220 likes | 368 Vues
A New Approach for Establishing Pairwise Keys for Securing Wireless Sensor Networks. Arno Wacker, Dept. of D.S, University Stuttgart (SenSys ’05). Sep. 19 th , 2006 Kim, Chano. Contents. Introduction System modeling and Requirements Multi-path key establishment
E N D
A New Approach for Establishing Pairwise Keys for Securing Wireless Sensor Networks Arno Wacker, Dept. of D.S, University Stuttgart (SenSys ’05) Sep. 19th, 2006 Kim, Chano
Contents • Introduction • System modeling and Requirements • Multi-path key establishment • RKEP : The Recursive Key Establishment Protocol • Related work • Conclusion and future work A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Introduction • Securing is crucial factor for home automations • Invade an individual’s personal life (ex. Breaking into private home) • Encryption is basic technique for securing communications • Require keys to be exchanged before secret communications • In this paper, • A secure key exchange scheme especially geared toward resource constrained environments like wireless sensor networks • Decentralized key distribution scheme avoids a single point of trust • Even if a device is subverted, the key exchange for the remainder of the network remains functional A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
System model & Requirements • Assumption • Consists of sensors, each with own processor and memory • Communicate over an insecure wireless channel (only eavesdropping) • Transport layer mechanism that recovers from packet loss • The number of devices is not predetermined • Not consider device failures or byzantine behavior • Requirements • The key distribution scheme must be decentralized • Symmetric cryptography is used in order to deal with resource limited devices A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
kAE2 kAE2 kAE2 kAE1 kAE1 Multi-Path Key Establishment • Terminology • Key graph : Undirected graph g=(V,E) • V : the set of devices in the network • E : between devices where , share a symmetric key • S-node-disjoint paths : The number of S-paths between a source and a destination do not share any intermediate nodes • Key Establishment (S=2) D C E A B A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Multi-Path Key Establishment • Problem : Finding node-disjoint paths is not trivial • Each node has complete knowledge of the key graph • Reactive protocol • Run a path discovery protocol every time a key exchange takes place E.X) Distance Vector Routing Algorithm (source Routing) • Large networks have long paths between nodes, require larger memory • Overall memory needed by 2 algorithms exceeds Ω(n) • A reactive algorithm that establishes additional edges in the key graph with the intent of shortening the s node-disjoint paths to a length of 2 • Advantageous properties in terms of memory usage and network message size • Time complexity of O(kn), constant memory on each device A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Query Cancel Query Established Established Query Established Established Query Cancel RKEP : Recursive Key Establishment Protocol • This protocol consists of • graph construction algorithm • key establishment protocol • Simple RKEP Example (s=2) C D Source E A Target B A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
RKEP • Data Structure • This : The device ID of the device running the procedure • MyDeviceList : List of all devices this device shares a key with • QueryID : triple {SourceID, TargetID, Couter} • QuerySet : A set all queries which device has seen so far and still active • Key : The QueryID of this query • EstablishedSet : set of devices which answered that share a key with target • Requesting Set : the set of all devices received from QueryID A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
RKEP • Reaction on receiving a KeyEstablishmentQuery-message A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
RKEP (5/11) • RKEP Deadlock Target J I H E G F D C A B • To avoid this, a device has at least s neighbors that already share a key with target device A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
S = 2, planar graph composed of triangles • S = 3, tetrahedrons in 3D • S = arbitrary, S+1 Fully Connected clique S+1 3-clique S+1 : S - Connector S+1 2-Connector S+1 S+1 S+1 S+1 RKEP (5/11) • Key Graph Construction Algorithm consists of two methods • Adding a new node to a (possibly empty) key graph • Removing a node from a key graph while preserving properties • Adding a Device to the Network (s=2) A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
RKEP (5/11) • Removing a Device from the Network • A device from the key graph makes all arrangements before leaving • Preserving the s-connected property, (s+1)-clique • Preserving the s-connected key graph • Pretend that device to be removed had never been there in the first place Vb1 Vb2 Vb3 Vbn B - after Vj Vj A-set : During construction Va1 Va2 Va3 Van A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Request Neighbor list (B,C) G E Leaving (B,C) C F B A H RKEP (5/11) • Removing a device from the network (s=2) E G D C F B A H A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Practical consideration “ How can this structure be generated in a practical setting ?” • User-driven Introduction : Balance the amount of keys D A Out of band New device Send (IDB,IDC) B C Out of band key establish with C by user • Master Programming Device : primary target of attack D A New device Send (IDB,IDC) C Master device generate a uinque key A unique key with each device Master Device A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Practical consideration • Automatic Key Establishment : Balance the amount of keys • User establishes new keys with s randomly en devices of the network D A B C User RKEP New device • Having established new keys with a correct s-connector, the initial keys exchanged by the user can be removed. A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Extended Attack Model • More realistic attacker model the analysis of the active attacker • Fail-stop attack : silently halts all functions of a device • Byzantine attack: Prevent the key distribution • Denial of Service (Physical layer : Jamming the frequency) • Introduction of redundancy • Key graph connectivity level of Z > S • F device failures with f<Z-S, S cooperating devices left • Byzantine attack: replication, voting A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Network Setup Key Establishment Memory O(1) O(1) Traffic O(n) O(n) Properties and evaluation • RKEP Performance • Graph Structure “Chain”- form “Random”- form A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Simulation Result (memory requirement) Memory usage on a device during key establishment Maximum memory usage on a device A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Simulation Result (network traffic) Network Traffic during network setup Network Traffic during key establishment A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Cryptography Need Program memory Uses Symmetric 7.15 kbyte Communication Asymmetric (ECC) 30kbyte Key Exchange Related work • Several solutions employ asymmetric cryptography • Not feasible due to delay, energy and memory constraint • Still use considerably more valuable resources • Moore’s law downward (smaller and cheaper than computation) • Random key pre-distribution is probablilistic • Decentralized approach does not address change of devices A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Conclusion • In this paper • A novel, memory efficient approach for key establishment • Adjust the value of s according to the security needs • Does not consider • Extended attacker model (devices fail, malicious behavior) • In the process of • Intergrating protocols into Tiny-Sec on the Mica2 Motes • Practical experience in a realistic environments A New Approach for Establishing Pairwise Keys for Securing W.S.Ns
Question A New Approach for Establishing Pairwise Keys for Securing W.S.Ns