Securing Distributed Sensor Networks - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Securing Distributed Sensor Networks

Description:

Sybil Attack. Traffic analysis attack. Node Replication attack. Attack against privacy ... Provides for data confidentiality, integrity, freshness and authentication ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 25
Provided by: DJD84
Learn more at: https://www.cise.ufl.edu
Category:

less

Transcript and Presenter's Notes

Title: Securing Distributed Sensor Networks


1
Securing Distributed Sensor Networks
  • Udayan Kumar
  • Subhajit Sengupta
  • Sharad Sonapeer

2
Flow
  • Obstacles
  • Security requirements
  • Attacks
  • Defense
  • A probabilistic approach towards key management
  • Base Station Security

3
Obstacles
  • Very limited resources
  • Memory, power
  • Unreliable communication
  • Unreliable transfer
  • Conflicts while broadcasts
  • Latency
  • Unattended operation
  • Physical attacks
  • Managed remotely
  • No central point management

4
security requirements
  • Data confidentiality
  • Data integrity
  • Data freshness
  • Availability
  • Self Organization
  • Authentication

5
Attacks
  • Sybil Attack
  • Traffic analysis attack
  • Node Replication attack
  • Attack against privacy

6
Defense
  • Focus on two methods
  • Key management
  • Provides for data confidentiality, integrity,
    freshness and authentication
  • Securing base station
  • Traffic analysis attacks

7
A probabilistic approach towards key management
  • DSN Nodes have limited computation and
  • communication capabilities.
  • DSN a truly dynamic infrastructure.
  • So traditional approach is vulnerable and
    impractical.
  • FACT Energy consumption for a RSA (1024-bit)
    is
  • about 42 mJ whereas for a AES it is 0.104
    mJ in
  • Motorola MC68328 (a mid range processor).

8
Solution Approach
  • DSN node is given a key-ring of size k randomly
  • chosen from a key pool of size P before
    deployment.
  • Because of the randomness two sets of k keys
    may
  • be completely different.
  • If a path of nodes sharing keys pair-wise exists
    then
  • that path is used to exchange key, thus
    establishing
  • a direct link.

9
Key Pre-Distribution
  • A large pool of P keys ( 220) and their
    identifiers are generated.
  • k keys are drawn randomly without replacement to
    construct a particular key-ring and loaded to a
    node of DSN.
  • A trusted controller node saves the key
    identifiers of a key ring and associated sensor
    identifier.
  • only a small number of keys needed to ensure that
    any two nodes (at least) share a key with a
    certain probability.
  • Experimental result shows that, for a probability
    0.5, only 75 keys drawn randomly out of a pool
    of 10,000 keys need to be on any key ring of a
    node.

10
Shared-key discovery
  • Goal - discover the node with which it shares a
    key.
  • The easiest way - Broadcasting.
  • Hide key-sharing patterns among nodes from an
    attacker and establish private shared-key
    discovery.
  • The recipient decrypts it with the proper key.
  • Creates the routing topology that guarantees the
    existed secured link, as a link implies sharing
    of a key. Also sharing of 2 or more keys between
    sensor nodes doesnt cause a link security
    exposure.

11
Path-key Establishment
  • A path-key is assigned to selected pairs of
    sensor nodes that do not share a key.
  • But they are connected by two or more links at
    the end of the discovery phase of the shared-key.
  • key-ring size (k) is determined anticipating the
    fact of revocation and incremental addition of
    new sensor nodes, since both may require the
    execution of the path key establishment phase
    after shared-key discovery.

12
Some issues of DSN
  • Revocation.
  • Re-Keying.
  • Resiliency to node capture.

13
Analysis
  • p prob. of existence a shared key between 2
    nodes.
  • n number of nodes.
  • d p(n-1) expected number of edges connecting
    that node with its neighbor.
  • Now we will try to find d so that DSN will be
    connected.
  • We also want to determine the pool size of keys
    (P) given a limit for k keys in each node for a
    DSN of n nodes where d is given under a
    neighborhood connectivity constraint (say n
    neighborhood connectivity of a node nltlt n).
    practically k is limited by memory size of a node

14
Analysis(contd.)
  • Pc lim prob. G (n,p) is connected exp
    (exp(-c))
  • n-gt inf
  • where p (ln(n) /n) (c/n) c is any
    Real constant
  • p d/( n - 1) gtgt p.
  • So p precisely gives us the probability that 2
    nodes share at least a key from their k sized
    key-ring that was chosen from a pool of size P
    not a sensor design constraint and may be very
    big.
  • Given n we can find p so that G is connected with
    Pc .
  • We have to find out P for a given k and for a p .

15
Analysis(contd.)
p 1-prob. ( two nodes dont share a key)
1 - (P-k ) C k / P C k Using Sterling
Approximation n ! (2?)1/2 (n)n(1/2)
e-n So we have, p 1- (1-k/p)2(P-k(1/2)) /
(1-2k/P) (P-2k(1/2))
16
Important Conclusions
  • Size of a DSN (n) has little effect on the
    expected degree of a node required to have a
    connected graph.
  • If P 10,000 then only k 75 keys are required
    to be distributed to any two nodes to make p
    0.5 to share a key from their key ring. Now for k
    250 if we take P 100,000. This proves the
    scalability.
  • Almost certain connectivity through shared-key
    for a 10,000-node DSN, a key ring of size only
    250 have to be pre-distributed.

17
Base Station Security
  • Multi-path routing to multiple base stations
  • Confusion of address fields
  • Relocation of base station

18
Multiple Base Stations
  • Route Discovery
  • Route Request
  • Route Feedback

19
Multiple Base Stations
  • Multi-path data routing
  • Compute the connectivity information from the
    feedback messages
  • Compute global topology of the network
  • Compute redundant routes for each node
  • Construct forwarding tables for each node
  • (forwarding table entry ltD,S,ISgt for each
    route node lies)
  • Dispatch the forwarding tables

20
Multiple Base Stations
  • Multi-path data routing (contd)
  • (Computing 2-redundant routes)
  • Choose two independent paths for any desired node
    A
  • First path to the closest base station (Use BFS)
  • Second path to any base station (Three s1, s2, s3
    sets of nodes)

21
Disguising Base station location
  • During route discovery
  • Reversible hash function H(x) , shared key Kc
  • For each ID m, compute
  • Cm x H(x) m
  • After route discovery
  • Pair-wise keys for each neighbor nodes on the
    same route
  • Sent along with the forwarding tables

22
Base Station Relocation
  • Uniform Random Deployment
  • Attack on vicinity of Base station
  • Both Base stations on the opposite edges

23
Base Station Relocation
  • Densesparse Graph
  • Attack on the center of the dense part
  • One Base station on dense-sparse edge
  • Other Base station on opposite to first

24
? Thank You ?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Securing Distributed Sensor Networks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!