1 / 30

EE 418 Project 2: Key Distribution in Wireless Sensor Networks

EE 418 Project 2: Key Distribution in Wireless Sensor Networks. Professor Radha Poovendran Andrew Clark. Project Guidelines. Groups of up to 4 are allowed Due December 15 during the exam Four parts Key distribution problems Node Capture Attack Simulation Analysis of Node Capture Attack

steel-joseph
Télécharger la présentation

EE 418 Project 2: Key Distribution in Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EE 418 Project 2: Key Distribution in Wireless Sensor Networks Professor Radha Poovendran Andrew Clark

  2. Project Guidelines • Groups of up to 4 are allowed • Due December 15during the exam • Four parts • Key distribution problems • Node Capture Attack Simulation • Analysis of Node Capture Attack • Route Capture Attack Simulation • Groups are required to complete three of the four parts

  3. Outline • Sensor networks and their applications • The key distribution problem • The Eschenauer-Gligor scheme • Non-cryptographic attacks: • Node capture • Link capture • Route capture • Modifications of the EG scheme • Conclusion

  4. Emerging technology with many potential applications Wireless Sensor Networks Inventory Tracking Fire Detection Patient Monitoring Battlefield Surveillance

  5. Network Model • Network of N sensor nodes, indexed {1,…,N} • Two nodes can communicate if they are within radio range • May lack supporting infrastructure (e.g. base station) • Computing power, battery lifetime of nodes limit range of protocols used • In some applications, no public key crypto! 2 2 6 6 1 1 5 5 7 7 3 3 4 4

  6. Key Distribution • In order to communicate, two sensor nodes must share a key • Moreover, if two nodes communicate via multiple hops, then each pair of nodes along the path must share a key • How do we guarantee that the network is connected if the network topology is not known in advance? 2 2 6 6 1 1 5 5 7 7 3 3 4 4

  7. Naïve Approach • Every node is preloaded with a secret key for every other node • Problems: • Storage constraints in individual nodes and the network as a whole • If you have 1000 nodes, each node needs to store 999 long keys, and the total number of keys is ~1000000 • Updating the network becomes difficult • Not practical for large networks!

  8. Random Predistribution • Eschenauer and Gligor (2002) proposed a novel and straightforward scheme. • A pool of P keys is generated randomly. • Each node is preloaded with a random collection of k keys from the pool. • The number of keys per node is a design parameter. P = 8 k = 3 {k1, k5, k6} 6 6 1 1 2 {k6, k7, k8} {k1, k2, k4} 5 5 4 {k3, k6, k8} {k3, k4, k8} 7 7 3 3 {k2, k5, k8} {k2, k3, k5}

  9. Ensuring Connectivity • How do we choose k and P? • First, find p according to the equation: • Pcis the probability that a network of n nodes is connected, assuming that each pair of nodes share a link with probability p. • E.g. suppose we want a network of size n=10000 to be connected with probability 0.99. Then we have exp{-e-c} = 0.99, so c = -log(-log(0.99)) = 4.6 and p = log(10000)/10000 + 4.6/10000 = 0.0014 • Hence in this example, if two nodes share an edge with probability 0.0014, then the network is connected (assuming each node’s radio range is infinite)

  10. Ensuring Connectivity • Using p, we can find d, the expected degree of each node in the network to ensure connectivity: d = p*(n-1) • We can use d (rather than p) to characterize the network • One problem: so far, we have neglected to take radio range into account!

  11. Ensuring Connectivity • Suppose that, due to range constraints, each node can only connect to n’ of its neighbors. • In this case, we want the probability of connectivity to be p’ = d/(n’-1) to ensure that the whole graph is connected.

  12. Ensuring Connectivity • Given p’, we can then find values of P and k using the equations on page 5 of [1]:

  13. Ensuring Connectivity • In summary, we have the following approach: • Given n (number of nodes) and Pc (design constraint), find c and p using Erdos’s formula • Calculate d = p*(n-1) • If the neighborhood size is n’ (due to radio range), find p’ = d/(n’-1) • Choose P and k so that Pr(two nodes share a key) = p’

  14. Random Key Distribution From a security standpoint, can you think of a problem with assigning keys in this way?

  15. Node Capture Attacks • The adversary may have a hard time attacking security through cryptanalysis • However, recall that the network is unmonitored for extended periods • We consider “node capture attacks”, in which the adversary steals the key by physically capturing a node • The EG scheme is especially vulnerable because many different nodes may share the same key

  16. Node Capture Attacks • The first type of attack is the seed cover attack, in which the adversary attempts to recover the entire key pool (or at least a large subset of it). • This is equivalent to the set-covering problem • Can use efficient “greedy” heuristic • At every iteration, capture the node with the most unknown keys P = 8 k = 3 {k1, k5, k6} 6 6 1 1 2 {k1, k2, k4} {k6, k7, k8} 5 5 4 {k3, k6, k8} {k5, k7, k8} 7 7 3 3 {k2, k5, k8} {k2, k3, k5} P’ = {k1, k2, k4, k3, k6, k8, k5, k7}

  17. Node Capture Attacks • The second type of attack is the link cover attack. • Note that it may not be necessary for the adversary to capture all the secret keys; he may only have to capture enough to compromise all the links • This is another set-covering problem

  18. Link Cover Example

  19. Performance

  20. The q-composite Scheme • In [2], the authors proposed different methods for mitigating the node capture problem • In the q-composite scheme, q shared keys between nodes to are needed to communicate. • The shared key between two nodes is then K = hash(k1||…kq) • The adversary must therefore capture all q keys to break the link P = 8 k = 3 {k1, k5, k6} 6 6 1 1 2 {k1, k2, k3} {k6, k7, k8} 5 5 {k6, k8} {k7, k8} {k2, k3} {k5, k8} 4 {k2, k5} {k5, k6, k8} {k5, k7, k8} 7 7 3 3 {k2, k5, k8} {k2, k3, k5}

  21. The q-Composite Scheme • Under the q-Composite scheme, the probability that Eve can compromise the link between two nodes by capturing random nodes is the top equation, where: • |S| is the key pool size, m is the number of keys per node • p(i) is the probability that two nodes share exactly i keys • p is the probability that two nodes share at least q keys • x is the number of nodes Eve will capture

  22. Multipath Reinforcement • Suppose A and B have a secure link between them (i.e., they share a key k) • We can improve the security of the link by updating its key after the initial setup. • If there are m disjoint routes between A and B, then A can generate random numbers v_1, …, v_m and send each number (encrypted, of course) along a different route • The shared key will then be k’ = k xor v1 xor … xor vm

  23. Example

  24. Route Capture Attacks • The final kind of attack we will consider is the route capture attack [4]. • Route capture attacks take advantage of the fact that traffic in a WSN has to be routed between nodes that are far apart. • Thus if we capture certain “bottleneck” nodes, we can observe a lot of the network traffic.

  25. Node Capture Attacks • We want to define a way to quantify how vulnerable a route is after a certain number of keys is captured. • For a route between source node s and destination d, we define a function Vsd • Let C be a set of nodes that we can capture. Then we want: • Vsd(C) = 0 if C is empty • Vsd(C) between 0 and 1 if there is still some security to the route • Vsd(C) = 1 if the route has been compromised.

  26. Node Capture Attacks • Suppose we have such a function Vsd. Then, given a set of pairs (s,d) and a set of routes Rsd between them, define the incremental node value by • Now, we can implement a greedy algorithm not unlike that from the previous section • At each iteration, we capture the node with the largest incremental node value.

  27. Node Capture Attacks • The adversary can choose Vsd in order to reflect his or her goals. • An example in [4] is

  28. Explanation of Terminology

  29. Summary • By using random key distribution, we can develop secure communication in a sensor network with limited storage • This distribution scheme is vulnerable to attack: • Seed cover • Link cover • Route cover • There are techniques for mitigating these vulnerabilities.

  30. Questions?

More Related