Upload
patrick-chambers
View
216
Download
1
Tags:
Embed Size (px)
Citation preview
Securing Wireless Sensor Networks
Wenliang (Kevin) DuDepartment of Electrical Engineering and
Computer Science
Syracuse University
Overview
• Overview of Wireless Sensor Networks (WSN).
• Security in wireless sensor networks.– Why is it different?
• Our work on key pre-distribution in WSN– Deployment-based scheme (INFOCOM’04)– Pair-wise Scheme (ACM CCS’03)
• Summary.
Wireless Sensors
Berkeley Motes
Mica Motes
• Mica Mote: – Processor: 4Mhz– Memory: 128KB Flash and 4KB RAM– Radio: 916Mhz and 40Kbits/second.– Transmission range: 100 Feet
• TinyOS operating System: small, open source and energy efficient.
Spec Motes
Wireless Sensor Networks (WSN)
DeploySensors
Applications of WSN
• Battle ground surveillance– Enemy movement (tanks, soldiers, etc)
• Environmental monitoring– Habitat monitoring – Forrest fire monitoring
• Hospital tracking systems– Tracking patients, doctors, drug administrators.
Securing WSN
• Motivation: why security?
• Why not use existing security mechanisms?– WSN features that affect security.
• Our work: – Two key management schemes.
Why Security?
• Protecting confidentiality, integrity, and availability of the communications and computations
• Sensor networks are vulnerable to security attacks due to the broadcast nature of transmission
• Sensor nodes can be physically captured or destroyed
Why Security is Different?• Sensor Node Constraints
– Battery,– CPU power,– Memory.
• Networking Constraints and Features– Wireless, – Ad hoc,– Unattended.
Sensor Node Constraints
• Battery Power Constraints– Computational Energy Consumption
• Crypto algorithms• Public key vs. Symmetric key
– Communications Energy Consumption• Exchange of keys, certificates, etc.• Per-message additions (padding, signatures,
authentication tags)
• Slow– 1000 times slower than symmetric encryption
• Hardware is complicated
• Energy consumption is high
Constraints (Cont.)Public Key Encryption
Processor Energy Consumption (mJ/Kb)
RSA/E/V RSA/D/S AES
MIPS R4000 0.81 16.7 0.00115
MC68328 42 840 0.0130
Memory Constraints
• Program Storage and Working Memory– Embedded OS, security functions (Flash)– Working memory (RAM)
• Mica Motes:• 128KB Flash and 4KB RAM
Objectives of Our Research
• Long-term Goals– Study how WSN’s constraints/features affect the
design of security mechanisms.– Develop security mechanisms for WSN.
• Current Projects– Key Management Problems– Data Fusion Assurance
Key Management Problem
Key Management Problem
DeploySensors
Key Management Problem
Secure Channels
DeploySensors
Approaches
• Trusted-Server Schemes– Finding trusted servers is difficult.
• Public-Key Schemes– Expensive and infeasible for sensors.
• Key Pre-distribution Schemes
Loading Keys into sensor nodes prior to deployment
Two nodes find a common key between them after deployment
Challenges Memory/Energy efficiency Security: nodes can be compromised Scalability: new nodes might be added later
Key Pre-distribution
Naïve Solutions
Master-Key Approach Memory efficient, but low security. Needs Tamper-Resistant Hardware.
Pair-wise Key Approach N-1 keys for each node (e.g.
N=10,000). Security is perfect. Need a lot of memory and cannot add
new nodes.
Eschenauer-Gligor Scheme
Each noderandomly selects m keys
AB E
Key Pool S
DC
• When |S| = 10,000, m=75Pr (two nodes have a common key) = 0.50
Establishing Secure Channels
A
C
B
Our Improvement Over Eschenauer-Gligor Scheme
Appeared in IEEE INFOCOM 2004
Observations and Objectives
A
B
F
Property: Pr(A, B) = Pr(A, F)
Using deployment knowledge
Our objective: Pr(A, B) >> Pr(A, F)
Modeling Deployment Knowledge
Deployment points for a group of sensors
A
F
I
J
Probability Distribution Function of Each Deployment Group
Key Pre-distribution Scheme
Key Pools
Key Sharing Among Key Pools
A B C
F
H I
D
G
Horizontal
Vertical Diagonal
Local Connectivity
Network Resilience
• What is the damage when x nodes are compromised?– These x nodes contain keys that are used by the
good nodes.– What percentage of communications can be
affected?
Network Resilience
A Pairwise Key Pre-distribution Scheme
Appeared inCCS’03: ACM Conference on
Computer and Communications Security
Objectives
• Pairwise key pre-distribution scheme.– Each pair of sensor share a unique secret key– Can be used for Authentication
• Our Approach:– We use Blom Scheme to achieve Pairwise– We use Random Key Selection scheme to
improve performance and resilience
Blom Scheme
• Public matrix G
• Private matrix D (symmetric).
D G
+1 N
+1
+1
A G = (D G)T G = GT DT G = GT D G = (A G)T
Let A = (D G)T
Blom Scheme
X=
A = (D G)T G (D G)T G
i
j
i j
Kji
Kij
N
+1 NN
Node i carries:
Node j carries:
-secure Property
Undesirable Situation:
if
u*G(i) + v*G(j) = G(k)
thenu*A(i) + v*A(j) = A(k)
AT =D G
+1
i j
N
G
k
i jk
-secure Property
• ANY +1 columns in G are linear independent.– Different from saying that G has rank +1– Rank: there exist +1 linear independent columns
• Can tolerate compromise up to nodes.– Once +1 nodes are compromised, the rest can be
calculated if these +1 columns are linear independent.
• How to find such a matrix G?
Vandermonde Matrix
1 1 1 1
s s2 s3 sN
s2 (s2)2 (s3)2 (sN)2
s (s2) (s3) (sN)
G =
Properties of Blom Scheme
• Blom’s Scheme– Network size is N– Any pair of nodes can directly find a secret key– Tolerate compromise up to nodes– Need to store +2 keys
• Challenge: Can we increase without increasing the storage usage.
Multiple Space Scheme
(D2, G)
(D1, G)
(D, G)
Key-Space Pool
spaces
spaces
spaces
Two nodes can find a pairwise key if they carry a common key space!
How to select and ?• If the memory usage is m, the security
threshold (probablistic) m is
• To improve the security, we need to increase /2.
• However, such an increase affects the connectivity.
2 mm
Measure Local Connectivity
plocal = the probability that two neighboring nodescan find a common key.
!)!2())!((
)(
))(( 2
21
localp
Plocal for different and
Security Analysis
• Network Resilience:– When x nodes are compromised, how many
other secure links are affected?
jxjx
j
xj
xc
)1())((
d)compromise are nodes |broken is Pr(
1
Resilience (p = 0.33, m=200)
Blom
Resilience (p = 0.50, m =200)
Blom
Improvement:Using Two-hop Neighbors
= 7 = 2
= 31 = 2
Summary
• Security in WSN is quite different from traditional (Wired) network security.
• We have proposed two key pre-distribution schemes for WSN.
• Our schemes substantially improves the performance and network resilience.