slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Program Integrity Verification (PIV) in Wireless Sensor Networks (WSN ) Based on Park and Shin 2005 presented by There PowerPoint Presentation
Download Presentation
Program Integrity Verification (PIV) in Wireless Sensor Networks (WSN ) Based on Park and Shin 2005 presented by There

Loading in 2 Seconds...

play fullscreen
1 / 30

Program Integrity Verification (PIV) in Wireless Sensor Networks (WSN ) Based on Park and Shin 2005 presented by There - PowerPoint PPT Presentation

  • Uploaded on

Program Integrity Verification (PIV) in Wireless Sensor Networks (WSN ) Based on Park and Shin 2005 presented by Therese Paul. Outline. Introduction to WSN Security issues with WSN Introduce Program Integrity Verification (PIV) Security Framework in PIV PIV Architecture

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Program Integrity Verification (PIV) in Wireless Sensor Networks (WSN ) Based on Park and Shin 2005 presented by There' - torn

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Program Integrity Verification (PIV)

in Wireless Sensor Networks (WSN)

Based on Park and Shin 2005

presented by Therese Paul


Introduction to WSN

Security issues with WSN

Introduce Program Integrity Verification (PIV)

Security Framework in PIV

PIV Architecture

Distributed Authentication of PIV in WSNs



wireless sensor networks wsn
Wireless Sensor Networks (WSN)

Consists of large numbers of minimum capacity, small devices operating in demanding real-world environment

Typically covers a wide area, requiring thousands or even millions of sensors, each of which is capable of specific functions

Consists of Sensors, Data-collection Nodes and Control Nodes

For cost and size reasons, sensors are designed to minimize resource requirements

Each device has limited battery energy, memory, computation, and communication capacities

applications of wsn
Applications of WSN

Environmental monitoring and habitat study

Military surveillance in battle fields

Condition based maintenance in factories

Infrastructure health monitoring in buildings

Precision agriculture, indoor climate control

Monitoring complex interactions, including wildlife habitats, disaster management, emergency response, asset tracking, healthcare, and manufacturing process flow

security issues in wsn
Security Issues in WSN

Physical attacks on sensor devices, e.g., destroying, analyzing, and/or reprogramming sensors

Service disruption attacks on routing, localization, and time synchronization

Data attacks, e.g., Traffic capture, replaying, and spoofing

Resource-consumption and denial-of-service (DoS) attacks

security issues in the sensor
Security Issues in the Sensor
  • Despite the critical role in their intended applications, sensor networks are vulnerable to various security attacks.
  • A captured sensor may be:
    • Reverse-engineered to figure out what the sensor’s program is supposed to do
    • Modified with malicious code
    • Abused by the adversary
  • Adversary can deploy multiple copies of the manipulated sensor device in the network
current solutions
Current Solutions
  • Make a sensor device tamperproof using:
    • Code obfuscation - transform the executable code to make analysis/modification difficult
    • Result checking- examine the validity of intermediate results produced by the program
    • Self-decrypting programs- store the encrypted executables and decrypt them before execution
    • Self-checking- within programs, embed codes for hash computation as well as correct hash values to be invoked to verify the integrity of the program under execution
current solution issues
Current Solution Issues

Code Obfuscation: easier to tamper with the program code as the code size in low-cost sensor devices shrinks

Result-Checking/Self-Decryption: “expensive” to be employed in resource-limited sensor devices because they continuously incurs the overhead of verification or decryption, shortening the sensor’s battery lifetime

The security of self-decrypting programs can be easily broken unless the decryption routines are protected from reverse-engineering

All these approaches are unsuitable for sensor networks where a program runs on a slow, less-capable CPU in each sensor device

is there a better solution
Is There a Better Solution?
  • Require each sensor to register itself with a dedicated server after verification of its program
  • Examine and verify the program in sensors as needed
  • Program Integrity Verification (PIV)
    • A protocol that verifies the integrity of the program residing in each sensor device when it
      • joins the network or
      • has experienced a long service blockage
what piv protocol offers
What PIV Protocol Offers

Prevents manipulation/reverse-engineering/reprogramming of sensors

Does not degrade normal sensor functions since PIV is triggered infrequently and relies on neither self decryption nor result checking

Purely software-based (and, thus, can be used with/without tamper-resistant hardware)

Tailored to the sensor devices with severe resource limitation (e.g., Motes with an 8-bit CPU and 4 KB RAM each)

piv security framework
PIV Security Framework

PIV: consists of PIV Servers (PIVSs) that interact with PIV compliant sensors to verify programs in the sensors

Key Management: typically hinges on a cluster based architecture, in which a cluster-head distributes/renews a cluster-specific key periodically or whenever a sensor within its cluster is found (via PIV) to have been compromised

Intrusion Detection: runs on each cluster-head, continuously monitors/probes network activities to detect malfunctioning devices and, upon finding a suspicious device, requests its re-verification

piv components
PIV Components
  • PIV Servers (PIVSs)
    • equipped with more computation and storage capacities than sensor
    • examine each sensor’s program and check if it is the same as the original
    • maintains a local PIV_DB and stores IDs of the sensors belonging to its own cluster
    • performs the PIV protocol on a sensor and cooperates with other PIVSs in the network to update/manage PIV_DB
piv components cont d
PIV Components Cont’d
  • PIV Code (PIVC)
    • a special-purpose mobile agent that is generated by a PIVS and executed on a sensor being verified to read/process the program
  • Authentication Server (AS)
    • acts as a trusted third party by which the sensor can make sure that the PIVS is authentic and, hence, it is safe to execute the PIVC
    • maintains a list of all legitimate PIVSs in the network and updates the list whenever a PIVS is added or removed
    • authenticates a PIVS using either public-key cryptography or a secret authentication key shared with each sensor
piv interactions
PIV Interactions
  • The interactions among AS, PIVS, and the sensor during PIV consists of the following three tasks:
    • Authentication of PIVS via AS
    • Transmission and execution of PIVC
    • Program verification by PIVS/PIVC
the verification steps
The Verification Steps

Step 1- Initialize: This step starts the verification protocol between the PIVS and the sensor by exchanging their IDs. The sensor, after receiving the ID of PIVS, asks an AS for authentication of the PIVS and, if the authentication fails, terminates the protocol

Step 2- SendPIVC: The PIVS generates a PIVC and then sends it to the sensor. It also records the time when PIV starts

Step 3- AckPIVC: The sensor sends an acknowledgment back to the PIVS

Step 4- StartPIVC: The sensor executes the received PIVC

the verification procedure cont d
The Verification Procedure Cont’d

Step 5- RequestVerification: The PIVC computes a hash value on the program by executing and sends it back to the PIVS

Step 6- NotifyVerification: The PIVS, if it received the hash result within a certain timeout period, examines the received hash value to check if the program has not been tampered with. If it passes the test, the PIVS registers the sensor in the PIV_DB. Then, the PIVS notifies the PIVC of the verification result

Step 7- Activate/lock sensor: The PIVC, based on the verification result, either activates or locks the sensor. The sensor state will be changed to either ACTIVATED or LOCKED, accordingly

sensor verification
Sensor Verification
  • A Randomized Hash Function (RHF)
    • Used for computing hash on the program
    • For each sensor verification, the PIVS creates a new RHF and sends it to the sensor in the PIVC
    • Verify the integrity of the program of each sensor device by comparing the hash value of the sensor program digests maintained in its local database with the hash value returned by the sensor after calculating it by executing the PIVC
  • Only sensors that passed the verification will beregistered in PIV DB; rest will be deleted from the database and becoming unable to join the network
is piv really secure
Is PIV Really Secure?
  • Sensor Security
    • How to Protect the sensor from a malicious server/code disguised as a PIVS/PIVC?
    • Sensor security is achieved by using the authentication server (AS)
  • Code security
    • How to Protect the PIVC from a malicious sensor?
    • Code security by verifying PIVC using the Randomized Hash Function (RHF)
suggested improvements to piv
Suggested Improvements to PIV
  • Provide Distributed Authentication of PIV
    • Eliminates the requirement of the centralized authentication server and make PIV a fully distributed protocol
    • Avoid bottleneck for reliability, security, and communication
    • Be consistent with the distributed structure of sensor networks
  • Solution: DAPP
distributed authentication protocol of pivss dapp
Distributed Authentication Protocol of PIVSs (DAPP)

Used by sensors to securely communicate with PIVSs without the dedicated and trusted Authentication Server (AS)

DAPP enable sensors to validate a PIVS before using it for their verification

Sensors and PIVSs establishes a pair-wise key and for PIVSs to authenticate one another

Provides a protocol for PIVSs to cooperatively detect and revoke malicious PIVSs in the network

DAPP reduces the sensors’ communication traffic in the network by more than 90% and the energy consumption on each sensor by up to 85%, as compared to the case of using a centralized AS for authenticating PIVSs

  • PIV Offers:
    • Prevention of manipulation, reverse-engineering, and reprogramming of sensors
    • Purely software based protection with/without tamper-resistant hardware
    • Infrequent triggering of the verification
  • PIV Protocol security analysis shows that PIV effectively defeats possible attacks like replay attacks and the only plausible attack requires modification of sensor hardware.
  • Performance analysis/evaluation demonstrated that the communication and processing overheads are very small
  • The hash computation algorithm has a small time overhead

“Soft Tamper-Proofing via Program Integrity Verification in Wireless Sensor Networks” By Taejoon Park, Student Member, IEEE, and Kang G. Shin, Fellow. IEEE TRANSACTIONS On Mobile Computing, Vol. 4, No. 3, May/June 2005

“Distributed Authentication of Program Integrity Verification in Wireless Sensor Networks” By Katharine Chang, Kang G. Shin. Proceedings of 2nd International Conference on Security and Privacy in Communication Networks (SecureComm), Baltimore, MD 2006 IEEE

“Secure Routing In Wireless Sensor Networks: Attacks And Countermeasures” By Chris Karlof and David Wagner. University of California at Berkeley, Berkeley, CA 94720, USA

“Wireless Sensor Networks” By F. L. Lewis. Smart Environments: Technologies, Protocols, and Applications ed. D.J. Cook and S.K. Das, John Wiley, New York, 2004.