Two Tier Secure Routing Protocol for Heterogeneous Sensor Networks Advisor: Yeong-Sung, Lin Presented by Yen-Yi, Hsu Xiaojiang Du, Member, IEEE, Mohsen

Two Tier Secure Routing Protocol for Heterogeneous Sensor Networks

Advisor: Yeong-Sung, Lin

Presented by Yen-Yi, Hsu

Xiaojiang Du, Member, IEEE, Mohsen Guizani, Senior Member, IEEE, Yang Xiao, Senior Member, IEEE, and Hsiao-Hwa Chen, Senior Member, IEEE

IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, VOL. 6, NO. 9, SEPTEMBER 2007

Two-Tier Secure Routing Protocol for Heterogeneous Sensor Networks

/46

112/04/21

Outline

Security Analysis

Two-Tier Secure Routing

The HSN Model

Introduction

Authors

Evaluation Performance

2


/46

112/04/21

Outline

Security Analysis


The HSN Model

Introduction


3

Authors


/46

AUTHORSXiaojiang (James) Du (M’03)

an assistant professor in the Department of Computer Science, North Dakota State University.

Dr. Du received his B.E.degree from Tsinghua University, Beijing, China in 1996, and his M.S. and Ph.D. degrees from University of Maryland, College Park in 2002 and 2003, respectively, all in electrical engineering.

His research interests are heterogeneous wireless sensor networks, security, wireless networks, computer networks, and network and systems management.

Dr. Du is an Associate Editor of Wiley Wireless Communication and Mobile Computing, and the InterScience International Journal of Sensor Networks.

112/04/21

4


/46

AUTHORSMohsen Guizani (SM’99)

is currently a full professor and chair of the Computer Science Department at Western Michigan University.

He has authored or co-authored over 180 technical papers in major international journals and conferences.

His research interests include computer networks, design and analysis of computer systems, wireless communications, and optical networking.

He currently serves on the editorial boards of many national and international journals.

He is the founder and Editor- In-Chief of Wiley Wireless Communications and the Mobile Computing Journal.

112/04/21

5


/46

AUTHORSYang Xiao (SM’04)

is currently with the Dept. of Computer Science at The Univ. of Alabama.

Dr. Xiao was a voting member of the IEEE 802.11 Working Group from 2001 to 2004.

He currently serves as Editor-in-Chief for the International Journal of Security and Networks (IJSN), the International Journal of Sensor Networks (IJSNet), and the International Journal of Telemedicine and Applications (IJTA).

His research areas are wireless networks, mobile computing, network security, and telemedicine.

He has published more than 200 papers in major journals (more than 50 in various IEEE Journals/magazines), refereed conference proceedings, and contributed book chapters related to these research areas.

112/04/21

6


/46

AUTHORSHsiao-Hwa Chen (SM’00)

is a full professor in the Department of Engineering Science, National Cheng Kung University, Taiwan

was the founding director of the Institute of Communications Engineering, National Sun Yat-Sen University, Taiwan.

He has authored or co-authored over 200 technical papers in major international journals and conferences, and six books in the areas of communications.

He has served as symposium co-chair of major international conferences, including IEEE VTC, ICC, Globecom, WCNC, etc.

He served or is serving as an Editor and/or Guest Editor of many international journals.

He is an Adjunct Professor of Zhejiang University, and Shanghai Jiao Tung University, China.

112/04/21

7


/46

112/04/21

Outline

Security Analysis


The HSN Model

Authors


8

Introduction


/46

INTRODUCTIONRouting is an essential operation in

sensor networks.

Wireless sensor networks have many applications, such as military, homeland security, environment, and so on.

Most existing routing protocols considered routing protocols and security issues separately.

It’s nontrivial to fix the problem that routing protocol can be made secure by incorporating security mechanisms after the design has completed.

112/04/21

9


/46

INTRODUCTIONMost existing work considers

homogeneous sensor network.

homogeneous-all nodes are modeled to have the same capabilities, computation, reliability, etc.

A homogeneous ad hoc network has poor fundamental limits and performance.

More and more recently deployed sensor networks follow heterogeneous design.

HSNs can significantly improve performance.

112/04/21

10


/46

112/04/21

Outline

Security Analysis


Introduction

Authors


11

The HSN Model


/46

THE HSN MODELThe HSN model consists of two

physically different types of nodes: 　 Low-end sensors(L-sensors)

• Large number

　 High-end sensors (H-sensors)

• Small number

• more powerful

• Provide many advantages

　 Base Station(BS)

112/04/21

12


/46

THE HSN MODEL

Assume that both L-sensors and H-sensors are uniformly and randomly distributed in the field

Let H-sensors serve as cluster heads, and all H-sensors form a backbone.

Designed an efficient androbust cluster formationscheme for HSNs

112/04/21

13


/46

THE HSN MODELReference

X. Du and F. Lin, “Maintaining differentiated coverage in heterogeneous sensor networks,” EURASIP J. Wireless Commun. Networking, no. 4, pp. 565–572, Oct. 2005.

1. Distributing H-sensors and L-sensors at the same time.

2. By adding H-sensors into an existing homogeneous sensor networks.

Both H-sensor and L-sensor know their location information

112/04/21

14


/46

THE HSN MODELCluster formation in HSN

All H-sensors broadcast Hello messages with maximum transmission power to nearby L-sensors with a random delay

With enough number of H-sensors uniformly and randomly distributed

• Most L-sensors can receive Hello messages from multiple H-sensors.

• Most H-sensors can receive Hello messages from neighbor H-sensors.

Each L-sensor also records backup cluster head.

112/04/21

15


/46

THE HSN MODELIf an L-sensor does not hear any Hello

message The node will broadcast an Explore message Neighbor L-sensor will response with an Ack

after a random delay If it overhears an Ack response from another

neighbor, the L-sensor will not send Ack.reduces the number of messages and the consumed energy

Each L-sensor will select the closest H-sensor as the cluster head

112/04/21

16


/46

THE HSN MODELAssumptions of HSNs：

1)L-sensors are NOT equipped with temper-resistant hardware.

2)Each L-sensor(H-sensor) is static and aware of it’s own location.

3)H-sensor are quipped with temper-resistant hardware.

4)The BS is well protected and trustable.

112/04/21

17


/46

112/04/21

Outline

Security Analysis

The HSN Model

Introduction

Authors


18



/46

TWO TIER SECURE ROUTINGA routing protocol should be robust to

sensor failures and be able to find new paths when nodes fail. Security requirement adds new challenges to

routing. the BS, H-sensors and L-sensors form

hierarchical network architecture.Two-Tier Secure Routing (TTSR) protocol

architecture consists of two parts: Secure routing within a cluster(among L-sensor) Secure routing across clusters(among H-sensor)

112/04/21

19


/46

A. Secure Intra-Cluster Routing

Two-way handshake can avoid the unidirectional link problem

TWO TIER SECURE ROUTING112/04/21

20

u v


/46

TWO TIER SECURE ROUTINGLet all L-sensors in a cluster form a

tree rooted at the cluster Head. To minimize the energy consumption:

1. complete data fusion→MST– i.e., two k-bit packets com in, and one k-bit packet goes

out after data fusion.

2. no data fusion within the cluster→SPT

3. partial fusion→ NP-Complete problem– If data from nearby sensors are highly correlated, then

an MST can be adopted to approximate the least energy consumption case.

Centralized algorithm can be used to construct an MST, so does SPT.

112/04/21

21


/46

TWO TIER SECURE ROUTINGL-sensor are small, unreliable devices

It may fail over time Robust and self-healing routing protocols are

critical for routing among L-sensors. each L-sensor may record two or more parent node

Following secure data forwarding scheme is used by L-sensor.1.u → v: packet_ID + {Data}Ku,v + MAC(Ku,v, )∗2.L-sensor is responsible to guarantee the delivery

3.u will re-transmit the packet if u doe not get an ack

4.The process continues until the packet reaches the cluster head H.

112/04/21

22


/46

TWO TIER SECURE ROUTINGB. Secure Inter-Cluster Routing

After cluster formation, each cluster head exchanges location information with neighbor cluster heads

During route discovery, H-sensor draws a straight line L between itself and the BS

C0, C1, ...,Ck, which arereferred to as Relay Cells

112/04/21

23


/46

TWO TIER SECURE ROUTINGA secure data forwarding scheme

similar to the one above

H-sensor are more reliable nodes than L-sensor. Self-healing scheme for H-sensor failures. Use a detoured path to avoid the failure cell.

112/04/21

24


/46

112/04/21

Outline


The HSN Model

Introduction

Authors


25

Security Analysis


/46

SECURITY ANALYSISDue to the limited storage in L-sensor

all cryptographic primitives use a single block cipher for code reuse. Ex:RC5

Security Configuration Data Authentication and Data Integrity

By MAC

Data ConfidentialityBy symmetric encryption

112/04/21

26


/46

SECURITY ANALYSISTTSR can defend against various

attacks on sensor network routing

Sybil Attack Wormhole and Sink-hole Attacks Selective Forwarding Attack Hello Flood Attack

112/04/21

27


/46

SECURITY ANALYSISSybil attack

The Sybil attack can significantly reduce the effectiveness of fault-tolerant schemes

Sybil attacks also pose a significant threat to geographic routing protocols

by authentication

112/04/21

28


/46

SECURITY ANALYSISSinkhole attacks

the adversary’s goal is to lure nearly all the traffic from a particular area through a compromised node

sinkhole attacks can enable many other attacks

an advertisement for an extremely high quality route to a base station

One motivation for mounting a sinkhole attack is that it makes selective forwarding trivial.

112/04/21

29


/46

SECURITY ANALYSISWormholes attack

The simplest instance of this attack is a single node situated between two other nodes forwarding messages between the two of them

wormhole attacks more commonly involve two distant malicious nodes colluding to understate their distance from each other

Wormhole and Sink-hole Attacks adversary is not able to route in TTSR

112/04/21

30


/46

SECURITY ANALYSISSelective forwarding

a malicious node selectively drops sensitive packets

Selective forwarding attacks are typically most effective when the attacking nodes are explicitly included on the path of a data flow

especially when they are used in combination with other attacks such as wormhole and sinkhole attacks

by Packet_ID

112/04/21

31


/46

SECURITY ANALYSISHELLO flooding attack

Many protocols require nodes to broadcast HELLO packets to announce themselves to their neighbors, and a node receiving such a packet may assume that it is within (normal) radio range of the senderThis assumption may be false

by two-way handshake

112/04/21

32


/46

112/04/21

Outline

Security Analysis


The HSN Model

Introduction

Authors

33



/46

EVALUATION OF ROUTING PERFORMANCE

Compare with Directed Diffusion (DD) No attack placed on the sensor network 1 BS, 300 L-sensors random distributed in a

300x300 m2 area For TTSR, additional 20 H-sensors Network divided in to equal-sized cells. Side length of a cell is set as r/2 No data fusion is performed SPT is used

112/04/21

34


/46

Direct DiffusionReference

C. Intanagonwiwat, R. Govindan, and D. Estrin, “Directed diffusion: A scalable and robust communication paradigm for sensor networks,” in Proc. ACM MOBICOM, Aug. 2000

DD consists of several elements data messages ： data is named using attribute-value

pairs

Interests ： The named task description constitutes an interest

Gradients ： is direction state created in each node that receives an interest

Reinforcements ： The sensor network reinforces one or a small number of these paths

112/04/21

35


/46

Direct Diffusion112/04/21

36


/46

Direct DiffusionNaming

A task description is called an interest

Select a naming scheme is the first step in designing DD for the network

112/04/21

37

type = wheeled vehicle // detect vehicle locationinterval = 10 ms // send events every 20 msduration = 10 s // for the next 10 srect = [-100; 100; 200; 400] // from sensors within rectangle.


/46

Direct DiffusionInterest and Gradient

1) Interest Propagation:• the sink periodically broadcasts an interest message

to each of its neighbors• this initial interest may be thought of as exploratory• The interest entry also contains several gradient

fields• local interaction ： To its neighbors, this interest

appears to originate from the sending node

112/04/21

38


/46

Direct Diffusion 2) Gradient Establishment:

• every pair of neighboring nodes establishes a gradient toward each other. This is a crucial consequence of local interactions.

112/04/21

39


/46

Direct DiffusionC. Reinforcement

Sink re-sends the original interest message but with a smaller interval(higher data rate)

it is triggered by receiving one new event

can result in more thanone path being reinforcednegatively reinforce

112/04/21

40


/46

A. Routing Performance under Different Node Densities


112/04/21

41

1.Both TTSR and DD increase as density increase.

2.In TTSR, more candidates to relay packets

3.In DD, more sensor to forward packets

4.From the same L-sensor to the BS, TTSR requires fewer hops

5.H-sensor have higher data rate

1.Both TTSR and DD increase as density increase.

2.More power is dissipated for overhearing in TTSR

3.In DD, more and more nodes are involved in disseminating “interest” and “gradient”

1.Same pair of source-destination in TTSR uses fewer hops of transmissions than that in DD.


/46

B. Routing Performance for Different Source-BS Distances

112/04/21

42


1.For any distance, the delivery ratio of TTSR is higher than DD, TTSR utilize H-sensor and has less hop count than DD

1.In DD, more nodes participate in routing as the distance increase

2.In TTSR, only L-sensors increases, while the number of H-sensors remains the same.


/46

EVALUATION OF ROUTING PERFORMANCEC. Routing Performance for Different

Node Failure Probabilities

112/04/21

43

1.Fewer sensors in the route in TTSR that those in DD.

2.H-sensor are less likely to fail.

1.In TTSR, node failures that cause re-transmission in TTSR.2.The energy consumption of DD decrease when p increase


/46

EVALUATION OF ROUTING PERFORMANCEIn summary

TTSR has a higher delivery ratio, a smaller end-to-end delay and lower energy consumption than Directed Diffusioneven DD dose not run any security primitives

TTSR achieves better performance by utilizing powerful H-sensors

112/04/21

44


/46

CONCLUSIONIn this paper:

A novel secure routing protocol(TTSR) for HSNs.

TTSR consist of secure intra- and inter-cluster routing scheme

TTSR can defend against several sophisticated routing attacks

TTSR has a greater performance than a popular non-secure routing protocol-Directed Diffusion.

112/04/21

45

Documents

Two Tier Secure Routing Protocol for Heterogeneous Sensor Networks Advisor: Yeong-Sung, Lin Presented by Yen-Yi, Hsu Xiaojiang Du, Member, IEEE, Mohsen