Security Issues in Distributed Sensor Networks - PowerPoint PPT Presentation

About This Presentation
Title:

Security Issues in Distributed Sensor Networks

Description:

Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County – PowerPoint PPT presentation

Number of Views:356
Avg rating:3.0/5.0
Slides: 43
Provided by: arif158
Category:

less

Transcript and Presenter's Notes

Title: Security Issues in Distributed Sensor Networks


1
Security Issues in Distributed
Sensor Networks
  • Yi Sun
  • Department of Computer Science and Electrical
    Engineering
  • University of Maryland, Baltimore County
  • 2007. 12

2
Outline
  1. Introduction
  2. Security Criteria
  3. Vulnerabilities
  4. Attack Types
  5. Security Schemes
  6. Intrusion Detection Techniques
  7. Secure Routing Techniques
  8. Key Management Schemes

3
1. Introduction
  • Explosive growth of mobile computing devices
  • laptops
  • personal digital assistants (PDAs)
  • handheld digital devices
  • Ubiquitous computing
  • Individual users utilize, at the same time,
    several electronic platforms through which they
    can access all the required information whenever
    and wherever they may be

4
2. Security Criteria
  • Availability
  • Provide all the designed services
  • Integrity
  • Malicious altering, accidental altering
  • Confidentiality
  • Accessible to authorized nodes
  • Authenticity
  • Prove identities

5
2. Security Criteria
  • Nonrepudiation
  • Cannot disavow sent or received a message
  • Authorization
  • Specifies the privileges and permissions
  • Anonymity
  • Privacy preserving

6
3. Vulnerabilities
  • Lack of secure boundaries
  • No need to gain the physical access to visit the
    network
  • Threats from compromised nodes inside the network
  • Behavioral diversity of different nodes,
    mobility
  • Lack of centralized management facility
  • Benign failures, cooperative algorithm
  • Restricted power supply
  • Battery, DoS, selfish node
  • Scalability
  • Efficient routing protocol, key management
    service

7
4. Attack types
  • Denial of Service (DoS)
  • Radio jamming, battery exhaustion
  • Impersonation
  • Compromised nodes join the network as normal
    nodes
  • Eavesdropping
  • Obtain confidential information during
    communication
  • Attacks against routing
  • Attacks on routing protocols, attacks on packet
    forwarding/delivery

8
5. Security Schemes
  • Intrusion Detection Techniques
  • Distributed and cooperative to meet with the
    needs of sensor networks
  • Secure Routing Techniques
  • Defend specific attacks and general attacks
  • Medium Access Control
  • Guaranteed or controlled access, random access
  • Key Management
  • Cryptography

9
6. Intrusion Detection Techniques
  • Intrusion Detection System (IDS)
  • Detect unwanted manipulations to systems
  • Difference with Wired Network
  • No fixed infrastructure
  • No traffic concentration points
  • Limited radio range audit data
  • Limited communication
  • Local-dependent computing
  • No Clear Separation of normal and abnormal
    behavior
  • IDS in sensor networks should be distributed
    and
  • cooperative to meet with these characteristics

10
6. Intrusion Detection Techniques
  • Cooperative IDS Architecture for Sensor Networks

11
6. Intrusion Detection Techniques
  • Cooperative IDS Architecture for Sensor Networks
  • Every node participate in intrusion detection
    and response activities by detecting signs of
    intrusion behavior locally and independently.
  • Neighboring nodes can share their investigation
    results with each other and cooperate in a
    broader range.
  • Cooperation generally happens when a certain
    node detects an anomaly but does not have enough
    evidence to figure out what kind of intrusion it
    belongs to.

12
6. Intrusion Detection Techniques
  • Corresponding Conceptual Model of IDS Agents

13
6. Intrusion Detection Techniques
  • Local Data Collection Module
  • Deal with the data gathering issue, in which the
    real-time audit data may come from various
    resources.
  • Local Detection Engine
  • Examine the local data collected by the local
    data
  • collection module and inspect if there is any
    anomaly shown in the data.

14
6. Intrusion Detection Techniques
  • Cooperative Detection Engine
  • Work with other IDS agents when there are some
    needs to find more evidences for some suspicious
    anomalies detected in some certain nodes.
  • Intrusion Response Module
  • Deal with the response to the intrusion when it
    has been confirmed.

15
6. Intrusion Detection Techniques
  • Cluster-based Intrusion Detection Technique
  • All the nodes in cooperative intrusion detection
    architecture need to participate if cooperation
    needed.
  • Limited power supply, selfish manner.
  • Organize sensors into clusters, every node
    belongs to at least one cluster.
  • In each cluster, only one node take care of
    monitoring issues during a period of time.

16
6. Intrusion Detection Techniques
  • Finite State Machine of the Cluster Formation
    Protocol

17
6. Intrusion Detection Techniques
  • Cluster-based Intrusion Detection Technique
  • All the nodes in the network will be in the
    initial state at first, they will monitor their
    own traffic and detect intrusion behaviors
    independently.
  • Use clique computation and clusterhead
    computation to get the clusterhead of the
    network.
  • Use Cluster Valid Assertion Protocol to check if
    the connection between the clusterhead and itself
    is maintained or not.
  • After timeout for the clusterhead, all the nodes
    begin a new round of clusterhead election.
  • Cluster Recovery Protocol is used when a node
    loses its connection with previous clusterhead.

18
6. Intrusion Detection Techniques
  • Clusterhead Computation Protocol
  • 1. Generate a random integer Ri.
  • 2. Broadcast a message ELECTION_START(IDi,
    HASH(IDi,Ri)) to CL'i. HASH is a common hash
    function. A corresponding timer T1 is setup.
  • 3. On Receiving all ELECTION_START from CL'i,
    broadcast the message ELECTION(IDi,Ri) to clique
    CL'i.
  • 4. If T1 is timeout, every node for whom
    ELECTION_START has not be received is excluded
    from CLi.
  • 5. On Receiving ELECTION from node j, verify its
    hash value matches the value in the
    ELECTION_START message from j. Store Rj locally.

19
6. Intrusion Detection Techniques
  • 6. If all Rj from CL'i have arrived, compute
    HSEL(R0,R1,R2,,Rsc-1) where SEL is the
    selection function. Determine the cluster head H
    as the h-th node in the clique since all IDs are
    ordered.
  • 7. If H ? i (i.e., as a citizen), do the
    following.
  • (a) Send ELECTION_DONE to H.
  • (b) Wait for ELECTION_REPLY from H, then enter
    DONE state.
  • 8. Otherwise, as a cluster head, H performs
    following.
  • (a) Setup a timer T2.
  • (b) On Receiving ELECTION_DONE, verify it is
    from CL'i.
  • (c) If T2 is timeout, citizens from whom
    ELECTION_DONE has not be received are excluded
    from CLi. Broadcast ELECTION_REPLY to CL'i and
    enter DONE state.

20
6. Intrusion Detection Techniques
  • Cluster Valid Assertion Protocol
  • 1. Since the network topology tends to change in
    sensor networks, connections between the elected
    cluster head and some citizens nodes may be
    broken from time to time. If a link between a
    citizen Z and a cluster head H has been broken, Z
    will check if it is in another cluster. If not,
    it enters LOST state and activates the Cluster
    Recovery Protocol. Also, Z is removed from H's
    citizen list CTC. If there is no more citizens in
    cluster C, H becomes a citizen if it belongs to
    another cluster. Otherwise, H enters LOST state
    and activates the Cluster Recovery Protocol.

21
6. Intrusion Detection Techniques
  • 2. Even if no membership change has occurred,
    the cluster head cannot function forever because
    it is neither fair in terms of service and unsafe
    in terms of the long time single-point control
    and monitoring. So enforce a mandatory
    re-election timeout, Tr. Once the Tr expires, all
    nodes in the cluster enters the INITIAL state and
    start a new cluster head setup round. If the
    clique property still holds, the Clique
    Computation step can be skipped.

22
6. Intrusion Detection Techniques
  • Cluster Recovery Protocol
  • 1. A request message ADD REQUEST(IDi) is
    broadcast with a timer T3.
  • 2. A clusterhead H receives the request and
    replies ADD REPLY(IDH) only after a short delay
    Td. The delay is introduced in hope that a
    connection has been stable for Td can remain to
    be stable for a fairly long time.
  • 3. Node i replies the rst ADD REPLY it received.
    And enters DONE state. Additional ADD REPLYs are
    ignored.
  • 4. On Receiving ADD ACK, H adds i into its CTC.
  • 5. If T3 is timeout and no ADD REPLY is
    received, there is no active clusterhead nearby.
    Node i enters INITIAL state to wait for other
    lost citizens to form new cliques and elect their
    new clusterheads.

23
6. Intrusion Detection Techniques
  • Cross-Layer Integrated Intrusion Detection
  • Simultaneously exploit several vulnerabilities
    at multiple layers.
  • Keep the attack to each of the vulnerabilities
    stay below the detection threshold so as to
    escape from capture by the single-layer
    misbehavior detector.
  • Easily skipped by the single-layer misbehavior
    detector. Cross-layer misbehavior detector,
    inputs from all layers of the network stack are
    combined and analyzed.

24
7. Secure Routing Techniques
  • Defense Method against Wormhole Attacks
  • Attacker receives packets at one point in the
    network, tunnels them to another point in the
    network, and then replays them into the network
    from that point.
  • For tunneled distances longer than the normal
    wireless transmission range of a single hop, it
    is simple for the attacker to make the tunneled
    packet arrive sooner than other packets
    transmitted over a normal multi-hop route.

25
7. Secure Routing Techniques
  • Packet Leash
  • Any information that is added to a packet
    designed to restrict the packets maximum allowed
    transmission distance. There are two main
    leashes.
  • Geographical Leash
  • Ensure the recipient of the packet is within a
    certain distance from the sender.
  • Temporal Leash
  • Ensure the packet has an upper bound on its
    lifetime, which restricts the maximum travel
    distance, since the packet can travel at most at
    the speed-of-light.

26
7. Secure Routing Techniques
  • Mechanism Against Rushing Attacks
  • Result in denial of service.
  • Prevent routing protocols to find routes longer
    than two-hops.

27
7. Secure Routing Techniques
  • Mechanism Against Rushing Attacks
  • Initiator node initiates a Route Discovery for
    the target node. If the ROUTE REQUESTs for this
    Discovery forwarded by the attacker are the first
    to reach each neighbor of the target, then any
    route discovered by this Route Discovery will
    include a hop through the attacker.
  • That is, when a neighbor of the target receives
    the rushed REQUEST from the attacker, it forwards
    that REQUEST, and will not forward any further
    REQUESTs from this Route Discovery.
  • When non-attacking REQUESTs arrive later at
    these nodes, they will discard those legitimate
    REQUESTs.
  • As a result, the initiator will be unable to
    discover any usable routes.

28
7. Secure Routing Techniques
  • Combined Mechanisms against Rushing Attack
  • Secure Neighbor Detection
  • Secure route delegation
  • Randomized ROUTE REQUEST forwarding

29
7. Secure Routing Techniques
  • Secure Neighbor Detection
  • Allow each neighbor to verify the other is
    within a given maximum transmission range.
  • Once a node A forwarding a ROUTE REQUEST
    determines that node B is a neighbor, it signs a
    Route Delegation message, allowing node B to
    forward the ROUTE REQUEST.
  • When node B determines that node A is within the
    allowable range, it signs an Accept Delegation
    message. In this way, the neighborhood
    relationships between nodes can be verified and
    guaranteed to be genuine.

30
7. Secure Routing Techniques
  • Watchdog
  • Watchdog method detects misbehaving nodes.
  • Suppose there exists a path from node S to D
    through intermediate nodes A, B, and C.
  • Node A cannot transmit all the way to node C,
    but it can listen in on node B's traffic.
  • When A transmits a packet for B to forward to C,
    A can often tell if B transmits the packet.
  • If encryption is not performed separately for
    each link, which can be expensive, then A can
    also tell if B has tampered with the payload or
    the header.

31
7. Secure Routing Techniques
  • Pathrater
  • Combine knowledge of misbehaving nodes with link
    reliability data to pick the route most likely to
    be reliable. Each node maintains a rating for
    every other node it knows about in the network.
  • It calculates a path metric by averaging the
    node ratings in the path.

32
8. Key Management Schemes
  • Features of Key Management Schemes
  • Applicability
  • Scalability
  • Security
  • Robustness
  • Simple
  • Classification of Key Management Schemes
  • Public Key Schemes
  • Identity Based, Certificate Based
  • Symmetric Schemes
  • MANET Schemes, WSN Schemes

33
8. Key Management Schemes
  • Threshold Cryptography
  • (k, n) threshold cryptography scheme
  • Share secret scheme.
  • n parties share the ability of performing a
    cryptographic
  • operation or information and k threshold value.
  • Any k-1 (or less) parties cannot handle.
  • Any k of those n parties can handle jointly
    Classification of
  • Key Management Schemes.

34
8. Key Management Schemes
  • Ubiquitous Security Support
  • It relies on a threshold signature system with a
    (k, n) secret sharing of the private
    certification authority (CA) key.
  • All nodes get a share of the private CA key.
  • The nodes earn trust in the entire network when
    they receive a valid certificate.
  • A new secret share is calculated by adding
    partial shares received from a coalition of k
    neighbors.

35
8. Key Management Schemes
  • Ubiquitous Security Support
  • When network starts,
  • Have dealer
  • The first nodes receive their certificates from a
    dealer
  • before joining the network.
  • After k nodes have been initialized, the dealer
    is
  • removed.
  • No dealer
  • Localized self initialization.

36
8. Key Management Schemes
  • Identity-Based Signature
  • To verify a signature, it is enough to know the
    ID of the sender with the public system
    parameters.
  • The public system parameters defined by the
    private key generator (PKG) during system set up.
  • The PKG also generates the private signature
    keys corresponding to the user IDs.

37
8. Key Management Schemes
  • Identity-Based Public Key
  • An identity-based public key (IBC-K) for sensor
    networks combining identity-based cryptography
    with threshold cryptography.
  • The nodes that initialize the sensor networks
    form a threshold PKG, spreading the PKG private
    master key over the initial set of nodes by a (k,
    n) threshold scheme.

38
8. Key Management Schemes
  • Symmetric schemes
  • SKiMPy is designed for MANETs in emergency and
    rescue operations.
  • SKiMPy seeks to establish a MANET-wide
    symmetric key for protection of network-layer
    routing information or application-layer user
    data.
  • Steps
  • 1. Generate a random symmetric key.
  • 2. Transfer it to one-hop neighborhoods.
  • 3. The best key is chosen as the local group
    key.
  • 4. Transfer it to the nodes with worse keys
    through a secure channel, and until the best
    key has been shared with all nodes in the MANET.

39
8. Key Management Schemes
  • Key Infection (INF)
  • The scheme assumes static sensor nodes and mass
    deployment.
  • INF sets up symmetric keys between the nodes and
    their one-hop neighbors.
  • At bootstrap time, every node simply generates a
    symmetric key and sends it to its neighbors.
  • A key whispering approach is used, that is, the
    key is initially transmitted at a low power level.

40
  • Thanks!

41
References
  • Y. Zhang and W. Lee, Intrusion Detection in
    Wireless Ad-hoc Networks, in Proceedings of the
    6th International Conference on Mobile Computing
    and Networking (MobiCom 2000), pages 275283,
    Boston, Massachusetts, August 2000.
  • Jim Parker, Anand Patwardhan, and Anupam Joshi,
    Detecting Wireless Misbehavior through
    Cross-layer Analysis, in Proceedings of the IEEE
    Consumer Communications and Networking Conference
    Special Sessions (CCNC2006), Las Vegas, Nevada,
    2006.
  • Y. Hu, A. Perrig and D. Johnson, Rushing Attacks
    and Defense in Wireless Ad Hoc Network Routing
    Protocols, in Proceedings of ACM MobiCom Workshop
    - WiSe03, 2003.
  • Yi-an Huang and Wenke Lee, A Cooperative
    Intrusion Detection System for Ad Hoc Networks,
    in Proceedings of the 1st ACM Workshop on
    Security of Ad hoc and Sensor Networks, Fairfax,
    Virginia, 2003, pp. 135 147.
  • Panagiotis Papadimitraos and Zygmunt J. Hass,
    Securing Mobile Ad Hoc Networks, in Book The
    Handbook of Ad Hoc Wireless Networks (Chapter
    31), CRC Press LLC, 2003.

42
References
  • Y. Hu, A. Perrig and D. Johnson, Packet Leashes
    A Defense against Wormhole Attacks in Wireless Ad
    Hoc Networks, in Proceedings of IEEE INFOCOM03,
    2003.
  • Wenjia Li and Anupam Joshi, Security Issues in
    Mobile Ad Hoc Networks A Survey, Technical
    report, 2006.
  • Y. Hu, A. Perrig and D. Johnson, Wormhole Attacks
    in Wireless Networks, IEEE Journal on Selected
    Areas in Communications, Vol. 24, No. 2, February
    2006.
  • A. Khalili, J. Katz, and W. A. Arbaugh, Towards
    Secure Key Distribution in Truly Ad-Hoc Networks,
    in IEEE Workshop on Security and Assurance in
    Ad-Hoc Networks, 2003.
  • Sergio Marti, T. J. Giuli, Kevin Lai and Mary
    Baker, Mitigating routing misbehavior in mobile
    ad hoc networks, in Proceedings of the 6th annual
    international conference on Mobile computing and
    networking (MobiCom00), pages 255265, Boston,
    MA, 2000.
Write a Comment
User Comments (0)
About PowerShow.com