1 / 36

Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005

Toward Resilient Security in Wireless Sensor Networks. Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005. Outline. Introduction and Background On resiliency of existing solutions Design Analysis and Simulation Results Discussions and Conclusions.

gefjun
Download Presentation

Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Toward Resilient Security in Wireless Sensor Networks. Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005

  2. Outline • Introduction and Background • On resiliency of existing solutions • Design • Analysis and Simulation Results • Discussions and Conclusions

  3. Introduction • Target problem: • Compromised nodes • Report fabrication attacks • Existing solution and their problem • Multiple parties endorse an legitimate event; en-route filtering. • Problem: Threshold breaks down. • Their approach: use location-based information to achieve resilience.

  4. General Scenario • Large scale sensor network that monitors a vast geographic terrain. • Size and shape of the terrain is known a priori • Sensor nodes are uniformly randomly deployed to the terrain. • Once deployed, each node can obtain its geographic location via a localization scheme. • One resourceful sink.

  5. Own keys:k1, … Others keys: k2, k3, k4, … General En-route Filtering Framework • Initial: A node store some keys, it use its own key to generate a Message Authentication Code (MAC) attached to an event report. It use others keys to verify the report forwarded to it. Each key has a unique index.

  6. Report | index3 | MAC3 Report | index1 | MAC1 Report | index5 | MAC5 Report | index2 | MAC2 Report | index4 | MAC4 Report | index6 | MAC6 General En-route Filtering Framework • On event occur: A legitimate report must carry m distinct MACs. Multiple nodes sense the event and collaborate generate (one or more) reports with more than m MACs. | index1 | MAC1 Report | index3 | MAC3 | index4 | MAC4

  7. Received Report Check if it has more than m MACs No No Check if it can verify the MACs Drop Forward packet Is the MACs valid? Yes No General En-route Filtering Framework • Intermediate nodes:

  8. General En-route Filtering Framework • Sink verification: Sink knows every keys, it can verify every MACs.

  9. Outline • Introduction and Background • On resiliency of existing solutions • Design • Analysis and Simulation Results • Discussions and Conclusions

  10. Interleaved Hop-by-Hop Authentication (IHA) • Design parameter: m • Sensing cluster with at least m+1 nodes and a cluster head. • Along the path, two nodes that are m+1 hops away are associated by a pair-wise key. • Threshold: m.

  11. Interleaved Hop-by-Hop Authentication (IHA)

  12. Statistical En-route Filtering (SEF) • Global key pool is divided into m partition. • Each node pre-loaded with a few keys randomly chosen from a single partition. • When an event occurs, detecting nodes jointly endorse the report with m MACs, each using a key in a different partition. • Thershold: attackers obtain keys from m partition.

  13. Outline • Introduction and Background • On resiliency of existing solutions • Design • Analysis and Simulation Results • Discussions and Conclusions

  14. Location-Based Resilient Security (LBRS) • Terrain divided into geographic grid and each cell binded with L keys. • Each node stores one key for each of its sensing cells. • Each node randomly chosen a few remote cells based on location information as its verifiable cells, and store one key for each.

  15. Location-Based Resilient Security (LBRS)

  16. Location-Based Resilient Security (LBRS) • A legitimate report is jointly generated by detecting nodes, and should carries m distinct MACs. • Intermediate nodes and sink verification processes are similar to general framework. • Two more new check: • All m distinct MACs should bonded to one cell. • Location attached in the report consistent with the location of MACs

  17. Location-binding key generation • Location-binding key generation: Terrain divided into geographic grid and each cell binded with L keys. • How to construct a grid? • How to derive keys based on the location information in a computationally efficient manner?

  18. How to construct a grid • Construct a virtual square grid uniquely defined by two parameters: a cell size C, and a reference point (X0,Y0) (e.g., sink location). • Denote a cell by the location of its center, (Xi,Yj), such that

  19. How to derive keys • Preload each node with: cell size C, reference (X0,Y0), master secret KI. • Once deployed, a node first obtains its geographic location through a localization scheme. • Derives keys during bootstrapping phase with • H() is a one-way hash function. (Xi,Yj) is the location of the cell.

  20. Location-guided key selection • A node defines an upstream region based on location information and only forward packet for its upstream region. • After defined upstream region, for each cell in its upstream region, select it as a verifiable cell with probability • d is the node’s distance to the sink, Dmax is the max distance between network edge and sink

  21. Location-guided key selection

  22. Location-guided key selection • How to select upstream region and accommodate node failures? • Designed to work with geographic routing protocol. • Upon moderate node failures, geographic routing protocol find a closer detoured paths . • Define beam width b. • Use b and d (distance to sink) to define upstream region.

  23. Benefits • Damage is bonded to some local cells. • Randomized multiple compromised nodes are difficult to compromise a cell. • Location-guided key selection can reduce the keys stored on one node and still achieve reasonable filtering power.

  24. Outline • Introduction and Background • On resiliency of existing solutions • Design • Analysis and Simulation Results • Discussions and Conclusions

  25. Parameter settings

  26. Analysis—Filtering Effectiveness • One node compromised. • Detection Ratio: close to one. • Filtering Position:

  27. Analysis—Key Storage Overhead

  28. Simulation • Platform: own simulator by Parsec language • 30K nodes, 5Km x 5Km field, 100m x 100m cell. • Each simulation repeated 1000 times.

  29. Simulation—Resiliency to random node compromise • Compromised nodes randomly scattered. How many cells will be compromised.

  30. Simulation—Resiliency to random node compromise • How many distinct keys compromised in cells Nc = Number of compromised nodes

  31. Simulation—Filtering Power Kc = number of compromised keys in a cell

  32. Simulation—Delivery Ratio

  33. Outline • Introduction and Background • On resiliency of existing solutions • Design • Analysis and Simulation Results • Discussions and Conclusions

  34. Discussion • Prototype implementation: could all these fit into sensor nodes?? • Platform: MICA2 • Code size: • 9358 bytes ROM, 665 bytes RAM • Execution time: 100x100 cells • Bootstrapping: 2.8 sec • MAC generation and verification: 10 ms

  35. Discussion (Cont’) • Sensor deployment: • Location information is known? • Location information is required? • Routing • Upstream region estimation is designed to work with geographic routing protocols. • They found some non-geographic routing protocols (Directed Diffusion, GRAB) fit well with this model. • Require future study.

  36. Conclusions • If location is a required information, embedded keys with locations seem to be obvious. • Upstream region model is a good way to reduce the key storage and still maintain the filtering power. • They did quite a bit of analysis and simulations to verify their claims. • Security setting is based on application scenario.

More Related