Ee 418 project 2 key distribution in wireless sensor networks
This presentation is the property of its rightful owner.
Sponsored Links
1 / 30

EE 418 Project 2: Key Distribution in Wireless Sensor Networks PowerPoint PPT Presentation


  • 37 Views
  • Uploaded on
  • Presentation posted in: General

EE 418 Project 2: Key Distribution in Wireless Sensor Networks. Professor Radha Poovendran Andrew Clark. Project Guidelines. Groups of up to 4 are allowed Due December 15 during the exam Four parts Key distribution problems Node Capture Attack Simulation Analysis of Node Capture Attack

Download Presentation

EE 418 Project 2: Key Distribution in Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ee 418 project 2 key distribution in wireless sensor networks

EE 418 Project 2: Key Distribution in Wireless Sensor Networks

Professor Radha Poovendran

Andrew Clark


Project guidelines

Project Guidelines

  • Groups of up to 4 are allowed

  • Due December 15during the exam

  • Four parts

    • Key distribution problems

    • Node Capture Attack Simulation

    • Analysis of Node Capture Attack

    • Route Capture Attack Simulation

  • Groups are required to complete three of the four parts


Outline

Outline

  • Sensor networks and their applications

  • The key distribution problem

  • The Eschenauer-Gligor scheme

  • Non-cryptographic attacks:

    • Node capture

    • Link capture

    • Route capture

  • Modifications of the EG scheme

  • Conclusion


Wireless sensor networks

Emerging technology with many potential applications

Wireless Sensor Networks

Inventory Tracking

Fire Detection

Patient Monitoring

Battlefield Surveillance


Network model

Network Model

  • Network of N sensor nodes, indexed {1,…,N}

  • Two nodes can communicate if they are within radio range

  • May lack supporting infrastructure (e.g. base station)

  • Computing power, battery lifetime of nodes limit range of protocols used

    • In some applications, no public key crypto!

2

2

6

6

1

1

5

5

7

7

3

3

4

4


Key distribution

Key Distribution

  • In order to communicate, two sensor nodes must share a key

  • Moreover, if two nodes communicate via multiple hops, then each pair of nodes along the path must share a key

  • How do we guarantee that the network is connected if the network topology is not known in advance?

2

2

6

6

1

1

5

5

7

7

3

3

4

4


Na ve approach

Naïve Approach

  • Every node is preloaded with a secret key for every other node

  • Problems:

    • Storage constraints in individual nodes and the network as a whole

      • If you have 1000 nodes, each node needs to store 999 long keys, and the total number of keys is ~1000000

    • Updating the network becomes difficult

  • Not practical for large networks!


Random predistribution

Random Predistribution

  • Eschenauer and Gligor (2002) proposed a novel and straightforward scheme.

  • A pool of P keys is generated randomly.

  • Each node is preloaded with a random collection of k keys from the pool.

  • The number of keys per node is a design parameter.

P = 8

k = 3

{k1, k5, k6}

6

6

1

1

2

{k6, k7, k8}

{k1, k2, k4}

5

5

4

{k3, k6, k8}

{k3, k4, k8}

7

7

3

3

{k2, k5, k8}

{k2, k3, k5}


Ensuring connectivity

Ensuring Connectivity

  • How do we choose k and P?

  • First, find p according to the equation:

  • Pcis the probability that a network of n nodes is connected, assuming that each pair of nodes share a link with probability p.

  • E.g. suppose we want a network of size n=10000 to be connected with probability 0.99. Then we have exp{-e-c} = 0.99, so c = -log(-log(0.99)) = 4.6 and p = log(10000)/10000 + 4.6/10000 = 0.0014

  • Hence in this example, if two nodes share an edge with probability 0.0014, then the network is connected (assuming each node’s radio range is infinite)


Ensuring connectivity1

Ensuring Connectivity

  • Using p, we can find d, the expected degree of each node in the network to ensure connectivity:

    d = p*(n-1)

  • We can use d (rather than p) to characterize the network

  • One problem: so far, we have neglected to take radio range into account!


Ensuring connectivity2

Ensuring Connectivity

  • Suppose that, due to range constraints, each node can only connect to n’ of its neighbors.

  • In this case, we want the probability of connectivity to be p’ = d/(n’-1) to ensure that the whole graph is connected.


Ensuring connectivity3

Ensuring Connectivity

  • Given p’, we can then find values of P and k using the equations on page 5 of [1]:


Ensuring connectivity4

Ensuring Connectivity

  • In summary, we have the following approach:

  • Given n (number of nodes) and Pc (design constraint), find c and p using Erdos’s formula

  • Calculate d = p*(n-1)

  • If the neighborhood size is n’ (due to radio range), find p’ = d/(n’-1)

  • Choose P and k so that Pr(two nodes share a key) = p’


Random key distribution

Random Key Distribution

From a security standpoint, can you think of a problem with assigning keys in this way?


Node capture attacks

Node Capture Attacks

  • The adversary may have a hard time attacking security through cryptanalysis

  • However, recall that the network is unmonitored for extended periods

  • We consider “node capture attacks”, in which the adversary steals the key by physically capturing a node

  • The EG scheme is especially vulnerable because many different nodes may share the same key


Node capture attacks1

Node Capture Attacks

  • The first type of attack is the seed cover attack, in which the adversary attempts to recover the entire key pool (or at least a large subset of it).

  • This is equivalent to the set-covering problem

    • Can use efficient “greedy” heuristic

    • At every iteration, capture the node with the most unknown keys

P = 8

k = 3

{k1, k5, k6}

6

6

1

1

2

{k1, k2, k4}

{k6, k7, k8}

5

5

4

{k3, k6, k8}

{k5, k7, k8}

7

7

3

3

{k2, k5, k8}

{k2, k3, k5}

P’ = {k1, k2, k4, k3, k6, k8, k5, k7}


Node capture attacks2

Node Capture Attacks

  • The second type of attack is the link cover attack.

  • Note that it may not be necessary for the adversary to capture all the secret keys; he may only have to capture enough to compromise all the links

  • This is another set-covering problem


Link cover example

Link Cover Example


Performance

Performance


The q composite scheme

The q-composite Scheme

  • In [2], the authors proposed different methods for mitigating the node capture problem

  • In the q-composite scheme, q shared keys between nodes to are needed to communicate.

  • The shared key between two nodes is then K = hash(k1||…kq)

  • The adversary must therefore capture all q keys to break the link

P = 8

k = 3

{k1, k5, k6}

6

6

1

1

2

{k1, k2, k3}

{k6, k7, k8}

5

5

{k6, k8}

{k7, k8}

{k2, k3}

{k5, k8}

4

{k2, k5}

{k5, k6, k8}

{k5, k7, k8}

7

7

3

3

{k2, k5, k8}

{k2, k3, k5}


The q composite scheme1

The q-Composite Scheme

  • Under the q-Composite scheme, the probability that Eve can compromise the link between two nodes by capturing random nodes is the top equation, where:

    • |S| is the key pool size, m is the number of keys per node

    • p(i) is the probability that two nodes share exactly i keys

    • p is the probability that two nodes share at least q keys

    • x is the number of nodes Eve will capture


Multipath reinforcement

Multipath Reinforcement

  • Suppose A and B have a secure link between them (i.e., they share a key k)

  • We can improve the security of the link by updating its key after the initial setup.

  • If there are m disjoint routes between A and B, then A can generate random numbers v_1, …, v_m and send each number (encrypted, of course) along a different route

  • The shared key will then be k’ = k xor v1 xor … xor vm


Example

Example


Route capture attacks

Route Capture Attacks

  • The final kind of attack we will consider is the route capture attack [4].

  • Route capture attacks take advantage of the fact that traffic in a WSN has to be routed between nodes that are far apart.

  • Thus if we capture certain “bottleneck” nodes, we can observe a lot of the network traffic.


Node capture attacks3

Node Capture Attacks

  • We want to define a way to quantify how vulnerable a route is after a certain number of keys is captured.

  • For a route between source node s and destination d, we define a function Vsd

  • Let C be a set of nodes that we can capture. Then we want:

    • Vsd(C) = 0 if C is empty

    • Vsd(C) between 0 and 1 if there is still some security to the route

    • Vsd(C) = 1 if the route has been compromised.


Node capture attacks4

Node Capture Attacks

  • Suppose we have such a function Vsd. Then, given a set of pairs (s,d) and a set of routes Rsd between them, define the incremental node value by

  • Now, we can implement a greedy algorithm not unlike that from the previous section

  • At each iteration, we capture the node with the largest incremental node value.


Node capture attacks5

Node Capture Attacks

  • The adversary can choose Vsd in order to reflect his or her goals.

  • An example in [4] is


Explanation of terminology

Explanation of Terminology


Summary

Summary

  • By using random key distribution, we can develop secure communication in a sensor network with limited storage

  • This distribution scheme is vulnerable to attack:

    • Seed cover

    • Link cover

    • Route cover

  • There are techniques for mitigating these vulnerabilities.


Questions

Questions?


  • Login