Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley."— Presentation transcript:

1 Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley

2 Applications need Security  Earthquake & fire sensors  Pollution monitoring  Energy management  Military applications  Absence of security enables attacks such as spoofing & replay attacks, resulting in DoS or system compromise

3 Main Security Requirements  Authentication Receiver verifies sender (prevents spoofing) Also provides integrity  Confidentiality Data remains secret  Freshness Receiver knows message is recent (prevents replay)  Digital signatures (non-repudiation) Receiver can prove sender to third party Usually not necessary

4 System Constraints  Sensors not tamper-proof  Limited energy  Limited computation (4 MHz 8-bit)  Limited memory (512 bytes)  Limited code size (8 Kbytes) ~3.5 K base code (“TinyOS” + radio encoder) Only 4.5 K for application & security  Limited communication (30 byte packets)  Energy-consuming communication 1 byte transmission = 11000 instructions

5 Scenario 1: Static Nodes  Nodes don’t move Drop sensor nodes from airplanes Build sensor nodes into bricks, steel beams  Topology change only for node addition and removal  Goal: Set up shared keys among neighbor nodes

6 Traditional Approaches  Pre-load global key before deployment Vulnerable to node compromise  Pre-load all pair-wise keys Need O(n 2 ) keys Vulnerable to node compromise Hard to add new nodes  Diffie-Hellman key agreement Computationally expensive Might work if only needed initially Prone to denial-of-service attacks

7 More Approaches  SPINS [with Culler, Szewczyk, Tygar, Wen] Base station shares key with each node New keys setup through base station Expensive to set up all keys among neighbors through base station  Can we do better? Let’s try a crazy idea …

8 Key Infection  Collaboration with Ross Anderson  Goal: Nodes set up keys with neighbors  Assumptions: Attacker nodes have same capability as good nodes Attacker nodes less dense than good nodes Attacker compromises small fraction of good nodes  Basic key agreement protocol A  * : A, K A B  A : { A, B, K B } K A K AB = H( A | B | K A | K B )

9 Key Infection AB M4 M2 M3 M1  Broadcast keys with maximum signal strength

10 Key Whispering Extension AB M4 M2 M3 M1  Broadcast keys with minimum signal strength to reach neighbor

11 Secrecy Amplification A B C D E  A & B share K AB, A & C share K AC,, etc.  Strengthen secrecy of K’ AB A  C : { B, A, N A } K AC C  B : { B, A, N A } K CB B  D : { A, B, N B } K BD D  E : { A, B, N B } K DE E  A : { A, B, N B } K AE K’ AB = H( K AB | N A | N B )

12 Key Infection Summary  Highly efficient  Detailed analysis in progress  Preliminary simulation results: Nodes uniformly distributed over a plane D (density): average # of nodes within radio range # of attacker nodes = 1% of good nodes Table shows fraction of compromised links DBasicWhisperSASA-W 21.1%0.4%1.0%0.3% 31.8%0.6%1.4%0.5% 52.9%1.0%2.4%0.8%

13 Scenario 2: Dynamic Nodes  Assume nodes roam around  Any pair of nodes communicates  Per-message authentication & freshness

14 Traditional Approaches  Pre-load global key before deployment Vulnerable to node compromise  Pre-load all pair-wise keys Need O(n 2 ) keys Vulnerable to node compromise Hard to add new nodes  Digital signatures Too expensive on a per-message basis Prone to denial-of-service attacks

15 TESLA for Authentication  With Canetti, Song, Tygar  Designed for broadcast authentication  Use for point-to-point authentication Only need to set up n public keys  Uses efficient symmetric crypto  Requires loose time synchronization

16 Basic Authentication Mechanism t F(K) Authentic Commitment P MAC(K,P) K disclosed 1: Verify K 2: Verify MAC 3: P Authentic!  F: one-way function

17 Security Condition  Security condition (for packet P): on arrival of P, receiver is certain that sender did not yet disclose K  If security condition not satisfied, drop packet  Attacker can at most do denial-of-service attack Speeding up / delaying packets does not help

18 TESLA  Keys disclosed 2 time intervals after use  Receiver knows authentic K3 K4K5K6K7 t Time 4Time 5Time 6Time 7 K3 P2 K5 P1 K3  Authentication of P1: MAC(K5, P1 ) FF Authenticate K5 Verify MAC F K6 F K5

19 TESLA: Robust to Packet Loss K4K5K6K7 t Time 4Time 5Time 6Time 7 K3 P5 K5 P3 K3 P2 K2 P1 K2 Verify MACs P4 K4 FF Authenticate K5

20 Summary  Low overhead Communication (~ 20 bytes) Computation (~ 1 MAC computation per packet)  Perfect robustness to packet loss  Delayed authentication  Also provides freshness  Drawback: not secure with time travel

21 TIK: TESLA with Instant Key Disclosure  With Hu, Johnson  Assume accurate time synchronization Trimble Thunderbolt GPS clock: ±180 ns  Can disclose key in same packet!  Receiver instantly authenticates packet

22 Sending a TIK Frame MACDataKey MACDataKey time 

23 TIK Summary  Example: 11 Mbps network, 300m range With 1  s time synchronization error (e.g. GPS clock synchronization), works for packet size > 20 bytes  Provides strong freshness guarantee  Works for more powerful sensor nodes, PDAs, cell phones, etc.

24 Conclusion & Open Problems  Efficient key establishment is challenging  Large static sensor networks Use key infection for local key establishment?  Dynamic sensor networks TESLA for point-to-point authentication Also provides freshness Accurate time sync: TIK

Download ppt "Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley."

Similar presentations

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Trust relationships in sensor networks Ruben Torres October 2004.

Trust relationships in sensor networks Ruben Torres October 2004.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.

Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology

DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)
Yih-Chun Hu Carnegie Mellon University

Yih-Chun Hu Carnegie Mellon University
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit

Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit

Similar presentations

Ads by Google