260 likes | 351 Views
LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks. Speaker: Shen Ren Author: Sencun Zhu Sanjeev Setia Sushil Jajodia. Skeleton. Introduction Four Keys and Their Establishment Security Analysis. What is Sensor &Sensor Network?.
E N D
LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks Speaker: Shen Ren Author: Sencun Zhu Sanjeev Setia Sushil Jajodia
Skeleton • Introduction • Four Keys and Their Establishment • Security Analysis
What is Sensor &Sensor Network? • Sensor: A device that produces a measurable response to a change in a physical condition such as temperature or in a chemical condition such as concentration • Sensor Network
What is LEAP? • LEAP: Localized Encryption and Authentication Protocol • Support in-network processing, while at the same time restricting the security impact of a compromised node. • A KEY management protocol for sensor networks • Four types of keys for each sensor node
Why is LEAP? • Motivation: • Observation that different types of msg exchanged between sensor nodes have different security requirements • A single keying mechanism is not suitable for meeting these different requirements. • Asymmetric keys cost too much computational time • TLS and Kerberos not practical: Energy budget limited and the limited computational and communication
LEAP Features • The establishing and updating part of the protocol is communication and energy-efficient and minimizes the involvement of the BS (base station) • The authentication part of the protocol supports source authentication without precluding in-network processing • The inter-node traffic authentication is based on the use of one-way key chains.
Different Security Requirements • The packets can be classified into several categories based on different criteria • Control packets vs. Data packets • Queries or commands vs. Sensor Readings • Authentication is required for all types of packets whereas confidentiality may only be required for some type of packets. • Routing control info (does not require confid..) • Readings transmitted by a sensor node and queries sent by the BS need to be confidential
Skeleton • Introduction • Four Keys and Their Establishment • Security Analysis
Four types of Keys • Individual key: shared with BS, used for secure communications. eg: 1.abnormal or unexpected event report; 2. encryption of sensitive data that are broadcast to the whole group (by BS) • Group Key: similar to Global key, used by BS for encryption of broadcast Eg: 1. the BS issues the missions, send queries and interests; 2. useful to update new key after one of them is compromised
Four types of Keys • Cluster Key: shared by a node and all its neighbors, used for securing locally broadcast msgs. eg: 1. routing control info 2.benifit from the passive participation • Pairwise Shared Key: shared with its immediate neighbors eg: transfer/distribute its cluster keys to its neighbors.
Notations • N is the number of nodes in the network • u, v are principals such as communicating nodes. • {fk} is a family of pseudo-random function • {s}k means encrypting msg with a key k • MAC(k, s) is the message authentication code of a msg using a symmetric key k
Establishing Individual Node Keys • Ku is the individual key for a node u • f is a pseudo random function • Ks is a master key only known to the controller Then we have Ku = f Ks(u) if BS want to communicate with u, it computes Ku on the fly
Establishing Pairwise Shared Keys Recall Definition… 4 Steps to establish pairwise key Step 1: Key pre-distribution: the controller generates an initial key KI and loads each node with this key. Each sensor node u drives a master key Ku = f Ki (u)
Establishing Pairwise Shared Keys Step 2: when a node u is deployed, it first initialize a timer to fire after time Tmin (will go back to this later) It tries to discover its neighbors. It broadcast HELLO msgs and wait for neighbor nodes’ responses. u --> * : u, Nonce u v --> u : v, MAC (Kv, Nonce U | v) u then stores all Kv = f Ki(v)
Establishing Pairwise Shared Keys Step 3: since u got Kv, u then compute Kuv=fKv(u) Step 4: when its timer expires, node u erases KI and all the keys Kv it computed in the neighbor discovery phase.
Establishing Pairwise Shared Keys Tmin: is the time necessary for an adversary to compromise a sensor node. LEAP assumes that Tmin is larger than the maximum time to finish the key distribution
Establishing Cluster Keys Suppose u want to create a cluster key Algorithm: stamp: u generates a random key Kr for all u’s immediate neighbor u-->vi: (Kr)Ku If a neighborhood node is revoked, goto stamp
Establishing Multi-hop Pairwise Shared Keys • Two approcachs • The first similar to single hop establishment • A more complicated scheme
Establishing Group Keys • First approach: distribute a msg M securely to all the nodes using hop-by-hop transmission. BS encrypts M with its cluster key and then broadcast the msg. drawback: each node need to compute quite amount of time and comsumes energy
Establishing Group Keys • Second approach: preload the key drawback: must make sure fashion
Skeleton • Introduction • Four Keys and Their Establishment • Security Analysis
Survivability • A detected compromise node • Compromise Detection (think as an attacker) • Individual keys does not help attacker. • Pairwise and cluster keys win the trust of only neighbor nodes • Group keys allow to decrypt broadcast msgs (but the information level is low) and adversary could not flood the network coz it employes μTESTLA scheme.
Defending Various attacks on Security Routing Forwarding Attack • Inter-node authentication scheme makes these attacks only possible in a two-hop zone of the compromised node. • Because attackers are localized in a small zone, the adversary takes a high risk of being detected one-way key chain authentication vs probabilistic challenger scheme
Defending Various attacks on Security Routing Sinkhole attack: a compromised node may try to attract packets from its neighbors and then drop them. Wormhole attack: two distance node which have an-out-of-band low latency link that is invisible to the underlying sensor network.
Ending Thank you ^_^