1 / 15

Toward Resilient Security in Wireless Sensor Networks

Toward Resilient Security in Wireless Sensor Networks. Rob Polak Feb 23 2006 CSE 535. What is Wireless Security on the Link Level?. Message Authenticity Verify Sender Verify Message has not been forged Message Privacy The messages can not be read by a third party. Previous research.

kapono
Download Presentation

Toward Resilient Security in Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb 23 2006 CSE 535

  2. What is Wireless Security on the Link Level? • Message Authenticity • Verify Sender • Verify Message has not been forged • Message Privacy • The messages can not be read by a third party.

  3. Previous research • Pairwise Key Distribution • Nodes contain a pool of symmetric keys, with a probability they contain shared keys. • These shared keys are then used to create a pairwise key used to endorse messages. • What are the problems with this method?

  4. Problems with Pairwise • As more nodes are compromised the fraction of affected pairwise keys increases quickly. • Insider Attacks are not accounted for in the system. • Some sensors may not be able to communicate if they do not share keys.

  5. Solution? • Location-Based Resilient Security (LBRS) • Split terrain into grids, and use a locally binded key

  6. Overview LBRS • When an event occurs it is endorsed by multiple nodes within a cell. • Message is then forwarded to a node up stream towards the Sink. • Messages are verified en-route to ensure validity.

  7. Grid Construction • How to construct a grid with no real infrastructure. • Solution: construct a virtual grid of cells, and bind keys to certain cells. • How to determine cell size? What are the tradeoff’s? • As cell size increases nodes are required to have less keys, however, if a large cell is compromised an attacker can forge events of a larger area.

  8. Bootstrapping • Time when node is first deployed, and needs to generate it’s keys • Node determines its position • Node generates keys based upon its location, a master secret, and a one way function. • Then the node identifies all of the nodes in its sensing range and generates keys for those nodes. (used later in en-route message filtering) • Master secret is then erased permanently (no more keys can be generated).

  9. En-Route Filtering • Any given report requires (m-1) distinct MAC endorsements (message authentication codes) • Reports are collectively processed and endorsed by surrounding nodes within a cell. • Once a message is sent to it’s upstream node (using geographic routing) the senders mac’s is then verified by the receiving node.

  10. Routing • LBRS uses a concept of beam width routing, which is a subset of a geographic routing.

  11. Analysis • Analysis Info • Given: a circular terrain of radius R and N sensor nodes • For fabricated attacks where m-1 distinct MAC’s are needed to verify a report the detection ratio is : 1 - ½^(8s(m-1)) = 0.999 =99% detection rate for our simulation. • In a simulation network of 10km with 400K nodes, the forged reports were found in an average of 4.2 hops, and 6 hops at most.

  12. Node Compromise • Can we prove our hypothesis that LBRS is less vulnerable to node compromise. • Results from the simulation show that when 100 nodes are compromised only 11 cells or 0.68% of the total terrain. (30k nodes) • No comparisons to pairwise system.

  13. Implementation • Implementation • Only talks about very basic setup of nodes. • Seems to be “missing” any results.

  14. Future Work • Implementing the system and study the performance

  15. Discussion • What are some of the problems with this system? • Can not handle networks with nodes that change location. • Does not scale well into system with low density of nodes. • Is this a viable network security solution? Are you convinced?

More Related