Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Management in Mobile and Sensor Networks Class 17.

Published byEileen Brittany Rose Modified over 9 years ago

Similar presentations

Presentation on theme: "Key Management in Mobile and Sensor Networks Class 17."— Presentation transcript:

1

2 Key Management in Mobile and Sensor Networks Class 17

3 Outline  Challenges in key distribution, trust bootstrapping  Pre-setup keys (point-to-point, public)  Resurrected ducking  PGP trust graph  Trusted third party (TTP) Kerberos, SPINS PKI  Key infection  Random-key predistribution

4 Key Management  Goal: set up and maintain secure keys Public keys for signature verification or node-to- node key setup Shared keys for confidentiality or authenticity Group keys for secure group communication  Challenges Trust establishment (Class example?) Node compromise Dynamic node addition/removal

5 Network Architectures  Closed networks, centralized deployment (trusted authority controls and deploys nodes) All-pairs shared keys, or all public keys PKI, TTP (Kerberos, SPINS) Zhou & Haas threshold key management Randomkey predistribution  Open networks, autonomous deployment Resurrected duckling PGP web of trust Key infection

6 Full Key Deployment  Symmetric case All-pairs shared keys (need O(n 2 ) keys) Challenge: node addition  Asymmetric case Distribute every node’s public key (n keys) Nodes can easily set up secure shared keys

7 Trusted Key Management Center  Symmetric case Trusted third party (TTP) shares key with each node (n keys) Set up key between two nodes through TTP Kerberos, SPINS key agreement protocol  Asymmetric case Public-key infrastructure (PKI) Certification authority (CA) signs public keys of nodes All nodes know CA’s public key

8 Zhou & Haas Key Management  PKI drawbacks Revocation requires on-line PKI Single point of failure, CA replication increases vulnerability to node compromise  Distributed CA Model, tolerates t faulty nodes  Threshold signatures Signing needs coalition of t+1 correct nodes Secret sharing prevents t malicious nodes from reconstructing CA private key  Proactive security Defend against mobile adversary

9 Discussion  How can share refreshing tolerate faulty nodes?  How can we tolerate compromised combiner? Who decides to be a combiner?  How can we bootstrap this system? How can we introduce a new node?  Why should node sign a message? How does node authenticate message?  Is signature combination expensive if we have t faulty nodes?  How efficient are these mechanisms?

10 Randomkey Predistribution  Scenario: deploy 10 4 mote sensor from airplane  Goal: set up secure node-to-node keys  Simple approaches impractical Network-wide secret key Pairwise shared key with every other node Pairwise shared key with neighbors Public key infrastructure

11 Basic Random Key Scheme  Eschenauer and Gligor, ACM CCS 2002  Observation: no need for all pairs of nodes to be able to communicate to get a connected network  For any 2 nodes, if they can communicate with some probability p, then the network is a random graph that is connected with high probability (e.g. 0.999)  p is a given parameter, dictated by communication range and density of deployment of the nodes

12 Basic Random Key Scheme 2 128 Total Key Space Key Pool P Randomly choose |P| keys Randomly choose m keys Key ring of node A Key ring of node B Pick |P| s.t probability of any 2 nodes sharing at least 1 key = p

13 Key capture  Security of the basic scheme is dependent on the adversary not knowing the key pool P  Suppose adversary can compromise sensor nodes and read the keys off their key rings  E.g., adversary captures node X and discovers key k. If node A and B were communicating using key k, the adversary can now eavesdrop although neither A or B was compromised.  How can we improve resilience to node capture?

14 q-Composite Keys scheme  Require any 2 nodes to share at least q keys to communicate  Adversary must discover all q keys to eavesdrop  To maintain probability of communication between any 2 nodes = p, must reduce size of key pool (samples from a smaller pool are more likely to overlap)  Smaller key pool  keys are more likely to be reused

15 Resilience vs node capture

16 Duckling Key Establishment  Anderson and Stajano, IWSP ‘99  Problem: how can we set up keys in a ubiquitous computing environment? Devices use wireless communication How to set up a key between household devices and PDA?  Solution: set up keys using trusted communication channel Physical contact establishes a secure channel

17 Duckling Security Model 1  Assumes wireless communication  Goals Availability – Guard against jamming and battery exhaustion – “Sleep deprivation torture attack” Secure transient association with device – Even in absence of a trusted server – Security assiciations keep changing, as devices change owners, or owner changes controller

18 Duckling Security Model 2  Life cycle “similarities” Life cycle of a device – Buy device in store – Unpack it at home – Device breaks or gets a new owner Life cycle of a duckling – Duckling is in egg – When duckling hatches, first object is viewed as mother: imprinting – Duckling dies Device ownership similar to duck’s soul

19 Duckling Security Model 3  Device life cycle Imprinting: device meets master when it wakes up Reverse metempsychosis: device dies and gets new owner Escrowed seppuku: manufacturer can kill device to enable renewed imprinting  Physical contact establishes secure key during imprinting phase

20 PGP Web of Trust  Problem: how can we establish shared keys in ad hoc network without trusted PKI?  Approach: use PGP web of trust approach  Jean-Pierre Hubaux, Srđan Čapkun and Levente Buttyán: The Quest for Security in Mobile Ad Hoc Networks, MobiHoc 2001

21 Distributed storage of local certificates  Nodes issue certificates (sign others’ keys), as in PGP  Each node stores the certificates that it issued (out- bound certificates) and the certificates that other nodes issued for it (in-bound certificates) u v

22 Creating the subgraphs  Each node builds up its own out-bound and in- bound subgraphs  To establish secure communication, u and v merge their subgraphs and see if they intersect u v

23 Key Infection  Ross Anderson and Adrian Perrig, 2001  Goal: Light-weight key setup among neighbors  Assumptions: Attacker nodes have same capability as good nodes Attacker nodes less dense than good nodes Attacker compromises small fraction of good nodes  Basic key agreement protocol A  * : A, K A B  A : { A, B, K B } K A K AB = H( A | B | K A | K B )

24 Key Infection AB M4 M2 M3 M1  Broadcast keys with maximum signal strength

25 Key Whispering Extension AB M4 M2 M3 M1  Broadcast keys with minimum signal strength to reach neighbor

26 Secrecy Amplification A B C D E  A & B share K AB, A & C share K AC,, etc.  Strengthen secrecy of K’ AB A  C : { B, A, N A } K AC C  B : { B, A, N A } K CB B  D : { A, B, N B } K BD D  E : { A, B, N B } K DE E  A : { A, B, N B } K AE K’ AB = H( K AB | N A | N B )

27 Key Infection Summary  Highly efficient  Detailed analysis in progress  Preliminary simulation results: Nodes uniformly distributed over a plane D (density): average # of nodes within radio range # of attacker nodes = 1% of good nodes Table shows fraction of compromised links DBasicWhisperSASA-W 21.1%0.4%1.0%0.3% 31.8%0.6%1.4%0.5% 52.9%1.0%2.4%0.8%

28 Discussion  Tradeoff Trust perimeter and security? Security and management?

Download ppt "Key Management in Mobile and Sensor Networks Class 17."

Similar presentations

Security in Mobile Ad Hoc Networks Security Protocols and Applications Seminar Rudi Belotti, Frank Lyner April 29, 2003.

Security in Mobile Ad Hoc Networks Security Protocols and Applications Seminar Rudi Belotti, Frank Lyner April 29, 2003.
Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.

Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.
Trust relationships in sensor networks Ruben Torres October 2004.

Trust relationships in sensor networks Ruben Torres October 2004.
Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.

Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.
Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)

Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.

Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.
The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.

The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.

Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Similar presentations

Ads by Google