1 / 33

Key Infection: Smart Trust for Smart Dust

Key Infection: Smart Trust for Smart Dust. Ross Anderson Haowen Chan Adrian Perrig University of Cambridge Carnegie Mellon Uni. Carnegie Mellon Uni. Presented by EMRAH ATILGAN. Outline. Introduction Previous Works Contribution Analysis Multihop and Multipath Key Establishment

tuari
Télécharger la présentation

Key Infection: Smart Trust for Smart Dust

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Key Infection: Smart Trust for Smart Dust Ross Anderson Haowen Chan Adrian Perrig University of Cambridge Carnegie Mellon Uni. Carnegie Mellon Uni. Presented by EMRAH ATILGAN

  2. Outline • Introduction • Previous Works • Contribution • Analysis • Multihop and Multipath Key Establishment • Economic Issues • Questions

  3. Sensors • A sensor is a device that measures a physical quantity and converts it into a signal which can be read by an observer or by an instrument. • Example: • Mercury thermometer • Converts the measured temperature into expansion and contraction of a liquid which can be read on a calibrated glass tube. • Cars, machines, aerospace, medicine, manufacturing and robotics.

  4. Constraints of Sensors • Should be small, lightweight, inexpensive and low-power • Energy efficiency of network communications. • Computational energy consumption • Communications energy consumption • Rechargeability • Sleep patterns • Transmission range • Memory • Location sensing • Tamper protection

  5. Sensor Networks • Sensor Network • Is a wireless network consisting of spatially distributed autonomous devices using sensors to cooperatively monitor physical or environmental conditions.

  6. Sensor Networks • Security for sensor networks is important • Managing cryptographic key • Low-cost nodes are neither tamper-proof nor capable of performing public key cryptographic efficiently.

  7. Sensor Networks • Typical sensor networks • consist of a large number of small, low-cost nodes that use peer-to peer communication to form of a self-organized network. • use multi-hop routing algorithms based on dynamic network and resource discovery protocols. • do not have tamper-proof hardware. • PROBLEM!!! • Small fraction of nodes in the network may be compromised by an adversary over time.

  8. Security Issues of Sensor Networks • Physical destruction • Barrage jamming • Network flooding • Byzantine Attack • An arbitrary fault during the execution of an algorithm by a distributed system. • When it occurs, the system may response in any unpredictable way. • The results of such attacks • Loss of personal privacy • Loss of service of critical sensor systems • Etc…

  9. Smart dust • Smart dust • A network of tiny wireless microelectromechanical systems sensors, robots, or devices, installed with wireless communications • Can detect • Light, temperature, vibration, heat, pressure, sound, etc.. • The goal • Make sensors so small and cheap • Distribute them in large numbers over an area by random scattering

  10. Previous Work • In a typical sensor network, when a node (i) broadcasts its identity, if j hears it, it replies. Then these two nodes set RF power at just the level needed for communication. • To save power: the nodes turn off their communications, only waking up and listening for radio signals intermittently. • The routing architecture • Rely on shared symmetric key • Initial keys are diversified from master keys: • Still vulnerable • An opponent can use direction from finding locate them, then either destroy them or subvert them

  11. Possible countermeasures • Use normal nodes as base stations and have other nodes replace them after random periods of time. • For the first generation of base stations to possess master keys that are destroyed once a network has been established and link keys have been set up between neighboring nodes. • Enough symmetric keys are pre-loaded on each node that any two nodes will probably share a key after deployment. • Require pre-computation phase • And a lot of memory to store keys

  12. A Real World Attacker Model • Previous works have assumed highly capable and motivated attacker • World War II • Consider a tactical deployment of 10,000 smart dust motes air-dropped into enemy territory. • Use KM to generate to a session key: • However; • Some motes are broken on impact • The enemy can probe out KM i J KM

  13. Non-critical commodity sensor networks • Require pre-deployment step must be minimal • Less valuable as targets and little damage if security shell is broken • House or bank??

  14. Contributions • Design a lightweight security protocol suitable for non-critical commodity sensor networks. • Key Infection • The attacker can monitor only a fixed percentage α of communication channel. • Relaxed attacker model • Low computation overhead • No memory overhead • No prior key setup • It is suitable for implementation in low-cost commodity sensor nodes.

  15. Contributions • Identify a more realistic attacker model that is applicable to non-critical commodity sensor networks. • Key Infection • A light-weight key-distribution mechanism that is so efficient that is applicable even to smart dust sensor nodes. • Analyze the security of key infection, and design Secrecy Amplification • An additional mechanism to strengthen the security of key infection in the presence of an active attacker. • COST and USABILITY

  16. Assume the attacker…. • Does not have physical access to the deployment site during the deployment phase • Is able to monitor only a small proportion α of the communications of the sensor network during the deployment phase. After key exchange is complete, attacker is able to monitor all communications at will • Is unable to execute active attacks (such as jumming or flooding) during the deployment phase. After key exchange is complete, attacker is free to launch any kind of attack.

  17. Requirements for adversary • He has to have the foresight to deploy surveillance equipment or adversarial nodes at the target site before the sensor network is deployed there. • His eavesdropping devices must remain in place, operational an undetected, until the sensor perform key exchange • He needs to be able to identify, retrieve and process the relevant eavesdropped product in order to extract the key exchange messages. • Too expensive to maintain anticipatory.

  18. Key Infection • Each node simply chooses a key and broadcasts it in plaintext to its neighbors. • Short-range transmission • Maximum range is 10 meters • Half a dozen within range

  19. Key Infection (cont.) • Assume that i’s signal heard by node j. • J generate a pairwise key and send it to i. • Use minimum power necessary for the link. • The key can be used to protect traffic between i and j. i j

  20. Key Infection (cont.) • Even if there are opponents already present at the time of deployment, it will still give significant protection • For example; • There is 1 black (hostile) dust sensor node for every 100 white nodes, • Each node has an average 4 neighbors within range, • Only 2.4% of link will be compromised. • Key whispering protocol • The probability falls to 0.8%

  21. Analysis • We are OK, if the attacker arrives after the key infection phase • Let’s see, what happens if attacker has already some black dust nodes installed, before we install the white nodes. • We compute the upper bound on the ratio communication links that the black dust nodes may compromise. • Assume the maximum range of the radio is R • Smart dust nodes distributed in the area of size s • is the number of black nodes • is the number of white nodes

  22. Compute upper bound • The effective eavesdropping area is at most: • If the link is bad, i.e. can be eavesdropped by at least a black node, the area at most:

  23. Whispering case • If a link has length r, then both nodes will transmit their signals at strength that exactly reaches distance r. • The effective eavesdropping area is thus at most the area of this intersection which is: • The link is compromised is at most:

  24. Evaluation • This table compares the standard key infection with the whisper-mode key infection • d, the average number of neighbors of a node. • Remaining columns list the ratio of compromised links

  25. Multihop and Multipath Key Establishment • Secrecy Amplification • A technique that utilizes multipath key establishment to make her job significantly harder. • Combine keys propagated along different paths.

  26. Secrecy Amplification(cont.) • To amplify the secrecy of key , can ask to change additional key with . • Here, • is a unpredictable nonce generated by • is a unique nonce generated by (used for confirmation of key ).

  27. SA over the basic key infection • The table list the ratio of compromised links for a varying density α of black dust. • So, three party secrecy amplification gives an improvement of about 20%.

  28. SA over the basic key infection • In this case, the basic key infection uses whispering

  29. …with the multipath extension • Secrecy amplification undertaken using a multihop return path. • This is significantly better – where complexity and other constraints permit it.

  30. Multihop keys • It supports end-to-end cryptography • Multihop keying also protects multihop secrecy amplification against node compromise.

  31. Interaction with routing algorithms • Some works on secure ad-hoc routing assumes a particular routing strategy. • This work does not… • This key infection protocol can also support other mechanisms. • Automatically discovers paths that may be used for this as needed • Example: • In biology, the immune response normally stops you catching the same disease twice • If you are a smart dust mote, the more keys you ‘catch’ from a colleague, the better.

  32. Conclusion • The authors proposed a novel and quite counterintuitive way of managing key sensor networks. • Each nodes bootstraps itself by broadcasting an initial key in the clear. • Exchange keys and build up trust structures as they do network and resource discovery. • This is almost as secure as using pre-loaded initial keys. • This paper shows how the benefits of initial keying can be analyzed separately from the benefits of later stage key management activities, • key updating, • the use of alternative trust routes, and • the invocation of backups

  33. Questions

More Related