1 / 63

Securing Wireless Sensor Networks

Securing Wireless Sensor Networks. Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University. Overview. Overview of Wireless Sensor Networks (WSN). Security in wireless sensor networks. Why is it different?

kata
Download Presentation

Securing Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University

  2. Overview • Overview of Wireless Sensor Networks (WSN). • Security in wireless sensor networks. • Why is it different? • Our recent work on securing WSN using deployment knowledge • Authenticating public keys (Mobihoc’05) • Robust Location discovery (Infocom’05) • Summary

  3. Wireless Sensors Berkeley Motes

  4. Mica Motes • Mica Mote: • Processor: 4Mhz • Memory: 128KB Flash and 4KB RAM • Radio: 916Mhz and 40Kbits/second. • Transmission range: 100 Feet • TinyOS operating System: small, open source and energy efficient.

  5. Deploy Wireless Sensor Networks (WSN) Sensors

  6. Applications of WSN • Battle ground surveillance • Enemy movement (tanks, soldiers, etc) • Environmental monitoring • Habitat monitoring • Forrest fire monitoring • Hospital tracking systems • Tracking patients, doctors, drug administrators.

  7. Securing WSN • Motivation: why security? • Why not use existing security mechanisms? • WSN features that affect security.

  8. Why Security? • Protecting confidentiality, integrity, and availability of the communications and computations • Sensor networks are vulnerable to security attacks due to the broadcast nature of transmission • Sensor nodes can be physically captured or destroyed

  9. Why Security is Different? • Sensor Node Constraints • Battery, • CPU power, • Memory. • Networking Constraints and Features • Wireless, • Ad hoc, • Unattended.

  10. Sensor Node Constraints • Battery Power Constraints • Computational Energy Consumption • Crypto algorithms • Public key vs. Symmetric key • Communications Energy Consumption • Exchange of keys, certificates, etc. • Per-message additions (padding, signatures, authentication tags)

  11. Memory Constraints • Program Storage and Working Memory • Embedded OS, security functions (Flash) • Working memory (RAM) • Mica Motes: • 128KB Flash and 4KB RAM

  12. An Efficient Scheme for Authenticating Public Keys in Sensor Networks

  13. Sensors Deploy Wireless Sensor Networks

  14. Sensors Deploy Key Distribution in WSN Secure Channels

  15. Existing Approaches • Key Pre-distribution Schemes • Eschenauer and Gligor, CCS’02 • Chan, Perrig, and Song, S&P’03 • Du, Deng, Han, and Varshney, CCS’03 • Du, Deng, Han, Chen, Varshney, INFOCOM’04 • Liu and Ning, CCS’03 • Assumption • Public Keys are impractical for WSN • We need to use Symmetric Keys

  16. Three Years Later • Has Public-Key Cryptography (PKC) became practical yet? • The answer might still be NO, but … • Recent Studies on using PKC on sensors • PKC is feasible for WSN • ECC signature verification takes 1.6s on Crossbow motes (Gura et al.)

  17. The Advantage of PKC • Resilience versus Connectivity • SKC-based schemes have to make tradeoffs between resilience and connectivity • PKC-based Key Distribution • 100% resilience • 100% connectivity

  18. Let’s Switch to PKC? • Sorry, I forgot to mention one thing: The gap between SKC and PKC is not going to change much unless a breakthrough in PKC occurs. • Computation costs • RC5 is 200 times faster than ECC • Communication costs • Signatures: ECC (320 bits), RSA (1024 bits), SHA1 (160 bits)

  19. New Focuses • My observation: We will be able to use PKC, but we will use SKC if that can save energy. • We are doing this in traditional networks • Example: session keys • Research Problem Can we reduce the amount of PKC computations with the help of SKC?

  20. Public Key Authentication • Before a public key is used, it must be authenticated • In traditional networks: we use certificates. • Verifying certificates is a public key operation

  21. 2. Here is my public key PK and certificate 3. Verify the certificate: a public key operation Authenticating Public Keysin Traditional Networks B A 1. What is your public key? 2. Here is my public key PK

  22. Authenticating Public Keysin Sensor Networks • Naïve Solution 1: preload all the public keys • Memory cost: (N-1)*320 bits for 160-bit ECC • Naïve Solution 2: preload the hash of all the public keys • Hash is the commitment. • Memory cost: (N-1)*160 bits for SHA1

  23. Can We Improve Memory Usage? • Much less than N-1 commitments • Hash everything together: need 1 commitment • Communication cost: O(N) • A standard technique: Merkle Tree • Memory cost: O(log N) • Communication cost: O(log N)

  24. Using Merkle Trees

  25. Performance • Memory Usage • 1 + log(N) hash values (compared to N-1) • Computation Cost • Log(N) hash operations • Communication Overhead • If we use 160-bit SHA1 • 160 * log(N) bits • When N=10,000, cost=2080 bits, worse than PKC • We need to reduce the height

  26. Trimming the Merkle Tree

  27. A Smarter Trimming A B C

  28. Deployment Knowledge • How do we know that some nodes might more likely be neighbors than others? • Deployment knowledge model.

  29. A Group-Based Deployment Scheme

  30. A Group-Based Deployment Scheme

  31. Modeling of The Group-Based Deployment Scheme Deployment Points

  32. Trimming Strategy

  33. Deployment-based Trimming

  34. Minimize C = w0• a + w1• b + w2• c + w3• d  Subject to Finding Optimal a,b,c, and d • The optimization problem: • S:number of sensors in each deployment group • mmax:maximum amount of memory that can be used • Wi : percentage of nodes that are in the i group. • This is decided by the deployment model • We assume the Gaussian Distribution

  35. Evaluation

  36. Communication Overhead vs. Memory Usages

  37. Communication Overhead vs. Network Size

  38. Impact of Deployment Knowledge: σ Deployment Model: Gaussian Distribution

  39. Impact of Modeling Accuracy

  40. Energy consumption

  41. Comparing Energy cost with RSA / ECC Performance of authenticating public keys using various algorithms

  42. Summary • Public Key Cryptography (PKC) • Will soon be available for sensor networks • Intel Motes: very powerful. • Usage of PKC should still be minimized • We propose an efficient scheme to achieve public key authentication.

  43. A Beacon-Less Location Discovery Scheme for Wireless Sensor Networks

  44. Location Discovery in WSN • Sensor nodes need to find their locations • Rescue missions • Geographic routing protocols • Many other applications • Constraints • No GPS on sensors • Cost must be low

  45. Existing Positioning Schemes Beacon Nodes

  46. Two Important Elements • Reference points • They must know their locations. • e.g. beacon nodes, satellites. • Relationship between nodes and reference points • Distance • Angle of arrival • Time of arrival • Time difference of arrival

  47. The Beacon-Less Scheme • Without using beacon nodes • Beacon nodes are more expensive • They can be the main target of attacks • Nonetheless, we still have to find reference points and the corresponding relationships. • Remember: the locations of the reference points must be known.

  48. Modeling of The Group-Based Deployment Scheme Deployment Points: Their locations are known. We still need another important element: The relationship between nodes and reference points.

  49. The Relationships A

  50. The Relationships A B

More Related