Top Banner
T.E I.T. Seminar Report JSPM’S RAJARSHI SHAHU COLLEGE OF ENGINEERING, Tathawade, Pune -33. DEPARTMENT OF INFORMATION TECHNOLOGY 2010-2011 A Seminar Report On LAP: A Lightweight Authentication Protocol for Smart Dust Wireless Sensor Networks Submitted by Asmita Kulkarni ………………………………………………………………………………………………………………………….. RSCOE IT 10-11 LAP-4
35
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: report1

T.E I.T. Seminar Report

JSPM’SRAJARSHI SHAHU COLLEGE OF ENGINEERING,

Tathawade, Pune -33.

DEPARTMENT OF INFORMATION TECHNOLOGY2010-2011

A

Seminar Report

On

LAP: A Lightweight Authentication Protocol for Smart Dust Wireless Sensor Networks

Submitted byAsmita Kulkarni

Under The Guidance Of

Prof. D.H.Patil

Designation

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 2: report1

T.E I.T. Seminar Report

JSPM’S

RAJARSHI SHAHU COLLEGE OF ENGINEERING

TATHAWADE, PUNE – 33

CertificateThis is to certify that the Seminar entitled

LAP: A Lightweight Authentication Protocol for Smart Dust Wireless Sensor Networks

has been successfully completed by

Asmita kulkarni

of Rajarshi Shahu College of Engineering, Department of Information Technology, under our

guidance in a satisfactory manner as a partial fulfillment for the requirement of Seminar work

during the academic year 2011-12.

Date:

Place:

Prof. D. H. Patil Prof. S.V. Kedar Prof. D. S. Bormane

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 3: report1

T.E I.T. Seminar Report

(Seminar Guide) (H.O.D Information Technology) (Principal)

ACKNOWLEDGEMENT

It is my great pleasure to express my deep sense of gratitude to Prof. S.V. Kedar, Head of

Department Information Technology, for her valuable guidance, inspiration, and wholehearted

involvement during every stage of this project. Her experience, perception and through

professional knowledge, being available beyond the stipulated period of time for all kind of

guidance and supervision and ever-willing attitude to help, have greatly influenced the timely

and successful completion of this project.

I extend my sincere thanks to Prof. D H. Patil, Seminar Coordinator, for her valuable

guidance. She was always there for suggestions and help in order to achieve this goal.

My special thanks to Prof. S.V. Kedar, Head of Department – Information Technology for

her support and invaluable assistance rendered towards presentation of this work. I am also

thankful to all my staff members and course mates who were always there for suggestions and

help, in order to achieve the goal.

Finally I am indebted to Prof. D.S. Bormane, Principal, JSPM’s Rajarshi Shahu College of

Engineering, Tathawade, Pune for encouragement and providing me the opportunity and

facilities to carry out this project work.

Asmita kulkarni

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 4: report1

T.E I.T. Seminar Report

Table of Contents

Acknowledgement

Abstract

1. Introduction…………………………………………………......................1

2. LAP Protocol spec………………………………………………................3

3. Rekeying mechanism……………………………………………………...5

4. Performance Evaluation………………………………………………….9

5. Security Analysis……………………………………………………….…12

6. Simulation…………………………………………………………………15

7. Communication hole.……………………………………………………..16

8. Reshuffle of communication hole………………………………………...17

9. Key infection:smart trust for smart dust………………………………..18

10. Conclusion……………..………………………………………………......19

11. Future work……………………………………………………………......20

12. Refrences…………………………………………………………...………21

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 5: report1

T.E I.T. Seminar Report

ABSTRACT

With the advent of unbounded small-scale dust sensors being deployed in wireless

sensor networks, existing authentication protocols for ordinary wireless sensor networks

are becoming less efficient for dust sensors.Resource constrained dust nodes must do anything in

cooperation with other nodes. Existing key management protocols require large key storage in

each node, which cannot be stored in smart dust sensor nodes with strictly limited resources.

Given the practical fact that adversaries or non-adversaries cannot retrieve information inside

the RAM of minute smart dust sensors,this paper presents a Lightweight Authentication

Protocol (LAP) as a key management protocol for smart dust wireless sensor networks with

boundless number of nodes.The protocol uses a comparatively fewer number of keys for

authentication purposes, and guarantees the security of network in the long run by a rekeying

mechanism.Apart from being lightweight, it is quite primitive in the sense that it does not

impose any specific requirements on the network, such as on routing and network topology.This

allows other security protocols for ordinary sensor networks to use LAP while their initial key

distribution setup is in progress. LAP uses a rekeying mechanism in cooperative manner.…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 6: report1

T.E I.T. Seminar Report

INTRODUCTION

The Wireless Sensor Networks (WSNs) are used in many applications from elementary home

applications to critical or military applications. Each application needs sensor nodes with specific

capabilities. Some applications need powerful nodes, but some need cheaper and less powerful

nodes such as smart dust nodes. In the context of key management, any key management

protocol requires a reasonable amount of space for key storage, depending on its sensors

capabilities. For example, a sensor node with 512 byte of memory cannot store hundreds of bytes

for keys. So, any technique that can reduce the amount of required storage for keys will be

beneficial to key management protocols.There have been a number of other ideas too that have

been proposed to overcome other specific requirements of WSNs, such as reducing the number

of communications,storing some keys in nodes before network deployment local key

management , relying on computation instead of communication (exchange of keys) , using

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 7: report1

T.E I.T. Seminar Report

specific network topologies, exploiting special nodes for key management , designing different

key types of different types of units of communication , and using deployment knowledge .In

this paper we intend to present a suitable Lightweight Authentication Protocol (LAP), as a key

management protocol, to provide a minimum level of security for WSNs consisting of cheaper

and less powerful nodes.The objective set for this key management protocol is to make use of as

few keys as possible. It should entail very low communication overhead for key management

too.To achieve these objectives, we have used most of the aforementioned ideas. However, it

should be noted that some ideas impose special requirements on the network.For example,

deployment knowledge of sensor places is only available in some specific applications and not

for all. It can optimize many approaches for that application.An example of such a scenario can

be found in . To preserve the generality of our approach and make it amenable to application to

as wider types of WSNs as possible, special-purpose ideas are ignored. This makes LAP a

basic key management protocol for WSNs.The rest of paper is organized as follows. Section2…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 8: report1

T.E I.T. Seminar Report

discusses relevant works. Section 3 presents LAP in detail including its proposed rekeying

mechanism. Section 4 present discussion on the performance of LAP. Section5 complements the

latter discussion by a security analysis.Section 6 presents the simulation results, and Section 7

concludes and presents some future works

LAP PROTOCOL SPEC

We try to relax some of the strong constraints on the network in LAP. In LAP sensor nodes can

be mobile. The base station can be mobile or absent for some periods of time. It is not necessary

for the network to have a unique base station. It can have multiple base stations too.Network can…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 9: report1

T.E I.T. Seminar Report

have any topology. For example, it can be single-hop, multi-hop, clustered or non-clustered, etc.Nodes can have very limited resources such as those available for smart dust nodes. Nodes can

be anonymous with no explicit identifier in our protocol, though in general the existence of at

least locally unique identifiers for nodes is appropriate for many applications especially for DOS

attacks. There is no assumption about node placement, routing protocol and wireless devices. It

can work in the absence of any kind of synchronizations. Any adversary can eavesdrop the

network communication units and may inject such units into the network. Physical attacks are

totally ignored since they require dedicated solutions that are orthogonal to our concerns in this

paper. The only perhaps strong assumption made about the network in LAP is about memory

. The memory inside each node is divided into three logical sections: RAM memory, executive

code memory and non-volatile memory. Some of these logical memory sections can be

4.

in one physical hardware unit. It is possible for an attacker to steal information which is stored in

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 10: report1

T.E I.T. Seminar Report

executive code or non-volatile memory sections, but cannot steal information stored in RAM. If

an attacker wants to access any information in RAM, the node owning the RAM detects this

desire and resets itself making information on the RAM inaccessible. This is specifically the

case for tiny smart dust nodes with miniature sizes and embedded integrated physical hardware

that makes intrusion real hard for attackers. This assumption about RAM also allows us to

deploy a global shared key for smart dust networks, in spite of the cited criticisms that when a

node compromises the global shared key, the security of the whole network is compromised too

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 11: report1

T.E I.T. Seminar Report

REKEYING MECHANISM

In an arbitrary time the base station sends a message to network nodes to refresh their shared

keys. This message is encrypted with SK0. The interval for rekeying messages can be aperiodic.

A rekeying message consists of a counter (C) whose value shows the number of times the key

has been refreshed. This message must be disseminated to all nodes using the underlying routing

protocol of the network. It is quite possible that a rekeying message be the first message

received by a node. In this case, no routing information has been gathered yet. LAP works even

in these situations since it does not make any assumptions about routing protocol. This implies

that redundant messages could well be received during network setup time. So we include a

mechanism to avoid uncontrolled states when such messages arrive.After a node receives a

rekeying message, if the value of C is more than the value that the node knows about (CNi

for each node i), it continues processing the message, otherwise, it discards the message. In case

of further processing, any network node can decrypt the implementation of FK function with

EK. Using FK function and SK0 and SK1 shared keys, new keys are generated. Now it's time to

encrypt the implementation code of FK function using EK. Afterwards, all nodes use

these new keys. During key refreshing, some nodes may well exchange messages that are

encrypted with the old keys. These kinds of messages are discarded by the receiving nodes as…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 12: report1

T.E I.T. Seminar Report

if they were corrupt messages.It should be pointed out that the base station is always the

6.

initiator of the rekeying message in LAP. This does not however deny the right of other nodes to

trigger rekeying at agreed upon time intervals in a synchronized manner.This way, all nodes

upgrade their keys at the same time. But the problem is how they synchronize time in

adistributed manner with the lack of a globally synchronized timer? That is why LAP exclude

any rekeying initiatives from nodes other than the base station If any node loses a rekeying

message for any reason, it cannot negotiate with other nodes in the network after rekeying

finishes. We call such a node a sleepy node. So a sleepy node cannot decrypt its received

messages correctly since it does not possess the refreshed keys.Repeated occurrence of this

disability to communicate with some nodes, gives a sleepy feeling to the node. If it has not been

slept for long, it may awaken itself by sending a special message, called GetCounter, to its

neighbors. Receiving neighbors reply by sending their internal C value (CNi) The sleepy node

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 13: report1

T.E I.T. Seminar Report

encrypts the message using its own SK0 (previous network shared key) whileneighbors decrypt

the special message using their SK1 (the previous network shared key which is now put into

SK1). Replied messages of neighbors are also encrypted with SK1. Having got the new C value,

it can set its internal C value to the new value and start refreshing its keys toenable its secure

future communications. Note that only those neighboring nodes can reply to the GetCounter

message whose SK1 are identical to SK0 of the sleepy node; that is they only lag one rekeying

Better said, only those neighboring nodes reply to the GetCounter message whose C values are

not identical to the C value of the sleepy node. If any node loses more than one rekeying

message, it cannot be awakened by triggering the GetCounter message mechanism

just once. This is because none of its neighbors reply to its GetCounter message. To wor out

its way out, it should create new shared keys in its own will and try the GetCounter message

mechanism once more. This scenario must be repeated either until it gets the shared keys

pertinent to all other communicating nodes, or a predefined MaxTry threshold is reached…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 14: report1

T.E I.T. Seminar Report

indicating that the node must purge its RAM and go to sleep forever.If none of the nodes within

a group of neighboring sensor nodes gets refreshing messages, it is as if they form

communication hole. They communicate with the nodes in the hole all right, but the nodes at the

border of this hole get the feeling that they cannot communicate with their neighbors residing

outside the hole. So they try to send GetCounter messages and consequently obtain new shared

keys. As is shown in Figure 1, in this way the members and the boundary of the sleepy group

gets smaller and smaller until all sleepy nodes get awakened.

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 15: report1

T.E I.T. Seminar Report

1.Sleepy group population at time t0

When additional nodes are to be added to the network and deployed after the initial network

setup, they must have SK0, SK1, EK keys and the C value. The network controller somehow sets

the last known shared keys and values to the newly arrived nodes. If a rekeying message

is sent to the network before the setup of the new nodes finishes and they are deployed, they can

get communicating using the special GetCounter message mechanism described before.

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 16: report1

T.E I.T. Seminar Report

Additional lags in refreshing messages between the new nodes and currently deployed nodes are

treated as mentioned before

8.

.

2. Sleepy group population at time t0+Δt

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 17: report1

T.E I.T. Seminar Report

9.

PERFORMANCE EVALUATION

The storage space required by each node in LAP need only accommodate the implementation of

FK function,SK0, SK1 and EK Keys and the internal value of C. This is a small space

requirement. The performance of awakening procedure can be improved if more keys,

SK0,SK1, SK2, …, SKn, are stored instead of only one pair of shared keys. This is indeed

feasible only if enough space exists at each node Computational overheads of LAP are mostly

dependenton the rate of refreshing. LAP is designed for applications that require a low rate of refreshing. The overhead of refreshing mechanism consists of decryption andencryption of FK

function and calculation of new keys.These computations are very trivial in contrast to

computations that a node performs in its lifetime.It is however possible to eliminate the

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 18: report1

T.E I.T. Seminar Report

decryption and encryption of FK function at the cost of using more RAM. When a node starts, it

can decrypt the implementation code of FK function, copy this to RAM, and finally remove this

implementation from nonvolatile memory.Thereafter, there is no need at all for the encryption

and decryption of FK function implementation code.When a node becomes sleepy, it must run

FK once or more times to acquire successive keys. This wastes node power. Two observations

exist about this repeated action. Firstly, this repetition occurs rarely. Secondly, when a node

10.

becomes sleepy it cannot communicate with others in actual fact. So awaking is the only action

which can bring back the node to a communicative status. To achieve this, the node generates

the next keys in sequence,sends a GetCounter message to neighbors and waits for a response. If

no response is received until a timeout, the node keeps silent for some time and tries GetCounter

message again and repeats this scenario until it gets some response. If however the received

messages are not meaningful due to the mismatch of shared keys between the slept node and

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 19: report1

T.E I.T. Seminar Report

other nodes in the network, the slept node generates the next keys in sequence and continues as

before. The slept node stops all its other activities when it goes through the mentioned scenario

because no communication is available to it. The point is that the computation of

communication overhead of a sleepy node is not more than the computation or communication

cost of the same node when it is not slept doing its normal operations. When a node is awake, it

has some computation and communication that may have immediate responses makes the node

look busier.Furthermore, the communication cost is mostly attributable to rekeying messages

sent to all nodes over whom the cost is amortized. If the network is clustered,the cost of message

propagation depends on the clustering approach. If the network is not clustered, which is more

probable in smart dust networks, or it is in its start up and before the completion of clustering

the cost of message propagation will be high. As we noted before, the rekeying mechanism is

considered to have a low rate in this paper.

11.

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 20: report1

T.E I.T. Seminar Report

SECURITY ANALYSIS

LAP is considered as a base protocol for WSNs. It is very lightweight. Other possibly more

powerful and heavyweight protocols can be deployed on top of this protocol. One of the main

advantages of this light protocol is that it provides a secure environment even before network

start up finishes. For example, consider an application wherein flying objects scatter sensors on

the ground. Even before sensor nodes reach to the ground,they can start communicating securely

using LAP. As another example, some renowned protocols such as LEAP pretend not to suffer

from insecure communications during node start up by assuming that no adversaries will

compromise security while the nodes are engaged in startup activities and before then discover

their immediate neighbors. This weakness can be removed if LEAP uses LAP as a basis to

secure communications during node start up. LAP is used until the key establishment activities

in LEAP finish; the established keys are thereafter used.We store SK0, SK1 and EK keys in

non-volatile memory in encrypted form. This is because if a deployed node cannot start

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 21: report1

T.E I.T. Seminar Report

12.

normally, no unencrypted key should exist in its non-volatile memory; otherwise unencrypted

keys may well be found out by any adversary. It is also desirable that nodes start up a few

seconds before deployment.It may seem that LAP is defenseless against denial of service attacks

that can send superfluous messages to nodes. This is not true, since each node can be forced to

accept such messages from a given source, only a number of predefined (MaxTry) times and to

disregard messages from that source afterwards. We have defined LAP to be a key management

protocol, other security issues like DOS and DDOS have their own solutions. The encryption of

the FK function in sensor nodes is quite innovative and unique to LAP. In this way,adversaries

are prevented from keying mechanism. When a rekeying message is received, it is decrypte only

in fraction of a second.

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 22: report1

T.E I.T. Seminar Report

13

SIMULATION

We simulated our protocol in VisualSense (Ptolemy II) and used many node distribution patterns

to check the validity of LAP. The patterns supported both different densities and number of

nodes in the field. The field size was chosen differently too in order to check the generality

of LAP. The logic of LAP was implemented with a derived class from Ptolemy

TypedAtomicActor class. To monitor the behavior of the rekeying mechanism, we

visualized the states of nodes with colors.Figure 2 shows a communication hole denoting the

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 23: report1

T.E I.T. Seminar Report

number of nodes that have not yet received the rekeying message (green nodes stand for awake

nodes, and blue nodes stand for sleepy nodes). Figure 3 demonstrates a situation where a

number of previous sleepy nodes have changed their states to awake after sending GetCounter

messages to awake nodes. Figure 2. A communication hole in a sample simulation Figure 3

Reshuffle of the communication hole.

14.

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 24: report1

T.E I.T. Seminar Report

Figure 2. A communication hole in a sample

15.

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 25: report1

T.E I.T. Seminar Report

Figure 3. Reshuffle of the communication hole

16

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 26: report1

T.E I.T. Seminar Report

Key Infection: Smart Trust for Smart Dust

Future distributed systems may include large selforganizing networks of locally communicating

sensor nodes, any small number of which may be subverted by an adversary. Providing security

for these sensor networks is important, but the problem is complicated by the fact that managing

cryptographic key material is hard: low-cost nodes are neither tamper-proof nor capable of

performing public key cryptography efficiently.In this paper, we show how the key distribution

problem can be dealt with in environments with a partially present, passive adversary: a node

wishing to communicate securely with other nodes simply generates a symmetric key and sends

it in the clear to its neighbours. Despite the apparent insecurity of this primitive, we can use

mechanisms for key updating, multipath secrecy amplification and multihop key propagation to

build up extremely resilient trust networks where at most a fixed proportion of communications

links can be eavesdropped. We discuss applications in which this assumption is sensible.

Many systems must perforce cope with principals who are authenticated weakly, if at all; the

resulting issues have often been left in the ‘too hard’ tray. One particular interest of sensor

networks is that they present a sufficiently compact and tractable version of this problem. We

can perform quantitative analyses and simulations of alternative strategies, some of which we

present here. We also hope that this paper may start to challenge the common belief that

authentication is substantially about bootstrapping trust.We argue that, in distributed systems

where the opponent can subvert any small proportion of nodes, it is more economic to invest

in resilience than in bootstrapping17.

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 27: report1

T.E I.T. Seminar Report

CONCLUSION AND FUTURE WORKS

A lightweight protocol (LAP) for key management in smart dust wireless sensor networks with

boundless number of nodes was presented in the paper that tries to manage keys with minimum

communication, storage, and computational costs. The global shared key approach

used in the protocol makes in-network processing available to smart dust nodes. LAP uses

comparatively fewer keys to achieve security. It reduces communication overhead at the cost of

adding a little bit to computation. It provides security for nodes before deployment.Therefore, it can be considered as a base key management protocol that preserves network

security before start up. LAP can be used in any network topology including the

flat model. LAP keeps safety of network using a cooperative rekeying mechanism.We are

currently furthering the work reported in this paper in three ways. Firstly, the study of other

lightweight protocols for WSNs in this area needs to distinguish between the existing protocols

that use a global shared key or not. Secondly, LAP assumes that the information stored in RAM

cannot be stolen. Removing this assumption, may well lead to more heavyweight protocols

than LAP. A challenge is to look for a similarly lightweight protocol lacking this assumption

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4

Page 28: report1

T.E I.T. Seminar Report

Thirdly,LAP is designed for an unbounded number of cheap nodes with limited life time. We

need to have a lightweight protocol for lots of cheap but longer life nodes, for example, nodes

with rechargeable batteries.

18.

REFERENCES

[1] G.J. Pottie and W.J. Kaiser., “Wireless Integrated Network Sensors,” Communications of the ACM, Vol. 43, 2000, pp. 551–558.

[2] I.F Akyildiz, W. Su, Y. Sankarasubramaniam, E. Cayirci, “Wireless Sensor Networks: a Survey,” Computer Networks, Vol. 38, 2002, pp. 393-422.

[3] R. Anderson, H. Chan, A. Perrig, “Key Infection: Smart Trust for Smart Dust,” 12th IEEE International Conference on Network Protocols (ICNP'04),

[4] W. Diffie, and M. E. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information

.

…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4