180 likes | 338 Views
Intrusion Tolerance for NEST. Bruno Dutertre, Steven Cheung SRI International. NEST 2 Kickoff Meeting November 4, 2002. Administrative. Project Title: Intrusion Tolerance for Networked Embedded Sys. PM: Vijay Raghavan PI: Bruno Dutertre and Steven Cheung
E N D
Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002
Administrative • Project Title: Intrusion Tolerance for Networked Embedded Sys. • PM: Vijay Raghavan • PI: Bruno Dutertre and Steven Cheung • PI phone # : (650) 859-2717, (650) 859-5706 • PI email: bruno@sdl.sri.com, cheung@sdl.sri.com • Institution: SRI International • Contract #: F30602-02-C-0212 • Award start date: 9/20/2002 • Award end date: 12/20/2004 • Agent name & organization: Raymond Liuzzi, AFRL/Rome
Subcontractors and Collaborators • Collaborators: • Hassen Saïdi • Ulf Lindqvist • Joshua D. Levy
Problem Description, Project Overview • Objective: • Low-cost, intrusion-tolerant authentication and key management for NEST (resource-limited wireless devices) • Impact: • Fundamental building blocks on which higher-level security services can be implemented • Enable the secure deployment of sensor networks, or other NEST applications. • Success criteria: • Demonstrate deployment on a representative network of small wireless sensors (Motes) • Relevant metrics: network size, fraction of compromised sensors, overhead
Problem and Challenge New Ideas Impact Schedule Intrusion Tolerance for NEST Intrusion-tolerant key-distribution services for large networks of microsensors • Build low-cost key-management services for sensor networks: • Localized authentication protocols for bootstrapping • Chains of trusted intermediaries for • Secret sharing + disjoint paths for tolerating compromised nodes • Intrusion detection for motes: • Detect denial-of-service attacks • Detect misbehaving nodes Self organizing protocols Low cost cryptography Detect/respondto DoS attacks • Enable deployment of sensor networks in hostile environments • Support other security services for wireless sensor networks: • Confidentiality and integrity of communication • Robust NEST services FY03 FY04 FY05 2QFY03: Design Bootstrapping Protocols 3QFY03: Baseline Intrusion Detection 4QFY03: Design Inturion-tolerant Key-Distribution Protocols 1QFY04: Experimental Validation and Demo 1QFY05: Integration and Final Demo
Outline • Existing approaches to authentication and key management • PKI, Diffie-Hellman, trusted servers • Proposed approach: • Local authentication and initial key establishment • Leveraging local trust • Intrusion detection and response • Plan
Objective • Low-cost key management for large-scale networks of small wireless devices • Constraints: • Limited memory, processing power, and bandwidth • Networks too large and not accessible for manual administration/configuration
Traditional Key Management • Decentralized approaches: • Public-key infrastructure, certificates • Diffie-Hellman style key establishment • Approaches based on symmetric-key cryptography • Trusted authenticationand key distribution server (e.g., Kerberos) Too expensive Limited scalability High administrativeoverhead to set up long-term keys Vulnerable to serverfailure Server may be a bottleneck
Proposed Approach • Goals: • Intrusion-tolerant architecture for key management in NEST • Use only inexpensive cryptographic algorithm • Decentralized (no server) and self organizing • Approach: • Build initial secure local links • For nonlocal communication, rely on chains of intermediaries • Use secret sharing when intermediaries are not fully trusted • Develop complementary intrusion detection methods to locate nontrustworthy nodes
Bootstrapping • Establish secure local links between neighbor devices quickly after deployment • Weak authentication is enough (need only to recognize that your neighbor was deployed at the same time as you) • Exploit initial trust (it takes time for an adversary to capture/compromise devices) • Focusing on local links improves efficiency
Basic Bootstrapping Scheme • For a set S of devices to be deployed • Construct a symmetric key K • Distribute it to all devices in the set • K enables two neighbor devices A and B • To recognize that they both belong to S (weak authentication) • To generate and exchange a key for future communication • Possible drawback: • Every device from S in communication range of A and B can discover . More robust variants are possible.
B C D A E Leveraging Local Trust • To establish keys between distant nodes: • use chains of trusted intermediaries • To tolerate compromised nodes: • disjoint chains and secret sharing
Tradeoffs • Security increases with • the number of disjoint paths • the number of shares but these also increase cost • Challenges: • Implement cheap secret sharing techniques • Quantify the security achieved • Find the right tradeoff for an assumed fraction of compromised nodes
Intrusion Detection • Goals: • Detect compromised nodes (to remove them from chains) • Detect other intrusions: denial-of-service attacks, attempt to drain power • Cryptography is ineffective against these
Intrusion Detection Approach • Develop models of attacks and relevant signatures: • What must be monitored? • How to collect and distribute the data? • Develop diagnosis methods: • Identify the source of the attack if possible • Possible responses: • Avoid nodes that are considered compromised • Hibernation to counter DoS or power-draining attacks
Experimental Evaluation • Platform: • “motes” with TinyOS • 20-30 nodes with upto 20% compromised nodes • Objective: show feasibility, measure overhead • Experiment scenario remains to be defined
Project Status • Participating in the security minitask • Identifying security threats for a NEST environment • Getting familiar with the TinyOS platform and the NEST Challenge • In the process of setting up a sensor network testbed; motes ordered