ITIS 60108010 Wireless Network Security

1
ITIS 6010/8010 Wireless Network Security

• Dr. Weichao Wang

2

• Something more state-of-the-art
• Ford and TI spend millions of on a plan called
  "immobilizer"
• The car key has a chip. Only when the key
  responds to challenges from the car correctly,
  the car will start.
• Ford sells more than 150 million such keys
• Students from Johns Hopkins crack it

3

• A little bit more details
• Powerless chip so we have to use very short key
  (30 to 40 bits)
• Short range wireless communication (12 inch)
• No authentication for the reader (this is the
  problem)
• You can wrap your key in foil to defend, but will
  you?
• Other companies using the same tech
• Speedpass for gas by ExxonMobil (two gas
  purchases / day)
• Highway wireless toll system

4

• What surprise me are the responses
• If it takes a Johns Hopkins grad student to
  steal my car, I'm willing to run the risk!
• I like the part about disabling automated toll
  collection systems
• Locked car doors can be opened by a universal
  remote TV clicker...
• You would be shocked at what a kid with a tow
  truck can do to the best ignition security system

5
(No Transcript)
6

• Pairwise key establishment with guarantee
• Problems of basic key pre-distribution and Chans
  improvement
• The key establishment is not guaranteed
• Tolerance to sensor compromise
• Polynomial based key pre-distribution
• Random subset assignment approach
• Grid based key distribution

7

• Polynomial based key distribution
• A bivariate t-degree polynomial f(x, y) is
  generated
• It has the property of f(x, y) f(y, x)
• For every sensor i, we can replace x with i and
  generate a new poly f(i, y)
• When sensor i meets sensor j, node i can
  calculate f(i, j), node j can calculate f(j, i)
• The two keys are the same

8

• Overhead
• Every sensor needs to store a t-degree poly
• Evaluation of the polynomial
• Robustness
• Need at least t1 nodes to figure out a poly
• Problem
• Want to further reduce overhead
• Improvement
• Using a group of polynomials

9

• Polynomial pool based key pre-distribution
• We generate a pool of bivariate polynomials
• When we have only one poly, it returns to the
  previous method
• When all poly are 0-degree, it returns to the
  basic approach
• Each sensor gets a subset of polys
• Direct key establishment
• Path key establishment

10

• Random subset assignment approach 1
• Every sensor gets a random set of polys
• Analysis of key sharing
• Directly b/w two sensors
• Through one hop neighbors
• Similar to the basic approach
• Then what is the advantage of using poly to
  replace a key
• ?

11

• Grid based key pre-distribution
• Guaranteed key establishment
• Improved resilience to sensor compromise
• Zero interaction to figure out the key except
  the node identity

12

• We have n sensors, n lt m m
• Every sensor can be mapped to a unique point in
  the mm matrix
• Generate 2m polynomial, one for each row and one
  for each column
• For a sensor at position (i, j), the
  corresponding row and column polys will be given
  to the node

13

• Any two sensors in the same row or column will
  share a poly they can derive the key
• If the two sensors are not in the same row or
  column
• Locate the node that can establish keys with both
  nodes

14

• Advantages
• Storage overhead every node only stores two
  polys
• A sensor can directly figure out can it establish
  a key to the other sensor

15
(No Transcript)
16

• Key pre-distribution based on Bloms scheme
• Improve resilience to sensor compromise
• Authentication between sensor pair

17

• Bloms key pre-distribution
• Generate a (?1) N matrix G, N is the size of
  the network, ? is the threshold of tolerance. The
  matrix is public
• Generate a (?1) (?1) symmetric matrix D and
  keep it as secret
• A (D G)T, A is a N (?1) matrix
• Since D is symmetric, we have AG (AG)T, so
  AG is a symmetric matrix

18

• If we let K AG, then Kij Kji
• See example of the calculation
• Every node i will have ith row of A and ith
  column of G
• When node i and j meet, they exchange the columns
  of G and calculate Kij and Kji

19

• Bloms scheme guarantees that any two sensors can
  find a key. But we do not need such dense keys
• If we generate multiple Bloms matrices, each can
  be viewed as a key space

20

• Approach
• Generate one matrix G
• Generate w matrix D1, D2, ---, Dw, we can
  calculate A1(D1 G)T, A2(D2 G)T, ---,
  Aw(Dw G)T.
• Every node will select t key spaces and get
  corresponding information from the matrices.
• If two sensors have the same key space, they can
  generate a key.

21

• Analysis of key space sharing
• Similar to the basic mechanisms
• What is the probability that a key space is
  compromised?
• Need at least (?1) sensors holding this key
  space
• When x nodes are broken, the probability that j
  of them know the key space is

22

• When the key space is not compromised, pairwise
  keys can be used to authenticate