500 likes | 779 Vues
A Holistic Approach to Secure Sensor Networks. Sasikanth Avancha. Application Scenario. Biological Attack !!. Aggregated sensor data. Commands and Orders. Aggregated sensor data. Wireless Sensor Network. Command & Control. Secure, Fixed Base Station. Biological Attack !!.
E N D
A Holistic Approach to Secure Sensor Networks Sasikanth Avancha
Application Scenario Biological Attack !!
Aggregated sensor data Commands and Orders Aggregated sensor data Wireless Sensor Network Command & Control Secure, Fixed Base Station Biological Attack !! Secure, Mobile Base Station
Wireless Sensor Network Command & Control Secure, Fixed Base Station Subversive Attack !!! Secure, Mobile Base Station Biological Attack !!
Aggregated sensor data Commands and Orders Aggregated sensor data Adaptive Wireless Sensor Network Command & Control Secure, Fixed Base Station Subversive Attack !!! Secure, Mobile Base Station Biological Attack !!
Outline • WSN State-of-the-Art • Thesis Statement • SWANS • SONETS • Conclusions
WSN State-of-the-Art • Energy, Networking, Data Management, Security • Energy conservation is key • Solutions designed mostly for homogeneous WSNs • Security not a basic building block • Few solutions adaptive to environmental variations
Thesis • Holistic Approach to WSN Design • Mechanisms to detect, classify & respond to environmental variations • Security as basic building block • Result • Adaptive WSNs tuned to environment • Improved performance • Security • Longevity • Connectivity
Secure & Adaptive WSN Framework • SWANS: Two-tiered adaptability mechanism • Node-level Adaptability • Network-level Adaptability • SONETS: Secure self-organization • Varied threat models • End-to-end & pair-wise secure links • Misbehavior detection & network repair
Wireless Sensor Network Adaptability • Ontological approach • Identify parameter set and build module ontology • Create node ontology to describe sensor node states • Create network ontology to describe network states • Establish rules to enable nodes and network to modify operational behavior
Related Work • SPIN, Heinzelman et al. (Mobicom, 1999) • T-MAC, van Dam et al. (SenSys, 2003) • AIDA, He et al. (ACM TECS, 2004) • Adaptive Sampling, Jain et al. (DMSN, 2004) • ARC, Kang et al. (Basenets, 2004) • Adaptive routing • LEACH • Directed Diffusion
Parameter Set • PHY • Received power per packet, noise power • Carrier loss, format violation and HEC failure rates • MAC • Failed transmission, multiple retry and collision ratios • FCS failure rate • Routing • Node degree • Compromised node/link count • Failed node count • Reachable RRN count • Path and hop counts to RRNs • Router count
Parameter Set • Energy • Remaining energy capacity • Energy consumption rate • Sensor layer • Sensor accuracy • Sensor energy consumption
Monitor & Report • Establish lower and upper bounds for each parameter • Monitor parameter values (per epoch/packet count/…) • Map parameter values to ontological symbols • Provide symbols to Logic Component
Module Ontology • Logic Component • PHY, MAC, Routing, Energy and Sensor states • Tabular representation • Resource-constrained nodes • Boolean expressions • OWL-DL representation • Resource-enhanced nodes • Parameters as owl:ObjectProperty • Module states as owl:Class
Module Ontology <owl:Class rdf:ID="PHYJammedByNoise"> <owl:intersectionOf rdf:parseType="Collection"> <owl:Class rdf:about="#PHY"/> <owl:Restriction> <owl:onProperty rdf:resource="#noisePower"/> <owl:hasValue rdf:resource="#Amount_Abnormal"/> </owl:Restriction> </owl:intersectionOf> </owl:Class>
Module Ontology <owl:Class rdf:ID="PHYJammed"> <rdfs:subClassOf rdf:resource="#PHY"/> <owl:unionOf rdf:parseType="Collection"> <owl:Class rdf:about="#PHYJammedByNoise"/> <owl:Class rdf:about="#PHYJammedDueCarrierLoss"/> </owl:unionOf> </owl:Class>
Node Ontology • Sensor node states • PHY, MAC, Routing, Energy and Sensor states • Classes representing sensor node states • Restrictions • Subsumption - subclassOf, intersectionOf, unionOf • Deployable on sensor nodes • Tabular representation • OWL-DL representation • Deploying on RRNs • memory vs. energy trade-off
Node Ontology <owl:Class rdf:ID="SensorNodePHYJammed"> <owl:intersectionOf rdf:parseType="Collection"> <owl:Class rdf:about="#SensorNode"/> <owl:Restriction> <owl:onProperty rdf:resource="#hasPHY"/> <owl:someValuesFrom rdf:resource="#PHYJammed"/> </owl:Restriction> </owl:intersectionOf> </owl:Class>
Node Ontology <owl:Class rdf:ID="SensorNodeJammed"> <rdfs:subClassOf rdf:resource="#SensorNode"/> <owl:unionOf rdf:parseType="Collection"> <owl:Class rdf:about="#SensorNodePHYJammed"/> <owl:Class rdf:about="#SensorNodeMACJammed"/> </owl:unionOf> </owl:Class>
Action Component • Node state = NS, Operational state = ? • Sensor node rule set • NS(Jammed) V NS(SDTA) V (NS(Disconnected) ΛES(Low Energy)) OS(Sleep) • NS(Disconnection Imminent) ΛES(Normal) OS(Increase Tx Range) • NS(High Node Degree) V NS(Low Accuracy) V NS(Abnormal Routing Info.) OS(Extend Active Period)
RRN Monitoring & Reporting • Obtain individual node states • Periodic report • Query mechanism • Classify nodes according to reported state • Determine cardinality of each class • Map to ontological symbols
RRN Logic Component • Classify cluster instance represented by ontological symbols – network ontology • Network ontology • OWL-DL implementation • Classes representing cluster states • Subsumption & Restriction • Output • Current logical state of cluster based on node states
RRN Action Component • Cluster state = X, Instructions = ? • RRN rule set • CS(Under SDTA) ΛDetected(A) ΛDetects(S, A) ΛNS(S, Sleep) NS(S, Active) • CS(Normal) ΛDetected(A) ΛDetects(S, A) Stop Aggregation(S)
Evaluation • Problem • Node addition attack (Zhu et al., CCS 2003) • Legitimate node addition • SWANS Solution • Monitor node degree • State == Node degree ↕ Operation = Security level ↕ • Result • Malicious nodes thwarted • Legitimate nodes accepted
Adapt to Node Degree Increase • 800 node network • 400 nodes observe node degree ↑ Average energy consumed per node (J) Simulation Time (seconds)
Determining ND Thresholds • Initial size: 200 to 390 • ND increase: 5% • Final size: 210 to 400 • µΔ, σΔ • Determine n1, n2 Average energy consumed per node (J) Simulation Time (seconds)
Evaluation • Problem • Sleep deprivation torture attack (Stajano and Anderson, 1999) • SWANS solution • Monitor HEC & FCS failures, format violations, collisions • Node state == SDTA Operation = Sleep • Report node & operational states to RRNs • RRNs: Compute network state, modify node operation • Result • Network balances energy saving and utility
Adapt to SDTA 800-node WSN 400 nodes attacked Affected nodes detect SDTA & enter sleep state Average energy consumed per node (J) RRNs compute global state & wake up some nodes Simulation Time (seconds)
Evaluation • Problem • Node failures due to malfunction or attacks • SWANS solution • Nodes monitor count of failed neighbors (FN) • Node state == disconnected Op. state = Tx range increase • Result • Nodes increase Tx range, prevent network partitioning • Node degrees increase, hop counts decrease • Trade-off is between connectivity and energy consumption
Adapt to Node Failures (Node degree) Average Node Degree Network Size
Adapt to Node Failure (Hop counts) Average Hop Count Network Size
SONETS • Neighbor discovery • P-SONETS: Centralized • C-SONETS & D-SONETS: Distributed • Topology discovery & network setup • P-SONETS: Centralized, no key management • C-SONETS: Centralized pair-wise key management • D-SONETS: Distributed pair-wise key management • Topology Maintenance • Multi-hop pair-wise key establishment • Node addition & deletion
Threat Models • Adversary presence • Local, Global • Adversary attack mode • Passive, Active • Adversary attack capability • Before, during, after self-organization
Related Work • Probabilistic Approaches • Eschenauer & Gligor, CCS 2002 • Chan et al., ISSP 2003 • Du et al., CCS 2003 • Liu & Ning, CCS 2003 • Deterministic Approaches • Perrig et al., WINET 2002 • Zhu et al., CCS 2003 • Anderson et al., ICNP 2004
P-SONETS BS to j: EKBS(*, EKj(j, Nonce, HELLO)) j to BS: EKBS(j, EKj(j, Nonce, HELLO_REPLY)) 14 19 1 BS BS to k: EKBS(*, EKj(j, N1, RELAY)), EKk(k, N2, HELLO) j to k: EKBS(k, EKk(k, N2, HELLO)), Ψ k to j: EKBS(k, Ψ), EKk(k, N2, HELLO_REPLY) j to BS: EKBS(k, EKk(k, N2, HELLO_REPLY)), EKj(j, N1) 5 23 9 3 11 BS: List of all keys Kj j: KBS, Kj
P-SONETS • Network repair • BS tracks node aberrance • Lack of data • Corrupt data • Reasons for aberrance • Node is dead/compromised 2HN • Node is 2HN; relay point is dead/compromised • Node is dead/compromised 1HN • BS repairs network • Delete aberrant nodes • Reassign relay points, if required
P-SONETS • Simulation using SensorSim (UCLA) • 100 node WSN • Simple radio & battery models • Varied sensor node distribution in each hop • Average energy consumption • Total initial energy in network = 3600 Asec • Node discovery, topology discovery, network setup: 36 mJ • Network repair when fixed number of nodes fail: 8 mJ
C-SONETS • 1 to R: EK1(<5, 19, 14>) • R to 1: EK1(<x15, x119, x114>) R to 5: EK5(x51) R to 14: EK14(x141, <R,2,1>) • Node 1: K15 = f (x15 x1) Node 5: K15 = f (x51 x5) • 14 to 1: EK114(FWD, <13>) 1 to R: EK1(DATA, <13>) • R to 14: EK14(x1413) R to 13: EK13(x1314, <R,3,14>) • Node 14: K1413 = f(x1413 x14) Node 13: K1314 = f(x1314 x13) C-SONETS 19 14 K119 K114 K1413 1 13 K15 K1 K5 5 R Kn, Ku, xu on each node u & R x15 = x5 R15 x51 = x1 R15
Energy Consumption • Tx + Rx • Encrypt + Decrypt • Hashing • O(n3) • Existing Protocols • 100s of mJ Average energy consumed per node (J) Network Size (n)
Node degree & Hop count • Analytical Expression • Bettstetter 2002 • E(d) = ρπr02 where, ρ = n/Area = n/(25x104 m2) r02 = Tx range = 75 m • E(d) ≈ 7 to 70 • E(h) ≈ 4 Average node degree (d) Hop count (h) Network size (n)
D-SONETS • Node 1: Broadcast M1 • M1 = EKn(*, 1, EKf(5)(5,x51) || …) • x51 = x1 R51, … • Node 5: Broadcast M5 • M5 = EKn(*, 5, EKf(1)(1,x15)||…) • x15 = x5 R15, … • Node 1 computes • K15 = f (x15 x51) • Node 5 computes • K15 = f (x51 x15) • Node 1 to Node 14: M114 • EKn(14, 1, EK114(<R,1>, <5,1>, …)) D-SONETS 19 14 K119 K114 K1413 M1 M5 M1 1 M114 13 K15 K1 M1 M5 5 R K5 Kn, Ku, xu on each node u & R
Energy Consumption (D-SONETS) • 50% of C-SONETS • Existing Protocols • 1/3 D-SONETS • n ≤ 500 • 1/10 D-SONETS • n > 500 Average energy consumed per node (J) Network size (n)
Security Analysis • Node compromise • Effect limited to 1-hop neighborhood • Links between uncompromised nodes remain secure • Sybil (Douceur 2002) • Identity-based authentication • Wormhole & Sinkhole (Karlof and Wagner, 2003) • Routing not based on shortest path • Node replication • RRNs exchange topology information periodically • Restrict node degree
Node Deletion • Neighbors detect misbehavior • Initiate voting process • Majority affirmative vote to delete • Inform RRN • Provide list of ‘yea’ voters • RRN may poll individual voters • RRN • Generate new common shared key Kn • Secure unicast
Conclusions • WSNs crucial component of pervasive computing environments of the future • WSNs in tune with application & environment • Secure • Adaptive • Our framework is comprehensive solution • Security protocols for different levels of security • SONETS protocol suites scalable, efficient, resilient • SWANS provides multi-tiered WSN adaptability
Future Work • Adaptive data fidelity • Support for sensor adaptability • Tune smart MEMS • Real-world sensor deployment & evaluation • Memory • Computational power • Comprehensive high-level policy • Govern WSN operational behavior • Resolve conflicts