140 likes | 267 Views
Trust relationships in sensor networks. Ruben Torres October 2004. Introduction. Paper: “Key Infection: Smart Trust for Smart Dust” The two main objectives of this paper are: To present a lightweight security protocol that can be implemented in commodity sensor networks.
E N D
Trust relationships in sensor networks Ruben Torres October 2004
Introduction • Paper: “Key Infection: Smart Trust for Smart Dust” • The two main objectives of this paper are: • To present a lightweight security protocol that can be implemented in commodity sensor networks. • to show that the initial trust establishment can be achieve without extra complexity of the security protocol, a low computation overhead and low memory requirements • Its main characteristic is that the initial key exchange between nodes is made in clear text • No assumption of the presence of a highly capable attacker who can monitors and stores all communication. This assumption have lead to the development of heavy security protocols.
Key Infection • The key material is propagated as contact is made, like an INFECTION spreading through a biological population • Key infection is based on the assumption that during the network deployment phase, the attacker can only monitor a fix percentage of the communication channels. • There is no need to preload secret information before sensor network deployment. • It uses symmetric cryptography • The initial key exchange is made in clear text. Using a master key at the beginning, under some circumstances, only secures a fraction of communication that the attacker could have recorded and decipher anyways. Its cheaper to simply exchange session keys in the clear.
Terminology • White Nodes: The nodes that conform our sensor network • Black nodes: The attacker nodes • Dust: Term that comes from the “Smart dust” project. Its goal is to make sensor small and cheap enough that they can be distributed in large number over an area.
Sensor Network assumption • Commodity sensor networks • Small, low cost nodes, • Limited Battery Energy, minimal computation, communication and storage resources • No tamper-proof hardware • Each node has a transmission range of 10 m. • Around half a dozen nodes should have fall into each node range. • The simulation considered 10000 White nodes (good nodes) and a 100 Black nodes (bad nodes).
Real World Attacker model • The attacker doesn’t have physical access to the network at the deployment phase. • The attacker can only monitor a small portion of the communications during the deployment phase. After key exchange is complete the attacker can monitor al communications at will • The attacker is not able to execute active attacks during the deployment phase of the network. (flooding, jamming, etc). • The deployment time window is of a few seconds. • Analogy of a bank door and home doors
Ki i j Initial key exchange {j,Ki,j}Ki i j Basic key setup • Each node choose a key and broadcast it in plain text to its neighbors • The returned packet will be transmitted using the minimum power necessary for the link, based on the measurement of the signal from i. • Assuming an area with no opponents, plaintext key exchange is not a problem if opponents come after the setup time.
j i {j,Ki,j}Ki Initial key exchange m {m,Ki,m}Ki2 Key Whispering • Small change to the original protocol • Instead of a full power broadcasting, each White node starts transmitting as quietly as possible until it receive a response • A key is set with the responder • The broadcast is resumed with a new key
W3 W4 W1 W2 e W1 W2 W1 MIN Tx range to reach W2 W1 MAX Tx range S S Analysis Basic Key Setup Key Whispering • For the basic key setup, the effective eavesdropping area is larger than for key whispering. Therefore, the probability of getting a compromised link is larger in the basic setup approach • At the end, we can infer that the combatant who can produce the denser dust has a significant advantage.
W4 p3 Secrecy amplification (multipath) • Link compromised at initial phase • Combine keys propagated along different paths • W1->W3: {W1,W2,N1}K13 • W3->W2: {W1,W2,N1}K23 • W2 computes: k’12=H(k12 || N1) • W2->W1: {N1,N2}K’12 • W1->W2: {N2}K’12 After the protocol has finished, if K12 was secure, K’12 remains secure. But if K12 was compromise, the new k’12 is now secure. Path discovery is allowed W2 p1 W1 p2 W3
Multihop Keys • Node W2 helps in the key setup between W1 and W3 • Node W2 forget K13 immediately • Support end to end rather than link layer cryptography • Additional protection in case W2 gets compromised. Key Setup W3 (base) W1 {R}k12 W2 {k1}k23 1 W3 (base) W1 {K13}k12 W2 {k13}k23 2
Recovery from attacks • Sufficient nodes have been subverted for the network to be partitioned • A recovery phase may be initiated • Use of backup nodes • Re run of the initial network discovery algorithm • The multi path key infection algorithm can automatically discover paths. “Breaks the infection disease analogy”.
Conclusions • Under some assumptions, the clear text key distribution is almost as secure as preloaded keys in nodes. • The benefits of initial keying can be analyzed separately from later key relations maintenance. Resilience and recovery mechanism can be more important than bootstrapping.
References • R. Anderson, H. Chan, A. Perrig. “Key Infection: Smart Dust for smart Trust”. ICNP2004 • C. Karlov. “TinySec: A link layer Security architecture for wireless sensor networks”. Sensys04 • J.M. Kahn, R.H. Katz. “Next century challenges: mobile networking for Smart Dust”.