230 likes | 419 Views
SPLASH Project INRIA-Eurecom-UC Irvine. November 2006. SPLASH project review. Security of Wireless Adhoc Networks From MANET security… To WSN (Wireless Sensor Network) Security! Many contributions in many different areas. Outline. MANET Security Membership Management
E N D
SPLASH ProjectINRIA-Eurecom-UC Irvine November 2006
SPLASH project review • Security of Wireless Adhoc Networks • From MANET security… • To WSN (Wireless Sensor Network) Security! • Many contributions in many different areas...
Outline • MANET Security • Membership Management • Collaboration Enforcement • WSN Security • The security Challenges • Secure Aggregation • Conclusions
Distributed and scalable security services required What is a MANET? • No centralized control • No hierarchy • Fault-tolerant • Dynamic membership • Set of nodes (5-50) that establish • A network • Wireless and multi-hop • Does not rely on any fixed infrastructure • Spontenuous (no prior association) MANET
MANET two main Security Challenges • Membership Management • How does a new node become a member of the MANET without relying on a trusted membership controller? • Secure Routing/Collaboration Enforcement • How can we make sure that all node collaborate i.e. relays others’ packets?
Membership Management: The Centralized Approach E D F Membership manager A C B
Vote2 Vote1 Mnew Vote2 Vote2 Our approach:Admission Control • New member (Mnew) wants to join the group • A quorum of t current members need to issue Mnew a group membership certificate (GMC) • If no quorum found, membership is denied • Step 1: Join request • Step 2: Join commit (Vote) Mnew • Step 3: GMC issuance & share acquisition
Contributions • Solution based on secret sharing technique + polynomial interpolation. • Only One round (instead of t) is necessary to become a member of the group. • Once a node becomes a member it receives a token (private key) that can be used to: • Vote for new member • Establish a key with any other MANET member • Prove membership • More infos?: • Robust Self-Keying Mobile Ad Hoc Networks, Claude Castellucia, Nitesh Saxena, and Jeong H. Yi, Elsevier Computer Networks, April 2007.
Secure Collaboration • How to make sure that members are not selfish? • Some nodes might drop packets to save energy or to perform DoS attacks • We have developped: • a reputation based solution (CORE) • a Cryptographic solution
How to enforce collaborations? • Problem statement: C C A A B
How to enforce collaborations? • Problem statement: C A B C A
Our solution • Some packets addressed to B are routed via C • Boomerang routing ;-) C A B A C A B C C A B A A B B A
Our solution • If B drops packets…it may drop some of its packets … • It is forced to collaborate since he does not know the final destination… • Reference:Pocket bluff (INRIA Research Report) C A B A C A B
Wireless Sensor Networks • Another type of adhoc networks • Network of sensors that usually monitor the environment • Sensors are very small and cheap devices • They usually send their monitored data to the sink (a more powerful device)
Interactive VR Game Wearable Disaster Recovery Environmental Monitoring Computing Earth Science & Exploration Context-Aware Computing Wireless Sensor Immerse Environments Networks Biological Monitoring Hazard Detection Smart Environment Linear Structure Military Surveillance Protection Urban Warfare Application Spectrum
MANET vs WSN • MANET and WSN look similar but they are quite different.. MANET WSN Nodes are Fixed Nodes are Mobile 1000/10000 Nodes 10-50 Nodes Nodes belong to same entity Nodes belong to different entities Nodes sends to BS Nodes have very Limited CPU/memory/energy P2P communication Nodes can easily be physically corrupted
Manet Security Challenges • MANET WSN Scalability Access/Membership control Collaboration enforcement/ Secure routing Energy/CPU efficient security protocols Sensor revocation
Some Contributions • Key establishment/pairing • Shake them Up! (presented last year) • Secure Aggregation • Aggregation is a useful technique to save energy • User is often more interested in the aggregate (i.e. average in a give area) than each individual value • Instead of sending each value to the sink, the values are added by intermediate nodes… • Less packets are transmitted, i.e. energy is saved…
Secure Aggregation • Aggregation is simple without security • Intermediate nodes process data of their children • But what happens if the data sent by each sensor is encrypted using a key that it shares with the sink? • Data processing is no more possible…or is it? • We’ve developed a new additively homomorphic cipher • Enc(k1, msg1) + Enc(k2, msg2) = Enc(k1+k2, msg1+msg2) • Intermediate nodes can add the ciphers they receive from children …and the sink can still recover the sum of the plaintexts. • But intermediate nodes do not have access to the plaintext values, i.e. privacy is provided… • More info?: • Efficient Aggregation of Encrypted Data in Wireless Sensor Networks, Conference Presentation Mobiquiotous 2005, July 2005
Conclusions • The SPLASH project was a very productive and successful project • Pars Mutaf (INRIA) visited Eurecom for 1 year. • Claude Castelluccia (INRIA) visited UCI for 2 years. • The scientific contributions were numerous and many papers were published • We participated in many conf. PC and launched ESAS (Europeen Workshop on Security in Adhoc and Sensor Network) • We have deployed 2 testbeds • MANET (Eurecom) to evaluate CORE • WSN (INRIA)
Some Papers • Key distribution/Membership Management in MANET • Robust Self-Keying Mobile Ad Hoc Networks, Elsevier Computer Networks, April 2007. • Ad hoc network security, book chapter in Mobile Adhoc networking, 2004 and in Handbook of Information Security (2006). • Secure and Private MANET routing protocol • Packet coding for strong anonymity in ad hoc networks, IEEE Securecomm 2006, • Securing Route Discovery in DSR, IEEE Mobiquitous'05 • Collaboration Enforcement in MANET • CORE: a collaborative reputation mechanism to enforce node cooperation in MANET (Michiardi phd thesis, 2004 + 6-7 publications) • Pocket Bluff, INRIA Tech. Report, 2005. • WSN Security • Shake Them Up! Mobisys 2005. • Efficient Aggregation of Encrypted Data in Wireless Sensor Networks IEEE Mobiquitous'05 • Authenticated Interleaved Encryption, eprint, 2006. • More to come soon ;-)
Visibility • European Workshop on Security in Ad-Hoc and Sensor Networks (2004) • Refik Molva and Gene Tsudik (UCI) were chairing ESAS2005 • C.Castelluccia is in the steering com. • ESAS and IEEE WISE will merge to create an new IEEE conference: IEEE WISEC (Wireless Security)! • We have chaired/were in the PC on numerous conf./workshop: Securecom, Mobiquitous, ESAS, Globecom, UbiSec,…