Post on 13-Feb-2016
description
A Holistic Approach to Secure Sensor Networks
Sasikanth Avancha
Application Scenario
Biological Attack !!
Wireless Sensor Network
Command & Control
Secure, Fixed Base Station
Secure, MobileBase Station
Aggregated sensor data
Comm
ands and OrdersAg
greg
ated
se
nsor
dat
a
Biological Attack !!
Wireless Sensor Network
Command & Control
Secure, Fixed Base Station
Secure, MobileBase StationBiological Attack !!
Subversive Attack !!!
Adaptive Wireless Sensor Network
Command & Control
Secure, Fixed Base Station
Secure, MobileBase StationBiological Attack !!
Subversive Attack !!!
Aggregated sensor data
Comm
ands and Orders
Aggr
egat
ed
sens
or d
ata
Outline• WSN State-of-the-Art• Thesis Statement• SWANS• SONETS • Conclusions
WSN State-of-the-Art• Energy, Networking, Data Management, Security• Energy conservation is key• Solutions designed mostly for homogeneous
WSNs • Security not a basic building block• Few solutions adaptive to environmental
variations
Thesis• Holistic Approach to WSN Design
• Mechanisms to detect, classify & respond to environmental variations
• Security as basic building block
• Result• Adaptive WSNs tuned to environment• Improved performance
• Security• Longevity• Connectivity
Secure & Adaptive WSN Framework
• SWANS: Two-tiered adaptability mechanism• Node-level Adaptability• Network-level Adaptability
• SONETS: Secure self-organization• Varied threat models• End-to-end & pair-wise secure links• Misbehavior detection & network repair
Wireless Sensor Network Adaptability
• Ontological approach• Identify parameter set and build module ontology
• Create node ontology to describe sensor node states
• Create network ontology to describe network states
• Establish rules to enable nodes and network to modify operational behavior
Related Work• SPIN, Heinzelman et al. (Mobicom, 1999)• T-MAC, van Dam et al. (SenSys, 2003)• AIDA, He et al. (ACM TECS, 2004)• Adaptive Sampling, Jain et al. (DMSN, 2004)• ARC, Kang et al. (Basenets, 2004)• Adaptive routing
• LEACH• Directed Diffusion
WSN ModelSink
RRN
Application
Routing
MAC
PHY Energy
Sensor
Sensor Nodes
Sensor Nodes
RRN
RRN
Node-level Adaptability
Sensor Node
Parameter Values
LC
Sensor NodeOntology
AC
Sensor NodeState
Operational Behavior
RRN
MRCOntological Symbols
Routing
MAC
PHY Energy
Sensor
Parameter Set• PHY
• Received power per packet, noise power• Carrier loss, format violation and HEC failure rates
• MAC• Failed transmission, multiple retry and collision ratios• FCS failure rate
• Routing• Node degree• Compromised node/link count• Failed node count• Reachable RRN count• Path and hop counts to RRNs• Router count
Parameter Set• Energy
• Remaining energy capacity• Energy consumption rate
• Sensor layer• Sensor accuracy• Sensor energy consumption
Monitor & Report• Establish lower and upper bounds for each
parameter • Monitor parameter values (per epoch/packet
count/…)
• Map parameter values to ontological symbols
• Provide symbols to Logic Component
Module Ontology• Logic Component• PHY, MAC, Routing, Energy and Sensor states• Tabular representation
• Resource-constrained nodes• Boolean expressions
• OWL-DL representation• Resource-enhanced nodes• Parameters as owl:ObjectProperty• Module states as owl:Class
Module Ontology
<owl:Restriction> <owl:onProperty rdf:resource="#noisePower"/> <owl:hasValue rdf:resource="#Amount_Abnormal"/> </owl:Restriction>
<owl:Class rdf:ID="PHYJammedByNoise"> <owl:intersectionOf rdf:parseType="Collection"> <owl:Class rdf:about="#PHY"/>
</owl:intersectionOf></owl:Class>
Module Ontology<owl:Class rdf:ID="PHYJammed"> <rdfs:subClassOf rdf:resource="#PHY"/> <owl:unionOf rdf:parseType="Collection"> <owl:Class rdf:about="#PHYJammedByNoise"/> <owl:Class
rdf:about="#PHYJammedDueCarrierLoss"/> </owl:unionOf></owl:Class>
Node Ontology• Sensor node states
• PHY, MAC, Routing, Energy and Sensor states• Classes representing sensor node states
• Restrictions• Subsumption - subclassOf, intersectionOf, unionOf
• Deployable on sensor nodes• Tabular representation• OWL-DL representation
• Deploying on RRNs • memory vs. energy trade-off
<owl:Class rdf:ID="SensorNodePHYJammed"> <owl:intersectionOf rdf:parseType="Collection"> <owl:Class rdf:about="#SensorNode"/> <owl:Restriction> <owl:onProperty rdf:resource="#hasPHY"/> <owl:someValuesFrom
rdf:resource="#PHYJammed"/> </owl:Restriction> </owl:intersectionOf></owl:Class>
Node Ontology
Node Ontology<owl:Class rdf:ID="SensorNodeJammed"> <rdfs:subClassOf rdf:resource="#SensorNode"/> <owl:unionOf rdf:parseType="Collection"> <owl:Class rdf:about="#SensorNodePHYJammed"/> <owl:Class
rdf:about="#SensorNodeMACJammed"/> </owl:unionOf></owl:Class>
Action Component• Node state = NS, Operational state = ?• Sensor node rule set
• NS(Jammed) V NS(SDTA) V (NS(Disconnected) Λ ES(Low Energy)) OS(Sleep)
• NS(Disconnection Imminent) Λ ES(Normal) OS(Increase Tx Range)
• NS(High Node Degree) V NS(Low Accuracy) V NS(Abnormal Routing Info.) OS(Extend Active Period)
Network-level AdaptabilityRRN
Sensor nodeState Information
LC
NetworkOntology
AC
Network State
RRN
MRC
Ontological Symbols
Instruct Sensor Nodes
RRN Monitoring & Reporting• Obtain individual node states
• Periodic report• Query mechanism
• Classify nodes according to reported state• Determine cardinality of each class• Map to ontological symbols
RRN Logic Component• Classify cluster instance represented by
ontological symbols – network ontology• Network ontology
• OWL-DL implementation• Classes representing cluster states• Subsumption & Restriction
• Output• Current logical state of cluster based on node
states
RRN Action Component• Cluster state = X, Instructions = ?• RRN rule set
• CS(Under SDTA) Λ Detected(A) Λ Detects(S, A) Λ NS(S, Sleep) NS(S, Active)
• CS(Normal) Λ Detected(A) Λ Detects(S, A) Stop Aggregation(S)
Evaluation• Problem
• Node addition attack (Zhu et al., CCS 2003)• Legitimate node addition
• SWANS Solution• Monitor node degree• State == Node degree ↕ Operation = Security
level ↕• Result
• Malicious nodes thwarted• Legitimate nodes accepted
Adapt to Node Degree Increase
Simulation Time (seconds)
Aver
age
ener
gy c
onsu
med
per
nod
e (J)
• 800 node network• 400 nodes observe node degree ↑
Determining ND Thresholds
Simulation Time (seconds)
Aver
age
ener
gy c
onsu
med
per
nod
e (J)
• Initial size: 200 to 390• ND increase: 5%• Final size: 210 to 400• µΔ, σΔ
• Determine n1, n2
Evaluation• Problem
• Sleep deprivation torture attack (Stajano and Anderson, 1999)
• SWANS solution • Monitor HEC & FCS failures, format violations,
collisions• Node state == SDTA Operation = Sleep• Report node & operational states to RRNs• RRNs: Compute network state, modify node operation
• Result• Network balances energy saving and utility
Adapt to SDTA
Simulation Time (seconds)
Aver
age
ener
gy c
onsu
med
per
nod
e (J)
Affected nodes detect SDTA
& enter sleep state
• 800-node WSN• 400 nodes attacked
RRNs compute global state & wake up some nodes
Evaluation• Problem
• Node failures due to malfunction or attacks• SWANS solution
• Nodes monitor count of failed neighbors (FN)• Node state == disconnected Op. state = Tx
range increase• Result
• Nodes increase Tx range, prevent network partitioning
• Node degrees increase, hop counts decrease• Trade-off is between connectivity and energy
consumption
Adapt to Node Failures (Node degree)
Network Size
Aver
age
Node
Deg
ree
Adapt to Node Failure (Hop counts)
Network Size
Aver
age
Hop
Coun
t
SONETS• Neighbor discovery
• P-SONETS: Centralized• C-SONETS & D-SONETS: Distributed
• Topology discovery & network setup• P-SONETS: Centralized, no key management• C-SONETS: Centralized pair-wise key management• D-SONETS: Distributed pair-wise key management
• Topology Maintenance• Multi-hop pair-wise key establishment• Node addition & deletion
Threat Models• Adversary presence
• Local, Global
• Adversary attack mode• Passive, Active
• Adversary attack capability• Before, during, after self-organization
Related Work• Probabilistic Approaches
• Eschenauer & Gligor, CCS 2002• Chan et al., ISSP 2003• Du et al., CCS 2003• Liu & Ning, CCS 2003
• Deterministic Approaches• Perrig et al., WINET 2002• Zhu et al., CCS 2003• Anderson et al., ICNP 2004
P-SONETS
BS
1
14
5
19
23
9
11
3
BS to j: EKBS(*, EKj(j, Nonce, HELLO))j to BS: EKBS(j, EKj(j, Nonce, HELLO_REPLY))
BS to k: EKBS(*, EKj(j, N1, RELAY)), EKk(k, N2, HELLO)j to k: EKBS(k, EKk(k, N2, HELLO)), Ψk to j: EKBS(k, Ψ), EKk(k, N2, HELLO_REPLY)j to BS: EKBS(k, EKk(k, N2, HELLO_REPLY)), EKj(j, N1)
BS: List of all keys Kj
j: KBS, Kj
P-SONETS• Network repair
• BS tracks node aberrance• Lack of data• Corrupt data
• Reasons for aberrance• Node is dead/compromised 2HN• Node is 2HN; relay point is dead/compromised• Node is dead/compromised 1HN
• BS repairs network • Delete aberrant nodes• Reassign relay points, if required
P-SONETS• Simulation using SensorSim (UCLA)
• 100 node WSN• Simple radio & battery models • Varied sensor node distribution in each hop
• Average energy consumption • Total initial energy in network = 3600 Asec• Node discovery, topology discovery, network
setup: 36 mJ • Network repair when fixed number of nodes fail: 8
mJ
C-SONETS• 1 to R: EK1(<5, 19, 14>)• R to 1: EK1(<x15, x119, x114>) R to 5: EK5(x51) R to 14: EK14(x141, <R,2,1>) • Node 1: K15 = f (x15 x1) Node 5: K15 = f (x51 x5)• 14 to 1: EK114(FWD, <13>) 1 to R: EK1(DATA, <13>)• R to 14: EK14(x1413) R to 13: EK13(x1314, <R,3,14>)• Node 14: K1413 = f(x1413 x14) Node 13: K1314 = f(x1314 x13)
13
R
1
14
5
19 K119 K114
K15
K1413
Kn, Ku, xu on each node u & R
C-SONETS
K5
K1
x15 = x5 R15
x51 = x1 R15
Energy Consumption
Network Size (n)Aver
age
ener
gy c
onsu
med
per
nod
e (J)
• Tx + Rx• Encrypt + Decrypt• Hashing• O(n3)• Existing Protocols
• 100s of mJ
Node degree & Hop countAv
erag
e no
de d
egre
e (d
) • Analytical Expression• Bettstetter 2002 • E(d) = ρπr0
2
where, ρ = n/Area = n/(25x104 m2)
r02 = Tx range
= 75 m• E(d) ≈ 7 to 70• E(h) ≈ 4
Hop count (h) Network size (n)
D-SONETS• Node 1: Broadcast M1
• M1 = EKn(*, 1, EKf(5)(5,x51) || …)• x51 = x1 R51, …
• Node 5: Broadcast M5• M5 = EKn(*, 5, EKf(1)(1,x15)||…) • x15 = x5 R15, …
• Node 1 computes• K15 = f (x15 x51)
• Node 5 computes• K15 = f (x51 x15)
• Node 1 to Node 14: M114• EKn(14, 1, EK114(<R,1>, <5,1>, …))
13
R
1
14
5
19 K119 K114
K15
K1413
Kn, Ku, xu on each node u & R
D-SONETS
M1M1
M1 M5
M5
K1
K5
M114
Energy Consumption (D-SONETS)
Network size (n)Aver
age
ener
gy c
onsu
med
per
nod
e (J)
• 50% of C-SONETS• Existing Protocols
• 1/3 D-SONETS• n ≤ 500
• 1/10 D-SONETS• n > 500
Security Analysis• Node compromise
• Effect limited to 1-hop neighborhood• Links between uncompromised nodes remain secure
• Sybil (Douceur 2002)• Identity-based authentication
• Wormhole & Sinkhole (Karlof and Wagner, 2003)• Routing not based on shortest path
• Node replication• RRNs exchange topology information periodically• Restrict node degree
Node Deletion• Neighbors detect misbehavior• Initiate voting process
• Majority affirmative vote to delete• Inform RRN
• Provide list of ‘yea’ voters• RRN may poll individual voters
• RRN• Generate new common shared key Kn
• Secure unicast
Conclusions• WSNs crucial component of pervasive
computing environments of the future• WSNs in tune with application & environment
• Secure • Adaptive
• Our framework is comprehensive solution• Security protocols for different levels of security• SONETS protocol suites scalable, efficient, resilient• SWANS provides multi-tiered WSN adaptability
Future Work• Adaptive data fidelity• Support for sensor adaptability
• Tune smart MEMS• Real-world sensor deployment & evaluation
• Memory• Computational power
• Comprehensive high-level policy• Govern WSN operational behavior• Resolve conflicts