Applied cryptographyApplied cryptographyProject 2Project 2

22CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

A demoA demoChat server registrationChat server registrationPlease enter a login name : Please enter a login name :

> Alice> Alice

Please enter the certificate file name: Please enter the certificate file name:

> c:\cert.cer> c:\cert.cer

Congratulations Alice! You have registered with the chat serverCongratulations Alice! You have registered with the chat server

<terminate program><terminate program>

Logging into the serverLogging into the serverPlease enter login name:Please enter login name:

> Alice> Alice

<challenge response><challenge response>

Welcome Alice!Welcome Alice!

<Display contact list><Display contact list>

33CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

A demoA demo

Alice Bob

1. Add Contact2. ChatEnter your choice:> 1Enter contact name:BobBob has been successfully

added to you contact list

1. Add Contact2. ChatEnter your choice:> 2Enter contact name:BobAlice : Hi BobBob: Hello

Alice has added you to her contact list

Alice: Hi BobBob: Hello

Sensor Network SecuritySensor Network Security

Prepared by:

Smitha Satish

For CSE 539 ‘05

55CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

What is a sensor network?What is a sensor network?

Consists of spatially distributed sensorsConsists of spatially distributed sensors

Sensors work cooperativelySensors work cooperatively

Used to monitor or detect phenomena at a Used to monitor or detect phenomena at a particular locationparticular location

Sensor node has sensing, data processing Sensor node has sensing, data processing and communication componentsand communication components

Resource constrained, limited batteryResource constrained, limited battery

66CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

Applications of sensor networksApplications of sensor networks

Environmental monitoring – great duck islandEnvironmental monitoring – great duck island

Video surveillanceVideo surveillance

Traffic monitoringTraffic monitoring

Air traffic controlAir traffic control

RoboticsRobotics

CarsCars

Home monitoringHome monitoring

Industrial and manufacturing automation.Industrial and manufacturing automation.

77CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

Security in sensor networksSecurity in sensor networks

Control Node NodeNode

Base Station

Internet

Sensors

Communication link between sensors

Insecure Communication links

Bio sensor networks with security requirements

•Data confidentiality•Data authentication•Data availability•Data integrity•Data Freshness

88CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

Sensor node characteristicsSensor node characteristics

Vulnerability of nodes to physical captureVulnerability of nodes to physical capture

Lack of a-priori knowledge of post-Lack of a-priori knowledge of post-deployment configurationdeployment configuration

Lower batteryLower battery

Limited memory resourcesLimited memory resources

Limited bandwidth and transmission powerLimited bandwidth and transmission power

Impracticality of public key cryptosystemsImpracticality of public key cryptosystems

99CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

Attack modelAttack model

EavesdroppingEavesdropping

Loss of privacy of sensed dataLoss of privacy of sensed data

Denial of serviceDenial of service

Sensor node compromiseSensor node compromise

1010CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

Aspects of sensor network securityAspects of sensor network security

CryptographyCryptography

Key managementKey management

Secure routingSecure routing

Location aware routingLocation aware routing

Secure data integrationSecure data integration

1111CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

Key distribution - requirementsKey distribution - requirements

Secure node-to-node communicationSecure node-to-node communication

Addition of legitimate nodesAddition of legitimate nodes

Prevent unauthorized nodesPrevent unauthorized nodes

No prior knowledge of deploymentNo prior knowledge of deployment

Low computational and storage Low computational and storage requirementrequirement

1212CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

Single network wide keySingle network wide key

Use shared network wide key and bootstrap pair-Use shared network wide key and bootstrap pair-wise keys and append a MACwise keys and append a MAC

Advantages:Advantages: Minimal storage requirementsMinimal storage requirements No need for key exchange or discoveryNo need for key exchange or discovery Only symmetric encryption can be usedOnly symmetric encryption can be used Resistant to DoSResistant to DoS

Disadvantages:Disadvantages: Single node compromise leads to network Single node compromise leads to network

compromisecompromise

1313CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

Pre-deployed pair-wise keyPre-deployed pair-wise key

Every node shares unique symmetric key Every node shares unique symmetric key with every other nodewith every other node

Advantages:Advantages: Resilience to node captureResilience to node capture Compromised keys can be revokedCompromised keys can be revoked No need for key exchange or discoveryNo need for key exchange or discovery Only symmetric encryption can be usedOnly symmetric encryption can be used

Disadvantages:Disadvantages: High storage requirementsHigh storage requirements No scalabilityNo scalability

1414CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

The one with TrentThe one with Trent

Sensor nodes authenticate to trusted base Sensor nodes authenticate to trusted base station which provides link key to the pairstation which provides link key to the pair

Advantages:Advantages: Resilience to node captureResilience to node capture Compromised keys can be revokedCompromised keys can be revoked Small memory requirementSmall memory requirement

Disadvantages:Disadvantages: Base station is target for compromiseBase station is target for compromise No scalabilityNo scalability You need protocols for key exchange or discoveryYou need protocols for key exchange or discovery

1515CSE539 Applied Cryptography- 2005CSE539 Applied Cryptography- 2005

Asymmetric cryptographyAsymmetric cryptography

Use asymmetric keys to perform symmetric Use asymmetric keys to perform symmetric key exchangekey exchangeElliptic curve cryptographyElliptic curve cryptography

Advantages:Advantages: Resilience to node captureResilience to node capture Compromised keys can be revokedCompromised keys can be revoked Fully scalableFully scalable

Disadvantages:Disadvantages: Requires asymmetric key hardwareRequires asymmetric key hardware Denial of service Denial of service Node replicationNode replication