Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Secure Communication Protocol For Wireless Biosensor Networks Masters Thesis by Krishna Kumar Venkatasubramanian Committee: Dr. Sandeep Gupta Dr. Rida.

Published byHector Park Modified over 9 years ago

Similar presentations

Presentation on theme: "1 A Secure Communication Protocol For Wireless Biosensor Networks Masters Thesis by Krishna Kumar Venkatasubramanian Committee: Dr. Sandeep Gupta Dr. Rida."— Presentation transcript:

1 1 A Secure Communication Protocol For Wireless Biosensor Networks Masters Thesis by Krishna Kumar Venkatasubramanian Committee: Dr. Sandeep Gupta Dr. Rida Bazzi Dr. Hessam Sarjoughian

2 2 Overview Introduction Problem Statement System Model Proposed Protocols Security Analysis Implementation Conclusions & Future Work

3 3 Biomedical Smart Sensors Miniature wireless systems. Worn or implanted in the body. Prominent uses: Health monitoring. Prosthetics. Drug delivery. Each sensor node has: Small size. Limited memory processing communication capabilities Environment (Human Body) sensors Base Station Communication links

4 4 Motivation for biosensor security Collect sensitive medical data. Legal requirement (HIPAA). Attacks by malicious entity: Generate fake emergency warnings. Prevent legitimate warnings from being reported. Battery power depletion. Excessive heating in the tissue.

5 5 Problem Statement Direct communication to the BS can be prohibitive. To minimize communication costs, biosensors can be organized into specific topologies. Cluster topology is one of the energy-efficient communication topologies for sensor networks [HCB00]. Traditional cluster formation protocol is not secure. We want to develop protocols which allow for secure cluster formation in biosensor networks.

6 6 Cluster Topology Cluster head Cluster Cluster Member Base Station

7 7 Traditional Cluster Formation Protocol CH1CH2 CH3 1 2 3 4 5 Environment Weaker signal

8 8 Security Flaws HELLO Flood and Sinkhole Attack 1 23 Malicious Entity acting as a SINKHOLE Weaker signal CH2 CH1 The sinkhole can now mount selective forwarding attacks on the biosensors in its “cluster”. Malicious entity can mount a Sybil attack where it presents different identities to remain CH in multiple rounds.

9 9 Security Flaws contd.. Node with surrounding tissue at above normal temperature. Node with surrounding tissue at normal temperature. tissue Node with dead battery Network Partitioning.  Malicious entity sending bogus messages to sensor and depleting its energy.  Malicious entity having unnecessary communication with a sensor causing heating in the nearby tissue.

10 10 System Model ADVERSARIES: Passive: Eavesdrop on communication and tamper with it. Active: Physically compromise the external biosensors. Temperature sensor Glucose sensor

11 11 Trust Assumptions The wireless communication is broadcast in nature and not trusted. The biosensors do not trust each other. Base Station is assumed not to be compromised.

12 12 Key Pre-Deployment Each biosensor shares a unique pair-wise key (master key) with the BS. This key is called NSK We do not use NSK directly for communication, we derive 4 keys from it (derived keys): Encryption KeysMAC Keys K N-BS = H(NSK,1)K’ N-BS = H(NSK,2) K BS-N = H(NSK,3)K’ BS-N = H(NSK,4)

13 13 Biometrics Physiological parameters like heart rate and body glucose. Used for securing/authenticating communication between two biosensors which do not share any secret. Usage Assumptions: Only biosensors in and on the body can measure biometrics. There is a specific pre-defined biometric that all biosensors can measure.

14 14 Issues with Biometrics Biometric value data-space is not large enough. Possible Solutions: Combine multiple biometric values. Take multiple biometric measurements at each time. Limit the validity time of a biometric value. Biometric values at different sites produce different values. Solution Proposed in Literature: These differences are independent. [Dau92] Can be modeled as channel errors. [Dau92] Fuzzy commitment scheme based on [JW99] used to correct differences. Can correct up to two bit errors in the biometric value measured at the sender and receiver.

15 15 Biometric Authentication BMT 12345 ST 6 Time-Period Measure biometric: BioKey Generate data Compute Certificate: Cert [data] = MAC ( KRand, data), γ γ = KRand  BioKey Send Msg: data, Cert [data] Measure biometric: BioKey’ Receive Msg: data, Cert [data] Compute MAC Key: KRand’ = γ  BioKey’ f (KRand’) = KRand Compute Certificate MAC And compare with received: MAC (KRand, data) SENDER RECEIVER Biometric Measurement Schedule

16 16 Centralized Protocol Execution Node j  All: ID j, NonceN j, MAC(K’N j – BS, ID j | NonceN j ), Cert[ID j, NonceN j ] CH p  BS: ID j, NonceNi, MAC(K’N j – BS, ID j | NonceN i ), CH p, SS, E (KCH-N), MAC(K’CH p – BS, CH p | SS | E (KCH-N) | Cntr) BS  Node j : CH p, E (KCH-N), Cntr’, MAC(K’BS-N j, CH p | NonceN j | Cntr’ | E (KCH-N)) CH 1 Sensor Node Base Station CH 2CH 3 CH1 CH 2 CH 3

17 17 Distributed Protocol Execution CH j  All: CH j, NonceCH j, E (Ktemp), Cert[ID j, Cntr, NonceCH j ], λ λ = BioKey  KRand Node k  CH z : ID k, MAC (Ktemp, ID k | NonceCH z | Cntr | CH z ) CH 1 CH 2 CH 3 Sensor Node

18 18 Extensions Distribute keys based on attributes. Allows efficient data communication. The BS distributes the keys. For centralized ABK, sent during cluster formation. For distributed separate step needed.

19 19 Security Analysis (Passive Adversary) Hello Flood and Sinkhole Attack Centralized: Malicious entity does not have appropriate keys to pose as legitimate CH. Distributed: Malicious entity cannot compute biometric certificate.

20 20 Security Analysis (Passive Adversary) Sybil Attack No entity can become part of network without having appropriate keys. Identity Spoofing Cannot pose as BS, no pair-wise (derived) keys. Cannot pose as CH, no keys to authenticate data to BS. Cannot pose as sensor node, cannot measure biometric to fool CH.

21 21 Security Analysis (Active Adversary) CH compromise Centralized: Security policy at BS to limit number of sensor nodes in a cluster. Distributed: Need intruder monitoring scheme. Sensor Node compromise Intruder monitoring scheme needed for both protocols.

22 22 Implementation We have implemented the two cluster formation protocols and their extensions. The implementation was done on the Mica2 sensor motes. We used TinyOS sensor operating system for writing our programs. For security primitives TinySec used.

23 23 Implementation contd.. Encryption – SkipJack Message Authentication Code – CBC-MAC We had 4 sensor nodes 3 CH and 1 BS in our implementation. We simulated two main attacks on our implementation, both of which failed: HELLO Flood attack. Identity spoofing of sensor node to infiltrate the network.

24 24 Comparison Security adds a overhead to the protocol. We compared overhead in terms of energy consumption. To compare the protocols, we analyzed them using the communication model given in [HCB00]. E trans = E tx * k + E cx * k * d 2 E recp = E rx * k Node ID = 8 bitsNonce = Counter = 128 bits Key = 128 bitsSignal Strength = 16 bits E trans = E recp = 50 nJ/bitE cx = 100pJ/bit/m 2 Number of Nodes = 100- 1500 Sensor-BS distance = 0.75 m Inter-sensor distance = 0.1 m MAC size = 64 bits

25 25 Security Overhead Comparison of Secure (without extension) and Non-secure Cluster Formation Protocols (CH = 5%)

26 26 Extension Overhead Comparison for Secure Cluster Formation Protocols with their extensions (CH = 5%)

27 27 Conclusions & Future Work Protocols developed successfully prevent many of the potent attacks on the traditional cluster formation protocol. Biometric based authentication used for ensuring authentication without previous key exchange. Biometrics not traditionally random and schemes are needed to randomize them. Better error correction schemes are needed which can correct larger differences in measured biometrics.

28 28 Reference [JW99] Ari Juels and Martin Wattenberg. “A fuzzy commitment scheme”. 1999. [Dau92] J. Daugman, “High Confidence personal identification by rapid video analysis of iris texture”, IEEE International Carnahan Conference on Security Technology, pp 50-60, 1992. [LGW01] L. Schwiebert, S. K. S. Gupta, J. Weinmann et al., “Research Challenges in Wireless Networks of Biomedical Sensors”, The Seventh Annual International Conference on Mobile Computing and Networking, pp 151-165, Rome Italy, July 2001. [HCB00] W. Rabiner Heinzelman, A. Chandrakasan, and H. Balakrishnan, “Energy-Efficient Communication Protocol for Wireless Microsensor Networks”, Proceedings of the 33rd International Conference on System Sciences (HICSS '00), January 2000.

Download ppt "1 A Secure Communication Protocol For Wireless Biosensor Networks Masters Thesis by Krishna Kumar Venkatasubramanian Committee: Dr. Sandeep Gupta Dr. Rida."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Multirate adaptive awake-sleep cycle in hierarchical heterogeneous sensor network BY HELAL CHOWDHURY presented by : Helal Chowdhury Telecommunication laboratory,

Multirate adaptive awake-sleep cycle in hierarchical heterogeneous sensor network BY HELAL CHOWDHURY presented by : Helal Chowdhury Telecommunication laboratory,
Trust relationships in sensor networks Ruben Torres October 2004.

Trust relationships in sensor networks Ruben Torres October 2004.
Decentralized Reactive Clustering in Sensor Networks Yingyue Xu April 26, 2015.

Decentralized Reactive Clustering in Sensor Networks Yingyue Xu April 26, 2015.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.

Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
A Mobile Ad hoc Biosensor Network Muzammil KP S7,ECE Govt. Engg. College, Wayanad.

A Mobile Ad hoc Biosensor Network Muzammil KP S7,ECE Govt. Engg. College, Wayanad.
Routing Protocols for Sensor Networks Presented by Siva Desaraju Computer Science WMU An Application Specific Protocol Architecture for Wireless Microsensor.

Routing Protocols for Sensor Networks Presented by Siva Desaraju Computer Science WMU An Application Specific Protocol Architecture for Wireless Microsensor.
Introduction to Wireless Sensor Networks

Introduction to Wireless Sensor Networks
AES based secure LEACH for WSN’s. Obstacles of WSN Security Limited resources-Limited memory, code space and energy. Unreliable Communication-Densely.

AES based secure LEACH for WSN’s. Obstacles of WSN Security Limited resources-Limited memory, code space and energy. Unreliable Communication-Densely.
Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.

Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.
KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys07 2007.

KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys
Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.

Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team 2009.07.20.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

Similar presentations

Ads by Google