WIRELESS SENSOR NETWORK Pair-Wise Key Establishment

Presented By:

Mohammed Saleh

CS 599b Summer07

WSNWSN

• Background• WSN Architecture• WSN Security Issues and requirements• Problem & Proposed• Network Architecture• Pair-wise key establishment• Conclusion

BackgroundBackground

• 100/1000 nodes

• Low cost solution

• Limited resources

• Controlled or uncontrolled environment

WSN ArchitectureWSN Architecture

WSN ComponentsWSN Components

A sensor Nodes Consist of:• Battery• Memory• Processor• Radio links for communicating

Sensor Node ConstraintsSensor Node Constraints

• Battery Power/Energy

• Processor

• Rechargeability

• Sleep PatternsMemory

Network constraintsNetwork constraints

• Limited Pre-Configuration

• Unreliable communications

• Frequent Routing Changes

WSN ArchitectureWSN Architecture

Security in Wireless NetworksSecurity in Wireless Networks

Security RequirementsSecurity Requirements

• Confidentiality• Authenticity• Availability• Integrity• Freshness• Scalability• Accessibility• Self-Organization• Flexibility

Security in Wireless NetworksSecurity in Wireless Networks

• Attacks

-Poor physical protection

-Attacks not only from outside but

also from within the network from

compromised nodes.

WSN AttacksWSN Attacks

Security in Wireless NetworksSecurity in Wireless Networks

Security concepts:• RSA

• Cryptography

- Public/private key

• Diffie-Hellman

Problem & ProposedProblem & Proposed

ProblemProblem

The initialization process of a previously study known as SHELL.

No Pair-Wise key establishment

ProposedProposed

We propose a pair-wise key establishment of neighboring sensor nodes for the improvement of the network architecture that can be vulnerable for an attack or compromising. This schema can be efficiently applied to the protection of distributing keys throughout the network; sensor nodes can’t only provide an equal level of security but also reduce the consequences of node compromise.

GoalGoal

• Establishing pair-wise key

• Improving the initialization process or the network bootstrapping.

• Protecting against node capturing

SHELLSHELL

• Introduces a novel heuristic for key assignment that decreases the probability of capturing the network through the compromised node

• very few additional keys would be revealed when colluding.

• SHELL boosts the network resiliency to node capture while conservatively consuming the network’s critical resources such as energy.

EBSEBSEBS (Exclusion Basis System)• Eltoweissy et al • methodology for group key management. • EBS eliminates the need of storing a large number of keys

at each sensor node. • It further allows trading off the number of keys stored

versus• amount of network traffic due to the rekeying operations. • Simplifies the addition and eviction of nodes. • Performs key refreshing through the exchange of few

messages.• EBS-based schemes can be prone to collusion attacks.

Network ArchitectureNetwork Architecture

• Command Node

• Gateway

• Sensors

Network ArchitectureNetwork Architecture

• There are two basic categories of nodes that comprise the system:

• Sensing nodes (N1 nodes)

• memory and processing nodes (N2 nodes)

Network BootstrappingNetwork Bootstrapping

The phase of system initialization that precedes actual operations is referred to as network bootstrapping.

• Sensor Implementation • Cluster Assignment • Gateway Registration

Pair-wise Key EstablishmentPair-wise Key Establishment

The rationale for establishing a set of protocols for shared key

interaction is to improve security and decrease nodal

Vulnerability.

The proposed model accounts for scenarios in which there is

only one node needed for key establishment or, in contrast,

an unlimited number of nodes that can participate in the key

establishment process. In either situation, the backbone

architecture is considered secure.

Pair-wise Key EstablishmentPair-wise Key Establishment

• Backhaul – In order to create the conditions necessary for backhaul, an N1 node and an N2 node must share a common key.

• Neighboring nodes with Limitation – This scenario permits inter-nodal communication between two N1 nodes in the same neighborhood.

• Neighboring Nodes Open Trust – To establish connectivity in this scenario, N1 nodes can establish session keys through a sequence of mutual N1 nodes key matching.

Pair-wise Key EstablishmentPair-wise Key Establishment

With this key Establishment we can have

• significant increase in the number of keys stored by all N1

nodes. • Protecting against Attacks and failure between N1 & N2 nodes.• Maintaining a low energy consumption.• key assignment that decreases the probability of

capturing• would share most keys with reachable nodes and, thus,

very few additional keys would be revealed when colluding

ConclusionConclusion

A key feature of our approach is that it exploits the availability of multiple transmission power levels at sensor nodes in terms of elevated security schemes. We introduced different approaches; the description of how to establish a pair-wise key between two neighboring nodes can be established by the discussed approach and applied to Younis approach for more efficiency. In doing so we can reduce the possibility of data being lost from all nodes if the chance of a network is captured.

ReferencesReferences• RSA Encryption Standard, Version 1.4. San Mateo, Ca.: RSA Data Security, Inc.,

1991.• W. Diffie and M.E. Hellman, New directions in cryptography, IEEE Transactions on

Information Theory 22 (1976), 644-654.• Multicast Security: A Taxonomy and Efficient Constructions. IEEE Press, 1999.• Ten Emerging Technologies That Will Change The World, Feb.2003.• Mihaela Cardei My T. Thai Yingshu Li Weili Wu, Energy-Efficient Target

Coverage in Wireless Sensor Networks, IEEE INFOCOM 2005.• A. D. Wood and J. A. Stankovic. Denial of service in sensor networks. Computer

35(10):54–62, 2002.• J. Newsome, E. Shi, D. Song, and A. Perrig. The Sybil attack in sensor networks:

analysis & defenses. Proceedings of the third international symposium on Informationprocessing in sensor networks, pp. 259–268. ACM Press, 2004.

• Wireless Sensor Network Security: A Survey John Paul Walters, Zhengqiang Liang,Weisong Shi, and Vipin Chaudhary Department of Computer Science Wayne StateUniversity5143 Cass Ave, MI 48202, USA

ReferencesReferences

• J. Deng, R. Han, and S. Mishra. Countermeasuers against traffic analysis in wireless sensor networks. Tech. Rep. CU-CS-987-04, University of Colorado at Boulder, 2004.

• Peng Peng , P2P-HGKM: An Efficient Hierarchical Group Key ManagementProtocol for Mobile Ad-Hoc Networks, B.Sc., Peking University, 2000 Eric Ricardo Anton, Otto Carlos Muniz Bandeira Duarte, Group Key Establishment in Wireless Ad Hoc Networks , Workshop em Qualidade de Serviço e Mobilidade – 2002.

• N. Asokan, V. Schoup, and M. Waidner, Optimistic fair exchange of digital signa-tures, IEEE Journal on Selected Area in Communications, vol. 18, no. 4, pp. 593,610, 2000.

• Y. Amir, Y. Kim, C. Nita-Rotaru, and G. Tsudik, On the performance of group key agreement protocols," in Proceedings of the 22nd IEEE International Conference on Distributed Computing Systems, (Viena, Austria), June 2002.

• Cliques Project team, \Cliques," 1999. http://sconce.ics.uci.edu/cliques/.• Cristina Nita-Rotaru, High-Performance Secure Group Communication,

(Baltimore, Maryland), June 2003

ReferencesReferences

• A Logic for the Exclusion Basis System, Samuel T. Redwine, Jr., James Madison University Harrisonburg, Va. 22807, Proceedings of the 37th Hawaii International Conference on System Sciences – 2004.

• Distributed Clustering in Ad-hoc Sensor Networks: A Hybrid, Energy-Efficient Approach Younis, O., Fahmy, S.: Distributed clustering in ad-hoc sensor networks. In: Proceedings of the IEEE Conference on Computer Communications (INFOCOM), Hong Kong (2004)",

• Mohamed F. Younis, Senior Member, IEEE, Kajaldeep Ghumman, and Mohamed Eltoweissy, Senior Member, IEEE Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Networks. IEEE Vol 17, No.8, August 2006

ReferencesReferences

• Du., W. et al. “A Key Management Scheme for Wireless Sensor Networks Using

• Deployment Knowledge.” IEEE INFOCOM, 2004.• Hill, J. et al. “System Architecture directions for Networked Sensors.”

Architectural Support for Programming Languages and Operating systems, 2000: 93-104.

• Hu, Y., Perrig, A., and Johnson, D. Ariadne: a secure on-demand routing protocol for ad hoc networks. New York: ACM Press, (2002): 12-23.

• Patrick Traynor, Heesook Choi, Guohong Cao, Sencun Zhu and Tom La Porta• Networking and Security Research Center Department of Computer Science

and Engineering The Pennsylvania State University, Establishing Pair-wise Keys in Heterogeneous Sensor Networks.