Presentation is loading. Please wait.

Presentation is loading. Please wait.

10/31/20051 Designing Secure Sensor Networks Paper Authors: Paper Authors: Elaine Shi and Adrian Perrig, Carnegie Mellon University Presenter: Matt Egyhazy.

Published byBrenda Banks Modified over 9 years ago

Similar presentations

Presentation on theme: "10/31/20051 Designing Secure Sensor Networks Paper Authors: Paper Authors: Elaine Shi and Adrian Perrig, Carnegie Mellon University Presenter: Matt Egyhazy."— Presentation transcript:

1 10/31/20051 Designing Secure Sensor Networks Paper Authors: Paper Authors: Elaine Shi and Adrian Perrig, Carnegie Mellon University Presenter: Matt Egyhazy November 1, 2005

2 10/31/20052 Presentation Overview ► Introduction, Context, and Definitions ► Threat and Trust Model ► Security Requirements ► Attacks and Countermeasures ► Future Research Directions ► Critique and Conclusion

3 10/31/20053 Introduction: Paper ► Paper is a Survey of the State-of-the-Art  Offers complete overview of Sensor Network security  Refers to more specific documents for details  Some concepts already covered by Prof. Chen ► Concepts covered will be briefly reviewed ► Concepts not covered will be emphasized ► Authentication, Secrecy, Availability, Integrity ► Insider and Outsider Attacks  Compromised Node  Non-authorized Participant

4 10/31/20054 Introduction: Sensor Networks ► Collection of sensor devices ► Communicate through RF ► Scarce Resources  Power  Memory  Computation ► Uses  Monitor Environments and Report Information

5 10/31/20055 Definitions: Security Terms in Context ► Authentication  Verify identity of originator ► Secrecy  Data privacy ► Availability  System is up and running ► Integrity  Verify that data is not modified  Reject falsely injected data

6 10/31/20056 Context: Security Issues in Sensor Networks ► Not powerful enough for PKI  Must use symmetric algorithms ► RSA Signature ► Diffie-Hellman Key Exchange ► AES Encryption ► Physically Insecure  Deployment in insecure environments  Must be inexpensive ► Tamper-proof hardware is expensive ► Wireless Communication ► Large Scale Node Deployment  Most security protocols ► Designed for two-party use ► Do not scale

7 10/31/20057 Threat and Trust: Outsider Attacks ► Listen to wireless communication ► Insert Data  Alter or spoof packets ► Jam network ► Introduce false data ► Disable Nodes  Inject traffic ► Drain power resources  Physically destroy nodes

8 10/31/20058 Threat and Trust: : Insider Attacks ► Two basic scenarios  A valid node is compromised by attacker  Attacker introduces a more powerful machine into the sensor network ► Compromised Nodes  Run malicious code  RF compatible with other nodes  Authorized participant ► In possession of cryptographic primitives (keys)

9 10/31/20059 Threat and Trust: Trust Model ► Base Station is Point- of-Trust  Serves as interface between external world and sensor network ► Assumptions  More powerful device ► CPU ► RF ► Memory  Physically secure

10 10/31/200510 Threat and Trust: Trust Model (2) ► Issues with Central Trusted Base Station  Scalability ► D – N/2 keys to setup  Where D is the number of neighbors per node and N is the total number of nodes in the network ► Need to refresh keys on a regular basis or as needed  Higher energy usage ► The nodes closest to the base station use more power  Act as relays for the key exchanges  Single Point of Total Systematic Compromise

11 10/31/200511 Threat and Trust: Trust Model (3) ► Key exchange  Nodes share keys with base station  These keys are used to securely exchange the keys used for node->node communication   We call the secret key node A shares with the base station KA, and similarly KB is the shared key between node B and the base station. If nodes A and B wish to establish a shared secret key KAB, the base station can act as a trusted intermediary to establish that key, for example, by sending a random KAB encrypted with KA to node A and encrypted with KB to node B.

12 10/31/200512 Security Requirements ► Outside Attacks  Robustness ► Encryption ► Release nodes in large quantities ► Adjust routing in real time to overcome changing topology ► Inside Attacks  Graceful Degradation ► Not always possible to detect node compromise and revoke keys ► Use mechanisms to marginalize affect of small number of node breaches

13 10/31/200513 Security Requirements (2) ► Authentication  Prevents outsiders from injecting False Data or stealing secrets  Does not solve compromised node problem ► Secrecy  Encryption used to protect data  ACLs at base station to ensure privacy ► E.g. Person Locator

14 10/31/200514 Security Requirements (3) ► Availability  Ensure that sensor network is operational until expected end-of-life ► Service Integrity  Secure Data Aggregation ► Detect and reject invalid or false data entries  Time synchronization protocol

15 10/31/200515 Attacks and Countermeasures: Secrecy and Authentication ► Attacks  Eavesdropping ► Listening to node conversation  Packet replay ► Resend recorded node conversations  Modification/Spoofing packets ► Intercept and modify data ► Create completely false data ► Counters  Standard Cryptography

16 10/31/200516 Attacks and Countermeasures: Secrecy and Authentication (2) ► Key Management  Pre-deployed key ► Global  Complete system compromise  PKI ► May be too expensive even for initial key setup ► Verification DoS  Random key pre-distribution ► Broadcast Authentication  uTesla ► Creates Asymmetry  Delayed key disclosure  One-way key chain

17 10/31/200517 Attacks and Countermeasures: Secrecy and Authentication (3) ► Random Key Pre-Distribution   A random pool of keys is selected from the key space. Each sensor node receives a random subset of keys from the key pool before deployment. Any two nodes able to find one common key within their respective subsets can use that key as their shared secret to initiate communication.   Secure paths may not create a connected graph. Range extension is proposed to increase node range.

18 10/31/200518 Attacks and Countermeasures: Availability ► Attacks (DoS)  Physical Layer ► RF Interference - drains battery  Link Layer ► Collision Attack – induce collisions ► Exhaustion Attack – repeated retransmission ► Unfairness Attack – degrade node performance by hogging channel  Network Layer ► Inject malicious packets

19 10/31/200519 Attacks and Countermeasures: Availability(2) ► Physical Layer Counters  Frequency Hopping/Spread Spectrum ► Attacker would have to attack wider band ► Might be too sophisticated for low power sensors  Switch to Low Power ► Nodes outlast attacker as he is using more power to DoS the network than they are while sleeping  Use Alternative Communication ► Optical ► Infrared

20 10/31/200520 Attacks and Countermeasures: Availability(3) ► Link Layer Counters  Collision Attack ► ECC  Repair nodes damaged by collision  Exhaustion Attack ► Rate Limitation   Network can ignore excessive requests without sending expensive radio transmissions  Unfairness Attack ► Small Frames   Individual node can capture the channel only for a short time.   Can increase overhead if nodes usually sends long transmissions   Defeated by quick response by attacker if nodes randomly dealy before responding

21 10/31/200521 Attacks and Countermeasures: Availability(4) ► Network Layer Counters  Authentication ► Allows receiver to detect malicious packets  Message Freshness ► Detect replayed packets ► Nonces  One time use random numbers in message content

22 10/31/200522 Attacks and Countermeasures: Availability (5) ► Sybil Attack  Node illegitimately claims multiple identities  Link Layer - Dominates RF  Routing Layer – Sinkhole ► A sinkhole is created when the Sybil nodes route all their traffic to a sinkhole Sybil node ► Selective Forwarding  Sinkhole can selectively drop valid messages

23 10/31/200523 Attacks and Countermeasures: Availability (6) ► Counters to Sybil  Key Association Technique ► Associate cryptographic keys to the node identity ► Node impersonation can only be accomplished if keys are compromised

24 10/31/200524 Attacks and Countermeasures: Availability (6) ► Routing Attacks  Spread Bogus Routing Information  Hello Flooding ► More powerful adversary sends Hello message to all nodes in the network ► This creates a chain reaction where all the nodes send response back to the adversary.  Not all of these responses can even reach the originator, causing confusion throughout the network

25 10/31/200525 Attacks and Countermeasures: Availability (7) ► Counters to Routing Attacks  Multi-path Routing ► Use multiple paths for each transmission ► This scheme relies on the probability that not all selected paths are controlled by an adversary ► Increases use of network resources

26 10/31/200526 Attacks and Countermeasures: Service Integrity ► Attacks  Focus on forcing the system to accept invalid data  Corrupted sensor/aggregator ► Report invalid results  Sybil ► Impersonated nodes can collude in reporting false data  DoS ► Prohibit valid nodes from reporting data  False Time Synchronization ► Disseminate false synchronization messages

27 10/31/200527 Attacks and Countermeasures: Service Integrity (2) ► Counters  Data Aggregation/Reporting ► Secure Information Aggregation Protocol ► ► aggregate-commit-prove: aggregators help computing aggregation of sensor nodes’ raw data and reply to the home server with the aggregation result together with a commitment to the collection of data; the home server and the aggregators then perform efficient interactive proofs such that the home server will be able to verify the correctness of the results (or detect cheating with high probability).

28 10/31/200528 Attacks and Countermeasures: Service Integrity (3) ► Secure Information Aggregation Protocol  Keys shared between Aggregator and Data sensors ► Provides authenticity  Assuming that nodes cannot be compromised ► Does not protect against corrupt nodes  Aggregator sends hash of sensor values and computed averages to the home server. 1. 1. The home server checks that the committed data is a good representation of the true data values in the sensor network. 2. 2. The home server checks if the aggregator is cheating, in the sense that the aggregation result is not (close to) the correct result aggregated from the committed data values.

29 10/31/200529 Attacks and Countermeasures: Service Integrity (4) ► Time Synchronization Counters  Extremely weak area of sensor network security  All current network designs assume trusted environment

30 10/31/200530 Future Research Directions: Code Attestation ► Verify code running on sensors  Malicious nodes will not have valid code ► Implemented in Hardware  Trusted Computing Group  Next-Generation Secure Computing Base  May add cost to sensor device fabrication ► Implemented in Software  Memory comparison

31 10/31/200531 Future Research Directions: Misbehavior Detection and Revocation ► Utilize voting  Node A votes against B if B is found to be misbehaving  If enough bad votes against B, B’s usage of the network is revoked  However, malicious nodes can slander good nodes by casting votes against them  One work-around is to limit number of votes and store them with the key-ring ► At startup, each node pair exchanges the activation votes to allow its neighbors to vote against it

32 10/31/200532 Future Research Directions: Secure Routing ► Existing Routing Protocols Assume Trusted Environment  Directed Diffusion  Geographic Routing ► Proposed Secure Protocols for Ad-Hoc Wireless are Too Heavy  Also, traffic patterns of sensor network do not align with Ad-Hoc Wireless network

33 10/31/200533 Future Research Directions: Secure Localization ► Properties  Sensor can determine its geographic location  Malicious sensors cannot claim false position ► Solves Several Attacks  Wormhole can be detected if route goes “out of its way” to wormhole node  Sybil can be detected by its close geographic location of impersonated nodes

34 10/31/200534 Future Research Directions: Efficient Cryptographic Primitives ► Traditional security solutions are too expensive in sensor networks ► Symmetric algorithms are not flexible enough ► Cure-all would be more efficient asymmetric algorithms for use in key establishment and digital signatures

35 10/31/200535 Conclusion and Critique ► Conclusion  Sensor networks are not ready for secure deployment  More research and better implementations are needed ► Critique  Light overview of entire field of security in sensor networks  Extra reading of cited documents is required to fully understand mentioned concepts  Overall, well written and authoritative introduction into the field

36 10/31/200536 References ► ► A. Wood and J. Stankovic, “Denial of Service in Sensor Networks,” IEEE Comp., Oct. 2002, pp. 54–62. ► ► Laurent Eschenauer and Virgil D. Gligor. A key management scheme for distributed sensor networks. In Proceedings of the 9th ACM Conference on Computer and Communication Security, pages 41–47, November 2002. ► ► H. Chan, A. Perrig, and D. Song, “Random Key Pre-distribution Schemes for Sensor Networks,” IEEE Symp. Security and Privacy, May 2003. ► ► C. Karlof and D. Wagner, “Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures,” Proc. 1st IEEE Int’l., Wksp. Sensor Network Protocols and Applications, May 2003. ► ► B. Przydatek, D. Song, and A. Perrig, “SIA: Secure Information Aggregation in Sensor Networks,” Proc. 1 st ACM Int’l. Conf. Embedded Networked Sensor Sys., Nov. 2003, pp. 255–65.

Download ppt "10/31/20051 Designing Secure Sensor Networks Paper Authors: Paper Authors: Elaine Shi and Adrian Perrig, Carnegie Mellon University Presenter: Matt Egyhazy."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.

Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.

Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys07 2007.

KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys
The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.

The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.
Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.

Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Similar presentations

Ads by Google