SR3: Secure Reputation-based Resilient Routing Karine Altisen Stéphane Devismes Raphaël Jamet Pascal Lafourcade VERIMAG, Universités de Grenoble This work was supported by the ARESA2 ANR Project Altisen et al. (VERIMAG) SR3 15 May 2013 1 / 31
Outline Introduction SR3 Security properties Resiliency and performances Conclusion Altisen et al. (VERIMAG) SR3 15 May 2013 2 / 31
Introduction Outline Introduction SR3 Security properties Resiliency and performances Conclusion Altisen et al. (VERIMAG) SR3 15 May 2013 3 / 31
Introduction Challenges of secure routing in WSN Security for routing in wireless sensor networks is hard, but necessary: ◮ Low memory, computing power, energy consumption ◮ Wireless medium is inherently vulnerable ◮ Compromise nodes: easy Altisen et al. (VERIMAG) SR3 15 May 2013 4 / 31
Introduction Two main types of attacks Packet-level attacks, e.g. ◮ Data messages alteration ◮ Creation of new data or control messages Altisen et al. (VERIMAG) SR3 15 May 2013 5 / 31
Introduction Two main types of attacks Packet-level attacks, e.g. ◮ Data messages alteration ◮ Creation of new data or control messages They are solved with lightweight cryptography ( e.g. , hash functions, symmetric cryptography, nonces). Altisen et al. (VERIMAG) SR3 15 May 2013 5 / 31
Introduction Two main types of attacks Packet-level attacks, e.g. ◮ Data messages alteration ◮ Creation of new data or control messages They are solved with lightweight cryptography ( e.g. , hash functions, symmetric cryptography, nonces). Routing-level attacks, e.g. ◮ Compromised nodes drop packets (blackholes, select forwarding) ◮ Attackers attract traffic using out-of-band channels (wormholes) Altisen et al. (VERIMAG) SR3 15 May 2013 5 / 31
Introduction Two main types of attacks Packet-level attacks, e.g. ◮ Data messages alteration ◮ Creation of new data or control messages They are solved with lightweight cryptography ( e.g. , hash functions, symmetric cryptography, nonces). Routing-level attacks, e.g. ◮ Compromised nodes drop packets (blackholes, select forwarding) ◮ Attackers attract traffic using out-of-band channels (wormholes) Our protocol is resilient against this type of attacks Resiliency “Capacity of a network to endure and overcome internal attacks” [EOKMV11] Altisen et al. (VERIMAG) SR3 15 May 2013 5 / 31
SR3 Outline Introduction SR3 Security properties Resiliency and performances Conclusion Altisen et al. (VERIMAG) SR3 15 May 2013 6 / 31
SR3 Main ideas SR3: Secure Reputation-based Resilient Routing ◮ Convergecast routing from all sensors to the sink (server) ◮ Reinforced random walk ◮ Built with a reputation mechanism ◮ Based on unconditionally trusted information Altisen et al. (VERIMAG) SR3 15 May 2013 7 / 31
SR3 SR3: Overview ◮ A chooses the next hop among its Sink neighbors, according to its confidence on them. BH D A C Altisen et al. (VERIMAG) SR3 15 May 2013 8 / 31
SR3 SR3: Overview ◮ A chooses the next hop among its Sink neighbors, according to its confidence on them. ◮ The sink answers with an ACK BH D that tries to follow the reverse of the path of the message. A C Altisen et al. (VERIMAG) SR3 15 May 2013 8 / 31
SR3 SR3: Overview ◮ A chooses the next hop among its Sink neighbors, according to its confidence on them. ◮ The sink answers with an ACK BH D that tries to follow the reverse of the path of the message. A ◮ If A gets a valid ACK, it increases its confidence in the neighbor who previously routed the corresponding message. C Altisen et al. (VERIMAG) SR3 15 May 2013 8 / 31
SR3 SR3: Packet-level attacks Messages: E k src ( Data || N ) , H ( N ) , Src ACK: N , Src ◮ Attacker who listens to the data ◮ Attacker who replays acknowledgements ◮ Attacker who alters or creates messages ◮ Attacker forging ACKs Altisen et al. (VERIMAG) SR3 15 May 2013 9 / 31
SR3 SR3: Packet-level attacks Messages: E k src ( Data || N ) , H ( N ) , Src ACK: N , Src ◮ Attacker who listens to the data → Symmetric cryptography E k src using a key shared with the sink ◮ Attacker who replays acknowledgements ◮ Attacker who alters or creates messages ◮ Attacker forging ACKs Altisen et al. (VERIMAG) SR3 15 May 2013 9 / 31
SR3 SR3: Packet-level attacks Messages: E k src ( Data || N ) , H ( N ) , Src ACK: N , Src ◮ Attacker who listens to the data → Symmetric cryptography E k src using a key shared with the sink ◮ Attacker who replays acknowledgements → An unpredictable nonce N per message, encrypted with the data ◮ Attacker who alters or creates messages ◮ Attacker forging ACKs Altisen et al. (VERIMAG) SR3 15 May 2013 9 / 31
SR3 SR3: Packet-level attacks Messages: E k src ( Data || N ) , H ( N ) , Src ACK: N , Src ◮ Attacker who listens to the data → Symmetric cryptography E k src using a key shared with the sink ◮ Attacker who replays acknowledgements → An unpredictable nonce N per message, encrypted with the data ◮ Attacker who alters or creates messages → Add H ( N ) and check that it matches the ciphertext part ◮ Attacker forging ACKs Altisen et al. (VERIMAG) SR3 15 May 2013 9 / 31
SR3 SR3: Packet-level attacks Messages: E k src ( Data || N ) , H ( N ) , Src ACK: N , Src ◮ Attacker who listens to the data → Symmetric cryptography E k src using a key shared with the sink ◮ Attacker who replays acknowledgements → An unpredictable nonce N per message, encrypted with the data ◮ Attacker who alters or creates messages → Add H ( N ) and check that it matches the ciphertext part ◮ Attacker forging ACKs → Keep the nonce secret until delivery, and reveal it in the ACK Altisen et al. (VERIMAG) SR3 15 May 2013 9 / 31
SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. B C A Sink D L Queue : [ ( N ′ , D ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31
SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. E k A ( Data || N ) , H ( N ) , A B C A Sink D L Queue : [ ( N ′ , D ) , ( N , B ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31
SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. E k A ( Data || N ) , H ( N ) , A E k A ( Data || N ) , H ( N ) , A B C A Sink D L Queue : [ ( N ′ , D ) , ( N , B ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31
SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. E k A ( Data || N ) , H ( N ) , A E k A ( Data || N ) , H ( N ) , A B C ◮ Decrypt ◮ Check validity A Sink D ◮ Build ACK L Queue : [ ( N ′ , D ) , ( N , B ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31
SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. E k A ( Data || N ) , H ( N ) , A E k A ( Data || N ) , H ( N ) , A B C ◮ Decrypt ◮ Check validity A Sink D ◮ Build ACK N , A L Queue : [ ( N ′ , D ) , ( N , B ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31
SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. ◮ Upon reception of an ACK which contains N , ◮ If A is not the final destination for that ACK, A routes it, ◮ Else, if it recalls the corresponding message using L Queue , it reinforces A’s trust in B. ◮ Otherwise, A drops the ACK. E k A ( Data || N ) , H ( N ) , A E k A ( Data || N ) , H ( N ) , A B C ◮ Decrypt ◮ Check validity A Sink D N , A ◮ Build ACK N , A L Queue : [ ( N ′ , D ) , ( N , B ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31
SR3 SR3: Keep track of messages using L Queue ◮ When A generates a new message with a nonce N , it chooses the next hop B, and stores a trace of this choice in L Queue , a bounded size FIFO list. ◮ Upon reception of an ACK which contains N , ◮ If A is not the final destination for that ACK, A routes it, ◮ Else, if it recalls the corresponding message using L Queue , it reinforces A’s trust in B. ◮ Otherwise, A drops the ACK. E k A ( Data || N ) , H ( N ) , A E k A ( Data || N ) , H ( N ) , A B C ◮ Decrypt ◮ Check validity A Sink D N , A ◮ Build ACK N , A L Queue : [ ( N ′ , D ) ] Altisen et al. (VERIMAG) SR3 15 May 2013 10 / 31
SR3 SR3: Reputation ◮ Trust in a node is the number of identifiers of that node in a bounded FIFO list, L Routing , initially empty. ◮ Messages are routed probabilistically according to the node’s L Routing . F’s L Routing , max size = 3 : Pr ( X = n ) = | L Routing | n + δ − 1 v [ , , ] ( ⋆ ) | L Routing | + 1 A C P ( X = C ) = 0 + 0 . 5 = 50 % 1 F P ( X = D ) = 0 + 0 . 5 H Sink = 50 % 1 D B Altisen et al. (VERIMAG) SR3 15 May 2013 11 / 31
Recommend
More recommend