Download presentation
Presentation is loading. Please wait.
Published byRobyn Boone Modified over 8 years ago
1
1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng Ning Presented By, Monisha Kanoth & Suneeta Kamana
2
2 Contents Introduction to Sensor Networks Interleaved Hop-by-Hop Authentication Scheme Security Analysis Performance Evaluation Variant of the interleaved hop-by-hop authentication scheme
3
3 Introduction to Sensor Networks A Wireless Sensor Network (WSN) consists of a base station and a number of wireless sensors. Base Station: Controls the sensors and collects data reported by the sensors. Sensors: Devices that produce response to a change in a physical or chemical condition.
4
4 Characteristics of Sensor Networks Mostly deployed in unattended environments Low energy use Limited energy resources Dynamic and autonomous operation network
5
5 Applications Military and national security application Environment monitoring Traffic surveillance
6
6 Example Sensor Network Road
7
7 Possible Attacks on Sensor Networks Physical destruction of sensor networks Security attacks on routing and data link protocols –Eavesdrop on all traffic –Inject packets –Replay older packets –Drop or alter packets (by compromising the nodes) This paper focuses on false data injection attacks.
8
8 Contents Introduction to Sensor Networks Interleaved Hop-by-Hop Authentication Scheme Security Analysis Performance Evaluation Variant of the interleaved hop-by-hop authentication scheme
9
9 Interleaved Hop-by-Hop Authentication Scheme Assumptions Threat Model and Design Goal Notation and Definition The Basic Scheme Association Maintenance
10
10 Assumptions Network and Node Assumptions: –Sensor nodes are organized into clusters. –Network links are bidirectional. –Every node has space to store several hundred bytes of keying materials. Security Assumptions: –Every node shares a master key with the base station. –Each node has established a pairwise key with its one-hop neighbors. –A node can establish a pairwise key with a node that is multiple hops away. –Base station has a mechanism to authenticate broadcast messages. –Base station will not be compromised.
11
11 Threat Model and Design Goals Adversary Threats: By injecting false data, the adversary aims at the following goals: Deceiving the base station – false alarm Depleting the resources of the forwarding nodes Design Goals: The scheme should have the following properties when there are no more than t compromising nodes: Base station should be able to detect any false data injected by a compromised node. The number of hops before an injected data packet is detected and discarded should be as small as possible. The scheme should be efficient in computation and communication with respect to the security it provides. The scheme should be robust to node failures
12
12 Notations u, v (in lower case) are principals such as communicating nodes. K u is the key of node u shared with the base station. K uv is the pairwise key shared between nodes u and v. G is a family of pseudo-random functions. is node u’s authentication key, derived as MAC (k, s) is the message authentication code (MAC) of message s generated with a symmetric key k.
13
13 Definition For two nodes u i and u j on the path from CH to BS, if |i – j| = t + 1, we say u i and u j are associated, and u i is an associated node of u j. if ¡ - j = t + 1, u i is the upper associated node of node u j, and u j is the lower associated node of node u i. Example: When t=3, u 8 is the upper associated node of u 4 CH is a lower associated node of u 4
14
14 The Basic Scheme The scheme involves the following five phases: –Node initialization and deployment –Association discovery –Report endorsement –En-route filtering –Base station verification
15
15 Node Initialization and Deployment The key server loads every node with – a unique integer id – necessary keying materials. Specifically, it loads node u with K u shared with the base station. Using K u, node u computes its authentication key.
16
16 Association discovery This phase is necessary for a node to discover the IDs of its association nodes. Two way association discovery scheme: –Base station Hello –Cluster Acknowledgement
17
17 Base Station Hello When the message (M) arrives at a node, –it records the ids in M, attaches its own id to M, and then rebroadcasts it. –and if M already contains (t+1) ids, the node removes the first id in the list, adds its own id to the end of the list, and rebroadcasts it. Base station hello step where t = 3
18
18 Cluster Acknowledgement The ACK includes the cluster id, and the ids of the t+1 lower association nodes A node removes the last id in the id list and adds its own id in the beginning
19
19 Report Endorsement When a node v agrees on an event E, it computes –a MAC for E, using its authentication key as the MAC key (individual MAC) –another MAC for E, using the pairwise key shared with its upper association node u as the MAC key (pairwise MAC) This endorsement is authenticated with the pairwise key shared between v and Cluster head
20
20...Report Endorsement Cluster head (CH) collects endorsements from the other nodes and computes a compressed MAC over E, denoted as XMAC(E). =
21
21 …Report Endorsement The report R that node CH finally generates and forwards towards BS is as follows. R:
22
22 En-route Filtering When a node u receives R from its downstream node- –It first verifies the authenticity of R –It checks the number of different pairwise MACs in R If node u is s (s<t+1) hops away from BS, it should see s pairwise MACs Else, it should see t+1 pairwise MACs –It then verifies the last MAC in the pairwise MAC list
23
23 …En-route Filtering Report sent by Cluster Head: R: Report sent by u1: R:
24
24 Base Station Verification The base station BS only needs to verify the compressed MAC. –It computes t+1 MACs over E using the authentication keys of the nodes in the id list –It then XORs the MACs to see if it matches the one in the report
25
25 Association Maintenance Base-station initiated repair Local repair
26
26 Contents Introduction to Sensor Networks Interleaved Hop-by-Hop Authentication Scheme Security Analysis Performance Evaluation Variant of the interleaved hop-by-hop authentication scheme
27
27 Security Analysis Base Station Detection –The authentication scheme requires that each of t+1 cluster nodes compute an individual MAC –This guarantees that an adversary has to compromise at least t+1 nodes to be able to forge a report to deceive the base station
28
28 …Security Analysis En-route Filtering –Outsider Attacks Since every message is authenticated in a hop- by-hop fashion, an unauthorized node cannot inject false data without it being detected –Insider Attacks An adversary may compromise several sensor nodes, and then use the compromised nodes to inject false data into the network
29
29 Insider Attacks The security of the Cluster Acknowledgement process is critical because it provides the lower association knowledge The goal of an attack on this process is to lower associate more than t noncompromised nodes to t compromised nodes –Cluster Insider Attacks –En-route Insider Attacks
30
30 Cluster Insider Attacks All of the t compromised nodes are from the cluster Since the ACK from the CH towards BS must contain t+1 distinct node ids, it must include the id of a noncompromised node One of the t+1 relaying nodes closest to the CH drops a false report
31
31 En-route Insider Attacks In this attack, t compromised nodes that lie on the path to the BS collude to attack the cluster acknowledgement process The worst case scenario occurs when the CH and the t-1 forwarding nodes are compromised and these t compromised nodes are equally separated by t noncompromised nodes A false report will be dropped after it is forwarded by at most t 2 noncompromised nodes
32
32 Enhancements to the Basic Scheme When a node receives a report, it additionally checks if the downstream node is the first one in the list and this reduces the upper bound to t(t-1) Further, a node can add an id pair that includes its id and the id of its lower association and this reduces the upper bound to t(t-2)
33
33 Contents Introduction to Sensor Networks Interleaved Hop-by-Hop Authentication Scheme Security Analysis Performance Evaluation Variant of the interleaved hop-by-hop authentication scheme
34
34 Performance Evaluation Computational Cost –Establishing Pairwise keys In this scheme a cluster node computes one pairwise key and an en-route computes two. In the case of a node-failure or a path change, a node has to compute a pairwise key shared with a new node –Report Authentication A cluster node computes three MACs and the en- route node computes four. This scheme reduces the over-all energy expenditure of a node even though it entails additional computational costs
35
35 …Performance Evaluation Communication Cost is caused by: –Every authentic report contains one compressed MAC and t+1 pairwise MACs. –Since the size of a pairwise MAC only impacts the capability of en-route filtering, it can be made smaller as a tradeoff between performance and security –When a path change occurs, a node adds its own id to the beaconing message.
36
36 Contents Introduction to Sensor Networks Interleaved Hop-by-Hop Authentication Scheme Security Analysis Performance Evaluation Variant of the interleaved hop-by-hop authentication scheme
37
37 Variant of the Interleaved Hop-by-hop Authentication Scheme Every node en-route to the base station accepts a report received from a downstream node only if it has been verifiably endorsed by at least t+1 nodes –The t+1 immediately downstream nodes associated with a node is referred as the lower association set –A node is also in the lower association set of t+1 immediately upstream nodes on the path to the BS, and this set if referred to as the upper association set
38
38 … Variant of the Authentication Scheme This variant allows en-route nodes to filter out false data packets immediately It does not require the authenticated neighbor knowledge This variant is preferred when t is small.
39
39 Conclusions A Scheme to detect and discard false data injection in sensor networks is presented It guarantees that the base station can detect a false report when no more than t nodes are compromised The number of hops that a false data packet could be forwarded before it is detected and dropped is t 2 in the worst case
40
40 Future Work Study the use of interleaved hop-by- hop authentication for preventing or mitigating attacks against sensor network routing and data collection protocols Understand how this scheme can be adapted for sensor networks with mobile data sinks
41
41 Questions ?
42
42
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.