Post on 13-Jan-2016
1
A Secure Communication Protocol For Wireless Biosensor Networks
Masters Thesis byKrishna Kumar Venkatasubramanian
Committee:Dr. Sandeep GuptaDr. Rida BazziDr. Hessam Sarjoughian
2
Overview Introduction Problem Statement System Model Proposed Protocols Security Analysis Implementation Conclusions & Future Work
3
Biomedical Smart Sensors Miniature wireless systems. Worn or implanted in the
body. Prominent uses:
Health monitoring. Prosthetics. Drug delivery.
Each sensor node has: Small size. Limited
memory processing communication
capabilities
Environment(Human Body)
sensors
Base Station
Communication links
4
Motivation for biosensor security
Collect sensitive medical data.
Legal requirement (HIPAA).
Attacks by malicious entity: Generate fake emergency warnings.
Prevent legitimate warnings from being reported.
Battery power depletion.
Excessive heating in the tissue.
5
Problem Statement Direct communication to the BS can be prohibitive.
To minimize communication costs, biosensors can be organized into specific topologies.
Cluster topology is one of the energy-efficient communication topologies for sensor networks [HCB00].
Traditional cluster formation protocol is not secure.
We want to develop protocols which allow for secure cluster formation in biosensor networks.
6
Cluster Topology
Cluster headCluster
Cluster Member
Base Station
7
Traditional Cluster Formation Protocol
CH1 CH2CH3
1
2 3
4
5
EnvironmentWeaker signal
8
Security Flaws HELLO Flood and Sinkhole Attack
1 2 3
Malicious Entity acting as a SINKHOLE
Weaker signal
CH2CH1
The sinkhole can now mount selective forwarding attacks on the biosensors in its “cluster”.
Malicious entity can mount a Sybil attack where it presents different identities to remain CH in multiple rounds.
9
Security Flaws contd..
Node with surrounding tissue at above normal temperature.Node with
surrounding tissue at normal temperature.
tissue
Node with dead battery
Network Partitioning.
Malicious entity sending bogus messages to sensor and depleting its energy.
Malicious entity having unnecessary communication with a sensor causing heating in the nearby tissue.
10
System Model
ADVERSARIES:Passive: Eavesdrop on communication and tamper with it.
Active: Physically compromise the external biosensors.
Temperature sensor
Glucose sensor
11
Trust Assumptions The wireless communication is
broadcast in nature and not trusted.
The biosensors do not trust each other.
Base Station is assumed not to be compromised.
12
Key Pre-Deployment Each biosensor shares a unique pair-wise key
(master key) with the BS. This key is called NSK
We do not use NSK directly for communication, we derive 4 keys from it (derived keys):
Encryption Keys MAC Keys
KN-BS = H(NSK,1) K’N-BS = H(NSK,2)
KBS-N = H(NSK,3) K’BS-N = H(NSK,4)
13
Biometrics Physiological parameters like heart rate and
body glucose.
Used for securing/authenticating
communication between two biosensors which
do not share any secret.
Usage Assumptions: Only biosensors in and on the body can measure biometrics.
There is a specific pre-defined biometric that all biosensors can
measure.
14
Issues with Biometrics Biometric value data-space is not large enough.
Possible Solutions: Combine multiple biometric values. Take multiple biometric measurements at each time. Limit the validity time of a biometric value.
Biometric values at different sites produce different values.
Solution Proposed in Literature: These differences are independent. [Dau92] Can be modeled as channel errors. [Dau92] Fuzzy commitment scheme based on [JW99] used to correct
differences. Can correct up to two bit errors in the biometric value measured at
the sender and receiver.
15
Biometric Authentication
BMT
1 2 3 4 5
ST
6
Time-Period
Measure biometric: BioKey
Generate data
Compute Certificate:Cert [data] = MAC ( KRand, data), γγ = KRand BioKey
Send Msg: data, Cert [data]
Measure biometric: BioKey’
Receive Msg: data, Cert [data]
Compute MAC Key: KRand’ = γ BioKey’f (KRand’) = KRand
Compute Certificate MAC And compare with received:MAC (KRand, data)
SE
ND
ER
RE
CE
IVER
Biometric Measurement Schedule
16
Centralized Protocol Execution
Nodej All: IDj, NonceNj, MAC(K’Nj – BS, IDj | NonceNj), Cert[IDj, NonceNj]CHp BS: IDj, NonceNi , MAC(K’Nj – BS, IDj | NonceNi), CHp, SS, E<K CHp-BS, Cntr>(KCH-N),
MAC(K’CHp – BS, CHp | SS | E<K CHp-BS, Cntr>(KCH-N) | Cntr)
BS Nodej : CHp, E<K BS-Nj, Cntr’> (KCH-N), Cntr’, MAC(K’BS-Nj, CHp | NonceNj | Cntr’ | E<K BS-Nj, Cntr’> (KCH-N))
CH 1
Sensor Node
Base Station
CH 2 CH 3
CH1CH 2 CH 3 CH 3
17
Distributed Protocol Execution
CHj All: CHj, NonceCHj, E<KRand, Cntr>(Ktemp), Cert[IDj, Cntr, NonceCHj], λλ = BioKey KRand
Nodek CHz: IDk, MAC (Ktemp, IDk | NonceCHz | Cntr | CHz)
CH 1
CH 2
CH 3
Sensor Node
18
Extensions Distribute keys based on attributes.
Allows efficient data communication.
The BS distributes the keys.
For centralized ABK, sent during cluster formation.
For distributed separate step needed.
19
Security Analysis (Passive Adversary)
Hello Flood and Sinkhole Attack Centralized:
Malicious entity does not have appropriate keys to pose as legitimate CH.
Distributed: Malicious entity cannot compute
biometric certificate.
20
Security Analysis (Passive Adversary)
Sybil Attack No entity can become part of network without
having appropriate keys.
Identity Spoofing Cannot pose as BS, no pair-wise (derived)
keys. Cannot pose as CH, no keys to authenticate
data to BS. Cannot pose as sensor node, cannot measure
biometric to fool CH.
21
Security Analysis (Active Adversary)
CH compromise Centralized: Security policy at BS to limit
number of sensor nodes in a cluster.
Distributed: Need intruder monitoring scheme.
Sensor Node compromise Intruder monitoring scheme needed for both
protocols.
22
Implementation We have implemented the two cluster
formation protocols and their extensions.
The implementation was done on the Mica2 sensor motes.
We used TinyOS sensor operating system for writing our programs.
For security primitives TinySec used.
23
Implementation contd.. Encryption – SkipJack
Message Authentication Code – CBC-MAC
We had 4 sensor nodes 3 CH and 1 BS in our implementation.
We simulated two main attacks on our implementation, both of which failed: HELLO Flood attack.
Identity spoofing of sensor node to infiltrate the network.
24
Comparison Security adds a overhead
to the protocol.
We compared overhead in terms of energy consumption.
To compare the protocols, we analyzed them using the communication model given in [HCB00].
Etrans = Etx * k + Ecx * k * d2
Erecp = Erx * k
Node ID = 8 bits Nonce = Counter = 128 bits
Key = 128 bits Signal Strength = 16 bits
Etrans = Erecp = 50 nJ/bit Ecx = 100pJ/bit/m2
Number of Nodes = 100-1500
Sensor-BS distance = 0.75 m
Inter-sensor distance = 0.1 m
MAC size = 64 bits
25
Security Overhead
Comparison of Secure (without extension) and Non-secureCluster Formation Protocols (CH = 5%)
26
Extension Overhead
Comparison for Secure Cluster Formation Protocols with their extensions (CH = 5%)
27
Conclusions & Future Work Protocols developed successfully prevent many of
the potent attacks on the traditional cluster formation protocol.
Biometric based authentication used for ensuring authentication without previous key exchange.
Biometrics not traditionally random and schemes are needed to randomize them.
Better error correction schemes are needed which can correct larger differences in measured biometrics.
28
Reference[JW99] Ari Juels and Martin Wattenberg. “A fuzzy commitment scheme”. 1999.
[Dau92] J. Daugman, “High Confidence personal identification by rapid video analysis of iris texture”, IEEE International Carnahan Conference on Security Technology, pp 50-60, 1992.
[LGW01] L. Schwiebert, S. K. S. Gupta, J. Weinmann et al., “Research Challenges in Wireless Networks of Biomedical Sensors”, The Seventh Annual International Conference on Mobile Computing and Networking, pp 151-165, Rome Italy, July 2001.
[HCB00] W. Rabiner Heinzelman, A. Chandrakasan, and H. Balakrishnan, “Energy-Efficient Communication Protocol for Wireless Microsensor Networks”, Proceedings of the 33rd International Conference on System Sciences (HICSS '00), January 2000.