Security versus Power Consumption in Wireless Sensor Networks
Security of Sensor Networks
description
Transcript of Security of Sensor Networks
![Page 1: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/1.jpg)
1
Security of Sensor Networks
Tanya RoostaTRUST Seminar
UC Berkeley, November 9, 2006
![Page 2: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/2.jpg)
2
Overview Taxonomy of attacks on sensor networks Convergence analysis of Reweighted-Tree sum-
product algorithms Time synchronization security Reputation system for tracking Game theory
![Page 3: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/3.jpg)
3
Overview Taxonomy of attacks on sensor networks Convergence analysis of Reweighted-Tree sum-
product algorithms Time synchronization security Reputation system for tracking Game theory
![Page 4: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/4.jpg)
4
Background on Sensor Network
Wireless networks consist of a large number of motes self-organizing, highly integrated with changing
environment and network Highly Constrained resources
processing, storage, bandwidth, power Facilitate large scale deployment
Health care Surveillance Critical infrastructure
![Page 5: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/5.jpg)
5
Motivation Sometimes deployed in hostile environment, and
have random topology Vision is to integrate sensors into critical
infrastructure, such as wireless Supervisory Control And Data Acquisition systems (SCADA)
Traditional security techniques can not be applied because …
![Page 6: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/6.jpg)
6
Challenges Unique to Sensor Networks Random Topology Secure aggregation Context privacy [PMRSSW06] Scalability of trust/key management schemes Power and computation efficiency
[PMRBSSW06] “Sameer Pai, Marci Meingast, Tanya Roosta, Sergio Bermudez, Shankar Sastry, Stephen Wicker. “Privacy in Sensor Networks: A Focus On Transactional Information”. Under submission to IEEE Security and Privacy Magazine
![Page 7: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/7.jpg)
7
Security Attacks on Sensor Networks Need to have a comprehensive taxonomy of security and
confidentiality attacks on sensor networks to describe [RSS06]: Attacker’s goal Trust model Security requirements Various types of attacks
[RSS06] Tanya Roosta, Shiuhpyng Shieh, Shankar Sastry. "Taxonomy of Security Attacks on Sensor Networks". IEEE International Conference on System Integration and Reliability Improvements 2006
![Page 8: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/8.jpg)
8
Attacker’s Goal Eavesdropping (outsider attacker) Disruption of applications (insider attacker) Subverting a subset of sensor nodes (insider
attacker)
![Page 9: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/9.jpg)
9
There is usually a central base station that gathers all the data reported by the sensor nodes
Only trust assumption: the base station is trustworthy
No other trust requirement is placed
Trust Model
![Page 10: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/10.jpg)
10
Security Requirements
Confidentiality Authentication Integrity Freshness Secure Group Management Availability Graceful degradation
![Page 11: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/11.jpg)
11
Cryptography
Cryptography is the first line of defense Cryptography helps with message integrity,
authentication, and confidentiality TinySec: symmetric key cryptographic algorithm TinyECC: Elliptic Curve Cryptography (ECC)
Cryptography can not solve all the problems of security in sensor networks
![Page 12: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/12.jpg)
12
Security Attacks Attacks can be categorized into [RSS 06]:
Attacks on the sensor mote Attacks on the protocols and applications
![Page 13: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/13.jpg)
13
Non-invasive: The embedded device is not physically tampered with Side-channel attack
Invasive: Reverse engineering followed by probing techniques Extract cryptographic keys Exploit software vulnerabilities:
Memory access control
Attacks on the Sensor Mote
![Page 14: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/14.jpg)
14
Attacks on Protocols/Applications Denial of service Traffic analysis Time synchronization Key management protocols Data aggregation protocols Comprehensive list in [RSS06]
DOS
![Page 15: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/15.jpg)
15
Overview Taxonomy of attacks on sensor networks Convergence analysis of Reweighted-Tree sum-
product algorithms Time synchronization security Reputation system for tracking Game theory
![Page 16: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/16.jpg)
16
Graphical Models In probabilistic graphical models, the nodes are
random variables, and arcs (or lack of them) encodes the conditional independence of these random variables
Specify a joint probability distribution among random variables
![Page 17: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/17.jpg)
17
Graphical Models in Sensor Networks Graphical models useful for distributed fusion in
sensor networks [CCFIMWW06]: Well-suited for sensor network structure Scalable inference algorithm, new message-passing
algorithms Parallel message-passing
[CCFIMWW06] M. Cetin, L. Chen, J. W. Fisher, A. T. Ihler, R. L. Moses, M. J. Wainwright, A. Willsky. “Distributed Fusion in Sensor Networks”. IEEE Signal Processing Magazine, July 2006.
![Page 18: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/18.jpg)
18
Inference on Graphical Models Calculating posterior marginals is NP-hard Junction Tree algorithm finds exact marginals, but is
computationally expensive Standard Belief Propagation (BP) is used as an
approximate inference algorithm
BP Equation
![Page 19: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/19.jpg)
19
Tree-Reweighted Sum-Product Algorithm
TRW is a broader class of approximate inference algorithms Message adjusted by edge-based weights The weights are ts2[0,1] Computational complexity identical to BP = 1: recovers the standard BP
[WJW05] M. J. Wainwright and T. S. Jaakkola and A. S. Willsky. "A new class of upper bounds on the log partition function"IEEE Trans. Info. Theory, 2005.
![Page 20: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/20.jpg)
20
Advantages of TRW For suitable choices of , TRW, in sharp contrast to
BP, always has a unique fixed point for any graph and any dependency strength
Additional benefit: Message-passing updates tend to be more stable Faster convergence rate
![Page 21: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/21.jpg)
21
TRW in Sensor Networks TRW can be used in sensor networks [CWCW03] TRW and security:
Compromised nodes give faulty updates Need to understand:
How much of an effect the faulty updates will have on the estimation
How the characteristics of the fixed points of TRW are changed
[CWCW03] L. Chen, M. J. Wainwright, M. Cetin, A. S. Willsky. “Multitarget-Multisensor Data Association Using Tree-Reweighted Max-Product Algorithm”. SPIE AeroSense Conference, 2003.
![Page 22: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/22.jpg)
22
Convergence Analysis of TRW [RW06]
The objective is to analyze the convergence of the family of reweighted sum-product algorithms
We assume that the ‘true’ messages are fixed points of the algorithm
The messages are perturbed by some amount
[RW06] Tanya Roosta, Martin J. Wainwright. "Convergence Analysis of Reweighted Sum-Product Algorithms“. Submitted to IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP)
![Page 23: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/23.jpg)
23
Convergence Analysis [RW06] W.L.O.G restrict attention to the case of pair-wise
cliques
The distribution defined on this graph is:
Analyze homogeneous and non-homogeneous models
st
![Page 24: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/24.jpg)
24
Homogeneous Model st = , s= θ for all edges and all nodes Let d=degree of the nodes If d-1 1, then we are guaranteed uniqueness and
convergence of the updates If d-1 > 1 , the update equation may have more than
one fixed point, depending on the choice of and
Proof
![Page 25: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/25.jpg)
25Plot of the appearance of multiple fixed points versus and
θ
crit
ical
d=4
![Page 26: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/26.jpg)
26
Non-Homogeneous Model In the general model, convergence analysis is based
on establishing, under suitable conditions, the updates specify a contractive mapping in the l1 norm, i.e.
![Page 27: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/27.jpg)
27
Simulation Results uniform from [0.05,0.5], edge potentials st,
uniform from [0.01,1], and different values for Number of nodes between 49-169 Plot of log |zm-z*|1 vs. the number of iterations (m)
![Page 28: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/28.jpg)
28
More figures
![Page 29: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/29.jpg)
29
Ongoing and Future Work The convergence condition is somewhat
conservative Requires the message updates be contractive at every
node of the graph We like to have an average-case analysis
Require that updates be attractive in an average sense
![Page 30: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/30.jpg)
30
Overview Taxonomy of attacks on sensor networks Convergence analysis of Reweighted-Tree sum-
product algorithms Time synchronization security Reputation system for tracking Game theory
![Page 31: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/31.jpg)
31
Why Need Time Sync.? Sources of error in time are:
Clock skew: the difference in the frequencies of the clock and the perfect clock
Clock offset: the difference between the time reported by a clock and the real time
Time sync.
![Page 32: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/32.jpg)
32
Effect of Time Sync. Attacks Time sync. protocols are vulnerable to security attacks Effect on applications/services [MRS05]:
Shooter Localization TDMA-based Channel Sharing:
Flexible Power Scheduling TDMA-based MAC protocol
Estimation Authenticated Broadcast (Tesla)
[MRS05] Mike Manzo, Tanya Roosta, Shankar Sastry. “Time Synchronization Attacks in Sensor Networks“. The Third ACM Workshop on Security of Ad Hoc and Sensor Networks 2005
![Page 33: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/33.jpg)
33
Time Sync. Protocols in Sensor Network
Three general categories: Reference Broadcast Synchronization (RBS) TPSN Flooding Time Synchronization Protocol (FTSP)
In [MRS05] attacks and possible countermeasures for each time sync. protocols was explained
Description
![Page 34: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/34.jpg)
34
FTSP FTSP uses reference points for synchronization Reference point = (globalTime, localTime)
globalTime: time of the transmitting node localTime: time of the receiving node
The receiving node uses linear regression on 8 reference points to find offset and skew
Detail
![Page 35: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/35.jpg)
35
Attacks on FTSP [RS06] A compromised node can claim to be the root node The compromised root sends false updates, which
will get propagated in the network Every node accepting the false updates calculates
false offset and skew
[RS06] Tanya Roosta, Shankar Sastry. “Securing Flooding Time Synchronization Protocol in Sensor Networks". Workshop of 6th ACM & IEEE Conference on Embedded Software
![Page 36: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/36.jpg)
36
Proposed Countermeasures [RS06] Secure leader election mechanism:
distributed coin-flipping algorithms (use cryptographic commitments)
Using redundancy: Instead of LS on one neighbor, run LS on multiple
neighbors and take the median Run LS on multiple random subsets of data
Using robust estimators: Least Median of Squares (LMS)
![Page 37: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/37.jpg)
37
Future work Experiments:
Implementing the attacks
Analyze the effect on the tracking application
Implement some of the countermeasures
Time line: 6 months
![Page 38: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/38.jpg)
38
Overview Taxonomy of attacks on sensor networks Convergence analysis of Reweighted-Tree sum-
product algorithms Time synchronization security Reputation system for tracking Game theory
![Page 39: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/39.jpg)
39
Reputation System Reputation systems have been used in online ranking
systems They have proven useful as a self-policing
mechanism In [GS04] the authors propose extending this
framework to sensor networks
[GS04] Saurahb Ganeriwal, Mani Srivastava. “Reputation-based framework for high integrity sensor Networks”. Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, 2004.
![Page 40: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/40.jpg)
40
Reputation System in Sensor Network
No unifying way to design the “watchdog” mechanism Application dependent
[GS04]
![Page 41: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/41.jpg)
41
Reputation System for Tracking [RMS06] We designed a reputation system for the tracking
application Tracking is fundamental in sensor networks
Surveillance Pursuit Evasion Games
Focused on Hierarchical Multi-Object Tracking Algorithm (MCMCDA)
[RMS06] Tanya Roosta, Marci Meingast, Shankar Sastry. "Distributed Reputation System for Tracking Applications in Sensor Networks". In proc. of International Workshop on Advances in Sensor Networks 2006
![Page 42: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/42.jpg)
42
The input: a set of data indexed by time
The output: the association of the observed data with object tracks
The tracking algorithm has two phases: Data Fusion Data Association
MCMCDA
[ORS04] S. Oh, S. Russell, and S. Sastry. “Markov Chain Monte Carlo Data Association for General Multiple-Target Tracking Problems”. IEEE International Conference on Decision and Control (CDC), 2004.
![Page 43: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/43.jpg)
43
Example
Figure (a) shows the observed data indexed by time, Figure (b) shows the tracks that were formed based on the
maximum likelihood function
[ORS04]
![Page 44: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/44.jpg)
44
Nodes equipped with motion detection sensors Sensor model:
MCMCDA [ORS04]
![Page 45: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/45.jpg)
45
Data Fusion In each local neighborhood, the node with the
highest signal strength declares itself to be the leader All the other nodes in the neighborhood send their
observations to this leader The leader aggregates the data:
![Page 46: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/46.jpg)
46
Data Association Each leader sends the fused observation to the
closest super-node Super-node send their gathered fused observations to
the base station Base station uses Markov Chain Monte Carlo
(MCMC) to associate the fused data by maximizing the posterior of the track, given the observations
Formula
![Page 47: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/47.jpg)
47
Possible Attacks [RMS06] Adversary physically captures a subset of the
sensor nodes Compromised nodes send faulty observations to the
leaderResults in wrong fused observations and formation of non-existent tracks for the moving objects
![Page 48: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/48.jpg)
48
Attacks Not Considered We did not allow the compromised nodes to claim to
be the leader This problem could be solved using standard
distributed coin-flipping algorithms using cryptographic commitments
At the central level, we need to use statistical methods that would filter out the faulty observations coming from the compromised leaders
![Page 49: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/49.jpg)
49
Reputation System [RMS06] The nodes do not share their reputation table At this point, we only use first hand observations for
updating the reputation Each node updates the reputation of its neighbors
only when it becomes the leader The reputation is a value in [0,1]
![Page 50: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/50.jpg)
50
The Algorithm [RMS06]
Leader node gathers all the observations from its neighbors
It chooses m subsets of the observations The members of each subset are chosen randomly
from among all the neighbors The leader computes the fused observation for each
subset ( )
![Page 51: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/51.jpg)
51
The Algorithm (cont.)
is the accumulated reputation of the jth neighbor at node i up to time t-1
The leader finds the median of where i 2 {1,…,m}
![Page 52: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/52.jpg)
52
Reputation Assignment [RMS06]
The median value of the estimated location is the trusted value (mtrust) and the nodes in the corresponding subset are trusted nodes (Strsut)
There are two counters (ij , ij) for instantaneous reputation ij : positive reputation ij : negative reputation
![Page 53: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/53.jpg)
53
Reputation Assignment (cont.)
Nodes in Strust receive an instantaneous reputation of (1,0)
For the rest of the neighbors, the leader picks one node, sij, at a time and add it to the subset Strust and recalculates the location estimation
Call the result of this calculation
![Page 54: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/54.jpg)
54
Reputation Update [RMS06]
T is a threshold to determine how far can be pulled away from the median mtrue
T has to take the normal level of observation noise into account
![Page 55: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/55.jpg)
55
Reputation Aggregation [RMS06] Instantaneous reputations are aggregated to calculate
the cumulative positive and negative reputation (rij
t, sijt)
Discounting factor, , is used to guarantees old reputations will be gradually forgotten
The reputation is aggregated using: Beta function
![Page 56: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/56.jpg)
56
Simulation The surveillance region is a square grid of size 50m
x 50m There is one node placed at each corner of each
square The number of objects we want to track is ni
The sensing range Rs is set to 1.5m
![Page 57: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/57.jpg)
57
Simulation (cont.)
The noise represented by a Gaussian standard distribution ~N(0,1)
Tested different scenarios Example: the number of compromised nodes is fixed and
the sensing radius is varied from 1.5m to 3m T= 0.4, m=4, and s=3 Metric: the average error in the number of tracks
estimated by the algorithm compared to the actual number of tracks
![Page 58: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/58.jpg)
58
250 compromised nodes, varying sensing radius
![Page 59: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/59.jpg)
59
Qualitative Comparison
![Page 60: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/60.jpg)
60
Future Work Extend the
observation model to include probability of compromised nodes using mixture models [RMG06]
[RMG06] Tanya Roosta, Mubaraq Mishra, Ali Ghazizadeh. “Robust Detection and Estimation in Ad-Hoc and Sensor Networks”. IEEE International Conference on Mobile Ad-hoc and Sensor Systems, 2006
![Page 61: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/61.jpg)
61
Overview Taxonomy of attacks on sensor networks Convergence analysis of Reweighted-Tree sum-
product algorithms Time synchronization security Reputation system for tracking Game theory
![Page 62: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/62.jpg)
62
Clustering Game Setup:
There are a number of clusters K The adversary knows what is being observed The adversary can not observe what the other adversaries
are doing (no collusion) The nodes are monitoring temperature (example)
What is the optimal compromised node placement within the clusters to cause the most amount of damage?
![Page 63: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/63.jpg)
63
center
center
Which distribution of the compromised nodes has the most affect on the final estimation at the center?
Good node
Compromised node
More Game Theory
![Page 64: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/64.jpg)
64
Conclusion Security in sensor networks is crucial to successful
deployment In this talk:
proposed a taxonomy of security attacks Gave convergence results for TRW Described attacks on time sync. Protocols and the effect
on different application Developed a decentralized reputation system for tracking Use of game theory to formulate security attacks
![Page 65: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/65.jpg)
65
![Page 66: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/66.jpg)
66
Effect on Estimation (Example) state of a discrete-time controlled process
Given the measurement
Back
![Page 67: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/67.jpg)
67
Reputation and Beta Function
The sequence of observations can be considered as a sample from a binomial distribution, i.e. a sequence of independent coin tosses, with a bias parameter P
To be clear, the head corresponds to an honest node and the tail corresponds to a compromised node, and the bias is the overall reputation of the node
We can estimate the rating of a node using Bayesian parameter estimation of the binomial distribution
Back
![Page 68: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/68.jpg)
68
Reputation and Beta Function (cont.)
The posterior probability of binary events is most accurately represented by the Beta distribution
Beta distribution is a two parameter distribution with parameters a and b
Parameter a measures the number of successes (rijt)
and b measures the number of failures (sijt)
The overall reputation is modeled as the expected value of the Beta distributionBack
![Page 69: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/69.jpg)
69
Proof Message updates are characterized by:
Taking the derivative of F(z,, , ) will give the rate of convergence
![Page 70: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/70.jpg)
70
Proof (cont.)
Back
![Page 71: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/71.jpg)
71
Robust Detection The goal is to detect compromised/faulty nodes
The lying behavior could be: Static unchanging behavior Dynamic changing liars Dynamic colluding liars We can model each one of these cases using a Hidden Markov Model
![Page 72: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/72.jpg)
72
Problem Formulation The nodes make an observation according to:
No notion of time in our problem setup, i.e. the nodes collect all their observations, and then the detection is performed
![Page 73: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/73.jpg)
73
Problem Formulation Expectation Maximization (EM) framework is used
to find the parameters (probability of a the node lying and the detection value)
We maximize the log likelihood based on the lying behavior we are considering (which affects the hidden parameters)
Back
![Page 74: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/74.jpg)
74
RBSIn RBS a reference message is broadcast to two receivers and the receivers synchronize their respective local clocks to each other A transmitter broadcasts m reference messages Each of the n receivers record their local received time Receivers exchange their local times. Each receiver calculates its phase offset as the LS linear regression of the phase offsets Back
![Page 75: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/75.jpg)
75
TPSN TPSN creates a spanning tree of the sensor network Each node finds the clock drift and propagation
delay, using:
2))()(( 3412 TTTT
2))())(( 3412 TTTTd
Back
![Page 76: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/76.jpg)
76
![Page 77: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/77.jpg)
77
Back
![Page 78: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/78.jpg)
78
Denial of Service Attacks Denial of service attack concerns any attack that
diminishes the network’s capacity to perform its function
Denial of service attacks can be carried out at any of the layers of the communication stack
Back
![Page 79: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/79.jpg)
79
Denial of Service Attacks
[WS02] A. Woods, J. Stankovic“Denial of Service Attacks in Sensor Networks”. IEEE Computer, 35(10):54-62, October 2002
Back
![Page 80: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/80.jpg)
80
Ordinary Belief Propagation
ttsu
iutttsttss
its dxxmxxxxm
t
)()(),()(\
1
Message and belief updates:
)()()( tu
iutttt
it xmxxM
t
Back
![Page 81: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/81.jpg)
81
LMS
}{ )10(,)210(2,)110(1min222
, 10 nXbbnYXbbYXbbYMedianSRmed iibb
Back
![Page 82: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/82.jpg)
82
Time Synchronization Time synchronization protocols provide a
mechanism for synchronizing the local clocks of the nodes in a sensor network
Two ways to synchronize the clocks: Synchronization to accurate real time Relative synchronization for ordering of the events
Clock model:Back
![Page 83: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/83.jpg)
83
FTSP (cont.) Offset:
Skew:
Back
![Page 84: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/84.jpg)
84
Example
Back
![Page 85: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/85.jpg)
85
Data Association (cont.) Maximizing the posterior of the track, given the
observations, Y:
zt number of objects terminated at timet, at number of new objects at time t, dt the number of detections, ft the probability of false alarms, f the false alarm rate, b the birth rate of a new object, pz the probability of an object disappearing, and pd the probability of detection.
Back
![Page 86: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/86.jpg)
86
Attack Trees Attack trees provide a formal, methodical way of
describing the security of systems, based on varying attacks
The tree can also be used to determine where a system is vulnerable, and weigh the benefits of different countermeasures against one another
We want to develop an efficient attack tree for sensor networks An example based on the taxonomy paper
![Page 87: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/87.jpg)
87
![Page 88: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/88.jpg)
88
Routing Game1
The power consumption in routing has been modeled as a dynamic Bayesian game among the N nodes of the network Uses action history: hi(tk)=(si(t0), …, si(tk-1) )
This Bayesian game has a Nash equilibrium solution, but the solution strategy has not been explicitly found
1-Petteri Nurmi. “Modelling Routing in Wireless Ad Hoc Networks with Dynamic Bayesian Games”. IEEE SECON, 2004
![Page 89: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/89.jpg)
89
Future Work What are the actual solutions to this Bayesian game
(if we can explicitly solve for the equilibrium)? Affect of memory/action history length on the
outcome of the Bayesian game Learning the reputations of nodes dynamically using
the solution to the Bayesian game Time line: 1 year
![Page 90: Security of Sensor Networks](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815d76550346895dcb8342/html5/thumbnails/90.jpg)
90
TRW Message Update
Back