Title: An Interleaved HopbyHop Authentication Scheme for Filtering of Injected False Data in Sensor Network
1An Interleaved Hop-by-Hop Authentication Scheme
for Filtering of Injected False Data in Sensor
Network
- Authors Sencun Zhu, Sanjeev Setia, Sushil
Jajodia - Center for Secure Information Systems
- George Mason University
- In Proc. of the 2004 IEEE Symposium on Security
and Privacy - Presenter Yi-jui Wu
2An Interleaved Hop-by-Hop Authentication Scheme
for Filtering of Injected False Data in Sensor
Network
3Outline
- Introduction
- Assumptions
- The Interleaved Hop-by-hop Authentication Scheme
- Security Analysis
- Performance Evaluation
- Conclusion
- Discussion
4Introduction
- The unattended nature of the sensor lends itself
to several attacks. - Standard authentication mechanisms are not
sufficient for Insider attacks. - The authors proposed a scheme to address
false data injection attack. - This scheme focuses on detecting and filtering
out false packet.
5Introduction (cont.)
- The scheme guarantees that if no more than t
nodes are comprised, the base station will detect
any false data packets injected by the
compromised sensors. - The scheme provides an upper bound B for the
number of hops that a false data packet can be
forwarded before it is detected and dropped. - B t or B (t-1)(t-2)
6Assumptions
- Network and node assumptions
- Sensor nodes are organized into clusters, and
each cluster includes at least t1 nodes. - Cluster head
- Network links are bidirectional.
7Assumptions (cont.)
- Security assumptions
- LEAP
- Every nodes share a master secret key with the
base station - Every nodes share a pairwise with each of their
neighbors - A node can establish a pairwise key with another
node that is multi hops away. (The Blundo Scheme) - The base station has a mechanism to authenticate
broadcast messages, and each node can verify the
broadcast messages. (µTESLA) - The base station will not be compromised.
8The Interleaved Hop-by-hop Authentication Scheme
- Notations
- u, v communicating nodes
- Ku the key of node u shared with the base
station - Kuv the pairwise key shared between nodes u and
v - Ku(auth) authentication key for node u
- BS base station
- CH cluster head
BS
CH
un
un-1
u3
u2
u1
id 21
id 334
id56789
9The Interleaved Hop-by-hop Authentication Scheme
- associated node ui, uj, i - j t 1
- upper associated node, lower associated node
v1
BS
u8
u7
u6
u5
u4
u3
u2
u1
CH
v2
v3
10The Interleaved Hop-by-hop Authentication Scheme
- Basic Schemes
- node initialization and deployment phase
- association discovery phase
- report endorsement phase
- en-route filtering phase
- base station verification phase
- Association Maintenance
11Node initialization and deployment scheme
- The key server loads every node with a unique
integer id and necessary keying materials. - Use LEAP to establish one-hop pairwise key.
- Establish multi-hop pairwise key (optional).
12Association discovery phase
- Base station hello and cluster acknowledgment.
- Note during cluster ack phase, for security
reason, all the node ids in the ACK are distinct.
(explain later) - The association discovery process usually
overlaps with the route discovery process in a
routing protocol (e.g. the TinyOS beaconing
protocol).
13Report Endorsement
- This scheme requires that at least t1 nodes
agree on the report. - When a node v agrees on an event E, it computes a
MAC for E. In addition, node v computes another
MAC for E, using the pairwise key shared with its
upper associate node u. - Partial report from node v E, MAC(Kv(auth),E),
MAC(Kv,u, E)
14Report Endorsement (cont.)
- CH collects partial reports from t1 different
nodes, XORing t 1 individual MACs. - XMAC(E) MAC(Kv1(auth),E) ? MAC(Kv2(auth),E)
?... ? MAC(Kvt1(auth),E) - Pairwise MACs are not compressed.
- The report R that node CH finally generates and
forwards BS is - R E, Ci, v1,v2vt1,XMAC(E),
- MAC(Kvt1,ut1, E), MAC(Kvt,ut, E), MAC(Kv1u1,
E)
15En-route filting
16Base station verification
- The base station BS only needs to verify the
compressed MAC. If the verification fails, BS
will discard the report.
17Association Maintenace
- The correctness of the scheme relies on correct
association knowledge. - base station initiated repair and local repair.
18Association Maintenace Base station initiated
repair
- Periodically execute the base station hello step.
- Interact with underlying routing protocol
- for ex., in the TinyOS beaconing protocol, the
base station broadcasts a beaconing message
periodically forming a breadth-first tree rooted
at the base station. - execute the base station hello step for each
epoch by piggybacking node ids in every beaconing
message.
19Association Maintenace Local repair
- Based on the right-hand rule in the greedy
parameter stateless routing (GPSR) protocol. - Assume every node knows the locations or relative
locations of its neighbors (e.g., because of
GPS).
20Security Analysis
- Base station detection
- En-route filtering
- outsider attacks
- insider attacks
21Security Analysis Base station detection
- The adversary has to compromise at least t1
nodes to be able to forge a report to deceive the
base station. - XOR-MAC scheme is proven to be secure.
- Recall XMAC(E) MAC(Kv1(auth),E) ?
MAC(Kv2(auth),E) ?... ? MAC(Kvt1(auth),E)
22Security Analysis En-route filtering
- Outsider attacks secure, because of the
hop-by-hop authenticated fashion. - Insider attacks
- if the association knowledge of each node is
correct and only t nodes are compromised the
false report will be found after it is forwarded
by at most t non-compromised nodes. - Recall the report R E, Ci, v1,v2vt1,XMAC(E),
MAC(Kvt1,ut1, E), MAC(Kvt,ut, E),
MAC(Kv1u1, E) - But the attacker may attacks on the cluster
acknowledge process to create fake association
knowledge.
23Security Analysis En-route filtering (cont.)
- Attacks on cluster acknowledgement process
- recall the cluster acknowledgement phase
- The goal of this attack is to lower associate
more than t non-compromised nodes to t
compromised nodes. - cluster insider attacks and en-route insider
attacks
24Security Analysis Cluster Insider Attacks
- All the t compromised nodes are from the cluster.
v1
v2
CH
(v3,CH,v2,v1)
v3
t3
25Security Analysis Cluster Outsider Attacks
BS
CH
1
2
3
4
5
6
7
8
C
9
A
B
D
E
F
t3
26Security Analysis Cluster Outsider Attacks
- In the above case, a false report will be dropped
after it is forwarded by at most t2
noncompromised nodes. - Enhancement
- add a node feedback mechanism reduce to
(t-1)(t-2) - if all sensor nodes possess GPS devices, the
upper bound may reduce to t or slightly larger
than t.
27Performance Evaluation
- Computational cost
- Establishing pairwise keys about 1/10000 of
creating a RSA signature - Report Authentication the energy for computing
a MAC is about the same as that for transmitting
one byte - Communication cost
- every authentic report contains one compressed
MAC and t1 pairwise MACs. - Storage cost?
28Conclusion
- The author presented a simple but effective
authentication scheme to prevent false data
injection attacks in sensor networks. - The scheme guarantees that if no more than t
nodes are comprised, the base station will detect
any false data packets injected by the
compromised sensors. - The scheme provides an upper bound B for the
number of hops that a false data packet can be
forwarded before it is detected and dropped. - B t2
29Discussion
- How to choose t?
- Does this scheme suit for any network topology?