1 / 38

SECURITY FOR IN NETWORK PROCESSING AND AGGREGATION

SECURITY FOR IN NETWORK PROCESSING AND AGGREGATION. EE5723 – Network Security April 08, 2010. Outline. Overview of Aggregation Basics of non-secure aggregation Basics of secure aggregation Aggregation Protocols and Techniques. Overview of Aggregation.

pello
Télécharger la présentation

SECURITY FOR IN NETWORK PROCESSING AND AGGREGATION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECURITY FOR IN NETWORK PROCESSING AND AGGREGATION EE5723 – Network Security April 08, 2010 Michigan Tech University

  2. Outline • Overview of Aggregation • Basics of non-secure aggregation • Basics of secure aggregation • Aggregation Protocols and Techniques Michigan Tech University

  3. Overview of Aggregation “Aggregation collects results from several sensors and calculates a smaller message that summarizes the important information from a group of sensors.” [1] Michigan Tech University

  4. Overview of Aggregation Michigan Tech University

  5. Overview of Aggregation • Aggregation is helpful as it reduces the amount of traffic on a network. • This helps prolong battery life. • Can provide less processing needs. Michigan Tech University

  6. Basics of Non-secure Aggregation • A few different types of aggregation techniques: • Data Centric Routing [4]. • Statistical aggregation. • Simple Object Access Protocol (SOAP) [9] Michigan Tech University

  7. Data-centric routing • Data-centric routing is more about removing duplications unnecessary traffic in parents in a tree. • This could include: • Duplicate packet removal • Removing packets from sensors with similar readings • Three Methods: • Center at Nearest Source (CNS) • Shortest Paths Tree (SPT) • Greedy Incremental Tree (GIT) Michigan Tech University

  8. Data-centric routing Michigan Tech University

  9. Statistical Aggregation • Application of estimation theory. • It can involve: • Minimums and/or maximums • Different types of averaging • Medians • Counts • Normal distributions • Lots of other types of statistical inference. Michigan Tech University

  10. SOAP in WSN • Simple Object Access Protocol (SOAP) • Based on XML (Extensible Markup Language) • Easily integrated into different programming languages. • Message types: • 1. A node dispatching a hello message to sinks. • 2. A sink sends a Remote Procedure Call (RPC) to registered nodes. • 3. Nodes responding to the RPC. Michigan Tech University

  11. SOAP in WSN • The modified SOAP allows an adaptive Pull strategy instead of a traditional push strategy. • Requestor sends request to Invoker. • The Invoker processes what Requestor wants and sends back results when the results have been obtained. Michigan Tech University

  12. SOAP in WSN • While security was not initially implied in this protocol it could easily be adapted to one of the few techniques introduced in this presentation. Michigan Tech University

  13. Drawbacks of Aggregation • More computation for internal nodes • More delays in getting from edge node to Central Node. • Not as useful when full data is needed. Michigan Tech University

  14. Flaws on Existing Aggregation • Straight averaging is insecure if even a single node is compromised. • Geometric Mean floor((31+32+30+29+31+200)/6) = 58 • Harmonic Mean floor(6/(1/31+1/32+1/30+1/29+1/31+1/200)) = 35 • Minimum and maximum functions insecure • Example: Ice or Fire on thermostat (0 or 200 degrees) Michigan Tech University

  15. Attacks on Existing Aggregation • Network attacks • Eavesdropping • DoS • Replay • Artificial data insertion (Stealthy Attack) • Intruder Nodes • Physical Attacks • Tampering • Physical compromise of nodes Michigan Tech University

  16. Basics of Secure Aggregation • Security needed to transfer data reliably from the sensor to the base station. • With aggregation intermediate nodes require access to the data for the aggregation. This introduces a need to determine if the data received from aggregators is reliable. • Cannot bootstrap all keys to device as applications require a dynamic structure. Michigan Tech University

  17. Basics of Secure Aggregation • Standard Public key is too intensive for limited computing environment. • The basic approaches of network security apply to secure aggregation though majority of research covers these: • Integrity • Authentication Michigan Tech University

  18. Integrity in Secure Aggregation • The integrity in secure aggregation helps make sure that intermediate and aggregator nodes have not altered the data. • This can involve a hash function, most commonly the Message Authentication Code (MAC). Michigan Tech University

  19. Authentication in Secure Aggregation • The use of authentication helps ensure that intruder nodes don’t insert invalid data into the aggregation values. • This can have severe effects on the system as mentioned beforehand. • Two protocols that help with authentication include: • uTESLA • MAC (Assuming a certain key is used) Michigan Tech University

  20. WSN Security Protocols • Security Protocols • ECC – Elliptic Curve Cryptography [2] (Not Covered) • MAC – Message Authentication Code [8] • Merkle Hash Tree [7] • SPINS – [5] [6] • SNEP – Secure Network Encryption Protocol • µTESLA – Micro Timed Efficient Stream Loss-Tolerant Authentication Michigan Tech University

  21. MAC/HMAC • Message Authentication Code • Used to verify message authenticity • HMAC – Hashed MAC • Uses cryptographic hashing function to create the MAC • Used to check data integrity MAC(text)t = HMAC(K, text)t = H((K0 ⊕ opad )|| H((K0 ⊕ ipad) || text))t • Does not provide non-repudation • Because it uses Symmetric Keys • Does prevent replay attacks Michigan Tech University

  22. MAC/HMAC Image courtesy of Wikipedia Michigan Tech University

  23. Merkle Hash Tree • The hash tree is a way to store hash information. • It is a fairly easy concept. • hash 0 = hash( hash 0-0 + hash 0-1 ) Where + indicates concatenation. Michigan Tech University

  24. µTESLA • Micro Timed Efficient Stream Loss-Tolerant Authentication • Derived from TESLA protocol, developed by A. Perrig at Carnegie Mellon University • Broadcast Authentication • Strong Freshness Michigan Tech University

  25. µTESLA • Addresses problems with TESLA • Digital signature for packet authentication • µTESLA uses only symmetric mechanisms • Overhead of 24 bytes/packet • µTESLA discloses key once per time interval • One-way key chain is too big • µTESLA restricts number of authenticated senders • Assumptions • Base station, nodes must be loosely synchronized • Each node must know upper bound for max sync error Michigan Tech University

  26. µTESLA • The basic protocol • One-way key chain and delayed key disclosure • Keys : Ki = F(Ki+1) • F public one-way function • Each node knows Ki and predefined time slot intervals • Sender periodically broadcasts current key • K0 is initial commitment to chain, base station gives K0 to all nodes Michigan Tech University

  27. Issues with µTESLA • Important parameters: interval length, disclosure delay • Delay must be greater than RTT for integrity • Parameters define maximum delay until messages can be serviced • Nodes must buffer all broadcasts until key is disclosed. • Counters must be (somewhat) synchronized Michigan Tech University

  28. Aggregation Protocols and Techniques • SecureDAV [2] • Elliptic Curve Cryptography • Merkle Hash Trees • Secure Aggregation for Wireless Networks [1] • Non-confidential • µTESLA • MAC Hashing (Any algorithm would do) Michigan Tech University

  29. SecureDAV • Prevents acceptance of faulty readings • Doesn’t make assumption that nodes are honest. • Develops private cluster key for each cluster. • Only distributes a chunk of the private key to the cluster nodes. • This prevents an attacker from obtaining the full key. • Up to t nodes can be compromised. t < n/2 Michigan Tech University

  30. SecureDAV • Uses Averaging • Transmit average back to sensors for verification. • If verified, sensors do partial signature. • Aggregator combines partial signatures into a full one. • Average and full signature sent to the base station. • Cluster Head integrity ensured using Merkle hash Trees Michigan Tech University

  31. SecureDAV • Issues • If greater than n/2 nodes are compromised in a cluster of n nodes then the cluster can be compromised. • Covers • Basic confidentiality • Integrity Michigan Tech University

  32. Secure Aggregation For WSN • Protocol focuses on Integrity and Authentication • It has a fixed base station • Uses uTESLA from SPINS Protocol • Incorporates a MAC (non-specific) • Uses delayed aggregation and authenticaion. • Non-specific aggregation technique. • Shared secret with base station established before deployment. Michigan Tech University

  33. Secure Aggregation For WSN Tree From [1] Michigan Tech University

  34. Secure Aggregation For WSN • Helps protect against: • Intruder Node Attacks • Authentication (Doesn’t have initial Key) • Artificial Data • Hash • Replay • Using the uTESLA key in the Hash Michigan Tech University

  35. Secure Aggregation For WSN • Compromised Node Attacks: • With access to node information it has the ability to forge node messages. • No cryptographic way to prevent this, but different aggregation techniques can detect false readings. • This is harder with intermediate nodes a the Hash from children are harder to forge. Michigan Tech University

  36. Conclusions • Aggregation can provide many benefits. • Many different protocols exist with different types of goals in mind. • Intermediate node data processing creates a need for a special kind of security. • Protocols with lightweight security implementations are important. Michigan Tech University

  37. Sources • [1] L. Hu, D. Evans, “Secure Aggregation for Wireless Networks,” Workshop on Security and Assurance in Ad hoc Networks, 2003. • [2] A. Mahimkar, T. Rappaport, “SecureDAV: A Secure Data Aggregation and Verification Protocol for Sensor Networks”, 2004 • [3] Jing Deng, Richard Han, and Shivakant Mishra, “Security Support for In-Network Processing in Wireless Sensor Networks” ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '03), 2003 • [4] B. Krishnamachari, D. Estrin, S. Wicker, “The Impact of Data Aggregation in Wireless Sensor Networks” • [5] Robert Anderson “SPINS:Security Protocolsfor Sensor Networks,” http://web.pdx.edu/~raand/files/SPINS.pdf, May 11, 2004. • [6] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and D. Tygar, “SPINS: Security Protocols for Sensor Networks,” Proceedings of Seventh Annual International Conference on Mobile Computing and Networks MOBICOM 2001, July 2001. Michigan Tech University

  38. Sources • [7] B. Przydatek, D. Song, A. Perrig, “SIA: Secure Information Aggregation for Sensor Networks,” SenSys’03, 2003. • [8] M. Bellare, R. Canetti, H. Krawczyk, “Keying Hash Functions for Message Authentication,” 1996. • [9] A. Al-Yasiri, A. Sunley, “Data aggregation in wireless sensor networks using the SOAP protocol,” Journal of Physics: Conference Series 76, 2007 Michigan Tech University

More Related