Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Presented By
Guidance by
Kiran Shinde
Overview
What are Sensor Network Security Goals System Assumptions SPINS-building blocks 1.SNEP 2.MICRO-TESLA Application Advantages and Disadvantages Conclusion
Wireless networks consisting of a large number of small, low-cost and low-power nodes (motes) Sensor nodes can be densely deployed very close to the phenomenon to be observed Can also be deployed in hostile environments where physical access to nodes not possible Possess self-organizing capabilities nodes can get added and deleted dynamically
Core of a mote is a small, low-cost, low-power computer Computer monitors one or more sensors and connects to outside world with a radio link Radio communication range is typically a few tens of meters Typical power consumption is 10 mA while running, and 10 A in sleep mode Computer, sensors, antenna and batteries packaged in small containers a few mm thick
Security Goals
Confidentiality Data in transit to be kept secret from eavesdroppers Symmetric key ciphers preferred for their low power consumption
Node2
Node1
Msg
Base Station
Adversary
Authentication
Security Goals
Nodes need to verify each others' identities Public key digital signatures too expensive Symmetric key MACs commonly used
Node 1
Node 2
Adversary
Node 3 Node 4
Base Station
Security Goals..
Integrity Wireless networks inherently unreliable Adversary can tamper with messages Message integrity codes for data integrity
Msg1
Node1
Msg1
Base Station
Adversary
Security Goals
Freshness Prevent adversaries from replaying old protocol instances and stale data readings
Session keys from past associations should not be reused in later ones. Two Types.. 1. Weak Freshness
2. Strong Freshness
System Assumptions
Communication patterns
-Node to base station (e.g. sensor readings) -Base station to node (e.g. specific requests) -Base station to all nodes Base
Base Station
-Sufficient memory, power -Shares secret key with each node
C E
Station
G F D B A
Node
-Limited resources, limited trust
SNEP
Sensor-Network Encryption Protocol Secures point-to-point communication Micro Timed Efficient Stream Loss-tolerant Authentication Provides broadcast authentication
TESLA
Key
11010010
Ciphertext
10001101
Main Feature: Data dependent Rotation Parameterized for word size, number of rounds, length of the key Low memory requirements Subset of RC5 with 40% reduction in code size Reused to save memory
Use simple symmetric encryption function (RC5) provides: Encryption & Decryption Message Authentication Code Pseudorandom number generation Hash Function Secrecy and Confidentiality Semantic security against chosen ciphertext attack (strongest security notion for encryption) Authentication Replay protection
Key Generation/Setup
Counter KeyEncryption
Key Master
KeyMAC
Keyrandom
Nodes and base station share a master key pre-deployment Other keys are bootstrapped from the master key:
Encryption key Message Authentication code key Random number generator key
KeyEncryption
Keydecryption
Pj+1
Cj+1
Pj+1
E = {D}<Keyencryption, counter> Counter is shared state RC5 generates random data to XOR with message Weak freshness guaranteed Try different counter if messages are lost
Decryption is identical
MAC
Message Authentication Code = MAC(KMAC, X) MAC uses Cipher Block Chaining (CBC) Every block of input affects output
Authentication, Confidentiality
Node A Msg, MAC(KMAC, Msg) Node B
Without encryption, can have authentication only For encrypted messages, the counter is included in the MAC Base station keeps current counter for every node
Strong Freshness
Node A Request, Nonce Node B
Nonce generated randomly Sender includes Nonce with request Responder include nonce in MAC, but not in reply
TESLA : efficient source authentication in multicast for wired networks. TESLA: authentication in broadcast for WSNs.
TESLA removes or adapts the expensive features of TESLA Asymmetric digital signature is replaced by symmetric key Frequency of key disclosure is greatly lessened. Only the Base Station stores the key chain. Inter-node communication is made possible by the Base Station
Sender
M, MAC(K,M) M, MAC(K,M)
R1
R4
M, MAC(K,M)
TESLA: Authenticated
Broadcast
Self-authenticating keys
Requires loose time synchronization
Key Setup
Kn
F(Kn)
Kn-1
F(K2) .
K1
F(K1)
K0
Main idea: One-way key chains K0 is initial commitment to chain Base station gives K0 to all nodes
Broadcast
K0
0 1
K1
2
K2
3
K3
4
time
Divide time into intervals Associate Ki with interval i Messages sent in interval i use Ki in MAC Ki is revealed at time i + Nodes authenticate Ki and messages using Ki
TESLA Issues
Important parameters: time interval, disclosure delay Delay must be greater than RTT to ensure integrity Parameters define maximum delay until messages can be processed Nodes must buffer broadcasts until key is disclosed Requires loose time synchronization in network Base station commits to maximum number of broadcasts when forming chain
When current chain is exhausted, all nodes must be bootstrapped with a new one
Node B
Base Station
Lots of Communication
Military applications (battlefield surveillance, NBC attack detection and reconnaissance) Environmental applications (forest fire detection, flood detection, tracking movement of birds) Health applications (telemonitoring of physiological data, hospital drug administration) Home applications (home automation such as vacuum cleaners, microwave, fridge, DVRs) Commercial applications (fault detection in bridges, automatic meter reading, traffic analysis)
Discussion: Drawbacks
The TESLA protocol lacks scalability - require initial key commitment with each nodes, which
is very communication intensive
Conclusion
THANK YOU..
Questions ???