Security in Sensor Networks Written by: Prof. Srdjan Capkun & - - PowerPoint PPT Presentation

security in sensor networks
SMART_READER_LITE
LIVE PREVIEW

Security in Sensor Networks Written by: Prof. Srdjan Capkun & - - PowerPoint PPT Presentation

Dec 23, 2022 579 likes •1.12k views

Security in Sensor Networks Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury Mobile Ad-hoc Networks (MANET) Mobile Random and perhaps constantly changing Ad-hoc Not engineered

slide-1
SLIDE 1

Security in Sensor Networks

Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury

slide-2
SLIDE 2

2

Mobile Ad-hoc Networks (MANET)

  • Mobile

Random and perhaps constantly changing

  • Ad-hoc

Not engineered

  • Networks

Elastic data applications which use networks to communicate

slide-3
SLIDE 3

3

MANET Issues

  • Routing (IETF’s MANET group)
  • IP Addressing (IETF’s autoconf group)
  • Transport Layer (IETF’s tsvwg group)
  • Power Management
  • Security
  • Quality of Service (QoS)
  • Multicasting/ Broadcasting
  • Products
slide-4
SLIDE 4

4

Overview

  • Part 1
  • Jamming-resistant Key Establishment using Uncoordinated

Frequency Hopping

  • Part 2
  • Secure Time Synchronization in Sensor Networks
slide-5
SLIDE 5

5

Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping

slide-6
SLIDE 6

6

Motivation

  • How can two devices that do not share any secret key for

communication establish a shared secret key over a wireless radio channel in the presence of a communication jammer?

  • Converting the dependency cycle to dependency chain.
slide-7
SLIDE 7

What are we destined to achieve?

7

A B

4 2

1 2

5 7 3 8

1 1

6 9 9 1

4 5

4 2

1 2

5 7 3 8

1 1

6 9 9 1

4 5

Coordinated Frequency Hopping

slide-8
SLIDE 8

8

Attacker Model

A – Sender B – Receiver J – Attacker

slide-9
SLIDE 9

9

Goal of the Attacker

  • Prevent them from exchanging information. Increasing (possibly

indefinitely) the time for the message exchange in the most efficient way.

A E B

Sending Random Messages S e n d i n g R e l e v a n t D a t a

Inserting Messages: Insert messages generated using known (cryptographic) functions and keys as well as by reusing previously overheard messages.

A E B

Jam the signal Replay with delay listen

A E B

listen

A B AB Modifying messages: Modify messages by flipping single message bits or by entirely overshadowing original messages. Jamming messages: Jam messages by transmitting signals that cause the

  • riginal signal to become unreadable by the receiver.
slide-10
SLIDE 10

10

Basics

Sender A is divided into small frequency channels. Receiver B has larger frequency channels as compared to A 5 1 7 7 1 33 2 14 78 8 65 5 23 3 2 12 Successful Transmission

slide-11
SLIDE 11

11

Uncoordinated Frequency Hopping

  • Each packet consists of :
  • Identifier (id) indicating the message the packet belongs to
  • Fragment number (i)
  • Message fragment (Mi)
  • Hash of the next packet (h(mi+1)).

MESSAGE

M1 M2 M3 M4 M5 M6 M7 M8 M9 M10 id 1 h(m2) m1 id 2 h(m3) M2 m2 From Last Packet

slide-12
SLIDE 12

12

Uncoordinated Frequency Hopping

  • Each packet consists:
  • Identifier (id) indicating the message the packet belongs to
  • Fragment number (i)
  • Message fragment (Mi)
  • Hash of the next packet (h(mi+1)).

Packet Chain

slide-13
SLIDE 13

13

UFH Message Transfer Protocol

  • The protocol enables the transfer of messages of arbitrary lengths

using UFH.

  • Fragmentation
  • Fragments the message into small packets
  • Hash Function is added
  • Transmission
  • A high number of repetitions (Sends Randomly)
  • Listens the input channels to record all incoming packets
  • Reassembly
  • Packets linked according to Hash Function
slide-14
SLIDE 14

14

Security Analysis of the UFH Message Transfer Protocol

slide-15
SLIDE 15

15

UFH Key Establishment

Stage 1 The nodes execute a key establishment protocol and agree on a shared secret key K using UFH. Stage 2 Each node transforms K into a hopping sequence, subsequently, the nodes communicate using coordinated frequency hopping.

slide-16
SLIDE 16

16

UFH key establishment using authenticated DH protocol

Diffie-Hellman Protocol for Key Exchange Alice Bob

a, g, p KA = ga mod p KAB = KB

a mod p

b KB = gb mod p KAB = KA

b mod p

Eve ?????? ?????? KA, g, p KB

slide-17
SLIDE 17

Public

17

UFH key establishment using authenticated DH protocol

A B

Stage 1 TA , KA Public

A B

TA , KB K = KAB K = KAB Shared Key (KAB) for Coordinated Frequency Hopping Uncoordinated Frequency Hopping

slide-18
SLIDE 18

18

UFH key establishment using authenticated DH protocol

A B

Stage 2 4 2

1 2

5 7 3 8

1 1

6 9 9 1

4 5

4 2

1 2

5 7 3 8

1 1

6 9 9 1

4 5

Coordinated Frequency Hopping using the KAB

slide-19
SLIDE 19

Results

19

Pj = Probability that a packet is Jammed C = Total no. of Channels l = no of packets Nj = exp. no. of required packets transmissions Cn = No. of channels for receiving Cm = No. of Channels for sending

slide-20
SLIDE 20

20

Problems

  • How does the receiver know that sender is about the send some

data?

  • How does the sender come to know that this packet is from this

specific chain (not id) like if 5 packet is received at the receiver end and 4,6 not received? How come the receiver comes to know that the packet sent is legitimate?

  • Data overflow?
slide-21
SLIDE 21

21

Conclusion

  • Coordinated Frequency Hopping has been achieved in presence of

a jammer without the use of pre-shared keys for frequency hopping.

  • Useful in many things like time synchronization
slide-22
SLIDE 22

22

Motivation

  • How to provide secure time synchronization for a pair or group of

nodes (Connected Directly or Indirectly)?

  • Synchronizing time is essential for many applications
  • Security
  • Energy Efficiency
slide-23
SLIDE 23

23

Sensor Node Clock

  • Three reasons for the nodes to be

representing different times in their respective clocks

  • The nodes might have been started at

different times,

  • The quartz crystals at each of these

nodes might be running at slightly different frequencies,

  • Errors due to aging or ambient

conditions such as temperature

Reference Clock

Actual Time Measured Time

Clock with offset Offset Clock with skew Skew Clock with drift Drift

slide-24
SLIDE 24

Attacker Model

Two types of attacker models:

External Attacker: None of the nodes inside the network

have been compromised

Internal Attacker: One or more nodes have been

compromised, its secret key is known to the attacker

24

slide-25
SLIDE 25

25

Sender-Receiver Synchronization

  • A handshake protocol between a pair of nodes.

Sender synchronizes to the receiver clock

Step1 T2 = T1 + d + δ Step2 T4 = T3 - d + δ A B

T1 T2 T4 T3

T2 – T1 T4 – T3

Clock Offset Delay

slide-26
SLIDE 26

26

Sender-Receiver Synchronization

  • Example

A B

500 200 700 300

δ = (( 200 – 500 ) - ( 700 – 300)) / 2 = -350 d = ((200 – 500) + (700 – 300))/2 = 50

Sender (A) updates its clock by δ ( Here -350)

slide-27
SLIDE 27

External Attacker

  • Three types in which attacker can harm the time synchronization:

Modifying the values of T2 and T3 Message forging and replay Pulse delay Attack

27

slide-28
SLIDE 28

Pulse Delay Attack

28

A E B

Jam the signal Replay with delay listen

A B

T1 T2 T4 T3

E

T3’ T4’

Step1 T2 = T1 + d + δ Step2 T4’= T3 - d + δ δ = ((T2 – T1) – (T4’ – T3)) /2 d = ((T2 – T1) + (T4’ – T3)) /2

slide-29
SLIDE 29

29

SECURE TIME SYNCHRONIZATION

  • Three types of synchronization have been discussed:
  • Secure Pairwise Synchronization
  • Secure Group Synchronization
  • Secure Pairwise Multi-hop Synchronization
slide-30
SLIDE 30

Message Authentication Code

30

slide-31
SLIDE 31

31

Secure Pairwise Synchronization (SPS)

  • Message integrity and authenticity are ensured through the use of Message

Authentication Codes (MAC) and a key Kab shared between A and B. A B

T1 T2 T4 T3

P1 P2 P1 P2 sync T2, T3,ack If d<= d* then clock offset (δ) else abort

slide-32
SLIDE 32

Results

32

Experiment Average error Maximum error Minimum error Attack detection probability Non Malicious 12.05 μs 35 μs 1 μs NA ∆ = 10 μs 19.44 μs 44 μs 1 μs 1 % ∆ = 25 μs 35.67 μs 75 μs 16 μs 82%

slide-33
SLIDE 33

33

GROUP SYNCHRONIZATION

  • 2 Types:
  • Lightweight Secure Group Synchronization
  • Resilient to External attacks only
  • Secure Group Synchronization
  • Resilient to External attacks as well as internal attacks (Attacks from

compromised nodes)

slide-34
SLIDE 34

34

Lightweight Secure Group Synchronization (L-SGS)

G1 G5 G2 G3 G4 G4

P1 P1 P1 P1 P1

P1 sync Step 1 A B

T1 T2 T4 T3

slide-35
SLIDE 35

35

Lightweight Secure Group Synchronization (L-SGS)

G1 G5 G2 G3 G4 G4

P2 P2 P2 P2 P2

P2 Step 2 A B

T1 T2 T4 T3

T2, T3 (Every node which receives sync from G1)

slide-36
SLIDE 36

36

Lightweight Secure Group Synchronization (L-SGS)

G1 G5 G2 G3 G4 G4

Pr compute d for every node dij if dij ≤ d∗ then (Clock offset )ij else abort Step 3 A B

T1 T2 T4 T3

slide-37
SLIDE 37

37

Lightweight Secure Group Synchronization (L-SGS)

G1 G5 G2 G3 G4 G4

Cij Ci + (Clock offset)ij Step 4 Estimation of the local clock of Gi Local Clock Pairwise offset A B

T1 T2 T4 T3

slide-38
SLIDE 38

38

Lightweight Secure Group Synchronization (L-SGS)

G1 G5 G2 G3 G4 G4

Cg

i

Median (Ci , [Cij] j=1…..N;j<>n ) Step 5 Global Clock A B

T1 T2 T4 T3

slide-39
SLIDE 39
  • Secure Group Synchronization is resilient to both external and

internal attacks

  • We will make the use of tables (Oi for node Gi)

39

Secure Group Synchronization

slide-40
SLIDE 40

40

Secure Group Synchronization

G1 G5 G2 G3 G4 G4

Oi = Oi U δij Step 3 1st two steps are the same as (L-SGS)

OG4 OG3

slide-41
SLIDE 41

41

Secure Group Synchronization

G1 G5 G2 G3 G4 G4

Oi Step 4

P4 P4 P4 P4 P4

P4

slide-42
SLIDE 42

42

Secure Group Synchronization

G1 G5 G2 G3 G4 G4

Run the SOM(⌊(N − 1)/3⌋) algorithm to compute Cij Step 5

slide-43
SLIDE 43

SOM

  • Recursive Algorithm
  • Each node uses other group members to compute Cij

43

i k3 k2 k1 j

slide-44
SLIDE 44

44

Secure Group Synchronization

G1 G5 G2 G3 G4 G4

Cg

i

Median (Ci , [Cij] j=1…..N;j<>n ) Step 5 Global Clock

slide-45
SLIDE 45

Results

45

N = No. of nodes (14) C = Compromised nodes C = (11,12,13,14) N = No. of nodes T = Time to finish SGS SOM(i) = No. of Compromised nodes

slide-46
SLIDE 46

46

Secure Pairwise Multi-hop Synchronization

  • Enable distant nodes, multiple hops away from each other, to

establish pairwise clock offsets

  • Categorized into two types:
  • Secure Simple Multi-hop Synchronization
  • Secure Transitive Multi-hop Synchronization
slide-47
SLIDE 47

47

Secure Simple Multi-hop Synchronization

A B

T1 T2 T4 T3 G1 G2 G3 G4 GN

P1 P2 sync T2, T3,ack If d<= dM* then δ = ((T2−T1)−(T4−T3))/2 else abort

P1 P1 P1 P1 P1 P2 P2 P2 P2 P2

slide-48
SLIDE 48

48

Secure Transitive Multi-hop Synchronization

G1 B A G2

P1 P1 P1

P1 sync Step 1 A B

T1 T2 T4 T3

slide-49
SLIDE 49

49

Secure Transitive Multi-hop Synchronization

G1 B A G2

P2

P2 Step 2 T2 (B) , T3(B),ack G2 is synchronized to B A B

T1 T2 T4 T3

slide-50
SLIDE 50

50

Secure Transitive Multi-hop Synchronization (STM)

G1 B A G2

P3

P3 Step 3 T2 (G2) , T3(G2),ack G1 is synchronized to G2 A B

T1 T2 T4 T3

slide-51
SLIDE 51

51

Secure Transitive Multi-hop Synchronization

G1 B A G2

P4

P4 Step 4 A is synchronized to G1 A B

T1 T2 T4 T3

T2 (G1) , T3(G1),ack

slide-52
SLIDE 52

Conclusion

  • SPS achieves the same synchronization precision on a pair of motes

as the insecure time synchronization protocols. Even under a pulse- delay attack, SPS can keep the nodes in sync within 40μs.

  • SGS is able to synchronize a group of four motes within50μs, even

with 1 node used for internal attack

  • SPS extended to STM.

52