securing wireless sensor networks - Clemson Universitygoddard/MINI/2004/Olariu.pdf · 2004. 10....
Transcript of securing wireless sensor networks - Clemson Universitygoddard/MINI/2004/Olariu.pdf · 2004. 10....
-
ODU Sensor Network Research Group 11
Information assuranceInformation assuranceinin
wireless sensor networkswireless sensor networks
Stephan OlariuStephan OlariuProfessorProfessor
Sensor Network Research GroupSensor Network Research GroupOld Dominion UniversityOld Dominion University
-
ODU Sensor Network Research Group 22
Talk overviewTalk overview
Wireless sensor networksWireless sensor networksSystem assumptionsSystem assumptionsVirtual infrastructureVirtual infrastructureInformation assurance in sensor networksInformation assurance in sensor networksConcluding remarksConcluding remarks
-
ODU Sensor Network Research Group 33
Sensors and
Wireless Sensor Networks
-
ODU Sensor Network Research Group 44
How it all started …
SmartDust program (sponsored by DARPA) defined sensor networks as:
A sensor network is a deployment of massive numbers of small, inexpensive, self-powered devices that can sense, compute, and communicate with other devices for the purpose of gathering local information to make global decisions about a physical environment
-
ODU Sensor Network Research Group 55
NRC gets involved…
The National Research Council expanded the definition:
Sensor networks are massive numbers of small, inexpensive, self-powered devices pervasive throughout electrical and mechanical systems and ubiquitous throughout the environment that monitor (i.e., sense) and control (i.e., effect) most aspects of our physical world
-
ODU Sensor Network Research Group 66
Sensor characteristics
Sensors pack:micro-sensor technologylow power signal processinglow power computationlow power short-range communications capabilitiesmodest non-renewable energy budget
No fabrication-time identity!
-
ODU Sensor Network Research Group 77
Typical sensor diagramTypical sensor diagram
Transceiver
Embedded Processor
Sensor
Battery
Memory
Transceiver
Embedded Processor
Sensor
Battery
Memory
1Kbps- 1Mbps3m-300m
Lossy Transmission
8 bit, 10 MHzSlow Computation
Limited Lifetime
Requires Supervision
Multiple sensors
128Kb-1MbLimited Storage
-
ODU Sensor Network Research Group 88
Types of sensors
PressureTemperatureLightBiologicalChemicalStrain, fatigueTiltSeismic
Some Some examples of examples of
existing existing sensorssensors
-
ODU Sensor Network Research Group 99
-
ODU Sensor Network Research Group 1010
Wireless sensor network (WSN)Wireless sensor network (WSN)
Massive number of sensors densely deployed in the area of interest Random deployment: individual sensor positions cannot be engineeredMain goal:Main goal: global info from local dataglobal info from local dataDistributed system with no central controlDistributed system with no central controlOnly as good as the information it producesOnly as good as the information it produces
information qualityinformation qualityinformation assuranceinformation assurance
-
ODU Sensor Network Research Group 1111
Our view of a WSN system
sensorssensorslocal sink nodelocal sink node
(in(in--network data repositories)network data repositories)
Sink Sink (mobile/airborne)(mobile/airborne)(connection to outside world)(connection to outside world)
deployment areadeployment area
highhigh--level level InterestsInterests
(tasks/queries)(tasks/queries)
useruserReturnedReturned
resultsresults
Internet/satelliteInternet/satellite LowLow--level level tasks/queriestasks/queries
-
ODU Sensor Network Research Group 1212
Two application classes
Monitoring of static environmentsenvironmental monitoringhabitat monitoringinfrastructure surveillance
Monitoring of moving objectstracking animals in wild life preservesmovement tracking of enemy vehiclescross-border infiltration
-
ODU Sensor Network Research Group 1313
The Virtual Infrastructure
-
ODU Sensor Network Research Group 1414
How do we conquer scale?
Golden Rule: Divide and Conquer!
Graft a virtual infrastructure on top of physical networkHow is this done?
special-purpose: protocol drivengeneral purpose: designed without regard to protocol
General-purpose infrastructure should be leveraged by many protocols!
-
ODU Sensor Network Research Group 1515
Components of the virtual infrastructure
Dynamic coordinate systemlocation-based identifierscoarse-grain location awareness
Clustering schemecheap scalability
MiddlewareWork model
hierarchical specification of work and QoSTask-based management model
low-level implementation of work model
-
ODU Sensor Network Research Group 1616
The dynamic coordinate system
-
ODU Sensor Network Research Group 1717
The cluster structure
Cluster: locus of all sensors having the same coordinatesClustering falls out for free once coordinate system availableAccommodates sensors with no IDsClusters can be further subdivided – color graphs
-
ODU Sensor Network Research Group 1818
What are color graphs?
Simple way to enrich hierarchyClusters are furthersubdivided into p color sets What results are p(global) color graphs
-
ODU Sensor Network Research Group 1919
What’s so nice about color graphs?
Very robust: each color graph is connected with high probabilityThus, can serve for routing!They are (rich) cousins ofcircular arc graphs: vast body of knowledge to tap into for protocol design!Graceful degradation as energy budget depleted
-
ODU Sensor Network Research Group 2020
Middleware for WSN?
Appropriate middleware must provide standardized and portable system abstractionsStandardize interface to WSNRequirements for middleware for WSN
negotiate QoS parameters on behalf on WSNsupport and coordinate concurrent applicationstranslate high-level complex goals into low-level taskscoordination among sensorshandle heterogeneity of sensors
-
ODU Sensor Network Research Group 2121
The work model
Application layer
--
Event
Interest Interest Result set, status
(error conditions, etc.)
Clusterr level
Communication
Capability(P-tasks+QoS)
Negotiated QoS
Sink
Sensor Network Layer
Middleware
sensor 1 sensor 2 sensor n
Micro-taskResults, status
CPL CPL CPL
-
ODU Sensor Network Research Group 2222
Task-based management
A P-task is a tuple T(A,c,S,D,π,q) where:
A – action to be performedc – color set to be usedS – source clusterD – destination clusterπ – routing path from S to Dq – desired QoS level
-
ODU Sensor Network Research Group 2323
In-network storage(WSN as databases)
-
ODU Sensor Network Research Group 2424
Interacting with WSN
Middleware pushes queries into WSNQuery types:
one-shot: run once on the current data set; provides snapshot view of data/networkpersistent: issued once and then logically run recurrently on the database; useful for analysis of data collected over time (especially for in-network storage)
Responding to a query:push/pull -- application-specificdata aggregation capability desirable
Strategy: in-network storage desirable!
-
ODU Sensor Network Research Group 2525
Sensor databases
WSN
SinkOne-shot
query
Pull-based:pulls results based on current data
One-shot
WSN
Sink
Persistent query
Push-based:whenever change in data occurs, results are pushed to user
Persistent
In-network storage and processing reduces energy usageTrades off communication with local computation Makes sense: communication consumes more energy than computationExtends lifetime of WSN
-
ODU Sensor Network Research Group 2626
Persistent queries (PQ)
PQ=(Q, trigger, termination)Execution of PQ
Executed when the query is issuedSubsequently executed when trigger condition holdsStops execution when termination condition satisfied
-
ODU Sensor Network Research Group 2727
Trigger conditions
Time-basedimmediateat a specific time pointat regular time intervals
Content-baseda simple conditionan aggregate condition (based on the combined value of data in a locale)a relationship between previous and current data values
-
ODU Sensor Network Research Group 2828
Challenges in PQ
Internet+-S
+
-S+
-SS +
-S +-S
+
-STarget
WSNS
S
Example: Intrusion detection/target tracking
Adaptivity to dynamically changing environmentsScalabilityGraceful degradation for extreme conditions
Fluctuations such as increased workloads, bursty dataHow can the system keep up? Maybe drop some data or work with filtered data
-
ODU Sensor Network Research Group 2929
Information assurance in
WSN
-
ODU Sensor Network Research Group 3030
What is information assurance?
“Information operations that protect and defend information and information systems ensuring their availability, integrity, authentication, confidentiality, and non repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities"
-
ODU Sensor Network Research Group 3131
Key components
Network survivability: ability of the network to function in the wake of failures by minimizing their impactInformation availability (information survivability): need for a user to have uninterrupted and secure access to information on the network Network security: attempts to provide basic security services Information security: an ongoing process that utilizes software and hardware to help secure information flow
-
ODU Sensor Network Research Group 3232
Thus…
Information assurance is more inclusive than information security Assurance involves not only protection and detection but also reaction (mainly survivability and dependability of the system that has been subject to successful attack)It also includes proactive (offensive) information operations, termed information warfare, against attackers
-
ODU Sensor Network Research Group 3333
Extending WSN longevity
Sink
Path of the query
Path of the reply
Enforce (quasi-)optimal number of sensors per taskPower control to maintain network connectivity in spite of sensor failure/energy depletionTopology control to enhance effective functional lifetime of the network
-
ODU Sensor Network Research Group 3434
Problems with sleeping
Basic schemesleep, wakeup periodicallycheck for “calls for participation”if eligible to participate stay awake
Sleeping affects density of deploymentreadiness of the WSNresponse time
Adjust sleep time dynamically
-
ODU Sensor Network Research Group 3535
WSN health monitoring
Query resource availabilityEnergy map: spatial and temporal energy gradient of the WSNUsage pattern: identify
periods of activity for sensorshot spots
Selectively place additional sensors at hot spots to improve performance (not always an option)Self-healing a must!
-
ODU Sensor Network Research Group 3636
Major insecurities in WSNMajor insecurities in WSN
Problems arising from lack of individual IDsProblems arising from lack of individual IDsauthentication is hardauthentication is hardtrust relationships hard to establishtrust relationships hard to establishnonnon--repudiation is hard to enforcerepudiation is hard to enforcenode impersonation is easynode impersonation is easy
Eavesdropping: may give an adversary access to Eavesdropping: may give an adversary access to secret information violating confidentialitysecret information violating confidentialitySensors run the risk of being compromised Sensors run the risk of being compromised
by infiltrationby infiltrationby tamperingby tampering
-
ODU Sensor Network Research Group 3737
Security goalsSecurity goals
AvailabilityAvailability: ensures the survivability of network : ensures the survivability of network services despite denialservices despite denial--ofof--service attacksservice attacksConfidentiality: Confidentiality: ensures that certain information is not ensures that certain information is not disclosed to unauthorized entitiesdisclosed to unauthorized entitiesIntegrity: Integrity: guarantees that a message being guarantees that a message being transferred is never corruptedtransferred is never corruptedAuthentication:Authentication: enables a node to ensure the identity enables a node to ensure the identity of the peer node with which it communicatesof the peer node with which it communicatesNonNon--repudiation:repudiation: ensures that the origin of a message ensures that the origin of a message cannot deny having sent the messagecannot deny having sent the messageAnonymity:Anonymity: hide the identity of sources, destinations hide the identity of sources, destinations and routesand routes
-
ODU Sensor Network Research Group 3838
A succinct list of attacks
Eavesdropping: an attacker that monitors traffic can read the data transmitted and gather information by examining the source of a packet, its destination, size, number, and time of transmissionTraffic analysis: allows an attacker to determine that there is activity in the network, the location of base stations, and the type of protocol being used in the transmissionMan-in-the-middle: attack establishes a rogue intermediary pretending to be a valid sensor Tampering: involves compromising data stored inside sensor usually by node capturingDoS attacks: can be grouped into three categories
disabling of service (e.g., sinkhole, HELLO flood attack),exhaustion, and service degradation (e.g., selective forwarding attack)
Can we guard against them?
-
ODU Sensor Network Research Group 3939
Philosophy of our solutionPhilosophy of our solution
“An ounce of prevention “An ounce of prevention is worth is worth
a pound of cure”a pound of cure”
-
ODU Sensor Network Research Group 4040
What do we do?
PhysicalPhysical--layer encoding: virtually stamps out layer encoding: virtually stamps out infiltration by the adversary infiltration by the adversary Also, leverage the virtual infrastructure!Also, leverage the virtual infrastructure!Problems discussedProblems discussed
tamper resistancetamper resistanceauthenticationauthenticationtraffic anonymity traffic anonymity
-
ODU Sensor Network Research Group 4141
Genetic material
Prior to deployment sensors are injected with the following genetic material:
a public-domain pseudo-random number generatoran initial time -- at this point all the sensors are synchronous to the sink
Each sensor can generate pointers into:Each sensor can generate pointers into:a random sequence a random sequence tt11, t, t22, …, , …, ttii, …, , …, of time epochsof time epochsa random sequence a random sequence nn11, n, n22, …, , …, nnii, …, , …, of frequency channelsof frequency channelsfor every for every nnii a random hopping sequence a random hopping sequence ffi1i1, f, fi2i2, …, , …, ffipip, …,, …,
-
ODU Sensor Network Research Group 4242
Illustrating time epochs, etc
-
ODU Sensor Network Research Group 4343
Synchronization Synchronization –– generalitiesgeneralities
Synchronization does not scale!Synchronization does not scale!Thus, synchronization must beThus, synchronization must be
shortshort--livedlivedtasktask--basedbased
Just prior to deployment, the sensors are synchronizedJust prior to deployment, the sensors are synchronizedDue to clock drift reDue to clock drift re--synchronization is necessarysynchronization is necessarySensors synchronize by following the master clock Sensors synchronize by following the master clock running at the sinkrunning at the sinkIdea: determine the epoch and the position of the sink Idea: determine the epoch and the position of the sink in the hopping sequence corresponding to the epoch in the hopping sequence corresponding to the epoch
-
ODU Sensor Network Research Group 4444
Synchronization Synchronization –– the detailsthe details
The sink dwells The sink dwells tt micromicro--seconds on each seconds on each frequency in hopping sequencefrequency in hopping sequenceAssume that when a sensor wakes up during its Assume that when a sensor wakes up during its locallocal time epoch time epoch tti i the master clock is in one of the master clock is in one of the time epochs the time epochs ttii--11, , ttii,, or or tti+1i+1Each sensor knows the Each sensor knows the lastlast frequencies frequencies λλii--11, , λλii,,and and λλi+1i+1 on which the sink will dwell in the time on which the sink will dwell in the time epochs epochs ttii--11, , ttii,, and and tti+1i+1The strategy:The strategy: tune in, cyclically, to tune in, cyclically, to λλii--11, , λλii,, and and λλi+1i+1spending time spending time t/3t/3 units on each of themunits on each of them
-
ODU Sensor Network Research Group 4545
SynchronizationSynchronization –– the details the details (cont’d)(cont’d)
Assume the sensor meets the sink on frequency Assume the sensor meets the sink on frequency llii in in some unknown slot some unknown slot ss of of ttii--11, , ttii,, or or tti+1i+1To verify the synchronization, the sensor attempts To verify the synchronization, the sensor attempts to meet the sink in slots to meet the sink in slots s+1, s+2s+1, s+2 and and s+3s+3 according according to its own frequency hopping for epoch to its own frequency hopping for epoch tti+1i+1If a match is found, the sensor declares itself If a match is found, the sensor declares itself synchronizedsynchronizedOtherwise, it will return to scanning frequenciesOtherwise, it will return to scanning frequencies
-
ODU Sensor Network Research Group 4646
Making sensors tamperMaking sensors tamper--resistantresistant
Philosophy: no additional hardware!Philosophy: no additional hardware!Tampering Tampering threat modelthreat model for sensorsfor sensors
forcing open inforcing open in--situsituremoval from the deployment arearemoval from the deployment area
Play it safe: if in doubt blank out memoryPlay it safe: if in doubt blank out memory
-
ODU Sensor Network Research Group 4747
Using neighborhood signaturesUsing neighborhood signatures
Immediately after deployment each sensor transmits Immediately after deployment each sensor transmits on a specified sets of frequencies, using a special on a specified sets of frequencies, using a special frequency hopping sequencefrequency hopping sequenceEach sensor collects an array of signal strengths Each sensor collects an array of signal strengths from the sensors in its localefrom the sensors in its localeNSA NSA –– the Neighborhood Signature Arraythe Neighborhood Signature ArrayRemoval from deployment area Removal from deployment area changes in the NSA!changes in the NSA!
-
ODU Sensor Network Research Group 4848
NSANSA--based authenticationbased authentication
Idea: neighbors exchange NSA information, Idea: neighbors exchange NSA information, creating a matrix of signatures creating a matrix of signatures A sensor that wishes to communicate with a A sensor that wishes to communicate with a neighbor identifies itself with its own NSAneighbor identifies itself with its own NSAUpon receiving the NSA the sensor checks its Upon receiving the NSA the sensor checks its validityvalidityAdditional twist: store several instances of the Additional twist: store several instances of the matrix of matrix of NSAsNSAsAuthentication dialogue: Authentication dialogue: ““what is your second to the what is your second to the last NSA?last NSA?””
-
ODU Sensor Network Research Group 4949
Handling Handling DoSDoS attacksattacks
Our physicalOur physical--layer encoding layer encoding + Tamper resistance + Tamper resistance + Infrastructure anonymity+ Infrastructure anonymityMake Make DoSDoS attacks nextattacks next--toto--impossibleimpossible
-
ODU Sensor Network Research Group 5050
Concluding remarksConcluding remarks
Wireless sensor network research extremely hot!Wireless sensor network research extremely hot!
Lots of attention from funding agencies!Lots of attention from funding agencies!
WSN WSN –– far more vulnerable than wireless networksfar more vulnerable than wireless networks
Securing sensor networks Securing sensor networks –– a subject of active worka subject of active work
Major challenge: comprehensive information Major challenge: comprehensive information assurance in hybrid wired+wireless networks assurance in hybrid wired+wireless networks
Information assurancein wireless sensor networksSensors andWireless Sensor NetworksHow it all started …Sensor characteristicsTypes of sensorsWireless sensor network (WSN)Our view of a WSN systemTwo application classesThe Virtual InfrastructureHow do we conquer scale?Components of the virtual infrastructureThe dynamic coordinate systemThe cluster structureWhat are color graphs?What’s so nice about color graphs?Middleware for WSN?The work modelTask-based managementIn-network storage(WSN as databases)Interacting with WSNSensor databasesPersistent queries (PQ) Trigger conditionsChallenges in PQInformation assurance inWSNWhat is information assurance?Key componentsThus…Extending WSN longevityProblems with sleepingWSN health monitoringMajor insecurities in WSNSecurity goalsA succinct list of attacksPhilosophy of our solutionWhat do we do?Genetic materialIllustrating time epochs, etcSynchronization – generalitiesSynchronization – the detailsSynchronization – the details (cont’d)Making sensors tamper-resistantUsing neighborhood signaturesNSA-based authenticationHandling DoS attacksConcluding remarks