Download presentation
Presentation is loading. Please wait.
1
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University
2
Overview Overview of Wireless Sensor Networks (WSN). Security in wireless sensor networks. Why is it different? Our recent work on securing WSN using deployment knowledge Authenticating public keys (Mobihoc’05) Robust Location discovery (Infocom’05) Summary
3
Wireless Sensors Berkeley Motes
4
Mica Motes Mica Mote: Processor: 4Mhz Memory: 128KB Flash and 4KB RAM Radio: 916Mhz and 40Kbits/second. Transmission range: 100 Feet TinyOS operating System: small, open source and energy efficient.
5
Wireless Sensor Networks (WSN) Deploy Sensors
6
Applications of WSN Battle ground surveillance Enemy movement (tanks, soldiers, etc) Environmental monitoring Habitat monitoring Forrest fire monitoring Hospital tracking systems Tracking patients, doctors, drug administrators.
7
Securing WSN Motivation: why security? Why not use existing security mechanisms? –WSN features that affect security.
8
Why Security? Protecting confidentiality, integrity, and availability of the communications and computations Sensor networks are vulnerable to security attacks due to the broadcast nature of transmission Sensor nodes can be physically captured or destroyed
9
Why Security is Different? Sensor Node Constraints –Battery, –CPU power, –Memory. Networking Constraints and Features –Wireless, –Ad hoc, –Unattended.
10
Sensor Node Constraints Battery Power Constraints –Computational Energy Consumption Crypto algorithms Public key vs. Symmetric key –Communications Energy Consumption Exchange of keys, certificates, etc. Per-message additions (padding, signatures, authentication tags)
11
Memory Constraints Program Storage and Working Memory –Embedded OS, security functions (Flash) –Working memory (RAM) Mica Motes: 128KB Flash and 4KB RAM
12
An Efficient Scheme for Authenticating Public Keys in Sensor Networks
13
Wireless Sensor Networks Deploy Sensors
14
Key Distribution in WSN Deploy Sensors Secure Channels
15
Existing Approaches Key Pre-distribution Schemes Eschenauer and Gligor, CCS’02 Chan, Perrig, and Song, S&P’03 Du, Deng, Han, and Varshney, CCS’03 Du, Deng, Han, Chen, Varshney, INFOCOM’04 Liu and Ning, CCS’03 Assumption Public Keys are impractical for WSN We need to use Symmetric Keys
16
Three Years Later Has Public-Key Cryptography (PKC) became practical yet? The answer might still be NO, but … Recent Studies on using PKC on sensors PKC is feasible for WSN ECC signature verification takes 1.6s on Crossbow motes (Gura et al.)
17
The Advantage of PKC Resilience versus Connectivity SKC-based schemes have to make tradeoffs between resilience and connectivity PKC-based Key Distribution 100% resilience 100% connectivity
18
Let’s Switch to PKC? Sorry, I forgot to mention one thing: The gap between SKC and PKC is not going to change much unless a breakthrough in PKC occurs. Computation costs RC5 is 200 times faster than ECC Communication costs Signatures: ECC (320 bits), RSA (1024 bits), SHA1 (160 bits)
19
New Focuses My observation: We will be able to use PKC, but we will use SKC if that can save energy. We are doing this in traditional networks Example: session keys Research Problem Can we reduce the amount of PKC computations with the help of SKC?
20
Public Key Authentication Before a public key is used, it must be authenticated In traditional networks: we use certificates. Verifying certificates is a public key operation
21
Authenticating Public Keys in Traditional Networks 1. What is your public key? 2. Here is my public key PK 2. Here is my public key PK and certificate 3. Verify the certificate: a public key operation A B
22
Authenticating Public Keys in Sensor Networks Naïve Solution 1: preload all the public keys Memory cost: (N-1)*320 bits for 160-bit ECC Naïve Solution 2: preload the hash of all the public keys Hash is the commitment. Memory cost: (N-1)*160 bits for SHA1
23
Can We Improve Memory Usage? Much less than N-1 commitments Hash everything together: need 1 commitment Communication cost: O(N) A standard technique: Merkle Tree Memory cost: O(log N) Communication cost: O(log N)
24
Using Merkle Trees
25
Performance Memory Usage 1 + log(N) hash values (compared to N-1) Computation Cost Log(N) hash operations Communication Overhead If we use 160-bit SHA1 160 * log(N) bits When N=10,000, cost=2080 bits, worse than PKC We need to reduce the height
26
Trimming the Merkle Tree
27
A Smarter Trimming AB C
28
Deployment Knowledge How do we know that some nodes might more likely be neighbors than others? Deployment knowledge model.
29
A Group-Based Deployment Scheme
31
Modeling of The Group-Based Deployment Scheme Deployment Points
32
Trimming Strategy
33
Deployment-based Trimming
34
Finding Optimal a,b,c, and d The optimization problem: S: number of sensors in each deployment group m max : maximum amount of memory that can be used W i : percentage of nodes that are in the i group. This is decided by the deployment model We assume the Gaussian Distribution Minimize C = w 0 a + w 1 b + w 2 c + w 3 d Subject to
35
Evaluation
36
Communication Overhead vs. Memory Usages
37
Communication Overhead vs. Network Size
38
Impact of Deployment Knowledge: σ Deployment Model: Gaussian Distribution
39
Impact of Modeling Accuracy
40
Energy consumption
41
Comparing Energy cost with RSA / ECC Performance of authenticating public keys using various algorithms
42
Summary Public Key Cryptography (PKC) Will soon be available for sensor networks Intel Motes: very powerful. Usage of PKC should still be minimized We propose an efficient scheme to achieve public key authentication.
43
A Beacon-Less Location Discovery Scheme for Wireless Sensor Networks
44
Location Discovery in WSN Sensor nodes need to find their locations Rescue missions Geographic routing protocols Many other applications Constraints No GPS on sensors Cost must be low
45
Existing Positioning Schemes Beacon Nodes
46
Two Important Elements Reference points They must know their locations. e.g. beacon nodes, satellites. Relationship between nodes and reference points Distance Angle of arrival Time of arrival Time difference of arrival
47
The Beacon-Less Scheme Without using beacon nodes Beacon nodes are more expensive They can be the main target of attacks Nonetheless, we still have to find reference points and the corresponding relationships. Remember: the locations of the reference points must be known.
48
Modeling of The Group-Based Deployment Scheme We still need another important element: The relationship between nodes and reference points. Deployment Points: Their locations are known.
49
The Relationships A
50
A B
51
Modeling of the Deployment Distribution Using pdf function to model the node distribution. Example: two- dimensional Gaussian Distribution. Other distribution can also be used.
52
The Idea Observation at location O See more nodes from A and D than from H and I. Observation at location P Quite different from location O. See more nodes from H and I than from A and D. Given a location, we can derive the observation. Given the observation, can we derive the location?
53
The Problem Formulation Location θ = (x, y) Observation a = (a 1, a 2, … a n ) Location Estimation
54
A Solution Definitions a = (a 1, a 2, … a n ): The observation. f n (a | θ): The probability of observing a at location θ. Maximum-Likelihood-Estimation (MLE) Principle: find θ, such that f n (a | θ) is maximized.
55
Maximum Likelihood Estimation Likelihood Function f n (a | θ) = Pr (X 1 =a 1, …, X n =a n | θ) = Pr (X 1 =a 1 | θ) · · · Pr (X 1 =a n | θ) L( θ) = log f n (a | θ) Find θ: Gradient Descent Method
56
Evaluation Setup A square plane: 1000 meters by 1000 meters 10 by 10 grids (each is 100m X 100m) σ = 50 (Gaussian Distribution) What to evaluate? Accuracy vs. Density Accuracy vs. Transmission Range Boundary Effects Computation Costs.
57
Effect of Density m An Improvement: Dummy Nodes m: number of sensors in each group
58
Effect of Transmission Range R
59
Effect of Boundary
60
Comparing the Three Numeric Approaches (Cost)
61
Comparing the Three Numeric Approaches (Accuracy)
62
Comparisons Beacon-LessBeacon-Based Communication Overhead Low Computation Cost HighLow Device Cost LowHigh Robustness/Security HighLow Mobility NoneGood
63
Conclusion and Future Work Two Applications of Deployment Knowledge Authenticating Public Keys Beacon-Less Location Discovery IPDPS’05 paper: Location Anomaly Detection Future Work Optimizing public-key protocols for sensor networks
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.