WSNs, an adversary can compromise a node! Efficiently protect authenticity and integrity of program code image disseminated from base station

4 A System Model for Reprogramming Sensor Nodes BS n 6 5 4 3 2 1 1 2 m … 2 3 1 1 2 3 1 2 3 1 2 3 2 1 2 1 1 Entire code image is segmented into pages, each page contains a certain number of packets. Page level: a node has to receive page by page sequentially. Packet level: a node broadcasts all packets in a page in “Round-Robin” way. After receiving ACK/NACK messages from neighbors nodes, it broadcasts lost packets, and so on, until all packets are received by neighbors. program code Provides an efficient way to reliably disseminate a large amount of data to the entire network. Deluge, others… 24,5,n n 2

5 Threat Model and Security Goals Threat Model –Adversary can eavesdrop on all packets nearby. –Adversary can inject (any types of ) data nearby. –Adversary can compromise a sensor node and obtain all information inside it, including code image and keys. –Adversary cannot compromise the base station. Security Goals 1.Protect authenticity and integrity of code image. Adversary cannot inject his malicious program code even given compromised sensor nodes. 2.Preventing adversary from launching Denial of Services attacks by flooding bogus packets. Every node can verify the authenticity of code image as soon as it receives it. Otherwise adversary can inject bogus packets to launch DoS attacks or force a node to drop correct data. 3.Low cost. The communication/computing overhead are acceptable. BS 2 3 1 1 2 3 1 2 1 2 2 1 2 1 1 Does not protect against: –Local jamming attacks. Can countermeasure it. –Data confidentiality. M M M

6 Limiting Public Key Operations Difficult to construct a pure symmetric key approach. –Global key –Transitory global key - to deal with node compromise, but still has problems… –Pairwise keys – issues raised in earlier talk, etc. –Key distribution problem Are public key algorithms feasible on standard sensor nodes? Yes, just barely. –Computing overhead RSA –2-3 seconds (512 bits of key) on mica2. Elliptic Curve Cryptographic algorithm –D. Malan: 40 seconds to encrypt 16 bytes of data on MICA2 –P. Ning: TinyECC takes 12 to 16 seconds to verify a signature on MICAz –V. Gupta: Sizzle from Sun, hundreds or thousands milliseconds on Atmel chip (haven’t seen source code yet) –Communication overhead: RSA: 512 bits of key, Elliptic curve : 168 bits of key Our approach: –combine public key and fast cryptographic hash schemes, but limit public key executions –Predistribute the public key of the base station, and a cryptographic hash

7 Signed Hash Tree Scheme Motivation: to make our scheme more efficient when some data packets are lost. Solution: send all hashes first, then send data packets. Build a hash tree, hashes in high level packets can be used to authenticate hashes/data in low level packets. –P 2,0 =Hash(P 3,0 )||Hash(P 3,1 ) Send packets from high level to low level. After a node received packet P, it can receive disordered children (hash/data) packets of P. An attacker can’t modify packets undetected Compromise reveals public key and hash A node can verify immediately each packet, even if out of order Sender can disseminate packets similar to Round-Robin. P 4,0 P 4,1 P 4,2 P 4,3 P 4,4 P 4,5 P 4,6 P 4,7 P 3,0 P 3,1 P 3,2 P 3,3 P 2,0 P 2,2 P 1,0 signature

8 New Results: Compare to a Signed Hash Chain Scheme Similar approaches published in operating systems, SenSys 05 poster, etc. The base station has a private key, and all sensors have the public key. Each packet contains the secure hash value of next packet. The first packet P 0 value contains the signature of the secure hash value signed with private key. When a node receives packet P 0, it can verify the authenticity of the hash value H 1 with the public key. When a node receives packet P k, it can verify its authenticity with H k it received before. Protects data authenticity and integrity. Problems: –Maliciously breaking the chain => can’t verify subsequent packets –Not efficient when packet loss rate is high. –To verify packet H k, B have to receive all packets from H 0 to H k-1. (cannot run Round-robin scheme with NACK) A B

9 New Results: Linked Hash-tree Scheme Motivation –Conform with code dissemination protocol of Deluge – enforces per page ordering, so can out-of-order packets within a page, but not out-of- order pages => per-page public key! –Reduce memory cost Each page contains a hash tree for code image authentication. Use a signed hash chain to link the root nodes of all hash trees. To appear in IPSN 2006

10 New Results: Simulations Scenario –A node disseminates 32KB data to 20 neighbors. Packet size 128B, hash size 4B. Hash chain scheme is very expensive since every receiver needs to send an ACK message back to sender. Hash tree scheme consumes too much memory. Hybrid hash chain/tree scheme has feasible moderate cost. (more simulation results are in the IPSN paper) Deluge4KB Hash Chain4 bytes Hash Tree32KB Hybrid4.1KB Memory Consumption

11 Summary Presented a signed hash tree scheme for efficient and secure dissemination of code to WSNs –Form a signed hash tree –Release hashes a priori –Immediate verification –Out-of-order verification New results show that a hybrid signed chain-tree is the best combination of low overhead, low memory, and low delay –performance is close to insecure Deluge scheme

12 Fine

Download ppt "Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook.

Queensland University of Technology CRICOS No J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook.
DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology

DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology
An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.

An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.
Secure Routing in WSNs: Attacks & Countermeasures Chris Karlof & David Wagner, UC Berkeley 1 st IEEE International Workshop on Sensor Network Protocols.

Secure Routing in WSNs: Attacks & Countermeasures Chris Karlof & David Wagner, UC Berkeley 1 st IEEE International Workshop on Sensor Network Protocols.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
Research Trends in MANETs at CIIT, Islamabad Mohammad Mahboob Yasin, PhD COMSATS Institute of Information Technology.

Research Trends in MANETs at CIIT, Islamabad Mohammad Mahboob Yasin, PhD COMSATS Institute of Information Technology.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Similar presentations

Ads by Google