1 / 28

Overview of Sensor Network Security

Overview of Sensor Network Security. Yang Liu. Graduate student, University of Tennessee. 2003 spring group seminar. Motivation. Hostile environments Battlefield sensing/actuation Safety-critical applications Sensors in reactor complex Privacy intrusions Employee tracking/monitoring

Download Presentation

Overview of Sensor Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Overview of Sensor Network Security Yang Liu Graduate student, University of Tennessee 2003 spring group seminar

  2. Motivation • Hostile environments • Battlefield sensing/actuation • Safety-critical applications • Sensors in reactor complex • Privacy intrusions • Employee tracking/monitoring • Uncontrolled access 2 2003 spring group seminar

  3. Challenges • Wireless Communication • Bring eavesdropping, unauthorized access, spoofing, replay and denial-of-service attacks; • Resource-constrained sensor nodes • Limit the degree of encryption, decryption, and authorization on the individual sensor nodes; • Compromised sensor nodes • Denial-of-service attacks; 3 2003 spring group seminar

  4. Desired security properties • Confidentiality • only intended receivers can recover the meaning • Authenticity • Integrity • Freshness • a message is not a replay of a previous message • Scalability and Availability • Other Considerations • Traffic analysis • Sensor data accuracy 4 2003 spring group seminar

  5. Security Attacks Release of Message contents Passive Attacks Traffic analysis Attacks Masquerade Replay Active Attacks Denial of service Modification of messages 5 2003 spring group seminar

  6. Attack Threads • Spoofed, altered, or replayed routing information • Selective forwarding • Sinkhole attacks • Sybil attacks • A single nodes presents multiple identities • Wormholes • HELLO flood attacks • see illustration 6 2003 spring group seminar

  7. Attacks against routing protocols 7 2003 spring group seminar

  8. Cryptography Review • Symmetric ( secret key ) • Shared secret • Confusion and diffusion • E.g., RC5, DES, AES • Asymmetric( public key ) • One-way functions • E.g., RSA, ElGamal, Elliptic-Curve 8 2003 spring group seminar

  9. Cryptographic Mechanism • Use of public key cryptography in a manner that takes advantage of its asymmetric nature to minimize power consumption • Use of secret key (symmetric) cryptography within tamper-resistant sensors in a manner that efficiently emulates public key functionality (i.e., key notarization and symmetric-key certificates) • Efficient key management techniques, including adaptive selection and use of group keying • Use of special-purpose hardware to accelerate selected cryptographic operations 9 2003 spring group seminar

  10. Security Services • Provide for essential authentication, integrity, and confidentiality services • Provide security support services, including efficient sensor equivalent of a public key infrastructure (PKI) Security services Security support services PKI Equivalent Key Management Confidentiality Other Integrity Other Authentication Efficient cryptographic mechanisms 10 2003 spring group seminar

  11. Related work • Security Considerations • Energy-Efficiency • Key Algorithm • Secure Routing • Intrusion Detection and Tolerant 11 2003 spring group seminar

  12. Security Considerations • NAI Lab • “Constraints and Approaches for Distributed Sensor Network Security” • OSU • “Security Considerations in Wireless Sensor Networks” • Univ. of Virginia • “Denial of Service in Sensor Networks” 12 2003 spring group seminar

  13. Review • NAI Labs has developed novel key management protocols specifically designed for the distributed sensor network environment, including Identity-Based Symmetric Keying and Rich Uncle. They have analyzed both existing and NAI Labs-developed keying protocols for their suitability at satisfying identified requirements while overcoming battlefield energy constraints. They also implemented a sensor network simulator. • Secret-key-based protocols are generally energy-efficient • Public key algorithms consume a great deal of computational and communications energy • group keying protocols can reduce key management and communications energy consumption • a mix of public key-based protocols, including pairwise, group keying, and distribution keying, provide an energy-efficiency superior to using just a single protocol 13 2003 spring group seminar

  14. Review • Denial of Service Attacks and Defenses 14 2003 spring group seminar

  15. Energy-Efficiency • Univ. of Maryland • “Design Space Exploration for Energy-Efficient Secure Sensor Network” • Univ. of Twente • “Assessing Security-Critical Energy-Efficient Sensor Networks” • NAI LAB • “Energy-Efficient and Low-latency Key Management For Sensor Networks” 15 2003 spring group seminar

  16. Review • UMD • Two observations • Unbalanced computation load for decryption and encryption • Large variety of data processing requirement( The forwarding messages need not be processed) • Propose dynamic voltage scaling(DVS) for energy-efficient DSN. • DVS varies the supply voltage and clock frequency based on the computation load to provide performance with minimal amount of energy consumption • EYES • Propose a unified assessment framework based on system profiles, system parameters: • Data Confidentiality • Tamper Resistance • Public Key Cryptographic Capability • Rich Uncles 16 2003 spring group seminar

  17. Key Algorithm • NCSU • “Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks” • UMD • “A key-management scheme for distributed sensor networks” 17 2003 spring group seminar

  18. Review • UMD • Pre-key distribution ( chose n keys randomly from a large k pools at for a node and save them ) • Share-key discovery ( During DSN initialization, each node discover the neighbor nodes which can share keys ) • Path-key establishment ( If the node pair cannot share keys, but they are connected with the links in which all nodes share key, they can be assigned a key. 18 2003 spring group seminar

  19. Secure Protocols • UC. Berkeley • “SPINS: Security Protocols for Sensor Networks” • “Secure Routing in Wireless Sensor Network: Attacks and Countermeasures” • UMBC • “Security For Sensor Network” • UCLA • “On communication Security in Wireless Ad-Hoc Sensor Network” 19 2003 spring group seminar

  20. Review • SPINS has two secure blocks: SNEP and µTESLA. • SNEP includes: data confidentiality, two-party data authentication and evidence of data freshness • Semantic security, coding with randomized counter • Data Authentication, MAC( message authentication code) using shared secret key • Replay authentication, MAC includes counter value • Low communication overhead, 8 bit per messages • µTESLA provides authenticated broadcast • One way function • UCLA communication Security Scheme • Define three types of data in sensor network, which is mobile code, location information and application specific information • For each of them apply for different security levels protection, master key for mobile code, group key for location information and low overhead key for application data. 20 2003 spring group seminar

  21. Intrusion Detection and Tolerant • Univ. of Colorado, Boulder • “INSENS: Intrusion-Tolerant Routing in Wireless Sensor networks” • Palo Alto Research Center • Jessica Staddon, Dirk Balfanz and Glenn Durfee. “Efficient tracing of failed nodes in sensor networks” 21 2003 spring group seminar

  22. Review • Intrusion tolerance • Constrain the type of commutations. Individual nodes are not allowed to broadcast to the entire network • Prevent advertisement of false routing data. Control routing information must be authenticated • Symmetric key is chosen • Redundant multipath routing is built into the system to achieve secure routing • Intrusion Detection ( tracing the false nodes) • Base station need know near neighbors of each node • Establish network topology • Subdivision-Based tracing 22 2003 spring group seminar

  23. Research Fields • Security under resource constraints, e.g., energy, bandwidth, memory, and computation constraints; • Key management; • Authentication and access control; • Intrusion detection and tolerance; • Secure location services; 23 2003 spring group seminar

  24. Research Fields (Cont.) • Trust establishment, negotiation, and management; • Privacy and anonymity; • Secure routing; • Secure MAC protocols; • Denial of service; • Prevention of traffic analysis; 24 2003 spring group seminar

  25. Future Topics • Introduction to Cryptography • Overview of Ad hoc Network Security • Introduction to Intrusion Detection System • Overview of routing protocols in Sensor Network • Key Exchange, Distribution and management • Security in Mobile Agent • Sensor Network Simulation 25 2003 spring group seminar

  26. Reference • [1] D. W. Carman, P. S. Kruus and B. J. Matt. “Constraints and Approaches for Distributed Sensor Network Security”. dated September 1, 2000. NAI Labs Technical Report #00-010 • [2] Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J. D. Tygar. “SPINS: Security Protocols for Sensor Networks”, in Wireless Networks Journal (WINE), September 2002 • [3] Prabal K. Dutta, “Security Considerations in Wireless Sensor Networks”, Sensors Expo, San Jose, CA • [4] Sasha Slijepcevic, Miodrag Potkonjak,Vlasios Tsiatsis, Scott Zimbeck, Mani B. Srivastava. “On communication Security in Wireless Ad-Hoc Sensor Network” Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'02) June 10 - 12, 2002 Pittsburgh, Pennsylvania, USA • [5] Chris Karlof and David Wagner, “Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures”, to appear First IEEE International Workshop on Sensor Network Protocols and Applications, May 2003 • [6] Anthony D. Wood, John A. Stankovic. “Denial of Service in Sensor Networks”. IEEE Computer, 35(10):54-62, 2002 • [7] Lin Yuan, Gang Qu. “Design Space Exploration for Energy-Efficient Secure Sensor Network”. The IEEE International Conference on Application-Specific Systems, Architectures, and Processors (ASAP'02) July 17 - 19, 2002 San Jose, California 26 2003 spring group seminar

  27. Reference(Cont.) • [8] Jeffery Undercoffer, Sasikanth Avancha, Anupam Joshi, and John Pinkston, “Security for Sensor Networks”2002 CADIP Research Symposium. • [9] Donggang Liu and Peng Ning “Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks”, The 10th Annual Network and Distributed System Security Symposium. San Diego, California. February 2003 • [10] Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J. D. Tygar. “SPINS: Security Protocols for Sensor Networks”. in Proceedings of Seventh Annual International Conference on Mobile Computing and Networks MOBICOM 2001, July 2001 • [11] Adrian Perrig, Robert Szewczyk, Victor Wen, Alec Woo. “Security for SmartDust Sensor Network” • [12] Stavan Parikh, Tracy Barger, David Friedman “ Security in Sensor Network”, lecture of CS 588 Cryptography, Dec. 2001 • [13] Jessica Staddon, Dirk Balfanz and Glenn Durfee. “ Efficient tracing of failed nodes in sensor networks”. In Proceedings of the first ACM international workshop on Wireless sensor networks and applications (WSNA), pages 122-130, ACM Press, 2002 27 2003 spring group seminar

  28. Illustration Warmhole and sinkhole Spoofing HELLO flooding Sybil 28 2003 spring group seminar

More Related