Secure and Self-Stabilizing Clock Synchronization in Clock - - PowerPoint PPT Presentation

secure and self stabilizing clock synchronization in
SMART_READER_LITE
LIVE PREVIEW

Secure and Self-Stabilizing Clock Synchronization in Clock - - PowerPoint PPT Presentation

Sep 19, 2023 321 likes •675 views

Secure and Self-Stabilizing Clock Synchronization in Clock Synchronization in Sensor Netw orks Jaap-Henk Hoepman Andreas Larsson Jaap-Henk Hoepman, Andreas Larsson Elad M. Schiller, Philippas Tsigas 13 November 2007 Wireless Sensor Netw orks

slide-1
SLIDE 1

Secure and Self-Stabilizing Clock Synchronization in Clock Synchronization in Sensor Netw orks

Jaap-Henk Hoepman Andreas Larsson Jaap-Henk Hoepman, Andreas Larsson Elad M. Schiller, Philippas Tsigas 13 November 2007

slide-2
SLIDE 2

Wireless Sensor Netw orks

slide-3
SLIDE 3

Attacks against clocks

1 2 3 4 5 6 6 7 8 9 10 11 12 1 7 1 2 3 4 5 6 3 4 5 6 7 8 9 3 6 1 2 3 4 5 6 1 2 3 4 5 6 5 5

slide-4
SLIDE 4

Outline

Motivation Implementation

p

Attacks Correctness Correctness Earlier work

C l i

Conclusion

slide-5
SLIDE 5

The need for clock The need for clock synchronization

Pinpointing events geographically Time division message scheduling

g g

Radio shutoff periods Certain mathematical functions Certain mathematical functions …

slide-6
SLIDE 6

Need for precision

R lt f t diti l t l Result of traditional protocols Required result

slide-7
SLIDE 7

Adversary

Much more powerful than the nodes

  • Intercepting
  • Replaying
  • Delaying

Capturing nodes and impersonating

slide-8
SLIDE 8

Self-stabilization, Security & Self stabilization, Security & Fault tolerance

Dealing with transient faults Security needs self-stabilization

  • Security under certain assumptions
  • Attacks eventually violate assumptions

Fault tolerance

message loss

Arbitrary starting configuration

Fault tolerance – message loss

  • Noise
  • Collisions

Collisions

slide-9
SLIDE 9

Outline

Motivation Implementation

p

Attacks Correctness Correctness Earlier work

C l i

Conclusion

slide-10
SLIDE 10

The clock model

Offset is arbitrary Rate, ρ, is varying

  • Manufacturing variations
  • Environmental variations

Clock rate stays within a certain interval

Clock rate stays within a certain interval

max min

ρ ρ ρ < <

slide-11
SLIDE 11

Roundtrip synchronization

D A C B C B

Offset Delay Delay

slide-12
SLIDE 12

Reference Broadcast

R1 R1 R2 R2 R2

Offset with higher precision

slide-13
SLIDE 13

The protocol layers

Clock adjustments [Römer et al. 05] Policy for accuracy and energy budget Beacon scheduling Filtering out delays [Song et al. 06] j [ ] Beacon scheduling Beacon scheduling No self-stabilizing implementation exists Beacon scheduling Secure communication primitives [Sun et al. 06]

slide-14
SLIDE 14

Combining the tw o approaches

Beacon sent by node i:

Ai R0 Rn Ri-1 Ri+1 … …

B A R1 R1 R1 R2 A B R2

slide-15
SLIDE 15

Dealing w ith message loss

Ai R0 Rn Ri-1 Ri+1 … … Ai R0 Rn Ri-1 Ri+1 … …

1

… … Ai R0 Rn Ri-1 Ri+1 … …

Q-1

… … Ai R0 Rn Ri-1 Ri+1 … …

Q

slide-16
SLIDE 16

Delivering to upper layer

Data held by a node

  • Its beacon send times
  • Its receive times of beacons
  • The corresponding data received from others

Delivery to upper layer is delayed

  • Collect as much as possible before reporting
slide-17
SLIDE 17

Randomized beacon scheduling

Partition time Divide partitions into slots (n log2 n) p ( g ) Randomly send one beacon per partition

slide-18
SLIDE 18

Time complexity

n nodes send a message of size O(n) each n nodes send a message of size O(n) each

Optimal Our randomized strategy 2

n n n

2 2 log Optimal Our randomized strategy

b d d f d

n n n log

n = bound on degree of nodes

slide-19
SLIDE 19

Outline

Motivation Implementation

p

Attacks Correctness Correctness Earlier work

C l i

Conclusion

slide-20
SLIDE 20

The attacker model

Interception of messages

  • Stop receival
  • Replay later

Capturing nodes

p g

  • Get data including keys
  • Stop nodes

p

  • Impersonate nodes
slide-21
SLIDE 21

Delay attacks

R1 R1 R1 R2 R2

Cryptography does not help Nonce does not help

slide-22
SLIDE 22

Dealing w ith delay attacks

D A D A C B

Locally calculate delay Filter out over delayed beacons Filter out over-delayed beacons

  • Byzantine agreement [Ganeriwal et al. 05]
  • Outlier filtering [Song et al 06]
  • Outlier filtering [Song et al. 06]
slide-23
SLIDE 23

Dealing w ith captured nodes

Impersonated nodes send misleading data

  • Send at one time, claim another

Filter out misleading beacons

  • Byzantine agreement [Ganeriwal et al. 05]

y g [ ]

  • Outlier filtering [Song et al. 06]
slide-24
SLIDE 24

Outline

Motivation Implementation

p

Attacks Correctness Correctness Earlier work

C l i

Conclusion

slide-25
SLIDE 25

Correctness proof

Beacon scheduler

  • Partially synchronous system
  • Message collision and omission

Probabilistic delivery guarantees

  • Every node sends a beacon that every node

receives

  • Every node receives a response to its beacon

Every node receives a response to its beacon from every node

Beacon aggregation (appears in TR)

gg g ( pp )

slide-26
SLIDE 26

Outline

Motivation Implementation

p

Attacks Correctness Correctness Earlier work

C l i

Conclusion

slide-27
SLIDE 27

Self-stabilizing but not Secure

[Herman and Zhang 06]

  • a model for clock synchronization in sensor network
  • h

th t th t h i t bili i

  • show that the converge-to-max approach is stabilizing

A single captured node attack

  • At any time introduce the maximal clock value

At any time introduce the maximal clock value

Adversary sends the clock “far into the future”

  • Preventing a continuous time approximation function

e e t g a co t uous t e app o at o u ct o

slide-28
SLIDE 28

Secure but not Self-stabilizing

No existing secure and self-stabilizing

implementations

M i l i i i i i l l k

  • Many implementations require initial clock

synchronization prior to the first pulse-delay attack

The adversary can risk detection and The adversary can risk detection and

intercept all beacons for a long period

  • As a result: arbitrary clock offsets
  • The system has to use global restart
  • No global restart after deployment!
slide-29
SLIDE 29

Secure but not Self-stabilizing

[Sun et al. 05] cluster-wise

synchronization

  • Based on synchronous rounds
  • Byzantine agreement
  • Synchronized clock at the starting

configuration

We make no assumptions on

synchronous rounds or start

slide-30
SLIDE 30

Secure but not Self-stabilizing

[Manzo et al. 05]

  • Consider attacks on unsecured clock synchronization
  • S

t t

  • Suggest counter measures
  • Use a randomly selected “core” of nodes to minimize

the effect of captured nodes

  • Do not consider the cases in which the adversary

captures nodes after the core selection

W k ti di th

We make no assumption regarding the

distribution of the captured nodes

slide-31
SLIDE 31

Secure but not Self-stabilizing

[Farrugia and Simon 06]

  • A cross-network spanning tree in which the clock

values propagate for global clock synchronization values propagate for global clock synchronization

  • No pulse-delay attacks are considered

[Sun et al. 06]

[Sun et al. 06]

  • Use external source nodes to increase the resilience

against an attack that compromises source nodes

We use no source nodes

slide-32
SLIDE 32

Outline

Motivation Implementation

p

Attacks Correctness Correctness Earlier work

C l i

Conclusion

slide-33
SLIDE 33

Conclusion

System settings of traditional networks

  • cannot be assumed

Designer assumptions

  • cannot hold forever

Self-stabilization can provide self-

defense capabilities p

slide-34
SLIDE 34

Thank you for your attention

Thank you for your attention y y Andreas Larsson l d @ h l larandr@cs.chalmers.se Chalmers University of Technology