270 likes | 359 Vues
2005 TRES meeting. Research on Sensor Network Security. Peng Ning Cyber Defense Laboratory Department of Computer Science NC State University. Outline. Background Challenges Our research strategy Investigated problems Key management Broadcast authentication Secure location discovery
E N D
2005 TRES meeting Research on Sensor Network Security Peng Ning Cyber Defense Laboratory Department of Computer Science NC State University
Outline • Background • Challenges • Our research strategy • Investigated problems • Key management • Broadcast authentication • Secure location discovery • Secure clock synchronization • Possible collaboration
Background on Sensor Networks • A sensor network consists of a large number of sensor nodes • Low cost • Resource constrained • Wireless communication • Sensor networks are ideal candidates for • Critical infrastructure protection • Environment monitoring • Military operations • …
Challenges in Sensor Network Security • Resource constraints • Limited storage, computation, and communication • Expensive mechanisms such as public key cryptography is not practical • Depletable resources (e.g. battery power) • Resource consumption attacks • Threat of node compromises • Sensor nodes are usually deployed in an unattended fashion • Subject to node captures
Challenges (Cont’d) • Local computation/communication v.s. global threat • Sensor network applications often depend on local computation and communication due to resource constraints • A determined attacker may • Attack any node in a network, and • Use information gathered from compromised nodes to attack non-compromised ones
Research Strategy • Cryptographic services • Broadcast authentication • Key management • Security mechanisms for fundamental services • Clock synchronization • Secure location discovery • Secure aggregation and in-network processing • Cluster formation/cluster head election
Research Strategy (Cont’d) • Securing sensor network applications • Surveillance • Tracking of moving targets • … • Other desirable security services • Example: Intrusion detection • A desirable component • Require different solutions than traditional techniques
Investigated Research Problems • Pairwise key establishment • Broadcast authentication • Secure location discovery • Secure clock synchronization Supported by NSF Cyber Trust and CAREER
Pairwise Key Establishment • Problem: How to establish pairwise keys between nodes that may communicate with each other? • Between arbitrary pairs of nodes • Between neighbor nodes • Challenges • Resource constraints (limited computation, storage, communication capabilities) • Threat of compromised nodes • Our solutions • Polynomial-pool based key pre-distribution (TinyKeyMan) • Location-based key pre-distribution • Group-based key pre-distribution
The Polynomial-Based Scheme • Blundo et al. CRYPTO’92 • Pre-distribution: • A t-degree f(x,y) over finite field Fq: f(x,y)=f(y,x) • Each node i gets assigned a polynomial sharef(i,x) Node j Node i f(j,x) f(i,x) f(j,i) f(i,j) =
Properties and Limitations • Properties • Threshold property: unconditionally secure for up to t compromised nodes even they collude together • Storage: (t +1)log q bits • Computation: t modular multiplications and t modular additions • No communication overhead • Limitations • Insecure when more than t sensor nodes are compromised • An invitation for node compromise attacks
Polynomial Pool Based Key Pre-Distribution • The main idea • Use multiple polynomials (polynomial pool) • Three phases: • Pre-Distribution: pre-distribute secrets • Direct key establishment: setup direct keys • Path key establishment: setup indirect keys
A subset: {fj(i, y), …, fk(i, y)} Predetermination Random f1(x,y), f2(x,y), …, fn(x,y) i Random polynomial pool F Phase 1: Pre-Distribution • The key issue: Subset Assignment
{f1(i,y), f3(i,y), f9(i,y)} {f2(j,y), f3(j,y), f8(j,y)} 1,3,9 j i 2,3,8 j{2,3,8} Phase 2: Direct Key Establishment • The key issue: Share Discovery 1. Real-time Discovery 2. Predetermination
{1,5,6} j i {2,7,10} {1,2,7} j{k} Phase 3: Path Key Establishment • The key issue: Path Discovery {2,4,8} {1,3,9} 1. Real-time Discovery 2. Predetermination
f1(x,y), f2(x,y), …, fn(x,y) One Simple Instance:Random Subset Assignment Scheme • Phase 1: Subset assignment • Random A random subset: {fj(i, y), …, fk(i, y)} i Random polynomial pool F
Broadcast a list of challenges. Broadcast IDs in clear text. fj, …, fk , Ekv(), v = 1, …, m. i i j j Random Subset Assignment (Cont’d) • Phase 2: Polynomial share discovery • Real-time discovery
i j k Random Subset Assignment (Cont’d) • Phase 3: Path discovery • Node i contacts nodes with which it shares a key; any node that also shares a key with j replies.
Resilience against Compromised Sensors • Comparison with basic probability and q-composite schemes • Probability to establish direct keys p = 0.33 • Each sensor has storage equivalent to 200 keys
More Schemes • Random key pre-distribution • Grid-based pairwise key pre-distribution • Hybercube-based pairwise key pre-distribution • Location-based key pre-distribution • Pre-deployment knowledge • sensors’ expected locations • Post-deployment knowledge • Group-based key pre-distribution • Related publications • ACM CCS 03, ACM SASN 03, ACM TISSEC 05, ACM TOSN (under revision)
Key: n bits l bits each f1(i,y) f2(i,y) fr(i,y) Polynomials over Fq’ Same storage as 1 polynomial over Fq node ID j Implementation: TinyKeyMan • Observations • Node IDs are chosen from a field much smaller than keys • Field for cryptographic keys: Fq • Field for node IDs: Fq’ • Special fields: q’=216+1, q’ = 28+1 • No division operation is needed for modular multiplications
Broadcast Authentication • Problem: How to broadcast authenticated messages in large sensor networks • Previous solution TESLA isn’t scalable • Our solutions • Multi-level TESLA (NDSS 03, ACM TECS 04) • Merkle tree based TESLA (under review) • Also address revocation of broadcasting nodes
Secure Location Discovery • Problem: How can sensors securely determine their locations even if there are malicious external or insider attacks • Our solutions • Detect localization anomalies using deployment knowledge (IPDPS 05) • Beaconless location discovery (Infocom 05) • Tolerate malicious location references (under review) • Detect malicious beacon nodes (under review)
Secure Clock Synchronization • Problem: How to distribute a common clock throughout sensor networks • Our solutions • Resilient clock distribution (under review) • Multi-path-based resilient clock distribution (under review) • Cluster-wise fault tolerant clock synchronization (under revision)
Possible Collaboration • My interests • Long-term • Anything about information security • Short-term • Sensor and ad-hoc network security • Intrusion detection • Software security