A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks

waralligatorΚινητά – Ασύρματες Τεχνολογίες

21 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

91 εμφανίσεις

Securing

Wireless Sensor Networks

Wenliang (Kevin) Du

Department of Electrical Engineering
and Computer Science

Syracuse University

Overview


Overview of Wireless Sensor Networks (WSN).


Security in wireless sensor networks.


Why is it different?


Our recent work on securing WSN using deployment
knowledge


Authenticating public keys (Mobihoc’05)


Robust Location discovery (Infocom’05)


Summary

Wireless Sensors

Berkeley Motes

Mica Motes


Mica Mote
:


Processor: 4Mhz


Memory: 128KB Flash and 4KB RAM


Radio: 916Mhz and 40Kbits/second.


Transmission range: 100 Feet


TinyOS

operating System: small, open
source and energy efficient.

Wireless Sensor Networks
(WSN)

Deploy

Sensors

Applications of WSN


Battle ground surveillance


Enemy movement (tanks, soldiers, etc)


Environmental monitoring


Habitat monitoring


Forrest fire monitoring


Hospital tracking systems


Tracking patients, doctors, drug administrators.

Securing WSN


Motivation: why security?


Why not use existing security
mechanisms?


WSN features that affect security.

Why Security?


Protecting
confidentiality
,
integrity
, and
availability

of the communications and
computations


Sensor networks are vulnerable to
security attacks due to the broadcast
nature of transmission


Sensor nodes can be
physically

captured or destroyed

Why Security is Different?


Sensor Node Constraints


Battery,


CPU power,


Memory.


Networking Constraints and Features


Wireless,


Ad hoc,


Unattended.

Sensor Node Constraints


Battery Power Constraints


Computational Energy Consumption


Crypto algorithms


Public key vs.
Symmetric key


Communications Energy Consumption


Exchange of keys, certificates, etc.


Per
-
message additions (padding, signatures,
authentication tags)

Memory Constraints


Program Storage and Working Memory


Embedded OS, security functions (Flash)


Working memory (RAM)



Mica Motes:


128KB Flash and 4KB RAM

An Efficient Scheme for
Authenticating Public Keys


in Sensor Networks

Wireless Sensor Networks

Deploy

Sensors

Key Distribution in WSN

Deploy

Sensors

Secure Channels

Existing Approaches


Key Pre
-
distribution Schemes


Eschenauer and Gligor, CCS’02


Chan, Perrig, and Song, S&P’03


Du, Deng, Han, and Varshney, CCS’03


Du, Deng, Han, Chen, Varshney, INFOCOM’04


Liu and Ning, CCS’03


Assumption


Public Keys
are impractical for WSN


We need to use
Symmetric Keys

Three Years Later


Has Public
-
Key Cryptography (PKC) became
practical yet?


The answer might still be NO, but …


Recent Studies on using PKC on sensors


PKC is feasible for WSN


ECC signature verification takes 1.6s on
Crossbow motes (Gura et al.)

The Advantage of PKC


Resilience versus Connectivity


SKC
-
based schemes have to make tradeoffs
between resilience and connectivity


PKC
-
based Key Distribution


100% resilience


100% connectivity

Let’s Switch to PKC?


Sorry, I forgot to mention one thing:


The gap between SKC and PKC is not going to
change much unless a breakthrough in PKC
occurs.


Computation costs


RC5 is 200 times faster than ECC


Communication costs


Signatures: ECC (320 bits), RSA (1024 bits),
SHA1 (160 bits)

New Focuses


My observation:


We will be able to use PKC, but we will use SKC if
that can save energy.


We are doing this in traditional networks


Example: session keys


Research Problem



Can we reduce the amount of PKC


computations with the help of SKC?

Public Key Authentication


Before a public key is used, it must be
authenticated


In traditional networks: we use certificates.



Verifying certificates is a public key
operation

Authenticating Public Keys

in Traditional Networks

1. What is your public key?

2. Here is my public key PK

2. Here is my public key PK and
certificate

3. Verify the certificate: a public key operation

A

B

Authenticating Public Keys

in Sensor Networks


Naïve Solution 1: preload all the public keys


Memory cost:
(N
-
1)*320

bits for 160
-
bit ECC



Naïve Solution 2: preload the
hash

of all the
public keys


Hash is the commitment.


Memory cost:
(N
-
1)*160

bits for SHA1

Can We Improve Memory Usage?


Much less than
N
-
1

commitments


Hash everything together: need
1

commitment


Communication cost:
O(N)


A standard technique: Merkle Tree


Memory cost:
O(log N)


Communication cost:
O(log N)

Using Merkle Trees

Performance


Memory Usage


1 + log(N)

hash values (compared to
N
-
1
)


Computation Cost


Log(N)

hash operations


Communication Overhead


If we use 160
-
bit SHA1


160 * log(N)

bits


When N=10,000, cost=2080 bits, worse than PKC


We need to reduce the height

Trimming the Merkle Tree

A Smarter Trimming

A

B

C

Deployment Knowledge


How do we know that some nodes might
more likely be neighbors than others?


Deployment knowledge model.

A Group
-
Based Deployment
Scheme

A Group
-
Based Deployment
Scheme

Modeling of The Group
-
Based
Deployment Scheme

Deployment Points


Trimming Strategy

Deployment
-
based Trimming

Finding Optimal
a
,
b
,
c
, and
d


The optimization problem:


S
:

number of sensors in each deployment group


m
max
:

maximum amount of memory that can be used


W
i
:

percentage of nodes that are in the i group.


This is decided by the deployment model


We assume the Gaussian Distribution


Minimize
C = w
0
• a + w
1
• b + w
2
• c + w
3
• d



Subject to


Evaluation


Communication Overhead vs.
Memory Usages

Communication Overhead vs.
Network Size

Impact of

Deployment Knowledge:
σ

Deployment Model:

Gaussian Distribution

Impact of Modeling Accuracy

Energy consumption

Comparing Energy cost with
RSA / ECC

Performance of authenticating public keys

using various algorithms

Summary


Public Key Cryptography (PKC)


Will soon be available for sensor networks


Intel Motes: very powerful.


Usage of PKC should still be minimized


We propose an efficient scheme to achieve public
key authentication.

A Beacon
-
Less

Location Discovery Scheme

for Wireless Sensor Networks

Location Discovery in WSN



Sensor nodes need to find their locations


Rescue missions


Geographic routing protocols


Many other applications


Constraints


No GPS on sensors


Cost must be low


Existing Positioning Schemes

Beacon Nodes

Two Important Elements


Reference points


They must know their locations.


e.g. beacon nodes, satellites.


Relationship

between nodes and reference
points


Distance


Angle of arrival


Time of arrival


Time difference of arrival

The Beacon
-
Less Scheme


Without using beacon nodes


Beacon nodes are more expensive


They can be the main target of attacks


Nonetheless, we still have to find
reference
points

and the corresponding
relationships
.


Remember: the locations of the reference points
must be known.

Modeling of The Group
-
Based
Deployment Scheme

We still need another important element:


The
relationship
between nodes and reference points.

Deployment Points:

Their locations are known.

The Relationships

A

The Relationships

A

B

Modeling of the Deployment
Distribution


Using pdf function to
model the node
distribution.


Example: two
-
dimensional Gaussian
Distribution.


Other distribution can
also be used.

The Idea


Observation at location O


See more nodes from A and D
than from H and I.


Observation at location P


Quite different from location O.


See more nodes from H and I
than from A and D.


Given a location, we can
derive the observation.


Given the observation, can we
derive the location?


The Problem Formulation

Location

θ

=
(x, y)

Observation
a

=
(a
1
, a
2
, … a
n
)

Location

Estimation

A Solution


Definitions



a

=
(a
1
, a
2
, … a
n
)
:
The observation.



f
n
(
a

|

θ
)
:
The probability of observing
a

at location
θ
.



Maximum
-
Likelihood
-
Estimation (MLE)
Principle:

find
θ
, such that

f
n
(
a

|

θ
)

is
maximized
.


Maximum Likelihood Estimation


Likelihood Function


f
n
(
a

|

θ
) =

Pr (
X
1
=a
1
, …, X
n
=a
n

|

θ
)


=
Pr (
X
1
=a
1

|

θ
) ∙ ∙ ∙ Pr (
X
1
=a
n

|

θ
)



L(
θ
)

=

log

f
n
(
a

|

θ
)




Find
θ
:





Gradient Descent Method




0
)
(
0
)
(






y
L
x
L


Evaluation



Setup


A square plane: 1000 meters by 1000 meters


10 by 10 grids (each is 100m X 100m)


σ

= 50 (Gaussian Distribution)


What to evaluate?


Accuracy vs. Density


Accuracy vs. Transmission Range


Boundary Effects


Computation Costs.

Effect of Density m

An Improvement:

Dummy Nodes

m: number of sensors in each group

Effect of Transmission Range R

Effect of Boundary

Comparing the Three Numeric
Approaches (Cost)

Comparing the Three Numeric
Approaches (Accuracy)

Comparisons

Beacon
-
Less

Beacon
-
Based

Communication Overhead

Low

Low

Computation Cost

High

Low

Device Cost

Low

High

Robustness/Security

High

Low

Mobility

None

Good

Conclusion and Future Work


Two Applications of Deployment Knowledge


Authenticating Public Keys


Beacon
-
Less Location Discovery


IPDPS’05 paper: Location Anomaly Detection


Future Work


Optimizing public
-
key protocols for sensor
networks