Upload
brooke-hunt
View
215
Download
2
Tags:
Embed Size (px)
Citation preview
1
Computer Science
TinySeRSync: Secure and Resilient Time Synchronization in Wireless
Sensor Networks
Speaker: Sangwon HyunAcknowledgement: Slides were provided by Dr. Kun Sun
2Computer Science
Outline
• Introduction
• Related Work
• TinySeRSync: Secure and Resilient Time Synchronization
• Conclusion and Future Work
3Computer Science
Introduction
• Accurate and synchronized time is crucial in many sensor network applications.– the need for consistent distributed sensing and coordination
• An adversary may certainly attack the time synchronization protocol due to such importance.
• Traditional time synchronization protocols (e.g., NTP) cannot be directly applied in sensor networks.
4Computer Science
Related Work
• Recent time synchronization techniques.– Single-hop Pair-wise Time Synchronization.
• Receiver-Receiver based schemes.– Elson et al., ACM SIGOPS’02;
• Sender-Receiver based schemes.– Ganeriwal et al., SenSys’03;
– Global Time Synchronization.• Clock distribution schemes,
– Maroti et al., SenSys’04;• Clock agreement schemes.
– Li and Rus, INFOCOM’04;S R
t1 t2
t4 t3
Sender-Receiver based
S
1 2
S
1 2t1 t2 t2
t1
Sender-Receiver based
5Computer Science
Threats
• Single-hop Pair-wise Time Synchronization.– No message authentication.
• Manzo et al., SASN’05; Ganeriwal et al., Wise’05
– Time sensitive.• Jam and Replay attacks: Ganeriwal et al.,
Wise’05
• Global Time Synchronization.– Insider attacks
S
Malicious Node
Victim Nodes
6Computer Science
Our Contributions
• TinySeRSync:– Phase I
• Secure single-hop pair-wise time synchronization
– Phase II• Secure and resilient global time synchronization
8Computer Science
Secure TPSN
• Ganeriwal et al., Wise’05
• Estimate time difference and transmission delay.
– Security condition:• d < maximum expected delay.
– KAB : secret key shared between A and B.
– MIC: message integrity code
A Bt1
t2
t4
t3
time
2 1 4 3( ) ( ) is the time difference.
2
t t t t
2 1 4 3( ) ( ) is half of the transmission delay.
2
t t t td
9Computer Science
Problems in Secure TPSN
• Authenticated MAC layer timestamp.– MIC must be available when radio sends the MIC
field.
• Software solution in Secure TPSN– Calculate MIC using TinySec (Karlof et al.
SenSys’04)
– Works for low data rate radio (e.g., 38.4 kbps in CC1000 used by MICA2).
– Does not work for high data rate radio (e.g., 250kbps in CC2420 used by MICAz).
MIC CRC…...
a11
a22
3a3
4a4
b1
b2
b3
b4
5
6
7
8
Vcc1
0
GND
0
CPU
10Computer Science
Prediction-based MAC Layer Timestamp
• Sender side:– When channel is clear, it add sending time = current time + constant delay . △
△ = 399.29 us.• Receiver side:
– When the SFD field is received, it records the time as receiving time.
11Computer Science
Delay Uncertainty
cpu
Radio
Antenna
Accessing and adding timestamp,then send STXON command
Encoding symbol periods and preamble
cpu
Radio
Antenna
Decoding of SFD
Interrupt handling
Propagation of SFD
Accessing timestamp
Sender
Receiver
t2 t3
Encoding of SFD
Propagation of SFD
Decoding of SFD
Interrupt handling
Accessing timestamp
Encoding SFD
Accessing and adding timestamp,then send STXON command
Encoding symbol periods and preamble
12Computer Science
Hardware-assisted, Authenticated MAC Layer Timestamp• Hardware security support in CC2420
– Two modes• stand-alone mode: 128 bit AES encryption on message
in stand-alone buffer.
• in-line mode: – begin encryption when message are being sent out;
– begin decryption after the whole message is received.
• Using in-line mode, CC2420 can generate a 12-byte MIC on 98-byte message in 99 us
13Computer Science
Distribution of Secure Single-hop Pair-wise Synchronization Error• Experimental result (1 tick = 8.68us)
0.00% 0.01% 0.71%
8.43%
67.76%
19.84%
3.15%0.09% 0.01%
0%
10%
20%
30%
40%
50%
60%
70%
80%
-4 -3 -2 -1 0 1 2 3 4Synchronization Error (tick)
Pe
rce
nta
ge
15Computer Science
Secure and Resilient Global Time Synchronization Algorithm Each node i maintains a local clock time Ci.
1 2 3
5 64
7 8 9
S
16Computer Science
Secure and Resilient Global Time Synchronization Algorithm Each node i maintains a local clock time Ci.
For each neighbor node j, node i maintains a single-hop pair-wise time difference i,j.
1 2 3
5 64
7 8 9
S
17Computer Science
Secure and Resilient Global Time Synchronization Algorithm Each node i maintains a local clock time Ci.
For each neighbor node j, node i maintains a single-hop pair-wise time difference i,j.
A source node S broadcasts its local time CS periodically.
1 2 3
5 64
7 8 9
S
18Computer Science
Secure and Resilient Global Time Synchronization Algorithm Each node i maintains a local clock time Ci.
For each neighbor node j, node i maintains a single-hop pair-wise time difference i,j.
A source node S broadcasts its local time CS periodically.
Each direct neighbor node i of node S can obtain a source clock difference i,S from node S directly. Then, it broadcasts i,S.
1 2 3
5 64
7 8 9
S
19Computer Science
Secure and Resilient Global Time Synchronization Algorithm Each node i maintains a local clock time Ci.
For each neighbor node j, node i maintains a single-hop pair-wise time difference i,j.
A source node S broadcasts its local time CS periodically.
Each direct neighbor node i of node S can obtain a source time difference i,S from node S directly. Then, it broadcasts i,S.
For other nodes, to tolerate up to t malicious neighbor nodes, each node i needs to obtain at least 2t+1 source time differences through different neighbor nodes. Node i chooses the median one as i,S . Then it broadcasts i,S.
1 2 3
5 64
7 8 9
S
20Computer Science
Secure and Resilient Global Time Synchronization Algorithm Each node i maintains a local clock time Ci.
For each neighbor node j, node i maintains a single-hop pair-wise time difference i,j.
A source node S broadcasts its local time CS periodically.
Each direct neighbor node i of node S can obtain a source time difference i,S from node S directly. Then, it broadcasts i,S.
For other nodes, to tolerate up to t malicious neighbor nodes, each node i needs to obtain at least 2t+1 source time differences through different neighbor nodes. Node i chooses the median one as i,S . Then it broadcasts i,S.
Each node i can estimate the global clock CS by CS = Ci+i,S.
1 2 3
5 64
7 8 9
S
21Computer Science
How to Distribute Global Synchronization Messages?• Unicast
– Messages authenticated by secure pair-wise key.– Conclusion: too heavy communication overhead
and substantial message collisions. Scalability problem
• Broadcast– Can reduce the communication overhead.– Require local broadcast authentication.
• Digital signature is too expensive for sensor nodes.
• uTESLA
22Computer Science
Overview of uTESLA
• Perrig et al., IEEE S&P’01• Sender:
– Generate one-way key chain, Ki=F(Ki+1), 0 i n-1– Release the commitment K0
– Use key Ki for all messages sent in time interval Ii, and disclose Ki in Ii+d
• Receiver:– Security condition: the key has not been disclosed by the sender when
the messages are received.– Verify Ki=F(Ki+1)
Time...I1 In-1 In
T1T0 T2 Tn-2 Tn-1 Tn
I2
KnKn-1K1K0 ...F F FFFK2
23Computer Science
Using uTESLA in Time Synchronization?
• Problems: 1. uTESLA itself requires loose pair-wise time
synchronization.
2. Delayed authentication causes clocks drift away again.
24Computer Science
Short Delayed uTESLA
• Tight single-hop pair-wise time synchronization.• Too short time intervals waste a lot of keys in a key
chain. • Interleaved short and long intervals.
– Short interval (r) : A sender broadcasts authenticated synchronization message.
– Long interval (R) : A sender discloses the key used in last short interval.
M i K i
TimeSender A
Receiver Bti
r rR Rr rR R
Time
25Computer Science
Short Delayed uTESLA (Cont.)
• Receiver:– Security condition: the message is sent in the sender’s last
short interval.
(ti-T0+ +△ max) < i*(r+R)+r.
△: single-hop pair-wise time differencemax: maximum synchronization error
– Verify Ki=F(Ki+1)
26Computer Science
Experimental Evaluation
• Software package– TinySeRSync
• MICAz motes running TinyOS
• 35 files
• Providing 8 interfaces
• Code size in MICAz
• Parameters
# of MICAz nodes 60
pair-wise synchronization
interval
4 seconds
global synchronization interval
10 seconds
Tolerance (t) 0, 1, 2, 3, 4
uTESLA short interval 10 ms
uTESLA long interval 1 second
key chain length 100
Memory Bytes
RAM 1961
Program memory 24814
27Computer Science
Network Deployment
8150
55
15 22 29 36 43
9 16 23 30 37 442
10 17 24 31 38 453
11 18 25 32 39 464
12 19 26 33 40 475
13 20 27 34 41 486
14 21 28 35 42 497
51
52
53
54
56
57
58
59
60
Source NodeFirst round
additional nodeSecond round additional node
Sink Node
28Computer Science
Data Collection
• Sink node – Broadcast reference messages to all the nodes.– Query each node one by one at different time.
• All the nodes – When receiving a reference message
• Records the current global time when the message is received at MAC layer.
– When receiving a query message• Send the buffered global time information to the sink
node.
29Computer Science
Synchronization Error
• Precision achieved: tens of microseconds
0
2
4
6
8
10
12
14
16
0 1 2 3 4
Tolerance (t)
Syn
ch
ron
izati
on
Err
or
(tic
k) Avg. Error Max. Error
1 tick = 8.68 us
30Computer Science
Synchronization Rate
• When t=4, 95% in 3 rounds
60
65
70
75
80
85
90
95
100
0 1 2 3 4Tolerance (t)
Per
cen
tag
e
One Round
Two Rounds
Three Round
31Computer Science
Communication Overhead
10440
9720
9200
9400
9600
9800
10000
10200
10400
10600
5 10
Global synchronization interval (seconds)
Nu
mb
er
of
messag
es
Number of message each node sends per hour.
32Computer Science
Incremental Deployment
• Average synchronization error (left Y-axis)
• Synchronization rate when t=2 (right Y-axis)
1.E+00
1.E+01
1.E+02
1.E+03
1.E+04
1.E+05
1.E+06
1.E+07
1.E+08
1.E+09
1.E+10
time (hh:mm:ss)
mic
ros
ec
on
ds
0
10
20
30
40
50
60
70
80
90
100
pe
rce
nta
ge
Avg Sync Error
Sync Rate
33Computer Science
Conclusion
• TinySeRSync:– Secure single-hop pair-wise time synchronization
• Between two nodes
• The building block of global time synchronization.
– Secure and resilient global time synchronization• In the whole network
• Future work– Adapting the linear regression technique to compensate the
constant clock drifts.