W S N

sunflowerplateAI and Robotics

Nov 21, 2013 (3 years and 4 months ago)

43 views

S
ecurity

I
N

W
IRELESS

S
ENSOR

N
ETWORKS

Prepared
by: Ahmed
EzzEldin

W
hy

?


WSNs relay important data from the sources to where
decision can be made accordingly.



WSNs are used in extremely important applications, thus
need to ensure:


Data Confidentiality and Integrity.


Data Freshness.


Authorization and Authentication.



But for the unique characteristics of WSNs, we are in need to
special security protocols.


But WSNs are characterized to be:


Limited resources.


Wireless medium.


No infrastructure.


Multi
-
hop routing.


Node mobility.




The traditional security protocols can not suit well to WSNs.


We are in need to special security protocols.


The Famous
Attacks

on WSNs

Security attacks are either
Passive

or
Active
.


Passive: adversaries do not make any emissions, are mainly
against data confidentiality.


Eavesdropping


Traffic analysis types


Active: malicious acts are carried out not only against data
confidentiality but also data integrity (can be detected).

Active Attacks:

Physically compromising the node:


Disassemble to extract all secure materials.


Use it to as fake node within the population.


Tamper proof solution is expensive to low
-
cost WSNs.



Selective

forwarding
:


WSNs

are

Multi
-
hop

fashioned

networks
.


Faithful

nodes

forward

received

packets
.


Compromised

node

might

just

drop

packets,

however

neighbors

will

use

another

route


More

dangerous

if

this

node

forwards

selected

packets

!

Acknowledgment

spoofing
:


Some

routing

protocols

use

acknowledgments
.


Attacker

may

spoof

acks

to

convince

that
:


Weak

link

is

strong
.


Dead

node

is

alive
.



Consequently

these

weak

links

may

be

selected

for

routing,

leads

to

either

lose

or

corrupt

the

packets

sent

through
.



HELLO

flood

attack
:


Some

routing

protocols

require

nodes

to

broadcast

HELLO

packets

after

deployment,

for

neighbor

discovery
.


malicious

more

powerful

nodes

can

broadcast

HELLO

messages

advertising

high
-
quality

route

to

sink

Thus ….

link verification and node authentication can be
verified by using
Key Management Techniques

K
ey

M
anagement

Techniques



Pairwise

key
establishment”:

fundamental
security service allowing
nodes to communicate in cryptographic
way.


Due to limited resources we can't use any of:



-
P
ublic
-
K
ey
-
C
ryptography



-
K
ey
-
D
istribution
-
C
enter




used in traditional networks.




Instead, we
use
Key
Pre
(before deployment
)
-
schemes


K
ey
P
re
-
distribution
S
chemes

Symmetric
-
key
schemes:
Single key
for encryption and
decryption.


1
-
Unique
Random key.

2
-
Networkwide shared key.

3
-
Probabilistic key pre
-
distribution.

4
-
Polynomial based key pre
-
distribution.


Public
-
key
schemes:
Singly
key for encryption, while
another one
for
decryption.


1
-
Reza Scheme.

2
-
VEGK Scheme.


Symmetric
-
key schemes:

Unique Random Key:

1.
Each node is assigned unique random key
.

2.
To communicate with any node, must use its key
.

3.
Introduces huge storage overhead: network of n nodes, each
must store (n
-
1) keys
.




Networkwide

Shared Key:


Master key used by all nodes, but single node compromise is
disaster.



Variant, establish link keys with neighbors then erase the
master key.


Does not allow new nodes to be deployed.

Probabilistic Key Pre
-
distribution


1.
Setup
server generates large pool of random keys each is
with
unique ID.

2.
Each
node randomly picks
subset of keys
and
their
Ids.

3.
Two nodes
can communicate
only if they
share a common
key.

4.
After deployment, each sends list of its keys’ IDs, then use the
common keys.



If don't have a common key .... need to find number of other nodes
to help establish a session key ( called path key ).







This
technique:

1.
Needs
less
memory.

2.
Can
guarantee a high probability of sharing common
keys.


But
compromising small number of
nodes
discloses
a large fraction of
keys,
as single key may be shared by more than two nodes.


For more security,
q
-
composite scheme

proposes that two
nodes setup
key only if
they share at
least
q
-
common keys.


Polynomial key Pre
-
distribution


Setup
server randomly generates a
bivariate

t
-
degree
polynomial
,
where
f(
x,y
)=f(
y,x
)
.



For node with id
i
, setup server will compute polynomial share of
f(
i,y
)

to be
pre
-
loaded for node
i
.


Nodes
i

and
j

compute common key
f(
i,j
)

as follows:



i

evaluates

f(
i,y
)

at
j
gets

f(
i,j
)


j

evaluates

f(
j,y
)

at
i

gets
f(
j,i
)


Features:


Complex mathematical operations and storage overhead.


No communication overhead, as only need the other node’s id.

E
lliptic
C
urve
C
ryptography is light weight

Public Key Cryptography suitable for WSNs

E
lliptic

C
urve

C
ryptography

Reza Scheme:


Targets
heterogeneous
WSNs: nodes
, gateways and
base
-
station.


Gateways
are powerful in terms of energy, computation and
memory.


Before
deployment, server generates and pre
-
loads
ECC keys into
sensor
and gateways as follows:

Sensor
node is pre
-
loaded with:



Unique id.




Its own public and private keys.




Public key of all gateways in the network.


Gateway is pre
-
loaded with:



Unique id.



Its own public and private keys.



Public key of the base station.



public key of all sensor nodes in the network.



Sensor nodes are randomly
deployed, while Gateways
are deployed
such that each node can hear form at least one gateway.


Each gateway
broadcasts encrypted message with its private key, to
all
nodes.


Each node:

1.
Verify the message using the public key of the gateway.

2.
Select its neighbor gateway based on Signal
-
to
-
Noise
-
Ratio.



Each node can send a
session
-
key request
to the gateway with list of
its neighbors.


Gateway sends the requested key, encrypted with the node’s public
key
.

This protocol:

o
Static membership for nodes.

o
Nodes are tamper proofed which is costly to be considered.

o
Nodes with high or low power level must store set of ECC keys of
other nodes in the whole network.


Adversary
is unable to impersonate
node’s
identity
except
by
capturing it.

Capturing node:



Reveals Its public and private keys.



Reveals Pubic
key of all
gateways.


Capturing node reveals does
not effect the security of the rest nodes,
as no reveal for
their private keys.

Virtual ECC Group Key


Hierarchical

structure

of

nodes

prolong

the

lifetime
.


LEACH,

the

most

famous

algorithm,

balances

energy

drainage

among

nodes

by

randomly

rotating

CH

membership
.


LEACH

toggles

between

2

phases,

Setup

and

Steady

state
.







VEGK is a security framework merging ECC with symmetric
pairwise

keys while making use of clustering for energy saving.



* Low
-
Energy Adaptive Clustering Hierarchy (LEACH)



VEGK Phases

Phase
1


Pre
-
deployment Key Distribution”:



The
network is divided into
k
virtual groups,
with
G
id

as identifier.


Each
group is assigned ECC public
and
private key.


Each node
is
randomly
assigned to a single group regardless its
positions in the
field.



Consequently
, each node is pre
-
loaded
with:


The
corresponding group identifier
G
id
.


Its
private keys
𝑃
𝑅
𝐺
𝑖
𝑑


The
public keys of all of the
k
groups.


Unique
identifier
𝑁
𝑖
𝑑



ECC
private key
𝑃
𝑅
𝑁
𝑖
𝑑

and public key
𝑃
𝑈
𝑁
𝑖
𝑑

pair.



Nodes can run ECDSA for authenticity checking.




* ECDSA :Elliptic Curve Digital Signature Algorithm





Group related

Node related

Phase 2

“Neighbors Discovery”:



Each

node

broadcasts

a

message

with

low

power

level

L

to

be

heard

by

small

number

of

neighbors
.






All

other

nodes

within

the

range
:



Decrypt

using

the

corresponding

group

public

key
.



Save

the

id

and

public

key

for

future

communication
.


Phase

3

“Cluster

Head

Announcement”
:




During

setup
-
phase
,

all

nodes

capable

to

operate

as

CHs,

announce

themselves

as

CHs

to

their

neighbors

with

low

power

level

L
.





The

node

might

select

its

potential

CH

based

on

one

or

more

criteria
.



Not

CHs

Nodes

can

safely

delete

its

group’s

private

key

and

still

can

communicate

with

new

nodes
.


Phase 4

“CHs Tree Construction”:



Tree rooted at the BS is constructed to guarantee the network
connectivity and to ensure security.




Any selected CH joins the tree by a
Join
-
Tree
-
Request

message,
sent with
power level R
(greater than L).







CHs decrypt, save and verify messages heard with no reply.










BS

hears

from

the

closest

CHs,

saves

their

ids

and

verifies

them
.




The

BS

replies

with

Accept
-

(
Reject)
-
Tree
-
Joining

message
.



The

Accept

consists

of


1
st

level


notification,

session

key

and

f(Nonce)

encrypted

using

node’s

public

key

of

the

received

identifier
.




The

first

level

CHs,

reply

to

all

previously

saved

CHs,

with


2
nd

level


notification,

session

key

and

f(Nonce
)

encrypted

using

node’s

public

key

of

the

received

identifier
.


This

process

is

repeated

till

a

tree

of

CHs

is

constructed
.




To

avoid

looping,

any

CH

must

have

one

parent

CH

and

any

CHs

as

children
.




CHs

can

safely

delete

its

group’s

private

key

and

still

can

communicate

with

new

nodes

by

the

public

key

of

the

corresponding

group
.



Phase
5

“Clusters Formation”:



To
form the clusters,
each CH sends
Join
-
Me

request to all of its
neighbors with power level
L
,
encrypted by
its
private
key.





The
node replies to the CH with
Join
-
Accept

message encrypted
by the public key of the CH.




Extra
message (
S
-
Key

message) is transmitted from the CH to
each, for session key and time slot identifier.


Attach

scenarios !


Attacker

with

no

signed

public/private

key

pair

of

any

group,

will

be

discarded

from

the

first

phase

by

using

ECDSA
.



Assume

he

got

at

least

single

group

key

pair

and

does

not

have

signed

private/public

for

his

own

usage,

will

be

discarded

from

the

first

phase

using

ECDSA
.




Assume

he

faked

tree

level

indicator

without

being

aware

of

the

nonce

function

used,

will

be

discarded

in

the

last

phase

for

the

incorrect

value

of

the

calculated

nonce
.



This protocol:

o
No Static membership for nodes, as no node is CH for its
whole life.

o
No tamper proof needed, as for the random rotation of CH
membership, the adversary faces difficulties in identifying
the CHs .

o
No need to store set of ECC keys of other nodes in the
whole network in each node, as each node saves only the
ECC keys of its neighbors.

o
VEGK allows scalability by adding new nodes.


ECC Security Analysis


This

hybrid

method

supports
:



Data

confidentiality
.



Integrity
.


Node

authentication
.



Public

key

cryptography

prevents

a

huge

set

of

famous

attacks,

in

addition

of

the

replay

attack

using

nonce
.



Capturing

node

does

not

affect

the

security

of

the

rest

of

the

nodes

as

no

reveal

for

their

private

keys
.

Thanks !

Any Questions ?

R
eferences


“A
Key Management Scheme for Cluster Based Wireless Sensor
Networks”
2008
IEEE/IFIP International Conference.


“Security
in wireless sensor
networks”
communication of the ACM
june

2004/
Vol

47.


“Security
for wireless sensor
networks”
Advances in information security
springer
.


“Analyzing
the Key Distribution from Security Attacks in Wireless
Sensor”
Piya

Techateerawat

and Andrew Jennings.


“Secure
Clustering and symmetric key establishment in heterogeneous wireless
sensor
newtorks
” Research
article Reza
Azarderskhsh

and
Arash

reyhani
.


“Cryptography
and Security in Wireless Sensor
Networks”
Pyrgelis

Apostolos
,
University of
Patras
.


“Security
and Privacy in Sensor Networks”
Haowen

Chan and Adrian
Perrig
,
Carnegie Mellon University
.


“VEGK: Virtual ECC Group Key for Wireless Sensor Networks”,
ICNC’13,
Ahmed E.
El
-
Din,
Rabie

A. Ramadan and
Magda

B.
Fayek
.