Security in Wireless Sensor Networks - PowerPoint PPT Presentation

slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security in Wireless Sensor Networks PowerPoint Presentation
Download Presentation
Security in Wireless Sensor Networks

play fullscreen
1 / 13
Security in Wireless Sensor Networks
210 Views
Download Presentation
chelsea
Download Presentation

Security in Wireless Sensor Networks

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Security in Wireless Sensor Networks Tuan Vu, Rei Safavi-Naini, and Carey Williamson Department of Computer Science University of Calgary

  2. Wireless Sensor Network Security A typical sensor Wireless communication can be intercepted A wireless sensor network (WSN) Nodes can be captured A bad guy (an adversary) ASIACCS 2010

  3. The WSN Security Dilemma Operate WSN without encryption? No. Central key distribution center? No. Key installation after deployment? No. Pre-configure a single global key? No. Pre-configure pairwise unique keys? No. Random key pre-distribution? Yes! ASIACCS 2010 3

  4. Random Key Pre-distribution [Eschenauer and Gligor 2002] Eschenauer and Gligor (EG) pioneered a random key pre-distribution approach: • Key pool size: N • Key ring size: m • Network size: n E B A D C N = 5, m=2, key pool: {1, 2, 3, 4, 5} Wireless connectivity Malicious adversary An example of a WSN with 5 nodes (n = 5) Multi-path key reinforcement (mkr) technique: once all nodes have established secure connectivity (e.g., with the EG scheme), two nodes can negotiate a new key by exchanging S random strings through S disjoint paths between them. Node: A Keys: 3, 4 E {3, 5} B {1, 2} , CD Links: AC, AD q-composite scheme: two wireless neighbors must have at least q keys in common to set up a secure link. - The adversary can capture nodes and obtain pre-loaded keys. q-composite and multi-path key reinforcement are two notable solutions to strengthen the EG scheme [Chan et al. 2003] Eschenauer and Gligor use Erdos-Renyi’s random graph theory to model the secure connectivity The EG scheme and its extensions are highly vulnerable to large-scale node capture attacks. Captured nodes behave the same as others so that the adversary will remain undetected while attacking the network. {3, 4} Secure connectivity achieved by the EG scheme. A - Links connected to captured nodes are compromised. {2, 4} D {4, 5} - Links between uncaptured nodes may be compromised as well. C ASIACCS 2010

  5. Our Solution: Virtual Key Rings • Virtual key ring is a general technique that enables nodes to use info about pre-loaded keys of trust neighbors to establish additional secure links. • Applied to the EG system, we have a new scheme consisting of an off-line key pre-distribution phase followed by two rounds of key establishment. E B A D C Wireless connectivity E {3, 5} B {1, 2} {3, 5} E {1, 2, 4} B {3, 4} A {2, 3, 4, 5} {3, 4} A {2, 4} D {1, 2, 3, 4, 5} D {2, 4} {4, 5} C {2, 3, 4, 5} {4, 5} C Secure connectivity achieved by the EG scheme First-round key establishment Node A constructs its virtual key ring Second-round key establishment ASIACCS 2010

  6. Virtual Key Ring with EG Scheme: Second-round Link Establishment Consider the pair (D, E) in the example. • D generates a random r, and chooses a key k (e.g., 3) • D  E: r and IDk • E computes F(k, r) • D  A: r and IDk • A computes F(k, r) • A  D: F(k, r) E B F is an one-way cryptographic function to ensure the security of new keys (i.e., F(k, r)) as well as to keep the generation keys (i.e., k) secret. If X and Y share at least one key, k for example, in their virtual key rings, then either X or some first-round trust neighbors of X has k (similarly for node Y). A D C Wireless connectivity E {3, 5} B {1, 2} {3, 5} E {1, 2, 4} B Pairwise key: F(k, r) {3, 4} A {2, 3, 4, 5} r || IDk A {2, 4} D {1, 2, 3, 4, 5} D F(k, r) r || IDk C {2, 3, 4, 5} {4, 5} C First-round key establishment Second-round key establishment ASIACCS 2010

  7. Virtual Key Ring on EG Scheme -Mathematical Analysis • Given network size (n), network density (nw), key pool size (N), and key ring size (m), we can estimate: • The expected size of the virtual key ring (mv) • The probability of second-round link establishment (p2) • The total number of trust neighbors (d) • The communication overhead • The resilience against node capture attack • Example: • Given network size (n), network density (nw), and key pool size (N), we can estimate the key ring size (m) to achieve high connectivity. ASIACCS 2010

  8. Resilience against Node Capture Attacks -EG vs. Virtual Key Ring (EG) Simulation results Network:1,000 nodes Density: 30 nodes Key pool: 50,000 keys Key ring size is chosen so that connectivity is 99.9% (i.e., 266 in the EG scheme and 158 in the virtual key ring (EG) scheme). All second-round link between uncaptured nodes remain secure against AL since all random strings r used for generating additional keys are unknown to AL. The resilience against AE is improved by about 10% in large-scale attacks where the number of captured nodes is from 150 to 450. We are only interested in the strong adversary AE. Real power of the virtual key ring concept is obtained when it is combined with q-composite and multi-path reinforcement to take full advantage of larger effective key rings. ASIACCS 2010

  9. Resilience against Node Capture Attacks -EG with mkr vs. Virtual Key Ring (EG) with mkr Simulation results Network:1,000 nodes Density: 30 nodes Key pool: 50,000 keys Key ring size is chosen so that connectivity is 99.9%. Only two-hop paths are considered for reinforcement. Better connectivity means more paths between nodes, leading to better resilience with mkr. For 200 nodes captured, link compromise probability between uncaptured nodes in the virtual key ring scheme is less than 3%. For 300 nodes captured, the link compromise probabilities are 60% (EG) and 20% (virtual key ring). For 500 nodes captured, virtual key rings are 25% more resilient. ASIACCS 2010

  10. Resilience against Node Capture Attacks -2-composite vs. Virtual Key Ring (2-composite) Simulation results Network:1,000 nodes Density: 30 nodes Key pool: 50,000 keys Key ring size is chosen so that connectivity is 99.9%. Large virtual key rings allow nodes to find more common keys. Since all common keys are required to construct pairwise keys, resilience is improved. When 50% of the nodes are captured, the link compromise probability is about 95% in the 2-composite scheme, and 30% for virtual key rings. ASIACCS 2010

  11. Summary and Conclusions • Virtual Key Ring scheme: • Better secure connectivity in WSNs • Fewer pre-loaded keys required • Improved resilience against node capture • Applicable to key pre-distribution systems • Tradeoff: higher communication overhead ASIACCS 2010

  12. Future Work • Extending the virtual key ring idea to more than two rounds. • Applying the virtual key ring concept to other key pre-distribution schemes and developing general model for analysis. • Investigating different network models such as mobile nodes. ASIACCS 2010

  13. References T. Vu, R. Safavi-Naini, and C. Williamson, “Securing WSNs Against Large-Scale Node Capture Attacks”, ACM ASIACCS 2010, Beijing, China, April 2010. To appear. T. Vu, C. Williamson, and R. Safavi-Naini, “Simulation Modeling of Secure WSNs”, Proc. of ICST ValueTools, Pisa, Italy, Oct 2009. T. Vu, Modeling, Analysis, and Simulation of Secure Wireless Sensor Networks, M.Sc. Thesis, Dept of Computer Science, U. Calgary, October 2009. ASIACCS 2010 13