a holistic approach to secure sensor networks
DESCRIPTION
A Holistic Approach to Secure Sensor Networks. Sasikanth Avancha. Application Scenario. Biological Attack !!. Aggregated sensor data. Commands and Orders. Aggregated sensor data. Wireless Sensor Network. Command & Control. Secure, Fixed Base Station. Biological Attack !!. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/1.jpg)
A Holistic Approach to Secure Sensor Networks
Sasikanth Avancha
![Page 2: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/2.jpg)
Application Scenario
Biological Attack !!
![Page 3: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/3.jpg)
Wireless Sensor Network
Command & Control
Secure, Fixed Base Station
Secure, MobileBase Station
Aggregated sensor data
Comm
ands and OrdersAg
greg
ated
se
nsor
dat
a
Biological Attack !!
![Page 4: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/4.jpg)
Wireless Sensor Network
Command & Control
Secure, Fixed Base Station
Secure, MobileBase StationBiological Attack !!
Subversive Attack !!!
![Page 5: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/5.jpg)
Adaptive Wireless Sensor Network
Command & Control
Secure, Fixed Base Station
Secure, MobileBase StationBiological Attack !!
Subversive Attack !!!
Aggregated sensor data
Comm
ands and Orders
Aggr
egat
ed
sens
or d
ata
![Page 6: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/6.jpg)
Outline• WSN State-of-the-Art• Thesis Statement• SWANS• SONETS • Conclusions
![Page 7: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/7.jpg)
WSN State-of-the-Art• Energy, Networking, Data Management, Security• Energy conservation is key• Solutions designed mostly for homogeneous
WSNs • Security not a basic building block• Few solutions adaptive to environmental
variations
![Page 8: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/8.jpg)
Thesis• Holistic Approach to WSN Design
• Mechanisms to detect, classify & respond to environmental variations
• Security as basic building block
• Result• Adaptive WSNs tuned to environment• Improved performance
• Security• Longevity• Connectivity
![Page 9: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/9.jpg)
Secure & Adaptive WSN Framework
• SWANS: Two-tiered adaptability mechanism• Node-level Adaptability• Network-level Adaptability
• SONETS: Secure self-organization• Varied threat models• End-to-end & pair-wise secure links• Misbehavior detection & network repair
![Page 10: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/10.jpg)
Wireless Sensor Network Adaptability
• Ontological approach• Identify parameter set and build module ontology
• Create node ontology to describe sensor node states
• Create network ontology to describe network states
• Establish rules to enable nodes and network to modify operational behavior
![Page 11: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/11.jpg)
Related Work• SPIN, Heinzelman et al. (Mobicom, 1999)• T-MAC, van Dam et al. (SenSys, 2003)• AIDA, He et al. (ACM TECS, 2004)• Adaptive Sampling, Jain et al. (DMSN, 2004)• ARC, Kang et al. (Basenets, 2004)• Adaptive routing
• LEACH• Directed Diffusion
![Page 12: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/12.jpg)
WSN ModelSink
RRN
Application
Routing
MAC
PHY Energy
Sensor
Sensor Nodes
Sensor Nodes
RRN
RRN
![Page 13: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/13.jpg)
Node-level Adaptability
Sensor Node
Parameter Values
LC
Sensor NodeOntology
AC
Sensor NodeState
Operational Behavior
RRN
MRCOntological Symbols
Routing
MAC
PHY Energy
Sensor
![Page 14: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/14.jpg)
Parameter Set• PHY
• Received power per packet, noise power• Carrier loss, format violation and HEC failure rates
• MAC• Failed transmission, multiple retry and collision ratios• FCS failure rate
• Routing• Node degree• Compromised node/link count• Failed node count• Reachable RRN count• Path and hop counts to RRNs• Router count
![Page 15: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/15.jpg)
Parameter Set• Energy
• Remaining energy capacity• Energy consumption rate
• Sensor layer• Sensor accuracy• Sensor energy consumption
![Page 16: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/16.jpg)
Monitor & Report• Establish lower and upper bounds for each
parameter • Monitor parameter values (per epoch/packet
count/…)
• Map parameter values to ontological symbols
• Provide symbols to Logic Component
![Page 17: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/17.jpg)
Module Ontology• Logic Component• PHY, MAC, Routing, Energy and Sensor states• Tabular representation
• Resource-constrained nodes• Boolean expressions
• OWL-DL representation• Resource-enhanced nodes• Parameters as owl:ObjectProperty• Module states as owl:Class
![Page 18: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/18.jpg)
Module Ontology
<owl:Restriction> <owl:onProperty rdf:resource="#noisePower"/> <owl:hasValue rdf:resource="#Amount_Abnormal"/> </owl:Restriction>
<owl:Class rdf:ID="PHYJammedByNoise"> <owl:intersectionOf rdf:parseType="Collection"> <owl:Class rdf:about="#PHY"/>
</owl:intersectionOf></owl:Class>
![Page 19: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/19.jpg)
Module Ontology<owl:Class rdf:ID="PHYJammed"> <rdfs:subClassOf rdf:resource="#PHY"/> <owl:unionOf rdf:parseType="Collection"> <owl:Class rdf:about="#PHYJammedByNoise"/> <owl:Class
rdf:about="#PHYJammedDueCarrierLoss"/> </owl:unionOf></owl:Class>
![Page 20: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/20.jpg)
Node Ontology• Sensor node states
• PHY, MAC, Routing, Energy and Sensor states• Classes representing sensor node states
• Restrictions• Subsumption - subclassOf, intersectionOf, unionOf
• Deployable on sensor nodes• Tabular representation• OWL-DL representation
• Deploying on RRNs • memory vs. energy trade-off
![Page 21: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/21.jpg)
<owl:Class rdf:ID="SensorNodePHYJammed"> <owl:intersectionOf rdf:parseType="Collection"> <owl:Class rdf:about="#SensorNode"/> <owl:Restriction> <owl:onProperty rdf:resource="#hasPHY"/> <owl:someValuesFrom
rdf:resource="#PHYJammed"/> </owl:Restriction> </owl:intersectionOf></owl:Class>
Node Ontology
![Page 22: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/22.jpg)
Node Ontology<owl:Class rdf:ID="SensorNodeJammed"> <rdfs:subClassOf rdf:resource="#SensorNode"/> <owl:unionOf rdf:parseType="Collection"> <owl:Class rdf:about="#SensorNodePHYJammed"/> <owl:Class
rdf:about="#SensorNodeMACJammed"/> </owl:unionOf></owl:Class>
![Page 23: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/23.jpg)
Action Component• Node state = NS, Operational state = ?• Sensor node rule set
• NS(Jammed) V NS(SDTA) V (NS(Disconnected) Λ ES(Low Energy)) OS(Sleep)
• NS(Disconnection Imminent) Λ ES(Normal) OS(Increase Tx Range)
• NS(High Node Degree) V NS(Low Accuracy) V NS(Abnormal Routing Info.) OS(Extend Active Period)
![Page 24: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/24.jpg)
Network-level AdaptabilityRRN
Sensor nodeState Information
LC
NetworkOntology
AC
Network State
RRN
MRC
Ontological Symbols
Instruct Sensor Nodes
![Page 25: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/25.jpg)
RRN Monitoring & Reporting• Obtain individual node states
• Periodic report• Query mechanism
• Classify nodes according to reported state• Determine cardinality of each class• Map to ontological symbols
![Page 26: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/26.jpg)
RRN Logic Component• Classify cluster instance represented by
ontological symbols – network ontology• Network ontology
• OWL-DL implementation• Classes representing cluster states• Subsumption & Restriction
• Output• Current logical state of cluster based on node
states
![Page 27: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/27.jpg)
RRN Action Component• Cluster state = X, Instructions = ?• RRN rule set
• CS(Under SDTA) Λ Detected(A) Λ Detects(S, A) Λ NS(S, Sleep) NS(S, Active)
• CS(Normal) Λ Detected(A) Λ Detects(S, A) Stop Aggregation(S)
![Page 28: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/28.jpg)
Evaluation• Problem
• Node addition attack (Zhu et al., CCS 2003)• Legitimate node addition
• SWANS Solution• Monitor node degree• State == Node degree ↕ Operation = Security
level ↕• Result
• Malicious nodes thwarted• Legitimate nodes accepted
![Page 29: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/29.jpg)
Adapt to Node Degree Increase
Simulation Time (seconds)
Aver
age
ener
gy c
onsu
med
per
nod
e (J)
• 800 node network• 400 nodes observe node degree ↑
![Page 30: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/30.jpg)
Determining ND Thresholds
Simulation Time (seconds)
Aver
age
ener
gy c
onsu
med
per
nod
e (J)
• Initial size: 200 to 390• ND increase: 5%• Final size: 210 to 400• µΔ, σΔ
• Determine n1, n2
![Page 31: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/31.jpg)
Evaluation• Problem
• Sleep deprivation torture attack (Stajano and Anderson, 1999)
• SWANS solution • Monitor HEC & FCS failures, format violations,
collisions• Node state == SDTA Operation = Sleep• Report node & operational states to RRNs• RRNs: Compute network state, modify node operation
• Result• Network balances energy saving and utility
![Page 32: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/32.jpg)
Adapt to SDTA
Simulation Time (seconds)
Aver
age
ener
gy c
onsu
med
per
nod
e (J)
Affected nodes detect SDTA
& enter sleep state
• 800-node WSN• 400 nodes attacked
RRNs compute global state & wake up some nodes
![Page 33: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/33.jpg)
Evaluation• Problem
• Node failures due to malfunction or attacks• SWANS solution
• Nodes monitor count of failed neighbors (FN)• Node state == disconnected Op. state = Tx
range increase• Result
• Nodes increase Tx range, prevent network partitioning
• Node degrees increase, hop counts decrease• Trade-off is between connectivity and energy
consumption
![Page 34: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/34.jpg)
Adapt to Node Failures (Node degree)
Network Size
Aver
age
Node
Deg
ree
![Page 35: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/35.jpg)
Adapt to Node Failure (Hop counts)
Network Size
Aver
age
Hop
Coun
t
![Page 36: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/36.jpg)
SONETS• Neighbor discovery
• P-SONETS: Centralized• C-SONETS & D-SONETS: Distributed
• Topology discovery & network setup• P-SONETS: Centralized, no key management• C-SONETS: Centralized pair-wise key management• D-SONETS: Distributed pair-wise key management
• Topology Maintenance• Multi-hop pair-wise key establishment• Node addition & deletion
![Page 37: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/37.jpg)
Threat Models• Adversary presence
• Local, Global
• Adversary attack mode• Passive, Active
• Adversary attack capability• Before, during, after self-organization
![Page 38: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/38.jpg)
Related Work• Probabilistic Approaches
• Eschenauer & Gligor, CCS 2002• Chan et al., ISSP 2003• Du et al., CCS 2003• Liu & Ning, CCS 2003
• Deterministic Approaches• Perrig et al., WINET 2002• Zhu et al., CCS 2003• Anderson et al., ICNP 2004
![Page 39: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/39.jpg)
P-SONETS
BS
1
14
5
19
23
9
11
3
BS to j: EKBS(*, EKj(j, Nonce, HELLO))j to BS: EKBS(j, EKj(j, Nonce, HELLO_REPLY))
BS to k: EKBS(*, EKj(j, N1, RELAY)), EKk(k, N2, HELLO)j to k: EKBS(k, EKk(k, N2, HELLO)), Ψk to j: EKBS(k, Ψ), EKk(k, N2, HELLO_REPLY)j to BS: EKBS(k, EKk(k, N2, HELLO_REPLY)), EKj(j, N1)
BS: List of all keys Kj
j: KBS, Kj
![Page 40: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/40.jpg)
P-SONETS• Network repair
• BS tracks node aberrance• Lack of data• Corrupt data
• Reasons for aberrance• Node is dead/compromised 2HN• Node is 2HN; relay point is dead/compromised• Node is dead/compromised 1HN
• BS repairs network • Delete aberrant nodes• Reassign relay points, if required
![Page 41: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/41.jpg)
P-SONETS• Simulation using SensorSim (UCLA)
• 100 node WSN• Simple radio & battery models • Varied sensor node distribution in each hop
• Average energy consumption • Total initial energy in network = 3600 Asec• Node discovery, topology discovery, network
setup: 36 mJ • Network repair when fixed number of nodes fail: 8
mJ
![Page 42: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/42.jpg)
C-SONETS• 1 to R: EK1(<5, 19, 14>)• R to 1: EK1(<x15, x119, x114>) R to 5: EK5(x51) R to 14: EK14(x141, <R,2,1>) • Node 1: K15 = f (x15 x1) Node 5: K15 = f (x51 x5)• 14 to 1: EK114(FWD, <13>) 1 to R: EK1(DATA, <13>)• R to 14: EK14(x1413) R to 13: EK13(x1314, <R,3,14>)• Node 14: K1413 = f(x1413 x14) Node 13: K1314 = f(x1314 x13)
13
R
1
14
5
19 K119 K114
K15
K1413
Kn, Ku, xu on each node u & R
C-SONETS
K5
K1
x15 = x5 R15
x51 = x1 R15
![Page 43: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/43.jpg)
Energy Consumption
Network Size (n)Aver
age
ener
gy c
onsu
med
per
nod
e (J)
• Tx + Rx• Encrypt + Decrypt• Hashing• O(n3)• Existing Protocols
• 100s of mJ
![Page 44: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/44.jpg)
Node degree & Hop countAv
erag
e no
de d
egre
e (d
) • Analytical Expression• Bettstetter 2002 • E(d) = ρπr0
2
where, ρ = n/Area = n/(25x104 m2)
r02 = Tx range
= 75 m• E(d) ≈ 7 to 70• E(h) ≈ 4
Hop count (h) Network size (n)
![Page 45: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/45.jpg)
D-SONETS• Node 1: Broadcast M1
• M1 = EKn(*, 1, EKf(5)(5,x51) || …)• x51 = x1 R51, …
• Node 5: Broadcast M5• M5 = EKn(*, 5, EKf(1)(1,x15)||…) • x15 = x5 R15, …
• Node 1 computes• K15 = f (x15 x51)
• Node 5 computes• K15 = f (x51 x15)
• Node 1 to Node 14: M114• EKn(14, 1, EK114(<R,1>, <5,1>, …))
13
R
1
14
5
19 K119 K114
K15
K1413
Kn, Ku, xu on each node u & R
D-SONETS
M1M1
M1 M5
M5
K1
K5
M114
![Page 46: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/46.jpg)
Energy Consumption (D-SONETS)
Network size (n)Aver
age
ener
gy c
onsu
med
per
nod
e (J)
• 50% of C-SONETS• Existing Protocols
• 1/3 D-SONETS• n ≤ 500
• 1/10 D-SONETS• n > 500
![Page 47: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/47.jpg)
Security Analysis• Node compromise
• Effect limited to 1-hop neighborhood• Links between uncompromised nodes remain secure
• Sybil (Douceur 2002)• Identity-based authentication
• Wormhole & Sinkhole (Karlof and Wagner, 2003)• Routing not based on shortest path
• Node replication• RRNs exchange topology information periodically• Restrict node degree
![Page 48: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/48.jpg)
Node Deletion• Neighbors detect misbehavior• Initiate voting process
• Majority affirmative vote to delete• Inform RRN
• Provide list of ‘yea’ voters• RRN may poll individual voters
• RRN• Generate new common shared key Kn
• Secure unicast
![Page 49: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/49.jpg)
Conclusions• WSNs crucial component of pervasive
computing environments of the future• WSNs in tune with application & environment
• Secure • Adaptive
• Our framework is comprehensive solution• Security protocols for different levels of security• SONETS protocol suites scalable, efficient, resilient• SWANS provides multi-tiered WSN adaptability
![Page 50: A Holistic Approach to Secure Sensor Networks](https://reader030.vdocuments.mx/reader030/viewer/2022033022/56815e13550346895dcc7289/html5/thumbnails/50.jpg)
Future Work• Adaptive data fidelity• Support for sensor adaptability
• Tune smart MEMS• Real-world sensor deployment & evaluation
• Memory• Computational power
• Comprehensive high-level policy• Govern WSN operational behavior• Resolve conflicts