Reliability of Wireless Sensors with Code Attestation for Intrusion Detection

Reliability of Wireless Reliability of Wireless Sensors with Code Sensors with Code Attestation for Intrusion Attestation for Intrusion DetectionDetectionPresented by: Yating Wang

OutlineOutlineBackgroundCode attestationProblem definitionModelingCalculationPerformance and AnalysisConclusion

BackgroundBackground• Security properties: authentication secrecy data integritySecurity issues for Wireless Sensor

Networks(WSN) Outsider attacks (key management) Insider attacks (Intrusion

detection)

Code AttestationCode AttestationA software based method (verifier)Assumption: original codes must

be changed when sensors are compromised

Basic method: the trusted verifier evaluates the sensor compromised or not by comparing memory value (hash value) with its original value.

Examples of Code Examples of Code AttestationAttestationSWATT A sequence of memory address

checksum

Verifier sensorProgram

memo

Judgement: responding a correct answer within a time boundaryCons: the time to generate challenge; and time out because of channel collision

Examples of Code Attestation Examples of Code Attestation (cont’)(cont’)

Pre-deployed: Computing digest digital signiture

Code attestation:

Program

memo

Verifier sensor

Send ID

Random hash function

Hashing value of codes

Judgment: responding a correct hash valueCons: miss the intrusion not within a long service blockage

Examples of Code Attestation Examples of Code Attestation (cont’)(cont’)

Pre-deployment: filling empty memory with random noise

post-deployment: nodes sending distributes seeds to neighbors

First scheme:Cluster

neighbor1

neighbor2

Node A

Secret share1

Secret share2

Traversal Seed&noise seed

checksum

Examples of Code Attestation Examples of Code Attestation (cont’)(cont’)

Pre-deployment: filling empty memory with random noise

post-deployment: nodes sending distributes seeds to neighbors

second scheme:

neighbor1

neighbor2

Node A

neighbor3

C1

R1

C3R3

C2R2

Judgment: Voting

Problem DefinitionProblem Definition

Problem: the trade-off between energy consumption and code attestation; when should we trigger code attestation

Purpose: Maximizing reliability measured by Mean Time to Fail(MTTF)

* Fail: either the sensor’s energy is depleted; or the sensor returns false reading

ModelingModelingSystem activities

Periodic sensing (plus transmitting)

sensing interval – T; unit energy consumption – Es;

Modeling (cont’) Modeling (cont’) System activities

Periodic sensing (plus transmitting)T—sensing interval; Es – energy

consumption; Intrusion:

intrusion rate – λ;if being successfully compromised

after sensing, the probability :e^(- λT)

Modeling (cont’) Modeling (cont’) System activities

Periodic sensing (plus transmitting)T—sensing interval; Es – energy

consumption;

Intrusion λ – intrusion rate; e^(- λT) – healthy when reading

Code attestation: Generating probability is q; energy

consumption for code attestation is Ec;

Modeling (cont’) Modeling (cont’) System activities Periodic sensing (plus transmitting)

T—sensing interval; Es – energy consumption;

Intrusion λ – intrusion rate; e^(- λT) – probability of being compromised

Code attestationq -- generating probability; Ec– energy consumption:

Recovery:

energy consumption – Er; generating rate depending on code attestation happening “q” and nodes being attested as unhealthy

CalculationCalculationRecovery probability case 1: compromised before sensing

prob(x<T) = 1-e^(- λT) code attestation generated before sensing:prob(attestation happening) = q(1-e ^(- λT) )the false node being recovered:prob1(recover) = q(1-e ^(- λT) )(1-Pfn)

Calculation (cont’)Calculation (cont’)Case 2: uncompromised in a sensing round; prob(x>T) = e^(-λT)

the code attestation still happened thoughprob(attestation happening) = q*e ^(-λT)recovery triggeredprob2(recovery) = q*e ^(-λT)*Pfp

So the probability of recovery happening during code attestation is:θ = (prob1 + prob2)/q

Calculation (cont’)Calculation (cont’)Probability to return correct readings

is

prob(node is never compromised) + prob(node was compromised, but

recovered)= prob(x>T) + prob1(recovery)= Rq

Calculation (cont’)Calculation (cont’)Expected number of rounds before

energy depleted (original energy is E)Nq = E(original)/(E(sensing)+E(attestation) + E(recovery))= E/(Es+q*Ec+q* θ*Er) = E/(Es+q(Ec+ θEr))

Expected life time – MTTFMTTF = false reading+ energy depleted = ∑i*Rq^i*(1-Rq) + Nq*Ra^Nq (0<i<Nq)

Performance and AnalysisPerformance and AnalysisMTTF = F(λ, T, q, E, Es, Ec, Er, Pfn,

Pfp)MTTF = Gλ(q);MTTF = G pfn(q);MTTF = G pfp(q);MTTF = G Es(q);MTTF = G Ec(q);MTTF = G Er(q)

Performance and Analysis Performance and Analysis (cont’)(cont’) -- MTTF = -- MTTF = GGλλ(q)(q)

Performance and Analysis Performance and Analysis (cont’)(cont’) -- MTTF = G -- MTTF = G pfnpfn(q)(q)

Performance and Analysis Performance and Analysis (cont’)(cont’) -- MTTF = G -- MTTF = G pfppfp(q)(q)

Performance and Analysis Performance and Analysis (cont’)(cont’) --MTTF_Es(q) --MTTF_Es(q)

Performance and Analysis Performance and Analysis (cont’)(cont’) -- MTTF = G -- MTTF = G EcEc(q)(q)

Performance and Analysis Performance and Analysis (cont’)(cont’) -- MTTF = G -- MTTF = G ErEr(q)(q)

ConclusionConclusionDeveloping a probability model to

analyze how often code attestation should be generated to maximize the lifetime;

Results showing that there is always an optimal q which can make sensor’s reliability maximized

Showing that code attestation should be generated more frequently when λ is high, Pfn(Pfp) is low, Ec is low, or Er is low compared with Es