PowerPoint Presentation - Information Security in Wireless Networks

					        Information Security in Wireless Sensor
                      Networks



                         Prof. Stephan Olariu
                    Sensor Network Research Group
                       Old Dominion University
                       Norfolk, VA 23529-0162
                                U.S.A.



NATO-ARW, Suceava, September 4-8, 2006   1
                           Conquering scale




NATO-ARW, Suceava, September 4-8, 2006   2
                      How do we conquer scale?


               Golden Rule: Divide and Conquer!


     Graft a virtual infrastructure on top of physical
      network
     How is this done?
         special-purpose: protocol driven
         general purpose: designed without regard to protocol

     General-purpose infrastructure should be leveraged
      by many protocols!


NATO-ARW, Suceava, September 4-8, 2006   3
                         Localized protocols


       Sensor network topology changes frequently
       Self-organization must be adaptive to local changes
       Global protocols require global information for
        making local decisions: global protocols do not scale!
       Localized protocols require only local information for
        sensor decisions
       Maintenance must also remain local




NATO-ARW, Suceava, September 4-8, 2006   4
        Components of the virtual infrastructure


      Dynamic coordinate system
           location-based identifiers
           coarse-grain location awareness

      Clustering scheme
           cheap scalability

      Middleware
           work model
             hierarchical specification of work and QoS

           task-based management model
             low-level implementation of work model




NATO-ARW, Suceava, September 4-8, 2006         5
                   Remember polar coordinates?

     The polar coordinates of a point x in the plane are
           its polar angle (x), and
           its polar distance (x)




       This is nice but does not scale 

NATO-ARW, Suceava, September 4-8, 2006   6
                                     The idea

     Instead of a fine-grain location settle for a coarse-
      grain approximation




NATO-ARW, Suceava, September 4-8, 2006   7
             The dynamic coordinate system
     Training performed by AFN              Mine too!
                                                         My coordinates
                                                         are (4,2)

     Components:
          coronas
          wedges
     Individual sensors acquire
          corona number
          wedge number
     Resulting coordinate system
      is dynamic and does not
      require sensor IDs




NATO-ARW, Suceava, September 4-8, 2006   8
                         The cluster structure




     Cluster: locus of all sensors having the same
      coordinates
     Clustering falls out for free once coordinate system
      available
     Accommodates sensors with no IDs
     Clusters can be further subdivided – color graphs




NATO-ARW, Suceava, September 4-8, 2006   9
                Middleware for sensor networks




NATO-ARW, Suceava, September 4-8, 2006   10
          Detailed view of sensor network system



                     deployment area


                 Internet/satellite     Low-
                                        Low-level
                                      tasks/queries

          user
                 Returned       high-
                                high-level
                  results        Interests
                              (tasks/queries)




                            Sink (mobile/airborne)                                   sensors
                       (connection to outside world)             local sink node
                                                           (in-
                                                           (in-network data repositories)




NATO-ARW, Suceava, September 4-8, 2006                11
                            Why middleware?


      Middleware provides standardized and portable
       system abstractions
      Standardizes interface to sensor networks
      Requirements for middleware:
           negotiate QoS parameters on behalf on network
           support and coordinate concurrent applications
           translate high-level complex goals into low-level tasks
           coordination among sensors
           handle heterogeneity of sensors


NATO-ARW, Suceava, September 4-8, 2006   12
                               The work model




                                   Interest          Application level

                                    Task             Network/cluster level

                                  Capability
                                                       Sensor level
                              Primitive operations




NATO-ARW, Suceava, September 4-8, 2006     13
                                                       The work model


                                                           Application layer


                                                Interest                                   Interest Result set, status
                                                              Negotiated QoS
                                                                                         (error conditions, etc.)




                                                                          -

                                                                 Middleware
                                                                    Event


                                                                                                                    Micro-task
                                                                                                                    Results, status
                              Sink




                                                                    Communication

              Capability
              (P-tasks+QoS)




                                         CPL                  CPL                          CPL




                                     sensor 1              sensor 2                     sensor n


                              Clusterr level



                                                                 Sensor Network Layer




NATO-ARW, Suceava, September 4-8, 2006                                        14
               A task-based management scheme




NATO-ARW, Suceava, September 4-8, 2006   15
     Developing a task-based management scheme


      The problem is to develop, based on the work model, a
      task-based management scheme that supports:
          Automated mapping of application level units of work to
           network level units of work subject to the negotiated QoS
           constraints
          For a network level unit of work, a scalable recruiting scheme
           for dynamically assigning sensors to the workforce
           performing this unit of work, subject to energy constraints
          Supporting secure group communications among sensors




NATO-ARW, Suceava, September 4-8, 2006   16
                       Task-based management


    A task is a tuple T(A,c,S,D,,q) where:


        A – action to be performed
        c – color set to be used
        S – source cluster
        D – destination cluster
         – routing path from S to D
        q – desired QoS level


NATO-ARW, Suceava, September 4-8, 2006   17
                     Complexity of collaboration

      Sensor limitations make collaboration imperious
      Fundamental problems for effective collaboration
           anonymity
           scale

      For example, consensus building protocols such as
       contention resolution, leader election,
       synchronization, invariably assume unique identifiers
      Therefore, classical collaboration schemes are not
       adequate for sensor networks with anonymous nodes



NATO-ARW, Suceava, September 4-8, 2006   18
                      Information assurance in
                          sensor networks




NATO-ARW, Suceava, September 4-8, 2006   19
                 What is information assurance?


      Information operations that protect and defend
      information and information systems ensuring their
      availability, integrity, authentication,
      confidentiality, and non repudiation. This includes
      providing for restoration of information systems by
      incorporating protection, detection, and reaction
      capabilities




NATO-ARW, Suceava, September 4-8, 2006   20
                               Key components

     Network survivability: ability of the network to
      function in the wake of failures by minimizing their
      impact
     Information availability (information survivability):
      need for a user to have uninterrupted and secure
      access to information on the network
     Network security: attempts to provide basic security
      services
     Information security: an ongoing process that utilizes
      software and hardware to help secure information
      flow

NATO-ARW, Suceava, September 4-8, 2006   21
                                         Thus…


     Information assurance is more inclusive than
      information security
     Assurance involves not only protection and
      detection but also reaction (mainly survivability and
      dependability of the system that has been subject
      to successful attack)
     It also includes proactive (offensive) information
      operations, termed information warfare, against
      attackers


NATO-ARW, Suceava, September 4-8, 2006    22
                        Information security




NATO-ARW, Suceava, September 4-8, 2006   23
              What happens in the wired world?

       In wired communications signal confined in copper or
        optical fiber
       Precautions taken to avoid unauthorized access
            devices are physically protected
            cabling is protected from eavesdropping
            firewalls are installed
       Attacks of interruption and interception of data unlikely (but
        possible)
       The main thrust is securing the access point rather than the
        application!



NATO-ARW, Suceava, September 4-8, 2006   24
                  What happens in the wireless?

     It is not possible to avoid unauthorized devices to reach the
      network area
     Any device within reach of radio-frequency signals can get
      access to data being transmitted
     Thus, attacks of interruption and interception of data are likely
     What can be done: spread spectrum increases the difficulty for
          signal interruption
          eavesdropping
     It is important to understand that wireless communications
      affect only the physical, data link and network layers of the
      OSI stack
     In particular, all methods of cryptography developed at
      transport layer and above remain valid: can we afford them??


NATO-ARW, Suceava, September 4-8, 2006   25
        A taxonomy of security-related problems

   Operational security concerns
      Application level
           the main focus is on techniques that guarantee a desired
           application-level functionality


      Network level
           the main concern revolves around techniques that ensure
           secure communications in sensor networks




NATO-ARW, Suceava, September 4-8, 2006   26
        A taxonomy of security-related problems

  Infrastructure security concerns
     Goal: protect the infrastructure throughout the
      network lifetime
     Problem: develop a scheme to secure infrastructure
      against an external adversary such that:
          the scheme will work uniformly during training (construction
           of the infrastructure), and network operation phases
          the scheme will work assuming threats to confidentiality,
           integrity, availability, as well as threats to the physical layer
           (jamming)



NATO-ARW, Suceava, September 4-8, 2006   27
             Major insecurities in sensor networks

      Problems arising from lack of individual IDs
           authentication is hard
           non-repudiation is hard to enforce
           node impersonation is easy
      Problems arising from sleep-awake cycles and
       system longevity
           trust relationships hard to establish

      Eavesdropping: may give an adversary access to
       secret information violating confidentiality
      Sensors run the risk of being compromised
           by infiltration
           by tampering

NATO-ARW, Suceava, September 4-8, 2006   28
                                 Security goals

     Availability: ensures the survivability of network
      services despite denial-of-service (DoS) attacks
     Confidentiality: ensures that information is not
      disclosed to unauthorized entities
     Integrity: guarantees that a message being
      transferred is never corrupted
     Authentication: enables a node to ensure the identity
      of the peer node with which it communicates
     Non-repudiation: ensures that the origin of a message
      cannot deny having sent the message
     Anonymity: hide sources, destinations and routes

NATO-ARW, Suceava, September 4-8, 2006   29
                      A succinct list of attacks

     Eavesdropping: an attacker that monitors traffic can read the
      data transmitted and gather information by examining the
      source of a packet, its destination, size, number, and time of
      transmission
     Traffic analysis: allows an attacker to determine that there is
      activity in the network, the location of base stations, and the
      type of protocol being used in the transmission
     Man-in-the-middle: attack establishes a rogue intermediary
      pretending to be a valid sensor
     Tampering: involves compromising data stored inside sensor
      usually by node capturing
      DoS attacks: can be grouped into three categories
          disabling of service (e.g., sinkhole, HELLO flood attack),
          exhaustion, and
          service degradation (e.g., selective forwarding attack)
     Can we guard against them?

NATO-ARW, Suceava, September 4-8, 2006   30
                    Philosophy of our solution



                      “An ounce of prevention
                                   is worth
                             a pound of cure”




NATO-ARW, Suceava, September 4-8, 2006   31
                               What do we do?


     Physical-layer encoding: virtually stamps out
      infiltration by the adversary
     Also, leverage the virtual infrastructure!
     Problems discussed
            tamper resistance
            authentication
            traffic anonymity




NATO-ARW, Suceava, September 4-8, 2006   32
                              Genetic material



     Prior to deployment sensors are injected with the
      following genetic material:
          a public-domain pseudo-random number generator
          an initial time -- at this point all the sensors are
           synchronous to the sink

     Each sensor can generate pointers into:
          a random sequence t1, t2, …, ti, …, of time epochs
          a random sequence n1, n2, …, ni, …, of frequency channels
          for every ni a random hopping sequence fi1, fi2, …, fip, …,



NATO-ARW, Suceava, September 4-8, 2006   33
                    Illustrating time epochs, etc




NATO-ARW, Suceava, September 4-8, 2006   34
                   Synchronization – generalities

     Synchronization does not scale!
     Thus, synchronization must be
         short-lived
         task-based
     Just prior to               deployment,   the   sensors   are
      synchronized
     Due to clock drift re-synchronization is necessary
     Sensors synchronize by following the master clock
      running at the sink
     Idea: determine the epoch and the position of the
      sink in the hopping sequence corresponding to the
      epoch
NATO-ARW, Suceava, September 4-8, 2006   35
                  Synchronization – the details


         The sink dwells  micro-seconds              on   each
          frequency in hopping sequence
         Assume that when a sensor wakes up during its
          local time epoch ti the master clock is in one of
          the time epochs ti-1, ti, or ti+1
         Each sensor knows the last frequencies i-1, i,
          and i+1 on which the sink will dwell in the time
          epochs ti-1, ti, and ti+1
         The strategy: tune in, cyclically, to i-1, i, and i+1
          spending time /3 units on each of them


NATO-ARW, Suceava, September 4-8, 2006   36
             Synchronization – the details (cont’d)



     Assume the sensor meets the sink on frequency i in
      some unknown slot s of ti-1, ti, or ti+1
     To verify the synchronization, the sensor attempts
      to meet the sink in slots s+1, s+2 and s+3 according
      to its own frequency hopping for epoch ti+1
     If a match is found, the sensor declares itself
      synchronized
     Otherwise, it will return to scanning frequencies




NATO-ARW, Suceava, September 4-8, 2006   37
              Making sensors tamper-resistant




           Philosophy: no additional hardware!
           Tampering threat model for sensors
                forcing open in-situ
                removal from the deployment area
           Play it safe: if in doubt blank out memory




NATO-ARW, Suceava, September 4-8, 2006   38
                Using neighborhood signatures



     Immediately after deployment each sensor transmits
      on a specified sets of frequencies, using a special
      frequency hopping sequence
     Each sensor collects an array of signal strengths
      from the sensors in its locale
     NSA – the Neighborhood Signature Array
     Removal from deployment area changes in the NSA!




NATO-ARW, Suceava, September 4-8, 2006   39
                     NSA-based authentication


     Idea: neighbors exchange NSA information,
      creating a matrix of signatures
     A sensor that wishes to communicate with a
      neighbor identifies itself with its own NSA
     Upon receiving the NSA the sensor checks its
      validity
     Additional twist: store several instances of the
      matrix of NSAs
     Authentication dialogue: “what is your second to the
      last NSA?”



NATO-ARW, Suceava, September 4-8, 2006   40
                        Handling DoS attacks



       Our physical-layer encoding
       + Tamper resistance
       + Infrastructure anonymity
       Make DoS attacks next-to-impossible!




NATO-ARW, Suceava, September 4-8, 2006   41
                           What is anonymity?


     Think of e-voting: the source of a message must be
      protected
     Denial of service: the destination must be anonymous
     Mutual anonymity: both source and destination of a
      communication remain anonymous to each other
     Traffic anonymity is extremely important!
     Structural anonymity




NATO-ARW, Suceava, September 4-8, 2006   42
                           Anonymity in SN
     Goal: prevent DoS attacks
          data sinks
          traffic patterns
          communication paths
          virtual infrastructure
     Threat model
          internal adversary – observes local traffic
          external adversary – observes the entire network
          network has not been infiltrated
     Strategy: hide source, destination and routing paths
     Tactics: add noise to traffic
     However, adding noise (spurious traffic) is expensive

NATO-ARW, Suceava, September 4-8, 2006   43
                                   An example




NATO-ARW, Suceava, September 4-8, 2006   44
                                  Our solution




     Randomize destinations
          time-dependent destinations
          task-dependent destinations

     Randomize traffic
          stipulating paths in transaction
          computing time-dependent paths




NATO-ARW, Suceava, September 4-8, 2006   45
          Traffic anonymity: centralized solution




NATO-ARW, Suceava, September 4-8, 2006   46
          Traffic anonymity: distributed solution

    Idea: time-dependent routing!
    Time is rules into epochs t1, t2, … ti …
    Generic epoch ti has own routing scheme




NATO-ARW, Suceava, September 4-8, 2006   47
             Secure group communications in SN

      SN environments are inherently collaborative
      Groups of sensors need to communicate securely, e.g.
           nodes participating in a transaction
           nodes collocated in a cluster

      Conventional public key cryptography is infeasible
       (why?)
      Group key management and distribution is one way to
       support secure group communications
      Group key management challenges in SN include
       sensor anonymity, massive large scale, resource
       limitations, etc.
NATO-ARW, Suceava, September 4-8, 2006   48
           A key distribution scheme for secure
                      communications
     This scheme supports group key initialization and
      subsequent group key management in the trained SN
     The scheme draws on Exclusion Basis Systems (EBS), a
      combinatorial formulation of the key distribution
      problem
     The scheme leverages the infrastructure in two ways:
         it leverages the training protocol for the purpose of group
          key initialization, and
         it leverages the coordinate system during network operation
          for mapping a particular node, using its location as hash key,
          to the set of EBS keys the node currently holds


NATO-ARW, Suceava, September 4-8, 2006   49
                       Major highlights of EBS

      In EBS systems, each group member is assigned a
       unique subset of keys from a key pool
      Specifically, an EBS is defined as a collection  of
       subsets of the set of members
      Each subset corresponds to a key and the elements
       of a subset are the sensors that have that key
      An EBS is characterized by the triple E(n,k,m), where
           n is number of members numbered 1 to n
           k is size of the subset of keys each member holds, and
           m is the number of re-key messages needed to evict any
            member (and re-key the system)
NATO-ARW, Suceava, September 4-8, 2006   50
                Major highlights of EBS (cont’d)

      To construct EBS(n,k,m) for feasible n,k, and m, we employ a
      canonical enumeration of all possible ways of forming k-
      subsets of objects from a set of k+m objects

                    M0     M1    M2      M3        M4   M5   M6   M7   M8   M9
           K1       1      1     1       1         1    1    0    0    0    0
           K2       1      1     1       0         0    0    1    1    1    0
           K3       1      0     0       1         1    0    1    1    0    1
           K4       0      1     0       1         0    1    1    0    1    1
           K5       0      0     1       0         1    1    0    1    1    1
           T        1      0     0       0         0    1    0    0    1    0
           S        1      1     0       0         0    1    1    0    0    0
           U        1      1     1       1         1    1    1    1    0    0

                         Canonical matrix for EBS(10,3,2)
  Rows correspond to keys in the key pool (not shaded), and session key (shaded)
  Columns correspond to members
NATO-ARW, Suceava, September 4-8, 2006        51
                  EBS at work: key initialization

      Let the EBS system in use be EBS(n,k,m)
      At pre-deployment each node is loaded with k, m and the set
       {k1,k2, …,kk+m} that represent the EBS key pool, in addition to
       the state loaded for training purposes
      Each node x computes independently the set of keys assigned to
       it as follows:
                                                   start

                                  do the training protocol (node side)

                                                           Corona(x), Wedge(x)
                         hash key = Calculate the unique cluster Id(C(x),W(x))


                                                                                 Calculate sub-cluster Id
                                                                                 and use that as hash key


                     myK-subset = Hash(Canonical matrix of EBS(n,k,m) hash key)

NATO-ARW, Suceava, September 4-8, 2006        52
                                                   stop
                   Key initialization – an example
     Assume EBS(32,3,4), and a coordinate system with
      2 coronas and 8 wedges
     Also, assume that the population in each cluster is
      to be divided to 2 sub-clusters
          the details of the sub-clustering scheme are
           omitted here: each node places itself in a sub-
           cluster in its own cluster
     Suppose Corona(x)= 1 and Wedge(x)=4
     Node x computes the set of keys assigned to it


NATO-ARW, Suceava, September 4-8, 2006   53
           Key initialization – an example (cont’d)

                                                          (1,2)       (1,1)
                                                             (0,2) (0,1)
                                                  (1,3) (0,3)                (1,0)
                                                                      (0,0)
                                                        (0,4)          (0,7)
    1. Choose at random a sub cluster (say 0)     (1,4)      (0,5) (0,6)     (1,7)

    2. Compute the globally unique sub-cluster             (1,5)      (1,6)
        ID (24)
                                                  The coordinate system
    3. Derive the hash key (24+1)
    4. Hash in to Canonical(32,3,4)
                                                          [20,21]    [18,19]
    5. The bit string 0100011 corresponding to
        keys K2,k6,k7 is returned                [22,23] [6,7]
                                                              [4,5] [2,3]
                                                                    [0,1] [16,17]
                                                         [8,9]    [14,15]
                                                 [24,25] [10,11][12,13] [30,31]

                                                          [26,27]    [28,29]


                                                 A map of all sub-clusters
NATO-ARW, Suceava, September 4-8, 2006   54
                                  To sum up


      Wireless sensor networks – the next paradigm shift

      Sensors: “smart dust” – like entities

      Virtual infrastructure – general-purpose

      Can be leveraged for all sorts of applications

      Research in its infancy

      Stay tuned for more…




NATO-ARW, Suceava, September 4-8, 2006   55
           Lightweight MAC and data aggregation

     Idea: use collisions to advantage
     Use collisions for
          data aggregation
          fault tolerance
     Assume that results of sensed data
      for task T can be partitioned into 2k
      disjoint groups
     Each sensor encodes its data in a
      string of k bits
     Since the sensors are synchronous,
      they transmit data bit-by-bit left-to-
      right:
          0 is not transmitted
          1 is transmitted
     Clearly, the logical OR is received
NATO-ARW, Suceava, September 4-8, 2006   56
                          Routing – centralized




NATO-ARW, Suceava, September 4-8, 2006   57
                          Routing – distributed




NATO-ARW, Suceava, September 4-8, 2006   58
         A second-generation sensor architecture



                     Location finding system              Mobilizer


                   Sensing Unit         Processing Unit
                                          processor
                   sensor ADC                              transceiver
                                           storage



                                                                         Power generator
                                      Power Unit




                                        core components

                                        optional components




NATO-ARW, Suceava, September 4-8, 2006               59
                              A few examples…




NATO-ARW, Suceava, September 4-8, 2006   60
                         Secure routing in SN




NATO-ARW, Suceava, September 4-8, 2006   61
                       Solutions out there…


      Hierarchical routing
           use clusters to aid routing
      Security can be achieved by having cluster head as
       key generator
      Problem: what happens if the cluster head is
       compromised?
      Possible solution: multiple cluster heads for each
       cluster



NATO-ARW, Suceava, September 4-8, 2006   62
                           Directed diffusion

     The query is flooded
      throughout the network or in
      targeted area
     Events start from some
      specific points and move
      outwards to reach the
      requesting node
     A small number of nodes can
      be reinforced to prevent
      further flooding
     This type of data collection
      does not fully exploit the
      feature of SN that adjacent
      nodes have similar data
      (unless aggregation done at
      some nodes: which ones?)


NATO-ARW, Suceava, September 4-8, 2006   63
                            Distributed routing




NATO-ARW, Suceava, September 4-8, 2006   64
                             Goal: mm3 devices!




  MICA mote (1st generation sensor node)      Specs (2nd generation sensor node)

   Size              2mm x 2.5mm
   Processor/Memory AVR-like RISC processor, 3K of memory, 8 bit on-chip ADC,
                     paged memory system, 32 KHz oscillator
   Radio:            FSK radio transmitter,
   Other:            Programming interface, RS232 compatible UART, 4-bit
                     input port, 4-bit output port, encrypted communication
                    hardware support
   Cost             less than $1.00 (in quantity)
   What can it do?  Communicate 40+ feet indoors (walls), 19,200Kbps, frequency
                    separation 180KHz
NATO-ARW, Suceava, September 4-8, 2006   65
                         Wireless networks 101


       Infrastructure-based networks
            cellular networks
            satellite networks

       Rapidly-deployable networks
            ad-hoc networks
            sensor networks
            heterogeneous networks

       Hybrid networks
            wireless Internet




NATO-ARW, Suceava, September 4-8, 2006   66
                             Interfacing SNs

          sink                          sink      sink




NATO-ARW, Suceava, September 4-8, 2006   67
                        What are color graphs?


     Simple way to enrich
      hierarchy
     Clusters are further
      subdivided into p color
      sets
     What result are p
      (global) color graphs




NATO-ARW, Suceava, September 4-8, 2006   68
              What’s so nice about color graphs?


     Very robust: each color
      graph is connected with high
      probability
     Thus, can serve for routing!
     They are (rich) cousins of
      circular arc graphs: vast
      body of knowledge to tap
      into for protocol design!
     Graceful degradation as
      energy budget depleted


NATO-ARW, Suceava, September 4-8, 2006   69

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:6
posted:2/12/2012
language:
pages:69