Security versus Power Consumption in Wireless Sensor Networks
Security in Sensor Networks
Transcript of Security in Sensor Networks
![Page 1: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/1.jpg)
Security in Sensor Networks
Written by: Prof. Srdjan Capkun & OthersPresented By : Siddharth Malhotra
Mentor: Roland Flury
![Page 2: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/2.jpg)
2
Mobile Ad-hoc Networks (MANET)
MobileRandom and perhaps constantly changing
Ad-hoc Not engineered
NetworksElastic data applications which use networks to communicate
![Page 3: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/3.jpg)
3
MANET Issues
Routing (IETF’s MANET group)
IP Addressing (IETF’s autoconf group)
Transport Layer (IETF’s tsvwg group)
Power Management
Security
Quality of Service (QoS)
Multicasting/ Broadcasting
Products
![Page 4: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/4.jpg)
4
Overview
Part 1Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping
Part 2Secure Time Synchronization in Sensor Networks
![Page 5: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/5.jpg)
5
Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping
![Page 6: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/6.jpg)
6
Motivation
How can two devices that do not share any secret key for communication establish a shared secret key over a wireless radio channel in the presence of a communication jammer?Converting the dependency cycle to dependency chain.
![Page 7: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/7.jpg)
What are we destined to achieve?
7
A
B
4 2 12
5 7 3 8 11
6 9 9 1 45
4 2 12
5 7 3 8 11
6 9 9 1 45
Coordinated Frequency Hopping
![Page 8: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/8.jpg)
8
Attacker Model
A – Sender B – ReceiverJ – Attacker
![Page 9: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/9.jpg)
9
Goal of the Attacker
Prevent them from exchanging information. Increasing (possibly indefinitely) the time for the message exchange in the most efficient way.
A
E
B
Sending Random
Messages
Sending Relevant Data
Inserting Messages: Insert messages generated using known (cryptographic) functionsand keys as well as by reusing previously overheard messages.
A
E
B
Jam the signal
Replay with delay
listen
A
E
Blisten
A
B
AB
Modifying messages: Modify messages by flipping single message bits or by entirely overshadowing original messages.
Jamming messages: Jam messages by transmitting signals that cause the original signal to become unreadable by the receiver.
![Page 10: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/10.jpg)
10
Basics
Sender A is divided into small frequency channels.Receiver B has larger frequency channels as compared to A
5177133214788655233212
Successful Transmission
![Page 11: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/11.jpg)
11
Uncoordinated Frequency Hopping
•Each packet consists of :•Identifier (id) indicating the message the packet belongs to•Fragment number (i)•Message fragment (Mi)•Hash of the next packet (h(mi+1)).
MESSAGEM1 M2 M3 M4 M5 M6 M7 M8 M9 M10
id 1 h(m2)
m1
id 2 h(m3)M2
m2From Last Packet
![Page 12: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/12.jpg)
12
Uncoordinated Frequency Hopping
•Each packet consists:•Identifier (id) indicating the message the packet belongs to•Fragment number (i)•Message fragment (Mi)•Hash of the next packet (h(mi+1)).
Packet Chain
![Page 13: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/13.jpg)
13
UFH Message Transfer Protocol
The protocol enables the transfer of messages of arbitrary lengths using UFH.
Fragmentation
- Fragments the message into small packets
- Hash Function is added
Transmission
- A high number of repetitions (Sends Randomly)
- Listens the input channels to record all incoming packets
Reassembly
- Packets linked according to Hash Function
![Page 14: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/14.jpg)
14
Security Analysis of the UFH Message Transfer Protocol
![Page 15: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/15.jpg)
15
UFH Key Establishment
Stage 1The nodes execute a key establishment protocol and agree on a shared
secret key K using UFH.
Stage 2Each node transforms K into a hopping sequence, subsequently, the nodes
communicate using coordinated frequency
hopping.
![Page 16: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/16.jpg)
16
UFH key establishment using authenticated DH protocol
Diffie-Hellman Protocol for Key ExchangeAlice Bob
a, g, pKA = ga mod p
KAB = KB a mod p
bKB = gb mod p
KAB = KA b mod p
Eve
????????????
KA, g, p
KB
![Page 17: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/17.jpg)
Public
17
UFH key establishment using authenticated DH protocol
A B
Stage 1
TA , KA
Public
A B
TA , KB
K = KAB K = KABShared Key (KAB) for Coordinated Frequency
Hopping
Uncoordinated Frequency Hopping
![Page 18: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/18.jpg)
18
UFH key establishment using authenticated DH protocol
A
B
Stage 2
4 2 12
5 7 3 8 11
6 9 9 1 45
4 2 12
5 7 3 8 11
6 9 9 1 45
Coordinated Frequency Hopping using the KAB
![Page 19: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/19.jpg)
Results
19
Pj = Probability that a packet is JammedC = Total no. of Channels
l = no of packetsNj = exp. no. of required packets transmissions
Cn = No. of channels for receivingCm = No. of Channels for sending
![Page 20: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/20.jpg)
20
Problems
How does the receiver know that sender is about the send some data?How does the sender come to know that this packet is from this specific chain (not id) like if 5 packet is received at the receiver end and 4,6 not received? How come the receiver comes to know that the packet sent is legitimate?Data overflow?
![Page 21: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/21.jpg)
21
Conclusion
Coordinated Frequency Hopping has been achieved in presence of a jammer without the use of pre-shared keys for frequency hopping.Useful in many things like time synchronization
![Page 22: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/22.jpg)
22
Motivation
How to provide secure time synchronization for a pair or group of nodes (Connected Directly or Indirectly)?
Synchronizing time is essential for many applicationsSecurity
Energy Efficiency
![Page 23: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/23.jpg)
23
Sensor Node Clock
Three reasons for the nodes to be representing different times in their respective clocks
The nodes might have been started at different times, The quartz crystals at each of these nodes might be running at slightly different frequencies, Errors due to aging or ambient conditions such as temperature
Reference Clock
Actual Time
Mea
sure
d Ti
me
Clock with offset
Offset
Clock with skew
Skew
Clock with driftDrift
![Page 24: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/24.jpg)
Attacker Model
Two types of attacker models:External Attacker: None of the nodes inside the network have been compromisedInternal Attacker: One or more nodes have been compromised, its secret key is known to the attacker
24
![Page 25: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/25.jpg)
25
Sender-Receiver SynchronizationA handshake protocol between a pair of nodes.
Sender synchronizes to the receiver clockStep1 T2 = T1 + d + δStep2 T4 = T3 - d + δ
A
B
T1
T2
T4
T3
T2 – T1 T4 – T3
Clock Offset Delay
![Page 26: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/26.jpg)
26
Sender-Receiver Synchronization
Example
A
B
500
200
700
300
δ = (( 200 – 500 ) - ( 700 – 300)) / 2 = -350d = ((200 – 500) + (700 – 300))/2 = 50
Sender (A) updates its clock by δ ( Here -350)
![Page 27: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/27.jpg)
External Attacker
Three types in which attacker can harm the time synchronization:Modifying the values of T2 and T3Message forging and replayPulse delay Attack
27
![Page 28: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/28.jpg)
Pulse Delay Attack
28
A
E
B
Jam the signal
Replay with delay
listen
A
B
T1
T2
T4
T3
ET3’
T4’
Step1 T2 = T1 + d + δStep2 T4’= T3 - d + δ
δ = ((T2 – T1) – (T4’ – T3)) /2 d = ((T2 – T1) + (T4’ – T3)) /2
![Page 29: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/29.jpg)
29
SECURE TIME SYNCHRONIZATION
Three types of synchronization have been discussed:Secure Pairwise Synchronization
Secure Group Synchronization
Secure Pairwise Multi-hop Synchronization
![Page 30: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/30.jpg)
Message Authentication Code
30
![Page 31: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/31.jpg)
31
Secure Pairwise Synchronization (SPS)
•Message integrity and authenticity are ensured through the use of Message Authentication Codes (MAC) and a key Kab shared between A and B.
A
B
T1
T2
T4
T3
P1 P2
P1
P2
sync
T2, T3,ack
If d<= d* then clock offset (δ)else abort
![Page 32: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/32.jpg)
Results
32
Experiment Average error
Maximum error
Minimum error
Attack detection probability
Non Malicious 12.05 μs 35 μs 1 μs NA
∆ = 10 μs 19.44 μs 44 μs 1 μs 1 %
∆ = 25 μs 35.67 μs 75 μs 16 μs 82%
![Page 33: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/33.jpg)
33
GROUP SYNCHRONIZATION
2 Types:Lightweight Secure Group Synchronization
- Resilient to External attacks only
Secure Group Synchronization- Resilient to External attacks as well as internal attacks (Attacks from
compromised nodes)
![Page 34: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/34.jpg)
34
Lightweight Secure Group Synchronization (L-SGS)
G1
G5
G2
G3G4
G4
P1
P1
P1
P1
P1
P1 sync
Step 1A
B
T1
T2
T4
T3
![Page 35: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/35.jpg)
35
Lightweight Secure Group Synchronization (L-SGS)
G1
G5
G2
G3G4
G4
P2
P2
P2
P2
P2
P2
Step 2A
B
T1
T2
T4
T3
T2, T3 (Every node which receives sync from G1)
![Page 36: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/36.jpg)
36
Lightweight Secure Group Synchronization (L-SGS)
G1
G5
G2
G3G4
G4
Pr compute d for every node dij if dij ≤ d∗ then (Clock offset )ij else abort
Step 3A
B
T1
T2
T4
T3
![Page 37: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/37.jpg)
37
Lightweight Secure Group Synchronization (L-SGS)
G1
G5
G2
G3G4
G4
Cij Ci + (Clock offset)ij
Step 4
Estimation of the local clock of Gi
Local Clock
Pairwise offset
A
B
T1
T2
T4
T3
![Page 38: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/38.jpg)
38
Lightweight Secure Group Synchronization (L-SGS)
G1
G5
G2
G3G4
G4
Cgi Median (Ci , [Cij] j=1…..N;j<>n )
Step 5
Global Clock
A
B
T1
T2
T4
T3
![Page 39: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/39.jpg)
Secure Group Synchronization is resilient to both external and internal attacksWe will make the use of tables (Oi for node Gi)
39
Secure Group Synchronization
![Page 40: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/40.jpg)
40
Secure Group Synchronization
G1
G5
G2
G3G4
G4
Oi = Oi U δij
Step 3
1st two steps are the same as (L-SGS)
OG4
OG3
![Page 41: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/41.jpg)
41
Secure Group Synchronization
G1
G5
G2
G3G4
G4
Oi
Step 4
P4
P4
P4
P4
P4
P4
![Page 42: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/42.jpg)
42
Secure Group Synchronization
G1
G5
G2
G3G4
G4
Run the SOM(⌊(N − 1)/3⌋) algorithm to compute Cij
Step 5
![Page 43: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/43.jpg)
SOM
Recursive AlgorithmEach node uses other group members to compute Cij
43
i
k3
k2
k1
j
![Page 44: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/44.jpg)
44
Secure Group Synchronization
G1
G5
G2
G3G4
G4
Cgi Median (Ci , [Cij] j=1…..N;j<>n )
Step 5
Global Clock
![Page 45: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/45.jpg)
Results
45
N = No. of nodes (14)C = Compromised nodes C = (11,12,13,14)
N = No. of nodesT = Time to finish SGSSOM(i) = No. of Compromised nodes
![Page 46: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/46.jpg)
46
Secure Pairwise Multi-hop Synchronization
Enable distant nodes, multiple hops away from each other, to establish pairwise clock offsets
Categorized into two types:Secure Simple Multi-hop Synchronization
Secure Transitive Multi-hop Synchronization
![Page 47: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/47.jpg)
47
Secure Simple Multi-hop Synchronization A
B
T1
T2
T4
T3
G1
G2
G3
G4
GN
P1
P2
sync
T2, T3,ack
If d<= dM* then δ = ((T2−T1)−(T4−T3))/2 else abort
P1
P1
P1
P1
P1
P2
P2
P2
P2
P2
![Page 48: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/48.jpg)
48
Secure Transitive Multi-hop Synchronization
G1 BA G2
P1 P1 P1
P1 sync
Step 1 A
B
T1
T2
T4
T3
![Page 49: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/49.jpg)
49
Secure Transitive Multi-hop Synchronization
G1 BA G2
P2
P2
Step 2
T2 (B) , T3(B),ack
G2 is synchronized to B
A
B
T1
T2
T4
T3
![Page 50: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/50.jpg)
50
Secure Transitive Multi-hop Synchronization (STM)
G1 BA G2
P3
P3
Step 3
T2 (G2) , T3(G2),ack
G1 is synchronized to G2
A
B
T1
T2
T4
T3
![Page 51: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/51.jpg)
51
Secure Transitive Multi-hop Synchronization
G1 BA G2
P4
P4
Step 4
A is synchronized to G1
A
B
T1
T2
T4
T3
T2 (G1) , T3(G1),ack
![Page 52: Security in Sensor Networks](https://reader031.fdocuments.us/reader031/viewer/2022020621/61e743f9a1b52d06c944f96b/html5/thumbnails/52.jpg)
Conclusion
SPS achieves the same synchronization precision on a pair of motes as the insecure time synchronization protocols. Even under a pulse-delay attack, SPS can keep the nodes in sync within 40μs.
SGS is able to synchronize a group of four motes within50μs, even with 1 node used for internal attack
SPS extended to STM.
52