1 / 16

Diversifying Sensors to Improve Network Resilience

This research explores the challenges and strategies for improving resilience in sensor networks by diversifying code and concealing secrets. It identifies the difficulty of hiding secrets within sensor nodes due to physical compromise and the limitations of current software security approaches. The proposed method includes data obfuscation, memory dumping defenses, and code diversification to thwart adversaries. The study emphasizes the necessity of achieving a balance between diversity for attack tolerance and manageability, providing a unique perspective on securing sensor networks against intelligent threats.

lucky
Télécharger la présentation

Diversifying Sensors to Improve Network Resilience

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Diversifying Sensors to Improve Network Resilience Wenliang (Kevin) Du Electrical Engineering & Computer Science Syracuse University

  2. Hiding Secrets • Secrets are essential for sensor networks • Pre-distributed keys • Pair-wise keys • Private keys • Other secrets • Fundamental Challenge: hiding secrets is difficult Diversifying Sensors

  3. Existing Approaches • Physical security is difficult to achieve • Hardware approaches are expensive • Software approaches • Code obfuscation: extensively studied in traditional systems • Bad news: adversaries eventually win Diversifying Sensors

  4. Rethinking of Software Approaches • Observation: fault tolerance of sensor networks • Should be able to tolerate a small # of bad sensors • Ideal Goals • Hiding secrets in sensor nodes • Make it difficult to derive secrets from each sensor • Make it N times difficult to derive secrets from N sensors Diversifying Sensors

  5. Threat Model: Physical Compromise Memory Dumping Static Analysis Reverse Engineering Dynamic Analysis

  6. Proposed Approach • Data Obfuscation (Secret Hiding) • Memory dump: difficult to find secrets • Adversaries must understand the program • Code Obfuscation • Make it difficult to understand one program • Code Diversification (Randomization) • Make adversary’s effort non-repeatable

  7. Data/Code Obfuscation • Existing Techniques • Code flattening • Self-modification code • White-box encryption algorithms • Various techniques against reverse engineering • Challenges • Achieving obfuscation with limited Memory • Computation can’t be too expensive • Tradeoff needs to be made (optimization) • Quantify code complexity

  8. Diversifying Code • Turn the same piece of software into many diversified versions • Difference from traditional diversity • Diversity for fault tolerance • Diversity for attack tolerance (vulnerabilities) • Attacks are quite fragile • Diversity for code-analysis tolerance • Attacks are adaptive and intelligent (human involved)

  9. Diversifying Code: Challenges • Quantify diversity and manageability • Manageability prefers uniformity • Diversity destroys uniformity • Manageability is application dependent • Optimal tradeoff • Comparative study: already compromised node and newly-captured node • Static matching attacks • Dynamic matching attacks

  10. Difference from Protecting Intellectual Right • Intellectual Right • Success = breaking one copy • Sensor Networks • Success = breaking more than k copies

  11. Unique Properties of Sensor Networks • Code usually has small size • Some applications has static configurations • The OS can be obfuscated too • Hardware specific code obfuscation

  12. Preliminary Results: SASN’06

  13. Complexity: Line of Code

  14. Cyclomatic Complexity

  15. Running Time

  16. Summary • Diversified code obfuscation is quite unique for sensor networks • Require understanding from both engineering and theory perspectives

More Related