past probabilistic authentication of sensor timestamps
play

PAST : Probabilistic Authentication of Sensor Timestamps Ashish - PowerPoint PPT Presentation

PAST : Probabilistic Authentication of Sensor Timestamps Ashish Gehani SRI 1 INTRODUCTION : What is a sensor? Example sensor: MICA mote Figure 1: Mote in a vineyard 2 INTRODUCTION : What is a sensor network? Sensors measure the


  1. PAST : Probabilistic Authentication of Sensor Timestamps Ashish Gehani SRI 1

  2. INTRODUCTION : What is a sensor? • Example sensor: MICA mote Figure 1: Mote in a vineyard 2

  3. INTRODUCTION : What is a sensor network? • Sensors measure the environment Target Phenomenon Sensor Storage Server Base Station 3

  4. MOTIVATION : Are the keys safe? • Key compromise likely: – Sensors exposed since: ∗ Deployed in public, remote locations ∗ Physically reachable – Base station exposed since: ∗ Sensors use radio ∗ Power (range) is limited • Tamper-resilience is expensive: – Limited protection smart-card: $15 – IBM 4758 Secure Co-processor: $2,000 – Sensor: $1 4

  5. MOTIVATION : What is the problem? • Spurious readings → Scientific / judicial / financial consequences • Adversary can: – Tamper with sensors – Tamper with base stations • Trusted timestamps distinguish tainted data 5

  6. RELATED WORK : • 1999 : Bellare, Miner (UCSD) Forward secure authentication Uses public key cryptography Drains power rapidly, Slow • 2004 : Przydatek, Song, Perrig (CMU) Sensor network setting O ( n ) verification of n th reading • 2005 : Ouyang, Le, Ford, Makedon (Dartmouth) Initial key split among base stations 6

  7. GOALS : Which threats to address? • Time of sensor compromise known → Distinguish tainted data • Base station compromised → Prevent forgery of sensor timestamps • Adversary generates wireless noise → Tolerate unpredictable delays • Multiple sensors collude → Prevent masquerading • Fraction of sensors / base stations compromised → False authentication still hard 7

  8. CONSTRAINTS : How powerful is a node? • Base station: – Serves many sensors – Significant compute power, memory, bandwidth – CerfCube solar panels generate 60 − 120 Watts • MICA1 mote: – 8-bit microcontroller, 4 MHz, 4 KB RAM – Flash memory: 128 KB Instructions, 512 KB Data – 2 AA batteries, 2.5 Ah @ 3V 8

  9. CONSTRAINTS : How long does a mote last? • Sensing, computing → 75 hour life @ 0.1 W • Expected life is years → Sleep mode @ 30 µ W • TinySec on 29 byte packet: – Symmetric encryption: 2 ms – MAC: 3 ms • Public key algorithms: → Orders of magnitude more expensive → Significant reduction in mote life 9

  10. CONSTRAINTS : How fast is a mote? • RSA (512, 768, 1024 bits) : 3.8, 8.0, 14.5 sec • Reading: 16 bit timestamp, 16 bit data → 32 readings / 1024 bit RSA → 0.5 sec / reading • Signed hash → Transmit separate data, signature → @ 40 Kb/s : 25.6 sec → Amortize over many readings But . . . mote memory is small 10

  11. PAST : Overview 4 Reading verified using other data from same sensor Base Station Target Phenomenon Sensor 1 Reading generated at sensor 2 All readings 3 Successive sent to closest readings forwarded base station to different base stations 11

  12. PAST : Sensor block output d t j s Source Destination Index Timestamp Hash Notary Witness Notary Witness 1 1 2 2 Reading Reading 1 2 = Encrypted with key shared by sensor ’Source’ and base station ’Destination’ 12

  13. PAST : Testimony verification • Notary ( b d ) decrypts block • To validate j th witness w ij : b d → b i : { s, i, j, x } b i → b d : w ′ = h ( w ′ (Blinding) ij ⊕ x ) b d : w ′ ? = h ( w ij ⊕ x ) b i - i th block’s notary, s - Source sensor address, i - Block index, j - Witness index, x - Nonce • Probability of witness verification = Probability notary is not subverted 13

  14. PAST : FIFO • Witness generated by hash composition → Subverted nodes can’t forge earlier witness α Elements α r α h ( n− ) r h( ) n−1 2 r h ( ) n−2 Tail Head 14

  15. PAST : Witness generation • Distinct forward-secure witness sets ( w ij = h j ( r i ) ) → Trust is distributed α α α w r r α r α h ( n− ) h ( n− ) h ( ) α−1 1 Witness Set 2 2 2 2 w r r r r 2 r h ( ) h ( ) h ( ) h ( ) α−3 α−2 α−1 h ( ) n−3 2 n−2 w r r r r r r r r h( ) h( ) h( ) h( ) h( ) h( ) h( ) h( ) α α 1 α−2 α−1 α n−2 n−1 1 r r r r r r r α−1 α α+1 1 2 n−1 n Sensor Reading Block 15

  16. CONCLUSION : • Forward-secure timestamp authentication • Tolerates compromised: – Sensors – Base stations • O (1) timestamp verification • High certainty with: – Low power consumption – Low storage overhead 16

  17. More? 17

  18. ANALYSIS : Variable threshold • Adversary can deny true witness • Adversary can not provide false witness 18

  19. ANALYSIS : Varied number of witnesses 19

  20. ANALYSIS : Storage overhead 20

  21. ANALYSIS : Sybil Attack • Defence : Trust distributed Counter-attack : Adversary masquerades • Sensor, notary share key → Sensor can’t masquerade as other sensor • Block opaque to gateway → Gateway can’t masquerade as sensor / notary • Different keys used for notaries → Notary can’t masquerade as sensor 21

Recommend


More recommend