190 likes | 271 Views
CS Department Sapienza University of Rome. CSE Department PennState University. On the security vulnerabilities of the virtual force approach to mobile sensor deployment. N. Bartolini, G. Bongiovanni, T. La Porta, S. Silvestri.
E N D
CS Department Sapienza University of Rome CSE Department PennState University On the security vulnerabilities of the virtual force approach to mobile sensor deployment N. Bartolini, G. Bongiovanni, T. La Porta, S. Silvestri Institute of Network and Security Research - Graduate Student Seminars series
INSR - Graduate Student Seminars series Mobile sensor networks (1) • Small and cheap (~150 $) devices endowed with: • Sensing unit • Communication unit • Energy unit (small battery) • Locomotion unit RoboMotes CMU’s TagBot, Controllable Mobile Unit On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series Mobile sensor networks (2): motivation • Monitor critical scenarios: • Disaster areas • Toxic regions • Wild fires • Sensors can not be deployed manually, thus they usually are: • dropped from an aircraft • sent from a safe-location • We need distributed deployment algorithms to improve the coverage of the Area of Interest (AoI) On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series The Virtual Force Approach (1) • Representative works: • M. Garetto, M. Gribaudo, C. F. Chiasserini, E. Leonardi: “Sensor Deployment and Relocation: A Unified Scheme”, • IEEE MASS 2007 • Ma K., Zhang Y., Trappe W.: “Managing the Mobility of a Mobile Sensor Network Using Network Dynamics”. • IEEE Transactions on parallel and distributed systems, 2008 • Poduri S., Sukhatme G.S.: “Constrained coverage for mobile sensor networks”. • IEEE ICRA 2004 • …. • Inspired by molecularinteractions • Sensors exert: • Repulsive forces (d < Dth) • Attractive forces (Dth< d < rf) d d • Null forces • (d = Dth) • (d rf) d d On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series The Virtual Force Approach (2) • Algorithmexecuted in rounds • At each round a sensor: • Broadcast its position • Calculate the resulting virtual force • Moves accordingly to: • The magnitude of the force • The direction of the force On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series Security vulnerabilities • Nodes can be tampered • An attacker can: • Extract the cryptographic material • Reprogram tampered nodes Malicious nodes can collude to achieve the attacker goalsby exploiting the vulnerabilities of the deployment algorithm On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series Opportunistic Movement (OM) attack (1) • Attackergoals: • Reduce the area covered by legitimatesensors • Uncoveredregionaround a target • Uncoveredcorridor • Minimize the monitored area • Attacker model • Maliciousnodes can be deployed in the network • Maliciousnodes can collude • Communications are secure • No standard attacks are possible • Sybil • Nodecloning • False location claims • Idea: • Fullfil the communicationprotocol • Moveaccording to the attackergoals On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series Barrier Opportunistic Movement (BOM) attack • Malicious sensors form a barrier which intersect the AoI edges On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series An analytical model for the effect of the BOM attack • General model to evaluate the impact of the BOM on coverage wrt: • Density of legitimate sensors • Density of malicious sensors • The model can be applied to several VF based approaches Force legitimate sensors Force malicious sensors Minimum monitored area (mMA) On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series Analytical model for PDND algorithm • Ma K., Zhang Y., Trappe W.: “Managing the Mobility of a Mobile Sensor Network Using Network Dynamics”. IEEE Transactions on parallel and distributed systems, 2008 • Force function: • Force legitimate sensors • Force malicious sensors On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series Analytical model for PDND algorithm : validation 35 malicious 500 legitimate On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series The SecureVF algorithm (1) • IDEA: detect malicious sensors by analysing sensor movements • Each node s at round t determines its set of • Trusted neighbors • Untrusted neighbors • Movements are performed according to trusted neighbors only • Untrusted neighbors are ignored • Nodes advertise their trusted set at each round and then move accordingly • A node is marked as untrusted if: • The advertised trusted set is malformed • The movement is not compliant with the trusted set No transitive trust On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series The SecureVF algorithm (2) Broadcast new position Movement verification of q Malformed trusted set Movement not compliant to the trusted set Brodacst trusted neighbors Move according to the trusted neighbors On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series The SecureVF algorithm (3) On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series The SecureVF algorithm (4) Algorithm properties • Theorem: A legitimate sensors never marks other legitimate sensors as untrusted. • Theorem: Given a malicious sensor m performing a malicious movement at round t, then m is marked as untrusted by at least one legitimate sensor at round t+1. • Lemma: SecureVF terminates in a finite time, provided that the underlying VF algorithm has a guaranteed termination. On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series Experimental results (1) Initial PDND SecureVF On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series Experimental results (2) Initial PDND SecureVF Minimum # legitimate for full coverage 1000 legitimate On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series Conclusions & Open problems • Westudy for the first time the security vulnerabilities of mobile sensordeploymentalgorithms • We show the detrimentaleffects of simpleattackssuchas the OM attack • We propose an analytical model to estimate the impact on the BOM attack • We introduce SecureVF to counteract the OM attack • Open problems • Design new attacksthat exploit: • Location falsification • Sybilattack • … • Differentgoals of the adversary • Security vulnerabilities of otherapproaches On the security vulnerabilities of the virtual force approach to mobile sensor deployment
INSR - Graduate Student Seminars series Thank you! Any question? • References: • N. Bartolini, G. Bongiovanni, T. La Porta, S. Silvestri, “On the vulnerabilities of the virtual force approach to mobile • sensor deployment”, IEEE Transactions on Mobile Computing, (to appear). • N. Bartolini, G. Bongiovanni, T. La Porta, S. Silvestri, “On the security vulnerabilities of the virtual force approach to mobile sensordeployment”, in IEEE Conference on Computer Communications (INFOCOM 2013) On the security vulnerabilities of the virtual force approach to mobile sensor deployment