Security in Sensor Networks Written by: Prof. Srdjan Capkun & - PowerPoint PPT Presentation

Security in Sensor Networks Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury

Mobile Ad-hoc Networks (MANET) � Mobile Random and perhaps constantly changing � Ad-hoc Not engineered � Networks Elastic data applications which use networks to communicate 2

MANET Issues � Routing (IETF’s MANET group) � IP Addressing (IETF’s autoconf group) � Transport Layer (IETF’s tsvwg group) � Power Management � Security � Quality of Service (QoS) � Multicasting/ Broadcasting � Products 3

Overview � Part 1 Jamming-resistant Key Establishment using Uncoordinated � Frequency Hopping � Part 2 � Secure Time Synchronization in Sensor Networks 4

Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping 5

Motivation � How can two devices that do not share any secret key for communication establish a shared secret key over a wireless radio channel in the presence of a communication jammer? � Converting the dependency cycle to dependency chain. 6

What are we destined to achieve? Coordinated Frequency Hopping 4 2 1 5 7 3 8 1 6 9 9 1 4 2 5 1 A 5 3 8 1 9 9 1 4 4 2 1 7 6 5 2 1 B 7

Attacker Model A – Sender B – Receiver J – Attacker 8

Goal of the Attacker � Prevent them from exchanging information. Increasing (possibly indefinitely) the time for the message exchange in the most efficient way. Jam the signal S e n d i n g R e l e v a n t D a t a A AB A B A B listen Sending Random B A B listen Messages Replay with delay E E E Inserting Messages: Insert messages generated using known (cryptographic) functions Modifying messages: Modify messages by flipping single message bits or by Jamming messages: Jam messages by transmitting signals that cause the and keys as well as by reusing previously overheard messages. entirely overshadowing original messages. original signal to become unreadable by the receiver. 9

Basics Successful Transmission 12 2 3 23 5 65 8 78 14 2 33 1 7 7 1 5 Sender A is divided into small frequency channels. Receiver B has larger frequency channels as compared to A 10

Uncoordinated Frequency Hopping M1 M2 M3 M4 M5 M6 M7 M8 M9 M 10 MESSAGE id 1 id h(m 2 ) 2 h(m 3 ) M2 From Last Packet m 1 m 2 • Each packet consists of : • Identifier ( id ) indicating the message the packet belongs to • Fragment number ( i ) • Message fragment ( Mi ) • Hash of the next packet ( h(m i+1 ) ). 11

Uncoordinated Frequency Hopping Packet Chain • Each packet consists: • Identifier ( id ) indicating the message the packet belongs to • Fragment number ( i ) • Message fragment ( Mi ) • Hash of the next packet ( h(mi+1) ). 12

UFH Message Transfer Protocol � The protocol enables the transfer of messages of arbitrary lengths using UFH. Fragmentation � - Fragments the message into small packets - Hash Function is added Transmission � - A high number of repetitions (Sends Randomly) - Listens the input channels to record all incoming packets Reassembly � - Packets linked according to Hash Function 13

Security Analysis of the UFH Message Transfer Protocol 14

UFH Key Establishment Stage 2 Stage 1 Each node transforms K The nodes execute a key into a hopping sequence, establishment protocol subsequently, the nodes and agree on a shared communicate using secret key K using UFH. coordinated frequency hopping. 15

UFH key establishment using authenticated DH protocol Diffie-Hellman Protocol for Key Exchange Alice Bob a, g, p b K A , g, p K A = g a mod p K B = g b mod p K B a mod p b mod p K AB = K B K AB = K A ?????? ?????? Eve 16

UFH key establishment using authenticated DH protocol Stage 1 Public T A , K A A B Public Uncoordinated T A , K B Frequency Hopping A B K = K AB K = K AB Shared Key (KAB) for Coordinated Frequency Hopping 17

UFH key establishment using authenticated DH protocol Stage 2 Coordinated Frequency Hopping using the K AB 4 2 1 5 7 3 8 1 6 9 9 4 1 2 1 5 A 5 3 8 1 9 9 1 4 4 2 1 7 6 1 5 2 B 18

Results P j = Probability that a packet is Jammed C = Total no. of Channels l = no of packets N j = exp. no. of required packets transmissions C n = No. of channels for receiving C m = No. of Channels for sending 19

Problems � How does the receiver know that sender is about the send some data? � How does the sender come to know that this packet is from this specific chain (not id) like if 5 packet is received at the receiver end and 4,6 not received? How come the receiver comes to know that the packet sent is legitimate? � Data overflow? 20

Conclusion � Coordinated Frequency Hopping has been achieved in presence of a jammer without the use of pre-shared keys for frequency hopping. � Useful in many things like time synchronization 21

Motivation � How to provide secure time synchronization for a pair or group of nodes (Connected Directly or Indirectly)? � Synchronizing time is essential for many applications Security � Energy Efficiency � 22

Sensor Node Clock � Three reasons for the nodes to be representing different times in their respective clocks The nodes might have been started at � different times, The quartz crystals at each of these � nodes might be running at slightly Clock with drift Clock with skew Drift different frequencies, Clock with offset Reference Clock Skew Errors due to aging or ambient � conditions such as temperature Measured Time Offset Actual Time 23

Attacker Model � Two types of attacker models: � External Attacker: None of the nodes inside the network have been compromised � Internal Attacker: One or more nodes have been compromised, its secret key is known to the attacker 24

Sender-Receiver Synchronization � A handshake protocol between a pair of nodes. T2 – T1 T1 T4 – T3 T4 A B T3 T2 Sender synchronizes to the receiver clock Step1 � T2 = T1 + d + δ Step2 � T4 = T3 - d + δ Delay Clock Offset 25

Sender-Receiver Synchronization � Example 500 700 A B 300 200 δ = (( 200 – 500 ) - ( 700 – 300)) / 2 = -350 d = ((200 – 500) + (700 – 300))/2 = 50 Sender (A) updates its clock by δ ( Here -350) 26

External Attacker � Three types in which attacker can harm the time synchronization: � Modifying the values of T2 and T3 � Message forging and replay � Pulse delay Attack 27

Pulse Delay Attack Jam the signal T1 T4’ T4 A A B listen T3’ E Replay with delay B T3 T2 E Step1 � T2 = T1 + d + δ Step2 � T4’= T3 - d + δ δ = ((T2 – T1) – (T4’ – T3)) /2 d = ((T2 – T1) + (T4’ – T3)) /2 28

SECURE TIME SYNCHRONIZATION � Three types of synchronization have been discussed: Secure Pairwise Synchronization � Secure Group Synchronization � Secure Pairwise Multi-hop Synchronization � 29

30 Message Authentication Code

Secure Pairwise Synchronization (SPS) T4 T1 A P1 P2 B T3 T2 •Message integrity and authenticity are ensured through the use of Message Authentication Codes (MAC) and a key K ab shared between A and B . P1 sync T2, T3,ack P2 If d<= d* then clock offset ( δ ) else abort 31

Results Average Maximum Minimum Attack detection Experiment error error error probability Non 12.05 μ s 35 μ s 1 μ s NA Malicious 44 μ s ∆ = 10 μ s 19.44 μ s 1 μ s 1 % ∆ = 25 μ s 35.67 μ s 75 μ s 16 μ s 82% 32

GROUP SYNCHRONIZATION � 2 Types: Lightweight Secure Group Synchronization � - Resilient to External attacks only Secure Group Synchronization � - Resilient to External attacks as well as internal attacks (Attacks from compromised nodes) 33

Lightweight Secure Group Synchronization (L-SGS) T1 T4 A Step 1 B T3 T2 G2 P1 P1 P1 G4 G3 G1 P1 P1 G5 G4 sync P1 34

Lightweight Secure Group Synchronization (L-SGS) T1 T4 A Step 2 B T3 T2 G2 P2 P2 P2 G4 G3 G1 P2 P2 G5 G4 P2 T2, T3 (Every node which receives sync from G1) 35

Lightweight Secure Group Synchronization (L-SGS) T1 T4 A Step 3 B T3 T2 G2 G4 G3 G1 G5 G4 compute d for every node d ij Pr if d ij ≤ d ∗ then (Clock offset ) ij else abort 36

Lightweight Secure Group Synchronization (L-SGS) T1 T4 A Step 4 B T3 T2 G2 G4 G3 G1 G5 G4 Estimation of the local Local Clock clock of G i C ij C i + (Clock offset) ij Pairwise offset 37

Lightweight Secure Group Synchronization (L-SGS) T1 T4 A Step 5 B T3 T2 G2 G4 G3 G1 G5 G4 Global Clock C g i Median (C i , [C ij ] j=1…..N;j<>n ) 38

Secure Group Synchronization � Secure Group Synchronization is resilient to both external and internal attacks � We will make the use of tables (O i for node G i ) 39

Secure Group Synchronization 1 st two steps are the same as (L-SGS) Step 3 O G4 G2 O G3 G4 G3 G1 G5 G4 O i = O i U δ ij 40

Secure Group Synchronization G2 Step 4 P4 P4 G4 G3 G1 P4 P4 P4 G5 G4 P4 O i 41

Secure Group Synchronization G2 Step 5 G4 G3 G1 G5 G4 Run the SOM( ⌊ ( N − 1)/3 ⌋ ) algorithm to compute C ij 42