1 / 74

Managing Security Issues in Advanced Applications of Wireless Sensor Networks

Corso di Dottorato di Ricerca Ingegneria Elettrica e dell’Informazione XXI Ciclo A.A. 2007-08 SSD: ING/INF 03 Telecommunications. Managing Security Issues in Advanced Applications of Wireless Sensor Networks. PhD Candidate: Ing. Marco Pugliese Advisor: Prof. Fortunato Santucci

cargan
Download Presentation

Managing Security Issues in Advanced Applications of Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Corso di Dottorato di RicercaIngegneria Elettrica e dell’InformazioneXXI CicloA.A. 2007-08SSD: ING/INF 03 Telecommunications Managing Security Issues in Advanced Applications of Wireless Sensor Networks PhD Candidate: Ing. Marco Pugliese Advisor: Prof. Fortunato Santucci PhD School Coordinator: Prof. Giuseppe Ferri Università degli Studi dell'Aquila Dipartimento di Ingegneria Elettrica e dell’Informazione

  2. Example of WSN-based Health Monitoring System Challenges • Data Sampling • Command Dissemination • Data Collection [source: Culler, D., et al., “Health Monitoring of Civil Infrastructures Using Wireless Sensor Networks,” SensorNet Architecture meeting, Nov. 2006]

  3. Securing the Monitoring System Monitoring domains cross-layer Secure Platform Intrusion Detection System Link Layer Cryptography BS External server Base Station (sink)

  4. Objective & Methodology O. Design and implementation of a comprehensive cross-layer framework to provide WSN-based monitoring services with security (data confidentiality, data / entity authentication) and reliability (data integrity, service availability) Pilot project WINSOME (WIreless sensor Network-based Secure system fOr structural integrity Monitoring and alErting) developed at DEWS premises. M. R&D approach: • Cross-layer domain (link layer + net layer + appl. layer) • Integration ofthe “traditional” security techniques with novel components and CostRebalancing (computation time and memory usage) to comply with WSN resource constraints • Design Optimization (platform-based system design, PBD) • Modular SW Development (component-based sw design) • DynamicDistributed Application Architecture (mobile agent-based)

  5. Outline • WINSOME PBD (I) • Underlying Physical WSN Deployment • Underlying Logical WSN Deployment (ARCHEA) • Link Layer Cryptographic Scheme (TAKS) • WPM-based IDS • WINSOME PBD (II) • Next steps (near-term) • Next steps (mid-term)

  6. Distributed Architecture Platform-Based Model Applications Application A2 Application An Application A1 Application Execution Environment (AEE) Local memory Shared memory MW services SW component SW component Secure Platform Sensor Node Sensor Node Sensor Node Sensor Node Sensor Node Underlying WSN Deployment

  7. Agent-based Distributed Architecture Platform-Based Model Agent-based Applications Agent A1 AgentA2 AgentAn Mobile Agent Application Execution Environment (MA-AEE) Local memory Shared memory MA-MW services SW component SW component Secure Platform Sensor Node Sensor Node Sensor Node Sensor Node Sensor Node Underlying WSN Deployment

  8. Monitoring Applications Integrity Monitoring Agent other agents IDS Agent comp. Mobile Agent Application Execution Environment (MA-AEE) Local memory Shared memory MA-MW services IDS Core comp. WSN Topology Manager Link layer Cryptography Secure Platform Sensor Node Sensor Node Sensor Node Sensor Node Sensor Node Underlying WSN Deployment WINSOME PBD (I)

  9. AGILLA-based MA-AEE ARCHEA (Available Resource Cluster Head Election Algorithm) TAKS (Topology Authenticated symmetric Key Scheme) WPM-based IDS (Weak Process Model based Intrusion Detection System) WINSOME PBD (I)

  10. Underlying WSNPhysical WSN Deployment Q. Given a set of Sensor Nodes, findthe class of WSN physical deployments (geometrical nodes distributions) compliant to coverage (redundancy vs. reliability) and resource requirements. Coverage-Cost Quality Indicators Conditions for lossless / lossy detection A. Min. Redundancy Configuration Max. Reliability Configuration

  11. BS CH CH CH BS CH CH Underlying WSNLogical WSN Deployment (Network Topology) • Dynamic Clustered Spanning Tree (DCST). It represents a design assumption motivated by: • Cluster Heads (CHs) assigned on-demand (by a Cost Function) • Support to “data centric” applications (functions → data) • “Table-less” routing protocols • Support to data aggregation / fusion (at CHs) • Support the mobile agent propagation from CHs to their CMs

  12. N = 9 < σ >  4.4 N = 7 < σ >  3.4  220  15600 8 7 7 9 1 σ(1) = 3 σ(2) = 5 σ(3) = 8 σ(4) = 5 σ(5) = 3 σ(6) = 5 σ(7) = 3 σ(8) = 3 σ(9) = 5 σ(1) = 3 σ(2) = 3 σ(3) = 6 σ(4) = 3 σ(5) = 3 σ(6) = 3 σ(7) = 3 3 2 2 6 3 6 5 4 5 4 1 Underlying WSNPlanned Network Topology • Planned Network Topology (PNT graph). Defines thegraph including the sub-set ofDCSTscompliant to the specific constraints defined by the Planner (→ admissible DCSTs) • Each node knows its admissible neighbors • How many DSCT in a given PNT? Kirchhoff’s Theorem. N, the nodes in the network; < σ > average neighbors per node

  13. WSN Topology Manager(ARCHEA) Q. Given a WSN physical deployment and a Planned Network Topology, find the class of “short” and “balanced” admissible DCSTscompliant to resource requirements. Route-Cost Quality Indicators A. ARCHEA defines a Cost Function to elect CHs among a set of eligible nodes, such that the resulting DCST is the shortest balanced DCST among the possible choices. • Short and balanced DCST. It represents a design assumption motivated by • Reduced code transmission hops (for mobile agent propagation) • Augmented reliability in data aggregation at CHs • ARCHEA and routing messages can be crypto-secured • It includes the conditions to preserve spanning trees in WSN [Sec. 5.2]. • It is shown [Sec. 5.4] that the elected CH has minimum Hop Count (hCH) to sink and maximum number of CM [σ(CH)] respect to the other eligible nodes (→ balanced cluster sizes)

  14. TAKSDriving Ideas & Tools Link layer Cryptography provides security against outsider intruders. • TAKS are symmetric, pair-wise, no pre-distributed (only key components are pre-distributed) • TAKS is deterministic • TAKs are symmetric keys generated using asymmetric mechanisms (hybrid cryptography) • Network Topology Authentication as pre-condition for TAK generation • Cryptographic Entropy per TAK binit  1 bit (for any TAK length) • Certification Authority is distributed on nodes of the admissible DCSTs • Reverse engineering problem more complex than Discrete Logarithm Problem (DLP) • Cryptographic information is classified in public / restricted / private / secret • Vector algebra on GF(q) with q = 2k and k the TAK length in binit

  15. TAKSTopology Authentication • Network Topology Authentication as pre-condition for TAK generation • If the Planner is also Certifier: • Planned Network Topology → Certified Network Topology • Admissible DCST → Authenticated DCST • Node in an Authenticated DCST becomes local CA because it knows its admissible neighbors • Centralized CA → Distributed CA TAK can be generated in a node pair only if mutual authentication has been successful: therefore the resulting DCST is both admissible and authenticated.

  16. TAK Generation private restricted Local Conf. Data [Sec. 6.4] restricted f(.) and V(.) [Sec. 6.4] are public (Kerchoff’s principle) TAK Authentication Theorem [Sec. 6.4.1] TAK Generation Theorem [Sec. 6.4.2]

  17. Security Analysis Q. Is TAK a real cryptographic key? I.e. which is the cryptographic entropy per binit associated to TAK? A. It is shown [Sec. 6.5.1] that TAK Cryptographic Entropy per binit is ≈ 1 Q. How much a single node is secure? I.e. how much complex is the inverse problem to break TAK Generators from the cryptographic information available on a single node (security level in a single node) ? A. It is shown [Sec. 6.5.2] that is harder than Discrete Logarithm Problem Q. How much a network is secure? I.e. how many nodes should be compromised to derive TAK Generators from the cryptographic information available on the network (security level in the network)? A. It is shown [Sec. 6.5.3] that TAKS scheme is N-secure

  18. Cost Analysis • MICA2: 8-bit processor ATMega128L @ 7.4 MHz, assuming 20 clock cycles per arithmetic / logic operation, the average computation time per 32-bit operation is  3 s. • IMOTE: 32-bit processor PXA271Xscale @ {312, 416} MHz, assuming 5 clock cycles per arithmetic / logic operation, the average computation time per 32-bit operation is  0.03 s (assuming a conservative  300 MHz clock). • Memory usage is bits.

  19. Reference IDS Macro-functions • Intrusion Alarm Generation: issues alarms according to a predefined Anomaly Detection Logic (ADL) and threat models • Intrusion Reaction Logic (IRL): defines the defence strategy (schedule of interventions) and tracks correlated alarms • Intrusion Reaction Logic Application (IRLA): reacts to intrusion by applying the suited countermeasures (link release, putting compromised nodes in quarantine, distributing black lists / grey lists, ….) Intrusion Reaction Application Intrusion Alarm Generation Intrusion Reaction Logic Local Conf. Data Control messages

  20. WPM-based IDSDriving Ideas & Tools IDS provides security against insider intruders. • Incoming messageAnomaly Rules Observables • Behavior is modelled using WPM • WPM (Weak Process Model) vs HMM (Hidden Markov Model) • Deterministic vs. stochastic observable-state relationships • “0-1” reachability rules for observable-state relationships • Classification of WPM states according to their topological position within the WPM machine (e.g. LPA, HPA states) and according to the associated “threat observables” (e.g. UPA states) • Threat ObservablesStates Traces Scores  Alarm Countermeasures • WPM (Weak Process Model) vs HMM (Hidden Markov Model) • “possible states traces” vs. “the most probable states trace” (Viterbi) • Possible states traces are equi-probable • Alarm generation when at least a states trace contains at least an HPA • Scores (weights) associated to state traces

  21. WPM-based IDS Micro-functions Threat Model Anomaly Detection Logic Defence Strategy Local Conf. Data Countermeasure Application Alarm Tracking Control messages

  22. Al[sk] ok xk cm(s) Signalling IE WPM-based IDS Information Flow Threat Model Anomaly Detection Logic Defence Strategy Local Conf. Data Countermeasure Application Alarm Tracking Control messages

  23. WPM-based Anomaly Detection Model WPM Algebraic Canonical Form WPM States Traces o6 = 3, 1, 4, 2, 5, 6 L = 1, H = 100 Score Matrix S Score Computation 1 LPA 100 k=1 k=2 k=3 k=4 k=5 k=6 0 -99 99 1 99 100 -100 -100 -100 HPA -100 al[02|00] al[01|01]

  24. Threats from insider intruders (HF) (SH) SINKHOLE HELLO Flooding (WH) intra-cluster WORMHOLE inter-cluster WORMHOLE

  25. Examples of Anomaly Rules AR1. If nE has authenticated node nE, node nE declares hE < hi, with hi ≠ 0 (in other words node nE introduces itself as the new CH of ni but the current CH of ni is still alive), then ok = o1; AR2. If ni is CH and (rule AR1 or rule AR2) in nj is true, then ok = o2; This AR enables the “threat observables“ back-propagation AR3. If ni has authenticated node nE and node nE declares hE  hi (in other words node nE introduces itself as a new cluster member M), then ok = o3; This AR produces an ambiguous observable (Undecided Threat Obs.) The observable ok = o9 is produced if no observables for a sequence of K observation steps, with K a predefined threshold. …

  26. WPM-based Single Threats Models (WH) (HF) WORMHOLE HELLO Flooding (SH) SINKHOLE

  27. Al[sk] Al[sk] Al[sk] Al[sk] Aggregated Threat Model (I)

  28. (HF) (HF) (SH) (WH) (SH) (WH) Security Analysis STM ATM

  29. (WH) (WH) (SH) (WH) (SH) (WH) Security Analysis

  30. Aggregated Threat Model (II) UPA state

  31. Cost Analysis • MICA2: 8-bit processor ATMega128L @ 7.4 MHz), and assuming 20 clock cycles per arithmetic / logic operation, the average computation time per 32-bit operation is  3 s. • IMOTE: 32-bit processor PXA271Xscale@{312, 416} MHz), and assuming 5 clock cycles per arithmetic / logic operation, the average computation time per 32-bit operation is  0.03 s (assuming a conservative  300 MHz clock). • Memory usage is bytes.

  32. migrate / clone AGILLA MA-AEE • AGILLA is a mobile agent-based MW running on TinyOS • Inter-agent communication via Tuple Space (→ threat obs. aggregation) • Agents migrates via MOVE or CLONE (→ agent propagation across DCST) • STRONG or WEAK agent migration • Neighbor List (→ admissible neighbors according to PNT graph) MA-AEE [source: Fok, C.-L., et al., “Agilla: A Mobile Agent Middleware for Sensor Networks,” Tech. Report, WUCSE-2006-16, 2006]

  33. Enhanced AGILLA MA-AEE Agent-based Applications Agent A1 AgentA2 AgentAn AGILLA MA-AEE Local memory Tuple space AGILLA services SW component SW component Secure Platform Sensor Node Sensor Node Sensor Node Sensor Node Sensor Node Underlying WSN Deployment

  34. IDS Functions Mapping Intrusion Reaction Agent IDS Core comp. Threat Model IRA IRA IDS MA comp. LCD Anomaly Detection Logic Defense Strategy Alarm Tracking Control messages Countermeasure Application

  35. IRA IRA IRA clone clone AGILLA MA-AEE AGILLA MA-AEE AGILLA MA-AEE 1 3 5 AGILLA MA-AEE AGILLA MA-AEE AGILLA MA-AEE 2 6 4 IRA forward-propagation vs.Threat Observables back-propagation Al[s], ok Al[s], ok Al[s], ok Al[s], ok Al[s], ok This mechanism avoids the injections of new IRA instances from the sink

  36. WINSOME PBD (II) Monitoring Applications Integrity Monitoring Agent other agents IRA AGILLA MA-AEE LCD Tuple Space IDS core comp. NetManager Anomaly Detection Logic AGILLA services Threat Model ARCHEA TAKS Sensor Node Sensor Node Sensor Node Sensor Node Sensor Node Underlying WSN Deployment Secure Platform

  37. Secure Platform internal Structure IRA ok al[sk] IRLA IRL al[sk] AGILLA MA-AEE cm[s] Secure Platform cm[s] Tuple Space ok LCD ok al[sk] ok TM Hp_xk Net Manager ADL Comms Control Msgs

  38. Next steps (near-term) • Finalization of WINSOME components development • on-going implementations of AGILLA enhancements • 2 theses finalized, 1 thesis in on-going • Extensions of WPM-based IDS to data messages • on-going jointly with UC Berkeley • Enhancements of WPM technique to reduce false positives • Extension of TAKS to cluster keys

  39. Next steps (mid-term) Monitoring Theory Applications to Hybrid Systems Control Anomaly Detection applied to sensed data MW Service Support Enhancement Defence Strategies WINSOME Project Further WPM-based Threat Modeling Agent based SW design Threat Identification Mechanisms Cooperative Communications Detection Process

  40. Scientific Contributions [1] M. Pugliese and F. Santucci, “Pair-wise Network Topology Authenticated Hybrid Cryptographic Keys for Wireless Sensor Networks using Vector Algebra,” in 4th IEEE International Workshop on Wireless Sensor Networks Security (WSNS08), Atlanta, 2008. [2] M. Pugliese, A. Giani and F. Santucci, “A Weak Process Approach to Anomaly Detection in Wireless Sensor Networks,” in 1st InternationalWorkshop on Sensor Networks (SN08), Virgin Islands, 2008.

  41. In preparation • M. Pugliese, A. Giani, and F. Santucci, “Weak Process Models for Attack Detection in a Clustered Sensor Network using Mobile Agents,” submitted to the 1st International Conference on Sensor Systems and Software (S-Cube 2009) • M. Pugliese and F. Santucci, “A Comprehensive Cross-Layer Framework for Secure Monitoring Applications based on WSN” • M. Pugliese, L. Pomante, and F. Santucci, “Agent-based Design and Implementation of a Cross-Layer Framework for Secure Monitoring Applications based on WSN”

  42. Acronyms ADL Anomaly Detection Logic AR Anomaly Rules AGILLA AGile bombILLA ARCHEA Available Resource Cluster-Head Election Algorithm DCST Dynamic Clustered Spanning Tree DLP Discrete Logarithm Problem GF Galois Field HMM Hidden Markov Model HPA High Potential Attack IDS Intrusion Detection System IRA Intrusion Reaction Agent IRL Intrusion Reaction Logic LCD Local Configuration Data LPA Low Potential Attack TAKS Topology Authenticated Key Scheme TGMP TAK Generation Management Protocol WINSOME WIreless sensor Network-based Secure system fOr structural integrity Monitoring and alErting WML WPM Memory Length WPM Weak Process Model WSN Wireless Sensor Network

  43. Grazie per l’Attenzione

  44. BACKUP SLIDES

  45. Underlying WSNPhysical WSN Deployment • Metrics: • Sensor Node Density (SND). It is defined as the ratio between the number of sensor nodes and the aggregated coverage (supposing circular areas r = 1) generated by each sensor node. • Overlapping Detection Spot Percentage (ODSP). It is defined as the percentage of the aggregated overlapped coverage generated by all SND respect to the coverage area generated by a generic sensor node. • Coverage-cost criteria: • Minimize SND*ODSP to mimimizecoverageredundancy for a given SND; • Minimize SND/ODSP to maximizecoveragereliability for a given SND.

  46. Underlying WSNCoverage-cost Quality Indicators • The minimum for the product SND·ODSP returns the physical node distribution which minimizes coverage redundancy (fundamental cell with SNs at the centre of an hexagon). • The minimum for the ratio SND/ODSP returns the physical node distribution which maximizes coverage reliability (fundamental cell with SNs at the centre of an hexagon).

  47. Underlying WSNDCST Deployment 13 22 16 6 10 2 14 12 3 7 1 19 5 4 9 8 24 18 11 15 20 25 23 17 21

  48. Underlying WSNDCST Self-Organization 13 22 16 6 10 2 14 12 3 7 1 19 5 4 9 8 24 18 11 15 20 25 23 17 21

  49. Underlying WSNDCST Self-Organization 13 22 16 6 10 2 14 12 3 7 1 19 5 4 9 8 24 18 11 15 20 25 23 17 21

  50. Underlying WSNDCST Self-Organization 13 22 16 6 10 2 14 12 3 7 1 19 5 4 9 8 24 18 11 15 20 25 23 17 21

More Related