sr3 secure reputation based resilient routing
play

SR3: Secure Reputation-based Resilient Routing Karine Altisen - PowerPoint PPT Presentation

Feb 11, 2024 •309 likes •993 views

SR3: Secure Reputation-based Resilient Routing Karine Altisen Stphane Devismes Raphal Jamet Pascal Lafourcade VERIMAG, Universits de Grenoble This work was supported by the ARESA2 ANR Project Altisen et al. (VERIMAG) SR3 15 May 2013 1

  1. SR3: Secure Reputation-based Resilient Routing Karine Altisen Stéphane Devismes Raphaël Jamet Pascal Lafourcade VERIMAG, Universités de Grenoble This work was supported by the ARESA2 ANR Project Altisen et al. (VERIMAG) SR3 15 May 2013 1 / 31

  2. Outline Introduction SR3 Security properties Resiliency and performances Conclusion Altisen et al. (VERIMAG) SR3 15 May 2013 2 / 31

  3. Introduction Outline Introduction SR3 Security properties Resiliency and performances Conclusion Altisen et al. (VERIMAG) SR3 15 May 2013 3 / 31

  4. Introduction Challenges of secure routing in WSN Security for routing in wireless sensor networks is hard, but necessary: ◮ Low memory, computing power, energy consumption ◮ Wireless medium is inherently vulnerable ◮ Compromise nodes: easy Altisen et al. (VERIMAG) SR3 15 May 2013 4 / 31

  5. Introduction Two main types of attacks Packet-level attacks, e.g. ◮ Data messages alteration ◮ Creation of new data or control messages Altisen et al. (VERIMAG) SR3 15 May 2013 5 / 31

  6. Introduction Two main types of attacks Packet-level attacks, e.g. ◮ Data messages alteration ◮ Creation of new data or control messages They are solved with lightweight cryptography ( e.g. , hash functions, symmetric cryptography, nonces). Altisen et al. (VERIMAG) SR3 15 May 2013 5 / 31

  7. Introduction Two main types of attacks Packet-level attacks, e.g. ◮ Data messages alteration ◮ Creation of new data or control messages They are solved with lightweight cryptography ( e.g. , hash functions, symmetric cryptography, nonces). Routing-level attacks, e.g. ◮ Compromised nodes drop packets (blackholes, select forwarding) ◮ Attackers attract traffic using out-of-band channels (wormholes) Altisen et al. (VERIMAG) SR3 15 May 2013 5 / 31

  8. Introduction Two main types of attacks Packet-level attacks, e.g. ◮ Data messages alteration ◮ Creation of new data or control messages They are solved with lightweight cryptography ( e.g. , hash functions, symmetric cryptography, nonces). Routing-level attacks, e.g. ◮ Compromised nodes drop packets (blackholes, select forwarding) ◮ Attackers attract traffic using out-of-band channels (wormholes) Our protocol is resilient against this type of attacks Resiliency “Capacity of a network to endure and overcome internal attacks” [EOKMV11] Altisen et al. (VERIMAG) SR3 15 May 2013 5 / 31

  9. SR3 Outline Introduction SR3 Security properties Resiliency and performances Conclusion Altisen et al. (VERIMAG) SR3 15 May 2013 6 / 31

  10. SR3 Main ideas SR3: Secure Reputation-based Resilient Routing ◮ Convergecast routing from all sensors to the sink (server) ◮ Reinforced random walk ◮ Built with a reputation mechanism ◮ Based on unconditionally trusted information Altisen et al. (VERIMAG) SR3 15 May 2013 7 / 31

  11. SR3 SR3: Overview ◮ A chooses the next hop among its Sink neighbors, according to its confidence on them. BH D A C Altisen et al. (VERIMAG) SR3 15 May 2013 8 / 31

  12. SR3 SR3: Overview ◮ A chooses the next hop among its Sink neighbors, according to its confidence on them. ◮ The sink answers with an ACK BH D that tries to follow the reverse of the path of the message. A C Altisen et al. (VERIMAG) SR3 15 May 2013 8 / 31

  13. SR3 SR3: Overview ◮ A chooses the next hop among its Sink neighbors, according to its confidence on them. ◮ The sink answers with an ACK BH D that tries to follow the reverse of the path of the message. A ◮ If A gets a valid ACK, it increases its confidence in the neighbor who previously routed the corresponding message. C Altisen et al. (VERIMAG) SR3 15 May 2013 8 / 31

  14. SR3 SR3: Packet-level attacks Messages: E k src ( Data || N ) , H ( N ) , Src ACK: N , Src ◮ Attacker who listens to the data ◮ Attacker who replays acknowledgements ◮ Attacker who alters or creates messages ◮ Attacker forging ACKs Altisen et al. (VERIMAG) SR3 15 May 2013 9 / 31

  15. SR3 SR3: Packet-level attacks Messages: E k src ( Data || N ) , H ( N ) , Src ACK: N , Src ◮ Attacker who listens to the data → Symmetric cryptography E k src using a key shared with the sink ◮ Attacker who replays acknowledgements ◮ Attacker who alters or creates messages ◮ Attacker forging ACKs Altisen et al. (VERIMAG) SR3 15 May 2013 9 / 31

  16. SR3 SR3: Packet-level attacks Messages: E k src ( Data || N ) , H ( N ) , Src ACK: N , Src ◮ Attacker who listens to the data → Symmetric cryptography E k src using a key shared with the sink ◮ Attacker who replays acknowledgements → An unpredictable nonce N per message, encrypted with the data ◮ Attacker who alters or creates messages ◮ Attacker forging ACKs Altisen et al. (VERIMAG) SR3 15 May 2013 9 / 31

  17. SR3 SR3: Packet-level attacks Messages: E k src ( Data || N ) , H ( N ) , Src ACK: N , Src ◮ Attacker who listens to the data → Symmetric cryptography E k src using a key shared with the sink ◮ Attacker who replays acknowledgements → An unpredictable nonce N per message, encrypted with the data ◮ Attacker who alters or creates messages → Add H ( N ) and check that it matches the ciphertext part ◮ Attacker forging ACKs Altisen et al. (VERIMAG) SR3 15 May 2013 9 / 31

  18. SR3 SR3: Packet-level attacks Messages: E k src ( Data || N ) , H ( N ) , Src ACK: N , Src ◮ Attacker who listens to the data → Symmetric cryptography E k src using a key shared with the sink ◮ Attacker who replays acknowledgements → An unpredictable nonce N per message, encrypted with the data ◮ Attacker who alters or creates messages → Add H ( N ) and check that it matches the ciphertext part ◮ Attacker forging ACKs → Keep the nonce secret until delivery, and reveal it in the ACK Altisen et al. (VERIMAG) SR3 15 May 2013 9 / 31

  19. SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. B C A Sink D L Queue : [ ( N ′ , D ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31

  20. SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. E k A ( Data || N ) , H ( N ) , A B C A Sink D L Queue : [ ( N ′ , D ) , ( N , B ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31

  21. SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. E k A ( Data || N ) , H ( N ) , A E k A ( Data || N ) , H ( N ) , A B C A Sink D L Queue : [ ( N ′ , D ) , ( N , B ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31

  22. SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. E k A ( Data || N ) , H ( N ) , A E k A ( Data || N ) , H ( N ) , A B C ◮ Decrypt ◮ Check validity A Sink D ◮ Build ACK L Queue : [ ( N ′ , D ) , ( N , B ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31

  23. SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. E k A ( Data || N ) , H ( N ) , A E k A ( Data || N ) , H ( N ) , A B C ◮ Decrypt ◮ Check validity A Sink D ◮ Build ACK N , A L Queue : [ ( N ′ , D ) , ( N , B ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31

  24. SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. ◮ Upon reception of an ACK which contains N , ◮ If A is not the final destination for that ACK, A routes it, ◮ Else, if it recalls the corresponding message using L Queue , it reinforces A’s trust in B. ◮ Otherwise, A drops the ACK. E k A ( Data || N ) , H ( N ) , A E k A ( Data || N ) , H ( N ) , A B C ◮ Decrypt ◮ Check validity A Sink D N , A ◮ Build ACK N , A L Queue : [ ( N ′ , D ) , ( N , B ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31

  25. SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. ◮ Upon reception of an ACK which contains N , ◮ If A is not the final destination for that ACK, A routes it, ◮ Else, if it recalls the corresponding message using L Queue , it reinforces A’s trust in B. ◮ Otherwise, A drops the ACK. E k A ( Data || N ) , H ( N ) , A E k A ( Data || N ) , H ( N ) , A B C ◮ Decrypt ◮ Check validity A Sink D N , A ◮ Build ACK N , A L Queue : [ ( N ′ , D ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31

  26. SR3 SR3: Reputation ◮ Trust in a node is the number of identifiers of that node in a bounded FIFO list, L Routing , initially empty. ◮ Messages are routed probabilistically according to the node’s L Routing . F’s L Routing , max size = 3 : Pr ( X = n ) = | L Routing | n + δ − 1 v [ , , ] ( ⋆ ) | L Routing | + 1 A C P ( X = C ) = 0 + 0 . 5 = 50 % 1 F P ( X = D ) = 0 + 0 . 5 H Sink = 50 % 1 D B Altisen et al. (VERIMAG) SR3 15 May 2013 11 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing

Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing

Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing [Kleinberg04] J. Kleinberg, A. Slivkins, T. Wexler. Triangulation and Embedding using Small Sets of Beacons. Proc. 45th IEEE Symposium on Foundations of

450 views • 32 slides
Collusion-resilient credit-based reputation for peer-to-peer content distribution Nguyen Tran,

Collusion-resilient credit-based reputation for peer-to-peer content distribution Nguyen Tran,

Collusion-resilient credit-based reputation for peer-to-peer content distribution Nguyen Tran, Jinyang Li, Lakshminarayanan Subramanian New York University NetEcon10 1 Incentive in P2P CDNs A solved problem? Yes BitTorrent

683 views • 54 slides
MobiT: A Distributed and Congestion- Resilient Trajectory Based Routing Algorithm for Vehicular

MobiT: A Distributed and Congestion- Resilient Trajectory Based Routing Algorithm for Vehicular

MobiT: A Distributed and Congestion- Resilient Trajectory Based Routing Algorithm for Vehicular Delay Tolerant Networks Li Yan , Haiying Shen and Kang Chen ACM/IEEE IoTDI Pittsburgh, USA April 2017 2 Playground for VDTNs Limited bandwidth,

593 views • 34 slides
Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure Routing? Current routing protocols assume trusted environment! Even misconfigurations severely disrupt Internet routing Secure routing

245 views • 22 slides
Contents Motivation Exploiting Routing Redundancy via Resilient Overlay Routing

Contents Motivation Exploiting Routing Redundancy via Resilient Overlay Routing

Contents Motivation Exploiting Routing Redundancy via Resilient Overlay Routing Structured Peer-to-Peer Overlays Interface with legacy applications Evaluation Sep. 17, 2003 Comparison Byung-Gon Chun 1 2 Motivation

79 views • 6 slides
Center for Secure and Resilient Maritime Commerce Developing a Resiliency Framework for Regional

Center for Secure and Resilient Maritime Commerce Developing a Resiliency Framework for Regional

Center for Secure and Resilient Maritime Commerce Developing a Resiliency Framework for Regional Freight Platforms T. Wakeman, H. Gajjar, J. Ramirez-Marquez, and H. Salloum Stevens Institute of Technology Center for Secure and Resilient

895 views • 48 slides
Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas Presented by Leland Smith CS 6204, Spring 2005 1 Overview What are MANETs? Motivation Secure Routing Protocol Protocol Description

560 views • 15 slides
Cashmere: Resilient Anonymous Routing Li Zhuang (U.C. Berkeley) Feng Zhou (U.C. Berkeley)

Cashmere: Resilient Anonymous Routing Li Zhuang (U.C. Berkeley) Feng Zhou (U.C. Berkeley)

Cashmere: Resilient Anonymous Routing Li Zhuang (U.C. Berkeley) Feng Zhou (U.C. Berkeley) Ben Y. Zhao (U. C. Santa Barbara) Antony Rowstron (Microsoft Research UK) Andrzej Skalski Plan What is anonymous routing Traditional

383 views • 36 slides
Internet routing is based on routing protocols that collect the input data No off-line route

Internet routing is based on routing protocols that collect the input data No off-line route

Introduction to Routing in Internet Internet basics IPv4 and ICMP Internet Addressing ARP - Address Resolution Protocol Routing Information (Distance Vector ) Protocol Principles 3-1 S-38.121 S-02 Rka, NB Internet routing is based on

214 views • 18 slides
Supporting Secure and Resilient Inland Waterways Letitia Pohl, Matt Campo, and Jennifer Rovito 2

Supporting Secure and Resilient Inland Waterways Letitia Pohl, Matt Campo, and Jennifer Rovito 2

Supporting Secure and Resilient Inland Waterways Letitia Pohl, Matt Campo, and Jennifer Rovito 2 nd Annual Maritime Risk Symposium November 9, 2011 Acknowledgement: This material is based upon work supported by the U.S. Department of Homeland

653 views • 15 slides
Location- -based Routing in based Routing in Location Sensor Networks Sensor Networks Jie Gao

Location- -based Routing in based Routing in Location Sensor Networks Sensor Networks Jie Gao

Location- -based Routing in based Routing in Location Sensor Networks Sensor Networks Jie Gao Computer Science Department Stony Brook University 9/22/05 Jie Gao, CSE590-fall05 1 Location- -based routing based routing Location

1.07k views • 62 slides
Towards a Provably Secure DoS-Resilient Key Exchange Protocol with PFS 1 L. Kuppusamy * J.

Towards a Provably Secure DoS-Resilient Key Exchange Protocol with PFS 1 L. Kuppusamy * J.

Introduction Contributions Conclusion Towards a Provably Secure DoS-Resilient Key Exchange Protocol with PFS 1 L. Kuppusamy * J. Rangasamy * D. Stebila * C. Boyd * J.M. Gonzlez Nieto * * Information Security Institute Queensland

943 views • 22 slides
A Novel Mechanism for Resilient Routing Suksant Sae Lor , Raul Landa, and Miguel Rio {s.lor,

A Novel Mechanism for Resilient Routing Suksant Sae Lor , Raul Landa, and Miguel Rio {s.lor,

A Novel Mechanism for Resilient Routing Suksant Sae Lor , Raul Landa, and Miguel Rio {s.lor, r.landa, m.rio}@ee.ucl.ac.uk Network & Services Research Laboratory Department of Electronic & Electrical Engineering University College London

581 views • 21 slides
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure

580 views • 47 slides
Achieving Resilient Routing in the Internet Presented by... Suksant Sae Lor (Hui) Supervised by

Achieving Resilient Routing in the Internet Presented by... Suksant Sae Lor (Hui) Supervised by

Achieving Resilient Routing in the Internet Presented by... Suksant Sae Lor (Hui) Supervised by Dr Miguel Rio NSRL, Dept. E&EE, UCL Outline Introduction & Motivation IP Fast Re-Route Framework Fast Failure Detection

359 views • 23 slides
98 s.sadeghi.khu@gmail.com

98 s.sadeghi.khu@gmail.com

98 s.sadeghi.khu@gmail.com

1.41k views • 99 slides
Bookmarks for Cryptographers Beno t Viguier ( x y. x@y.nl ) benoit viguier CHES 2017

Bookmarks for Cryptographers Beno t Viguier ( x y. x@y.nl ) benoit viguier CHES 2017

Bookmarks for Cryptographers Beno t Viguier ( x y. x@y.nl ) benoit viguier CHES 2017 Rump Session Taipei, 26th September 2017 Institute for Computing and Information Sciences Digital Security Radboud University Nijmegen 1 Tikz

436 views • 19 slides
Security Architectures of Mobile Systems Valtteri Niemi University of Helsinki AMICT2015

Security Architectures of Mobile Systems Valtteri Niemi University of Helsinki AMICT2015

Security Architectures of Mobile Systems Valtteri Niemi University of Helsinki AMICT2015 Petrozavodsk, 13 May 1 Contents Background and scope GSM design decisions a priori and a posteriori decisions security mechanisms

1.23k views • 99 slides
Physical Security of Smart Cards Michael Tunstall University College Cork, Ireland. Limerick

Physical Security of Smart Cards Michael Tunstall University College Cork, Ireland. Limerick

Physical Security of Smart Cards Michael Tunstall University College Cork, Ireland. Limerick March 5, 2008 Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 Limerick 1 / 37 Introduction Outline

586 views • 37 slides
Remarks on the Data Complexity of Zero-Correlation Linear Attacks C eline Blondeau Aalto

Remarks on the Data Complexity of Zero-Correlation Linear Attacks C eline Blondeau Aalto

Remarks on the Data Complexity of Zero-Correlation Linear Attacks C eline Blondeau Aalto University ESC, Luxembourg 2015 Outline Zero-Correlation Linear Attacks Data Complexity of Zero-Correlation Attacks Repetition of Plaintexts Data

464 views • 35 slides
CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. These

977 views • 34 slides
CYBER-PHYSICAL SYSTEMS Constantinos Xenofontos cxenof02@ucy.ac.cy BEFORE WE START...

CYBER-PHYSICAL SYSTEMS Constantinos Xenofontos cxenof02@ucy.ac.cy BEFORE WE START...

CYBER-PHYSICAL SYSTEMS Constantinos Xenofontos cxenof02@ucy.ac.cy BEFORE WE START... Security not always means web or mobile etc. What are the Cyber-Physical

607 views • 39 slides
is it possible to maintain integrity and authenticity without certificates? Hans Almgren,

is it possible to maintain integrity and authenticity without certificates? Hans Almgren,

is it possible to maintain integrity and authenticity without certificates? Hans Almgren, Mats Stengrd hans.almgren@enigio.com mats.stengard@enigio.com presentators Hans Almgren, CTO Enigio Time AB M.Sc. Industrial Engineering

875 views • 50 slides

More recommend