Securing Distributed Securing Distributed Sensor NetworksSensor Networks

Udayan KumarUdayan KumarSubhajit SenguptaSubhajit SenguptaSharad SonapeerSharad Sonapeer

FlowFlow

ObstaclesObstacles Security requirementsSecurity requirements AttacksAttacks DefenseDefense A probabilistic approach towards key A probabilistic approach towards key

managementmanagement Base Station SecurityBase Station Security

ObstaclesObstacles Very limited resourcesVery limited resources

– Memory, powerMemory, power Unreliable communicationUnreliable communication

– Unreliable transferUnreliable transfer– Conflicts while broadcastsConflicts while broadcasts– LatencyLatency

Unattended operationUnattended operation– Physical attacksPhysical attacks– Managed remotelyManaged remotely– No central point managementNo central point management

security requirementssecurity requirements

Data confidentialityData confidentiality Data integrityData integrity Data freshnessData freshness AvailabilityAvailability Self OrganizationSelf Organization AuthenticationAuthentication

AttacksAttacks

Sybil AttackSybil Attack Traffic analysis attackTraffic analysis attack Node Replication attackNode Replication attack Attack against privacyAttack against privacy

DefenseDefense

Focus on two methodsFocus on two methods– Key managementKey management

Provides for data confidentiality, integrity, Provides for data confidentiality, integrity, freshness and authenticationfreshness and authentication

– Securing base stationSecuring base stationTraffic analysis attacksTraffic analysis attacks

DSN Nodes have limited computation and communication capabilities.

DSN – a truly dynamic infrastructure.

So traditional approach is vulnerable and impractical.

FACT: Energy consumption for a RSA (1024-bit) is about 42 mJ whereas for a AES it is 0.104 mJ in Motorola MC68328 (a mid range processor).

A probabilistic approach A probabilistic approach towards key managementtowards key management

Solution ApproachSolution Approach

DSN node is given a key-ring of sizeDSN node is given a key-ring of size k k randomly randomly chosen from a key pool of size chosen from a key pool of size PP before deployment. before deployment.

Because of the randomness; two sets of Because of the randomness; two sets of kk keys may keys may be completely different. be completely different.

If a path of nodes sharing keys pair-wise exists then If a path of nodes sharing keys pair-wise exists then that path is used to exchange key, thus establishing that path is used to exchange key, thus establishing a direct link. a direct link.

Key Pre-DistributionKey Pre-Distribution A large pool of A large pool of PP keys (~ keys (~ 222020) and their identifiers ) and their identifiers

are generated. are generated.

kk keys are drawn randomly without replacement keys are drawn randomly without replacement to construct a particular key-ring and loaded to a to construct a particular key-ring and loaded to a node of DSN.node of DSN.

A trusted controller node saves the key identifiers A trusted controller node saves the key identifiers of a key ring and associated sensor identifier.of a key ring and associated sensor identifier.

only a small number of keys needed to ensure only a small number of keys needed to ensure that any two nodes (at least) share a key with a that any two nodes (at least) share a key with a certain probability.certain probability.

Experimental result shows that, for a probability = Experimental result shows that, for a probability = 0.50.5, only , only 7575 keys drawn randomly out of a pool of keys drawn randomly out of a pool of 10,00010,000 keys need to be on any key ring of a node. keys need to be on any key ring of a node.

Shared-key discoveryShared-key discovery

Goal - discover the node with which it shares a key. Goal - discover the node with which it shares a key.

The easiest way - Broadcasting.The easiest way - Broadcasting.

Hide key-sharing patterns among nodes from an Hide key-sharing patterns among nodes from an attacker and establish private shared-key discovery. attacker and establish private shared-key discovery.

The recipient decrypts it with the proper key.The recipient decrypts it with the proper key.

Creates the routing topology that guarantees the Creates the routing topology that guarantees the existed secured link, as a link implies sharing of a existed secured link, as a link implies sharing of a key. Also sharing of 2 or more keys between sensor key. Also sharing of 2 or more keys between sensor nodes doesn’t cause a link security exposure.nodes doesn’t cause a link security exposure.

Path-key EstablishmentPath-key Establishment

A path-key is assigned to selected pairs of A path-key is assigned to selected pairs of sensor nodes that do not share a key.sensor nodes that do not share a key.

But they are connected by two or more links at But they are connected by two or more links at the end of the discovery phase of the shared-the end of the discovery phase of the shared-key.key.

key-ring size (key-ring size (kk) is determined anticipating the ) is determined anticipating the fact of revocation and incremental addition of fact of revocation and incremental addition of new sensor nodes, since both may require the new sensor nodes, since both may require the execution of the path key establishment phase execution of the path key establishment phase after shared-key discovery.after shared-key discovery.

Some issues of DSNSome issues of DSN

Revocation.Revocation.

Re-Keying.Re-Keying.

Resiliency to node capture.Resiliency to node capture.

AnalysisAnalysis

pp = prob. of existence a shared key between 2 nodes. = prob. of existence a shared key between 2 nodes.nn = number of nodes. = number of nodes.dd = = p*(n-1)p*(n-1) = expected number of edges connecting that = expected number of edges connecting that

node with its neighbor.node with its neighbor.

Now we will try to find Now we will try to find dd so that DSN will be connected. so that DSN will be connected.

We also want to determine the pool size of keys (We also want to determine the pool size of keys (PP) ) given a limit for given a limit for kk keys in each node for a DSN of keys in each node for a DSN of nn nodes where nodes where dd is given under a neighborhood is given under a neighborhood connectivity constraint (say connectivity constraint (say n’n’ = neighborhood = neighborhood connectivity of a node connectivity of a node n’<< nn’<< n). [ practically ). [ practically kk is limited is limited by memory size of a node]by memory size of a node]

Analysis…(contd.)Analysis…(contd.)

PPcc = lim prob. = lim prob. [[G (n,p)G (n,p) is connected] is connected] == exp (exp(-c)) exp (exp(-c)) n-> infn-> infwhere where pp = = (ln(n) /n) + (c/n) (ln(n) /n) + (c/n) [ [cc is any Real constant] is any Real constant]

p’ = d/( n’ - 1) >> p. So p’ precisely gives us the probability that 2 nodes

share at least a key from their k sized key-ring that was chosen from a pool of size P [not a sensor design constraint and may be very big].

Given n we can find p so that G is connected with PPc .c .

We have to find out P for a given k and for a p’ .

Analysis…(contd.)Analysis…(contd.)

p’ =1-prob. ( two nodes don’t share a key)

= 1 - (P-k ) C k / P C k

Using Sterling Approximation : n ! ≈ (2)1/2 (n)n+(1/2) e-n

So we have, p’ = 1- [(1-k/p)2(P-k+(1/2)) / (1-2k/P) (P-2k+(1/2))]

Important ConclusionsImportant Conclusions

Size of a DSN (Size of a DSN (nn) has little effect on the expected ) has little effect on the expected degree of a node required to have a connected graph.degree of a node required to have a connected graph.

If If PP = = 10,00010,000 then only then only kk = = 7575 keys are required to be keys are required to be distributed to any two nodes to make distributed to any two nodes to make pp = = 0.50.5 to share to share a key from their key ring. Now for a key from their key ring. Now for kk = = 250250 if we take if we take PP = = 100,000100,000. This proves the scalability.. This proves the scalability.

““Almost certain” connectivity through shared-key for Almost certain” connectivity through shared-key for a a 10,00010,000-node DSN, a key ring of size only -node DSN, a key ring of size only 250250 have have to be pre-distributed. to be pre-distributed.

Base Station SecurityBase Station Security

Multi-path routing Multi-path routing to multiple base to multiple base stationsstations

Confusion of Confusion of address fieldsaddress fields

Relocation of base Relocation of base stationstation

Multiple Base StationsMultiple Base Stations

Route DiscoveryRoute Discovery

Route RequestRoute Request

Route FeedbackRoute Feedback

Multiple Base StationsMultiple Base Stations

Multi-path data routingMulti-path data routing

Compute the connectivity information from the feedback Compute the connectivity information from the feedback messagesmessages

Compute global topology of the networkCompute global topology of the network

Compute redundant routes for each nodeCompute redundant routes for each node

Construct forwarding tables for each nodeConstruct forwarding tables for each node (forwarding table entry <D,S,IS> for each route node lies)(forwarding table entry <D,S,IS> for each route node lies)

Dispatch the forwarding tablesDispatch the forwarding tables

Multiple Base StationsMultiple Base Stations

Multi-path data routing (cont’d)Multi-path data routing (cont’d) (Computing 2-redundant routes)(Computing 2-redundant routes)

Choose two independent paths for any desired Choose two independent paths for any desired node Anode A

First path to the closest base station (Use BFS)First path to the closest base station (Use BFS)

Second path to any base station (Three s1, s2, s3 Second path to any base station (Three s1, s2, s3 sets of nodes) sets of nodes)

Disguising Base station locationDisguising Base station location

During route During route discoverydiscovery

Reversible hash Reversible hash function H(x) , shared function H(x) , shared key Kckey Kc

For each ID m, For each ID m, computecompute

Cm = {x: H(x) = m}Cm = {x: H(x) = m}

After route After route discoverydiscovery

Pair-wise keys for Pair-wise keys for each neighbor nodes each neighbor nodes on the same routeon the same route

Sent along with the Sent along with the forwarding tablesforwarding tables

Base Station RelocationBase Station Relocation

Uniform Random Uniform Random DeploymentDeployment

Attack on vicinity of Attack on vicinity of Base stationBase station

Both Base stations on Both Base stations on the opposite edgesthe opposite edges

Base Station RelocationBase Station Relocation

Dense–sparse Dense–sparse GraphGraph

Attack on the center Attack on the center of the dense part of the dense part

One Base station on One Base station on dense-sparse edgedense-sparse edge

Other Base station on Other Base station on opposite to firstopposite to first

Thank You Thank You