Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University
Dec 18, 2015
Securing Wireless Sensor Networks
Wenliang (Kevin) DuDepartment of Electrical Engineering and
Computer Science
Syracuse University
Overview
• Overview of Wireless Sensor Networks (WSN).
• Security in wireless sensor networks.– Why is it different?
• Our work on key pre-distribution in WSN– Deployment-based scheme (INFOCOM’04)– Pair-wise Scheme (ACM CCS’03)
• Summary.
Wireless Sensors
Berkeley Motes
Mica Motes
• Mica Mote: – Processor: 4Mhz– Memory: 128KB Flash and 4KB RAM– Radio: 916Mhz and 40Kbits/second.– Transmission range: 100 Feet
• TinyOS operating System: small, open source and energy efficient.
Spec Motes
Wireless Sensor Networks (WSN)
DeploySensors
Applications of WSN
• Battle ground surveillance– Enemy movement (tanks, soldiers, etc)
• Environmental monitoring– Habitat monitoring – Forrest fire monitoring
• Hospital tracking systems– Tracking patients, doctors, drug administrators.
Securing WSN
• Motivation: why security?
• Why not use existing security mechanisms?– WSN features that affect security.
• Our work: – Two key management schemes.
Why Security?
• Protecting confidentiality, integrity, and availability of the communications and computations
• Sensor networks are vulnerable to security attacks due to the broadcast nature of transmission
• Sensor nodes can be physically captured or destroyed
Why Security is Different?• Sensor Node Constraints
– Battery,– CPU power,– Memory.
• Networking Constraints and Features– Wireless, – Ad hoc,– Unattended.
Sensor Node Constraints
• Battery Power Constraints– Computational Energy Consumption
• Crypto algorithms• Public key vs. Symmetric key
– Communications Energy Consumption• Exchange of keys, certificates, etc.• Per-message additions (padding, signatures,
authentication tags)
• Slow– 1000 times slower than symmetric encryption
• Hardware is complicated
• Energy consumption is high
Constraints (Cont.)Public Key Encryption
Processor Energy Consumption (mJ/Kb)
RSA/E/V RSA/D/S AES
MIPS R4000 0.81 16.7 0.00115
MC68328 42 840 0.0130
Memory Constraints
• Program Storage and Working Memory– Embedded OS, security functions (Flash)– Working memory (RAM)
• Mica Motes:• 128KB Flash and 4KB RAM
Objectives of Our Research
• Long-term Goals– Study how WSN’s constraints/features affect the
design of security mechanisms.– Develop security mechanisms for WSN.
• Current Projects– Key Management Problems– Data Fusion Assurance
Key Management Problem
Key Management Problem
DeploySensors
Key Management Problem
Secure Channels
DeploySensors
Approaches
• Trusted-Server Schemes– Finding trusted servers is difficult.
• Public-Key Schemes– Expensive and infeasible for sensors.
• Key Pre-distribution Schemes
Loading Keys into sensor nodes prior to deployment
Two nodes find a common key between them after deployment
Challenges Memory/Energy efficiency Security: nodes can be compromised Scalability: new nodes might be added later
Key Pre-distribution
Naïve Solutions
Master-Key Approach Memory efficient, but low security. Needs Tamper-Resistant Hardware.
Pair-wise Key Approach N-1 keys for each node (e.g.
N=10,000). Security is perfect. Need a lot of memory and cannot add
new nodes.
Eschenauer-Gligor Scheme
Each noderandomly selects m keys
AB E
Key Pool S
DC
• When |S| = 10,000, m=75Pr (two nodes have a common key) = 0.50
Establishing Secure Channels
A
C
B
Our Improvement Over Eschenauer-Gligor Scheme
Appeared in IEEE INFOCOM 2004
Observations and Objectives
A
B
F
Property: Pr(A, B) = Pr(A, F)
Using deployment knowledge
Our objective: Pr(A, B) >> Pr(A, F)
Modeling Deployment Knowledge
Deployment points for a group of sensors
A
F
I
J
Probability Distribution Function of Each Deployment Group
Key Pre-distribution Scheme
Key Pools
Key Sharing Among Key Pools
A B C
F
H I
D
G
Horizontal
Vertical Diagonal
Local Connectivity
Network Resilience
• What is the damage when x nodes are compromised?– These x nodes contain keys that are used by the
good nodes.– What percentage of communications can be
affected?
Network Resilience
A Pairwise Key Pre-distribution Scheme
Appeared inCCS’03: ACM Conference on
Computer and Communications Security
Objectives
• Pairwise key pre-distribution scheme.– Each pair of sensor share a unique secret key– Can be used for Authentication
• Our Approach:– We use Blom Scheme to achieve Pairwise– We use Random Key Selection scheme to
improve performance and resilience
Blom Scheme
• Public matrix G
• Private matrix D (symmetric).
D G
+1 N
+1
+1
A G = (D G)T G = GT DT G = GT D G = (A G)T
Let A = (D G)T
Blom Scheme
X=
A = (D G)T G (D G)T G
i
j
i j
Kji
Kij
N
+1 NN
Node i carries:
Node j carries:
-secure Property
Undesirable Situation:
if
u*G(i) + v*G(j) = G(k)
thenu*A(i) + v*A(j) = A(k)
AT =D G
+1
i j
N
G
k
i jk
-secure Property
• ANY +1 columns in G are linear independent.– Different from saying that G has rank +1– Rank: there exist +1 linear independent columns
• Can tolerate compromise up to nodes.– Once +1 nodes are compromised, the rest can be
calculated if these +1 columns are linear independent.
• How to find such a matrix G?
Vandermonde Matrix
1 1 1 1
s s2 s3 sN
s2 (s2)2 (s3)2 (sN)2
s (s2) (s3) (sN)
G =
Properties of Blom Scheme
• Blom’s Scheme– Network size is N– Any pair of nodes can directly find a secret key– Tolerate compromise up to nodes– Need to store +2 keys
• Challenge: Can we increase without increasing the storage usage.
Multiple Space Scheme
(D2, G)
(D1, G)
(D, G)
Key-Space Pool
spaces
spaces
spaces
Two nodes can find a pairwise key if they carry a common key space!
How to select and ?• If the memory usage is m, the security
threshold (probablistic) m is
• To improve the security, we need to increase /2.
• However, such an increase affects the connectivity.
2 mm
Measure Local Connectivity
plocal = the probability that two neighboring nodescan find a common key.
!)!2())!((
)(
))(( 2
21
localp
Plocal for different and
Security Analysis
• Network Resilience:– When x nodes are compromised, how many
other secure links are affected?
jxjx
j
xj
xc
)1())((
d)compromise are nodes |broken is Pr(
1
Resilience (p = 0.33, m=200)
Blom
Resilience (p = 0.50, m =200)
Blom
Improvement:Using Two-hop Neighbors
= 7 = 2
= 31 = 2
Summary
• Security in WSN is quite different from traditional (Wired) network security.
• We have proposed two key pre-distribution schemes for WSN.
• Our schemes substantially improves the performance and network resilience.