1 / 65

Wireless Network Security and Sensor Networks

Wireless Network Security and Sensor Networks. Topics. Brief review of wireless security Sensor networks: Architecture and Issues of Security of SNs SNEP  Tesla. 802.11. 802.11 a, b, … Components Wireless station A desktop or laptop PC or PDA with a wireless NIC. Access point

gina
Download Presentation

Wireless Network Security and Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Network Securityand Sensor Networks

  2. Topics • Brief review of wireless security • Sensor networks: Architecture and Issues of • Security of SNs • SNEP • Tesla

  3. 802.11 • 802.11 a, b, … • Components • Wireless station • A desktop or laptop PC or PDA with a wireless NIC. • Access point • A bridge between wireless and wired networks • Radio • Wired network interface (usually 802.3) • Bridging software • Aggregates access for multiple wireless stations to wired network.

  4. 802.11 modes • Infrastructure mode • Basic Service Set • One access point • Extended Service Set • Two or more BSSs forming a single subnet. • Most corporate LANs in this mode. • Ad-hoc mode (peer-to-peer) • Independent Basic Service Set • Set of 802.11 wireless stations that communicate directly without an access point. • Useful for quick & easy wireless networks.

  5. Infrastructure mode Access Point Basic Service Set (BSS) – Single cell Station Extended Service Set (ESS) – Multiple cells

  6. Ad-hoc mode Independent Basic Service Set (IBSS)

  7. 802.11b Security Services • Two security services provided: • Authentication • Shared Key Authentication • Encryption • Wired Equivalence Privacy

  8. Wired Equivalence Privacy • Shared key between • Stations. • An Access Point. • Extended Service Set • All Access Points will have same shared key. • No key management • Shared key entered manually into • Stations • Access points • Key management a problem in large wireless LANs

  9. WEP – Sending • Compute Integrity Check Vector (ICV). • Provides integrity • 32 bit Cyclic Redundancy Check. • Appended to message to create plaintext. • Plaintext encrypted via RC4 • Provides confidentiality. • Plaintext XORed with long key stream of pseudo random bits. • Key stream is function of • 40-bit secret key • 24 bit initialisation vector • Ciphertext is transmitted.

  10. WEP Encryption IV Cipher text Initialisation Vector (IV) || PRNG Key Stream  Seed Secret key Plaintext || 32 bit CRC ICV Message

  11. WEP – Receiving • Ciphertext is received. • Ciphertext decrypted via RC4 • Ciphertext XORed with long key stream of pseudo random bits. • Check ICV • Separate ICV from message. • Compute ICV for message • Compare with received ICV

  12. Shared Key Authentication • When station requests association with Access Point • AP sends random number to station • Station encrypts random number • Uses RC4, 40 bit shared secret key & 24 bit IV • Encrypted random number sent to AP • AP decrypts received message • Uses RC4, 40 bit shared secret key & 24 bit IV • AP compares decrypted random number to transmitted random number

  13. Wepcrack • First tool to demonstrate attack using IV weakness. • Open source • Three components • Weaker IV generator. • Search sniffer output for weaker IVs & record 1st byte. • Cracker to combine weaker IVs and selected 1st bytes.

  14. Airsnort • Automated tool • Does it all! • Sniffs • Searches for weaker IVs • Records encrypted data • Until key is derived.

  15. Safeguards • Security Policy & Architecture Design • Treat as untrusted LAN • Discover unauthorised use • Access point audits • Station protection • Access point location • Antenna design

  16. Bluetooth Security • Mode 1 – non-secure. • Mode 2 – service level enforced security. • Initiated after the channel is established. • Mode 3 – link level enforced security • Initiated before the channel is established. • Trusted Devices • Unrestricted access to all services. • Untrusted Devices • Services requiring Authorisation and Authentication. • Services requiring Authentication. • Open services.

  17. Link Layer services • Link Layer • Authentication of Peers • Encryption of information • Unique public device address • BD_ADDR • 48 bits, allocated by IEEE

  18. Connecting Two Devices • Two devices with no prior connection • For low security connections • 128 bit Unit link key from one device used. • Created when device is manufactured. • For higher security connections • 128 bit Combination link key generated • Provides • Confidentiality • Integrity • Authentication

  19. Combination Key • Identical PIN code entered into both devices. • 128 bit initialisation link key generated. • PIN code • Device Address • Random number • Combination key now generated. • Combination key stored for future use.

  20. Wireless Transport Layer Security (WTLS) • Provides security services between the mobile device (client) and the WAP gateway • Data integrity • Privacy (through encryption) • Authentication (through certificates) • Denial-of-service protection (detects and rejects messages that are replayed)

  21. WAP Gateway Architecture Application Servers HTTP/SSL Wireless Gateway WTLS HTTP/SSL

  22. WAP Stack Configuration

  23. WTLS Protocol Stack

  24. WTLS Record Protocol • Takes info from the next higher level and encapsulates them into a PDU • Payload is compressed • A MAC is computed • Compressed message plus MAC code are encrypted using symmetric encryption • Record protocol adds a header to the beginning to encrypted payload

  25. Record Protocol Operation

  26. Alert Protocol • Convey WTLS-related alerts to the peer entity • Alert messages are compressed and encrypted • A fatal warning terminates the connection (i.e. incorrect MAC, unacceptable set of security parameters in the handshake • Certificate problems usually cause a non-fatal error

  27. SSL vs. WTLS • Datagram support ( UDP) • Expanded set of alerts • Optimized handshake – 3 levels of client/server authentication • New Certificate Format – WTLS certificates are small in size and simple to parse • Support client identities • Additional cipher suites – RC5, short hashes • Explicit shared secret mode

  28. Sensor Network What is it?

  29. What and Where/When • What? • Low cost, low power, multi-functional sensor nodes • Communicates within short distances • Enabled by MEMS, wireless, and digital electronics • Where: • Military, health, environmental

  30. Ad hoc Networks vs. SNs • Number of nodes several orders larger • Densely deployed • More prone to failures • Dynamic topology (frequent changes) • SNs use broadcasts instead of PP • Power, CPU, and memory limitations • No global IDS

  31. Applications • Military • c4ISRT, NBC detection etc. • Environmental • Forest fire, bio-complexity analysis, flood detection • Health • Tele-monitoring, tracking, drug admin. • Commercial • Environmental control of office buildings • Potential for $55B/year saving &, reduction of 35 mmt of CO2 emission • Detection of vehicle thefts (Not Really SensorNets..) • Inventory control (Mostly RFIDs not nets)

  32. Design Goals • Fault tolerance • Scalability • Cost ~= $1/node • (what do batteries cost? ) • Hardware constraints • Transmission constraints • Power constraints • SWAP (Size Weight and Power) critical for military apps

  33. Sensor Networks Overview • Sensor Nodes • Sensor networks are made up of large number of ad hoc sensor nodes • Power supply • Memory • Sensing hardware • Data processing • Communication components

  34. Sensor Networks Overview (cont.) • Sensor networks communication architecture • Sensor nodes and sink node (Monitoring Station) • Each of these scattered sensor nodes has the capabilities to collect data and route data back to the Monitoring Station

  35. Sensor Networks Overview (cont.) • Procedure • The source starts transmitting data packets toward the sink (a) • When a node joins the network it starts transmitting and receiving packets and sending a neighbor announcement message (b) • When the process completes, the group of newly active neighbors that have joined the network make the delivery of data from source to sink more reliable (c) • Self-organizing sensor networks topology • Alberto Cerpa and Deborah Estrin 2002

  36. Sensor Networks (cont.) • 4 State transitions of sensor nodes When a node starts, it initializes in theteststate; it sets up a timer Tt. When Tt expires, the node enters the active state; Before Tt expire, the number ofactiveneighbors > the neighbor threshold (NT),the node moves to passive state; When a node enters the passive state, it sets up a timer Tp. When Tp expires, the node enters thesleep state. Before Tp expire, , the number of neighbours is < NT(…), the node moves to teststate; When a node enter thesleep turns the radio off, sets a timer Ts and goes tosleep.When Ts expires, the node moves intopassive state.

  37. Area Monitoring • Jean Carle et al paper, 2003 • 3 sub problems for area monitoring • Select sensors that are needed for area coverage, other sensors to sleep mode - to reduce the number of sensor needed to monitor the area to extend network life; • Construct broadcasting tree from monitoring station to all active sensors: minimum energy broadcasting or dominating set based; • Sensors report events to monitoring station using reverse broadcast tree.

  38. Area Coverage - Algorithm 1 • Ye, Zhong,Chen, Lu, Zhang 2003 • A sensor sleeps for a while, then decides to be active iff there is no active sensor closer than a threshold distance • Onceactive, it remains active until life ends • Non-active periodically reevaluates decision • High probability of full coverage if threshold < ≈ 0.3 sensing radius • The disadvantage • Probabilistic not ensure the full coverage

  39. Area Coverage - Algorithm 2 • Tian 2002 • Each sensor knows position of all neighbors • If neighbors cover its sensing area then sensor sends withdrawal message after timeout = negative acknowledgement (goes to sleep mode) • Otherwise, remain active • Repeats periodically • Neighbor sensors may disappear without notice • Covering sensors may not be connected • Require priori knowledge of all neighboring nodes

  40. Area Coverage - Algorithm 3 • Carle, Simplot, Stojmenovic, 2003 • Area dominating set algorithm • Covered = active neighbors are connected and together cover its sensing area • If not covered at end of timeout then send positive ack, otherwise send negative ack • Positive and negative ack variant • Positive only acks variant (shorter network life) Central node decides to be non-dominant (sleep) Central node decides to be dominant (active) (area is covered by active neighbors but these neighbors are not connected)

  41. Area Coverage - Algorithm 3 (Cont.) • The Election of Covering Nodes E.g. Nodes 0,1,2,3,4 are active,Node 5 decides to be inactive • If node 5 does not announce its deactivation, • Node 6 decides to be active • Else, node 5 announce its status • Node 6 decides to be inactive • Negative ack may reduce the number of active sensors (prolong network life) • Experiments show that “positive and negative ack” leads to four times smaller area dominating sets than “positive only ack” for dense networks.

  42. Broadcasting - Monitoring Station to Sensors • Distribute requests from monitoring station to the whole sensor nodes • Broadcasting is a common and important operation for route finding, information dissemination or request diffusion • Research on energy efficient broadcast protocols • Aim at reducing the number of sensors which participate in broadcasting

  43. Broadcasting Tree (I)- Monitoring Station to Sensors • F.Dai and J.Wu, 2003 • Dominant punning scheme • Applied on area dominant set • The dominant punning method is the same process as constructing area dominant set • 20% reduction with most of saving the border of monitored area according to the experimental data

  44. Broadcasting Tree (II)- Monitoring Station to Sensors • A.Qayyum, et al. Multipoint Relay (MPR) Protocols • Select a minimal set of one-hop neighbors that cover the same network as the complete set of neighbors • Each node find its relay set • Repeats periodically, add to the relay subset the neighboring node which covers • The list of relay nodes are attached to the retransmitted packet • Applied on area dominating sets, MPR constructs relay subsets which contain nearly all nodes

  45. Reporting Events – Sensors to Monitoring Station • Sensor measurements – sensors report only important information (data aggregation) • Spanning tree induced by flooding over area dominating set (reduce the number of sensors and energy saving)

  46. Management • Ruiz, L.B, et al, 2003 • Three-layer sensor networks management architecture • Service - Executed by a set of function; • Management functions - Five possible states: ready, not-ready, executing, done, and failed; • Wireless sensor networks Models – Dynamic in time

  47. Management (cont.) Sensor nodes differ in their hardware physical capabilities • Manager –Collects and distribute information from all agents and controls the entire networks • Sink node–Host an intermediate manager • Agent – Raise some questions related to the location nodes

  48. Management (cont.) Agents in hierarchical homogeneous • Manager - Collects and distribute information from all agents and controls the entire networks • Agent - Raise some questions related to the location nodes • Cluster-head - Response for sending data to a base station; execute correlation of management data (no sink node) • Base Station- Connect, communicate and secure networks

  49. Sensor Network Security • What do we mean by sensor network security? • Conventional view of security from cryptography community: cryptographically unbreakable design in practical sense • Network Reality: very few security breaches in practice are to exploit flaws in cryptographic algorithms; side channel attacks • Malicious versus selfish (DoS vs. resource gobbler) • Security v.s. robustness, fault tolerance, resiliency • Security is not a black/white world, it is progressive • We must secure entire networked system, not just an individual component • Solutions must be robust/adapt to new threats as much as possible

More Related