Security in Sensor Networks. Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury

Similar documents
Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping

Wireless Network Security Spring 2014

Jamming-resistant Broadcast Communication without Shared Keys

Wireless Sensor Networks

DEEJAM: Defeating Energy-Efficient Jamming in IEEE based Wireless Networks

Optimal Clock Synchronization in Networks. Christoph Lenzen Philipp Sommer Roger Wattenhofer

Jamming-resistant Broadcast Communication without Shared Keys

Interleaving And Channel Encoding Of Data Packets In Wireless Communications

USD-FH: Jamming-resistant Wireless Communication using Frequency Hopping with Uncoordinated Seed Disclosure

CS649 Sensor Networks IP Lecture 9: Synchronization

Wireless Network Security Spring 2016

ANTI-JAMMING BROADCAST COMMUNICATION USING UNCOORDINATED FREQUENCY HOPPING

Ad Hoc Networks - Routing and Security Issues

Jamming Attacks with its Various Techniques and AODV in Wireless Networks

Minimization of Jamming Attack in Wireless Broadcast Networks Using Neighboring Node Technique

Randomized Channel Hopping Scheme for Anti-Jamming Communication

Safeguarding Wireless Service Access

Chapter 10 Mobile Communication Systems

Understanding and Mitigating the Impact of Interference on Networks. By Gulzar Ahmad Sanjay Bhatt Morteza Kheirkhah Adam Kral Jannik Sundø

Achieving Network Consistency. Octav Chipara

Vulnerability modelling of ad hoc routing protocols a comparison of OLSR and DSR

Detection and Prevention of Physical Jamming Attacks in Vehicular Environment

Trust Based Suspicious Route Categorization for Wireless Networks and its Applications to Physical Layer Attack S. RAJA RATNA 1, DR. R.

Lecture on Sensor Networks

Syed Obaid Amin. Date: February 11 th, Networking Lab Kyung Hee University

Anti-Jamming: A Study

Secure Ad-Hoc Routing Protocols

Exercise Data Networks

Dynamic TTL Variance Foretelling Based Enhancement Of AODV Routing Protocol In MANET

Robust Key Establishment in Sensor Networks

Secure Reac)ve Ad Hoc Rou)ng. Hongyang Li

A Review of Current Routing Protocols for Ad Hoc Mobile Wireless Networks

An Effective Defensive Node against Jamming Attacks in Sensor Networks

The Pennsylvania State University The Graduate School COMPROMISE-RESILIENT ANTI-JAMMING COMMUNICATION IN WIRELESS SENSOR NETWORKS

Wireless Network Security Spring 2015

Public-key Cryptography: Theory and Practice

Prevention of Selective Jamming Attack Using Cryptographic Packet Hiding Methods

Wireless Sensor Network based Shooter Localization

Luca Schenato joint work with: A. Basso, G. Gamba

Wireless ad hoc networks. Acknowledgement: Slides borrowed from Richard Y. Yale

Channel Surfing and Spatial Retreats: Defenses against Wireless Denial of Service

Merkle s Puzzles. c Eli Biham - May 3, Merkle s Puzzles (8)

Analysis and Optimization on Jamming-resistant Collaborative Broadcast in Large-Scale Networks

Thwarting Control-Channel Jamming Attacks from Inside Jammers

Low-Power Interoperability for the IPv6 Internet of Things

UNDERSTANDING AND MITIGATING

AS-MAC: An Asynchronous Scheduled MAC Protocol for Wireless Sensor Networks

ROUTING PROTOCOLS. Dr. Ahmed Khattab. EECE Department Cairo University Fall 2012 ELC 659/ELC724

Two Improvements of Random Key Predistribution for Wireless Sensor Networks

Simulation Based Analysis of Jamming Attack in OLSR, GRP, TORA. and Improvement with PCF in TORA using OPNET tool

Principles of Ad Hoc Networking

Introduction. Introduction ROBUST SENSOR POSITIONING IN WIRELESS AD HOC SENSOR NETWORKS. Smart Wireless Sensor Systems 1

Secure Initialization of Multiple Constrained Wireless Devices for an Unaided User

SourceSync. Exploiting Sender Diversity

A Blueprint for Civil GPS Navigation Message Authentication

Wireless Network Security Spring 2016

Privacy at the communication layer

TMA4155 Cryptography, Intro

UWB for Sensor Networks:

Mohammed Ghowse.M.E 1, Mr. E.S.K.Vijay Anand 2

Energy-Efficient MANET Routing: Ideal vs. Realistic Performance

Increasing Broadcast Reliability for Vehicular Ad Hoc Networks. Nathan Balon and Jinhua Guo University of Michigan - Dearborn

FTSP Power Characterization

Opportunistic Routing in Wireless Mesh Networks

Efficiently multicasting medical images in mobile Adhoc network for patient diagnosing diseases.

Clock Synchronization

Ultra-Low Duty Cycle MAC with Scheduled Channel Polling

Politecnico di Milano Facoltà di Ingegneria dell Informazione. 3 Basic concepts. Wireless Networks Prof. Antonio Capone

T. Yoo, E. Setton, X. Zhu, Pr. Goldsmith and Pr. Girod Department of Electrical Engineering Stanford University

WisperNet: Anti-Jamming for Wireless Sensor Networks

RF Management in SonicOS 4.0 Enhanced

Clock Synchronization

HiRLoc: High-resolution Robust Localization for Wireless Sensor Networks

Defending Wireless Sensor Networks from Radio Interference through Channel Adaptation

Scalable Routing Protocols for Mobile Ad Hoc Networks

M U LT I C A S T C O M M U N I C AT I O N S. Tarik Cicic

Repelling Sybil-type attacks in wireless ad hoc systems

Time Iteration Protocol for TOD Clock Synchronization. Eric E. Johnson. January 23, 1992

Mathematical Problems in Networked Embedded Systems

Link-state protocols and Open Shortest Path First (OSPF)

Isolation Mechanism for Jamming Attack in MANET

INTRODUCTION TO WIRELESS SENSOR NETWORKS. CHAPTER 3: RADIO COMMUNICATIONS Anna Förster

ISSN Vol.06,Issue.09, October-2014, Pages:

EE 418: Network Security and Cryptography

Mitigation of Periodic Jamming in a Spread Spectrum System by Adaptive Filter Selection

IJSER 1. INTRODUCTION 2. ANALYSIS

o Broken by using frequency analysis o XOR is a polyalphabetic cipher in binary

Volume 5, Issue 3, March 2017 International Journal of Advance Research in Computer Science and Management Studies

Jamming Attack Detection and Isolation to Increase Efficiency of the Network in Mobile Ad-hoc Network

Cross-layer Approach to Low Energy Wireless Ad Hoc Networks

Designing Secure and Reliable Wireless Sensor Networks

SDR - Based Resilient Wireless Communications

Chapter 4: Directional and Smart Antennas. Prof. Yuh-Shyan Chen Department of CSIE National Taipei University

Survey of MANET based on Routing Protocols

Wireless Network Security Spring 2015

Avoid Impact of Jamming Using Multipath Routing Based on Wireless Mesh Networks

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

Ultra-Low Duty Cycle MAC with Scheduled Channel Polling

Evaluation of the 6TiSCH Network Formation

Transcription:

Security in Sensor Networks Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury

Mobile Ad-hoc Networks (MANET) Mobile Random and perhaps constantly changing Ad-hoc Not engineered Networks Elastic data applications which use networks to communicate 2

MANET Issues Routing (IETF s MANET group) IP Addressing (IETF s autoconf group) Transport Layer (IETF s tsvwg group) Power Management Security Quality of Service (QoS) Multicasting/ Broadcasting Products 3

Overview Part 1 Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping Part 2 Secure Time Synchronization in Sensor Networks 4

Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping 5

Motivation How can two devices that do not share any secret key for communication establish a shared secret key over a wireless radio channel in the presence of a communication jammer? Converting the dependency cycle to dependency chain. 6

What are we destined to achieve? Coordinated Frequency Hopping A 4 2 1 2 5 7 3 8 1 1 6 9 9 1 4 5 B 4 2 1 2 5 7 3 8 1 1 6 9 9 1 4 5 7

Attacker Model A Sender B Receiver J Attacker 8

Goal of the Attacker Prevent them from exchanging information. Increasing (possibly indefinitely) the time for the message exchange in the most efficient Jam the signal way. A AB A A listen listen Sending Relevant Data E E B Sending Random Messages Replay with delay Inserting Modifying Messages: Jamming messages: messages: Insert messages Modify Jam messages generated by using transmitting flipping known single (cryptographic) signals message that bits cause functions or the by and keys original as entirely well signal as overshadowing by reusing to become previously unreadable original overheard messages. by the receiver. messages. B B 9

Basics Successful Transmission 12 2 3 23 5 65 8 78 14 2 33 1 7 7 1 5 Sender A is divided into small frequency channels. Receiver B has larger frequency channels as compared to A 10

Uncoordinated Frequency Hopping M1 M2 M3 M4MESSAGE M5 M6 M7 M8 M9 M10 From Last Packet id 1 h(m 2 ) m 1 id 2 h(m 3 ) M2 m 2 Each packet consists of : Identifier (id) indicating the message the packet belongs to Fragment number (i) Message fragment (Mi) Hash of the next packet (h(m i+1 )). 11

Uncoordinated Frequency Hopping Packet Chain Each packet consists: Identifier (id) indicating the message the packet belongs to Fragment number (i) Message fragment (Mi) Hash of the next packet (h(mi+1)). 12

UFH Message Transfer Protocol The protocol enables the transfer of messages of arbitrary lengths using UFH. Fragmentation - Fragments the message into small packets - Hash Function is added Transmission - A high number of repetitions (Sends Randomly) - Listens the input channels to record all incoming packets Reassembly - Packets linked according to Hash Function 13

Security Analysis of the UFH Message Transfer Protocol 14

UFH Key Establishment Stage 1 The nodes execute a key establishment protocol and agree on a shared secret key K using UFH. Stage 2 Each node transforms K into a hopping sequence, subsequently, the nodes communicate using coordinated frequency hopping. 15

UFH key establishment using authenticated DH protocol Diffie-Hellman Protocol for Key Exchange Alice Bob a, g, p K A = g a mod p K A, g, p b K B = g b mod p K AB = K B a mod p K B K AB = K A b mod p???????????? Eve 16

UFH key establishment using authenticated DH protocol Stage 1 Public T A, K A A B Public T A, K B Uncoordinated Frequency Hopping A B K = K AB Shared Key (KAB) for Coordinated Frequency Hopping K = K AB 17

UFH key establishment using authenticated DH protocol Stage 2 Coordinated Frequency Hopping using the K AB A 4 2 1 2 5 7 3 8 1 1 6 9 9 1 4 5 B 4 2 1 2 5 7 3 8 1 1 6 9 9 1 4 5 18

Results P j = Probability that a packet is Jammed C = Total no. of Channels l = no of packets N j = exp. no. of required packets transmissions C n = No. of channels for receiving C m = No. of Channels for sending 19

Problems How does the receiver know that sender is about the send some data? How does the sender come to know that this packet is from this specific chain (not id) like if 5 packet is received at the receiver end and 4,6 not received? How come the receiver comes to know that the packet sent is legitimate? Data overflow? 20

Conclusion Coordinated Frequency Hopping has been achieved in presence of a jammer without the use of pre-shared keys for frequency hopping. Useful in many things like time synchronization 21

Motivation How to provide secure time synchronization for a pair or group of nodes (Connected Directly or Indirectly)? Synchronizing time is essential for many applications Security Energy Efficiency 22

Sensor Node Clock Three reasons for the nodes to be representing different times in their respective clocks The nodes might have been started at different times, Clock Clock with with skew drift Clock with offset Drift Reference Clock The quartz crystals at each of these nodes might be running at slightly different frequencies, Measured Time Offset Skew Errors due to aging or ambient conditions such as temperature Actual Time 23

Attacker Model Two types of attacker models: External Attacker: None of the nodes inside the network have been compromised Internal Attacker: One or more nodes have been compromised, its secret key is known to the attacker 24

Sender-Receiver Synchronization A handshake protocol between a pair of nodes. A T1 T2 T1 T4 T3 T4 B T2 T3 Sender synchronizes to the receiver clock Step1 T2 = T1 + d + δ Step2 T4 = T3 - d + δ Clock Offset Delay 25

Sender-Receiver Synchronization Example A 500 700 B 200 300 δ = (( 200 500 ) - ( 700 300)) / 2 = -350 d = ((200 500) + (700 300))/2 = 50 Sender (A) updates its clock by δ ( Here -350) 26

External Attacker Three types in which attacker can harm the time synchronization: Modifying the values of T2 and T3 Message forging and replay Pulse delay Attack 27

Pulse Delay Attack Jam the signal A T1 T4 T4 A B B T2 listen T3 Replay with delay T3 E E Step1 T2 = T1 + d + δ Step2 T4 = T3 - d + δ δ = ((T2 T1) (T4 T3)) /2 d = ((T2 T1) + (T4 T3)) /2 28

SECURE TIME SYNCHRONIZATION Three types of synchronization have been discussed: Secure Pairwise Synchronization Secure Group Synchronization Secure Pairwise Multi-hop Synchronization 29

Message Authentication Code 30

Secure Pairwise Synchronization (SPS) A T1 T4 P1 P2 B T2 T3 Message integrity and authenticity are ensured through the use of Message Authentication Codes (MAC) and a key K ab shared between A and B. P1 P2 sync T2, T3,ack If d<= d* then clock offset (δ) else abort 31

Results Experiment Non Malicious = 10 μs = 25 μs Average error Maximum error Minimum error Attack detection probability 12.05 μs 35 μs 1 μs NA 19.44 μs 44 μs 1 μs 1 % 35.67 μs 75 μs 16 μs 82% 32

GROUP SYNCHRONIZATION 2 Types: Lightweight Secure Group Synchronization - Resilient to External attacks only Secure Group Synchronization - Resilient to External attacks as well as internal attacks (Attacks from compromised nodes) 33

Lightweight Secure Group Synchronization (L-SGS) Step 1 G2 A B T1 T2 T3 T4 P1 P1 P1 G3 G1 G4 P1 P1 G5 G4 P1 sync 34

Lightweight Secure Group Synchronization (L-SGS) Step 2 G2 A B T1 T2 T3 T4 P2 P2 P2 G3 G1 G4 P2 P2 G5 G4 P2 T2, T3 (Every node which receives sync from G1) 35

Lightweight Secure Group Synchronization (L-SGS) Step 3 G2 A B T1 T2 T3 T4 G3 G1 G4 G5 G4 Pr compute d for every node d ij if d ij d then (Clock offset ) ij else abort 36

Lightweight Secure Group Synchronization (L-SGS) Step 4 G2 A B T1 T2 T3 T4 G3 G1 G4 Estimation of the local clock of G i G5 Local Clock G4 C ij C i + (Clock offset) ij Pairwise offset 37

Lightweight Secure Group Synchronization (L-SGS) Step 5 G2 A B T1 T2 T3 T4 G3 G1 G4 Global Clock G5 G4 C g i Median (C i, [C ij ] j=1..n;j<>n ) 38

Secure Group Synchronization Secure Group Synchronization is resilient to both external and internal attacks We will make the use of tables (O i for node G i ) 39

Secure Group Synchronization 1 st two steps are the same as (L-SGS) Step 3 G2 O G4 O G3 G3 G1 G4 G5 G4 O i = O i U δ ij 40

Secure Group Synchronization Step 4 G2 P4 P4 G3 P4 G1 P4 G4 P4 G5 G4 P4 O i 41

Secure Group Synchronization Step 5 G2 G3 G1 G4 G5 G4 Run the SOM( (N 1)/3 ) algorithm to compute C ij 42

SOM Recursive Algorithm Each node uses other group members to compute C ij k1 i k2 j k3 43

Secure Group Synchronization Step 5 G2 G3 G1 G4 Global Clock G5 G4 C g i Median (C i, [C ij ] j=1..n;j<>n ) 44

Results N = No. of nodes (14) C = Compromised nodes C = (11,12,13,14) N = No. of nodes T = Time to finish SGS SOM(i) = No. of Compromised nodes 45

Secure Pairwise Multi-hop Synchronization Enable distant nodes, multiple hops away from each other, to establish pairwise clock offsets Categorized into two types: Secure Simple Multi-hop Synchronization Secure Transitive Multi-hop Synchronization 46

Secure Simple Multi-hop Synchronization A T1 T4 G1 G2 G3 G4 P1 P1 P1 P1 P2 P2 P2 P2 GN P1 P2 B P1 P2 sync T2 T2, T3,ack T3 If d<= dm* then δ = ((T2 T1) (T4 T3))/2 else abort 47

Secure Transitive Multi-hop Synchronization Step 1 A T1 T4 P1 P1 P1 B T2 T3 A G1 G2 B P1 sync 48

Secure Transitive Multi-hop Synchronization Step 2 A T1 T4 P2 B T2 T3 A G1 G2 B P2 T2 (B), T3(B),ack G2 is synchronized to B 49

Secure Transitive Multi-hop Synchronization (STM) Step 3 A T1 T4 P3 B T2 T3 A G1 G2 B P3 T2 (G2), T3(G2),ack G1 is synchronized to G2 50

Secure Transitive Multi-hop Synchronization Step 4 A T1 T4 P4 B T2 T3 A G1 G2 B P4 T2 (G1), T3(G1),ack A is synchronized to G1 51

Conclusion SPS achieves the same synchronization precision on a pair of motes as the insecure time synchronization protocols. Even under a pulsedelay attack, SPS can keep the nodes in sync within 40μs. SGS is able to synchronize a group of four motes within50μs, even with 1 node used for internal attack SPS extended to STM. 52

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback