1 / 30

Security in Wireless Sensor Networks

Security in Wireless Sensor Networks. Michael Krishnan. Outline. Types of Attacks Clusters and Intrusion Detection Game Theory Approach. Characteristics of WSNs. Limited Energy (~6Ah) Wireless: Intruders can see transmissions and add their own

leal
Télécharger la présentation

Security in Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Wireless Sensor Networks Michael Krishnan

  2. Outline • Types of Attacks • Clusters and Intrusion Detection • Game Theory Approach

  3. Characteristics of WSNs • Limited Energy (~6Ah) • Wireless: Intruders can see transmissions and add their own • Traffic is either source to sink (base station) or broadcast

  4. Types of Attacks • Steal Data – Confidentiality • Alter Data – Data Integrity • Limit Service Availability (DoS) • Consume Energy “Denial of Sleep”

  5. Confidentiality • Public key? Too computationally expensive • Secret key? Bad if node is compromised • Secure Network Encryption Protocol (SNEP)

  6. SNEP • Both sides keep (pair-wise) shared key, k, & shared counter, C, to use as IV in DES • Semantic Security • Whole network shares MAC() function for authentication: MAC(k,C|{D}) (8 bytes) • (Weak) Freshness – replay protection and ordering

  7. Data Integrity • Authentication: Can’t use asymmetric digital signatures – too much overhead • SNEP: two-party • mTESLA: broadcast

  8. Data Integrity - mTESLA • One-way function, F(.) Kn = F(Kn+1) • Keys disclosed periodically, not per packet Figure from Perrig et al.

  9. Service Availability • Bogus Routing Information • Flooding • Homing – look at traffic to find important nodes • “Black Hole” Attack – compromise neighbors of base-station • De-synchronization (transport layer)

  10. Energy – Denial of Sleep Attack • Unique to WSNs – can’t use techniques from wired networks • Sources of Energy Loss • Collision – Frequency Hopping, CDMA, FEC • Message Overhearing – RTS/CTS, NAV • Idle Listening – schedule sleep • Brownfield et al. (2005)

  11. Scheduling Sleep – S-MAC • Fixed Sleep Schedule • RTS During Listen Period • If no RTS  sleep • Vulnerable during listen period only Figure from Brownfield et al.

  12. Scheduling Sleep – T-MAC • Timeout MAC • Sleep Early: wait for timeout period • Longest time hidden node must wait before first bit of CTS (TA = 1.5*(tCW_Max + tRTS + tSIFS) • Saves energy in absence of attacker, but MORE vulnerable to attacks (if never get timeout, stay awake forever)

  13. Scheduling Sleep – B-MAC • No fixed listening start time • Periodically wake up and sample channel using low power listening (LPL) • Longer preamble (longer than sleep period) • Just as vulnerable to attack as T-MAC Figure from Brownfield et al.

  14. Scheduling Sleep – G-MAC • Split Frame into Collection and Distribution Period • Gateway Sensor (GS) node schedules traffic for cluster • Rotate being GS to distribute energy use • Gateway can keep misbehaving node in check

  15. Scheduling Sleep – G-MAC Figure from Brownfield et al.

  16. Clusters • Cluster head (CH) and member nodes (MN) • Popular in routing protocols • Nearby nodes have redundancy, compressed at CH (save energy) • Can also use for intrusion detection • CH monitors MNs, while some subset of MNs monitor CH • X MNs can decommission CH (homing)

  17. Methods of Intrusion Detection • Anomaly Detection – Actions of monitored node are atypical • High probability of false alarm • Signature Detection – Actions of monitored node correspond to a type of attack • Susceptible to new attacks • Typical Attacks: • Drop Packets • Duplicate Packets • Cause Collisions

  18. Clusters for Authentification • Everyone watch neighbors? Too much energy • BS checks packet at the end? Waste energy transmitting bad packet whole route – need to discover this sooner • Check packet everywhere? A lot of computation • Check at CH. Send packets first to CH • Also send to CH with some probability p so compromised node can’t bypass CH.

  19. Game Theory Approach • Agah et al. (2004) • Model: 2-player, non-cooperative, nonzero-sum • Players: IDS, attacker • IDS can choose 1 cluster to defend, Attacker can choose 1 to attack

  20. Game Theory Approach - Notation • U = Utility of working WSN • Ck = Cost to defend cluster k • ALk = Average loss for losing cluster k • PI = Attackers profit for intruding • CI = Attackers cost to intrude • CW = Attacker’s cost to wait

  21. Game Theory Approach - Assumptions • PI = SAL • CW < PI-CI • Ck ~ gk, wheregk = # previous attacks to k

  22. Game Theory Approach • Payoff Matrix (for cluster k):

  23. What’s wrong with this? • Attacker benefit is independent of what IDS does… • Intuitively, this should matter • We defend one cluster at a time • Why not more? • How do they coordinate? (Extra transmissions)

  24. Modified Game Theory Approach • Uk = Utility of cluster k • Ck = Cost to defend cluster k • We can defend as many clusters as we want • If we defend cluster k, utility of cluster is Uk-Ck • If we don’t and it’s not attacked, utility is Uk • If we don’t and it is attacked, utility is 0 • Since attacker always attacks, his utility is proportional to IDS’s loss minus a constant (CI)

  25. Modified Game Theory Approach • No Pure NE: Suppose there were, then attacker always attacks one particular cluster, k. IDS should then only defend k. But then utility of attacker is less than it would be for attacking another cluster. • Requirement for mixed NE: • E[util. of attacker] indep. of k – equally likely to attack any cluster  (1-pk)Uk = const, where pk is probability of defending cluster k

  26. Modified Game Theory Approach • Strategy: • each cluster knows its own utility (maybe from G-MAC) • Defend with probability pk=1-X/Uk where X is a constant known to the whole WSN. • Expected utility of cluster k: • pk(Uk-Ck)+(1- pk)(Uk*(m-1)/m) where m = # clusters

  27. Modified Game Theory Approach • Total expected utility of WSN: S[pk(Uk-Ck)+(1- pk)(Uk*(m-1)/m)] = S[(1-X/Uk )(Uk-Ck)+ X/Uk(Uk*(m-1)/m)] = S[Uk-Ck-X+XCk/Uk + X*(m-1)/m)] = m(X*(m-1)/m-X)+S[Uk-Ck+XCk/Uk] = -X+S[Uk-Ck+XCk/Uk]

  28. Modified Game Theory Approach • Total expected utility of WSN always defending (pk= 1 for all k): S[Uk-Ck ] = -X+S[Uk-Ck+XCk/Uk ] • Gain for using pk< 1 -X+S[Uk-Ck+XCk/Uk] - S[Uk-Ck ] = -X+S[XCk/Uk ] = X(S[Ck/Uk ]–1)

  29. Modified Game Theory Approach Utility gain = X(S[Ck/Uk ]–1) • What does this mean? • Goes to -X As Ck 0 • Positive for larger Ckand smaller Uk. • Increases with X (Counter-intuitive) • Conclusion: We can improve our utility by defending less when per cluster utility is low and Ck is relatively high

  30. Review • Classified Attacks: Confidentiality, Authenticity, Service Availability, Energy • Clusters are useful for intrusion detection • Game theory approach

More Related